[00:00] being blind it also not nice ;> [00:02] x86, amd64, alpha, ppc, sparc - are all know to be not broken at least with vserver? [00:03] well, untested, because I have no hardware to test it on ... [00:04] but if there are issues, they should be minimal ... [00:07] Action: arekm is building 2.6.2bklatest with vserver [00:08] CC [M] fs/ext3/inode.o [00:08] fs/ext3/inode.c:2447: error: redefinition of `ext3_truncate' [00:08] fs/ext3/inode.c:2118: error: `ext3_truncate' previously defined here [00:08] fs/ext3/inode.c: In function `ext3_truncate': [00:08] fs/ext3/inode.c:2450: warning: implicit declaration of function `ext3_truncate_nocheck' [00:11] hmm, which bk version is that? [00:11] do you have an url for the patch at hand? [00:11] latest, but not really bk - http://www.kernel.org/pub/linux/kernel/v2.5/testing/cset/ patch is here [00:12] is this a modified 2.6.2-rc1 ? [00:13] that's 2.6.2-rc1 + latest patch from bk (url above) [00:14] anyway your 2.6.2-rc1 doesn't have ext3_truncate() in inode.c? mine has quite huge function [00:16] hm, darned, I really got to learn how to use vim again [00:16] whats the command to erase lines from line 100 to 1000? [00:17] it might be that ext3 doesn't have the required stuff yet ... [00:17] could you provide your .config? [00:19] Bertl: I don't get it. There is ext3_truncate() already in fs/ext3/inode.c in vanilla 2.6.2rc1 (just checked to be sure). vserver patch adds second (much shorter) ext3_truncate() [00:19] yes, I can [00:19] click: 100G900dd [00:20] arekm: yes, but it renames the ext3_truncate, to ext3_truncate_nocheck() [00:20] (or at least it should ;) [00:21] uhm [00:21] it does [00:22] bert, it's done [00:23] Bertl: it does that but only for ext2, seems that this part for ext3 is missing [00:24] grep truncate patch-2.6.2-rc1-vs0.05.diff shows that [00:24] maybe I missed it ... it's only a few hours old ;= [00:25] post new one, please :-) [00:26] where did you say was your .config again? [00:27] http://www.t17.ds.pwr.wroc.pl/~misiek/rozne/config-up [00:37] <_shuri> humm [00:37] <_shuri> fs/fs.o: In function `proc_virtual_readdir': [00:37] <_shuri> fs/fs.o(.text+0x27b14): undefined reference to `__cmpdi2' [00:37] <_shuri> fs/fs.o(.text+0x27b2b): undefined reference to `__cmpdi2' [00:37] <_shuri> fs/fs.o(.text+0x27b3e): undefined reference to `__cmpdi2' [00:37] <_shuri> fs/fs.o(.text+0x27b57): undefined reference to `__cmpdi2' [00:37] <_shuri> fs/fs.o(.text+0x27b6e): undefined reference to `__cmpdi2' [00:37] <_shuri> make: *** [vmlinux] Error 1 [00:38] <_shuri> patch-2.4.25-pre7 [00:38] <_shuri> patch-2.4.25-pre7-vs1.3.6.diff [00:39] looks good ... almost like some math in the kernel ;) [00:39] arekm: okay, is fixed, just checking for other issues with your config ... [00:40] Doener_zZz (~doener@p5082DE34.dip.t-dialin.net) joined #vserver. [00:48] Doener`` (~doener@pD9E121A4.dip.t-dialin.net) left irc: Ping timeout: 480 seconds [00:49] _shuri (~shushushu@vserver.electronicbox.net) left irc: Quit: changing servers [00:50] _shuri (~shushushu@3ffe:bc0:8000::5bb) joined #vserver. [00:59] arekm: still compiling, but looks good ... [01:03] my config has almost everything possible in modules so it will compile long time [01:03] I can upload the patch so far, if you want to? [01:04] sure I want [01:04] incremental or new patch? [01:05] new [01:09] http://vserver.13thfloor.at/Experimental/patch-2.6.2-rc1-vs0.05.1.diff [01:18] building [01:19] still building here ... [01:25] Action: arekm needs some tool to diff diffs :) [01:26] let me know if you find a good one ... [01:33] noel- (~noel@pD9FFA8C3.dip.t-dialin.net) joined #vserver. [01:35] arekm: okay, compile finished here ... [01:38] no unresolved symbols in depmod? [01:38] well, I didn't install it ... [01:38] make finished without any complaints ... [01:40] noel (~noel@pD9E09913.dip.t-dialin.net) left irc: Ping timeout: 504 seconds [01:44] miller7 (none@213.239.180.106) left irc: Ping timeout: 480 seconds [01:51] make modules_install INSTALL_MOD_PATH=/tmp/somewhere [01:52] depmod --basedir /tmp/somewhere -ae .... [01:56] do I have to? ;) [02:31] ugh, no free space, build failed, starting again :/ [02:31] hehe .. [03:24] Nick change: Bertl -> Bertl_oO [03:41] finally, finished building [03:46] monako (~monako@ts1-a9.Perm.dial.rol.ru) joined #vserver. [03:56] monako (~monako@ts1-a9.Perm.dial.rol.ru) left #vserver (×ÓÅÍ ÐÏËÁ ... good bye all ...). [04:01] anyone having problems with ftp? [04:02] i can't connect to a remote ftp server from inside my vservers [04:02] that is, i get the main connection, but the data connection fails: [04:02] Could not bind the data socket: Cannot assign requested address [04:03] Bertl: which vserver utils are ok for 2.6? [04:09] that's no firewall issue, the vserver host can connect and get data, but the vserver fails on active and passive mode [04:11] ip a shows correct ip address? [04:12] (just guessing, not used vserver yet) [04:12] ip what? [04:12] but yes, everything else works fine [04:12] ,,ip a'' [04:13] oh. this shows an IPv6 address which should not be there [04:13] or... [04:14] no, i just misread the output [04:14] 2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000 [04:14] link/ether 00:0e:a6:1e:8a:b4 brd ff:ff:ff:ff:ff:ff [04:14] inet 10.0.0.203/24 brd 10.255.255.255 scope global secondary eth0:kyra [04:14] looks fine to me [04:15] strace -o file -f -F ftpcommand [04:15] then grep bind file [04:15] hhhhm [04:15] bind(5, {sin_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("10.0.0.2")}}, 16) = -1 EADDRNOTAVAIL (Cannot assign requested