[00:15] pflanze (~chris@ethlife-a.ethz.ch) joined #vserver. [00:41] monako (~monako@ts1-a64.Perm.dial.rol.ru) joined #vserver. [00:46] Nesh (~dmistry@ool-4352413d.dyn.optonline.net) left irc: Ping timeout: 485 seconds [00:47] monako (~monako@ts1-a64.Perm.dial.rol.ru) left irc: [00:50] virtuoso (~shisha@ip114-115.adsl.wplus.ru) left irc: Quit: get it off of me [01:09] [S]ushi (Sushi@pD9E34EC8.dip.t-dialin.net) left irc: [01:12] virtuoso (~shisha@ip114-115.adsl.wplus.ru) joined #vserver. [01:16] Nick change: Bertl_zZ -> Bertl [01:17] hi all! [01:17] Good morning. :) [01:17] good wossname to you. ;) [01:18] I heard there was a new vserver release, guess I have to upgrade ;) [01:18] hi bertl [01:19] Linux ash 2.6.0-test11 #2 Sat Dec 13 22:38:04 MSK 2003 i686 athlon i386 GNU/Linux [01:19] He-he. [01:19] hi Doener`? [01:19] @virtuoso hey great.. is this vs0.02? [01:20] Bertl: Yeap! [01:20] Gonna try context switching now. :) [01:20] I have to add an extraversion to that ;) [01:20] just a (litte late) response to your greeting ;) [01:22] Bertl: I forgot to do it myself. :( [01:23] @Doener` hmm, I was wondering about your back tick ... [01:23] Nick change: Doener` -> Doener [01:25] my isp drops my connection every 24 hours and my irc client connects before my old connection is dropped by the server so xchat adds a ` to get a valid name [01:25] plus i'm too lazy to change the nick afterwards [01:25] ahh .. I see ... [01:27] @virtuoso did you disable the debug output yet? [01:28] Bertl: I did. [01:28] it's funny but on vserver start, it's pretty annoing ... [01:29] Action: virtuoso wonders if he can send vserver's debug to a separate log. [01:30] well, yes, you would have to change the dprintk to use a loglevel instead ... [01:30] this way it would end up in the kernel log ... [01:30] Action: virtuoso grabs syslog-ng. [01:31] Do I have to reverse that patch, correct it and apply again? Right? [01:31] no, not necessary ... [01:32] what did you change to disable the logging? [01:33] /* #define DEBUG_VX */ [01:34] In include/linux/vcontext.h [01:34] okay use vi (or similar) to edit this file ... [01:35] To mean some substitution like :%s///? [01:35] s/To/You/ [01:35] and change the following lines: [01:35] (line) [01:35] #define dprintk(x...) printk("vxd: " x) [01:35] #define dprintk(x...) printk(KERN_INFO "vxd: " x) [01:36] then comment in the #define DEBUG_VX again ... [01:36] May be use some other facility than KERN_INFO? [01:37] #define KERN_EMERG "<0>" /* system is unusable */ [01:37] #define KERN_ALERT "<1>" /* action must be taken immediately */ [01:37] #define KERN_CRIT "<2>" /* critical conditions */ [01:37] #define KERN_ERR "<3>" /* error conditions */ [01:37] #define KERN_WARNING "<4>" /* warning conditions */ [01:37] #define KERN_NOTICE "<5>" /* normal but significant condition */ [01:37] #define KERN_INFO "<6>" /* informational */ [01:37] #define KERN_DEBUG "<7>" /* debug-level messages */ [01:37] that is available ... [01:38] the normal loglevel of the kernel is set to 6 IIRC [01:38] this isn't a facility, everything above the current log level is ignored ... [01:39] click (click@gonnamakeyou.com) left irc: Quit: got a fww things to fix, brb! [01:39] Ok, I'll try 6 for now. [01:40] Woo-hoo! [01:40] chcontext works. [01:40] USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND [01:40] root 1 0.1 0.1 1368 472 ? S 00:59 0:04 init [5] [01:40] root 2872 1.7 0.7 5156 1988 pts/2 S 01:41 0:00 zsh [01:40] root 2890 0.0 0.2 2608 656 pts/2 R 01:41 0:00 ps aux [01:41] Action: virtuoso jumps across the room. [01:41] hohoho! 8-) [01:41] Bertl: who has written the shell scripts in the vserver userspace package? [01:41] Do you maintain them? [01:42] the vserver scripts? jack, I only did a few fixes ... [01:42] he is also actively maintaining them ... [01:43] I've noticed that there are many instances of variables without quotes around them, which means they break if whitespace is in patch names etc. [01:43] path names [01:44] hmm ... that was one thing I fixed somewhere in the beginning ... maybe they've grown back since ... [01:45] I would suggest, make a patch (you know how?) and do some regression testing with the modified scripts ... then send it to jack ... [01:45] and cc the mailing list, of course ... [01:45] I already complained about/fixed /usr/lib/vserver/install-post.sh in the Debian package to the debian