[00:08] [root@vps4 cq-tools-0.06]# quotaon -Fvfsold -avug [00:08] quotaon: using /home/quota.group on /dev/hda7 [/home]: Device or resource busy [00:08] quotaon: using /home/quota.user on /dev/hda7 [/home]: Device or resource busy [00:08] hrm [00:08] probably quota is already on ... [00:09] [root@vps4 cq-tools-0.06]# quotaon -Fvfsold -avug [00:09] /dev/hda7 [/home]: group quotas turned on [00:09] /dev/hda7 [/home]: user quotas turned on [00:09] [root@vps4 cq-tools-0.06]# quotaon -pa | grep hda7 [00:09] group quota on /home (/dev/hda7) is off [00:09] user quota on /home (/dev/hda7) is off [00:09] oh [00:10] prolly quotaon -Fvfsold -pa [00:10] nope.. [00:18] hm.. after last changes quotastats not show any errors.. well.. continue testing tommorow.. [00:18] go to bed :) [00:18] what changes did you do? [00:18] redifine IS_NOQOTA [00:19] static __inline__ int IS_NOQUOTA(struct inode *inode) [00:19] { [00:19] #ifdef S_CONTEXT_DEBUG_DQUOTA [00:19] printk("IS_NOQUOTA !f:%d !vfs:%d !sb:%d \n", !(inode)->i_flags & S_NOQUOTA, ! is_init_virtfs(inode->s_context), [00:19] inode->i_sb != inode->s_context->vroot.osb ); [00:19] #endif [00:19] if ( (inode)->i_flags & S_NOQUOTA ) [00:19] return 1; [00:19] if( inode->s_context->id > 1 ) [00:19] { [00:19] /* block for check if virtual super block was initialized for inode's context */ [00:19] if( ! is_init_virtfs(inode->s_context) ) [00:19] { [00:19] return 1; [00:19] } [00:19] if( inode->i_sb != inode->s_context->vroot.osb ) [00:19] { [00:19] return 1; [00:19] } [00:19] } [00:19] return 0; [00:19] } [00:20] and what did you change? [00:21] add return NOQUOTA for files who not maped via virtual root [00:21] more correctly - for inodes. [00:22] with emphasis on _more_ I guess ... okay sleep well ... [00:22] in s_context->vroot.osb store pointer to original super block.. [00:24] good day/evening/night for all :) [00:24] shadow (~umka@212.86.233.226) left irc: Quit: go to dream :) [00:27] matta (matta@69.10.150.254) left irc: Quit: Hey! Where'd my controlling terminal go? [00:28] matta (matta@tektonic.net) joined #vserver. [00:34] ok got that working [00:34] what was the problem? [00:40] had to specify -Fvfsold for every program [00:40] quotacheck, quotaon, .. [00:43] old tools *sigh* [00:59] i looked and the server that allows everyone to sniff each other doesn't have ipv6 support in the kernel [00:59] okay, which patch version? [01:01] c17e [01:02] i guess i can see if the same behavor exists under c17h [01:02] there should be no difference .. what do you see? [01:02] every vserver can tcpdump and view everyone elses traffic [01:02] like being on a hub [01:03] well you are on a hub ... but tcpdump should not be possible in a vserver ... [01:03] tcpdump takes the interface into promisc mode .. which requires CAP_NET_RAW ... [01:12] gotcha [01:12] yeah, found that on the list archives [01:12] remove that and they can't do it, ok. [01:13] until virtualised stack [01:13] the problem is, you can't stop one interface from showing everything when in promisc mode ;) [01:40] Bertl ... [01:40] with your mod to fork.c [01:40] it doesn't show forks in ps anymore... [01:40] wait, one sec [01:40] huh? [01:52] netrose (~john877@CC3-24.171.21.47.charter-stl.com) left irc: Ping timeout: 485 seconds [02:28] yeah, definitely a hang somewhere [02:28] a bad one at that [02:28] sysrq doesn't even work [02:28] and what hangs? [02:28] everything [02:28] doesn't even ping [02:28] what kernel ... [02:29] i ran it under vmware / redhat 7.3 and virtual pc / redhat 9 on diff physical machines [02:29] hrm... this should be interesting [02:29] patch-2.4.23-pre8 [02:29] patch-2.4.22-1030-vh [02:29] patch-2.4.22-1030-vh-O1c17g2-fix.diff [02:29] patch-2.4.23-pre8-O1.3.diff [02:29] patch-2.4.23-pre8-O1.2-rmap15k.diff [02:29] patch-2.4.23-pre8-O1.2-rmap15k-c17h.diff [02:29] patch-2.4.23-pre8-O1.3-rmap15k-c17h-ml0.07.diff [02:29] patch-2.4.23-pre8-O1.3-rmap15k-c17h-ml0.07-fakemem0.02.diff [02:29] patch-2.4.22-c17e-mq0.11.diff [02:29] patch-2.4.22-c17e-mq0.11-fix.diff [02:29] patch-2.4.23-pre7-O1-c17g2-mq0.11-cx0.06.diff [02:29] patch-2.4.22-c17e-mq0.11-cx0.06-cq0.11.diff [02:29] patch-2.4.22-c17e-mq0.11-cx0.06-cq0.11-dl0.05.diff [02:29] patch-2.4.22-ctx17a-vr0.13.diff [02:29] patch-c17e-signal-ctx1.diff [02:29] no-proc-mounts.diff [02:29] no-hostname.diff [02:29] kernel_fork.diff [02:30] you haven't found any other patches? ;) [02:30] okay what does patch-2.4.22-1030-vh patch-2.4.22-1030-vh-O1c17g2-fix.diff do? [02:30] variable hertz and a minor fix to make the O(1) patch apply cleanly [02:30] they work [02:31] huh?, you don't need that for thelatest patches?! [02:31] then patch-2.4.22-c17e-mq0.11-fix.diff is a patch to fix to add the code that fails to patch in patch-2.4.22-c17e-mq0.11.diff [02:31] oh my god ... [02:31] LOL [02:31] it's simple [02:32] yes, you are right, it's simple ... [02:32] AND THEN... [02:32] after all those patches apply [02:32] remove that stuff, including the fakemem and try again ... [02:32] i have to fix a bug in the kernel_fork.diff with ctx [02:33] ctx_vmpages... [02:33] and include majors.h in fs/quota.c [02:33] er, major.h [02:33] brr... [02:35] except for kernel_fork.diff, O1.3, rmap, c17h, and the mq0.11-fix everything has been running for 6 days under heavy load [02:35] that server is running O1c17g2 plus the rest under pre7 [02:37] and MrBawb had O1.3+rmap+c17h running for quite a few hours... [02:37] so perhaps kernel_fork.diff or mq0.11-fix is flawed [02:37] maybe the combo including the fakemem is flawed ... [02:38] or with the additional code of rmap something else is messed up [02:38] Bertl: I know it's not the best code, but i've been using it on all kernels for at least a month now without issues... [02:38] it's on my 2.4.22-c17e server which only just rebooted because of the kswapd bug and on the O1c17g2 server for 6 days [02:39] well, no problem with that, as long as youn don't complain that it hangs ;) [02:41] http://vserver.13thfloor.at/Experimental/patch-2.4.23-pre8-O1.3-rmap15k-c17h-qh0.12.diff.bz2 [02:45] http://vserver.13thfloor.at/Experimental/patch-2.4.23-pre8-O1.3-rmap15k-c17h-ml0.07.diff.bz2 [02:45] (updated version, please reload) [02:47] http://vserver.13thfloor.at/Experimental/patch-2.4.22-c17e-mq0.10-cx0.06.diff.bz2 [02:48] http://vserver.13thfloor.at/Experimental/patch-2.4.22-c17e-mq0.11-cx0.06-cq0.11.diff.bz2 [02:49] patch-c17e-signal-ctx1.diff is okay ... leave the rest out for now ... [02:50] O1.3,rmap15k,c17h,ml0.07,qh0.12,cx0.06,cq0.11,signal (checklist) [03:30] what about dl? [03:30] or vr? [03:31] okay, dl,vr should work, but check if they apply without any fuzz/reject [03:31] I don't suspect your fakemem code, I guess the variable hertz does something bad ... [03:31] hrm [03:32] but please just to test/verify it .. leave that code out ... [03:32] if we hit this again without yfakemem/var-hz we have to reduce further anyway ... [03:33] yeah, that's only major thing missing [03:34] where does the major.h issue arise? [03:34] patch-2.4.23-pre7-O1-c17g2-mq0.11-cx0.06.diff [03:34] vr0.13 on >= pre7 [03:34] fs/quota.c [03:34] that cx? [03:34] nope [03:34] http://vserver.13thfloor.at/Experimental/patch-2.4.22-c17e-mq0.10-cx0.06.diff.bz2 [03:36] you'll get one fuzz2 IIRC, but this is okay ... [03:36] in capabilities.h ... [03:36] yeah [03:36] http://vserver.13thfloor.at/Experimental/patch-2.4.22-c17e-mq0.11-cx0.06-cq0.11.diff.bz2 [03:37] that and dl0.05 [03:37] dl was clean [03:37] very clean, no offsets [03:37] dl should be okay, yes ... [03:43] kloo (~kloo@213-84-79-23.adsl.xs4all.nl) left irc: Ping timeout: 480 seconds [03:44] netrose (~john877@CC3-24.171.21.47.charter-stl.com) joined #vserver. [03:57] seems to be going good [03:57] hmm, how long until the predescessor locked? [03:58] well, it wasn't very reproducable [03:58] but like 20 minutes [03:58] only 10 mins now... [03:58] i'll let it run for a while [03:58] maybe it was vh conflicting with something [03:58] or the mq-fix [04:00] okay ... lets see ... if this is stable, I'll have a look at your fakemem again, and we'll add it tomorrow, okay? [04:00] alrite [04:25] hrm... bug [04:26] means? [04:26] so this server was getting slammed by apachebench [04:26] then next thing I know my ssh connection to the vserver dies [04:26] i look and httpd and sshd died [04:26] I can't do chcontext --ctx X cat /proc/self/status because it segfaults [04:26] it's not running much at this point, vsize is like 30mb total [04:26] hmm, funny ... [04:27] so I chcontext --ctx 1 kill -9 [04:27] this is the new kernel? [04:27] and I still can't even run cat in it [04:27] yeah [04:27] so the vserver is "stuck" [04:27] check the chcontext --ctx X cat /proc/self/status with strace please ... [04:28] [root@rh73-alex root]# strace chcontext --ctx 4 cat /proc/self/status [04:28] execve("/usr/sbin/chcontext", ["chcontext", "--ctx", "4", "cat", "/proc/self/status"], [/* 20 vars */]) = 0 [04:28] uname({sys="Linux", node="rh73-alex.office.tektonic.net", ...}) = 0 [04:28] brk(0) = 0x804b74c [04:28] open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory) [04:28] open("/etc/ld.so.cache", O_RDONLY) = 3 [04:28] fstat64(3, {st_mode=S_IFREG|0644, st_size=10564, ...}) = 0 [04:28] old_mmap(NULL, 10564, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40014000 [04:28] close(3) = 0 [04:28] open("/lib/i686/libc.so.6", O_RDONLY) = 3 [04:28] read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0Pv\1B4\0"..., 1024) = 1024 [04:28] fstat64(3, {st_mode=S_IFREG|0755, st_size=1402035, ...}) = 0 [04:28] old_mmap(0x42000000, 1264960, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x42000000 [04:28] mprotect(0x4212c000, 36160, PROT_NONE) = 0 [04:28] old_mmap(0x4212c000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x12c000) = 0x4212c000 [04:28] old_mmap(0x42131000, 15680, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x42131000 [04:28] close(3) = 0 [04:28] old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40017000 [04:28] munmap(0x40014000, 10564) = 0 [04:29] brk(0) = 0x804b74c [04:29] brk(0x804b77c) = 0x804b77c [04:29] brk(0x804c000) = 0x804c000 [04:29] shmget(IPC_PRIVATE, 63, 0) = 65536 [04:29] shmget(1057030145, 4, IPC_CREAT|IPC_NOWAIT|0xbffff018|020upeek: ptrace(PTRACE_PEEKUSER, ... ): No such process [04:29] [root@rh73-alex root]# vps -axuw | grep test1 [04:29] root 1023 4 test1 0.0 0.4 2220 644 ? SN 15:51 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd/mux -a shadow [04:29] that's it, i killed everything else [04:29] and it still segfaults [04:29] okay it's not strace 4.5 right? [04:29] 4.4-4 [04:29] comes with redhat 9 [04:29] okay can you upgrade? [04:30] not now, i need to leave in a few minutes [04:30] okay, try chcontext 666 cat /proc/self/status ? [04:30] chcontext --ctx 666 of course ... [04:30] weird [04:31] so i killed the last process [04:31] and did vserver test1 start [04:31] and it's starting... [04:31] and I can do chcontext --ctx 4 cat /proc/self/status [04:31] ... [04:31] weird [04:31] probably the VM limit was hit ... [04:32] does start do something like re-create some structure ? [04:32] i'm guessing the vm limit was stuck, and since the processes