[00:00] so a 24/24 would mean i can only make 256 contexts? [00:00] 255 not including the root one [00:00] nope, 65536 contexts ... [00:01] including host(0) and admin(1) [00:01] hrm [00:01] both bytes (one from uid, one from gid) form the xid ... [00:01] k [00:02] and since every user also has a group.. but how does that work if a uid is in more than 1 group? [00:02] all groups must be of the same xid? [00:02] nope, you don't care ... [00:02] caligula (~junior@adsli217.cofs.net) joined #vserver. [00:02] look at it this way: [00:02] hi caligula! [00:03] Action: Tamama looks towards caligula :D [00:03] Tamama: you need to store an uid, gid and xid per file ... [00:03] the uid/gid are user and group number ... the xid is the context ... [00:04] most available filesystems have supported 16bit uid/gid for a long time ... [00:04] now they changed to 32bit for uid and gid ... [00:04] but do you use uid > 65536 yet? [00:04] so all routines using GID/UID are rewritten to use only the bottom 24 bits? [00:04] 'all' as i have no clue where it all boils down to :) [00:05] yes, but actually those are only two routines ... [00:05] heh [00:05] the one retrieving the uid/gid from an inode ... and the one storing it there ;) [00:05] ok nice and centralised.. :) [00:06] yup, the problem is, if you mount an xid tagged filesystem, without that setting, you get funny uid/gid pairs ;) [00:06] (at least if you use 32bit uid/gid) [00:06] so if i do fstat() in a program, the st_uid and st_gid are actually retreived using get/put gid/uid [00:07] no, they are from the in memory inode representation ... [00:07] which includes the xid? or... [00:07] which contains an xid field, correct ... [00:08] hello, world [00:08] hey cool, your program is working? [00:08] caligula: what programming language? ;) [00:09] hm then the gid/uid would not be reported correctly then right? as it would include the xid... not that i care much about that as long as it works heh [00:09] /bin/bash [00:10] Tamama: yup, that is what I meant with 'funny' ... [00:10] you cant set the gid/uid of files as a user.. right? [00:10] user/vroot [00:11] well, you can set it, but not the xid ... [00:12] well.. how does an inode care that the xid part is changed along with it? extra code to check for that? [00:12] (note: this is not an attack ;) i just like to know how things work heh) [00:13] nope, it just can't happen ... because you can only modify the in memory uid/gid ... the xid can only be changed via chctx (which should be renamed to chxid) and all three values are 'merged' into the on disk representation ... [00:13] ok [00:13] this is the reason for having a choice there, it only changes the way they are merged ... [00:14] so if i make a uid larger than 24 bits, it will just wrap in the end [00:14] and those three formats where agreed upon, with alexey, who does the RH branch of vserver (FreeVPS) [00:15] ok, explains it :) [00:15] yup, if will wrap at 24 bits ... [00:15] s/if/it/ [00:15] i dont see me use more than 65536 though heh [00:16] hm i could read the security context from fstat() then [00:16] hehe [00:16] too good to not try :) *makes small program to test* [00:17] try *G* [00:24] hm [00:24] without the chctx patch.. it should just be 32 bits? [00:25] it's 16/32 bit in any way, just you can not access/read/change the upper 8 bits ;) [00:27] root@powerhouse:~# ./test [00:27] UID = 0 (0) [00:27] GID = 0 (0) [00:27] XID = 0 (0) [00:27] same from vserver as from root [00:27] i'll run that program again when i have that chctx patch applied :D [00:27] okay, so what? [00:28] it will give the same results with that patch, you can't read the xid with fstat ... [00:28] bertl: what partition would you advice when i ask the datacenter to reinstall the system and make new partition tables [00:28] if the data center can do that, they probably can do it simpler ... [00:28] Bertl: it is still nice to verify it myself.. as assumption is the mother of all fuckups :D [00:29] Tamama: go ahead, I welcome _any_ testing ... [00:29] tanjix: best layout would be something like that: [00:30] /dev/hd0/part1 : start= 63, size= 240912, Id=fd [00:30] /dev/hd0/part2 : start= 240975, size= 