[00:00] we have skb->sk->sk_socket, iirc there's a indicator to which context a socket belongs [00:04] hmm, hmm ->sk_sock points to a struct socket, which has no knowledge of the context yet ... [00:04] at least not in my tree, I'm sure alex' tree has this ... [00:05] mcp (~hightower@wolk-project.de) joined #vserver. [00:05] hi Marc! [00:08] Bertl: has Mandrake the '/usr/include/ext2fs/ext2fs.h' include? [00:08] @mcp what is the status of wolk + vserver ... [00:08] @ensc seems so ... [00:09] Does this exist in Debian 3.0 also? [00:11] it exists in my debian unstable [00:11] @matt any rediffs yet? [00:12] @Gandalf I assume the debian guys should work a little closer with the core development then ;) [00:12] Gandalf: thx, hope this will solve some compilation problems with 2.6 kernel headers [00:13] sorry I've got a cold *cough* ... %-) [00:13] hrm... [00:13] bertl : well, trying to get my switch done first... [00:13] weird problems [00:13] the 2.6 kernel headers are buggy... [00:14] they do not define __u64 with '--std=c99' [00:14] @matt ... the I do the rediff, okay? [00:14] well, it's not working correctly [00:14] so i'd hold off [00:14] one sec, i'll tell you the problem. [00:14] Linux vps5.tektonic.net 2.4.22-vs1.00-6um #3 Tue Nov 18 15:20:55 EST 2003 i686 i686 i386 GNU/Linux [00:14] that's inside the uml [00:15] hmm, are you sure that 6um is correct? [00:15] yeah, it's 2.4.22-6 [00:15] are they conting towards zero? [00:15] i dunno.. [00:15] WSU (~WSU@205.244.47.254) left irc: Quit: Client Exiting [00:15] well if 8um wasn't the latest? [00:15] i told jeff dikes ( the main programmer) I was using 8um off of kernels.usermodelinux.org [00:15] and he told me it was my fault and that was old [00:16] and that I should use the patches from user-mode-linux.sf.net [00:16] -6 is the latest there.. [00:16] so i'm confused too, i thought I was using the latest [00:22] ok, so I have httpd running under chbind on the uml host [00:22] then I start a vserver and that httpd works fine [00:22] then trying to start future vservers says the port is already in use [00:23] Starting httpd: (98)Address already in use: make_sock: could not bind to address [::]:443 [00:25] so maybe the bind didn't work as expected, or the chbind failed somehow ... [00:25] huh, seems port 80 works fine.. [00:26] please change/ssh into a vserver and do grep ipv4 /proc/self/status [00:27] one sec, triyng to rule out their config [00:27] maybe that is a uml error when you try to bind to an IP that isn't yours [00:28] they had the wrong IP in ServerName and /etc/hosts [00:28] just doing a mass search and replace now.. [00:30] ipv4root: c9f13845/00ffffff [00:30] ipv4root_bcast: dff13845 [00:30] ipv4root_refcnt: 2 [00:32] well looks weird, maybe /28 was meant? ... 69.56.241.201/24 and 223 as broadcast ... [00:32] huh? [00:32] TCP/IP works fine.. [00:32] it's just binding to ports gives that error [00:32] well your 'network' is 69.56.241.201/24 [00:33] and your broadcast is 69.56.241.223 .. where it should ne 255 on a /24 ... [00:33] s/ne/be/ [00:34] it's not a /24 [00:34] it's a /28 [00:34] then you should tell the chbind so ... ;) [00:35] eth0:69.56.241.201/28 for example or IPNETMASK=255.255.255.224 [00:35] IPROOTMASK I mean ... [00:38] no change [00:38] it says nothing is listening if I run netstat -nl in the vserver [00:39] okay, how does the grep ... now look like, and what is the issue, and what version are you testing? [00:43] ensc: I can't seem to get util-vserver to compile against my 2.6 headers... [00:44] ensc: any tips? or should I patch a 2.4 kernel and compile against that? [00:45] hmm savannah seems to be dead at the moment... can you try http://www.tu-chemnitz.de/~ensc/util-vserver-0.24.91.tar.bz2 [00:45] ? [00:47] testing [00:47] Gandalf, you are not using the kernel