weren't killed by context 4 the vm acc wasn't subtracted [04:32] ? [04:32] well if the last process dies, the entire context is freed, and then newly created ... [04:33] all if all with the mods to fork.c it seems it can go through a lot more before dying [04:33] hmm, good theory ... I will verify ... [04:33] before if I ran apachebench against a vserver that only had 30MB free it would die quickly [04:34] now it lasts quite a few minutes and you I can run tasks such as top, cat, free, vmstat... [04:34] so like, if you're trying to use more memory than you have of course shits gonna screw up [04:34] but it's graceful up to a point now... which is expected [04:35] fine to hear ... [04:35] it may be just my test though [04:35] as each httpd process uses 12mb of vm [04:35] okay, I'll go to bed now ... we'll talk tomorrow ... [04:35] so that means as soon as it can't malloc 12mb it fails [04:36] leaving 12mb for smaller processes... [04:36] ok, i must leave very soon too [04:36] bye [04:36] yes, that is the advantage, bye ... [04:36] Nick change: Bertl -> Bertl_zZ [04:56] ml_vm: 9588/262144 [04:56] ml_rss: 16880/65532 [04:56] interesting.. [05:08] serving (~serving@213.186.190.203) left irc: Ping timeout: 485 seconds [05:42] say_ (~say@212.86.243.154) joined #vserver. [05:42] say_out (~say@212.86.243.154) left irc: Read error: Connection reset by peer [06:59] serving (~serving@213.186.191.141) joined #vserver. [07:33] shadow (~umka@212.86.233.226) joined #vserver. [07:33] morning :) [07:58] mdaur_ (mdaur@p5091583A.dip.t-dialin.net) joined #vserver. [08:04] mdaur__ (mdaur@p50916D3D.dip.t-dialin.net) left irc: Ping timeout: 492 seconds [09:19] serving (~serving@213.186.191.141) left irc: Ping timeout: 480 seconds [10:32] re [10:47] re [10:48] re [11:11] serving (~serving@213.186.191.141) joined #vserver. [11:19] Test. [11:26] kloo (~kloo@213-84-79-23.adsl.xs4all.nl) joined #vserver. [11:27] ... [11:31] test pased [11:40] kestrel (~athomas@202.181.20.51) left irc: Quit: ircII EPIC4-1.0.1 -- Are we there yet? [11:50] gaertner (~gaertner@212.68.83.129) left irc: Ping timeout: 483 seconds [11:56] virtuoso (~shisha@ip114-115.adsl.wplus.ru) left #vserver (rejoin). [12:05] gaertner (~gaertner@212.68.83.129) joined #vserver. [12:20] kloo (~kloo@213-84-79-23.adsl.xs4all.nl) left irc: Ping timeout: 485 seconds [12:44] mugwump (~sv@cpc2-glfd1-4-0-cust28.glfd.cable.ntl.com) joined #vserver. [13:40] mugwump (~sv@cpc2-glfd1-4-0-cust28.glfd.cable.ntl.com) left irc: Quit: off to work [15:52] shadow (~umka@212.86.233.226) left irc: Ping timeout: 492 seconds [15:53] say_ (~say@212.86.243.154) left irc: Ping timeout: 480 seconds [15:54] netrose (~john877@CC3-24.171.21.47.charter-stl.com) left #vserver. [15:54] netrose (~john877@CC3-24.171.21.47.charter-stl.com) joined #vserver. [16:05] say_out (~say@212.86.243.154) joined #vserver. [16:52] say_out (~say@212.86.243.154) left irc: Read error: Connection reset by peer [16:52] say_out (~say@212.86.243.154) joined #vserver. [17:17] dst (~dst@p4b23e3d4.np.schlund.de) joined #vserver. [17:17] hi all [17:20] netrose (~john877@CC3-24.171.21.47.charter-stl.com) left irc: Ping timeout: 485 seconds [17:26] say_out (~say@212.86.243.154) left irc: Read error: Connection reset by peer [17:47] JonB (~jon@kg40.kollegiegaarden.dk) joined #vserver. [17:47] anyone active? [18:09] cliu (~icechat5@pcd346179.netvigator.com) joined #vserver. [18:15] cliu (~icechat5@pcd346179.netvigator.com) left irc: Quit: IceChat - Chillin with the Best of em [18:16] cliu (~icechat5@pcd346179.netvigator.com) joined #vserver. [18:19] alekibango (~john@b59.brno.mistral.cz) left irc: Remote host closed the connection [18:25] morning [18:27] alekibango (~john@b59.brno.mistral.cz) joined #vserver. [18:35] Nick change: Bertl_zZ -> Bertl [18:36] hi all! [18:36] hey Bertl [18:36] hi cliu! [18:36] hi Bertl [18:36] so what is your problem? [18:37] rjg (~rjg@207.36.81.15) joined #vserver. [18:37] hi rjg?! [18:37] Hi everyone... [18:37] i'm using vserver 0.20, which kernel / patch should i use for quota support? [18:38] vserver 0.20 is the tool version, I assume, right? [18:38] that's right. [18:38] alekibango (~john@b59.brno.mistral.cz) left irc: Ping timeout: 480 seconds [18:38] okay, do you have strong feelings for this particular version? [18:38] this is the only version i could run with redhat 7.3 :( [18:39] okay, but you don't insist on using the RH kernel, or do you? [18:40] i am not using rh kernel. [18:40] I have a couple of questions that I am confused about after reading way too much.. [18:40] @rjg just ask ... [18:41] 1. Does the network device inside the vserver always show up as dev:vservername or can you mask it to show up as eth0 and any extra addresses as eth0:1 and so on? [18:41] @cliu okay, have a look at http://savannah.nongnu.org/files/?group=util-vserver download the util-vserver-0.23.6.ta.bz2 for example and do a rpmbuild -ta util-vserver-0.23.6.tar.bz2 [18:42] okay. [18:42] @rjg basically you can rename any interface to whatever you want, but you can't have two of the same name (yet) [18:43] Hmm... I see, so I can just bind to an interface or group of interfaces, but they can't be masked inside.. ok [18:43] we are thinking about a virtual network, and alexey has implemented something similar for his version ... [18:43] Yes, I started out by trying his version, but wanted to get on the main releases and it doesn't work the same.. [18:44] Another one, is there a way to control how much ram a vserver uses? [18:44] yeah, I know, matt switched too, and since then reports any missing features ;) [18:44] yes and no, there are experimental patches limiting the VM and accounting the RSS ... [18:45] alekibango (~john@b59.brno.mistral.cz) joined #vserver. [18:45] the latest version ml0.07 was released yesterday and matt reported that it is an improvement ... [18:45] Cool.. I am using uml currently, but the overhead is HUGE... I am looking for something nicer to the host machine and this seems pretty good soo far.. [18:46] there are several advantage over uml, and some drawbacks ... [18:47] Yeah.. I am figuring out what the differences are as I go.. Know where I can find out what is different in ml0.07? [18:47] for example you are not able to run different kernels, or do virtual device operations ... [18:47] compared to what? [18:48] @cliu does this version compile for you? [18:49] is working. [18:49] I am currently running 2.4.21ctx-17c [18:49] @cliu okay, then I would suggest you use c17f [18:50] http://vserver.13thfloor.at/Stuff/split-2.4.22-c17f/ [18:50] it is available for 2.4.20/21/22/23-pre7 [18:51] http://vserver.13thfloor.at/Stuff/patch-2.4.22-c17f.diff.bz2 [18:51] this is the all-in-one version, if you prefer ... [18:51] ok, i will try it, many thanks! [18:51] @rjg you'll have to upgrade, if you want to use newer features ... [18:52] What things are introduced? I have heard about quota support, being able to nice all the processes in each vserver, since each vserver is represented as 1 process to the scheduler.. What else can you think of? [18:54] well, the nicing is present in ctx17c too ... we now have .. [18:54] - O(1) scheduler [18:54] - rmap15k rik's memory architecture [18:55] - disk limits, (based on context tagging) [18:55] - per context quota [18:55] - memory accounting and limits (rss/vm/lock) [18:55] - virtual root device (security) [18:55] - various patches to add some features [18:55] wow.. [18:56] what