[01:18] Zoiah (Zoiah@81.17.52.139) left irc: Ping timeout: 483 seconds [01:18] JonB (~jon@194.239.210.165) left irc: Quit: Client exiting [01:20] Simon (~sgarner@apollo.quattro.net.nz) joined #vserver. [01:21] mcp (~hightower@wolk-project.de) left irc: Ping timeout: 488 seconds [01:35] Nick change: Bertl_oO -> Bertl [01:35] hi all! [01:36] night Herbert.. [01:36] hi Bertl! [01:40] what's the story with hostnames in vservers? [01:40] it always shows as the host server :( [01:40] hmm, shouldn't be so ... [01:40] mhepp (~mhepp@213.211.38.19) left irc: Ping timeout: 485 seconds [01:41] you should set it with sys_sethostname(), from inside the vserver [01:41] could you show me one of your configurations? [01:41] I have S_HOSTNAME set in the config... and it says it is setting it when you do vserver start [01:42] okay, kernel/patches? [01:42] riel, are you saying /bin/hostname should be able to set it? [01:42] 2.4.22-c17h [01:43] Simon: I suspect so, but I'm not 100% sure [01:43] I think I tried that and it needs a CAP? lemme check [01:43] nope, not with this branch, alex branch does so ... [01:44] hostname: you must be root to change the host name [01:44] and I am root (in the vs) [01:44] yes, it is not allowed to change the hostname from a vps ... [01:45] I'll check that with 2.4.22-c17h .. give me a few minutes ... [01:46] # vserver test2 enter [01:46] ipv4root is now 192.168.1.20 [01:46] Host name is now test.blah.nz [01:46] Domain name is now [01:46] New security context is 100 [01:46] # hostname [01:46] host.servers.name [01:47] mhepp (~mhepp@r72s22p13.home.nbox.cz) joined #vserver. [01:49] ipv4root is now 192.168.0.2 [01:49] Host name is now XXXX.test.org [01:49] Domain name is now [01:49] New security context is 1001 [01:49] Kernel do not support chrootsafe(), using chroot() [01:49] [root@vserver:XXXX /]hostname [01:49] XXXX.test.org [01:49] hmm, seems I can't reproduce with 2.4.22-c17h :( [01:50] umm :( [01:50] mandrake? [01:50] @simon please check the hostname command (inside the vserver) with strace ... (you'll ned CAP_PTRACE) ... [01:50] jup mandrake ... [01:51] maybe it is my tools? I am using 0.23.93 [01:51] hmm, you are doing this on x86_64 right? [01:51] yes [01:51] uhoh ;) [01:51] what if this magic 32/64 bit syscall stuff strikes again ;) [01:52] let me have a look at the code ... brb [01:52] what am I looking for in this trace? [01:52] if you have strace 4.5 you should see all the syscalls ... [01:53] ah.. 4.4.98 [01:54] I do see a list of stuff, is there something in particular...? [01:54] maybe something like sys_hostname* [01:55] uname? [01:55] sounds good ... [01:55] uname({sys="Linux", node="host.servers.name", ...}) = 0 [01:55] okay, I've found the code ... [01:56] x86_64 has it's own uname syscall :( [01:56] :( [01:56] let me check it, and I'll make a patch ;) [01:56] ta ;) [01:59] Nick change: riel -> unriel [02:00] @simon does this really call (sys_)uname ? [02:04] http://www.expio.co.nz/~sgarner/terra/uname.txt [02:10] okay, please try that one ... http://vserver.13thfloor.at/Stuff/x86_64-fix_uname.diff [02:25] sys_x86_64.c: In function `sys_uname': [02:25] sys_x86_64.c:122: error: `pptmp' undeclared (first use in this function) [02:25] sys_x86_64.c:122: error: (Each undeclared identifier is reported only once [02:25] sys_x86_64.c:122: error: for each function it appears in.) [02:25] make[1]: *** [sys_x86_64.o] Error 1 [02:26] typo, should be pttmp ;) [02:26] just change and restart make bzImage ... [02:27] ok ;) [02:28] mhepp (~mhepp@r72s22p13.home.nbox.cz) left irc: Quit: Tak ja padaaaaM [02:33] that worked :D [02:34] well, I'll add it to the x86_64 bugfixes, then ;) [02:35] next question ;) [02:35] probably a hundred other things don't work on non i386 ... but as nobody tests/cares it isn't important (yet) ... [02:35] how does one set the immutable-linkage-invert bit on a file? [02:35] I hope not a hundred things ;( [02:37] setattr/showattr ... [02:37] I dont have those... [02:38] hmm, what utils? [02:38] 0.23.93 [02:38] you should have a showattr there ... [02:38] /usr/lib/util-vserver/showattr [02:39] ahh [02:39] Simon: ln -s showattr /usr/lib/util-vserver/setattr [02:39] why's it in there :P [02:39] hiding, from the big cruel world ;) [02:40] hi enrico! [02:40] ok, final question (for now) ;) [02:41] @enrico, do we have a version with CAP_QUOTACTL yet? [02:41] rebootmgr doesnt seem to work too good... [02:41] but not too bad either? [02:41] CVS, but it is still #30 there. I had not very much time in the last days [02:41] I start the rebootmgr service on host server, and start a vserver [02:41] then enter the vserver and type vreboot [02:41] @enrico okay, can we get it done until tomorrow? [02:42] Bertl: which timezone? ;) [02:42] after a moment I get this: [02:42] /usr/sbin/vserver: line 770: 1670 Killed $CHBIND_CMD $SILENT $IPOPT --bcast $IPROOTBCAST $CHCONTEXT_CMD $SILENT $FLAGS $CAPS --secure --ctx $S_CONTEXT $CAPCHROOT_CMD --suid $USERID . "$@" [02:42] and I am back in the host server... [02:42] @enrico maybe it would be nice to have a vserver release with any tools ;) [02:43] @simon hmm, ... sounds interesting ... [02:44] but look at it this way, it doesn't reboot your host, right? [02:44] no ;) [02:44] unriel (~riel@riel.netop.oftc.net) left irc: Ping timeout: 501 seconds [02:44] Simon: may be related with the fact, that there does not exist an atomic context-kill [02:44] unriel (~riel@nat-pool-bos.redhat.com) joined #vserver. [02:45] Simon: the shutdown-sequence is killed by the killall from inside the vserver [02:45] hmm, what is in line 770 in /usr/sbin/vserver (I don't have a line 770 ;) [02:45] bye to alll [02:45] night alex! [02:45] shadow (~umka@212.86.233.226) left irc: Quit: to bed [02:45] 'fi' ;) it's the last line [02:47] it's simple: vserver enters runlevel 6, ... call vhalt <... rebootmgr becomes active, calls vserver ... stop, which starts 'rc.sysinit 6' in the vserver> ... vserver-init calls killall5 which kills the rc.sysinit [02:48] RH (~john877@24.171.21.47) left irc: Ping timeout: 485 seconds [02:48] hmm, never used/tested this feature ... guess I have to look at it ... if I have some spare time ... [02:48] it is even stranger if I ssh into the vserver and call vreboot from there [02:48] after restarting if I ssh to the vserver's IP it takes me to the host server... [02:48] though that might be because my host server ssh is not set up properly [02:49] hmm, read this somewhere today ;) [02:50] the question is, is the vserver running/restarted _after_ you did the vreboot? [02:50] how is v_sshd meant to be used on the host? [02:50] simple ... just make a config entry ... [02:50] # cat /etc/vservices/sshd.conf [02:50] # [02:50] IP="eth0 eth1" [02:51] eth0, eth1 could also be ip addresses/etc ... [02:51] yeah that's how I was going to do it but I thought these init.d/v_* scripts were cleverer ;) [02:51] then configure v_sshd instead of sshd ... [02:51] Action: sladen mutters something about rebootmgr needing to die. [02:51] well but v_sshd just runs sshd, it doesn't have any of the