headers in /usr/include/linux, do you? [00:48] ok, user error [00:48] problem with Listen statement... [00:48] okay then, please replace user ;) [00:48] maybe a diff between c17e and vs1.00 ? [00:49] I don't ever watch vserver startup on this server [00:49] you need one? or you would like to look at one ... [00:49] Bertl: I specify --with-kerneldir [00:49] so maybe it was even broke before [00:49] er, differences [00:49] as in difference in behavor [00:49] okay, well what changed then? [00:50] The user had "Listen 80" and "Listen 443" in his httpd.conf [00:50] I commented them out, it works [00:50] ah okay ... fine then ... [00:50] ensc: it fails on linuxcaps.h since it uses __user [00:51] wait, no user error [00:51] it's doing it on all redhat9 installs [00:51] so must be something with uml [00:51] weird [00:51] well, honestly I doubt that uml changes the network behaviour ... [00:51] ensc: removed it just like with the "vanilla" version of util-vserver and reran make, and now it seems to actually succeed, it's still compiling [00:52] ensc: yes it compiled fine [00:52] @Gandalf, enrico so what was the problem, just curious? [00:53] New security context is 100 [00:53] kernel havn't died yet [00:54] Bertl: there is a '__user' statement in linuxcaps.h and the 2.6 headers are broken (no __u64 with '--std=c99') [00:54] latter was solved by including the ext2fs.h from e2fsprogs [00:54] okay, there are no capabilities yet, there is no ipv4root and dynamic contexts won't work (same goes for changing context flags) [00:55] ahh okay, so this 'will' be fixed later in 2.6, right? [00:56] I do not know if I will have success with the __u64 issue on lkml... [00:56] another weird issue... web programs say they can't connect to mysql, but I can locally.. through sock or localhost [00:57] Bertl: contexts seems to work, I only see processes in the same context when I run in != 0 [00:58] look into /proc/virtual and /proc//vinfo *smile* [00:59] hmm, what is that? [01:00] /proc/virtual I mean [01:01] /proc/virtual/info contains general information ... [01:01] and it gets a subdirectory for each context you create ... [01:02] /proc/virtual/stat(us) will contain stat(us) info later ... [01:03] you mean it will create subdirectories later? [01:03] well, it should create them now, just try chcontext --ctx 100 sleep 100 & [01:03] and then have a look into /proc/virtual/ [01:04] argh, I was in context 2 before but I didn't see any directory, but now when I tried with 100 it appeared [01:05] # cat /proc/self/vinfo [01:05] VxID: 840972337 [01:05] and the directory in /proc/virtual/ is gone :) [01:05] directory disappears with the context ... [01:06] I'm still in the context [01:06] in what context .. [01:06] chcontext --ctx 2 bash [01:06] or is 2 special in any way? [01:06] well you should not see anything from ctx 2 ... [01:07] but the permissions are a little 'icky' because proc uses it's own stuff to check them ... [01:07] that will go away as soon as I add the i->vx_id check/set ... [01:07] I mean inode->i_vxid ... [01:08] but the VxID: 840972337 sounds weird .. what platform/arch is this? [01:08] x86 [01:09] hmm, can you reproduce that? and when, how? [01:09] s/when/if/ [01:09] I can't seem to reproduce that one but I see one other strange thing [01:09] I enter a new context [01:09] from 0 I can see the new context in /proc/virtual/ [01:10] in the new context I run 'ls /proc' [01:10] chcontext --ctx 100 /bin/bash (this way?) [01:10] now the context is gone from /proc/virtual [01:10] yes [01:11] yes, /proc/virtual contents isn't visible from ctx != 0/1 yet ... [01:11] it's gone from ctx 0 [01:12] hmm, probably the permission issues again .. this isn't fixed yet, just try to 'not' access /proc/virtual from within a context != 0 .. for now ;) [01:12] hehe, just accessing /proc is enough :) [01:12] really? [01:13] yup [01:13] well experimental, testing, what should I say ;) [01:13] /proc/virtual/100 disappears when something in ctx 100 touches /proc [01:13] hehe [01:35] so enrico, is there a new 'final' release of the util-vserver, or is 0.24.91 the one for linux-vserver? [01:36] Bertl: I am about it. But a 'cvs diff' needs 10 minutes at the moment, so I do not know if I can release 0.25 before 00:00... [01:36] hehe, okay, can I download the .tar.bz2 anywhere? [01:37] 'cvs diff' is needed for the ChangeLog file [01:37] and this is a 'make dist' target [01:39] so what would you prefer: a) I change '0.24' to '0.25 (not yet)' on all release pages, or b) ... [01:40] savannah seems to work again... 0.25 should happen before 00:00 [01:44] will it need the %exclude removed for Mandrake? [01:45] s/need/require ..to be/ [01:46] yes; or remove the '--enable-linuxconf' statement and put the '%files linuxconf' into an '%if 0 .. %endif' block [01:50] Bertl: ok... it is out [01:50] perfect .. [01:51] Nick change: riel -> unriel [01:54] no savannah announcement yet? [01:55] @enrico you tested them against vs1.00 ? [01:56] not 1.0, but c17a [01:56] hrm ... [01:57] does it fail with it? [01:58] haven't tested yet, but you should starting testing agains the stable and/or devel tree, not some prepatches ... [01:59] there should be no relevant changes; when 0.24 worked, 0.25 should work also [02:35] okay, I'll call it a day .. have a good whatever ... cu tomorrow ... [02:36] nick Bertl_zZ [02:36] Nick change: Bertl -> Bertl_zZ [03:12] infowolfe (~infowolfe@68.33.215.209) left irc: Read error: Connection reset by peer [03:14] shuri (~ipv6@cpu183.adsl.qc.bellglobal.com) joined #vserver. [03:14] uname -a [03:14] Linux VS 2.6.0-test9 #1 SMP Tue Nov 18 01:03:02 EST 2003 i686 unknown [03:14] vserver-stat [03:14] CTX PROC VSZ RSS userTIME sysTIME UPTIME NAME DESCRIPTION [03:14] 0 0 0B 0B m00.00 m00.00 m17.05 root server [03:14] VS:~# vserver test1 start [03:14] Starting the virtual server test1 [03:14] Server test1 is not running [03:14] Can't set the ipv4 root (Function not implemented) [03:16] shuri: only the process separation is implemented [03:18] infowolfe (infowolfe@pcp04891550pcs.frnkmd01.md.comcast.net) joined #vserver. [03:19] i see [03:19] :P [03:31] hola Bertl_zZ [03:31] bleh [05:09] ensc (~ircensc@ultra.csn.tu-chemnitz.de) left irc: Read error: Connection timed out [05:11] hello all [07:02] shuri (~ipv6@cpu183.adsl.qc.bellglobal.com) left irc: Quit: ipv6 [07:47] zyong (cat@bb220-255-105-48.singnet.com.sg) left irc: [08:35] infowolfe (infowolfe@pcp04891550pcs.frnkmd01.md.comcast.net) left irc: Read error: Connection reset by peer [08:35] infowolfe (infowolfe@68.33.215.209) joined #vserver. [08:49] kestrel (~athomas@o2rosock0a.optus.net.au) left irc: Remote host closed the connection [11:28] pilawa (~pilawa@rzpilawa.rz.tu-bs.de) joined #vserver. [12:16] hi there [13:47] infowolfe (infowolfe@68.33.215.209) left irc: Quit: Trillian (http://www.ceruleanstudios.com) [13:59] serving (~serving@213.186.191.15) left irc: Ping timeout: 493 seconds [14:49] say (~say@212.86.243.154) joined #vserver. [14:49] say-out (~say@212.86.243.154) left irc: Read error: Connection reset by peer [15:09] say (~say@212.86.243.154) left irc: Ping timeout: 483 seconds [15:18] say (~say@212.86.243.154) joined #vserver. [15:37] zyong (cat@bb220-255-105-48.singnet.com.sg) joined #vserver. [15:51] serving (~serving@213.186.191.143) joined #vserver. [16:06] MedivhWrk (ck@195.90.10.197) joined #vserver. [17:12] Nick change: unriel -> riel [17:36] Nick change: Bertl_zZ -> Bertl [17:36] hia ll! [17:41] maja|ipv6 (maharaja@ipax.tk) joined #vserver. [17:41] hi [17:41] ah :) mail is up [17:41] you've notified herbert about the ##MAX_VSERVER_DEFAULT