[00:01] bertl you were part of the split [00:01] ah, okay ... that explains it ... [00:01] Quit (uranium.oftc.net keid.oftc.net) [00:03] Doener_zZz (~doener@pD9E12F73.dip.t-dialin.net) got lost in the net-split. [00:03] JonB (~jon@129.142.112.33) got lost in the net-split. [00:03] nathan_ (~nathan@209-6-130-26.c3-0.sbo-ubr1.sbo-ubr.ma.cable.rcn.com) got lost in the net-split. [00:12] Hi Bertl! [00:22] ensc: would you be so kind and verify my signed md5sums for 1.00, 1.22 and 1.3.3? [00:24] Bertl: thx, they are matching with my copy... [00:25] wonderful ... [00:26] your gpg key is not really trusted, but I have more headache about the other, still undiscovered flaws in the kernel :( [00:27] hmm, why is my key not really trusted? [00:29] everybody could create a key with the name 'Herbert Poetzl', kidnap the real Herbert Poetzl and go with his identity into the IRC to convince people to use his backdoored (but signed) patches ;) [00:35] hmm, okay but who are you? [00:37] hehe [00:38] Action: irmin wants rmap for 2.4.23 [00:39] go ahead, bug Master Riel ;) [00:39] he is bug-protected :) [00:39] Action: irmin . o O ( by exec-shield? ;) ) [00:51] okay enrico, let me know when you are ready to get some work done ... [00:57] MrBawb (abob@swordfish.drown.org) left irc: Quit: kernel upgrade [00:58] Bertl: work for the new syscalls in 1.3.3? [00:58] hmm, well yes, and soem stuff for the next generation ... [00:59] I will see what I can do, but the rest of today is reserved for other tasks [01:00] okay, we need to talk about the 'new' procfs for vserver too ... [01:05] infowolfe: still looking for xfs support? [01:08] MrBawb (abob@swordfish.drown.org) joined #vserver. [01:16] nathan_ (~nathan@209-6-130-26.c3-0.sbo-ubr1.sbo-ubr.ma.cable.rcn.com) joined #vserver. [01:17] Bertl, any reason i wouldnt want to restrict access to virtual outside of the main context? [01:18] huh, what? you mean the procfs ... yes, this will be protected ... [01:18] Bertl: btw, should I replace all IS_IMMUTABLE calls to IS_IMMUTABLE_FILE in xfs/* ? [01:18] irmin: which kernel? [01:18] yea the procfs sorry [01:19] Bertl, seems i can limit my risk of the race conditions by just keeping it in the main server for now [01:19] hmm .. [01:20] Bertl: 2.4.23-xfs [01:20] Bertl: (updated to .24 but it doesn't matter) [01:21] hmm, well, wasn't xfs included in 2.4.24? [01:21] Bertl: .24 have only 2 security and 2 oops fixes [01:21] I mean 2.4.23 ... sorry ... [01:21] Bertl: no, no built-in xfs [01:22] ah right ... there was a long discussion but no inclusion ... ck1 does include it though ... [01:23] hmm so you are too interested in xfs support, right? [01:24] Bertl: well, I already did such patches for previous kernel builds (.20 and .21) :) And it even worked :) [01:25] yeah, it's great you did that ... ;) (basically it should boil down to 2-3 modifications of IS_IMMUTABLE and the according flags) [01:26] but I just discovered that the ck1 releases I made do not support xfs ... [01:27] which in turn means that I have to fix this anyway ;) [01:27] Bertl: I'll tell you if the debian-adopted .24 kernel with vserver will bootstrap correctly soon :) [01:27] so you can save your time and efford, and wait for the ck1 fix ... and just use/adapt that one ... [01:28] ck1? I do not use ck patches.. [01:28] yeah, but it includes xfs, and you use xfs ... [01:28] Mister_A_ (~mab@pool-141-155-130-201.ny5030.east.verizon.net) joined #vserver. [01:28] Hi all [01:29] hi Mister_A_! [01:29] If im running 2.4.23-vs1.22 #5 SMP, should I assume im vulnerable to todays root exploit? [01:29] Bertl: it is compiles already :) [01:29] Mister_A_: yup, as it affects 2.4.23 ... [01:29] Mister_A_: get 2.4.24 patch on kernel.org and apply it ontop of .23 sources. It should apply cleanly [01:30] do i have to run the vserver patch again after that? [01:30] or get the vserver patch for 2.4.24 ;) [01:30] i like you're idea better :-D [01:30] do i have to recompile the kernel after I apply the patch? [01:30] if you want to use it, yes ;) [01:31] i shoudl jsut download patch-2.4.24-vs1.22.diff and apply it to my current 2.4.23 source tree? [01:32] nope, to a vanilla 2.4.24 kernel, or what patchset you use ... [01:32] _shuri (~shushushu@vserver.electronicbox.net) left irc: Ping timeout: 483 seconds [01:32] but you could do as irmin suggested, and patch the 2.4.23-vserver up to 2.4.24 with the 2.4.24 patch [01:33] it won't apply cleanly because of the version issue in the toplevel Makefile ... but it should work [01:34] so im gonna download the 2.4.24 kernel from kernel.org [01:34] and then apply patch-2.4.24-vs1.22.diff.bz2 [01:34] then compile [01:34] is there a way to use the same config files as i sued for 2.4.23 (ie to enable my 3ware raid, and network cards etc) [01:34] yeah, probably copying over your .config file from the old kernel, and doing make oldconfig would help [01:36] Bertl: yeah, I'm usually don't count top-level Makefile rejects as rejects :) [01:36] thanks so much for your help. [01:37] ill try the new kernel tomororw am when im available to drive to the DC incase of failure :) [01:38] sure, you can compile it today, setup everything and boot it tomorrow ... [01:38] ive been using this lilo -d option that will boot the new kernel only the next time it boots, and then i pass panic=15 so it reboots after 15 seconds, so if there is a kernel panic it will reboot and resort back the good kernel [01:39] but the catch is, sometimes the new kernel loads, but the network drivers dont so the kernel and machien are up but the network is done :( [01:39] Mister_A_: use serial console for such things [01:40] ya, but im not at the DC to hook it up :( [01:40] im thingin of buying a 32 port kvm and then 1 kvm over IP [01:40] going to eat [01:40] ill be back [01:44] tanjix (ViRu_@pD9049D9F.dip.t-dialin.net) left irc: [01:47] could i apply the VS patch before or after i copy the old .config file over [01:48] *should* [01:49] doesn't matter, but when you do the make oldconfig, the kernel should be in the final state .. [01:51] ok running make oldconfig :-D [01:51] now make dep? [01:52] make dep >../Dep.log [01:52] make bzImage modules >../Build.log [01:52] this way you only get the warnings/errors ... [01:53] acsi.c:74:25: asm/atarihw.h: No such file or directory [01:53] acsi.c:75:27: asm/atariints.h: No such file or directory [01:53] acsi.c:76:28: asm/atari_acsi.h: No such file or directory [01:53] acsi.c:77:29: asm/atari_stdma.h: No such file or directory [01:53] acsi.c:78:29: asm/atari_stram.h: No such file or directory [01:53] alot of those type errors [01:53] i2c-algo-sibyte.c:32:30: asm/sibyte/64bit.h: No such file or directory [01:53] i2c-algo-sibyte.c:33:36: asm/sibyte/sb1250_regs.h: No such file or directory [01:53] i2c-algo-sibyte.c:34:37: asm/sibyte/sb1250_smbus.h: No such file or directory [01:53] md5sum: WARNING: 1 of 13 computed checksums did NOT match [01:53] rtc.c:27:25: asm/machdep.h: No such file or directory [01:53] rtc.c:29:22: asm/time.h: No such file or directory [01:53] via-pmu.c:36:22: asm/prom.h: No such file or directory [01:53] via-pmu.c:37:25: asm/machdep.h: No such file or directory [01:53] via-pmu.c:41:26: asm/sections.h: No such file or directory [01:53] via-pmu.c:44:30: asm/pmac_feature.h: No such file or directory [01:53] stop stop, we know them ... [01:53] sorry [01:53] are those normal? [01:53] yup [01:54] 53c700.h:40:2: #error "Config.in must define either CONFIG_53C700_IO_MAPPED or CONFIG_53C700_MEM_MAPPED to use this [01:54] scsi core." [01:54] usually they pass by, lost in the amount of information, and you do not even notice them ... [01:54] ok [01:54] runing bzImage and modules [01:54] do i have to do modules_install ? [02:01] if you use modules, yes ... [02:25] Bertl, 2.4.24-ck1-vs1.3.3-grsec-nc is rather solid [02:25] Bertl, i havent stressed /proc/virtual/* though, intentional. [02:26] yeah, keep it so, untill we have the next gen procfs ... [02:26] k im gonna put it on a production box, ill just make /proc/virtual only or main [02:27] sounds good by the way, I hope the grsec and what's nc? is available and linked from linux-vserver.org ;) [02:27] i havent run this in production since ctx17, wee [02:27] Bertl, nc is my netconsole patch [02:27] Bertl, i used the grsec patch from the ck1 site [02:28] it all required some hand patching to get it to blend though [02:28] Bertl, want me to link this stuff on the wiki? [02:28] yeah sure ... [02:29] which grsec version is this? [02:30] 1.9.13 [02:35] Mister_A_ (~mab@pool-141-155-130-201.ny5030.east.verizon.net) left irc: [02:38] Bertl: is it a known issue that 'fakeinit' does not work with a static ctx? [02:38] hmm, not for me ... [02:38] chcontext --ctx 345 --flag fakeinit cat /proc/self/status | grep initpid [02:38] initpid: 0 [02:39] # chcontext --flag fakeinit cat /proc/self/status | grep initpid [02:39] initpid: 839 [02:39] but I remember some reports that fakeinit isn't working ... [02:39] let me check, which kernel patch? [02:39] 1.22 [02:40] hmm, cool ... [02:41] it works in 1.3.3 ... [02:42] I'll add that test to my test script, and search for the bug in 1.22 [02:42] ok thx, but I will not upgrade my servers to 1.3.3 ;) [02:43] hmm, this is in 1.00 too ... [02:44] I never used static ctx's before... but you suggested to do so [02:45] heyda, are you sure it ever worked? [02:46] ctx-17 on 2.4.21 gives the same results ... [02:46] it seems that the 'old/original' code is faulty in this regard ... [02:47] dunno, I tried static ctx + fakeinit this weekend the first time [02:48] hmm looks like we'll do a 1.23 bugfix release soon ... [02:54] how can I try to boot new kernel in grub but have it to load standard kernel in the case of failure? (like lilo -d) [02:55] lilo -R, but I don't know a way to do that ... [02:55] echo 'savedefault --default=0 --once' | grub --batch -- [02:56] don't ask why... I do not know it... ;) [02:56] (it's a RH patch) [02:56] upsi dupsi, is that documented somewhere? [02:56] not the '--once' [02:57] fedora-devel had some discussion about it in the last days [02:57] looks like this feature sneaked in around 0.92 ... [02:57] https://listman.redhat.com/archives/fedora-devel-list/2003-December/msg01692.html [03:01] ah okay, live and learn ... never thought of that ... [03:01] finally it all makes sense ... if somebody needs an explanation, why it works, jsut ask me ;) [03:02] it have "fallback" parameter.. [03:02] but be careful, this seems to 'remove' the default setting for grub 0.93 [03:03] isn't an issue if your first entry is your default ... [03:06] so actually the command should be echo 'savedefault --default=1 --once' | grub --batch -- [03:06] and the default should be 0 i guess ... [03:36] hmm enrico if you find some time, think about the procfs and how it should look like for your tools (regarding vserver) ... [03:38] I need a way to determine if a context is still alive (there is needed some kind of state, e.g. create -> running -> killed -> (removed)) [03:38] I would prefer a syscall for that [03:39] hmm, okay, something like 'locate context xid'? [03:39] or vc_getstat()? [03:40] latter [03:41] or would a enter_context() syscall which fails if the context doesn't exist be sufficient for your purpose? [03:43] the problem is, when it succeeds... I would have to do everytime special preparations (e.g. chroot, ulimit, ...) when doing this [03:44] else, a malicious process in the ctx could ptrace me and gain privileges [03:44] well, the advantage would be, that it's kind of atomic ... [03:44] you can test a hundred times for ctx=100, and then when you try to enter it, it is gone ... [03:46] I just want to know if the ctx is still alive. E.g. I have 'kill 15; sleep 5; kill 9' sequences when shutting down a vserver. The sleep and following 'kill 9' can be omitted when vserver is dead [03:48] ah okay .. but that actually is a trusty assumption, because just in the moment you check, somebody enters the context ... [03:49] I thought about an option to 'shutdown' or 'lock' a context before it is removed ... [03:50] ok; good idea [03:51] maybe a predefined state engine, which only allows to do the following cycle: [03:51] create - setup - start - stop - destroy [03:53] this way, we could move the kill -9 to the kernel ... [03:55] I do not know if it really a good idea to request such an explicit destruction [03:56] was just _an_ idea ... [03:59] I would really like a functionality like wait4() which returns statistics (CPU usage, ...) about the diedvserver [04:00] hmm, possible, but you have to 'attach' to the 'context' in this case ... [04:01] unless you split the 'creator' into two halves, one becoming init and the other waiting for it to die ... [04:03] why not '... -> stopped/locked -> (xid entry still existing) -> wait (-> cleans ctx-information)' [04:04] that was what I meant with 'attaching' [04:05] the question is, is there data which will be the result of a context exit, or would that just be the xid entry in it's least recently updated state? [04:05] I do not know how resources are counted in the kernel... [04:06] because in that case, we could get away with not removing the context info at all ... sitting and waiting there for an explicit removal ... [04:24] okay, so basically your tools will not require the proc interface per se, right? [04:27] no, I want