address) [04:16] so it tries to bind to wrong address, no idea why [04:16] it should not bind to .2, that is the vserver host, not the vserver [04:18] i think this is the source part: [04:18] addrp->sin_port = 0; /* Let system pick one. */ [04:18] result = bind(sockfd, (struct sockaddr *) addrp, sizeof(struct sockaddr_in)); [04:19] how addrp is filled/initialized [04:19] htons 0 causes random port to be choosen afaik [04:19] well, not really random [04:19] yes, it should bind to an ephemeral port. [04:20] addrp initialization is interesting [04:20] i'm searching the call to that function, addrp is given as an argument to it... [04:36] i'm not totally sure i read this in the right direction, but i think the kernel returns the wrong address here: [04:36] getsockname(4, {sin_family=AF_INET, sin_port=htons(36714), sin_addr=inet_addr("10.0.0.2")}}, [16]) = 0 [04:38] Nick change: Bertl_oO -> Bertl [04:38] this is the main connection, which should start at .203, not .2: [04:38] tcp 0 0 10.0.0.2:36745 212.227.127.72:21 ESTABLISHED [04:38] hmm, seems like I missed quite some stuff ;) [04:39] btw, my ssh connections start at .2, too. [04:39] could somebody bring me up to date? [04:39] Bertl: wrt my problem? *-) [04:39] well, sounds interesting, whatever it is?! [04:40] ah. [04:40] is it vserver related? at least somehow? [04:40] ok: i can't get a ftp data connection to a remote ftp server from inside my vserver [04:40] connecting from the vserver host works fine [04:40] bertl, do you know the correct procedure for the grsec patches and vs? [04:41] youam: hmm, lets start with the basics, kernel version, patches, and tools? [04:41] click: well grepmaster provided patches for grsec patches .. IIRC [04:42] well, tried that, but it didn't patch nicely into the kernel it seems [04:42] mioght be that I mocked up somewhere [04:42] might be that the kernel version isn't the one the patches where done for ? [04:43] Bertl: debian kernel source 2.4.24, patch is vs1.22, vserver is 0.29 [04:43] okay, is there a chance for you that you use util-vserver instead of vserver? [04:43] s/0.29/0.27/ [04:43] bertl: 2.4.24 from kernel.org [04:43] Bertl: yes, i do [04:44] ah okay ... good ... [04:44] http://vserver.13thfloor.at/Stuff/testme.sh [04:44] this on the host works? except for one? [04:45] 201 failed, rest ok [04:45] okay [04:45] your vserver setup/config is? [04:45] (for that vserver) [04:46] i hope so. something special which has to work? [04:46] grsecurity-1.9.13-2.4.24-vs1.24.patch [04:46] grepmaster [04:46] ojn (~olof@cs6625217-161.austin.rr.com) left #vserver (Leaving). [04:46] this is the full edition I hope... *testing* [04:46] erm. misparsed your question [04:46] youam: okay, any chance I could have a look at it? [04:46] Bertl: sure. [04:46] one sec [04:48] https://hydra.youam.de/vservser.conf / https://hydra.youam.de/vserver/ [04:48] anything else? [04:48] let me have a look at it ... sec [04:49] oh. https://hydra.youam.de/vservers/ https://hydra.youam.de/vservers.conf are the real links [04:51] which one is the one you are trying to ftp from ... [04:51] kyra [04:51] ooh... could it bethat i have to replace "eth0" into "eth0:kyra"? [04:52] do you setup the ip yourself for that vserver? [04:53] nope, they apear automagically: [04:53] eth0:kyra Link encap:Ethernet HWaddr 00:0E:A6:1E:8A:B4 [04:53] inet addr:10.0.0.203 Bcast:10.255.255.255 Mask:255.255.255.0 [04:54] the file which controls network setup on debian contains only the .2 for the host and nothing at all for the vserver [04:54] sec [04:56] okay, inside the vserver, which address are your trying to reach? [04:57] nope, changing to eth0:kyra doesn't help [04:59] i'm trying to connect to ftp.debian.org from kyra (10.0.0.203) but it tries to bind() to 10.0.0.2 for the data connection as getsockname returns 10.0.0.2 as the local IP for the main connection [04:59] who is doing the masquerading/nat stuff? [05:00] 10.0.0.1, which should be transparent to this as it's another box [05:00] okay, so you have a default route to 10.0.0.1 and a separate box there ... [05:00] yep [05:01] okay, could you do a tcpdump on that router? [05:01] sure, one sec [05:04] https://hydra.youam.de/vserver.dump is the connection reply, i'm installing ethereal.. [05:04] bertl: btw, any way to hide the 'up'ed interfaces on the root-server? [05:04] s/reply/try/ [05:05] bertl: would stop identd running on the root-server binding to the ip's that the vservers allocate [05:05] youam: umum, maybe a readable ascii version ;) [05:05] Bertl: tcpdump -r vserver.dump :) [05:06] or https://hydra.youam.de/vserver.asc [05:09] hm. a bit complicated to read because all packets are shown for both incoming and outgoing interface on the router [05:09] but the connection is coming from the vserver /host/, not the vserver itself [05:12] 03:01:08.132208 10.0.0.2.36767 > 128.101.80.131.21: . ack 1 win 5840 (DF) [05:12] that looks goot to me? [05:12] s/goot/good/ [05:12] nope. it should be 10.0.0.203, not 10.0.0.2 [05:12] okay, got it ... [05:13] what does ifconfig show inside the vserver? [05:13] outch?! [05:13] bertl: only the ip it has [05:14] eth0 Link encap:Ethernet HWaddr 00:0E:A6:1E:8A:B4 [05:14] UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 [05:14] .. [05:14] bertl: i was more thinking of the root-servers ip's [05:14] eth0:kyra Link encap:Ethernet HWaddr 00:0E:A6:1E:8A:B4 [05:14] inet addr:10.0.0.203 Bcast:10.255.255.255 Mask:255.255.255.0 [05:14] it should not show eth0 there?! [05:14] hmm, interesting, let me see if I can reproduce this ... [05:14] hmm, you didn't enable ipv6, did you? [05:15] i