1641516565 Q * khyr0n Remote host closed the connection
1641516589 J * khyr0n ~khyr0n@2806:2f0:9141:835f:f234:49cd:2a30:272f
1641517827 M * Bertl_oO  off to bed now ... have a good one everyone!
1641517828 N * Bertl_oO Bertl_zZ
1641517978 Q * khyr0n Quit: Leaving
1641518860 J * khyr0n ~khyr0n@2806:2f0:9141:835f:f234:49cd:2a30:272f
1641519170 Q * khyr0n Quit: Leaving
1641520022 Q * Jb_boin Ping timeout: 480 seconds
1641530321 J * fstd_ ~fstd@xdsl-87-78-21-185.nc.de
1641530364 J * Jb_boin ~dedior@proxad.eu
1641530772 Q * fstd Ping timeout: 480 seconds
1641539563 J * Ghislain ~ghislain@adsl1.aqueos.com
1641546605 N * Bertl_zZ Bertl
1641546611 M * Bertl  morning folks!
1641548035 M * Ghislain hi Bertl
1641548450 M * Bertl hey
1641548837 M * Ghislain so to end this lxcfs thing, it can do several things: 
1641548837 M * Ghislain 1/ make a cgroup aware /proc/cpuinfo /proc/diskstats /proc/loadavg /proc/meminfo /proc/stat /proc/swaps /proc/uptime
1641548837 M * Ghislain 2/ make cgroup mountable inside the guest ( will test this)
1641548837 M * Ghislain 3/ it does not change the /proc itself
1641548905 M * Ghislain it rely on pidnamespace for the /proc to show only the pid of the guest
1641548923 M * Ghislain at least this is how i interpret this
1641549251 M * Bertl yes, I didn't expect the lxcfs to handle the pid isolation
1641549317 M * Bertl although this could certainly be added but I doubt that this is worth the effort
1641549321 M * Ghislain this would be really good for security to be able to use user namespace and pid namespace but i have no idea if we can replace the code in vserver to switch to those kernel features
1641549357 M * Bertl using pid namespaces requires an init process, so that would drop one of the light-weight aspects in Linux-VServer 
1641549402 M * Bertl it would also require significant changes to the userspace tools I guess, otherwise daniel_hozac would have already considered to add this
1641549496 M * Ghislain the issue we face here is that distrib are dropping sysvinit so we cannot boot a guest that requires systemd
1641549501 M * Bertl so I would suggest to leave out the memory/load/uptime virtualization we do in Linux-VServer for the initial port and see whether lxcfs can fill in the features there
1641549520 M * Ghislain yep
1641550730 M * Ghislain /sys/devices/system/cpu/online works too but i fail to moutn the cgroups for now secure-mount: mount(): No such file or directory
1641550780 M * Ghislain [pid 30047] mount("/var/lib/lxcfs/cgroup/memory/vservers/testlxcfs", ".", 0x404d3f, MS_NODEV|MS_BIND, NULL) = -1 ENOENT (No such file or directory)
1641550780 M * Ghislain [pid 30047] write(2, "secure-mount: mount()", 21secure-mount: mount()) = 21
1641550806 M * Ghislain the directory exist of course
1641551552 M * Ghislain hey if we remove the uptime only remove it the /proc one, i remember we added another part to also make  virtualisation works on another system call
1641552826 M * Ghislain i confirm that /bin/uptime do not look at all at /proc/uptime
1641552868 M * Ghislain so we still need the uptime virtualisation
1641552907 M * Ghislain /proc/uptime is virtualized but its not used by /bin/uptime :p
1641552907 M * Ghislain 83016.84 994466.08
1641552907 M * Ghislain 83016.92 81192.76
1641552974 M * Ghislain hummm the uptime is not ok either
1641553788 M * AlexanderS Ghislain: cgroup got native namespace support sometime in the past. The lxcfs feature was used before that and may not work anymore.
1641553804 M * AlexanderS I try to find the kernel version, that introduces cgroup namespaces.
1641554017 M * AlexanderS Ghislain: It was introduces in linux-4.6: https://kernelnewbies.org/Linux_4.6#Support_for_cgroup_namespaces So we should not need lxcfs to support cgroup namespaces.
1641554082 M * Ghislain oh
1641554084 M * AlexanderS We may need some changes in the userspace tools, but that seems managable: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d4021f6cd41f03017f831b3d40b0067bed54893d
1641558809 M * Ghislain is there somewhere docs on how to create or change a namespace ?
1641558848 M * Ghislain we must use setns ?
1641559034 M * Ghislain setns is not present in util-vserver
1641565394 M * Ghislain daniel_hozac: where should i look if i want to launch the guest in a cgroup namespace ?
1641565983 M * Ghislain i am very bad at programming and there is not a single comment in all the code :( i am completly lost
1641567131 M * Bertl  off for now ... bbl
1641567132 N * Bertl Bertl_oO
1641574789 M * AlexanderS Ghislain: "man unshare"
1641574851 M * Ghislain i found this: https://man7.org/linux/man-pages/man7/namespaces.7.html but i dont find any c call to those function in the utilvserver
1641574969 M * AlexanderS Ghislain: https://man7.org/linux/man-pages/man1/unshare.1.html
1641575070 M * Ghislain well i dont see any call to unshare, perhaps i donwloaded the wrong files
1641575093 J * khyr0n ~khyr0n@2806:2f0:9141:835f:f234:49cd:2a30:272f
1641575202 M * AlexanderS util-vserver is using the syscall directly: https://github.com/linux-vserver/util-vserver/blob/master/src/vcontext.c#L312
1641575285 M * AlexanderS Might be possible to add simply add "| CLONE_NEWCGROUP" at least for creation: https://man7.org/linux/man-pages/man2/unshare.2.html (Do not know exactly how the migration into existing namespaces is handled.)
1641576242 M * Ghislain i am confused, the c call is unshare to a fd and this is sys_unshare to a constant
1641576391 M * AlexanderS "int unshare(int flags);" looks simmilar like sys_unshare to mee.
1641576395 M * AlexanderS s/mee/me/
1641576462 M * Ghislain yes sorry i am confusing with setns
1641576509 M * Ghislain still if the kernel has a function unshare you cant call it sys_unshare so there is a middleman here
1641577573 M * Ghislain i am depressed by my lack of skill
1641588003 Q * Ghislain Quit: Leaving.