to avoid /proc parsing [04:28] okay, you know that 0.27 does still query proc ... [04:28] I do not have another choice :( [04:30] hmm, okay so you need the 'get status of context xy' syscall command, right? [04:31] or is there anything else you need? [04:32] yes, but I am not sure about the semantic... with WNOHANG, it could return current resource usage; without WNOHANG, it could wait for its removal [04:32] a kind of polling wouldn't be sufficient for the moment? [04:33] Action: ensc hates polling [04:33] the issue is, this would require some waitqueue mechanism, I would like to avoid, unless extensively tested ... [04:34] mmh, ok. for the moment WNOHANG would be enough [04:35] okay, the next question is, what information do you want to retrieve with that syscall command? [04:35] I would like to have a way to store userspace-information (e.g. vserver-name) in the context... [04:36] maybe you could have a look at the current structures in 1.3.3 and make a suggestion [04:36] I need process-count, for other statistical information I do not have any use currently [04:36] there are some fields in the uts entry, which might come handy for that ... [04:37] uts modification is bad since it requires CAP_SYSADMIN [04:37] hmm, well you won't modify the context names without it? [04:38] vservers-in-vservers... ;) [04:38] by the way, for what do you need a context name? [04:38] e.g. for vps [04:39] the xid is unique, do some hash/lookup to set/get additional info [04:39] hash lookup to where? [04:40] if we 'introduce' a name for each context, the next thing that pops into my mind is, how to ensure that this name is unique, and why not change all syscalls to allow a name instead of a number? [04:41] whatever tool creates a vserver, should be able to associate a name with the xid, somehow ... [04:41] no need to make it unique... process-names can be ambiguously also [04:42] hmm, okay why not do this 'book keeping' in userspace? [04:48] it needs lots of management effort, requires an agreement about the place where these information are stored, can be disturbed by processes which do not follow these rules and split informations which are belonging together [04:49] hmm, but this is no good reason to put ldap into the kernel ;) [04:49] why ldap? a similar mechanism exists with processes already [04:51] hmm, okay so you want to 'add' a name to the context, which isn't changed while the context is living, and isn't reported back or used by any syscall, only the procfs, right? [04:51] or do you want that libc's execv() stores information about the arguments somewhere in /var, and ps reads them from there? [04:51] yes, procfs would be enough for this purpose [04:52] okay, if we pass this info on context creation, and it has some well defined length (about 16-64 chars) [04:52] I guess I can live with that ... [04:54] ok, that's fine with me [04:54] Bertl, any suggestions for a clean way to restore the visibility of /proc/virtual to the main context? [04:54] hmm, what is the issue there? [04:55] Bertl, nothing im just doing it for security precautions so there arent any stability issues [04:55] well I'm sorry I don't understand what exactly you are talking about, please elaborate ... [04:56] oh sorry [04:56] actually i think i know how i can do it easily but... [04:56] i want to make it so /proc/virtual access is restricted to ONLY the main server, not contexts. [04:57] for this purpose, there is the vx_permission() [04:57] this is actually one of my better ideas ;) [04:57] s/is/was/ [04:57] Bertl, ah [04:57] so my grep shouldnt be finding anything? [04:57] depends on how you set it up ... [04:58] basically every entry in /proc has two 'new' values ... [04:58] one is the xid, the other are the vx_flags ... [04:58] you know my vx_check()? [04:58] yea [04:59] okay, on every proc access, vx_check(xid, vx_flags) is done ... [04:59] yep i see that [04:59] xid and flags from the entry ... [05:00] so if you want an entry, that is accisble only from the HOST context ... just specify VX_ADMIN as flags ... [05:00] Bertl, so i will do this at the callback handler for the proc entry? [05:01] well, after the creation of /proc/virtual, you modify the vx_flags to VX_ADMIN [05:01] oh ok i see [05:01] easy enough [05:02] yeah, might be useful for /proc/mounts too ;) [05:03] does anybody know how jfs extended attributes are supposed to work? [05:20] hey Bertl, how stable is 1.3.3? [05:21] no xfs? [05:21] well I'm currently testing xfs ;) [05:21] and I guess xfs+ili is playing nice now ... after some bashing ... [05:22] ili? [05:22] Immutable Link(age) Invert ... [05:22] ah [05:22] would you like to test it, on xfs of course? [05:24] Bertl, i don't think i have a 2.4.24 xfs patchset :-\ [05:25] np [05:25] which means i have to wait on this machine anyway then :-p [05:25] I have 2.4.24-ck1 patch set ;) [05:25] because i can't do it without having an xfs kernel... [05:26] which includes xfs ... [05:26] Bertl, you can be sure that i'll probably be running ck1 [05:26] but again, i was attempting on that machine to go with 1.22 (stable) [05:26] MrBawb (abob@swordfish.drown.org) left irc: Ping timeout: 499 seconds [05:27] yeah, well 1.22 will not play nicely with ck1 ... because of the O(1) scheduler and other things ... [05:27] so i guess just don't worry about 1.22 [05:27] we just don't have a choice... [05:28] vs1.3.3 + ck1 on 2.4.24 is the only way to go at this point to get xfs AND linux-vserver [05:28] but I can assure you vs1.3.3 is pretty stable ... [05:28] not as stable as vs1.22 but ... I guess 2 more releases and we are on the finish line for 1.4 ... [05:29] s/finish line/home stretch/ [05:30] Bertl, will 1.4 be sane (1.4.x) or are you going to do the screwy 1.2x style with it? [05:30] yeah, I'm going to keep that screwy style ... [05:30] :-\ [05:30] how unsettling [05:31] hmmm [05:31] write_sysrq_trigger doesnt seem to check any sort of caps [05:31] oh maybe handle_sysrq does [05:31] infowolfe: but you are allowed to refer to 1.22 as 1.2.2, if you like to ;) [05:32] Bertl, the problem isn't with that, it's with grub :-p [05:32] Bertl, am i missing something or is sysrq_trigger a security issue inside of a context? [05:32] Bertl, can you give me an idea where to get the ck patches? [05:33] uhh? why grub? [05:33] I mean why is grub an issue, or why is it an issue for grub? [05:33] nathan_: hmm try it from within a context ... I never checked it ... [05:33] infowolfe, the ck patches are linked of linux-vserver.org [05:33] Bertl, it's an issue for me... having to think when copying configs over :-p [05:34] Bertl, where? [05:34] nevermnind [05:34] ah .. I see, well this would be totally