did try, and it was enabled when i setup the box, but as it did not work i disabled it. the ipv6 module is not loaded [05:16] but it is enabled in the config, right? [05:16] okay, I'll check, brb [05:16] wouldn't know where [05:16] oh, you mean the kernel config? yes, i /could/ modprobe it [05:22] hm.... /all/ connections to remote (as in "not to $(hostname)", which connect to 10.0.0.203) origin at 10.0.0.2 [05:26] 03:27:39.268043 52:54:0:12:34:56 ff:ff:ff:ff:ff:ff 0806 60: arp who-has 10.0.0.1 tell 10.0.0.100 [05:26] 03:27:39.268133 0:ff:ed:8a:9c:b6 52:54:0:12:34:56 0806 42: arp reply 10.0.0.1 is-at 0:ff:ed:8a:9c:b6 [05:26] 03:27:39.272183 52:54:0:12:34:56 0:ff:ed:8a:9c:b6 0800 74: 10.0.0.100.1024 > 192.35.244.50.21: S [tcp sum ok] 1708609764:1708609764(0) win 5840 (DF) (ttl 64, id 16562, len 60) [05:26] 03:27:42.260829 52:54:0:12:34:56 0:ff:ed:8a:9c:b6 0800 74: 10.0.0.100.1024 > 192.35.244.50.21: S [tcp sum ok] 1708609764:1708609764(0) win 5840 (DF) (ttl 64, id 16563, len 60) [05:26] this is how it looks here, with the following sequence ... [05:27] ifconfig eth0 10.0.0.2 netmask 255.255.255.0 [05:27] ifconfig eth0:XXXX 10.0.0.100 netmask 255.255.255.0 [05:27] route add default gw 10.0.0.1 [05:27] chbind --ip 10.0.0.100 /tmp/lftp [05:27] youam: could you try similar on your host with 203 instead of 100 ? [05:28] wooha [05:28] bertl, any fixes on 1.24 that I should be aware of? [05:28] from the release ver? [05:29] grsec+vs 2.4.24 compiled nicely [05:29] Bertl: (where) should i run the ifconfigs? [05:30] on the host ... [05:31] just configure an unused ip, so you only need [05:31] ifconfig eth0:XXXX 10.0.0.100 netmask 255.255.255.0 [05:31] doing that [05:31] for example ... [05:31] the default route and other ip should be the same ... [05:31] and again, check with tcpdump on the router ... [05:33] default route was set, local ip was set, so i didn't change anything there. this are the commands i ran, error stays the same: [05:33] ifconfig eth0:XXXX 10.0.0.100 netmask 255.255.255.0 [05:33] chbind --ip 10.0.0.100 ncftp ftp.debian.org [05:34] log is in https://hydra.youam.de/vserver2.asc and .dump, [05:35] hm. looks like a broken chbind() [05:35] bertl: where's the max-ip limit located on the vs-kernel? [05:35] max ip's for vservers that is [05:41] youam: okay, that differs from my results, question now is why ... [05:41] click: search in the vserver patch for a #define and 16 [05:42] youam: you mentioned debian kernel? [05:43] yes, i'm running a kernel based on kernel-source-2.4.24-1 plus vs1.22 [05:43] could you try with a vanilla 2.4.24 kernel? [05:43] the diff's between the debani kernel and a vanilla are about 2mb, i'm looking for something which could make problems there [05:44] DMA is broken with a vanilla kernel for me, but for testing: sure [05:45] is chbind a kernel syscall? [05:47] for the sake of equal versions, i'm using vs1.22, not vs1.24 [05:52] hmm, okay ... [06:05] bertl: +#define NB_S_CONTEXT 16 [06:05] +#define NB_IPV4ROOT 16 [06:05] which one :D ? [06:05] ipv4root? [06:06] (stupid question tho'... as its that define that controls max ip's bound to a context :/) [06:06] sorry, nevermind, just me being a bit fed up with some stupid kiddie oper on another net [06:13] sorry, just being a little busy right now ... [06:17] click: okay, you want to raise it to what value? [06:17] moving the shellusers to a single vserver. most probably I'll need at least 200 ip's allocated in a single vs [06:18] hmm, IIRC, I suggested last time to modify the matching algo for that purpose ... [06:18] hm, yeah, binding it into an array or smth [06:19] yeah, basically a mask would be sufficient for your purpose ... [06:19] or maybe even better, a range .-.. [06:19] yup [06:19] thats the best one actually [06:19] you could do that with a simple trick ... [06:19] all ears! [06:19] :) [06:20] without changing the interface and userspace tools ;) [06:20] but you would have to either setup _all_ your interface by hand ... [06:21] or write some addon tool, which does it for you ... [06:21] well, the interfaces is just a short 'for i in $(seq.... [06:22] yes, but also for 'other' servers you have to do the setup ;) [06:22] basically the idea is to check for ranges per se ... [06:22] so 192.0.0.1 is an ip [06:23] 192.0.0.1, 192.0.0.5 is a range . [06:23] 192.0.0.1, 192.0.0.5, 192.0.0.8 is a range + one ip [06:23] 192.0.0.1, 192.0.0.5, 192.0.0.8, 192.0.0.16 are two ranges ;) [06:24] so if you want 3 ip's you would have to assing 2 ranges and a separate ip ... [06:24] do you understand? [06:24] mhm, no probs, the thing is that we'll allocate .11 to .200 anyway into a single vs [06:25] so that part is not a problem, as we're not splitting up any blocks [06:25] that is no problem, would be 192.0.0.11, 192.0.0.200 [06:25] yup [06:25] but if you want 3 ip's on another server, you have to provide at least 5 addresses ;) [06:26] hm, in the respective servers config, and without making an overlapping ip? [06:26] 192.168.0.11, 192.168.1.200 in vs1 [06:26] yup [06:27] hm, thats a trickier one [06:27] no problem there ... [06:27] it's always a range [06:27] all ips are mapped to a uint32 ... [06:27] 192.168.0.201, 192.168.1.203 in vs2 wouldn't work then... [06:28] if i read you correctly [06:28] as I would need a delimiting ip inbetween [06:28] would work, both would be allowed to use 192.168.0.201 - 192.168.1.200 [06:28] hm... [06:28] (if you example was intentional ;) [06:29] mm, not quite. [06:29] vs1 uses 11-200 [06:29] okay look at it like this: [06:29] vs2 201-203 for instance [06:29] ip = a.b.c.d okay? [06:29] vs3 