is the 0/1 scheduler, is that what I was attempting to describe above? [18:57] well, the O(1) scheduler is a improved process scheduler, used on 2.6 for example (or in -ac / -aa tree) [18:57] and the ctx patch ontop of O(1) does something like fair scheduling per context ... [18:57] ahh.. that sounds really cool.. [18:58] ctx17c has all the above already bert? [18:58] I think he was telling me to upgrade, because I am missing all of these things.. [18:58] nope, ctx17c has ... hmm .. nothing of that ;) [18:58] lol [18:58] Not really a fair comparison I am doing then is it? ;-) [18:58] ok confused me [18:58] cause I am running ctxf [18:59] 17f i think [18:59] well, this is a good start ;) [18:59] 11:01am up 5 days, 23:01, 1 user, load average: 0.19, 0.35, 0.39 [18:59] no crash yet lol [19:00] 5:02pm up 183 days, 12:40, 1 user, load average: 0.17, 0.47, 0.32 [19:00] I have to admit, not with c17f ;) [19:00] on 17f ? [19:00] ahh right i had like 270+ uptime before i upgraded to your latest patch [19:00] 2.4.20-p8c13e actually ... [19:01] Do these features/updates negate stability? [19:01] bertl, are you familiar with 'magig link' concept [19:01] @rjg always ... [19:01] 'magic link' [19:01] @nesh not yet, or maybe and I don know yet? [19:02] Bertl, well basically what it is for example say you create rh7.3 vserver all the files have this so called 'magic link' so everything is a link to a repository only when the file or binary is modified is it actually copied in to the vserver enviroment [19:03] thus saving disk space etc [19:05] ahh you mean unification ;) [19:05] is that the correct term [19:05] :) [19:05] yup, terms are ILI and unification, [19:05] where ILI = Immutable Linkage Invert ... [19:06] but it doesn't work like COW .. as you described ... [19:06] ahh thanks now I know [19:06] oh [19:06] i just heard this from a tech demo from virtuozzo [19:06] thats how they described it to me [19:06] the problem with the COW approach is, what do you do if you add 1 byte to a large files and have only 1k free disk space? [19:07] Bertl, where is the best place to dig up more information on these patches? [19:07] eek right [19:07] I don't want to bother you guys with info that must be out there somewhere.. [19:07] so the ILI works this way, you are not allowed to change the link, but you can remove and recreate it ... [19:16] loger joined #vserver. [19:17] Thanks.. it is starting to cool down a bit.. I look forward to it.. [19:18] okay ... have fun! [19:19] Ok, I'll see you guys later.. I'm sure I will have more questions... [19:19] rjg (~rjg@207.36.81.15) left irc: [19:26] say_out (~say@212.86.243.154) joined #vserver. [19:34] okay, cu l8er ... [19:35] Nick change: Bertl -> Bertl_oO [19:35] Nick change: say_out -> say [20:07] Bertl_oO:... [20:07] server still up from yesterday] [20:08] (matta) ml_vm: 9588/262144 [20:08] (matta) ml_rss: 16880/65532 [20:08] i got into that situation though... [20:28] whats that [20:41] shadow (~umka@212.86.233.226) joined #vserver. [20:41] evening.. [20:53] morning [20:56] crazyimp (~crazyimp@p508B66BF.dip.t-dialin.net) left irc: Ping timeout: 480 seconds [21:07] crazyimp (~crazyimp@p508B604F.dip.t-dialin.net) joined #vserver. [21:30] ensc (~ensc@ultra.csn.tu-chemnitz.de) joined #vserver. [21:30] hello [21:38] hello [21:45] dst (~dst@p4b23e3d4.np.schlund.de) left irc: Quit: leaving [21:51] rjg (~rjg@207.36.81.15) joined #vserver. [21:51] Anybody home? [21:56] say (~say@212.86.243.154) left irc: [22:01] Hi [22:02] Hey.. I think everyone is sleeping.. [22:04] yeah or working :) [22:05] Yeah.. I know the feeling.. ;-) [22:37] say (~say@212.86.243.154) joined #vserver. [22:37] Nick change: say -> say-out [22:43] say-out (~say@212.86.243.154) left irc: [23:06] Nick change: Bertl_oO -> Bertl [23:07] hi all! [23:07] hello! [23:07] hi dan! [23:08] hi crazyimp! [23:09] @enrico, do we have a util-vserver version for the upcoming vserver-1.0 release? [23:09] Bertl: has there something changed since c17h? [23:10] well, actually it is c17f and we talked about being as compatible as possible to older versions ... [23:10] so probably you 'stable' tree has something to offer ... [23:11] but I would like to see the capabilities in there ... (QUOTA/PTRACE) [23:11] which number is QUOTA? 