1636432301 J * Ghislain ~ghislain@apollo-4300-51.titandc.io 1636435034 M * Bertl_oO off to bed now ... have a good one everyone! 1636435036 N * Bertl_oO Bertl_zZ 1636444943 Q * Ghislain Quit: Leaving. 1636448333 J * DelTree ~deplagne@2a00:c70:1:213:246:56:18:2 1636455364 J * Ghislain ~ghislain@apollo-4300-51.titandc.io 1636458860 N * Bertl_zZ Bertl 1636458863 M * Bertl morning folks! 1636459909 M * Ghislain hi there, so 5.15 it is last one is okay :) 1636460221 M * Bertl yep, seems like everybody is happy with that 1636460255 M * Bertl did you get to testing the procfs stuff from LXC? 1636461047 M * Ghislain i am right now 1636461061 M * Ghislain but it fail with /bin/sh: 1: /var/lib/lxcfs/proc/meminfo: Permission denied 1636461061 M * Ghislain /etc/vservers/testlxcfs/fstab:20:1: failed to mount fstab-entry 1636461105 M * Ghislain fstab is /var/lib/lxcfs/proc/meminfo /proc/meminfo fuse.rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other 0 0 1636461147 M * Bertl likely some capabilities are required for this to work 1636461178 M * Ghislain ohhh yes, let me have a look at mount capabilities 1636462538 M * Ghislain bcapabilities with SYS_ADMIN do not help it seems 1636462916 M * Ghislain [pid 8256] execve("/var/lib/lxcfs/proc/uptime", ["/var/lib/lxcfs/proc/uptime", "/vservers/testlxcfs/proc/uptime", "-o", "rw,nodev,0,suid"], 0x55f498d4e6c0 /* 15 vars */) = -1 EACCES (Permission denied) 1636462997 M * Bertl try a manual mount and check with strace then? 1636463025 M * Ghislain yes i was doing that i thiiknk i miss a parameter 1636463068 M * Guy- why is it trying to execute proc/uptime? 1636463085 M * Guy- instead of mount(8)? 1636463107 M * Guy- it almost seems like the mount command is missing 1636463116 M * Guy- and it treats the first argument to mount as the command 1636463138 M * Guy- the problem isn't lack of capabilities; it's that /var/lib/lxcfs/proc/uptime is not executable at all (obviously) 1636463305 M * Ghislain lxcfs has no doc on how to mount them 1636463311 M * Ghislain so i do trial and error 1636463360 M * Guy- but you see the problem, right? 1636463631 M * daniel_hozac is it supposed to be a bind mount? 1636463679 M * daniel_hozac i also don't see a filesystem type in the fstab line 1636463733 M * Ghislain yes i tried none fuse and lxcfs :) 1636463819 M * Ghislain vmount destination is /proc/xxx or /vservers/name/proc/xxx ? 1636463865 M * Ghislain vmount testlxcfs -- -o fuse.rw,nosuid,nodev,relatime,user_id=0,group_id=0 -t fuse.lxcfs /var/lib/lxcfs/proc/cpuinfo /proc/cpuinfo 1636463865 M * Ghislain secure-mount: chdir("/proc/cpuinfo"): Not a directory 1636463879 M * Ghislain i copied the option from an lxd setup 1636464083 M * Ghislain secure-mount: chdir("/proc/cpuinfo"): Not a directory 1636464084 M * Ghislain seems better but still nto mounting 1636464148 M * Ghislain got it ! 1636464165 M * Ghislain /var/lib/lxcfs/proc/diskstats /proc/diskstats fuse.lxcfs rbind,fuse.rw,nosuid,nodev,relatime,user_id=0,group_id=0 0 0 1636464165 M * Ghislain well it mounts , now see it this work 1636464272 M * AlexanderS This is the mount stuff from lxc: https://github.com/lxc/lxcfs/blob/master/share/lxc.mount.hook.in 1636464870 M * Ghislain i am able to mount it but it does not virtualize anything 1636464990 M * Ghislain perhaps it search the cgroups somewhere they are not in my setup 1636465176 M * Ghislain #define DEFAULT_CGROUP_MOUNTPOINT "/sys/fs/cgroup" 1636465249 M * Ghislain vserver allways go in /dev/cgroup/ i think 1636465275 M * Guy- it's actually configurable 1636465308 M * Guy- /etc/vservers/.defaults/cgroup/mnt:/sys/fs/cgroup 1636465334 M * Guy- this kinda works, but I think it needed a patch to util-vserver (which I submitted in a github issue; I can dig it up if you want) 1636465762 M * Ghislain hum i dont feel like recompiling the vserver-util rigth now, trying to double mount it 1636465819 M * Ghislain it would be cool to be able to use usernamespace too, with the context of vserver i guess the logic for user mapping is allready here 1636465927 M * Guy- Ghislain: fwiw, I have complied binaries of the patched util-vserver 1636465932 M * Guy- (as .deb packages) 1636465941 M * Guy- but then, there could be *anything* in them 1636466010 M * Ghislain smell like a rootkit ! :p 1636466155 M * Guy- I know, right? :) 1636466173 M * Ghislain well dual mount works fine but still no virtualisation done 1636467469 M * AlexanderS I think lxcfs will only work with pidns, because it uses the reapter's pid (f.e. to calculate the uptime offset). 1636468652 M * Ghislain oh and vserver do not use pidns, does it imply a lot of modification to get pidns with vserver ? 1636468856 M * Ghislain even as the ugly hack to test it ? 1636469212 M * Bertl I think daniel_hozac was testing pidns some (long?) time ago 1636469244 M * Ghislain ahah ! so you drop dead after some tests or succeeded daniel ? :) 1636469314 M * Bertl hopefully he didn't 'drop dead' :) 1636469373 M * Ghislain :D 1636469417 M * Bertl you know how much effort a proper 'raise' is :) 1636469446 M * Ghislain could be trapped in a daniel namespace never to be able to come back here 1636470038 M * Ghislain i think he is :p 1636470632 M * Ghislain daniel_hozac: did you had any success with pid namespace 1636471159 M * AlexanderS pid namespaces does not realy work with vserver. You need at least init style plain an possible some other tweaks. 1636471507 M * AlexanderS The main problem is, that you cannot "create" a pid namespace and later use it. You create a pid ns by forking and the namespace will be alive as long as this process is running. 1636471670 M * AlexanderS Here is a little userspace utility to manually create pid namespaces: https://github.com/AlexanderS/pidns (But I did not touch it for some time...) 1636471812 M * Ghislain dam