[00:00] upgrading a package with an selinux security policy in the host could break the permissions of whatever the processes in guest vhosts are doing [00:01] say that you upgrade the host's sendmail package from one that has /etc/sendmail.cf to one that has /etc/mail/sendmail.cf [00:01] and the security policy is updated so that the thing can access /etc/mail/sendmail.cf ... but no longer /etc/sendmail.cf [00:01] well, I guess then Fedora users will just compile a vanilla kernel with vserver or choose another more compatible distro ... [00:02] now the sendmail inside a vserver will also no longer be able to access /etc/sendmail.cf [00:02] even if that one wasn't upgraded, but still is the older version that needs to access /etc/sendmail.cf [00:02] maybe one day vserver will be virtualisable, but I simply don't see it happen over the next few months [00:03] well, Fedora users could boot their system without selinux [00:03] if those checks are process based, you'll be fine, if they are one per system, you'll have to virtualize/abstract ... [00:03] you can switch off selinux at boot time [00:03] or you can drop it into devel/audit mode ... [00:03] shadow (~umka@212.86.233.226) left irc: Quit: sleep [00:04] OTOH, if selinux gets virtualised because of filesystem namespaces, then vserver stuff becomes easy [00:12] in the mean time, vserver remains useful, but my managers have decided that it's better for me to work on CKRM, which we know can be used in the distro [00:13] hm [00:13] why I'm not surprised? [00:14] I will make sure the CKRM stuff can work with vserver, though [00:14] grepmaster (~jeffrey@66-101-59-71.oplnk.net) left irc: Quit: BitchX-1.0c19 -- just do it. [00:16] grepmaster (~jeffrey@66-101-59-71.oplnk.net) joined #vserver. [00:24] bummer [00:24] so i guess 2.6 will be delayed [00:24] hmm, why do you think so? [00:25] 2.6 vserver [00:26] :) [00:26] for 2.4.23pre9 I should be using ctx17f ? [00:27] hmm, did I miss a release again? [00:27] well seems so .. [00:28] @ace depends .. c17h should work well ... c17f is the stable branch for now ... [00:28] ok, c17f included the quotactl and vroot? [00:28] where is > ctx17e? i don't find those on any of the various sites... [00:28] quotactl yes, vroot no ... [00:29] @grepmaster linux-vserver.org [00:29] http://vserver.13thfloor.at/Stuff/c17h/ [00:30] would I have to change my utils if I went for c17h ? [00:30] yup, you'll need util-vserver for that to work ... [00:30] for this kernel I want stability :> (and I'm running pre9!?!?!) [00:31] I'll go for c17f :) [00:31] 04_2.4.23-pre7_ili.diff <-- do I need that? [00:32] hmm, why would you like to remove the unification stuff? [00:32] I don't use it... [00:33] hmm, may I ask why? [00:34] I tried to split the patches, so you probably could live without it, modulo some includes and such ... [00:34] yes, but I won't answer.. :) because, I'm running 4 - 5 different vservers, not going to run any more.. got enough memory, got fast enough disk.. if I were to sell mass vservers, then maybe I would, also.. don't have time to write a unification tool for gentoo .. (altough it wouldn't be that hard) [00:35] okay, so just try without it ... and if it gives you problems, let me know ... [01:01] Nick change: riel -> unriel [01:44] Nick change: surriel -> riel [02:10] okay, wish you a good whatever ... [02:11] Nick change: Bertl -> Bertl_zZ [03:31] grepmaster (~jeffrey@66-101-59-71.oplnk.net) left irc: Quit: [BX] Do you... BitchX? [03:47] netrose (~john877@24.171.21.47) left irc: Ping timeout: 485 seconds [03:47] monako (~monako@ts1-a39.Perm.dial.rol.ru) joined #vserver. [03:50] monako (~monako@ts1-a39.Perm.dial.rol.ru) left irc: Client Quit [04:21] serving (~serving@213.186.191.184) left irc: Ping timeout: 507 seconds [04:32] serving (~serving@213.186.190.110) joined #vserver. [04:49] ChuckD_zzz (~bug@144.137.113.118) joined #vserver. [04:49] Nick change: ChuckD_zzz -> ChuckD [04:50] aloha? [04:53] bye then! [04:53] ChuckD (~bug@144.137.113.118) left irc: Client Quit [05:18] rjg (~rjg@fl-atlnfl-u2-c3a-169.atlsfl.adelphia.net) joined #vserver. [05:19] rjg (~rjg@fl-atlnfl-u2-c3a-169.atlsfl.adelphia.net) left irc: Remote host closed the connection [05:23] kestrel_ (~athomas@dialup28.optus.net.au) left irc: Quit: fler [05:39] netrose (~john877@24.171.21.47) joined #vserver. [05:48] kestrel_ (~athomas@dialup28.optus.net.au) joined #vserver. [05:48] hello [05:56] rjg (~rjg@fl-atlnfl-u2-c3a-169.atlsfl.adelphia.net) joined #vserver. [05:57] Anybody awake? [05:57] nope [05:58] lol [05:59] Is there a way to limit memory usage in a vserver? [06:01] there are patches [06:01] they're probably linked from the site [06:01] (the site in the topic) [06:04] shuri (~ipv6@CroCrodile.HuNter.blacktaboovideo.com) left irc: Remote host closed the connection [06:07] AnTiGoNe (dontQUERY@81.2.149.146) joined #vserver. [06:08] Hi, any1 alive who can help me? [06:08] depends what kind of help you need [06:08] not unless you tell us what help you need [06:12] ah [06:12] i have downloaded vserver-0.23.src.tar.gz [06:12] and i cant compile it [06:12] :( [06:12] gcc: installation problem, cannot exec `cc1plus': No such file or directory [06:17] kestrel_ (~athomas@dialup28.optus.net.au) left irc: Quit: ircII EPIC4-1.0.1 -- Are we there yet? [06:23] AnTiGoNe (dontQUERY@81.2.149.146) left irc: Quit: leaving [06:32] alekibango (~john@62.245.97.59) left irc: Quit: Client killed by consultant [06:57] rjg (~rjg@fl-atlnfl-u2-c3a-169.atlsfl.adelphia.net) left irc: Remote host closed the connection [07:02] antigone; you don't appear to have a C++ compiler installed [07:18] Simon (~sgarner@210.54.177.190) joined #vserver. [07:36] kestrel_ (~athomas@dialup28.optus.net.au) joined #vserver. [07:54] hmm, is there some reason for the 'sleep 5' in vserver stop? [07:57] mdaur_ (mdaur@p50915EFB.dip.t-dialin.net) joined #vserver. [08:03] mdaur__ (mdaur@80.145.122.17) left irc: Ping timeout: 485 seconds [08:11] ensc (~ensc@ultra.csn.tu-chemnitz.de) left irc: Ping timeout: 507 seconds [09:56] rjg (~rjg@fl-atlnfl-u2-c3a-169.atlsfl.adelphia.net) joined #vserver. [10:18] rjg (~rjg@fl-atlnfl-u2-c3a-169.atlsfl.adelphia.net) left irc: Ping timeout: 483 seconds [11:07] Simon (~sgarner@210.54.177.190) left irc: Read error: Connection reset by peer [11:16] Simon (~sgarner@apollo.quattro.net.nz) joined #vserver. [11:16] Simon (~sgarner@apollo.quattro.net.nz) left irc: Client Quit [11:51] mdaur_ (mdaur@p50915EFB.dip.t-dialin.net) left irc: Quit: cya [12:06] mhepp (~mhepp@r72s22p13.home.nbox.cz) joined #vserver. [12:38] mhepp (~mhepp@r72s22p13.home.nbox.cz) left irc: Quit: Tak ja padaaaaM [14:35] dst (~dst@pD9530754.dip.t-dialin.net) joined #vserver. [15:02] Nick change: Bertl_zZ -> Bertl [15:02] hi all! [15:04] ChuckD (~bug@CPE-144-137-113-118.nsw.bigpond.net.au) joined #vserver. [15:04] hi chuck! [15:04] hi herbert! [15:04] what's doin'? [15:04] good work, congrats! [15:05] cool, not sure if I was doing something useful [15:05] every documentation is useful, I will check and correct where necessary ... [15:06] if you need some history info, about the project and such, and want to integrate this, I can provide some ... [15:07] ok that would be cool [15:07] have any more docs been written for the 1.0 release? [15:07] none I know of (yet) [15:08] ah, I thought they were getting written somewhere out there in the ether =) I guess not [15:08] I'd be happy to help out getting things sorted out [15:09] perfect .. I started yesterday to setup my webspace, but if you want to do that, I'll gladly reduce it to a minimum ... [15:09] you mean your new 13thfloor site? [15:09] http://www.13thfloor.at/vserver/project/ [15:10] nice! [15:10] okay, so maybe I should explain the overall structure of 1.0 to you? [15:11] if you've got a moment =) [15:11] if you write about it, always (because this scales) [15:12] yep sure, I'd be happy to [15:12] but I can also go through the IRC logs if you've said it before [15:12] I was going to do that anyway - make an updated FAQs from the IRC logs [15:12] okay, 1.0 will be, as you mentioned the c17f [15:13] this is functional compatible with ctx17c + quota capability [15:13] but it has cleaned up code, so patches for ctx17c could fail on c17f ... [15:13] hang on, c17f means something different to ctx17f? [15:14] I missed that point... I thought one was just shorthand for the other [15:14] there is no ctx17f ... all my patches where named c17* [15:14] yeah [15:14] the reason for this funny naming is in history, I'll explain ... [15:14] k =) [15:15] some time ago ... jack seemed gone ... [15:15] then one day, he sent a mail, he has a new version with lot of features ... [15:15] aha [15:15] and he released the new tools 0.23 IIRC [15:16] and an experimental patch ctx17a ... with the remark, that ctx18 will be released soon ... [15:16] hmm [15:17] this patch in combination with the tools gave me severe headache ... because the chsaferoot() wasnt in the kernel patch, but the tools complained about it missing ... [15:17] aha, the infamous "chrootsafe() missing"! [15:18] in addition