204-210 [06:29] yup [06:30] now F(ip) = ((a * 256) + b) * 256 + c) * 256 + d [06:30] or F(ip) = (a << 24) | (b << 16) | (c << 8) | d [06:30] mhm [06:30] whatever you prefer ;) [06:30] now we got ip1, and ip2 [06:30] a b or c nets [06:30] yup [06:31] back [06:31] click: and the check would simply do for a give ipX [06:31] looks like everything still is the same [06:31] if F(ip1) <= F(ipX) <= F(ip2) , then allow access ... [06:32] youam: so 2.4.24 (vanilla) + 1.22 gives the same results? [06:32] hm. [06:32] no. [06:32] ifconfig in the vserver still shows eth0 without ip, [06:32] that's okay ... [06:33] eth0 shouldn't show ip [06:33] eth0: shows its ip [06:33] ? [06:33] but i just tried the chbind --ip 10.0.0.100 ncftp thingie and now the connect succeds [06:33] click: exactly [06:33] well, it works here [06:33] both with ftp and everything else [06:34] okay, so now we know that the debian kernel is broken, right? [06:34] looks like [06:34] (I mean the debian, vserver kernel, of course) [06:34] <-- not running debians kernel [06:34] :) [06:35] okay, youam, could you upload all patches required to create such a debian kernel from a vanilla source, somewhere? [06:35] where did the debian vserver patch come from, or did you 'just' apply the vs1.22 patch on the debian kernel? [06:35] debian vserver is the ctx patch I believe, from solu [06:36] not vs [06:36] nope click, he was referring to vs1.22 ... [06:36] aah, mf. [06:36] Bertl: i applied your patch from 13thfloor, plus resolving one or two rejects [06:36] ah okay, you broke it yourself ;) [06:36] (which had nothing to do with networking, iirc) [06:36] well you have to keep _all_ pieces then ;) [06:37] okay, we could have saved us all some time, if you would have said this earlier ... [06:37] I _know_ that debian uses a modified (2.6 like) network stack, which doesn't work with default vserver patches ... [06:38] it's not too hard to adapt it, I've done that several times before .. so we can do it again ... [06:39] AAAAh [06:39] DAMN [06:39] did i just say "nothing with network"? [06:39] 1 out of 1 hunk FAILED -- saving rejects to file include/net/ip.h.rej [06:39] 1 out of 2 hunks FAILED -- saving rejects to file include/net/route.h.rej [06:39] 1 out of 7 hunks FAILED -- saving rejects to file net/ipv4/udp.c.rej [06:40] shame on me [06:40] okay, you have the 2.4.24 patches somewhere? [06:40] I mean the debian patches ontop of 2.4.24? [06:40] one sec [06:42] https://hydra.youam.de/stuff/diff_linux-2.4.24_kernel-source-2.4.24.bz2 [06:44] i solved the conflicts by looking at the latest debian ctx patches available, which were ctx1.21 for debians 2.4.22 [06:51] hmm, funny I have a 2.4.22-3-vs1.22 debian kernel here ... [06:52] the debian 2.4.24 version is 2.4.24-? [06:52] mine is a 2.4.22-5 [06:53] okay now I'm confused?! [06:53] but i used it only to have something to apply the patch against [06:53] what is the url you provided above? [06:53] the version numbers differ between woody-proposed-upgrades and sid [06:54] oh. sorry [06:54] i gave you the version of the 2.4.22 i applied the ctx1.21 against [06:54] 2.4.24-1 is the 2.4.24 version [06:55] okay, so this patch above is linux-2.4.24-2.4.24-1.diff , right? [06:55] or linux-2.4.24-to-2.4.24-1.diff [06:55] yep. the diff between a vanilla 2.4.24 and debians 2.4.24-1, both without vserver [06:59] well, but now that i know exactly what is broken, and where to find a working version, i think i can figure out the rest by myself [06:59] you can have a 'reference' patch in a few minutes ;) [07:00] i won't say "no" :) [07:00] i think my main problem was not knowing that the -ctx patch and the -vs patch are really two different things [07:00] and I would be glad, if you could test, and fix it, if it is wrong somewhere ;) [07:01] sure [07:01] because I don't test the debian kernels, so I don't know if something is broken ... [07:06] http://vserver.13thfloor.at/Experimental/patch-2.4.24-1-vs1.24.diff [07:29] Bertl: in a twisted way i'm relieved: it doesn't work [07:31] okay, so something is wrong in that version too, which means, it's probably wrong in 2.4.23-3-vs1.22 too ... [07:31] which should have been tested, long before ;) [07:31] same effect as before? [07:32] yep. all in all it's running, but the chbind-error is still there [07:32] so i'm happy i didn't make some stupid error and stole your time with this [07:33] okay, we had the ftp issue before? [07:33] that is working now? [07:34] or what is the chbind-error you refer to? [07:34] the ftp test? [07:34] i think the ftp issue /is/ the chbind error [07:34] can't follow, please elaborate ... [07:35] i meant, ftp is still not working in the vserver, but everything which worked before, with my version, still works [07:35] that is /the chbind error/? [07:36] and i think that my ftp connections are not running because of the chbind error: [07:36] okay, what is /the/ chbind error? [07:36] the ftp client opens a connection, which gets bound to .2 by mistake instead of to .203 [07:36] okay, so the 'bind()' actually goes wrong? [07:36] i think so [07:37] how'd you verify that? [07:37] the ftp client opens a connection without specifing an interface [07:37] and it gets bound to 10.0.0.2 (s/interface/ip-address/) [07:37] how do you see that? [07:38] this is shown in strace by getsockaddr [07:38] okay, [07:38] is that strace somewhere? [07:38] and the following bind tries to bind itself to /this/ address for the data connection, which fails [07:39] one sec, i'm making a new one [07:43] https://hydra.youam.de/stuff/strace.log [07:44] i read the getsockname() in