different with lilo I guess ;) [05:34] Bertl, echo h > sysrq_trigger triggers the help inside of a vserver name enter with no extra caps [05:34] Bertl, it's a matter of vmlinux/vmlinuz naming [05:35] hey bertl? [05:36] umm, that link from the linux-vserver page has nothing to do with 2.4.24 [05:36] Bertl, would it be so unreasonable to force all write calls to /proc to a cap or strictly in the VX_ADMIN? [05:36] in fact, i'm not seeing any 2.4.24 patches on his site at all [05:36] infowolfe: 2.4.23-ck1 works well with 2.4.24 ... [05:37] ok [05:38] the vs1.3.3 patches are updated for 2.4.24 ... [05:39] Bertl, can you think of any case where a write to /proc would be done inside of a context? [05:39] thanks Bertl [05:39] nathan_: well, maybe all write to proc should be prohibited in vcontext ... [05:39] yea thats what im thinking [05:39] obviously nobody ever verified that ... [05:39] instead of having to poke around finding hazards/or having them introduced without notice [05:40] sysrq-trigger was new to me [05:40] let me finish the xfs stuff (about 5min) and we'll have a look at this issue ... [05:41] sure [05:42] hmm infowolfe: take a short break, I guess I'll release a new 1.3.4 in an hour or so ... [05:43] argh [05:44] AFTER i start the builds on 4 machines :-p [05:44] lol [05:44] sorry *hehe* [05:45] im sticking with 1.3.3 unless you have some fantastic or critical change :) [05:45] hey Bertl, would it be too hard for you to do a diff against the ck1-vs1.3.3 sources for a vs1.3.4 patch for me? (so i spend less time un-patching) [05:45] nathan_, it's mainly xfs related afaik [05:46] ah k no need for me then [05:46] nope, this is included in my service, called Incremental patches ;) [05:47] service? making me think i should figure out a way to pay you a salary Bertl, lol [05:47] ahh no problem, Ill give you my Bank Account number ... just a moment ,,, [05:47] lol [05:48] Bertl, let's see what happens with my "little lady" and me maybe moving to las vegas... [05:48] but you (all) should try to improve the kernel building procedure ... [05:48] if i get on there... and they fall in love with your software... it might just end up that they pay you for some customizations... (at my request) [05:49] Bertl, does 1.3.3 include q0 by default? [05:49] well, as long as the project stays free and everyone can make use of such customizations, I have no problem with that ... [05:50] the quota stuff isn't included, but no problem ... [05:50] hrm... since it seems to be included by default in the 2.4.24-ck1-vs1.3.3 [05:50] Action: infowolfe is going to go lay down for a moment [05:51] maybe ill start maintaining a grsec+ck1+vs+netconsole patch [05:51] Bertl, feel free to /msg me when 1.3.4 is out :-D [05:51] infowolfe: hmm, no only the vroot device is included ... [05:51] nathan_, mind if i ask what netconsole is? [05:51] nathan_: go ahead ... and write a howto, as I suggested, for netconsole ... [05:52] infowolfe, sends printks out the network [05:52] Bertl, yea [05:52] cool... [05:52] Action: infowolfe is lost [05:52] just trying to get my stuff sorted out before i take on anything extra [05:52] Action: infowolfe is going to lay down [05:52] infowolfe, combined with ipt_sysrq you almost have a serial console [06:07] sounds nifty [06:11] okay nathan, any ideas how to block the procfs writes? [06:13] nathan_: proc_file_write() would be a good start, I guess ... [06:15] hmm, could proc be mounted R0 ? [06:17] hehe, enrico? [06:17] ensc: we should make sure that proc for vserver is mounted ro ... [06:18] what do we gain from this? [06:18] well, did you try 'echo 1 >/proc/sysrq-trigger' recently? [06:19] or if you are bold, 'echo b >/proc/sysrq-trigger' from inside a vserver ;) [06:21] mmh, that would have saved me lots of time and I had not to dig for the do_brk() exploit... ;) [06:21] but are there any bad effects when /proc is read-only? [06:22] none I can think of ATM ... [06:22] we (you) should do an update on them tools ... what do you think? [06:30] Bertl, so was in the kitchen [06:30] Bertl, you are thinking mounting proc ro would do us? [06:30] did some fine cooking? [06:31] or just some fine eating ;) [06:31] beef jerky :) [06:31] tending to the beef hehe [06:31] Bertl, i did if (!vx_check(vx_current_id(), VX_ADMIN)) return -EPERM; [06:31] in proc_file_write but it didnt seem to catch it [06:32] hmm, well, that is actually a little superfluous ... [06:32] vx_check(0, VX_ADMIN) would be enough ... [06:32] Bertl, i just tested a remount,ro on the proc [06:33] but as I expected, many entries do not use this ... [06:33] works as expected [06:33] Bertl, yea, i was then thinking we wrap the write hook, but ro proc seems like a much cleaner solution [06:33] I guess enrico is still stunned by the fact, that a vserver host could go down so easily ;) [06:34] and nobody ever thought about it, except for you ... [06:34] mmh, this 'ro' attribute affects all /proc filesystems... [06:34] hmm, so ro once, means ro for all? [06:34] yep [06:35] guess we can fix this .. by faking the ro ... just what I wanted to hear ,) [06:36] afair, the sysrq kernel option is discouraged for secure systems [06:36] docu says 'Don't say Y  [06:36]  unless you really know what this hack does. ' [06:36] yeah, but what about limits? ever tried them? [06:37] which limits? [06:37] for example max processes [06:37] or max file handles ... are they safe? [06:37] (havent tried yet ;) [06:38] # echo 15000 >file-max [06:38] bash: file-max: Permission denied [06:39] they are covered by kernel caps [06:39] yea most are covered by the kernel caps [06:39] chcontext --ctx 100 echo "32768" > /proc/sys/kernel/shmmax [06:39] hmm forgot the secure ... [06:39] but wouldnt we be safe by just restricting the proc to ro in all the vservers by default? [06:40] what case does a vserver have where it needs to write to /proc? [06:40] yeah, and we do that ... [06:40] we make the RO flag depend on context ... [06:40] is that done by default in the scripts? or where? [06:40] later we can add a per context capability which weakens that ... [06:41] virtuoso (~shisha@ip114-115.adsl.wplus.ru) left irc: Read error: Connection reset by peer [06:41] no I mean, _we are going to do that_ right now ... [06:41] MrBawb (abob@swordfish.drown.org) joined #vserver. [06:44] oh ok [06:51] http://vserver.13thfloor.at/Experimental/proc_fix.diff [06:51] nathan_: try that one ... [06:53] k [06:55] hmm, seems not to work ... [06:55] I wonder why ... [06:57] ah works but only for mem/fd stuff ... [07:14] Bertl, what about a blanket solution to hook the writes in general? [07:14] hmm, please elaborate ... [07:16] so in proc_register we replace