771120, Id=83 [00:30] /dev/hd0/part3 : start= 1012095, size= 1028160, Id=82 [00:30] /dev/hd0/part4 : start= 2040255, size=154256130, Id= 5 [00:30] /dev/hd0/part5 : start= 2040318, size=40949622, Id=fd [00:30] Bertl: oh i'll be testing a bit more than this ;) count on it hehe [00:30] /dev/hd0/part6 : start= 42990003, size=61448562, Id=fd [00:31] tanjix: which means: [00:31] a small boot partition (you ahve that) [00:31] a root partition (about 200MB) [00:31] or a little more, make it 300MB (for rescue boot) [00:31] a swap partition ... [00:32] and at least two lvm partitions ... one for the system, the other for the vservers ... [00:32] hm i have 1GB root, 2GB /usr, 2GB /var 8GB /swap 142GB /vservers :) [00:32] the system partition, will be split into /usr, /var and /usr/src ... (/tmp is also an option) [00:33] hm i could also let them to upgrade a 2nd hd would that be an option ? [00:33] the vserver partition for each vserver ... [00:33] sure ... [00:33] hm interresting [00:33] i was in a vserver [00:33] but it would be sufficient, if they could 'shrink' the current root partition about 4GB ... [00:33] i crashed a program [00:34] my console went *bork* [00:34] i typed exit, left that context.. and my console was still b0rked [00:34] could happen ... try 'reset' [00:34] hm but those changes were made in a different context [00:34] this is the terminal emulation which gets confused ... [00:35] has nothing to do with vserver or the remote login ... [00:35] k [00:35] still fishy ;) [00:36] jsut try : echo -e '\e[32mGREEN\n' [00:36] still, pkgtool doesnt work [00:36] i tried stracing it but well.. heh.. guess i need to redirect stderr :D [00:38] ioctl(3, SNDCTL_TMR_TIMEBASE, 0xbffff8d0) = -1 ENOTTY (Inappropriate ioctl for device) [00:38] guess that would do it [00:39] open("/dev/null", O_RDONLY|O_NONBLOCK|O_DIRECTORY) = -1 ENOTDIR (Not a directory) [00:39] hmm, what did you say is this tool for? [00:39] adding and removing system packages on slackware [00:39] i'm trying to clean the vserver up [00:39] and this requires to change the timing base of the sound device? [00:39] beats me [00:40] I would say, crapware ;) [00:40] maybe it adds beeps who knows lol [00:40] i dont even have a speaker or soundcard heh [00:40] I'm sure you can work around this ... [00:40] it doesnt seem to 'crash' on that [00:41] what does it do? [00:41] without strace ... [00:41] but it does so much its hard to see where it doenst work... [00:41] it still runs.. it just doesnt see the packages [00:41] what do you mean by 'see'? [00:41] it only sees the packages that were installed locally [00:41] locally means? [00:41] it inventarises the packages that are installed on the system [00:42] i installed 1 package in the vserver.. it sees that one [00:42] bertl: i have the option to implment a 80gb hd [00:42] probably you have to 'add' the packages via that tool ... or rebuild the database somehow ... [00:43] tanjix: that would work, you could use that for the vserver partitions ... [00:43] when we mount that to /vservers then it should be no problem ? [00:43] right ;) [00:43] do they make backups of that disk too? :) [00:44] do they make backups at all? ;) [00:44] QEMU 0.5.1 is out. [00:44] jeah! yeah! [00:45] sweet found it [00:45] its in /var/log/packages [00:45] Action: Tamama copies the dir [00:45] bertl: another question whgen i reboot a vserver that does not work ? [00:45] what doe 'whgen' mean in this particular case? [00:46] when [00:46] [root@tanjix root]# reboot [00:46] Broadcast message from root (pts/1) (Wed Dec 24 17:47:06 2003): [00:46] The system is going down for reboot NOW! [00:46] init: /dev/initctl: No such file or directory [00:46] nice.. [00:46] or can't vservers be rebooted [00:46] ahh, you have to use reboot -f, no init running there ... [00:46] i can pkgtool again :D [00:47] tanjix: and you ahve to configure the userspace helper ... to make it work ;) [00:47] eh what ? :) [00:48] if you do 'reboot -f' now, you'll get a message in the syslog, that this server requested a reboot ... [00:48] and that a program called /sbin/rebootwossname isn't there ... [00:49] Action: Tamama cleans out the vserver packages and copies it as