line 347 in the way that the main connection originates from this address [07:44] the tcpdump looks that way, too [07:48] take a look at this patch : @@ -599,6 +616,18 @@ int udp_sendmsg(struct sock *sk, struct [07:49] IMHO it's the only difference, which could cause this ... [07:50] but that's udp?! [07:52] not really knowing anything of this code, i'd suspect this one: @@ -156,6 +157,45 @@ static inline int ip_route_connect(struc [07:54] in net/ipv4/udp.c change the line 626 ... [07:54] daddr = ipv4root; [07:55] yes, found it [07:55] to [07:55] fl.nl_u.ip4_u.daddr = ipv4root; [07:55] done. [07:55] next recompile/reboot? [07:56] compile with make bzImage modules ... [07:56] no make clean or dep required ... [07:57] hm. looks like make-kpkg (the debian kernel-packager-thingie) did a make clean anyway [07:59] argh, takes ages ... [07:59] yep [07:59] tomorrow i'll clean my .config [08:00] it's more or less a debian default config at the moment, so it builds about everything [08:00] well, why did you use that make-kpkg thingy? [08:01] because it creates a .deb, which simplifies installing and removing kernles really a lot [08:01] so, ready [08:02] hum hum, 'cp arch/i386/boot/bzImage /boot/vmlinuz' isn't that complicated, at least not for me ;) [08:02] hm, but that was quite fast, what is this machine? a quad Xeon? [08:09] yep [08:10] and hey, i rebooted twice in this time :) [08:10] but it still isn't working [08:10] same behaviour? [08:11] yes [08:19] include/net/route.h [08:19] line 198 [08:19] } [08:19] <- here [08:19] } [08:19] if (!dst || !src) { [08:20] insert ... [08:20] fl.nl_u.ip4_u.saddr = src; [08:20] fl.nl_u.ip4_u.daddr = dst; [08:20] done. retry? [08:20] suhcoolbro (~Suh@216-161-89-245.ptld.qwest.net) left irc: Quit: NO CARRIER [08:20] yup [08:21] ok [08:21] hmm, is this really a quad xeon? [08:22] in fact, it's a dual xeon, but it's working as a quad because of the hyperthreading [08:22] ah okay, I was thinking more 8 HT ;) [08:23] . o O ( but that's not that usefull if i forget to give make a -j $morethanone ) ... [08:24] well, I guess you could at least do -j 6 or -j 8 on your machine ... [08:25] -j 25 :) [08:30] YEP [08:30] it's working! [08:30] ncftp / > ls [08:30] debian/ debian-archive/ lost+found/ [08:30] oki ... [08:30] great! many many thanks! [08:31] np [08:31] and i found a job for myself for tomorrow: [08:31] maybe you could send the patch I'm going to put up in a few minutes, to the debian maintainer with some words ... [08:32] i've got to make the sequence of vserver bootups configureable [08:32] the one i need for my work is the one which starts at last, that sucks :) [08:41] http://vserver.13thfloor.at/Experimental/patch-2.4.24-1-vs1.24.1.diff [08:42] okay, could you send that to Ola Lundqvist, with some words, what was fixed ... [08:42] i will, (tomorrow) [08:43] perfect ... [08:43] but you're living in MET too, don't you? [08:43] CET actually ... [08:45] that's the two names for the same thing [08:45] s/the// [08:47] basically yes ... [08:53] well, thanks again, and good "night"! [08:57] yup, have a good one! [09:33] Nick change: Bertl -> Bertl_zZ [11:08] serving (~serving@213.186.190.24) left irc: Read error: Connection reset by peer [12:45] miller7 (none@213.239.180.106) joined #vserver. [12:46] hello guys! [13:05] serving (~serving@213.186.190.24) joined #vserver. [14:15] er [14:15] oh, Bertl zZing ;/ [14:28] blah, this sucks [14:28] 6019 stat64("/usr/sbin/util-vserver-vars", 0xbfffec7c) = -1 ENOENT (No such file or directory) [14:28] it's violation of FHS specification :/ [14:39] pRiV (dbox3@81.92.166.46) joined #vserver. [14:40] Hi... please give me a short hint: Where can I find how I can install a system into my vserver? For example: How can I install gentoo in a new vserver? I can´t find the information on ux-vserver.org/index [14:40] http://www.linux-vserver.org/ [14:41] I looked at the FAQs and the different Howtos... but I have found no hint. [14:42] you can install any Linux you want [14:46] How? [14:46] usr/sbin/vserver XX enter ... but what is it then starting? [14:47] How can I put something there ? [14:47] Must I install a system on a different Hardware? [14:47] And then copy all Files localy ? [14:48] create typical directory with everything inside like for chroot [14:49] ... I found it... [14:49] http://www.solucorp.qc.ca/miscprj/s_context.hc?s1=4&s2=2&s3=0&s4=0&full=0&prjstate=1&nodoc=0 [14:50] thanks alot [14:51] Action: arekm is starting thinking that vserver on 2.6 is not needed at all. Probably same can be obtained using just SELinux. [15:28] Nick change: noel- -> noel [15:32] hm... I´m going to run about 400 VServer on a machine... on many users should be able to connect via ssh. I don´t want to run 400 sshds... Do you think it is a good idear to do this via ssh login on the host system via running as shell a "vserver enter" ? [15:33] 400 vservers? :-) [15:33] have you tried it? [15:33] no. =) [15:33] ok, hehe [15:33] with chroot it works at the moment. =) [15:33] on different server, want to migrate to vserver [15:33] what services they run? [15:33] bouncers [15:33] ircds [15:33] eggdrops [15:33] all precompiled [17:02] noel (~noel@pD9FFA8C3.dip.t-dialin.net) left irc: Remote host closed the connection [17:05] noel (~noel@pD9FFA8C3.dip.t-dialin.net) joined #vserver. [18:10] hm, this was a bit annoying... [18:11] what? [18:11] *bootstrapping rh on a debian vs* [18:11] nothing, found out [18:14] click: oh, i wanted to do this, too [18:14] Nick change: Bertl_zZ -> Bertl [18:14] hi everyone! [18:14] wasn't much of a problem after I