proc_fops with a vx function that checks permissions and then calls the original one [07:17] yeah, thought about that, but it requires proc_iops ... [07:17] and I don't know which driver/etc might overrida that one ... [07:17] hmm what do you mean it requires proc_iops? [07:18] proc_fops isn't good for permission checks ... [07:18] oh ok i was just thinking to hack it into the write but i guess that isnt ideal [07:19] include/linux/fs.h check iops vs fops ... [07:19] file_operations vs inode_operations ;) [07:20] yea i see what you are saying, the one i was suggesting wouldnt have been ideal and would have just failed the write() [07:20] ok so cant we do it with the iops? forget what i said about the fops [07:27] let me check something first ... [07:28] we are 'only' concerned about file entries, right? [07:29] yea id say so [07:30] let's see how many entries use modified iops ... [07:30] id say its just a layer of protection incase someone forgets the caps again [07:32] hmm, seems as if the iops are not used at all ;) [07:34] okay, I got two matches for replaced iops ... [07:35] yeah I guess that is the way we go ... [07:36] enrico? [07:37] ensc: do you see a way to check which entries are not protected by some capability? [07:37] no, sorry... [07:38] but I guess, there will not be very much such entries [07:38] okay, I would assume that the /proc/sys will be protected, right? [07:38] sysrq-trigger should be handled with a ctx==0 check probably [07:39] yes, everything else is a bug [07:39] the question is, shall we put a permission check on all unmodified /proc entries (unmodified means without custom inode ops) [07:40] and block write to them, when not in ADMIN context? [07:41] I would trust in the linux caps; the permissions should be adjusted so that you need special caps to modify entries [07:42] hmm, yes, but there actually are no permission checks ATM [07:42] I have something against the term 'ADMIN context' since this seems to be contradicting to an hierarchical vserver model [07:43] hmm, well it will become the HOST context then, I guess ... [07:43] I think sysrq-trigger is an exception... [07:43] it's a debug mechanism which should not be used in production systems [07:44] nathan_: have you found any other /proc entry which could cause troubles with chcontext --secure ? [07:45] hmm, what about the scsi system, add/removing scsi devices on the fly, could anybody test this? [07:46] Bertl, i havent looked for any others [07:46] that one just caught my eye because it was in the root and new [07:46] what about does your test server use scsi? [07:47] yea it does [07:47] i can poke around the scsi stuff [07:47] hmm do you know that magic combinations to add/remove scsi devices on the fly? [07:48] back when i had a compaq there were a bunch of user space utils much like the raidtools [07:48] i never did it via the proc interface [07:48] echo "add-single-device 0 0 0 0" >/proc/scsi/scsi IIRC [07:48] echo "scsi remove-single-device 0 0 6 0 " >/proc/scsi/scsi [07:48] this version actually ... [07:49] but do it with a bash [07:49] chcontext --secure /bin/bash [07:49] not with chcontext --secure echo .... [07:49] because this will succeed in any way ;) [07:50] if you have a cd rom on that bus, it should be easy to remove/add this without much troubles ... [07:50] root@plain [~]# echo "scsi remove-single-device 0 0 6 0 " >/proc/scsi/scsi [07:50] bash: /proc/scsi/scsi: Read-only file system [07:51] but but that proc isnt ro i dont think [07:51] Action: nathan_ scratches head [07:51] hmm .. did you add my patch? [07:51] it didnt chroot so that should be the root proc [07:51] Bertl, no [07:51] remount the procfs rw [07:51] which one? isnt it going to use the one off the root with --secure? [07:52] doesn't matter, it's a single fs so any remount will affect any other mount of proc [07:52] there is only one superblock for all procfs mounts ... [07:53] yea i realize this now [07:53] didnt know that [07:53] root@plain [~]# chcontext --secure bash [07:53] New security context is 49155 [07:53] root@plain [~]# echo "scsi remove-single-device 0 0 6 0 " >/proc/scsi/scsi [07:53] no error [07:53] but does that drop caps? [07:53] you have a cdrom? [07:53] on that scsi bus? [07:53] show me your cat /proc/scsi/scsi [07:54] the cdrom is ide [07:54] root@plain [~]# cat /proc/scsi/scsi [07:54] Attached devices: [07:54] Host: scsi0 Channel: 00 Id: 00 Lun: 00 [07:54] Vendor: FUJITSU Model: MAP3735NP Rev: 5605 [07:54] Type: Direct-Access ANSI SCSI revision: 03 [07:54] Host: scsi0 Channel: 00 Id: 01 Lun: 00 [07:54] Vendor: FUJITSU Model: MAP3735NP Rev: 5605 [07:54] Type: Direct-Access ANSI SCSI revision: 03 [07:54] root@plain [~]# [07:54] i was just testing for write access in general [07:54] hmm is this raid1 config? [07:54] no [07:54] just independent disks [07:54] i can remove id 1 [07:55] okay, is it possible to unmount the second disk? [07:55] yea its not mounted [07:55] okay your command should be ... [07:55] echo "scsi remove-single-device 0 0 1 0" >/proc/scsi/scsi [07:56] that will instantaniously remove your second harddisk ... [07:56] echo "scsi add-single-device 0 0 1 0" >/proc/scsi/scsi [07:56] will add it again ... [07:57] seems to be rejecting the input [07:58] okay, can you verify if this works on the host context? [07:59] yea it does [07:59] printks the add-single-device [07:59] okay, so this seems secure too ... [08:01] hmm im not seeing in the scsi code where it is protected [08:03] you know what, i think it was my vx_check that protected it [08:03] i dont think its secure [08:03] hmm, okay please verify that ... [08:05] Bertl, EPERM on write() [08:05] which is what my code did [08:06] so ill have to rip my code out and see if it lets me do it [08:06] i dont see anything in the code to prevent it but ill try it [08:10] Bertl, as expected, no cap checks. [08:10] my code was stopping it before [08:11] cause it used the generics [08:11] okay, could you make a diff of your changes? [08:11] Bertl, the ones that were stopping it before? [08:11] maybe we add some 'generic' checks where they don't hurt ... [08:11] yup, that one ... [08:12] the way i implemented was at the generic write() handler which i think is dirty, i think we should do it at the iops like you suggested [08:12] what do you think about just wrapping all the handlers to ensure that nothing creeps up in the future? [08:12] that way it will work across generic and custom [08:14] well, the issue is, there _are_ some drivers/entries using the iops ... and the others don't use them at all ... so if we add generic iops which protect the entries, it's sub-optimal ... [08:14] a) we hurt those entries which