to that, I had maintained (rediffed) the patches (ctx17) up to 2.4.22 and the old patches where only available for ~2.4.20 ... [15:18] old patches = Jack's "new version" ? [15:19] nope ctx17 == old [15:19] ah [15:19] I checked the differences of ctx17a to ctx17 and found that some change in the ipv4 stuff was incorrectly patched ... [15:20] http://www.13thfloor.at/old/VServer/Patches.shtml [15:21] there is the diff between my rediffed version and the ctx17/17a versions ... [15:21] it's beginning to make sense... [15:22] one difference in nomenglature always was that I used ctx17 and jack used ctx-17 ... [15:23] and my patchsets (see same page below) where named c17 (as described in the aptchset nomenglature) [15:25] a long time passed after jack released ctx-17a and everybody was asking, what did happen? where is the promised ctx-18? why are the chsaferoot() issues not resolved? [15:25] where p1c17 was prerelease one for ctx17. then there was room for an extra character to differentiate your own versions [15:25] k [15:25] exactly ... [15:26] so I decided to take over the project and clean up the patches ... [15:26] what sort of timeframe? 3 months ago? [15:27] let me have a look at the archives ... sec [15:32] whoa, things are falling in place. I totally didn't realise that your c17f patch that I installed actually has other updates than just ctx. (true?) [15:34] Date: Fri, 18 Jul 2003 16:02:52 -0500 [15:34] alrighty [15:34] that was ctx-17a release from jackques [15:35] I announced to takeover about a month ago (almost exactly a month) [15:35] yep found the message in the archives [15:35] hey herbert [15:35] hi alec! [15:36] i like the new site, nice [15:36] yep I saw the message about it - Jack seemed cool but I see there are tensions with him releasing more tools/patches, wanting various things included [15:36] thanks [15:36] @chuck I started to split jackques ctx-17a up into smaller pieces ... [15:37] separating out the different areas like ... [15:37] - network checks/virtualization [15:37] - immutable linkage invert (unification) [15:37] - scheduler changes nproc/sched [15:38] did his patch have immutable linkage invert? [15:38] - syscall modifications [15:38] yes ILI is one of the oldest features, added by Sam Vilain ... [15:38] ok, I knew it was added by sam, assumed it was newish (bzzt) [15:39] you should have a look at jack's changelog .. it is very interesting ... [15:39] http://dns.solucorp.qc.ca/changes.hc?projet=vserver&version=0.6 [15:39] for example ;) [15:41] it's fascinating how old those ideas are actually, and how long it took the 'vserver hype' to happen ... [15:42] also interesting that vserver started on 2.2 kernel ... and was ported to 2.4 later ;) [15:42] indeed! I've always known how cool it is but just was waiting for it to happen in a usable open source form [15:42] :) [15:42] okay so I was splitting up ctx-17a ... into orthogonal pieces [15:42] yeppa [15:43] and named the splitups c17a, c17b and a little later jack released ctx-17b and after a few days ctx-17c as bugfix to ctx-17a [15:43] crikey [15:44] this was shortly after he officially transfered project leadership to me, and encouraged me not to wait until the end of last month ... [15:45] I guess he just flushed the long sitting stuff out, without much thinking about the consequences ... [15:45] hmm [15:46] fact is that from this moment on, I had many reports regarding ctx-17c .. which wasn't the mainstream anymore ;) [15:46] I thought about releasing a ctx18 soon, to clear up the confusion ... [15:46] wasn't it? what _was_ the mainstream? [15:47] the mainstream was the c17b + any patches ... [15:47] k [15:47] ctx-17c was a step backwards with no functional or other advantage ... [15:48] ah as you said it was a bugfix to ctx-17a while ctx-17b was actually new [15:48] and just before I released a ctx18 version, jack released ctx-18pre1 ;) [15:48] heh [15:48] including the chsaferoot() and some other stuff ... [15:49] we had a discussion about that later ... 