read the bootstrap-thingie for RedHat [18:14] have you found a script or something comfortable as debootstrap to create the rh chroot? [18:14] hey bert [18:15] Action: miller7 thanks bert for yesterday's help! [18:15] youam: well, it's as easy as getting the RH tools [18:15] Nick change: Doener_zZz -> Doener [18:15] hi [18:15] youam: and just read one of the scripts included [18:15] miller7: no problem, you owe me a shrubbery! ;) [18:15] click: ok, thanks [18:15] what's a shrubbery? :) [18:16] a bush [18:16] ever seen Monty Python? [18:16] (and the holy grail) [18:16] no :( [18:16] ok, no wonder you dont know it [18:16] Action: miller7 makes a mental note about watching it [18:17] bertl: i added the full monty on the shell-vserver, meaning a full list of every ip, and set NR_IPV4ROOT to 200. I guess that works as well, except for being a tad slow [18:17] Bertl: can you provide your patch to tavi once more? i can't seem to find my copy and must have messed something up last night... [18:18] click: hmm, so you didn't like the range solution? [18:18] Doener: sure, didn't I upload it on vserver.13thfloor.at? [18:18] Action: Bertl is searching for the tavi stuff ... [18:18] well, the fuzzy part was making ifup's all over, which is kinda boring. [18:19] ah, sure... [18:19] http://vserver.13thfloor.at/Stuff/patch-tavi-0.25-enhance3.diff [18:19] i'm still somewhat sleepy i guess... [18:19] how can I know if my vserver kernel has support for q0.12 patch (context quota? [18:20] you mean, compiled in? or what? [18:20] yes, compiled in [18:20] I have the patch but don't know if I patched the kernel before compiling :) [18:22] hmm, probably the easiest way is to try to activate quota ... [18:22] should I follow this one?http://vserver.13thfloor.at/Linux2.6/index.php?page=Per+Context+Disk+Limits [18:22] if it works without creating a quota hash, it's not patched ... [18:22] if you are able to 'add' a quota hash for any context, for sure it _is_ patched ;) [18:23] should I remount my HD with the tagctx? [18:23] well, yes, that would work too, if this fails, no patch ;) [18:24] I don't understand this line [18:24] mount -o tagctx /dev/shared/device /vservers [18:24] my /vservers is under partition / [18:24] - /dev/hda3 [18:24] should I put: mount -o tagctx /dev/hda3 / ? [18:24] you must not use the / partition for tagctx /tagxid) [18:25] it will work but just for a short moment ;) [18:25] then? what should I do? [18:25] reason: the tools do some dirty tricks, namely changing in the context and writing out the context id from the procfs into some file in /var/run/vservers [18:26] so I should have /vservers under its own partition? [18:26] or is there some other way around? [18:26] with context tagging on /, that means that /var/run/ is changed into the first context which does this ... [18:26] yes, the best way is to use a separate partition on /vservers [18:26] sigh [18:26] nooooooooooooooooooooooooooo [18:27] I have to recompile my PC? [18:27] hmm, why? [18:27] I have already partitioned my HD [18:27] never did a recompile, because I wanted to repartition my hd ;) [18:27] arghm, I want a full version of cpanel! [18:27] *grmph* [18:27] what did you do? [18:28] why does these things have to cost as much as they do... grmph. [18:28] well I did some remote repartitioning ... [18:28] ?? [18:28] what's that? [18:28] you have a running system on that machine, right? [18:28] yes [18:29] you probably have some unused space on a swap partition or such, right? [18:29] Guess so [18:29] I have lots of free disk spac [18:29] show me your current partition table (best done with sfdisk --dump) [18:30] where do you find all these commands? :P [18:30] # partition table of /dev/ide/host0/bus0/target0/lun0/disc [18:30] unit: sectors [18:30] - /dev/ide/host0/bus0/target0/lun0/part1 : start= 63, size= 144522, Id=83, bootable [18:30] - /dev/ide/host0/bus0/target0/lun0/part2 : start= 144585, size= 1012095, Id=82 [18:30] - /dev/ide/host0/bus0/target0/lun0/part3 : start= 1156680, size= 58894290, Id=83 [18:30] -/dev/ide/host0/bus0/target0/lun0/part4 : start= 0, size= 0, Id= 0 [18:31] the entire disk is how large? [18:31] 30 gb [18:31] okay, so you have 500MB swap and 70MB boot, right? [18:31] more or less yes [18:31] 512 / 64 is what I asked for :D [18:32] good, you can put a bootable linux system (usually a stripped down version of your current system) on that swap partition ... [18:32] and then? [18:33] then reboot from the swap partition, and resize the third partition, then repartition and add another one, and reboot into the original system ... [18:33] what about the data that already exist on the HD? [18:33] won't they get lost due to that? [18:33] I can boot from a CD as well if that's the story [18:33] no, that is why you 'resize' the partition ... [18:34] ok [18:34] well, yes you can do via a CD too, but where is the fun? [18:34] I don't want fun :) [18:34] I want to test the quota thingie :D [18:34] hehe [18:35] so that's it? [18:35] what else is there that you are not telling me? Will my HD explode after that? :) [18:35] what is the tool to resize the third partition? [18:36] can fdisk do that? [18:36] what filesystem do you use? [18:36] dev/hda3 has reiserfs [18:36] I thought I might try it [18:36] . /boot has ext2 I think [18:36] well, there should be a reiser resize tool ... [18:36] ah ok [18:37] so I should save this tool into /boot and boot from a CD and resize? [18:38] guess GNU parted can resize a reiser volume ... [18:38] the installation tools on every mandrake cd are able to do it, so probably your installation