maintainer. [01:46] Looks like it's in the upstream sources as well. [01:46] So I'll send patches to him, ok. [01:46] perfect ... [01:47] by the way, you should also send them to enrico, as he maintains the util-vserver stuff, which uses some of those scripts too ... [01:48] well, I just noticed that the changes done to the debian version is already there :), nice, communication works. [01:48] ok [01:48] (btw wondering why there are two util packages.) [01:49] it's a long story ... do you want to hear a short version? [01:49] I guess each of them has a bit a different philosophy, and I guess it doesn't hurt to have alternatives :) [01:50] well thats another story, but you are right on that one ... ;) [01:50] well I like stories, so go ahead :) [01:51] in the beginning there was active vserver development ... done by Jack with some contributions from others. [01:53] Then he didn't find the time anymore? [01:53] after some time, vserver got bigger and better, but the development began to starve .. jack hat other problems and the community didn't help only consume ... [01:53] ic [01:54] at some time .. a few month ago, he vanished ... it seemed that the project was abandoned ... and I started to bring back life to the development ... [01:55] at this point, Enrico converted the C++ tools to C, because he wanted to avoid the bloat and add some stuff himself ... [01:56] ok so vserver-util is C, while util-vserver is C++. [01:56] basically. [01:56] ( vserver(-utils).tgz ) [01:57] I encouraged him, to publish his stuff as 'new' vserver tools, and that is what he did, as Jack returned, he officially handed over leadership to me but as he tries try provide a smooth transition for existing vserver users, he is still maintaining and developing the vserver tools ... [01:57] cut that try ... [01:57] ok [01:58] now we all have agreed, that the util-vserver and vserver tools will coexist for some time, until one either dies or they get merged somehow ... [01:59] As I avoid to write userspace tools where possible, I'm glad that Enrico and Jack maintain them ... and I also see benefits in having more than one version .. [02:00] Well me personally, I'm learning C++ recently (well for about a year now :~), and I like having a more powerful language than C. But I can see that for small tools it doesn't pay that much. [02:00] Action: pflanze is mainly perl programmer [02:01] I totally agree on the first part (besides that both languages are equal in power) but I wouldn't choose the C++ stuff I would go for objective C, as it has a runtime binding and much smaller libraries ;) [02:03] (yes, objc is something I'd like to learn some day, too. But first comes lisp.) [02:09] Action: pflanze pings [02:09] (looks like the network to the world is dead slow atm. maybe another worm or something) [02:10] might be, we had many split/joins today, so something seems wrong ... [02:11] serving- (~serving@213.186.191.134) left irc: Ping timeout: 485 seconds [02:14] hey, freshmeat is fast ... [02:44] am I still here? [02:45] yes you are [02:45] good to know ;) [02:57] netrose_ (~john877@CC3-24.171.21.47.charter-stl.com) left irc: Ping timeout: 480 seconds [03:41] what does the vserver-admin package provide? [03:42] the newvserver linuxconf tool ... [03:42] ok, guess i won't need that [03:51] okay, brb, have to reboot with vs1.22 ;) [03:51] Bertl (~herbert@MAIL.13thfloor.at) left irc: Quit: leaving [03:58] Bertl (~herbert@MAIL.13thfloor.at) joined #vserver. [03:58] I'm back ... ;) [03:59] welcome back bertl ;) [04:04] serving (~serving@213.186.189.93) joined #vserver. [04:49] netrose (~john877@CC3-24.171.21.47.charter-stl.com) joined #vserver. [04:49] Seems like vs0.02 is a bit incompatible with 0.29 tools. [04:50] I better download utils-vserver. [04:54] serving (~serving@213.186.189.93) got netsplit. [04:54] Bertl (~herbert@MAIL.13thfloor.at) got netsplit. [04:54] virtuoso (~shisha@ip114-115.adsl.wplus.ru) got netsplit. [04:54] pflanze (~chris@ethlife-a.ethz.ch) got netsplit. [04:54] MedivhWrk (ck@netops.multimedia-centrum.de) got netsplit. [04:54] MrBawb (abob@swordfish.drown.org) got netsplit. [04:54] maharaja (maharaja@ipax.tk) got netsplit. [04:54] Doener (~doener@p5082D8AB.dip.t-dialin.net) got netsplit. [04:54] sannes (~ace@sannes.org) got netsplit. [04:54] CosmicRay (~jgoerzen@glockenspiel.complete.org) got netsplit. [04:54] Alex (alex@alex.city17.org) got netsplit. [04:54] Zoiah (Zoiah@matryoshka.zoiah.net) got netsplit. [04:54] Medivh (ck@62.93.217.199) got netsplit. [04:54] lp (~lpressl@interner.SerNet.DE) got netsplit. [04:54] aka (~aka@h062040166017.gun.cm.kabsi.at) got netsplit. [04:54] riel (~riel@riel.netop.oftc.net) got netsplit. [04:54] apw (~apw@212.104.150.41) got netsplit. [04:54] netrose (~john877@CC3-24.171.21.47.charter-stl.com) got netsplit. [04:55] netrose (~john877@CC3-24.171.21.47.charter-stl.com) returned to #vserver. [04:55] serving (~serving@213.186.189.93) returned to #vserver. [04:55] Bertl (~herbert@MAIL.13thfloor.at) returned to #vserver. [04:55] virtuoso (~shisha@ip114-115.adsl.wplus.ru) returned to #vserver. [04:55] pflanze (~chris@ethlife-a.ethz.ch) returned to #vserver. [04:55] Alex (alex@alex.city17.org) returned to #vserver. [04:55] MedivhWrk (ck@netops.multimedia-centrum.de) returned to #vserver. [04:55] MrBawb (abob@swordfish.drown.org) returned to #vserver. [04:55] Doener (~doener@p5082D8AB.dip.t-dialin.net) returned to #vserver. [04:55] maharaja (maharaja@ipax.tk) returned to #vserver. [04:55] CosmicRay (~jgoerzen@glockenspiel.complete.org) returned to #vserver. [04:55] sannes (~ace@sannes.org) returned to #vserver. [04:55] Medivh (ck@62.93.217.199) returned to #vserver. [04:55] apw (~apw@212.104.150.41) returned to #vserver. [04:55] lp (~lpressl@interner.SerNet.DE) returned to #vserver. [04:55] riel (~riel@riel.netop.oftc.net) returned to #vserver. [04:55] aka (~aka@h062040166017.gun.cm.kabsi.at) returned to #vserver. [04:55] Zoiah (Zoiah@matryoshka.zoiah.net) returned to #vserver. [04:59] maharaja (maharaja@ipax.tk) got netsplit. [04:59] Doener (~doener@p5082D8AB.dip.t-dialin.net) got netsplit. [04:59] MrBawb (abob@swordfish.drown.org) got netsplit. [04:59] MedivhWrk (ck@netops.multimedia-centrum.de) got netsplit. [04:59] pflanze (~chris@ethlife-a.ethz.ch) got netsplit. [04:59] virtuoso (~shisha@ip114-115.adsl.wplus.ru) got netsplit. [04:59] serving (~serving@213.186.189.93) got netsplit. [04:59] Bertl (~herbert@MAIL.13thfloor.at) got netsplit. [04:59] sannes (~ace@sannes.org) got netsplit. [04:59] CosmicRay (~jgoerzen@glockenspiel.complete.org) got netsplit. [04:59] Zoiah (Zoiah@matryoshka.zoiah.net) got netsplit. [04:59] Medivh (ck@62.93.217.199) got netsplit. [04:59] Alex (alex@alex.city17.org) got netsplit. [04:59] lp (~lpressl@interner.SerNet.DE) got netsplit. [04:59] aka (~aka@h062040166017.gun.cm.kabsi.at) got netsplit. [04:59] riel (~riel@riel.netop.oftc.net) got netsplit. [04:59] apw (~apw@212.104.150.41) got netsplit. [04:59] netrose (~john877@CC3-24.171.21.47.charter-stl.com) got netsplit. [05:01] Zoiah (Zoiah@matryoshka.zoiah.net) returned to #vserver. [05:01] aka (~aka@h062040166017.gun.cm.kabsi.at) returned to #vserver. [05:01] riel (~riel@riel.netop.oftc.net) returned to #vserver. [05:01] lp (~lpressl@interner.SerNet.DE) returned to #vserver. [05:01] apw (~apw@212.104.150.41) returned to #vserver. [05:01] Medivh (ck@62.93.217.199) returned to #vserver. [05:01] sannes (~ace@sannes.org) returned to #vserver. [05:01] CosmicRay (~jgoerzen@glockenspiel.complete.org) returned to #vserver. [05:01] maharaja (maharaja@ipax.tk) returned to #vserver. [05:01] Doener (~doener@p5082D8AB.dip.t-dialin.net) returned to #vserver. [05:01] MrBawb (abob@swordfish.drown.org) returned to #vserver. [05:01] MedivhWrk (ck@netops.multimedia-centrum.de) returned to #vserver. [05:01] Alex (alex@alex.city17.org) returned to #vserver. [05:01] pflanze (~chris@ethlife-a.ethz.ch) returned to #vserver. [05:01] virtuoso (~shisha@ip114-115.adsl.wplus.ru) returned to #vserver. [05:01] Bertl (~herbert@MAIL.13thfloor.at) returned to #vserver. [05:01] serving (~serving@213.186.189.93) returned to #vserver. [05:01] netrose (~john877@CC3-24.171.21.47.charter-stl.com) returned to #vserver. [05:05] virtuoso (~shisha@ip114-115.adsl.wplus.ru) got netsplit. [05:05] pflanze (~chris@ethlife-a.ethz.ch) got netsplit. [05:05] MedivhWrk (ck@netops.multimedia-centrum.de) got netsplit. [05:05] MrBawb (abob@swordfish.drown.org) got netsplit. [05:05] Doener (~doener@p5082D8AB.dip.t-dialin.net) got netsplit. [05:05] maharaja (maharaja@ipax.tk) got netsplit. [05:05] serving (~serving@213.186.189.93) got netsplit. [05:05] Bertl (~herbert@MAIL.13thfloor.at) got netsplit. [05:05] sannes (~ace@sannes.org) got netsplit. [05:05] CosmicRay (~jgoerzen@glockenspiel.complete.org) got netsplit. [05:05] Alex (alex@alex.city17.org) got netsplit. [05:05] Medivh (ck@62.93.217.199) got netsplit. [05:05] lp (~lpressl@interner.SerNet.DE) got netsplit. [05:05] aka (~aka@h062040166017.gun.cm.kabsi.at) got netsplit. [05:05] Zoiah (Zoiah@matryoshka.zoiah.net) got netsplit. [05:05] riel (~riel@riel.netop.oftc.net) got netsplit. [05:05] apw (~apw@212.104.150.41) got netsplit. [05:05] netrose (~john877@CC3-24.171.21.47.charter-stl.com) got netsplit. [05:06] netrose (~john877@CC3-24.171.21.47.charter-stl.com) returned to #vserver. [05:06] serving (~serving@213.186.189.93) returned to #vserver. [05:06] Bertl (~herbert@MAIL.13thfloor.at) returned to #vserver. [05:06] virtuoso (~shisha@ip114-115.adsl.wplus.ru) returned to #vserver. [05:06] pflanze (~chris@ethlife-a.ethz.ch) returned to #vserver. [05:06] Alex (alex@alex.city17.org) returned to #vserver. [05:06] MedivhWrk (ck@netops.multimedia-centrum.de) returned to #vserver. [05:06] MrBawb (abob@swordfish.drown.org) returned to #vserver. [05:06] Doener (~doener@p5082D8AB.dip.t-dialin.net) returned to #vserver. [05:06] maharaja (maharaja@ipax.tk) returned to #vserver. [05:06] CosmicRay (~jgoerzen@glockenspiel.complete.org) returned to #vserver. [05:06] sannes (~ace@sannes.org) returned to #vserver. [05:06] Zoiah (Zoiah@matryoshka.zoiah.net) returned to #vserver. [05:06] aka (~aka@h062040166017.gun.cm.kabsi.at) returned to #vserver. [05:06] Medivh (ck@62.93.217.199) returned to #vserver. [05:06] apw (~apw@212.104.150.41) returned to #vserver. [05:06] lp (~lpressl@interner.SerNet.DE) returned to #vserver. [05:06] riel (~riel@riel.netop.oftc.net) returned to #vserver. [05:21] Hm, why does the upstream vserver tool package install into /usr/{sbin,..} instead of /usr/local/.. ? [05:23] hm: Can't execute /sbin/chkconfig (No such file or directory) [05:41] ccooke (~ccooke@80.1.164.238) left irc: Ping timeout: 501 seconds [06:02] @virtuoso hmm how so? [06:03] @pflanze I bet util-vserver doesn't .. ;) [06:03] chkconfig seems RPM/RH specific ... [06:04] ah. [06:04] sorry had audible alert off ... since the reboot ... [06:04] Well, what's the reason for not using /usr/local? Convenience for making rpm packages? [06:05] I tell you, I don't know ... probably jack some time ago decided that this is a good thing ... [06:05] (The chkconfig thing luckily doesn't seem to stop the post-install.sh script from working) [06:08] chkconfig does manipulate the runlevel config ... adding/removing services ... [06:28] maharaja (maharaja@ipax.tk) got netsplit. [06:28] Doener (~doener@p5082D8AB.dip.t-dialin.net) got netsplit. [06:28] MrBawb (abob@swordfish.drown.org) got netsplit. [06:28] MedivhWrk (ck@netops.multimedia-centrum.de) got netsplit. [06:28] pflanze (~chris@ethlife-a.ethz.ch) got netsplit. [06:28] virtuoso (~shisha@ip114-115.adsl.wplus.ru) got netsplit. [06:28] serving (~serving@213.186.189.93) got netsplit. [06:28] Bertl (~herbert@MAIL.13thfloor.at) got netsplit. [06:28] sannes (~ace@sannes.org) got netsplit. [06:28] CosmicRay (~jgoerzen@glockenspiel.complete.org) got netsplit. [06:28] netrose (~john877@CC3-24.171.21.47.charter-stl.com) got netsplit. [06:28] lp (~lpressl@interner.SerNet.DE) got netsplit. [06:28] Medivh (ck@62.93.217.199) got netsplit. [06:28] aka (~aka@h062040166017.gun.cm.kabsi.at) got netsplit. [06:28] Zoiah (Zoiah@matryoshka.zoiah.net) got netsplit. [06:28] Alex (alex@alex.city17.org) got netsplit. [06:28] apw (~apw@212.104.150.41) got netsplit. [06:28] riel (~riel@riel.netop.oftc.net) got netsplit. [06:28] netrose (~john877@CC3-24.171.21.47.charter-stl.com) returned to #vserver. [06:28] serving (~serving@213.186.189.93) returned to #vserver. [06:28] Bertl (~herbert@MAIL.13thfloor.at) returned to #vserver. [06:28] virtuoso (~shisha@ip114-115.adsl.wplus.ru) returned to #vserver. [06:28] pflanze (~chris@ethlife-a.ethz.ch) returned to #vserver. [06:28] Alex (alex@alex.city17.org) returned to #vserver. [06:28] MedivhWrk (ck@netops.multimedia-centrum.de) returned to #vserver. [06:28] MrBawb (abob@swordfish.drown.org) returned to #vserver. [06:28] Doener (~doener@p5082D8AB.dip.t-dialin.net) returned to #vserver. [06:28] maharaja (maharaja@ipax.tk) returned to #vserver. [06:28] CosmicRay (~jgoerzen@glockenspiel.complete.org) returned to #vserver. [06:28] sannes (~ace@sannes.org) returned to #vserver. [06:28] Medivh (ck@62.93.217.199) returned to #vserver. [06:28] apw (~apw@212.104.150.41) returned to #vserver. [06:28] lp (~lpressl@interner.SerNet.DE) returned to #vserver. [06:28] riel (~riel@riel.netop.oftc.net) returned to #vserver. [06:28] aka (~aka@h062040166017.gun.cm.kabsi.at) returned to #vserver. [06:28] Zoiah (Zoiah@matryoshka.zoiah.net) returned to #vserver. [06:31] hm, what could be the reason that I cannot make outbound connections. [06:32] please elaborate ... [06:32] I'm using tap2:uml3 192.168.6.2 as interface for a vserver. [06:32] -A POSTROUTING -s 192.168.0.0/255.255.0.0 -d ! 