8-) [15:50] after a deep look at the chroot stuff, which is basically untested but nice ... I decided not to include it at this time, especially as enrico was checking the pivot_root stuff .. which might solve the issues in a better/more generic way ... [15:51] (means no kernel changes are required) [15:51] yeah and Linus would never put chsaferoot() in the main tree [15:51] well, as always, I really don't care about that ;) [15:52] fair enough :) [15:52] the decisions which goes into the main streams (Marcello, Andrew, Linus) is like voodoo ... [15:52] s/which/what/ [15:53] for example, people keep complaining about the missing ro,noexec,noatime options on --bind mounts ... [15:54] about 4 month ago, I added this functionality to 2.4 and 2.6 ... the maintainers said, if it is okay for Al Viro, we put it in ... but Al viro had no time yet, to take a look at it ;) [15:54] ah, kernel maintenance [15:55] oops just saw the time, gotta go in 6 mins [15:55] so I would be really surprised if anything from vservers would make it into the kernel without some core kernel guy saying: I don't care what it is, put it in ... [15:55] okay we are done in 3 minutes ;) [15:55] it'll get there if there are users I reckon.. but anyway [15:56] cool =) [15:56] so I had to stay in the c17 range .. and decided to further cleanup c17b now as c17d, and c17e ... [15:57] I planned to release c17e as the new mainstream release ... [15:57] at this time Rik v. Riel managed to get _one_ syscall officially reserved for vservers ... [15:57] (c17b, c17d, c17e were all patchsets that included more than just context/vserver stuff though right?) [15:58] not really, at this point they where cleaned up versions of c17b ... [15:58] k cool, yep I saw the vserver syscall stuff on lkml [15:58] but we had _two_ syscalls in vservers ... ;) [15:59] yeah... [15:59] so what I did was the following ... I updated c17e to c17f where we use the one reserved syscall and the one right after that one ... [15:59] ah [16:00] and I asked the community to test this on different platforms ... [16:00] while the testing was done (or not done :) we discussed the syscall switch ... [16:01] which was implemented in c17g and c17g2 (a bugfix) [16:01] ja [16:01] and then 'officially' released in c17h ... which is now available for testing and already used on some sites [16:02] yeah I saw the release announcement, haven't tried though... [16:02] I planned to release the c17h as new vserver-1.0 but ... [16:02] first, there hasn't been any platform testing, except for x86_64 and i386 ... [16:03] and second jack's tools won't work with c17h :( [16:03] bummer [16:03] last time I spoke with jack, he asked me to allow for a smooth transition, so I decided to make the c17f vserver-1.0 ... [16:04] and jack promised to release tools for this ... and later major releases ... [16:04] so this is the current status ... [16:05] so you can release vserver-1.0 now, which lacks the syscall switch, and it'll work with both sets of tools [16:05] ? [16:05] exactly ... [16:06] you can't keep relying on Jack - it's going to be a nightmare to continually have to wait for things like this in the future [16:06] and we will ahve the syscall switch in 1.1 (devel release) [16:06] and we will release 1.2 probably end of this year, with or without jacks tools ;) [16:07] sounds like the transition was not without issues [16:07] enrico does a good job with the tools (at the moment) and if all fails, I'll do the tools myself ;) [16:07] hmm difficult situation [16:08] I'm sure everything will be fine, and the majority will not even notice ;) [16:09] yeah [16:09] if you find some time later, I'll tell you about the future features ... [16:10] so will Enrico make a 1.0 util-vserver release at the same time as the vserver-1.0 patch release? [16:10] i definitely noticed over the last few weeks...i had no idea which patches to install when i first started looking at the new versions [16:10] he will make a release (not 1.0, because he doesn't feel like doing a 1.0 yet) but it will be vserver-1.0 release specific ... [16:11] and I will have the tools (probably 2) for each kernel patch version linked on my pages ... [16:11] when you say "my pages" you mean 13thfloor, not linux-vserver.org? [16:12] not specifically, but I decided to start on 13thfloor, because the wiki isn't the best place for final releases (they can be faked, and I don't want that to happen ;) [16:13] mm [16:13] the wiki also leads to quantity not quality. need to pare things down and make it ultra clear [16:14] I like writing docs... [16:15] that is one issue, and if somebody volunteers to do 'solid' documentation distilled from all the wikis and HowTo I'll gladly replace all that stuff ... [16:15] I've been thinking about that [16:15] I don't want to miss a wiki, don't get me wrong, it's great to collect info/ideas .... [16:15] the main issue I saw was, Would Jack/Paul/WikiPpl get upset if I just ripped their stuff and put it in one doc on linux-vserver.org? [16:16] yeah I like the wiki, maybe it can even stay that way