CDs have a similar feature ... [18:39] (usually used to shrink your windows partitions ;) [18:39] :) [18:39] then you simply add another partition, and you are done ... [18:40] sounds easy [18:40] ooops, let's not say big words [18:40] cause data loss is just there waiting :) [18:41] with the context quota tools, will I be able to see the remaining disk per quota from the host server? [18:42] hmm, you are talking about the disk limit, right? [18:42] yes [18:42] I don't want to use loopback devices [18:42] well, you can query and set the current values for used and total ... [18:43] the rest is just kernel bookkeeping and block/inode limitations ... [18:44] df won't show it though, will it? [18:44] sure it will, inside a vserver ... [18:44] true [18:44] but I guess you could write a script/tool which does it for every vserver on the host ... [18:45] yes, that's what I thought [18:45] seems an acceptable solution [18:46] Bertl: FYI, the debian kernel diff is filed under http://bugs.debian.org/229599 [18:46] ok, installing reiserfs tools [18:48] youam: okidoki ... guess that should do it ... [18:49] youam: YOU developed up (/)? [18:49] Bertl: sorry? [18:49] http://www.youam.net/devel/ 8-) [18:49] :-P [18:49] yep, not much in there yet [18:50] in fact, there is nothing in there because of this bug we(you) solved yesterday: [18:50] i wasn't abled to connect to my web server via ftp, so i couldn't upload my web site :) [18:50] hey you did good work on that, IIRC you discovered, and pinpointed it correctly ... [18:51] Action: youam blushes [18:51] Hello. trying to build 1.24 with q0.12 but gets this /usr/src/linux-2.4.24-vs1.24+q0.12/include/linux/quotaops.h:76: structure has no member named `vx_id' .. know or should I report it on the list? [18:52] save it, I'll update the patch in a minute ... [18:52] ok. thx.:) [18:53] the 2. problem I have with /usr/src/linux-2.4.25-pre7-vs1.36 "fs/fs.o: In function `proc_virtual_readdir': \" "fs/fs.o(.text+0x23748): undefined reference to `__cmpdi2'"... [18:54] btw. 1.24 runs since some days on sparc64 without problems. [18:54] hmm, IIRC you mentioned that yesterday, right? [18:54] the __cmpdi2 part ;) [18:54] no. I wasn't here yesterday talking [18:54] hmm, okay, then somebody else reported something very similar, lets check ... sec [18:55] ah ... was _shuri [18:55] what compiler do you use? [18:55] gcc 2.95.4 on Debian woody [18:56] sounds good, did you try the 2.4.25-pre7 without vs1.3.6? [18:56] no. will try it... [18:56] bert, I booted from CD and I have the reiserfs-resize tool. Now what? I haven't mounted /dev/hda3 [18:57] that's a good start ;) [18:58] now you ahve to figure out how the reiserfs-resize works ... and reduce the current /dev/hda3 to about 4-5 GB or what you consider appropriate for / [18:58] noel: sparc64, great, what machine? [18:58] before the reboot there was some peculiarity: du -s / showed 2.5 GB occupied while df showed 4.8 GB [18:58] is this normal? [18:59] well, might be for reiser ... they are not inode based, so the sizes are sometimes a little off ... [18:59] I see [18:59] so here I go :-) [19:00] Bertl: its an ultrasparc 1 smp [19:00] (arair) [19:00] Action: miller7 says bye bye to his 24 hour compilations of gentoo [19:00] LOL [19:01] noel: how many processors? [19:01] Bertl: 2 [19:01] nice, nice, and no issues? everything working perfectly? [19:02] Bertl: yes. its "only" v1.24 without any other things but it works without problems. [19:08] Bertl: vanialla 2.4.25-pre7 builds without problems. [19:08] ok I did it and now man says I should run cfdisk. Anyone familiar with it? [19:09] well, you can use fdisk or sfdisk as well .. [19:09] how do I know the exact partition size? [19:10] noel: okay, so we have some 'strange' code in there, could you please provide your .config of the failing build? [19:12] sure. I mail it to you. [19:20] hmm, hmm, that is the config you used for 2.4.25-pre7-vs1.3.6 ? [19:21] let me check if I copied it correctly... [19:23] args. wrong one. sent now the correct one... [19:27] looks better ;) [19:28] vservers will be a lot faster if not mounted on loopback device, right? [19:28] sure [19:31] wow [19:31] noel: hmm, which q0.12 patch did you use? [19:31] system rebooted and /dev/hda3 works :D [19:31] fascinating ;) [19:31] indeed! [19:31] Action: miller7 is living on the edge :P [19:31] somethings wrong with the world today ... I don't know what it is .... [19:32] btw, bert, is this partition thingie going to stay? I mean, for disk quota we'll always need /vservers in its own partition? [19:32] Bertl: with 1.3.6 I dont use the quota patch. with 1.24 this one patch-2.4.23-vs1.20-q0.12.diff [19:33] miller7: for per context disk limits and quotas on a shared partition, you always need a shared partition, and this should not be the / partition ;) [19:33] ok [19:33] mount -o tagctx /dev/hda4 /vservers [19:33] mount: wrong fs type, bad option, bad superblock on /dev/hda4, [19:33] or too many mounted file systems [19:33] this means that I don't have patched my kernel? :) [19:34] noel: just because I applied the same patch on 2.4.24-vs1.24 and it compiles without any issues ... [19:34] miller7: looks like ... [19:34] Bertl: ok. will try it again... [19:34] no [19:34] I update the patch anyway, just check the new one ... [19:35] me? [19:35] ok. will wait for the new one.;) [19:35] oh ok, not me :) [19:35] :) [19:37] Action: noel goes to dinner. see you later and thx... [19:37] bye [19:37] bye,bye ... [19:46] bert, I compiled the new kernel but the mount -o tagctx /dev/hda4 /vservers [19:46] still gives same