192.168.0.0/255.255.0.0 -j MASQUERADE [06:33] -A PREROUTING -i eth1 -p tcp -m tcp --dport 4022 -j DNAT --to-destination 192.168.6.2:22 [06:33] I can ssh into the vserver from the outside (so port forwarding works). [06:33] I can ssh from the vserver to the host. [06:34] loger joined #vserver. [06:35] that looks okay ... except for the missing NAT ... [06:35] Can't I mix masquerade with DNAT? [06:35] I even used this iptables setup with uml. [06:35] I see not why ... [06:36] everything was the same with the uml, tap2, same ip. Except that now with vserver, I configure tap2 from the host, not from within the uml. [06:37] Maybe that "breaks" -j masquerade [06:37] might be, but it doesn't sound convincing to me .. [06:37] Action: pflanze going to try to replace masq with snat [06:49] funny, SNAT/DNAT combo works, MASQ/DNAT doesn't. [06:50] MASQ/DNAT works for the uml case. [06:50] how many ip's do you have assigned to this vserver? [06:50] only one, 192.168.6.2 [06:51] hmm ... you are now using a POSTROUTING -j SNAT ? [06:52] yep, -A POSTROUTING -s 192.168.0.0/255.255.0.0 -d ! 192.168.0.0/255.255.0.0 -j SNAT --to-source 129.132.202.247 [06:52] instead of the above shown MASQUERADE. [06:52] hmm, funny, not that we touch this codepath ... [06:54] okay, please explain me the uml/vserver setups ... [06:57] hm. [06:58] The uml setup was so that the uml process owns the tap2 interface, and sets it up to 192.168.6.2 [06:59] It then used 192.168.6.1 as router. [06:59] okay, uml uses the tap device like qemu to emulate the network interface [06:59] qemu? [06:59] emulator like bochs ... [07:00] Now since vserver can't take care of ip setup itself, I configured tap2 to be fixed (static or whatever it's called) [07:01] and ifconfig'd it on the host. i.e. two ip's on tap2 from the view of the host, instead of only the 192.168.6.1 one from the uml case. [07:02] hmm, funny setup, but go on ... [07:03] (I then also reconfigured ssh on the host so that it doesn't bind to * anymore, sigh :~) [07:03] that is what the v_* wrappers are for ;) [07:03] started ssh inside vserver, DNAT rule from above, and voila I could log in from outside. [07:03] hm [07:04] okay, what is tap2 supposed to do there? [07:04] just that the vserver has an interface that isnt' on ethernet. [07:04] and that isn't loopback, since too many services on the host listen * on loopback. [07:04] but everything supposed to leave this interface will go to nirvana ... [07:05] That's where SNAT comes in. [07:05] yeah, but not masquerading ... [07:05] it's quite different from the uml case ... where the packets actually come from that device ;) [07:06] in the uml case you have forwarding .. in this case local output ... [07:06] hum, yes, but why should it differ for the POSTROUTING rule? [07:06] ah. [07:06] there is no masquerading for locally generated packets ... [07:07] IC [07:07] good point. [07:36] grepmaster-afk (~chatzilla@66-101-59-73.oplnk.net) joined #vserver. [07:36] Nick change: grepmaster-afk -> grepmaster [07:36] which v_* wrappers did you mean, Bertl? [07:37] the (util-)vserver package should provide sysv wrappers for common services ... [07:37] ah, I see them in the source package [07:37] /etc/rc.d/init.d/v_sshd [07:38] grepmaster (~chatzilla@66-101-59-73.oplnk.net) left irc: Client Quit [07:38] grepmaster (~jeffrey@66-101-59-71.oplnk.net) joined #vserver. [07:39] i leave for a week and there's two more stable releases out... great! [07:39] together with vsysvwrapper and a config in /etc/vservices/* ... they make sure that vserver ip's aren't used for host services ... [07:39] time to do some more grsecurity patching... hmm [07:39] yep, we are working here ;) [07:39] hehe [07:40] grepmaster: are you jeffrey? (well: answer is: yes) [07:40] but I doubt, that grsec patches for 1.20 will not apply