a template [00:49] :D [00:49] http://list.linux-vserver.org/archive/vserver/msg04924.html [00:50] (this is anexplanation of the reboot helper) [00:51] you probably can use the userspace helper from paul, with some modifications ... [00:51] lol [00:51] that only stripped off 6MB [00:52] means building a new kernel again ? [00:52] nope, it's all there, only the userspace part is missing ... [00:52] paul urged me to add this feature, but he didn't care enough to adapt the userspace helper ... [00:53] basically you can write it yourself ... any bash scripting experiences yet? [00:54] not really [00:54] you can also use the rebootmgr from the vserver package, which does it in a different way ... [00:55] you ahve to replace the reboot/halt commands by a special binary, which communicates with the rebootmgr (daemon started in the host context) [00:55] is there a doc on how to use it [00:55] IIRC, there is a manpage or a howto ... [00:56] also Jacques pages should contain some walk through ... [00:58] hm [00:58] clean vserver with compiler tools.. 260MB [00:58] could be worse.. [00:59] yup, 180MB on mandrake ... [00:59] well i have _all_ compiler tools :D [00:59] java, and pascal? wow! [01:00] you would be surpriced who needs em heh [01:00] I guess I would be ... ;) [01:00] also i needed a few libs for image processing.. so its not really clean, but as bare as i can .. bare it :D [01:02] hm.. i seem to have killed vi... [01:02] doh [01:03] hmmm [01:06] and i dont seem to be able to change users in my vserver [01:06] heh [01:07] DOH! [01:07] i think i just screwed myself over [01:08] apperantly ssh now goes to vserver instead of root [01:08] lol [01:08] sounds good ;) [01:08] lets hope the kernel compile ends soon so i have a console again :) [01:08] and can fix that lol [01:08] now you can try to escape ;) [01:08] i dnot need to escape.. i need my vi lol [01:12] i didnt even know it came from elvis heh [01:16] hm this is freaky [01:16] ah its not :D [01:33] nooooooooooooooooooooooooooooooooo [01:33] kernel and modules compiled... [01:33] i left linux video on... and since i had removed all things it depended on... [01:33] modules_install failed [01:34] Action: Tamama rebuilds kernel/modules.. sigh [01:34] well, not a big deal ... just modify/build again, it's quite fast ... [01:34] not on a p2-350 [01:34] heh [01:34] (unless you do a make clean) [01:34] hey, I'm working on a k6-350 ... [01:35] somehow i always clean... [01:35] well, then let's hope that you didn't select version info on all symbols ;) [01:35] hm? [01:36] i probably did.. heh [01:36] because if so, your symbols will not load, when the kernel isn't the same (from the same build) [01:37] and rightfully so :) [02:05] tanjix (ViRu_@pD904A070.dip.t-dialin.net) left irc: Ping timeout: 485 seconds [02:29] tanjix (ViRu_@c-180-204-223.n.dial.de.ignite.net) joined #vserver. [02:30] re [02:30] what does [X] Share disk space do when checked or unchecked (when setting up a new vserver )? [02:36] on an RPM based system, it uses vunify to 'share' the static (binary) files ... [02:36] this is done via hardlinks, protected by immutable flags ... [02:37] usually this allows to have a 'tempalte' server (200MB) and 'clones' taking up about 20-50MB of disk space ... [02:37] doesn't work if you put the vservers on different partitions ... [02:37] s/different/separate/ [02:38] hm wouldnt it be possible to just make a /vservers/all-stuff-that-can-be-shared.. and hardlink that? [02:39] sure, just the immutable flag is needed to protect the shared files ... [02:39] and this doesn't work across partitions either ... [02:39] hm.. this is rather odd.. [02:40] have a 142GB partition... of which 134GB is available.. and all that is in there is a vserver which 'du' tells me is 260MB [02:41] 142GB is shown in size? [02:41] in 'df' [02:42] hmm, and what is surprising about that? [02:42] that i lost a few GB somewhere :) [02:43] no you didn't lose them, they are just not available ;) [02:43] pretty much the same result [02:43] heh [02:43] try tune2fs -m 0 /dev/your/partition [02:43] (if you use ext2/ext3) [02:44] what does that do? [02:44] it sets the 'reserved for root' space to 