never use any write ... [08:14] b) we let those entries slip through who bring their own iops ... [08:15] hmm i think b would be covered [08:15] let me look at the code a little further [08:16] another approach could be to check the superblock(magic) on every inode access ... [08:16] I guess this way we could block every unwanted access ... [08:18] s/every/any/ [08:23] hmm my thought was we have a structure which contains an inode_operations which points to the original one and then we have our handler which handles the ones needed for the permissions [08:23] and if they pass we call the original functions [08:23] that would cover b but a would still be an issue [08:23] however, i dont know how we would store the original one in addition to our own hooks cleanly [08:24] i dont know if we could assume the layout of the structure and tack on our extra structure for ours and the original, just seems dirty. [08:25] im obviously thinking about a subclass in oo thinking [08:26] can we make assumptions about memory layout on all platforms with a struct { struct inode_operations ours; struct inode_operations original; }? [08:26] if i was in userspace id play around with it, you know better than i [08:27] nope, you could write wrappers for each and every iop, and put the original iops into the i_proc entry, but that is a mess ... [08:29] yea so that was my thinking for that, a hack at best i guess [08:30] do you agree that we need some sort of blanket solution though? [08:30] id be worried that someone else may introduce some proc files that dont use caps in the future [08:30] hmm, well, not sure ... [08:30] mount the proc ro, seems to do the trick ... [08:31] that kills access in the main context though? [08:31] so, if we could use this for blocking the proc access on a per context basis ... [08:32] wait ... I guess I have a useful idea ... [08:32] why not use this for general purposes? [08:32] we add a new superblock flag, RO_IN_VSERVER [08:32] and check for this on every filesystem ... [08:33] didnt you say the proc filesystems share a superblock? [08:34] yeah, but we do the ro check for this flag only if ctx != VX_ADMIN [08:42] where would that check be done? in the vfs code? [08:42] yeah sure ... [08:42] you can simply try it by using the inverted logic ... [08:42] sec [08:42] include/linux/fs.h [08:43] #define IS_RDONLY(inode) ((inode)->i_sb->s_flags & MS_RDONLY) [08:43] if you check here for [08:43] (((inode)->i_sb->s_flags & MS_RDONLY) && vx_check(0,VX_ADMIN)) [08:43] you'll get a RO which is only valid in context 0 [08:44] with !vx_check() [08:44] you get a RO which is only valid in ctx != 0 [08:44] now that isn't the solution I want implemented, but it demonstrates how this could work ... [08:44] yea i gotcha [08:45] of course we need a separate sb flag for that, and an extended check ... [08:46] the flag can be set like the tagxid flag and via remount ... [08:48] yea sounds reasonable [08:48] so this won't make it into 1.3.4, but I guess that's something for 1.3.5, right? [08:49] yea, im going to hold out to see this before i move that box over i was planning [08:49] seems rather critical [08:50] what is holding it back from .4? do you want to have a more complex(cleaner) implementation than the one you described above? [08:50] the above seems easy enough to do and test [08:50] actually I was hoping that you do some preliminary patch, and all I need to do is some cleanups ... [08:51] ;) [08:51] if you havent figured it out i should be in #kernelnewbies but i can do my best effort :) [08:52] hey, you did quite some kernel ahcking with vservers, right? [08:52] so add another mount flag which will flag it as being in a vserver context, and then insert the check at IS_RDONLY()? is that what we are shooting for? [08:52] hacking in the sense of reasonably figuring out how some of it works to make it co-exist with other patches [08:53] yeah, a flag besides MS_RDONLY, which should get a cute name ... [08:53] you can always rm my patch if its The Shitty :) [08:54] and it should first check for the flag, and then do the context checks, and only in IS_RONLY() places where we need it for proc ... [08:54] so make a separate check besides IS_RONLY ... [08:54] yep so the only loss will be a binary and for non-flagged filesystems [08:54] exactly! [08:54] sounds clean to me [08:55] what are you waiting for? ;) [08:55] vim is is active :) [08:56] when are you shooting for .4? [08:56] well, in about 5minutes 1.3.4 will be released ... [08:56] ok so im not going to make .4 :) [08:57] .5 it is [09:05] well actually you got a few more minutes, as I found a small bug ... [09:08] #define IS_RDONLY(inode) ((inode)->i_sb->s_flags & MS_RDONLY) || IS_VXRDONLY(inode) [09:08] #define IS_VXRDONLY(inode) (((inode)->i_sb->s_flags & MS_VXRDONLY) && !vx_check(0,VX_ADMIN)) [09:08] you guys are still at it? [09:08] wow [09:08] Bertl, on target? [09:08] sure ... [09:08] Action: nathan_ scratches head [09:09] so assuming it compiles and logic is right, i think its good? [09:09] sec [09:09] yeah looks good so far, now the places where to use it? [09:10] Bertl, arent we going to get that for free? [09:10] isnt IS_RDONLY littered around the code where needed? [09:10] ah, okay missed that one, well ... [09:11] actually I would _not_ do that, lets see where IS_RDONLY is used ... [09:13] i can scatter it around open.c/namei.c [09:14] hmm would just vfs_permission() be sufficient? [09:15] nope ... [09:15] that one failed at me in the first place ... [09:15] hmm, maybe I just did something wrong then ... [09:15] try it out! [09:16] you did proc_permission? [09:16] yeah [09:16] Bertl, you test in qemu? i think i remember you mentioning that [09:17] yes, I do [09:19] Bertl, just out of curiosity, why didnt you want to do it at IS_RDONLY() level? [09:20] well, that is the sledge hammer method ... and it add some overhead, because you get the code for the vx_check() if you want or not ... [09:21] yea but it is a global superblock flag, seems to me it should be there for consistency [09:21] well, we do not need checks, we do not need ;) [09:22] yea :) [09:23] where are we going to set the flag btw? [09:23] but OTOH, you are right, that if we want to use this feature for general RO purposes, we have to do it in any RDONLY case ... [09:23] yea, i was thinking as general as possible. [09:24] but primary focus is the procfs for now, well check the actual overhead later, and see if we can 'generalize' that ... [09:24] id say the overhead is negligible, but i code in userspace 99.99% of the time [09:24] if the penalty is notably, we'll make it a compile time option ... [09:25] i take it we will need another