without issues on 1.22 ... [07:40] sure [07:40] just need to try it [07:40] to be sure [07:40] I did apply your patch on top of 1.22 w/o problem. [07:40] cool [07:41] both fixes only touched a few lines ... [07:41] I did even create my own patch first and then diffed it against yours, just to be sure you're not doing anything nasty:) [07:41] the second issue was introduced in ctx-2 by the way ... [07:41] for the util-vserver the wrappers are in /usr/local/etc/init.d ... at least on the debian machine i'm currently on [07:41] haha :) yeah ok, Makefile hunk failed, tcp_ipv4.c offset -2, cool [07:42] You didn't :), I got exactly the same except for the ordering of some includes and a small error in mine. [07:42] (now running 2.4.23-vs1.22-grsec1.9.13-skas3-freeswan1.99) [07:43] nice [07:43] @pflanze I assume all patches are documented and a link on linux-vserver.org exists [07:44] which patches? jeffrey's? [07:44] they are. [07:44] he's talking about skas3 and freeswan1.99 [07:44] freeswan/skas3 [07:44] ah, you mean, I should put info there? [07:45] well, freeswan is outdated, but I'm still using it because I think they did some changes I don't want to bother with now. [07:45] well, I said I assume, so if not, please update reality ;) [07:45] submit a patch for reality to bertl ;-) [07:45] And skas3 vs grsec had some really ugly conflicts, where I'm not sure I've resolved everything. I'm not using PAX now, so don't know if it's broken. [07:46] okay, so maybe some testing would be advised ... [07:46] maybe we should add a page for on-top-of-vserver patches ... [07:47] yes. but that takes another machine and prolly another month or so, considering how I work. [07:47] good idea [07:47] containing some info and feedback/usage ... [07:47] by the way, I started to do the patch sets again (this time for 2.4.23) [07:49] hmm, probably that was before your time with vserver, right? [07:50] me for sure [07:50] err, you mean the context quota sets and stuff? [07:51] nope ... [07:51] sec [07:51] http://vserver.13thfloor.at/Stuff/patches-2.4.23vs1.22/ [07:51] pflanze, if you want me to look over skas3 vs grsec conflicts, send me some email and i'll get to it [07:53] bertl, so it's outside patches modified for use with vs? [07:53] err i should say "pre-modified" [07:53] you mean the patch set? [07:53] yeah [07:54] well, basically it's useful stuff (for vservers) not present in mainline ... [07:55] ohhhhhhhh yeah ok [07:56] outside patches _particularly_useful_for_vserver_ [07:56] well, I use them on my servers ... that's it ;) [07:56] all right well i'm off for another week probably, i went ahead and wasted my disk space and bandwidth by making a vs1.22 diff [07:56] hehe ok [07:57] laters [07:57] grepmaster (~jeffrey@66-101-59-71.oplnk.net) left irc: Quit: [BX] Reserve your copy of BitchX-1.0c19 for the Apple Newton today! [08:11] (hm, grepmaster told me to send him mail but didn't give an address) [08:16] hmm, right, maybe jeffrey@firehead.org would be worth a try ... [08:21] okay, enough for today ... cu 2morrow ... [08:21] Nick change: Bertl -> Bertl_zZ [09:36] pflanze (~chris@ethlife-a.ethz.ch) left irc: Ping timeout: 485 seconds [09:45] unriel (~riel@riel.netop.oftc.net) got netsplit. [09:45] say (~say@212.86.243.154) got netsplit. [09:45] mcp (~hightower@wolk-project.de) got netsplit. [09:45] shuri (~ipv6@ipv6.electronicbox.net) got netsplit. [09:45] serving (~serving@213.186.189.93) got netsplit. [09:45] Bertl_zZ (~herbert@MAIL.13thfloor.at) got netsplit. [09:45] virtuoso (~shisha@ip114-115.adsl.wplus.ru) got netsplit. [09:45] MedivhWrk (ck@netops.multimedia-centrum.de) got netsplit. [09:45] MrBawb (abob@swordfish.drown.org) got netsplit. [09:45] maharaja (maharaja@ipax.tk) got netsplit. [09:45] Doener (~doener@p5082D8AB.dip.t-dialin.net) got netsplit. [09:45] sannes (~ace@sannes.org) got netsplit. [09:45] CosmicRay (~jgoerzen@glockenspiel.complete.org) got netsplit. [09:45] netrose (~john877@CC3-24.171.21.47.charter-stl.com) got netsplit. [09:45] unriel (~riel@riel.netop.oftc.net) returned to #vserver. [09:45] say (~say@212.86.243.154) returned to #vserver. [09:45] mcp (~hightower@wolk-project.de) returned to #vserver. [09:45] shuri (~ipv6@ipv6.electronicbox.net) returned to #vserver. [09:45] netrose (~john877@CC3-24.171.21.47.charter-stl.com) returned to #vserver. [09:45] serving (~serving@213.186.189.93) returned to #vserver. [09:45] Bertl_zZ (~herbert@MAIL.13thfloor.at) returned to #vserver. [09:45] virtuoso (~shisha@ip114-115.adsl.wplus.ru) returned to #vserver. [09:45] MedivhWrk (ck@netops.multimedia-centrum.de) returned to #vserver. [09:45] MrBawb (abob@swordfish.drown.org) returned to #vserver. [09:45] Doener (~doener@p5082D8AB.dip.t-dialin.net) returned to #vserver. [09:45] maharaja (maharaja@ipax.tk) returned to #vserver. [09:45] CosmicRay (~jgoerzen@glockenspiel.complete.org) returned to #vserver. [09:45] sannes (~ace@sannes.org) returned to #vserver. [10:52] unriel (~riel@riel.netop.oftc.net) left irc: Ping timeout: 501 seconds [10:53] unriel (~riel@nat-pool-bos.redhat.com) joined #vserver. [12:25] virtuoso (~shisha@ip114-115.adsl.wplus.ru) left irc: Read error: Connection reset by peer [13:00] sannes (~ace@sannes.org) left irc: Read error: Connection reset by peer [13:06] Simon (~sgarner@apollo.quattro.net.nz) joined #vserver. [13:53] ccooke (~ccooke@80.1.164.238) joined #vserver. [13:54] ccooke (~ccooke@80.1.164.238) left irc: Client Quit [13:55] ccooke (~ccooke@80.1.164.238) joined #vserver. [13:58] Doener (~doener@p5082D8AB.dip.t-dialin.net) left irc: Ping timeout: 485 seconds [14:44] Simon (~sgarner@apollo.quattro.net.nz) left irc: Quit: so long, and thanks for all the fish [16:28] From Interland support pages : [16:28] Windows NT Server 4.0 has become a very popular Web hosting platform. [16:28] The Unix platform, known for its power and versatility, provides superior email capabilities. [16:28] Together, your NT Web server and Unix mail server comprise the VServer NT system [16:28] :) [16:52] mhepp (~mhepp@r72s22p13.home.nbox.cz) joined #vserver. [17:47] netrose (~john877@CC3-24.171.21.47.charter-stl.com) left irc: Ping timeout: 480 seconds [18:02] ccooke (~ccooke@80.1.164.238) left irc: Ping timeout: 499 seconds [18:42] Doener (~doener@pD95883AC.dip.t-dialin.net) joined #vserver. [18:55] Nick change: Bertl_zZ -> Bertl [18:56] greeting everyone! [18:56] s/greeting/greetings/ [18:59] mhepp (~mhepp@r72s22p13.home.nbox.cz) left irc: Ping timeout: 512 seconds [19:08] ccooke (~ccooke@80.1.164.238) joined #vserver. [19:23] brb ... [19:23] Bertl (~herbert@MAIL.13thfloor.at) left irc: Quit: leaving [19:36] fbc (~fbc@ppp-172-137.26-151.libero.it) joined #vserver. [19:39] netrose (~john877@CC3-24.171.21.47.charter-stl.com) joined #vserver. [19:51] netrose (~john877@CC3-24.171.21.47.charter-stl.com) left irc: Ping timeout: 480 seconds [19:58] Nick change: fbc -> fbc_dinner [20:25] Bertl (~herbert@MAIL.13thfloor.at) joined #vserver. [20:26] hi all! [21:24] Hi Bertl [21:24] Nick change: fbc_dinner -> fbc [21:24] you've got mail ;) [21:28] Ok, so the vserver command should call cqdlim with correct inodes-used and blocks-used parameters? [21:29] exactly ... [21:29] What's the side effect of putting 0 in those? [21:29] you start with 0, and have _another_ total blocks/inodes available ... [21:30] Ok, crystal clear :) Many thanks [21:31] hopefully we soon ahve some tools to calculate those values accordingly and feed it to the kernel ... [21:32] note: a du -skx and find | wc is a good start, but it isn't sufficient, as it would account shared files (context 0) too, which shouldn't be accounted ... [21:33] Yes, but for strictly separated vserver could it be an issue? [21:34] depends, if you cahnge all files to the context tag (with chctx) no, otherwise .... [21:38] hey, I got the funny sensors working again .. with 2.8.2 ... [21:39] what are you talking about? [21:40] one of my servers is a Tyan with a w83627hf/w83782d combo for MB monitoring ... [21:41] all values like fan/temparature/voltage are spread over both chips, unfortunately they share the same address ... [21:42] ah, you're talking about lm-sensors [21:43] netrose (~john877@CC3-24.171.21.47.charter-stl.com) joined #vserver. [21:44] well, I had to update to vs1.22 anyway (probably the most stable release since ctx-1) ;) [21:45] It seems so :) [21:45] As a newbie, I hope so :) [21:47] if possible, make some notes, what caused you troubles, and what you didn't understand from docu/etc, if you post this to the mailing list, we probably could improve documentation/etc ... [21:48] Of course [21:49] Just out of curiosity, do you work on vserver full time? [21:49] it seems so .. but I have to earn my living too ... [21:51] don't you (vserver developers) have a paypal