thingy? [17:41] huh? [17:42] if i try to compile 1.1.14 with the vanilla 2.4.22 kernel [17:42] fredrik? [17:43] i get an error in drivers/block/vroot.c [17:43] *searching [17:44] the ##MAX_VROOT stuff, right? [17:44] i changed [17:44] + printk(KERN_WARNING "vroot: invalid max_vroot (must be between" [17:44] + " 1 and 256), using default (" [17:44] + ##MAX_VROOT_DEFAULT ")\n"); [17:44] to printk(KERN_WARNING "vroot: invalid max_vroot (must be between" [17:44] " 1 and 256), using default (%d)\n", MAX_VROOT_DEFAULT); [17:44] yeah :) [17:44] (kernel is still compiling thou) [17:45] done [17:45] yes, I don't know yet, what happened, must be a failure in my build system, as I spotted this yesterday, and fixed it, but it made it into the release ;) [17:45] k :) [17:45] mhm [17:45] ah [17:45] du bist eh der herbert [17:45] hehe [17:45] maybe I just released the wrong files, I have a heavy cold, ... [17:46] habs jetzt grad nicht überrissen [17:46] yes, I am, and the channel language is english ;) [17:46] ok [17:46] so: you think your release is sane? :) [17:46] well, never said that .... [17:47] mhm mhm mhm [17:48] maybe ill try using vmware before trying it on the real box [17:48] some people do ... [17:49] do what? [17:49] others have this stuff in production since 1-2 years or more ;) [17:49] use it in vmware for some time ... [17:50] even 1.1.14 ;) [17:51] -1 [17:51] oh well, i've got nothing else to do today, so lets boot the new kernel and hope the server gets up :) [17:52] wait an hour, and you have a 1.1.5 ... [17:53] k [18:11] hmm, maja like that bee? or like that ancient civilization?, or ..? [18:11] like a drunk friend trying to write maharaja ;) [18:12] he kind of missed the middle part back then [18:12] hmm .. the best explanation I could expect ... I guess ;) [18:14] :D [18:39] zev (~zev@masya.aviaserv.com.ua) joined #vserver. [18:39] hi zev! [18:39] hi [18:39] all [18:41] i just found vserver project. and to know is it stable for virtual hosting purposes? sorry for my english (russia former) [18:42] well some community members use it since 1-2 years in production ... [18:42] cool [18:42] that doesn't mean it's rock solid though ... [18:42] what about perfomances? [18:43] you get about 99.9% of the 'host' [18:43] i don't beleve... [18:43] there is no emulation or such, and data can be shared, which give some advantage ... [18:44] kernel patches are for vanilla kernels? or redhat will too? [18:44] you have to look at it as a way to let processes run side by side, without even noticing each other ... [18:44] the patches are for vanilla kernels, which run fine on redhat too ... [18:45] hmmm... it sounds good for me.. [18:45] Alex Lyashkov, maintains a separate branch (some more features, but also more issues) for RH7.3 ... IIRC [18:46] have a look at linux-vserver.org and the documentation there ... it will give you a good overview ... [18:46] :-) i'm here following link from it. [18:47] well, then ignore my last statement, otherwise you might end in an endless loop ;) [18:47] :-) [18:47] Action: zev away for 5 min. [18:48] mhm, my damn college does not manage to install the pc the right way [18:48] vmware is installed but not regged [18:48] neither can you reg it with a trial key [18:48] !! [18:48] maybe time base is wrong? [18:49] bertl: no rights to modify the registry [18:49] what is a registry? [18:50] :) [18:50] :-) [18:50] maja what version of vmware i can tell you cracked key... if you need. [18:51] i've got a key [18:51] but it is not working cause students got no rights on the workstations [18:51] please don't use cracked software ... [18:51] if you think you require this product, or it's features, buy it ... [18:51] well, lets modify lilo and reboot at home then [18:52] Berti agreed. but in my country income is about 100-150$. can i buy it ? how you think? [18:53] well, you can use free software (as in beer ;) [18:54] Berti yes :-) it's my way. [18:54] for example: boch, QEMU, UML, plex86 ... [18:54] and if this software isn't good enough, well we can make it better, right? [18:57] right [18:57] Linux yule 2.4.22-vs1.1.4 [18:57] success [18:58] couldn't wait, eh? [18:59] yepp [18:59] got me :) [18:59] my english sometimes bad. can understand but can't say exactly what i want. [19:00] @zev no problem, most of us are not native speaker (english) either ... and I'm good at interpolating russian english ;) [19:00] (as you can deduce from this sentence ;) [19:01] :-) [19:02] îê [19:02] ok [19:02] sorry :) [19:02] :) [19:03] doh! i forgot to add xfs support ;) [19:03] oh well, at least my data won't get destroyed that way *g* [19:03] well, as I said vs1.1.5 will be released soon ... [19:04] i guess ill wait till then [19:07] and the last i want to know before i begin to test vserver on my "experiments-server". [19:07] my task is: [19:07] i have dedicated server 2 gigs ram / 2.4 P4 / scsi hdd. [19:07] and want to do virtual hosting on it. security is primary for me. [19:07] i want to do several vserver on it say 1 for little clients that's don't need root or ssh anyway. [19:07] and some, say 5 for start, with 1 IP and fully controlable by the clients. [19:07] what can you recommend me to begin do this? [19:07] i mean what patches is stable and any other recommendation can you provide for me? [19:08] please. [19:09] oh, sorry. RH-7.3 is on server [19:09] as far as i've seen, there are several branches [19:09] stable, development, experimental [19:09] or so [19:10] get the one that you think will fit (stable = most tested but not on top, ...) [19:10] right, I would suggest stable, unless you need features only present in devel ... [19:10] i need it to be as more stable as without virtual pathes [19:10] features? [19:10] i need apache+php+postfix+mysql+bash+proftpd+courier-imap on every vserver [19:11] stable will feet? [19:11] for example devel branch has some deeper virtualizations, like reboot/halt and uptime virtualization ... [19:11] but the default stable branch will cover your application needs anyway ... [19:11] Nesh (~dmistry@64.106.131.10) joined #vserver. [19:11] hi lo [19:11] hi dinesh! [19:12] is bind working with testing? [19:12] Bert! [19:12] bind is working with every version, you just don't wan't the security holes of 'unpatched' bind on a vserver ... [19:12] what does http://www.linux-vserver.org some type of wiki? [19:12] sk [19:12] hmm .. thinking of it, not even on a normal server ;) [19:13] @nesh well, it's the project homepage, right? [19:13] yeah [19:14] i want to use the same software so i was wondering what it is [19:14] heh [19:14] Berti what you have on bind-9.2.3? i think it's secured enought? isn't it? [19:14] @nesh ahh, it's tavi ... with some enhancements ... [19:15] mm [19:15] @zev, well it's fine, but it messes with the linux capability system, if not configured to not do so ... [19:16] s/to not/not to/ [19:17] vserver do restrict the linux capability system to a minimum of capabilities, this results in 'out-of-the-box' bind not working, as it tries to raise it's capabilities ... [19:18] (the former is a security measure ;) [19:18] i don't understand what bind doings so bad. [19:18] well, actually bind (compiled on linux) will raise the capabilities and then again drop it ... which isn't the way to do it ... [19:19] i always bind bind to exact IP's on my servers that response for domains on it. close axfr. [19:19] what more? [19:19] let me see, I have some FAQ entry for that ... on Pauls page ... [19:19] ok. what is the solution? [19:19] yes. give me some FAQ. [19:20] simple you compile it without the capability raising (a simple config option) [19:20] or