just with a few pages locked down [16:16] e.g. need to unify the FAQs [16:16] that was one reason for the two small lines at the bottom of my wiki ;) [16:16] cool =) [16:18] I guess neither paul nor jack will have a problem if you reuse their faq/docu ... just send them a mail or even better, ask on the mailing list ... [16:18] yep [16:18] will do [16:19] I want this project to become a real community project, where a lot of people add stuff and work on partial solutions ... [16:19] sweet [16:19] this includes docu/layout/wiki/mailinglist and hundred more ... [16:19] Martin is now doing the mailing list for example ... [16:19] I really liked being able to help out just in little ways by modifying the wiki right from the start, even without a user account [16:20] free as in speech, not beer ;) [16:22] also are you going to release patches that work with RH kernels? that would be cool. would be neat to just say to your basic RH9 user "install this RPM" instead of patching [16:23] I could test that, as I like using RH kernels [16:23] jhh (~heuing@194.245.114.189) joined #vserver. [16:23] planning to get a copy of rhel soon too [16:23] well, I will not do redhat specific patches, this is what alex does ... [16:23] ok [16:23] hi folks... [16:23] but there should be no problem to use vanilla kernels on RH ... [16:24] hi jhh! [16:24] I use Mandrake which is RH based for example ... [16:24] no there's not, but the RH kernels include neato stuff, and well tested to boot [16:24] hi jhh [16:24] (neato = mainly 2.6 backports) [16:24] like O(1) scheduler and rmap ? [16:25] i installed vanilla kernel with patches on redhat, and I am still getting a few errors in the logs, but this is probably through my incompetence of compiling kernels ;) what is the page to the redhat version ? I'd like to give it a try as well... [16:25] yep and 4/4GB split [16:25] (think that's only in the RHEL kernel, not sure) [16:25] well we have that on vanilla too ... [16:25] http://vserver.13thfloor.at/Experimental/patch-2.4.23-pre8-O1.3.diff.bz2 [16:25] thx [16:25] this for example is the O(1) scheduler ... [16:26] @jhh linux-vserver.org .. there are all links ... [16:26] yeah but they're not tested like RH kernels are! (i.e. with many users) [16:26] ah, right... I bookmarked some other page... thanks. [16:26] and the redhat kernel vserver port would not be tested as well as the vanilla one, so what? [16:27] true [16:27] nevertheless we will try to support as many distros as possible ... but not at any cost ... [16:28] cool, just wondering what the plans were. [16:28] for example debian seems to be able to integrate vserver stuff well ... [16:28] I did a port for 2.4.22-3 a few weeks ago ... [16:28] yeah that's cause debian rocks... [16:28] I've got some other question: I will probably go into kernel, packages, to set up a very small vserver, rh9, but I guess that takes a lot of time. did anyone set up a very small vserver based on redhat, and is that available ? just like with all necessary tools to run the vserver. I'd add postfix or apache or whatever is needed individualy [16:30] @jhh if you want it really small, you have to change some packages ... [16:30] @jhh normally you'd need about 100 packages at least for a base install [16:30] bertl: "small" is just fine ;) [16:30] then I would suggest to do a minimum install [16:30] chuck: that's just what I thought, it'll be a lot of work to figure out the right packages, kernel etc..., and I am probably not the pro to do it right [16:31] ok, and then just add the kernel ? [16:31] I'll try that [16:31] don't add the kernel! vservers don't have kernels... [16:31] (not that we don't like them) [16:32] Jack has a minimum RH9 package list in his latest tools, but it's badly wrong (many package names that changed from RH8 to 9 didn't get updated) [16:32] i don't need a kernel at all ? that's what I thought: i don't know exactly what is really needed... I thought it needs a kernel, as you are also able to run debin within redhat (in theory as far as I remember I read somewhere) [16:32] I've got a minimal list of 130 packages if you want me to send it to you [16:32] that would be great. [16:32] there's only one kernel [16:32] ok [16:32] and you can use it with debain, suse, rh, and madnrake on one machine ;) [16:32] it'd be great if you send the list to jh@netfielders.de [16:33] remember, there's _one_ host server and _many_ vservers [16:33] the host server runs the kernel [16:33] the vservers are just processes inside the host server [16:33] ok, one more