0% [02:44] reserved blocks percent [02:44] hm [02:44] why does it need that? [02:44] what? [02:44] i mean, reserved blocks :) [02:45] well, if there is some evil user, and he tries to DoS your box from inside ... [02:45] then root is happy to have some space left to work ;) [02:45] hm how can i see how much is reserved then? [02:46] dumpe2fs for ext2/3 [02:47] Bringing up loopback interface: arping: socket: Operation not permitted [02:47] Error, some other host already uses address 127.0.0.1. [02:47] [FAILED] [02:47] when i edited /etc/resolv.conf on a newly created vserver [02:47] looks like a normal server startup script on a vserver ... [02:47] (and typed service network restart) [02:48] you don't have a network to restart, so your scripts fail ... [02:48] i wonder why i even have ext3 and not just ext2 [02:48] how do i then apply my settings [02:48] (nameserver entries) [02:49] for resolv.conf nothing is required, this is reread on every lookup ... [02:49] ping: icmp open socket: Operation not permitted [02:49] on another vserver it works :) [02:49] 'ping' requires raw network access, which is a capability ... [02:50] so vservers can't ping ? [02:50] if you give that capability (CAP_NET_RAW IIRC) it will work ... [02:50] ah ok i've red something [02:50] but this is weakening the security ... [02:50] read [02:50] allowing CAP_NET_RAW regardless of the fact that it's a vserver, will allow to generate arbitrary packets ... [02:51] heh that tune just recovered the lost GB's again [02:51] sweeet.. its the /vservers anyway [02:51] Tamama: usually 5-10% are 'reserved' for root [02:51] whoah [02:51] Action: Tamama tunes the other partitions ;) [02:52] don't do that for /, /var and /tmp ;) [02:52] i was more thinking on /usr :D [02:53] it's safe for that, but root can use the space anyway, that's the whole idea ... [02:54] hm i dont even have a .tmp [02:54] /tmp [02:55] hmm, it's on / ? [02:55] i guess so... [02:55] oh well doesnt matter.. it's not like /tmp will be used for anything [02:55] since each vserver has it's own /tmp [02:55] ahh, I love it ... this allows to hard link suid binaries, and local DoS ... [02:56] you can even have your own root shell ... ;) [02:56] the root server wont run any 'outside' services [02:56] like ssh ... ans such ;) [02:56] console :) [02:57] nah [02:57] but the thing will only be accessable from certain ip's [02:58] bertl: i still haven't figured out how to bring vservers to reboot :) [02:58] did i miss anything ? [02:58] what did you try for now? [02:59] i read the manual for the rebootmgr and did like somw howtos said [02:59] some [02:59] okay, and it doesn't work as expected? [03:00] not really [03:00] what happened? [03:00] nothing [03:00] the vserver does not reboot [03:00] Action: Tamama reboots with new patched kernel with added quota stuff.. *twiddles thumbs* [03:01] you replaced the reboot with vreboot, inside the vserver? [03:01] yes [03:01] connect /dev/reboot (No such file or directory) [03:02] is what i get [03:02] lol after the tune2fs and a reboot ext3 thinkgs it needs to fix things :) [03:02] tanjix: well /dev/reboot is created by the reboot manager on startup ... or somewhere on the vserver start, IIRC ... [03:04] hmm [03:06] but it seems as it does not [03:06] did you start the rebootmgr service? [03:06] caligula (~junior@adsli217.cofs.net) left #vserver (Client exiting). [03:08] it is running, yes [03:09] rebootmgr , right ? [03:09] do you have a /dev/reboot on the host? [03:10] hm now it worked... was my stupid error :) [03:10] the processes "rebootmgr" have to keep running for each vserver [03:11] I guess so, that's why we replaced it by the userspace helper ... [03:11] hm but it did not really reboot? uptime says up 10minutes ? [03:11] or is that ok [03:12] depends on the patch version, you are with vs1.22 stable, right? [03:12] yes [03:12] this doesn't include the fake uptime, as I got no feedback at all, only a dubious error report ;) [03:13] but it is in 1.1.5, 1.1.6, and again in 1.3.0 ... (devel releases) [03:13] 7h10e7h10e ok so it's simply an error on the ourput [03:13] output [03:13] hm.. how can i unmount my swap? heh [03:13] swapoff [03:13] too easy :( [03:15] tanjix: what you see is the host uptime ... [03:15] swapoff -a works better :) [03:16] i'm just writing all the stuff i use regularly in a textfile :D [03:17] or things i dont want to forget heh [03:17] bertl: no reboot was done then ? [03:17] hm adding a partition shuffled my partitions around.. [03:17] I don't know, check with vserver-stat ... [03:18] Tamama: hmm, depends on the tool you use ... [03:18] cfdisk [03:18] well, sfdisk would not do that ;) [03:18] i reduced my swap and added a /tmp :P [03:19] *hopes it reboots* [03:19] lol [03:19] i proably forgot to make a filesystem on it... [03:19] vserver-stat says uptime 12mins [03:19] for that host [03:19] okay, and your 'reboot' isn't that long ago, right? [03:19] i reboot it again and look vserver-stat again to see :L) [03:20] there should also be some log (from rebootmgr) maybe there are some hints ... [03:20] ah shite.. [03:20] /dev/sda4 mounted 24 times without check... forcing check.. [03:20] i thought ext3 didnt have that crap heh [03:20] well, you can disable it ... [03:21] not that I would advise to do so ;) [03:22] oh well [03:22] its only 142GB.. how long could it take.. right [03:23] 49158 16 185MB 20kB m00.57 m00.11 1m09.63 tanjix tanjix [03:23] this is what vserver-stat says [03:23] 20:24:27 up 4:17, 1 user, load average: 0.00, 0.01, 0.04 [03:24] and that "uptime" on the host [03:24] 1m09 uptime, means 1 minute .. so I guess it rebooted ... [03:24] yes but uptime says it would be 4mins up [03:25] hm, Bertl:... i guess you cant let that check run in the background...? :) :) :) [03:25] no, actually it says 4 hours and 17 mins ... [03:25] which should be the same as the hosts uptime ... [03:25] yes :) [03:25] Tamama: sure, as long as you don't mount the partition [03:26] then what good is it? lol [03:26] tanjix: as I said, 1.1.5/1.1.6 and 1.3.0 does contain the uptime fake, there you'll get the right? (wrong faked) results ... [03:26] you can apply that patch to vs 1.22 too (I guess) ... [03:32] hm ok.. [03:32] so i have that /tmp partition now.. it just cant mount it.. since it doesnt have a file system.. lol [03:33] how can i change that? :) [03:33] mke2fs for example? [03:34] hm.. and how can i get the arguments i need from the already existing partitions? [03:35] well, actually for an ext2 fs you dont need any arguments ;) [03:35] mke2fs /dev/your/device will do nicely .. [03:37] ok that worked pretty nicely indeed [03:37] heh [03:37] just snipped off 1 GB from /swap and made it /tmp :) [03:37] ok, more 'advanced' question.. [03:38] how can i change a file system to use 1KB nodes instead of 4KB? :) [03:38] lol [03:38] I hope you did a mkswap on the swap partition too ... [03:38] otherwise it will nicely overlap your new tmp partition ;) [03:38] it was 8GB anyway and unused :D [03:39] mkswap was pretty fast... [03:39] guess it didnt check the disk for a change [03:39] (in setup making a swap takes ages hehe) [03:40] probably because you check the 'verify blocks' ... [03:41] bertl: can a "halt" also be poerformed on vservers ? [03:41] performed [03:42] hm [03:42] tanjix: yup, with rebootmgr, you have to use the vhalt tool ... [03:42] why would you want to reboot/halt from a vserver? [03:43] tamama: i dont want to - just was interested in if it is possible :) [03:43] some folks want to do that ... why not? [03:44] it's like hammering all windows of a house shut.. and leave the door unlocked [03:45] hmm, why do you think so? [03:45] i guess it depends on what your goal is :) [03:46] and what goal would that be, that a vserver 'reboot' would do any harm? [03:46] 100% uptime :) [03:47] hm.. it only reboots the vserver? [03:47] yup, thats the idea ;) [03:47] heh i thought it linked to the root [03:47] that would be bad, I agree ;) [03:48] what name would that q0 patch make of the kernel.. the same as normal? [03:49] if so, how can i check it is in it? lol [03:50] q0 patch? [03:50] http://www.13thfloor.at/vserver/s_addons/quota/patch-2.4.23-vs1.20-q0.12.diff [03:50] doesn't modify the kernel name ... [03:51] doesn't modify the kernel behaviour at all ;) [03:51] ok, so... how can i use it? :D [03:51] hmm, if you aply it, you use it ;) [03:51]