29 or 30? [23:11] 29, 30 is CONTEXT ... [23:11] Hi Herbert [23:11] hi alex! [23:12] 29 is CAP_OPENDEV here already [23:12] hmm, here means? [23:13] ctx17a patch [23:13] well, actually that one never existed ... [23:14] in ftp://ftp.solucorp.qc.ca/pub/vserver/patch-2.4.22ctx-17c.gz also [23:14] is it implemented as CAP_OPENDEV ? [23:15] I mean in the tools, not the kernel patch ... [23:15] have a look where it is _used_ in those patches ... [23:15] it is not used in the kernel [23:16] that was the reason I removed it from there ... [23:16] but the question is, did the tools ever use it? [23:16] reducecap understands it [23:17] hrm ... okay, guess I have to talk with jack again ... [23:18] CAP_QUOTACTL will be 29 for release 1.0 and CAP_OPENDEV will not be used in any patch (for now) [23:18] Hey Bertl! [23:19] hi florida! ;) [23:19] lol... I have more questions of course... [23:19] who would have guessed ;) [23:20] From my reading it looks like Alexey's tree is the way to go, but I am only up to september on the mailing list.. started in january ;-) [23:20] :-) [23:20] Let me qualify my statement.. His tree has the features that I am looking for.. Don't want to hurt anyone.. [23:21] no problem with that ... he is actually here (shadow) talk with him ... [23:21] Ah.. thanks! [23:23] Have you tested it out Bertl? [23:23] what, alexs version? [23:24] Yes... [23:25] I was using it yesturday, but didn't know it was his.. It was merged with the hspere control panel stuff and I didn't need/want all of the other things... [23:25] I tried one of the older versions ... but since then, much has changed ... [23:25] I am going to try and build it tonight from his sources to see what happens.. Although the kernel from the hspere site looks to be the same... [23:26] it not mergeg with h-sphere.. [23:26] but h-sphere have scripts for work with freevps. [23:26] if you want to talk to someone who is working with both branches, you could talk to matt (matta) ... [23:28] Hey Alex! So it is just the hspere-vds rpm that they have done? [23:28] Does this mean that I can use your tools with their kernel rpm? [23:33] hm.. h-sphere vps tools includes my tools. but be carryfull - not use a snapshot version tools with "release" version of kernel [23:34] So I should use the patch and the tools in the "releases" directory at http://www.ttn.ru:8001/~shadow/releases/ [23:36] for me psoft register domain www.freevps.com - all development moved to it.. [23:38] Bertl: present ? [23:38] He was here a second ago.. [23:39] he is still, watch the nick ... [23:39] Ah.. us florida guys are still trying to catch on.. ;-) [23:40] Action: riel chainaws security/selinux/hooks.c into a security/virtual_context.c [23:40] Bertl: okay, sorry. Anyway, i cant get PPDD to work on 2.4.22, so, which vserver patches can i use for 2.4.21 ? [23:40] almost 1000 lines gone already [23:40] c17f, c17h ... [23:41] Action: Bertl doesn't know the ancient art of 'chainawing' yet ;) [23:42] Action: Bertl prefers the rocket launcher ... [23:42] yeah, but with the rocket launcher you can't control which parts fall off ;) [23:43] hmm, never thought about that, may the devastator is the better