userspace util-vserver program to remount and set that flag? [09:25] unless there is some way to do it with the standard mount that i dont see [09:26] nope, not required ... have a look at my quota code ... [09:26] this uses the context tagging option tagctx/tagxid ... [09:28] oh yea i see that [09:31] ok make me feel stupid, i see references to the tags on google, but which patch is it in? [09:34] sigh found it [09:34] i always forgot about the links at the top right of the website [09:34] not very intuitive :/ [09:37] Bertl, you did that in the ext2 parse_options, where will i do it on a global level? [09:37] short of parsing it in fs/super.c somewhere? [09:37] or just hack it into proc? [09:38] guess proc works for now if we arent going to do it at the IS_RDONLY level anyway [09:40] okay my connection was failing, I'm back now ... [09:40] assossorry my connection seems to break down ... atm . [09:40] cool! [09:41] that was what I wrote about 3 minutes ago ... [09:41] lets hear it for tcp! [09:42] yeah sounds good what I read there ... [09:42] hmm, I only did it for ext2?! [09:43] I have to look at that code again ... I guess ... [09:43] unless i miseed something? [09:43] ext3 too sorry [09:43] least on the one im looking at patch-2.4.22-vs1.20-q0.12.diff [09:44] Bertl, if i were to pass sb_flags as a third param to the proc parse_options, good or bad idea? [09:44] I was sure that jfs and reiser was included ... well ... [09:45] let me take a look at the code ... [09:46] what is that function called again? [09:46] proc_read_super->parse_options [09:47] in fs/proc/inode.c [09:51] hmm, seems as if it isn't possible to hold my connection for much longer ... [09:52] okay, guess 1.3.4 and this has to wait ... [09:52] ok no prob [09:52] cu ... later ... [09:52] ive got what i think is a working/decent implementation [09:52] ill talk to you tomorrow [09:52] night [09:52] ok, thanks for everthing ... [09:52] Nick change: Bertl -> Bertl_zZ [10:00] Simon (~sgarner@apollo.quattro.net.nz) joined #vserver. [10:33] noel_ (~noel@pD9FFAE1C.dip.t-dialin.net) joined #vserver. [10:41] noel- (~noel@pD9FFA51C.dip.t-dialin.net) left irc: Ping timeout: 504 seconds [11:07] virtuoso (~shisha@ip114-115.adsl.wplus.ru) joined #vserver. [11:33] wow [11:33] fast patches you have :) [11:33] (patch against 2.4.24) [11:34] I was expecting to use 2.4.23 and tweak it, if required [11:34] but I go now with 1.22 + vserver tools @work [12:00] loger joined #vserver. [12:08] _MedivhWrk (ck@netops.multimedia-centrum.de) joined #vserver. [12:08] MedivhWrk (ck@netops.multimedia-centrum.de) left irc: Read error: Connection reset by peer [12:08] Nick change: _MedivhWrk -> MedivhWrk [12:58] irmin (~irmin@lake.ptc.spbu.ru) left irc: Ping timeout: 480 seconds [13:03] kestrel (~athomas@dialup51.optus.net.au) joined #vserver. [13:11] irmin (~irmin@lake.ptc.spbu.ru) joined #vserver. [14:12] Simon (~sgarner@apollo.quattro.net.nz) left irc: Quit: so long, and thanks for all the fish [14:38] ensc (~ircensc@ultra.csn.tu-chemnitz.de) left irc: Ping timeout: 480 seconds [14:38] ensc (~ircensc@ultra.csn.tu-chemnitz.de) joined #vserver. [15:00] Bertl_zZ: how do you call your kernel suffix? [15:00] Bertl_zZ: -ctx -vserver -vs1.22 ? [15:01] Bertl_zZ: -2-1337-4-Y [15:11] meebey: :) [15:12] meebey: Did you manage to solve those problems with vserver-utils and experimental 2.6 patch? [16:02] no, I didnt have more time for testing/debugging [16:09] so what suffix do you use? [16:09] -vs1.22 seems to be the official suffix [16:20] meebey (meebey@meebey.net) left irc: Remote host closed the connection [16:25] Doener_zZz (~doener@p5082DFF3.dip.t-dialin.net) joined #vserver. [16:33] Doener (~doener@pD9E12F73.dip.t-dialin.net) left irc: Ping timeout: 492 seconds [17:08] tanjix (~tanjix@p5091FB5D.dip.t-dialin.net) joined #vserver. [17:12] serving (~serving@213.186.191.79) left irc: Ping timeout: 480 seconds [17:30] ccooke (~ccooke@spark.gkhs.net) joined #vserver. [17:31] Morning [17:53] hello [18:26] tanjix (~tanjix@p5091FB5D.dip.t-dialin.net) left irc: Ping timeout: 492 seconds [19:03] serving (~serving@213.186.189.203) joined #vserver. [19:05] Is anybody using 1.2.2 in production? [19:08] Any problems to report? Instabilities? What is your best uptime with 1.2.2? [20:01] Nick change: Bertl_zZ -> Bertl [20:01] hi everyone! [20:03] Linux phoenix 2.4.23vs1.22 #1 SMP Sun Dec 14 17:11:34 CET 2003 i686 unknown [20:03] 18:04:09 up 23 days, 29 min, 1 user, load average: 0.00, 0.01, 0.00 [20:03] 11 vservers [20:26] zoiah@nevaljashka:~$ uname -a [20:26] Linux nevaljashka 2.4.24-ow1-vs1.22 #1 Mon Jan 5 15:27:26 CET 2004 i686 unknown [20:26] zoiah@nevaljashka:~$ uptime [20:26] 18:22:58 up 1 day, 2:43, 2 users, load average: 0.45, 0.42, 0.26 [20:26] zoiah@nevaljashka:~$ [20:26] 3 vservers or so. :) [20:27] ow1 is open wall, right? [20:29] 17:30:08 up 28 days, 2:49, 1 user, load average: 0.30, 1.00, 1.27 [20:29] (on ten servers in a live, production environement with about 1meg/sec traffic between them) [20:29] and: damn, I get to reboot them all tomorrow [20:29] bah. [20:29] wow [20:30] 10 servers this is vs1.22 ? [20:34] hey bert [20:34] hi nathan_! [20:34] net connection healthier today? [20:34] yup seems so ... [20:35] bertl: yes? [20:35] great! [20:38] but I'll have to leave in about 20 minutes ... [20:38] I'll be back around 0:30 CET then ... [20:40] can I ask a quick question? [20:40] sure! [20:40] what's in the current development series? [20:40] Bertl, btw does 1.3.4 have the proc/virtual cleanup? [20:41] I've been trying to find solid stuff on the changes, to see if I have any worries ahead :-) [20:41] see, I've had to update the kernels on my servers quite a bit lately, and I'd be very happy if I can prepare for anything odd in the next vserver release sooner... [20:42] Action: ccooke tries to work out how many servers he's actually running vserver on... *grin* [20:43] hehe I answer this as one question: http://www.linux-vserver.org/index.php?page=ChangeLog [20:43] I've seen that [20:43] ccooke: but in general the 'stable' series tries to stabilize vserver further [20:44] and the development series brings new features ... [20:44] Bertl, yea i just wasnt sure if that was comprehensive, but if it is then ok :) [20:44] features in 1.3 over 1.2 are: [20:44] - ck1 patches [20:44] + O(1) scheduler [20:44] + Preemtive Kernel [20:44] + Low Latency [20:44] (let me see... 10 webservers in a cluster, 4 sql servers in a cluster, two test web servers, two mail servers, two VPN boxes. So, 19) [20:44] + XFS support [20:45] - nproc is working with static contexts [20:45] - interface changes and codecleanups [20:46] -,+ being