question: if it does not have it's own kernel. what actualy IS the vserver, and how do I install the 130 packages ? [16:33] it just so happens that they can't see each other [16:33] sounds like you need to read http://www.solucorp.qc.ca/miscprj/s_context.hc?prjstate=1&nodoc=0 ... [16:34] ok, then I guess the debian kernel is not different to the redhat kernel, which I thought is the case, it it's just the difference of the packages itself. thanks for that information, now I understand more... :) [16:34] all linux distributions use the "same" kernel, e.g. linux-2.4.22 [16:34] not exactly, they are different, but the kernel API is the same ... [16:35] (although some of them add a few patches to the kernel, which is what leads to the talk of a "redhat" kernel or a "debian" kernel) [16:35] chuckd: that's the page I knew. I'll see if I can find the note about how to install the packages. [16:37] maybe it's not there... I meant more so you'd understand the general concepts [16:38] which tools are you using? (Jack's vserver or Enrico's util-vserver, and which version) [16:38] ah, right. i read the whole thing back and forth :) i know about the concept of vserver as it is written there, but I didn't know that the distributions are based on the same kernel, but only are different through there use of software. but which is actualy logical, as you could install vanilla kernel on debian as well as redhat. stupid me :) [16:38] Jack's have a /usr/lib/vserver/install-rh9.0 script which does what you want [16:38] ok cool =) [16:40] yep, in fact package management is about the number 1 difference between distros. Debian has dpkg, Red Hat uses rpm, so you can't easily create a Debian vserver on a RH host server, for example [16:41] OK, list of minimum (more or less) packages for Red Hat here: [16:41] http://aphid.net/rh9.0-minimum.txt [16:42] anyway I've got to run sorry good night everyone! [16:42] Nick change: ChuckD -> ChuckD_zZ [16:45] janhendrik (~heuing@194.245.114.189) joined #vserver. [16:45] hi janhendrik! [16:45] hi again... my connection broke (jhh), now I am back but jhh is not gone... did I miss anything ? [16:46] hmm, irc woes ... [16:46] there must be some routing problem. I can access linux-vserver all the time, but not 13thfloor and a lot of others... [16:46] jhh (~heuing@194.245.114.189) left irc: Ping timeout: 485 seconds [16:47] try dig www.13thfloor.at please ;) [16:47] ok, there is this list of 130 packages for redhat. is that what I install with installing redhat ? [16:48] alright, I will. thanks anyway !° [16:51] looks like the whole page is in progress (lot's of empty pages), i'll came back later... [16:56] thanks for your help anyway, and see you later... [16:56] janhendrik (~heuing@194.245.114.189) left irc: [17:24] ccooke (~ccooke@public1-walt1-4-cust238.lond.broadband.ntl.com) joined #vserver. [17:26] hi ccooke! [17:28] hi [17:41] rjg (~rjg@68.66.145.169) joined #vserver. [17:41] hi rjg! [17:41] rjg (~rjg@68.66.145.169) left irc: Remote host closed the connection [17:44] make DESTDIR=... install [17:44] whoops [17:57] I read that as "make DESTROY" [18:07] heh [18:07] that could be quite freudian :) [18:38] mlo (~ml@80.136.179.180) joined #vserver. [18:38] hi mlo! [18:39] Ho! [18:40] mugwump (~sv@62.253.119.16) joined #vserver. [18:40] Quick question: It was on the mailing list a couple days ago but I havent seen a response - is there a working patchset for RH9 kernels ? [18:41] Pristine kernels dont offer the NPTL threading stuff for RH9(and up) [18:41] Have you tried Alex's patches? [18:41] mugwump: To be honest, I have *completely* lost track over the various patches. [18:42] Which is why I hoped they be merged in what is to become vserver-1.0 [18:42] okay, maybe I should explain ... [18:43] alex started his branch somewhere around ctx-13 and didn't care anymore about the main stream ... [18:43] result now is that the both branches are almost incompatible ... [18:44] they use/need completely different tools and have differing features ... [18:44] Yes, and had some interesting problems on its own, causing me to move away from his patches (under Red hat 7.x) to a pristine kernel + Vserver patches. [18:44] Do you really need NPTL, or is an O(1) scheduler enough for you? [18:45] IIRC O(1) was never the issue ... [18:45] I have been running vserver on a 7.3 system, and a RH9, and RHEL-Beta, in a 7.3 hosted VServer. [18:45] They're both by Ingo aren't they? [18:46] Now I have been trying to recompile RHEL3. This does not work, because during glibc