if you do not want to do that, you can give the capability to that vserver, but this _is_ an security issue ... [19:20] http://www.paul.sladen.org/vserver/faq/ [19:21] not everything is up to date, paul is lazy ... [19:21] Q: Bind 9 doesn't work in a vserver [19:21] ok [19:22] thats why i asked :) [19:23] hmm... so i need to run it as root on vserver :( [19:24] Action: zev printing paul's faq for home reading :) [19:24] no, you have 3 options ... [19:24] 1) recompile and add --disable-linux-caps [19:25] 2) raise the capabilities of the vserver [19:25] 3. don't use this software? :))) [19:26] good thinking ;) [19:26] by the way, I use it myself, after a simple recompile ... [19:27] can you provide me you ./configure string? [19:28] I'm using Mandrake, so this is in the spec file, but --disable-linux-caps is sufficient ... [19:28] ok. thanks [19:28] actually this is no vserver issue, although often called one ... [19:28] i'll try it. [19:29] thanks a lot. if i have had any more question i'll be there :-) [19:29] bye. [19:29] bye ... [19:30] zev (~zev@masya.aviaserv.com.ua) left #vserver. [19:50] mugwump (~sv@81.3.107.58) joined #vserver. [19:51] hello all [19:51] http://www.13thfloor.at/vserver/d_release/v1.1.5/ [19:51] hi Sam! [19:52] Topic changed on #vserver by Bertl!~herbert@212.16.62.51: http://linux-vserver.org/ || latest stable 1.00, devel 1.1.5 [19:57] Hmm, I wonder if that patch will work on a kernel that works on my system! :-) [19:58] do you need deltas? [19:59] No, I think I need to find a Marcelo based kernel that will work on my board. Maybe a .23preN [19:59] If Alan's given up the ghost... [19:59] I'll get the 1.1.5 patch, test it with the latest kernel & let you know how I get on. [20:00] Just one thing - have we got any confirmed positives with running NIS inside a vserver? [20:00] okay, I would appreciate to have the O(1) stuff on vs1.1.5 or for the next devel sequence ... what do you think? [20:01] WSU (~WSU@ny.webpipe.net) joined #vserver. [20:01] Yeah, I'd like to have them too. But I'm wondering whether it would be more productive to put it in the 2.6.0 port... [20:01] You replaced the standard scheduler with the O(1) one from AA's kernel - was that hard? [20:02] well, I'm not sure if the majority _is_ ready to switch to 2.6 soon ... [20:02] agreed [20:02] hmm, not really, was a minimizing the changes ... [20:02] the patches are there, take a look at them ... [20:02] I could do with Rik's VM as well, I think ... [20:02] OK I'll take a look. brb [20:06] ensc (~ircensc@134.109.116.202) joined #vserver. [20:06] hi enrico! [20:07] Bertl: hello, 18h local net-outage. horribly... [20:07] but my room is now clean (again)... [20:07] wow, how did you do that? [20:10] hay, I missed 2.4.23-rc2 ... shame on me ;) [20:15] What mirror is rc2 on? [20:15] hmm, got it from kernel.org ;) [20:15] ftp.at.kernel.org ? [20:16] not on uk.kernel.org [20:16] well, guess we in austria _are_ priviledged ;) [20:16] ich verstehe [20:17] ;) [20:18] not on ftp.at.kernel.org either [20:19] found it [20:20] hmm, ACPI fixes...perhaps just what I need [20:20] oki ... [20:22] well, doesn't affect vserver, vs1.1.5 applies without any issues ;) [20:22] that's what I like to hear [20:23] but IIRC, some (critical) netfilter or ip tables bug was fixed ... [20:23] or hopefully fixed ... [20:24] I'm having some very basic UDP problems with portmap... [20:24] with vserver? [20:24] my patch :-( [20:24] Action: mugwump waits for the "I told you so" [20:25] would I dare? ... yes I would: told you so! ;) [20:26] hey Sam, I would like to create a tuning interface for the scheduler, which works with O(1) and without, are you interested? [20:26] you do the O(1) change, I'll port the scheduler and syscall to it [20:26] d'oh responding to a much earlier question :-) [20:27]