[00:12] mhepp (~mhepp@r72s22p13.home.nbox.cz) left irc: Remote host closed the connection [00:28] mmmm, the selinux MLS stuff looks interesting [00:59] netrose (~john877@24.171.20.14) left irc: Ping timeout: 513 seconds [01:28] Nick change: riel -> unriel [01:35] JonB (~jon@kg88.kollegiegaarden.dk) left irc: Quit: Client exiting [01:49] quags (~quags@gateway.trouble-free.net) left irc: Remote host closed the connection [01:50] Simon (~sgarner@apollo.quattro.net.nz) joined #vserver. [02:01] serving (~serving@213.186.189.216) left irc: Read error: Connection reset by peer [02:07] serving (~serving@213.186.189.216) joined #vserver. [02:50] netrose (~john877@24.171.20.14) joined #vserver. [02:56] mcp (~hightower@wolk-project.de) left irc: Ping timeout: 492 seconds [03:45] serving (~serving@213.186.189.216) left irc: Ping timeout: 480 seconds [04:53] netrose (~john877@24.171.20.14) left irc: Ping timeout: 513 seconds [05:13] Action: Simon prods Bertl_oO [05:15] mcp (~hightower@81.17.110.148) joined #vserver. [05:17] ChuckD (~bug@CPE-144-137-122-238.nsw.bigpond.net.au) joined #vserver. [05:18] aloha? [05:19] ChuckD (~bug@CPE-144-137-122-238.nsw.bigpond.net.au) left irc: Quit: [05:35] newz (~newz@169-52.34-65.tampabay.rr.com) joined #vserver. [05:36] Bertl, you there or are you sleeping? [05:37] serving (~serving@213.186.191.131) joined #vserver. [05:38] This is a quiet channel. Somebody play some music or something. ;-) [05:38] Action: Simon prods Bertl_oO [05:44] newz (~newz@169-52.34-65.tampabay.rr.com) left irc: Quit: [07:57] mdaur__ (mdaur@p50915775.dip.t-dialin.net) joined #vserver. [08:03] mdaur_ (mdaur@p509159E8.dip.t-dialin.net) left irc: Ping timeout: 480 seconds [09:06] stone_ (foobar@9593B59FDFCFE9EF220ACDF5A02394B4.lnx.nu) left irc: Ping timeout: 492 seconds [09:30] _Zoiah (Zoiah@81.17.52.139) joined #vserver. [09:30] Zoiah (Zoiah@81.17.52.139) left irc: Ping timeout: 513 seconds [09:39] Medivh (ck@server1.shell-express.de) got netsplit. [09:39] a-c-e (~ace@213.225.74.103) got netsplit. [09:40] a-c-e (~ace@213.225.74.103) returned to #vserver. [09:40] Medivh (ck@server1.shell-express.de) returned to #vserver. [09:40] Topic changed on #vserver by !charon.oftc.net: vserver - virtual server jails in linux www.linux-vserver.org [09:55] stone (foobar@213.180.66.154) joined #vserver. [10:25] Action: Simon prods Bertl_oO [10:26] Simon (~sgarner@apollo.quattro.net.nz) left irc: Quit: so long, and thanks for all the fish [10:26] Simon (~sgarner@210.54.177.190) joined #vserver. [11:11] Nick change: _Zoiah -> Zoiah [11:29] loger joined #vserver. [13:11] LL0rd (dr@pD9507ED5.dip0.t-ipconnect.de) left irc: Ping timeout: 483 seconds [13:47] LL0rd (~dr@217.80.126.214) joined #vserver. [15:52] ChuckD (~bug@CPE-144-137-122-238.nsw.bigpond.net.au) joined #vserver. [16:55] ChuckD (~bug@CPE-144-137-122-238.nsw.bigpond.net.au) left irc: Quit: [17:22] Nick change: unriel -> riel [17:23] [Virus] (~Virus@213.179.225.7) joined #vserver. [17:23] <[Virus]> hi there [17:23] mogge [17:24] <[Virus]> anybody knows what this mean "Kernel do not support chrootsafe(), using chroot()" whan i do vserver enter ? [17:24] <[Virus]> i use 2.4.22ctx-17c patch [17:24] it means your kernel doesn't support chrootsafe [17:25] <[Virus]> how i can add this support ? [17:25] not sure you even want it [17:26] <[Virus]> ok. [17:26] <[Virus]> i have trouble with limits. when i start vserver i got this error: /usr/sbin/vserver: line 634: ulimit: max user processes: cannot modify limit: Invalid argument [17:26] <[Virus]> how i can fix this? [17:28] set the limit before going into the vserver [17:29] <[Virus]> from /etc/vservers/*.sh ? [17:31] <[Virus]> hm. not