compile/test/whatever, NPTL is used and tested and doesnt work. [18:46] mlo: you could try the -ac series. vserver patches at http://vilain.net/linux/ctx/split-2.4.22-ac4-c17g2/ [18:47] I don't know if it has NPTL, but Alan is RedHat's kernel man, so I'd guess that it might ;-) [18:48] mugwump: Alan is on vacation becoming a MBA [18:48] MBA? [18:49] Master of Business Administration [18:49] Gawd, I wonder how he's going to look, in suit + tie :) [18:51] Hmm, after some investigation it almost certainly doesn't have it ... RedHat probably poured a lot of money into that [18:55] http://people.redhat.com/mingo/nptl-patches/ [18:55] Interesting [18:59] 33 failed hunks when applying to 2.4.22-ac4-c17g2 [19:00] nobody need NPTL ..., please correct me if you have any use for it ... [19:02] I do not have any use for it in particular, other than making rh9/rhel work on it as close to the original as possible. And again, without a NPTL enabled kernel, I was unable to recompile RHEL3, so it seems to be used somewhere [19:07] shuri (~ipv6@CroCrodile.HuNter.blacktaboovideo.com) joined #vserver. [19:08] @mlo what do you need RHEL3 for, exactly? [19:09] hi shuri! [19:09] hi Bertl [19:10] more than 6 months of updates ? [19:10] I told you I have no specific technical need for NPTL. Only to be as close as possible to it. [19:10] In order not to see any unpleasant surprises [19:11] okay we are going around in circles ... [19:11] And why not ? [19:11] Well, its simple: I asked if there was a patch for latest RH, including the NPTL (which is not only RHEL, but also RH9, and Fedora too). [19:11] you could take mandrake 9.2 and problem is solved, right? [19:12] It is proven to me that RH9 and RHEL somewhere deep inside have some special cases requiring NPTL, otherwise my compilation stuff would not have failed. [19:13] If there is no such vserver patch yet, then well, I will have to work around it somehow. I merely asked if there was. [19:13] it might be, it might also be that they added special patches to some tools to adapt them to NPTL ... which isn't necessary ... [19:13] mlo: I've got 8 files to go :-) [19:14] the problem I see is, if sam is succesful, and I guess he will be, then you have a completely untested version of vserver ... [19:15] it can wipe out your entire harddisk or lock every 10 minutes ... and how does this go with 'I want RHEL/RHXY .. because it is stable/bugfree/whatever'? [19:15] Not for long, I guess. Because I assume that more people would like to use that. [19:15] You misunderstood me. [19:15] okay, then explain it to me ... [19:16] It goes "I want RHEL because there are 5 years of security updates available. I do not want to do major operating system updates, in particular in vserver environments, every half a year. [19:16] (see Fedora core documents) [19:17] And for that matter, it doesnt even go "I want RHEL", but "I want to be as close as possible to RHEL". And when I cannot recompile packages this is a major disadvantage because all RHEL packages are free only in .SRPM format. [19:18] I do not even care for running the original Red Hat kernel just patched with VSERVER, albeit this would be a plus. But userspace should run no differences [19:20] okay, now my problem is, there is a 2.4 stable release (kernel) right? [19:20] jhh (~heuing@194.245.114.189) joined #vserver. [19:20] and in a stable kernel release, the kernel API is stable, right? [19:21] so I expect any RHwossname userspace to use this API, and it obviously doesn't .. right? [19:22] so if I end up adapting vservers to every kernel API change some distro does ... [19:22] Uhm, no. I think your definition of stable is wrong. [19:22] Interesting, the NPTL patch tunes the O(1) scheduler too [19:23] The kernel api is stable, when a program running on 2.4.1 runs without problems on 2.4.99 [19:23] WOW ... + #define MAX_SLEEP_AVG(10*HZ) [19:23] Not that there are additional features which might get used (as is obviously the case with RH) [19:23] + #define STARVATION_LIMIT(30*HZ) [19:24] That's some pretty starved processes [19:25] The fact that most distributions nowadays do not ship anything bearing close resemblence to the "official" kernel is a lamentable fact but I cannot do anything about it. [19:29] Herb, do you think we should be using atomic_read() in more places? [19:29] definitely ... I was going to change this in many places ... [19:30] Have you looked into how it works? Care to summarise briefly? [19:31] @mlo try to narrow down the changes in 'your' kernel regarding vserver (with the splitups