[00:00] anyone know how vserver's network INADDR_ANY is implemented? [00:00] or better put understand [00:24] hmm [00:24] :( [00:35] shaya (~spotter@dyn-wireless-244-16.dyn.columbia.edu) left irc: Quit: Client exiting [00:48] mcp (~hightower@wolk-project.de) joined #vserver. [01:28] JonB (~jon@129.142.112.33) left irc: Quit: Client exiting [01:42] morning [01:58] Nick change: Bertl_oO -> Bertl [01:59] for those who don't know yet ... _zZ means sleeping _oO out of office ... [02:00] okay, have a nice .. whatever ... cu 2morrow ... [02:00] Nick change: Bertl -> Bertl_zZ [02:15] netrose (~john877@CC3-24.171.21.47.charter-stl.com) left irc: Ping timeout: 480 seconds [02:18] NeshWork (~dmistry@su-nat.datapipe.net) left irc: Quit: My damn controlling terminal disappeared! [03:04] kestrelw (~athomas@o2rosock0a.optus.net.au) left irc: Ping timeout: 480 seconds [03:27] kestrelw (~athomas@o2rosock0a.optus.net.au) joined #vserver. [04:06] netrose (~john877@CC3-24.171.21.47.charter-stl.com) joined #vserver. [05:43] netrose (~john877@CC3-24.171.21.47.charter-stl.com) left irc: Ping timeout: 480 seconds [07:17] Bertl_zZ: ping? [07:17] Nick change: iceberg -> infowolfe [07:34] netrose (~john877@CC3-24.171.21.47.charter-stl.com) joined #vserver. [11:09] JonB (~jon@129.142.112.33) joined #vserver. [11:41] Nick change: Bertl_zZ -> Bertl [11:41] morning ... [11:42] hey Bertl [11:42] hey jon! [11:42] Bertl: i got that kolab working, it was not a vserver related issue [11:42] I thought so ... [11:44] another thing is, is vserver really volnerable to that local root bug? What if we limit the access to memory ? [11:44] why should we, if we can 'upgrade' the kernel *G* ... [11:45] Bertl: upgrading is downtime [11:46] hmm, updating the kernel (via patch) is downtime too ... [11:47] or how do you 'think' that we could limit the access? [11:48] yes, but i was thinking more like context > 0 could only access certain parts of the kernel memory [11:48] x86 has 4? modes, where the kernel usualy run i 00, and userland in 11 [11:49] i wonder why the rest are not usedf [11:49] you have not read Linus recently, regarding the rings ... [11:49] no, i havent [11:50] he explained in his typical way, why ring 1,2 doesn't make sense ... [11:50] aha, well, then there is no point in continue disucssion [11:51] and besides i need to go now, i've got an appointment with a haircutter in a few minutes [11:51] JonB (~jon@129.142.112.33) left irc: Quit: Client exiting [11:55] Nick change: Bertl -> Bertl_oO [12:43] TamaPanda (~a@193.173.84.237) joined #vserver. [12:44] morn [12:54] maharaja (maharaja@ipax.tk) left irc: Read error: Connection reset by peer [13:19] Nick change: Bertl_oO -> Bertl [13:20] hi all! [13:23] oy : [13:23] hmm Tama-Panda sounds nice ... [13:23] ne? [13:24] is it related to Sessha-sama? [13:24] uh.. not that i know of [13:25] Tamama Panda didn't fit [13:25] :P [13:25] hmm .. [13:30] serving (~serving@213.186.189.162) left irc: Ping timeout: 480 seconds [13:33] i got my kernel sources now ;) [13:33] congrats! [13:33] though i'm not really sure it if actually compiles what i stuffed in the config [13:34] also i saw a thing called IP virtual servers [13:34] any relation to vserver ? [13:34] hmm, you don't have an exisiting config? [13:34] nope IP virtual servers is the other way around ... [13:34] no i just used the default adaptec scsi-bzimage [13:35] drm_os_linux.h:16:2: warning: #warning the author of this code needs to read up on list_entry [13:35] that is really not comforting... [13:36] that is why drm is disabled on my 'servers' ;) [13:36] i dont even know what it is supposed to do [13:36] heh [13:36] or what i did to enable it :D [13:37] (i'm used to bsd type kernel compiles.. you just take the default and remove stuff :D) [13:37] direct rendering manager ... [13:37] oh [13:37] i dont even have a video card in this machine [13:37] heh [13:40] so probably asking you how 1.1.6 is, is a little early, right? [13:41] 1.1.6? [13:41] yeah i think so ; [13:44] ah found the drm [13:44] *kills* [13:44] :D [14:05] hm [14:05] how can i apply a kernel patch? *whistles* [14:10] simple ... you have the patch as .bz2 ? [14:11] assuming that your dir is /usr/src/linux-2.4.23 and the patch is in /usr/src [14:11] you just do # cd /usr/src/linux-2.4.23 [14:11] do i need the split or the patch? [14:11] less ../ | patch -p1 [14:12] the split tar is an archive of patches ... which combined gives the patch ... [14:12] so they