works. :( [17:31] <[Virus]> /etc/vservers/test.sh: line 4: ulimit: max user processes: cannot modify limit: Invalid argument [17:35] [Virus] (~Virus@213.179.225.7) left irc: Quit: BitchX Official WWW Site -- http://www.bitchx.com [18:39] Val (~val@val.linuxfr.org) joined #vserver. [19:19] shadow (~umka@212.86.233.226) joined #vserver. [19:19] Hi all [19:33] noel- (~noel@80.142.171.36) joined #vserver. [19:40] noel (~noel@80.142.159.199) left irc: Ping timeout: 483 seconds [19:48] ChuckD (~bug@CPE-144-137-122-238.nsw.bigpond.net.au) joined #vserver. [19:49] aloha? [19:50] hmm not the most alive channel [19:51] I've been playing with vserver for a few days & itching to talk some about it... [19:52] Nick change: noel- -> noel [19:53] ChuckD: we are a bit slow.:) [19:53] hehe at least there though :) [19:54] any clues as to which are the better kernel patches at the moment? I'm running Herbert's 2.4.22-ctx17f, but with Jack's vserver-0.25 [19:55] it's running well except for the warnings about chrootsafe [19:59] ChuckD> chrootsave present in testing Jack`s patch. you can ignore it message. [19:59] cool I figured as much [20:02] also how safe is it to set CAP_SETUID for vservers? I'm not sure if it's needed 100%, but it would be good for vservers to be able to run su. or am I missing something? [20:05] scratch that, CAP_SETUID is set by default, su works fine. must have been something strange in my initial install yesterday (was using util-vserver not Jack's vserver too) that didn't allow suid [20:30] Nick change: Bertl_oO -> Bertl [20:30] hi all! [20:31] Hi Herbert..... [20:31] hi alex! [20:31] hi Chuck! [20:32] hello! [20:33] read you are using c17f and had/have some questions, right? [20:34] yeppa! [20:34] firstly I seriously love vserver. been looking for something similar for years, ever since I used a virtual server at iserver.com that ran with chroot and hacked daemons [20:34] actually my questions seem to be getting solved as I ask the questions... [20:34] sounds good ... [20:34] I'd love to help out and clear up the confusion with where to get patches etc [20:35] well do you write/think about writing some docu/howto then? [20:35] definitely [20:35] or just collecting/touching up the current stuff [20:35] (side note: c17f applied fine for me, patch is running fine) [20:35] great .. I am willing to help/provide info/proofread ... [20:36] sweet [20:36] probably need at least a few more days playing around with things to understand exactly how everything works [20:36] especially with the variety of vserver tools available [20:36] there is good docu, but you have to find it ... [20:37] yeah the available docs are great, just hard to find as you say. [20:37] you probably know the linux-vserver.org site .. which has a lot of links ... [20:37] Jack's guide is great, just needs grammar fixes & updating [20:37] my saying ... [20:37] yeah I added a link to the wiki, you changed the text =) [20:37] hmm, the mailing list? [20:37] I've read through Paul Sladen's stuff, a lot of the mailing list archives, etc [20:38] yep I realise the mailing list is switching [20:38] just the archives are available at that old link [20:38] yeah, will fix this soon, I'm sure ... [20:38] okay have to leave for about 15 minutes ... [20:39] catch ya, thanks for the time [20:50] okay back ... [20:50] hi LL0rd! [20:51] hi [20:51] also ich habe gestern noch das kernel update gemacht, aber das hat nix gebtacht [20:52] channel language is english, is that a problem? [20:52] my english ist not the best ;) [20:52] aber mein deutsch ist schlechter als dein english :) [20:52] well, that's a good way to improve then ... [20:53] k ;) [20:53] hey herbert why don't you update your Patches.html page with