c17f/c17h) and we discuss the required modifications ... okay? [19:34] OK, I'll see what I can do. [19:56] i would like to use vserver. obviously I am having a few questions, which are partly not available in a compact form. does it make sense if I collect these things I find out to put into an faq or something ? [19:58] Put them in the vserver Wiki if you like [19:59] right... but maybe it makes sense if one of you guys has a quick look at it, as it might be nonsense ;) should I send it to the mailinglist to check before putting it online ? [19:59] good idea ... [19:59] ok great... [20:01] i think it'll need one or two more weeks, I am going into details every once in a while, as I have a lot of work. the other thing: as you are working/discussing version1, I'd not like to interrupt you all the time. but maybe someone has got a few minutes sometime this week. I've got some questions, which will be a few minutes for someone knowing about things... anyone interested in helping out with the few things so I can put anything together after checking [20:02] ask them, but think about the answers ... [20:03] Herbert's a guru you see, and only has the patience to answer a few [20:03] ? if I get answers, I will not only thing about it, I will try it as it's problems I am having ;) sure I'll think about it [20:03] ok, great [20:05] is herbert one of the online users with an alias ? [20:06] jup [20:06] ... herbert = bertl ? [20:08] jup [20:08] makes sense, looks quite similar ;) I'll collect anything in a mail, i could private mail, if that's fine with you... or what way do you prefer ? [20:08] mailing list ... [20:08] ok great. [20:13] shuri (~ipv6@CroCrodile.HuNter.blacktaboovideo.com) left #vserver. [20:14] see you later, I'll be back with something on the list.... [20:14] jhh (~heuing@194.245.114.189) left irc: [21:00] AGoe (~bolle@D9861.d.pppool.de) joined #vserver. [21:02] AGoe (~bolle@D9861.d.pppool.de) left #vserver. [21:16] AGoe (~bolle@D9861.d.pppool.de) joined #vserver. [21:16] hi AGoe! [21:16] Alexander I presume ... [21:17] Hi Bertl.. right.. nice to see you [21:17] kestrel_ (~athomas@dialup28.optus.net.au) left irc: Ping timeout: 488 seconds [21:17] hello [21:18] hi matt! [21:19] Bertl you're Herbert I hope? [21:23] AGoe (~bolle@D9861.d.pppool.de) left #vserver (Client exiting). [21:23] right ... [21:24] AGoe (~bolle@D9861.d.pppool.de) joined #vserver. [21:25] AGoe (~bolle@D9861.d.pppool.de) left irc: Client Quit [21:25] yes, alexander I'm herbert ... so what are your issues? [21:26] AGoe (~agoeres@D9861.d.pppool.de) joined #vserver. [21:26] yes, alexander I'm herbert ... so what are your issues? [21:27] well bertl.. basically i'd like to make the limits work, but at the moment i just wanted to find and test the chat.. [21:31] i'm off [21:31] AGoe (~agoeres@D9861.d.pppool.de) left irc: Quit: Client exiting [21:43] unriel (~riel@riel.netop.oftc.net) got netsplit. [21:54] unriel (~riel@riel.netop.oftc.net) got lost in the net-split. [21:54] unriel (~riel@66.187.230.200) joined #vserver. [22:06] netrose (~john877@24.171.21.47) left irc: Ping timeout: 485 seconds [22:19] ccooke (~ccooke@public1-walt1-4-cust238.lond.broadband.ntl.com) left irc: Ping timeout: 506 seconds [22:38] is somebody going to send that to debian-uk@ ? [22:39] dst_ (~dst@pD9E3995B.dip.t-dialin.net) joined #vserver. [22:39] @paul what? [22:39] wrong channel :-) [22:47] dst (~dst@pD9530754.dip.t-dialin.net) left irc: Ping timeout: 506 seconds [22:49] netrose (~john877@24.171.21.47) joined #vserver. [23:04] ccooke (~ccooke@80.1.164.238) joined #vserver. [23:19] okay .. have to leave now ... [23:19] Nick change: Bertl -> Bertl_oO [23:32] rjg (~rjg@68.66.145.169) joined #vserver. [23:33] ShuX (~funny@cpu183.adsl.qc.bellglobal.com) joined #vserver. [23:38] shuri (~ipv6@CroCrodile.HuNter.blacktaboovideo.com) joined #vserver. [23:39] nice [23:40] Topic changed on #vserver by Bertl_oO!~herbert@MAIL.13thfloor.at: http://www.linux-vserver.org/ || vserver-1.0 released! [23:41] ShuX (~funny@cpu183.adsl.qc.bellglobal.com) left irc: Ping timeout: 483 seconds [23:41] :P [23:42] i compile it right now [23:47] ken (~icechat@216.214.61.5) joined #vserver. [23:47] ken (~icechat@216.214.61.5) left #vserver. [23:56] mlo: still around? [23:58] anybody have an example config for Alex's tree? [23:58] perhaps the RPM will have it [23:59] I used the rpm, but his config is different from the "default" I am missing something because I get permission errors when the network tries to come up... [00:00] --- Sun Nov 2 2003