start/stop/status stuff [02:51] how should they be 'cleverer'? [02:52] Bertl, *shrug* [02:52] what are they there for then ;) [02:52] v_sshd actually calls exec $USR_LIB_VSERVER/vsysvwrapper sshd $* [02:52] simon: treat v_sshd just of example of how to do chbind sshd "$*" [02:53] which does everything sshd script does, except that it limits to the givien ips/network cards ... [02:53] Simon: v_sshd is not really clever; /etc/ssh/sshd_config allows to specify listen-addresses [02:53] @rik, hmm any reason for _not_ using v_sshd? [02:54] oh I get it [02:54] that's quite neat actually :) [02:55] @rik, not to mention that exec ../vsysvwrapper isn't a good example how to do it by hand ;) [02:55] sorry, I'm tired s/rik/paul/ ... [02:56] @paul, hmm any reason for _not_ using v_sshd? [02:56] @paul, not to mention that exec ../vsysvwrapper isn't a good example how to do it by hand ;) [02:59] oh yeah, what's the story with localhost/loopback in vs's? [03:00] no story, you can use lo, but it is shared ... [03:00] When starting the vs I get this from postfix [03:00] Starting postfix: Starting postfix: postalias: fatal: parameter inet_interfaces: no local interface found for 127.0.0.1 [03:00] postmap: fatal: parameter inet_interfaces: no local interface found for 127.0.0.1 [03:00] Last message repeated 3 time(s). [03:00] postmap: fatal: parameter inet_interfaces: no local interface found for 127.0.0.1 [03:01] I can probably config around it, just wondering what causes this [03:01] usually you would prefer to do almost everything via the ip of that server ... [03:01] agreed [03:01] simple, make ifconfig and have a close look ;) [03:01] so there is no special treatment for lo? [03:01] yeah, ifconfig output is weird in vservers... [03:01] lo Link encap:Local Loopback [03:01] UP LOOPBACK RUNNING MTU:16436 Metric:1 [03:01] RX packets:14 errors:0 dropped:0 overruns:0 frame:0 [03:01] TX packets:14 errors:0 dropped:0 overruns:0 carrier:0 [03:01] collisions:0 txqueuelen:0 [03:01] RX bytes:1000 (1000.0 b) TX bytes:1000 (1000.0 b) [03:02] no ip? :) [03:02] well, it is hidden, like the other aliases ... [03:02] same for eth0 [03:02] this _is_ a security measure ... [03:02] ok that's cool, just checking this isn't another x86_64 oddity ;) [03:03] yeah, you right, just ask if something smells fishy ... [03:04] ah, vreboot works now I have ssh bound on the host correctly [03:07] Zoiah (Zoiah@81.17.52.139) joined #vserver. [03:07] hi zoiah! [03:09] # vserver test2 stop [03:09] Stopping the virtual server test2 [03:09] Server test2 is running [03:09] ipv4root is now 192.168.1.20 [03:09] New security context is 100 [03:09] Couldnt get a file descriptor referring to the console [03:09] /usr/sbin/vserver: line 770: 5905 Killed $CHBIND_CMD $SILENT $IPOPT --bcast $IPROOTBCAST $CHCONTEXT_CMD $SILENT $CAPS --secure --ctx $S_CONTEXT $CAPCHROOT_CMD . $STOPCMD [03:09] sleeping 5 seconds [03:09] Killing all processes [03:09] Any idea where that "Couldn't get a file descriptor" line is coming from? [03:10] ls -la /vservers/test2/dev gives? [03:11] -rw-r--r-- 1 root root 750 Oct 30 13:10 console [03:11] hmm [03:11] that is all? [03:11] I see, something has tried to do a > /dev/console, but it didn't exist [03:11] so it's created it as a regular file [03:12] crw-rw-rw- 1 root root 1, 7 Apr 6 2003 full [03:12] brw------- 1 root root 8, 17 Jan 1 1970 hdv1 [03:12] crw-rw-rw- 1 root root 1, 3 Apr 6 2003 null [03:12] crw-rw-rw- 1 root root 5, 2 Apr 6 2003 ptmx [03:12] drwxr-xr-x 2 root root 4096 Apr 6 2003 pts/ [03:12] crw-r--r-- 1 root root 1, 8 Apr 6 2003 random [03:12] crw-rw-rw- 1 root root 5, 0 Apr 6 2003 tty [03:12] crw-r--r-- 1 root root 1, 9 Apr 6 2003 urandom [03:12] crw-rw-rw- 1 root root 1, 5 Apr 6 2003 zero [03:12] no there is more there... [03:12] this should be there .... [03:12] hmm my hdv1 is a regular file as well [03:12] that might be okay ... [03:12] -rw-r--r-- 1 root root 750 Oct 30 13:10 console [03:12] crw-rw-rw- 1 root root 1, 7 Oct 24 15:04 full [03:12] -rw-r--r-- 1 root root 0 Oct 24 15:04 hdv1 [03:12] crw-rw-rw- 1 root root 1, 3 Oct 24 15:04 null [03:12] crw-rw-rw- 1 root root 5, 2 Oct 30 13:06 ptmx [03:12] drwxr-xr-x 2 root root 4096 Oct 24 15:04 pts/ [03:12] crw-r--r-- 1 root root 1, 8 Oct 24 15:04 random [03:12] srw------- 1 root root 0 Oct 30 13:01 reboot= [03:12] crw-rw-rw- 1 root root 5, 0 Oct 24 15:04 tty [03:12] crw-r--r-- 1 root root 1, 9 Oct 30 13:05 urandom [03:12] crw-rw-rw- 1 root root 1, 5 Oct 24 15:04 zero [03:13] hmm, seems like something tries to log to console then ... [03:13] may have been syslog, I did change that yesterday [03:14] hmm [03:14] vserver test2 stop creates /dev/console [03:17] ah, this is from /etc/rc.d/rc [03:17] elif [[ "$newrunlevel" = "0" || "$newrunlevel" = "6" ]]; then [03:17] chvt 1 [03:17] exec &> /dev/console [03:17] # Make sure terminal is using correct character set. [03:17] # When booting this implicitly happens in rc.sysinit, but when shutting [03:17] # down terminal can be left in wrong state [03:17] [[ -f /etc/init.d/mandrake_consmap ]] && . /etc/init.d/mandrake_consmap [03:17] fi [03:18] well, I would say, just remove it ;) [03:20] hmm well now it doesn't make /dev/console... but the error is still there [03:20] what did you remove, I hope the chvt 1 too ... [03:21] same with the /etc/init.d/mandrake_consmap [03:25] ah that did it, mustve been the chvt [03:25] should I make hdv1 a real device? [03:25] depends what you want to do ... if you need dlimits and/or quota, you'll have to, otherwise just ignore it ... [03:26] ok I did it ;) [03:26] hmm, what? [03:26] mknod [03:27] hmm, probably wrong again ... you'll have to use the vroot device for that ... [03:28] :o [03:29] well, at least if you a) care about security, and b) have other devices as my test server does ... [03:29] how do I make it then? [03:30] well, mknod is okay, you just use 'b 4 0' for vroot 0, for example ... [03:30] I have that in the host server... what about in the vs? [03:31] http://www.13thfloor.at/VServer/HowTo_LVMQS.shtml [03:31] it's a little old, but the vroot part is still valid ... [03:34] oh yeah, another question... what's the max size of context numbers? 255? [03:34] ignoring quotas for now [03:34] 65535 [03:34] and with UID32/GID32 (inodes) quota? [03:35] 65545 [03:35] oops 65535 [03:35] cool :) [03:35] I just wondered because the CONTEXT column in 'vps' appears to be only 3 digits [03:35] but if you use UID32/GID32 you should be aware that you a) use yet unused space of the on disk inodes, b) it only works on ext2/ext3 ... [03:36] well Im using ext3... should be ok? [03:37] yeah, just be careful, it is not tested on x86_64 ;) [03:37] uhoh ;) [03:37] well, worst thing that could happen is, you lose all your files on that partition ... [03:38] is that all... ;) [03:38] yes, AFAIK, no permanent harm to CPU or RAM is done 8-) [03:38] is UID16/GID16 more reliable/tested/...? [03:39] on x86_64, are you kidding me? [03:39] hehe [03:39] well, if I'm pedantic, it isn't even tested on i386, because UID16/GID16 isn't an option ;) [03:40] opps... UID32/GID16 ;) [03:40] basic principle is, context is stored in UID/GID _without_ modifying the on disk inode fields ... [03:41] I figured storing it in the inodes was safer in that it wouldn't much up the UID/GIDs if quota support were removed... [03:41] much=muck [03:41] so if you trust the existing ext2/ext3 code more, which might not be the best idea at the moment, you would go for GID16 or GID24 ... [03:42] yeah, that is right, if it works, it's less intrusive ... [03:42] hmm [03:43] it seems to work ;) [03:43] well, I would not have added it in the first place, if I didn't want others to use it .. so it should work as expected ... [03:43] did you use the tagctx mount option? [03:44] hmm not at the moment, I took it off [03:44] well, then it is disabled for now ;) [03:44] no wonder it works ;) [03:57] util-vserver 0.23.94 has been released which introduces QUOTACTL caps and honors customized --prefix paths [03:57] cool! [03:57] thanks enrico, will test it asap ... [04:06] my version of bash does not modify the soft limit along with the hard limit when calling ulimit [04:06] so I have to call ulimit twice in /usr/bin/vserver [04:06] hmm, what version is this? [04:08] hmm, debian/unstable bash 2.0.[mumble] [04:09] echo $BASH_VERSION [04:09] heh, lemme go turn it on :) [04:15] 2.05b.0(1)-release [04:15] bash 2.05b-8.1 The GNU Bourne Again SHell [04:16] hmm, how did you verify/find that? [04:16] (not the version, the behaviour ;) [04:17] strace sh -c 'ulimit -H -u 256' [04:17] setrlimit(RLIMIT_NPROC, {rlim_cur=4*1024, rlim_max=256}) = -1 EINVAL (Invalid argument) [04:17] 78sh: line 1: ulimit: max user processes: cannot modify limit: Invalid argument [04:17] and strace sh -c 'ulimit -HS -u 256' gives? [04:17] setrlimit(RLIMIT_NPROC, {rlim_cur=256, rlim_max=256}) = 0 [04:18] well, seems to work then , right? [04:18] yup [04:18] so you don't need to call it twice, correct? [04:18] right [04:18] so what are you wasting my time, then? *G* [04:19] don't take me too serious, I'm glad you did some testing ... oaky? [04:19] the defaults should be updated :P [04:19] good point ... [04:21] by the way, are you using the O(1)/rmap version now? [04:21] yeah [04:22] did you add the fork() patch? [04:22] nope [04:22] matt said it has it's advantages ... [04:22] is there an active mailing list that I'm missing? :) [04:23] nope, I didn't announce this patch ... my fault ... [04:23] what does it do? [04:23] it just prohibits fork() if memory limit would cause to fail it a few (micro)seconds later [04:24] ah [04:24] this allows other tasks to still work, while actually staying below the limits ... [04:25] shuri (~ipv6@CroCrodile.HuNter.blacktaboovideo.com) joined #vserver. [04:26] hi shuri! [04:34] for everyone who wants to test 2.6 stuff, I updated the quota hash abstractions for 2.6.0-test9, you can get them here: http://vserver.13thfloor.at/Experimental/patch-2.6.0-test9-qh0.12.diff.bz2 [04:41] RH (~john877@24.171.21.47) joined #vserver. [04:45] mugwump (~sv@62.253.119.28) left irc: Quit: /me slumps onto his keyboard [04:47] okay, enough for tonight ... cu 2morro ... [04:47] Nick change: Bertl -> Bertl_zZ [05:05] serving- (~serving@213.186.190.157) joined #vserver. [05:09] serving (~serving@213.186.189.28) left irc: Ping timeout: 485 seconds [05:25] mdaur__ (mdaur@p50917CAA.dip.t-dialin.net) left irc: Ping timeout: 488 seconds [05:42] mdaur (mdaur@80.145.92.14) joined #vserver. [06:10] mdaur (mdaur@80.145.92.14) left irc: Ping timeout: 492 seconds [06:15] mdaur (mdaur@p50917930.dip.t-dialin.net) joined #vserver. [07:56] linas (~linas@67.100.217.179) joined #vserver. [07:56] anyone good at chroot? [07:57] chcontext --secure --cap '!CAP_SYS_CHROOT' /bin/sh [07:57] but then I ran the standard chroot-breaking example code and it broke out [07:58] mdaur_ (mdaur@80.145.103.67) joined #vserver. [08:04] mdaur (mdaur@p50917930.dip.t-dialin.net) left irc: Ping timeout: 488 seconds [09:10] Simon (~sgarner@apollo.quattro.net.nz) left irc: Read error: Connection reset by peer [09:10] Simon (~sgarner@210.54.177.190) joined #vserver. [10:05] mcp (~hightower@81.17.110.148) joined #vserver. [13:23] Simon (~sgarner@210.54.177.190) left irc: Quit: so long, and thanks for all the fish [14:07] kestrel (~athomas@o2rosock0a.optus.net.au) left irc: Ping timeout: 492 seconds [14:14] Nick change: Bertl_zZ -> Bertl [14:14] hi all! [14:24] Nick change: Bertl -> Bertl_oO [14:54] say-out (~say@212.86.243.154) joined #vserver. [15:11] re guys. [15:39] shadow (~umka@212.86.233.226) joined #vserver. [15:40] day :) [15:40] Hi Alex. [16:03] mhepp (~mhepp@r72s22p13.home.nbox.cz) joined #vserver. [16:08] Action: shadow found panic on ext3 :-\ [16:12] loger joined #vserver. [16:22] kestrel_ (~athomas@192.65.90.92) joined #vserver. [16:23] hello there [16:25] rjg (~rjg@207.36.81.15) joined #vserver. [16:26] Hello everyone... [16:26] @shadow you awake? [16:30] hello [16:31] Nick change: unriel -> riel [16:31] Hello kestrel.. [16:38] how you doing? [16:39] i like it the way it is, because with it balanced, if you have a lot of one type of traffic the other half of the graph will just be empty [16:39] whoops [16:39] heh, wrong channel (obviously) [16:40] anybody know how difficult it would be to have an "uptime" per vserver? [16:40] a small thing really, but cool :) [17:39] mhepp (~mhepp@r72s22p13.home.nbox.cz) left irc: Quit: Tak ja padaaaaM [17:40] rjg (~rjg@207.36.81.15) left irc: Read error: Connection reset by peer [17:46] rjg76 (~rjg@207.36.81.15) joined #vserver. [18:18] morning [18:43] Hey Nesh... [18:44] Hello [18:53] virtuoso (~shisha@195.131.114.115) left irc: Ping timeout: 492 seconds [18:59] virtuoso (~shisha@195.131.114.115) joined #vserver. [19:03] bertl around? [19:43] RH (~john877@24.171.21.47) left irc: Ping timeout: 485 seconds [21:35] RH (~john877@24.171.21.47) joined #vserver. [21:37] hey [21:53] hey [22:01] say-out (~say@212.86.243.154) left irc: Read error: Connection reset by peer [22:01] say-out (~say@212.86.243.154) joined #vserver. [22:04] mhepp (~mhepp@213.211.38.19) joined #vserver. [22:08] RH (~john877@24.171.21.47) left irc: Ping timeout: 485 seconds [22:12] rjg76 (~rjg@207.36.81.15) left irc: [22:16] mhepp (~mhepp@213.211.38.19) left irc: Ping timeout: 492 seconds [22:30] mhepp (~mhepp@213.211.38.19) joined #vserver. [22:33] loger joined #vserver. [22:44] okay, will be here in about 2-3 hours ... so prepare your questions ;) [23:04] Hi Herbert.. [23:04] Hi [23:08] what i'm not good enough for you Alex? [23:08] pffft [23:09] Hi Nesh [23:09] :) [23:09] Action: shadow tire [23:10] unix sockets and diskquota may be buggy in some situations... [23:10] eh.. [23:31] Nesh (~dmistry@64.106.131.10) left irc: Quit: My damn controlling terminal disappeared! [23:36] Nesh (~dmistry@su-nat.datapipe.net) joined #vserver. [23:45] Nesh (~dmistry@su-nat.datapipe.net) left irc: Quit: My damn controlling terminal disappeared! [23:52] shadow (~umka@212.86.233.226) left irc: Quit: sleep [23:56] alekibango (~john@62.245.97.59) joined #vserver. [00:00] --- Fri Oct 31 2003