the latest patches that are to be found in the /Stuff dir? [20:53] okay you did some kernel update, and what is the issue now? [20:54] @chuck because I'm trying to replace www.13thfloor.at by www2.13thfloor.at since a few weeks, but had no time to do it ... [20:54] the problem is still there, the user is still able to access the IP adresses, which are not axssigned to his vserver [20:54] okay how do you verify that? [20:55] k no worries [20:55] do you use some tool to bind to the other address? [20:56] @chuck hopefully vserver-1.0.0 will happen this month ... [20:56] sweetness, I'll help where poss otherwise stay out of the way... [20:56] @chuck we will then have latest releases on linux-vserver.org ... [20:56] the user has a apache 2.0 server running on his vserver on port 81, when i enter the IP adress of another vserver, on port 81 I can see his website [20:57] and there is no masquerading/proxying done/possible? [20:58] can you do some tests on this setup? [20:58] no, there is no masqurading possible [20:59] i can do some tests [20:59] okay, what is the name of the vserver containing the apache 2.0? [21:00] the name is v2, it is a offline machine [21:00] this is the host name or the vps name? [21:01] host = physical, vserver = vps = virtual [21:01] it is the vps name, the name I enter to start the vserver [21:02] the hostname of the vserver is v2.informatik [21:02] okay ... could you provide the .conf file for this server .. especially the IP* values ... [21:06] you can make them anonymous of course ... [21:06] http://dr.temp.port29.net/v2.txt [21:07] okay, do you have a vserver at addr 192.168.0.42 ? [21:10] no, 192.168.0.42 is a desktop pc the vservers are 192.168.0.50-70 [21:10] okay any 'free' address? [21:10] jes [21:10] yes [21:11] would be? [21:11] 192.168.0.230 [21:11] okay try with telnet 192.168.0.230 81, you get a connect? [21:12] no [21:13] okay ... now lets configure this address for some other 'probably new?' vserver, is this doable? [21:13] this vserver should not contain apache at all .. oaky? [21:14] ok [21:15] done, now i get a connect on this ip on port 81 [21:17] the "new" vserver is a minimal installation of a debian server without apache [21:26] ok, bed time, cya round guys, I'm looking forward to happy times with vserver [21:26] ChuckD (~bug@CPE-144-137-122-238.nsw.bigpond.net.au) left irc: Quit: [21:31] hmm, you immediately get a connect? [21:32] did you restart the apache? [21:33] no, on v2 i didn't do anything [21:34] cool ;) [21:34] and if i change the port of the apache on v2 to 80, i can't start the server, it says the port is already in use [21:34] okay, do you have tcpdump installed? [21:35] yes [21:35] okay try to trace the telnet to 192.168.0.230 with tcpdump -vvnei eth0 -s 10000 [21:36] if you get too much noise, add port 81 ... [21:38] this is 2.4.22 or 23pre ? with c17e, or what patch version? [21:40] Linux version 2.4.22-c17f [21:40] okay, thanks ... [21:41] 19:42:25.557087 0:e0:52:c1:15:0 0:c:6e:92:2:31 ip 62: 192.168.0.15.33125 > 192.168.0.51.81: S [tcp sum ok] 4130156280:4130156280(0) win 64240 (DF) (ttl 120, id 18019, len 48) [21:41] 19:42:25.557143 0:c:6e:92:2:31 0:e0:52:c1:15:0 ip 62: 192.168.0.51.81 > 192.168.0.15.33125: S [tcp sum ok] 3081719127:3081719127(0) ack 4130156281 win 5840 (DF) (ttl 64, id 0, len 48) [21:41] 19:42:25.595035 0:e0:52:c1:15:0 0:c:6e:92:2:31 ip 60: 192.168.0.15.33125 > 192.168.0.51.81: . [tcp sum ok] 1:1(0) ack 1 win 64492 (DF) (ttl 120, id 18021, len 40) [21:42] hmm, this uses address .51 not .230 ... [21:44] only the IP changes [21:44] so you get the same packets with .230.81 ? [21:45] what does ifconfig eth0:v2 return? [21:46] yes [21:48] eth0:v2 Link encap:Ethernet