or something similar for donations? I always give some money to useful oss [21:52] well, not yet, but it's a good point ... I'll see what I can do about that ... [21:52] I think it's going to be a widely used software [21:53] hopefully ... it's great to work on something useful 8-) [21:53] I used UML for similar purposes in the past, but vserver is really another story [21:53] how did you learn about vserver? [21:54] I was trying to find an alternative to uml :) [21:54] hmm, and where did you find it? [21:54] I think I found it first in a Slashdot thread [22:04] hmm.. referring to a recent reply from you:" as it would account shared files (context 0) too" [22:04] this means that shared file must have context 0 [22:05] not "if I got two vserver with separate files in context 0 they become shared in memory" [22:05] just got a little confused by the affirmation [22:05] yes, 'unified' files must be in context 0, otherwise only one vserver would be able to access them ... [22:05] ok [22:12] PayPal is available via herbert@13thfloor.at ;) [22:30] good, I will surely make a donation next few days (if vserver doesn't crash :)) [22:30] ;) [22:40] ccooke_ (~ccooke@80.1.164.238) joined #vserver. [22:41] ccooke (~ccooke@80.1.164.238) left irc: Ping timeout: 485 seconds [23:03] netrose (~john877@CC3-24.171.21.47.charter-stl.com) left irc: [23:20] hey cool, linuxvirtualserver links back to us ... 8-) [23:21] didn't you already link back to them? [23:21] well, linked to them from the moment somebody asked me for this project ... [23:22] their logo is really cute [23:23] we had a cute? logo idea too, but nobody who would do it yet ... [23:25] I'm really bad at graphic design :) [23:25] http://vserver.13thfloor.at/Stuff/concept01.gif imagine inside the blue cubicles, living space for penguins .. and a big magnifying glass over the broken out edge ... [23:27] cool... is it possible that no graphic kind is interested in vserver? [23:27] hmm, guess we didn't find the time yet to ask around ... I'll add it to my todo list ... [23:28] add it to the xmas list, I think it's the right time :) [23:35] okay, done ... [23:42] Nesh (~dmistry@ool-4352413d.dyn.optonline.net) joined #vserver. [23:42] Bert! [23:42] hi dinesh! [23:42] heh problems [23:43] upgraded to 2.4.23-vs1.22 [23:43] util-vserver-0.26-0 [23:43] util-vserver-linuxconf-0.26-0 [23:43] sounds good so far ... ;) [23:43] /usr/sbin/vserver: ulimit: cannot modify max user processes limit: Invalid argument [23:43] was expected ... [23:43] ULIMIT="-H -u 256 -n 1024" [23:43] is my config line. [23:43] change -H to -HS [23:44] ok tying [23:44] ok no error [23:44] note: this has nothing to do with vserver ;) [23:44] on start but one on inside [23:44] ulimit change thig [23:45] critical_create(): semget() failed: No space left on device [23:45] Last message repeated 1 time(s). [23:45] /dev/hdv1 5.9G 773M 4.8G 14% / [23:45] trying to start apache [23:45] any idea why this would happen [23:45] semget sounds like shared memory or something like this ... [23:46] mmm [23:46] i do not see a problem with swap or anything. [23:46] Action: Bertl is reading man 2 semget [23:47] ENOSPC A semaphore set has to be created but the system limit for the maximum number of semaphore sets [23:47] (SEMMNI), or the system wide maximum number of semaphores (SEMMNS), would be exceeded. [23:48] [root@host03:/usr/local/sbin]$ vserver wheelspecs enter [23:48] Can't set the ipv4 root (Invalid argument) [23:49] are you sure you are using the util-vserver-0.26 tools? please download and run http://vserver.13thfloor.at/Stuff/testme.sh [23:49] send the output per email, or make it available via web ... [23:49] ok [23:51] send to what email [23:53] mine ;) herbert@13thfloor.at [23:54] send sir [23:54] sent [23:55] okay, tools util-vserver-0.26 everything is working fine ... [23:55] so this probably is some configuration issue or a bug in one of the scripts ... [23:56] the semget() stuff is unrelated ... [23:56] ok i'll play [23:56] thanks for eliminating vserver [23:57] hmm, do not look for disk space the No space left on device message is misleading ... [23:58] yeah apprently heh [23:58] maybe you are hitting a global sem limit ... [23:59] possible but werid since server was running for LONG time before [23:59] maybe some changes in the kernel, like the -H -HS between 2.4.x and 2.4.23 ... [00:00] --- Mon Dec 15 2003