choice after all ;) [23:47] jhh (~heuing@zux183-248.adsl.green.ch) joined #vserver. [23:48] hey.... [23:48] anyone here ? [23:48] hey jhh! [23:48] i am not quite sure if this is the right way before posting to the mailing list, I've got 2 small questions about vserver... ? [23:49] well, one, i might figure out the other one ;) [23:49] well, ask away ... [23:49] jhh: okay [23:49] it looks like compiling kernel etc. went well, no errors with patching and all that. but when I enter a vserver it says: [23:49] Kernel do not support chrootsafe(), using chroot() [23:50] is that a problem ? [23:50] jhh: not really [23:50] jhh: did you make chmod 000 ? [23:51] well, that's funny :) I did chmod 000 and now I get permission denied [23:51] okay, slow here ... [23:51] jhh: where did you do chmod 000 ? on what dir ? [23:51] don't spread misinformation, that's my job ;) [23:52] Bertl: your job is better done coding [23:52] chmod on /vserver/t1 [23:52] jhh: do it on the /vserver [23:52] not with -R [23:52] riel for vps - selinux hooks not need [23:52] ok, hang on [23:52] chrootsafe(), using chroot() has nothing to do with the 000 issue ... [23:52] Bertl: not ? [23:52] shadow: exactly [23:52] nope! [23:52] shadow: I'm cutting those out [23:52] Simon (~sgarner@apollo.quattro.net.nz) joined #vserver. [23:52] shadow: and making a vserver version of hooks.c instead [23:53] ok, did that. doesnÄt change anything [23:53] hey, btw: it's amazing to get that fast feedback of that quality !! [23:53] chrootsafe() or chsaferoot() is something jack did introduce, but not implement in the ctx17 version ... [23:53] bertl: ah, right. so I can just ignore it and update at some point ? [23:54] riel i analise selinux but on it we can make freebsd jail with not separeted users/group identifyer.. but vps need it separate.. [23:54] i compiled kernel 2.4.22ctx-17c, and using the last vserver / vserver-admin [23:54] the tools now spit out this warning, unless you use ctx18pre1, which I do not advise ... [23:54] ok [23:54] shadow: please read what I wrote [23:55] Bertl: which patch do i need for 2.4.21 ? [23:55] but if you want to get rid of this message, you could ether use util-vserver (from enrico) or wait for the next tool release from jack ... [23:55] shadow: I'm making a vserver LSM module, by editing a copy of hooks.c [23:55] @jon 2.4.21 you can use c17f or c17h ... [23:55] shadow: that should be good enough to implement maybe 50% of the selinux changes needed [23:56] shadow: the other 50% I'll implement in a different way [23:56] @jhh which kernel patch version do you use now? [23:56] riel how you add context id to network device ? :) [23:57] and have separated list of network devices ? [23:57] bertl: if it's just the messange, I can just use this pacakge [23:57] Bertl: stable ? [23:57] bertel: kernel patch, hang on [23:57] shadow: I want to add the allowed network info to the security_context struct that belongs to the current task [23:57] @jon c17f will be release in a few days as stable vserver-1.0 stable enough? [23:57] bertel: linux-2.4.22 + patch-2.4.22ctx-17c [23:58] Bertl: well, because of PPDD i cant use any bigger than 21 :( [23:58] @jhh okay, upgrade to c17f makes sense but isn't necessary ... [23:58] netrose (~john877@CC3-24.171.21.47.charter-stl.com) left irc: Ping timeout: 485 seconds [23:58] @jon as I said it works for 2.4.20/21/22/23-pre7 ... [23:58] alright, if not necessary, I'll go with the next update coming. this is just testing phase anyway, and it looks pretty well !! [23:59] Bertl: okay, because those i got yesterday wont patch 2.4.21 [23:59] http://vserver.13thfloor.at/Stuff/patch-2.4.21-c17f.diff.bz2 [23:59] Bertl: thanks, you're the best [00:00] --- Tue Oct 28 2003