HWaddr 00:10:DC:79:E6:02 [21:48] inet addr:192.168.0.51 Bcast:192.168.0.255 Mask:255.255.255.0 [21:48] UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 [21:48] Interrupt:11 Base address:0xec00 [21:49] okay, I'm trying to reproduce, could you try with two addresses outside the private range? [21:50] you mean outside the 192.168.0.0 net? [21:51] yes .. maybe the 10.x.x.x but better outside that too .. [21:52] yes, i can reconfigure the router [21:52] you'll have to change the v2 into that network/range ... [21:52] ok.... [21:53] could you provide the apache config, at least the relevant parts regarding the port/address? [21:57] i changed the ip and restarted the v2 server, but i still able to connect to 230:81 [21:57] hmm ... what addresses? [22:00] the v2 has 10.1.1.2 and i still able to connect from my host 192.168.0.15 to the new vserver at 192.168.0.230 [22:00] on port 81 [22:02] okay, what does 'chbind --ip 192.168.0.230 true' on the host return? [22:03] ipv4root is now 192.168.0.230 [22:04] did you modify ( or do you use modified) vserver script(s)? [22:04] no [22:05] vserver [22:05] okay, I will nedd your apache config ... I tried to reproduce, but no luck so far, works perfectly even in 192.168.0.x on my host ... [22:06] ok [22:08] Bertl> you add Jack`s source address patch ? [22:08] you mean the ctx17b/c changes? [22:09] http://dr.temp.port29.net/httpd.conf [22:10] Bertl> i not see you change log - i remeber Jack`s add it his test patches.. [22:15] I didn't include the 18pre changes ... only 17a/b/c is included (and only relevant hunks) why? [22:16] okey.. [22:17] do you see any relation? [22:20] i think it can be reason for select not select right ip for connect.. [22:20] i think it can be reason for not select right ip for connect.. [22:20] sorry. [22:20] hmm, good point ... [22:26] Bertl, do you see the problem? [22:26] not yet ... unfortunately ... [22:26] Bertl> Yesterday i and rik discussed about problems with clone_newns and pivot_root. We came to a conclusion - without statically linked binary it not probably. [22:27] hmm, please elaborate ... [22:29] Bertl> dinamyc linking - open (mmaped) libc. [22:29] Bertl> for disable it - need compile userland helper with -static key [22:29] ahh I see ... [22:33] not other way to close nmaped dinamycally linked libraries. but....... [22:45] Val (~val@val.linuxfr.org) left irc: Ping timeout: 480 seconds [22:56] @LL0rd could you try to conenct from the host and from another physical machine in the same network? [22:57] how? telnet? [22:57] probably the best ... [22:58] yes [23:09] Bertl i can connect from the vserver to any machines in the network [23:10] are you able to connect from another machine in the network to the 'wrong' apache ip too? [23:11] yes [23:18] okay, you tested with c17a/c17e and c17f yet? [23:18] yes [23:24] hmm, I'm still unable to reproduce ... would it be possible to strip down the vserver (the one with apache) and make it available, so that I could download it? [23:25] sure, but it is about 300 MB large [23:26] dump -z, or bzip2 ? [23:26] bzip2 [23:26] kloo (~kloo@213-84-79-23.adsl.xs4all.nl) joined #vserver. [23:27] hmm, maybe you can reduce it somewhat, but if not, I'll transfer the 300MB :( [23:29] Bertl: maybe you have a min for this http://vserver.13thfloor.at/Linux2.6/index.php?page=Per+Context+Disk+Limits [23:29] yeah, sure ... [23:29] Bertl: [patch-2.4.22-mq0.10.diff.bz2] this doesn exists [23:29] but http://vserver.13thfloor.at/Experimental/patch-2.4.22-c17e-mq0.11.diff.bz2 does ... [23:30] ok. just pointing to the outdated docu.:) [23:30] okay, will fix it ... [23:37] @noel please reload page ;) [23:43] Bertl: thx. [00:00] --- Sat Oct 18 2003