markers not sub/add [20:46] right [20:47] so, nothing huge [20:47] the next 'stable' release probably will be similar to vs1.22 [20:47] this is good. [20:47] but hopefully with a lot of fixes ... and probably with some new features ... [20:47] Is anyone else using vserver for production stuff? [20:48] I would say about 60% of the community is using it in production ... [20:48] some of them, still stick with ctx13 ... [20:48] hmm seems my patch is not working [20:49] not sure if the flag is being set correctly [20:49] do not worry, we'll fix it ... put some printks around ;)=) [20:49] yea im about to [20:50] ccooke: what would you like to see in vserver in the next stable release? [20:51] bertl: nowt, in honesty [20:51] it does everything I need right now [20:51] new stuff I *might* use [20:51] but... I don't *Require* anything that's not already there [20:51] okay, so you would like a 1.23 better, right? [20:52] actually, I'd love 1.22 to be stable and bug-free enough to not need a 1.23 ever ;-) [20:52] hmm, well, we did find some bugs in 1.22 and we are trying to fix them ... [20:53] one thing is, I'm probably safe from most of the bugs [20:53] there are only two to four contexts running on my servers [20:53] and the switch *Very* rarely [20:53] it seems that 1.22 is safe on UP, regarding the races, and on SMP if you do not bash on the procfs ... [20:54] hmm [20:54] okay, I'd need something there [20:54] 1.22 may have some local security issues as well if someone has root in a context [20:54] when is 1.23 likely to be out? [20:55] depends, the procfs issues are not resolved yet, but I'm working on it ... need a major rewrite ... [20:55] ccooke, smp? [20:55] nathan: mostly [20:55] ah [20:56] well, the locking seems okay now, but the procfs seems not SMP safe ;) [20:56] (as in - the webservers are either dual or quad machines, all of them) [20:56] ccooke, if it makes you feel any better, the race has a pretty small window and may happen very rarely in the real window if someone is not trying to hit it [20:56] well, *That*'s good... [20:57] well, they've run for a month with no trouble [20:57] that's one thing [20:57] ccooke, if you were go go while true; cat /proc/*/status & done right now, you may blow away the box. or even an infinite ps -auxw [20:57] ccooke, but short of that its going to be very rare [20:58] right [20:58] bert would know better than i but i dont know of any smp crashes that have been reported on the issue [20:59] okay. [20:59] still, worrying. [20:59] damn, I need to get back into C [20:59] it's been years since I did much [21:00] it seems, that with the current approach, we can limit the window further (as done in development releases) but we can not eliminate it ... I'm working on a different approach, which should eliminate it once and for all ... [21:01] heh. Actually, yes - there is something that I could like in a subsequent vserver release. but I suspect it's too much time and trouble [21:01] that is: splitting the utils into low and high level stuff [21:02] you have to talk with enrico about that, guess he will listen ... [21:03] tanjix (ViRu_@pD9049C23.dip.t-dialin.net) joined #vserver. [21:03] hi [21:03] this is basically because there are the actual vserver *tools* - chcontext, chbind - and some support stuff - say, vtop... [21:03] alpha branch rpm's are splitted into -core and -build subpackages ;) [21:04] else, it should be easy to write other, independent tools, since util-vserver provides a libvserver library [21:05] yeah [21:05] the basic thing that is annoying is that I use chbind and chcontext, but not the vserver build tools [21:06] chbind and chcontext are in -core [21:06] and all the stuff like vtop require the verserver build tools [21:07] vtop is in default 'util-vserver' package; -build contains e.g. vapt-get, vrpm and metadata of the various distributions [21:09] well now im confused, parse_options() never seems to be called [21:15] Bertl: Can you explain this? and on SMP if you do not [21:15] bash on the procfs ... [21:15] What do you mean with "bash on the procfs"? [21:16] nathan: What do you mean by "infinite ps -auxw"? [21:16] netrose, he means bash on procfs as hit it hard, stress it. [21:16] netrose, simply an example that would tax the proc code [21:16] netrose, anything that reads status infinitely will eventually hit the bug (smp). [21:16] as in: read it a gazillion times per minute? [21:16] essentially [21:17] exactly! [21:17] the problem is, this race exists in every version .. and it is between context destruction and proc access [21:17] But if it's being read maybe once every 1 minute, would that be a problem? [21:17] so you ahve to have a dying context and a reading proc access on the same context info... very unlikely [21:18] bertl: ahhhhh [21:18] netrose, sure, if its read 1 every 90 years it could be a problem. just lower probability. [21:18] so the smp bug is related to context destruction? [21:18] yup [21:18] right, that'd be why I never see it [21:18] I see. But this means that it would only happen if a context is being shut down? [21:18] yeah exacty ... [21:19] Well, then, probably noone will ever see it. [21:19] I almost never shut down any context. [21:19] I don't think the contexts I use ever get destroyed - unless you're referring to something lower-level? [21:19] in the test scenarion, which trigger this race, we have a forkbomb spawning 1000 contexts per minute ... [21:19] and a permanent access to the procfs ... [21:19] How can you do that. Starting up a context takes about 30 seconds at least. [21:19] netrose: no. [21:20] a vserver not a context ;) [21:20] Oh, sorry. [21:20] a context is a low-level concept [21:20] Yes, I understand. [21:20] So, what tools/apps are reading the /proc fs? [21:20] ps, top [21:21] uptime? ps? [21:21] uptime and ps on the host will not interfere ... [21:21] netrose, its the ones that hit files which trigger vx code that must be worried about. [21:21] vtop, vps could ... [21:21] netrose: pretty much everything that reports system status uses the proc fs these days [21:21] who can assist shortly? i think the vserver-utils in their latest version don't work correctly [21:21] okay have to leave now .. cu at 0:30 CET ... [21:22] Nick change: Bertl -> Bertl_oO [23:41] meebey (meebey@meebey.net) joined #vserver. [23:41] re [23:41] Bertl_oO: ping [23:41] hhmm please fix topic! :) [23:41] /topic http://linux-vserver.org/ || latest stable 1.22, devel 1.3.4, exp 0.04 [23:45] stubbsd (~stubbsd@public2-birk1-6-cust242.manc.broadband.ntl.com) joined #vserver. [23:57] Bertl_oO, when you're back... i'm getting something bad with ck1-vs1.3.4 [00:00] --- Wed Jan 7 2004