are equivalent [14:12] ok just patch then :D [14:13] hm how is the less used.. just to cat to patch? [14:13] (i never use less :D) [14:14] well, the trick is, less doesn't care if it is .diff, .diff.gz or .diff.bz2 ;) [14:14] i only use more and more ;) [14:14] ah, so less is used to extract ? [14:14] but often, less is more 8-) [14:14] you can also use bzcat .bz2 | patch -p1 [14:14] do i need to flip some switched to make the vserver thing compile in the kernel or is it auto? [14:15] s/switched/switches/; [14:15] you should always do a make oldconfig ... to see what changed ... [14:15] hm [14:15] i just type make bzImage.. [14:16] if you patch something in the kernel, your steps should be: [14:16] make dep >../Dep.log [14:16] make oldconfig [14:16] make bzImage modules >../Build.log [14:16] (just an advice ;) [14:16] hm [14:16] it gave me a warning a md5 checksum didnt match in dep [14:17] that is , well expected ... [14:17] since it was patched.. heh [14:17] the hisax driver was 'certified' once upon a time ... [14:17] but nobody keeps it up to date ... [14:18] so the message comes from there, isn't patch or vserver related ... [14:18] hm [14:18] heh [14:18] what does it even do? [14:18] can't i strip it out? :D [14:25] 2.4.23+grsec+ctx coming up. [14:27] great .. cu later ... [14:27] Nick change: Bertl -> Bertl_oO [15:14] maharaja (maharaja@ipax.tk) joined #vserver. [15:20] yay.. new kernel works [15:20] with vserver stuff [15:25] serving (~serving@213.186.189.197) joined #vserver. [15:31] Action: TamaPanda waits on the 2.4.23 thingy [15:53] hm got it to work.. sorta [15:59] yay works [15:59] got apache working in a vserver :) [16:06] yay works :) [16:07] sshd ;) [16:07] this is pretty fun [16:07] though i think i should change the root password of my server and my vserver ;) [16:12] 2.4.23? [16:12] what did you mean, waiting for the new 2.4.23 thingy? [16:13] nah i read wrong [16:13] i just used 1.1.6 [16:13] :D [16:13] if you're thinking about my 2.4.23+grsecurity-1.9.13+vs1.1.6 patch, it's still not tested extensivelly enough [16:14] what's the grsecurity thing? [16:14] kernel patch for hardening kernel and system security, like OpenWall [16:15] heard of lids? [16:15] no [16:15] lids, openwall, grsecurity [16:15] three different kernel patches that does approx the same thing [16:15] hardening process-viewing, /proc-access, process-checking etc etc etc [16:17] and it augments vserver or do their overlap a bit as well? [16:18] (i understand you can run it seperately too, but this is #vserver after all :)) [16:18] allows grsec to work with vs [16:20] all grsec features enabled on the main 'root server' (which is the real kernels area) are enforced under all vservers and so on [16:30] and i guess both 'packages' change a common source set, so patching one after eachother would fail ne? [16:31] yup [16:32] must be fixed with regards to rejects etc [16:36] much work? [16:45] nah, not really, just takes time, plus testing [16:46] merging patches are ... well... [16:46] boring to say something... [17:25] say (~say@212.86.243.154) left irc: Read error: Connection reset by peer [17:26] say (~say@212.86.243.154) joined #vserver. [17:28] dws (~chatzilla@194.25.220.202) joined #vserver. [17:32] heh [17:32] i can imagine.. "hey it works... ok not lets modify some code again so it works again!" :) [17:40] micah_ (micah@micha.hampshire.edu) joined #vserver. [17:47] micah (micah@micha.hampshire.edu) left irc: Ping timeout: 480 seconds [17:50] micah (micah@micha.hampshire.edu) joined #vserver. [17:57] micah_ (micah@micha.hampshire.edu) left irc: Ping timeout: 492 seconds [17:58] hm, that didn't work. fuck. [17:59] no thanks :D [17:59] TamaPanda (~a@193.173.84.237) left #vserver. [17:59] TamaPanda (~a@193.173.84.237) joined #vserver. [18:00] TamaPanda (~a@193.173.84.237) left #vserver. [18:00] TamaPanda (~a@193.173.84.237) joined #vserver. [18:00] ok... [18:00] heh [18:00] stupid key combo to kill a channel [18:21] Nesh (~dmistry@su-nat.datapipe.net) joined #vserver. [18:21] Morning.. [18:25] evening [18:26] heh [18:46] hm how well suited would vserver be to give some script kiddie a shell? [18:50] (not that i was planning to, but just to give an impression :) [18:54] try it [18:58] well i have a vserver running right now, but i need to go over the specs and possibilities again x times :S [19:08] dammit... [19:08] uh oh [19:09] *repatching* [19:19] JonB (~jon@129.142.112.33) joined #vserver. [19:24] Nesh (~dmistry@su-nat.datapipe.net) left irc: Quit: My damn controlling terminal disappeared! [19:26] CosmicRay (~jgoerzen@glockenspiel.complete.org) joined #vserver. [19:28] heh [19:28] this is fun [19:28] root in a vserver: ping: ping must run as root [19:28] Action: TamaPanda snickers [19:28] TamaPanda: ping needs a capability [19:28] i know [19:29] its just fun to see it actually work :) [19:29] it would need raw sockets [19:30] okay [19:31] netrose (~john877@CC3-24.171.21.47.charter-stl.com) left irc: Ping timeout: 480 seconds [19:31] i havent actually read anything about this in the docs, but is it possible to limit disk usage as a whole in a vserver? or would i need some hard partition for that? [19:32] or rather, i would like my root server to always have some space left :) [19:33] you can ulimit but thats per process ne? [19:33] TamaPanda: there are some quota stuff [19:35] ah yes [19:35] cap_quotactl? [19:35] TamaPanda: not sure, i havent played with it [19:35] TamaPanda: i use a LV pr. vserver [19:35] but quota has advantages... [19:35] LV ? [19:36] ESPECIALY if you hardlink the files [19:36] Logical Volumen [19:36] hm.. partitions? :) [19:36] sort of [19:36] google for LVM howto + you're feeling lucky [19:37] logical volume manager [19:38] bingo [19:38] LVM is the manager. it ties blockdevices together and form new blockdevices, LV's, which has some features that regular partitions does not have [19:38] you can take a snapshot [19:39] you can resize them [19:39] you can move them from one disk to another [19:39] hm what does this do to performance? [19:40] i use it for production servers, so it is acceptable [19:40] of course a snapshot matters [19:40] but when you dont do this... it doesnt matter that much [19:42] hm only when backups are needed [19:43] ?? [19:43] a snapshot.. i dont see its use for anything else [19:43] yes, they are good for that [19:43] resizing is good too [19:43] and moving from disk to disk.. [19:44] from disk to disk? ie replace a disk? [19:44] suppose you get a new and bigger disk, but your case can not contain any more disks [19:44] then i'm 'pooped' anyway.. hardware raid 5 [19:44] so, you open it, attach it, put it into the LVM, move the LV and removes the old disk [19:44] okay, suppose you get a new bigger hardware raid 5 [19:45] another benefit of a LVM system is ... the LV can span more than one disk [19:45] you can use pi disks [19:45] or maybe just e disks [19:48] well my raid needs equal disk.. but then again, i doubt i'll be upgrading those disks.. i would just add a new server [19:49] hm, time to go home.. bbiab :) [19:49] that is another option [19:49] more reading *sigh* ;) [19:49] TamaPanda (~a@193.173.84.237) left irc: [19:57] shuri (~ipv6@cpu183.adsl.qc.bellglobal.com) joined #vserver. [20:20] dws (~chatzilla@194.25.220.202) left irc: Ping timeout: 485 seconds [20:55] click (click@gonnamakeyou.com) got netsplit. [20:55] click (click@gonnamakeyou.com) returned to #vserver. [20:56] Tamama (~bgbgbg@a62-216-20-152.adsl.cistron.nl) joined #vserver. [20:58] oy [21:18] micah_ (micah@micha.hampshire.edu) joined #vserver. [21:25] netrose (~john877@CC3-24.171.21.47.charter-stl.com) joined #vserver. [21:26] micah (micah@micha.hampshire.edu) left irc: Ping timeout: 500 seconds [21:37] netrose (~john877@CC3-24.171.21.47.charter-stl.com) left irc: Ping timeout: 480 seconds [22:03] virtuoso (~shisha@ip114-115.adsl.wplus.ru) left irc: Remote host closed the connection [22:03] virtuoso (~shisha@ip114-115.adsl.wplus.ru) joined #vserver. [23:13] shuri (~ipv6@cpu183.adsl.qc.bellglobal.com) left irc: Read error: Connection reset by peer [23:14] [S]ushi (Sushi@p50861CE5.dip.t-dialin.net) joined #vserver. [23:14] <[S]ushi> hi [23:16] hi [23:17] shaya (~spotter@dyn-wireless-244-113.dyn.columbia.edu) joined #vserver. [23:17] Bertl_oO: you around? [23:19] oO = out of Office [23:19] maharaja: sometimes he is still here [23:23] what hours is he normally here/ [23:23] trying to find out how vserver's inaddr_any implementation works [23:23] <[S]ushi> 24h/day [23:24] shaya: from now and + 2-3 hours [23:26] sigh [23:26] ok [23:27] keep on checking back [23:27] Nick change: [S]ushi -> [S]ushi`TV [23:29] netrose (~john877@CC3-24.171.21.47.charter-stl.com) joined #vserver. [23:40] grepmaster (~chatzilla@66-101-59-73.oplnk.net) joined #vserver. [23:44] grepmaster (~chatzilla@66-101-59-73.oplnk.net) left irc: Client Quit [23:56] heh [00:00] --- Thu Dec 4 2003