error [19:46] any ideas? [19:46] you did enable context tagging in the menu config? [19:47] let me see [19:47] what menu is it under? [19:48] hmm, above QUOTA support ... [19:48] Persistent Context ID for files [19:48] yeah, I have it enabled yeah [19:48] 24/24 [19:49] okay, you compiled that kernel and booted it, right? [19:49] yep [19:49] the patch is in too (I see that if I try to repatch I get "already patched" error) [19:49] patch is: patch-2.4.23-vs1.20-q0.12.diff [19:49] right? [19:49] which kernel? [19:49] I use: patch-2.4.24-vs1.24.diff [19:50] hmm, the patch applied? [19:50] yes [19:50] I think so [19:50] now I'm confused ... [19:50] should I reapply patches just to test? [19:51] try again, and if it fails (what I expect), use the new patch at http://www.13thfloor.at/vserver/s_addons/quota/ [19:51] sure [19:51] first this patch patch-2.4.24-vs1.24.diff [19:51] and then the patch-2.4.23-vs1.20-q0.12.diff right? [19:51] yup [19:52] you can make a 'test' without patching a patch, if you specify --dry-run [19:52] cat patch-2.4.23-vs1.20-q0.12.diff | patch -p1 -d linux-2.4.24 [19:52] patching file fs/ioctl.c [19:52] Hunk #1 succeeded at 121 with fuzz 2 (offset 10 lines). [19:52] Hunk #2 succeeded at 164 (offset 10 lines). [19:52] patching file fs/jfs/jfs_imap.c [19:52] patching file fs/ufs/super.c [19:52] patching file include/linux/capability.h [19:52] Reversed (or previously applied) patch detected! Assume -R? [n] [19:52] here I pressed n [19:53] Reversed (or previously applied) patch detected! Assume -R? [n] [19:53] Apply anyway? [n] [19:53] Skipping patch. [19:53] 1 out of 1 hunk ignored -- saving rejects to file include/linux/capability.h.rej [19:53] patching file include/linux/ext2_fs.h [19:53] ok, so didn't work [19:53] try the new one ;) [19:54] but I have the strong feeling, that is not your current issue ... [19:54] :( [19:54] the /dev/hda4 works fine without it (just mount as normal) [19:55] you are trying with reiser too, right? [19:55] yes [19:55] just for the fun of doing it, could you reformat that /vservers partition with ext2/ext3? [19:55] ok, patched fine with the new one. compiling now [19:55] sure [19:55] I guess, the reiserfs option isn't implemented yet ;) [19:56] mke2fs -j /dev/hda4, right? [20:13] yup [20:15] still compiling kernel [20:15] Action: miller7 takes a nap [20:15] the /proc hide thing is on the development releases only? [20:16] nope, vs1.24 contains that ... [20:16] just the defaults are different ... [20:16] does it work with /proc/mounts too? [20:16] nope [20:16] what it does now? can you please tell me in 1 line? [20:17] (don't want to bother you) [20:17] /proc/mounts is actually /proc/self/mounts, which is /proc//mounts, which is a dynamic entry ... [20:17] ok [20:17] well, it allows you to select which 'static' proc entries you want to show/hide and where ... [20:18] ok [20:18] patch-2.4.24-vs1.24-q0.12.diff <-- does this have vserver quota as well? [20:18] for the proc/mounts, there is a separate patch, which disables it completely (in vservers) [20:18] q0.12 is per context quota and disk limits, yes [20:19] cool [20:20] ok kernel compiled, rebooting now [20:22] works fine :) [20:22] Action: miller7 smiles [20:22] good job Bert [20:30] thanks ;) [20:30] mhm [20:31] miller7: so reiserfs tagxid isn't supported, right? [20:31] bertl: may i ask you something about restoring a dump? i removed all data from the paritions and used "restore rf /backup/root.dump" to restore the content to the directory [20:31] Bertl: looks like it [20:32] i restarted the server and it booted perfectly, but the fs got mounted ro and i receive ext3-fs errors [20:32] is this related to dump/restore or to the kernel (2.4.24-ck1) [20:32] hmm, sounds strange, but ext3 is buggy with 2.4.24 ;) [20:33] what does that mean? [20:33] so i should choose 2.4.25-preX? [20:34] well, at least they fixed some bugs, and IIRC, it doesn't sync the way it should on 2.4.24 [20:35] so your issues might be related ... [20:35] but on a closer look, I would suspect other things first ... [20:35] what fs should someone use? what do you recommend, bert? [20:35] good question ... [20:36] basically jfs seems very stable, but unfortunately most features are missing ... [20:36] no quota, no iunlink support ... [20:36] important ones [20:36] ext2 is stable and has a good history, and supports all the features ... [20:37] but you won't get great performance and journaling without the ext3 extension ... which seems to be not so stable, at least with quota and the 2.4 kernel ... [20:38] so basically we should use punched cards? :P [20:38] xfs is nice, but no chance in the next few month to support thatquota format ... iunlink is in the development branch ... [20:42] damn thing... [20:45] miller7: punched cards are a character or at best block device, they can carry any fs ;) [20:45] sounds reliable to me :) [20:45] well, you won't correct fs errors by that :) [20:46] I will, by hand and white fluid thingie :P [20:48] /usr/local/sbin/vserver: line 530: ulimit: max user processes: cannot modify limit: Invalid argument [20:48] what's that? [20:48] maharaja: did you reformat your partition before you restored the dump? [20:48] miller7: that means that your config file uses -H instead of -HS in the ULIMIT section ... [20:48] oh ok [20:48] old config probably [20:48] thanks [20:48] iluvyah [20:50] ;) [20:55] damned linux... [20:55] right now, it hangs with "loading grub stage 1.5" or so [20:57] the per context quota works pretty cool! [20:57] I don't understand thought why the host "df" shows wrong values.... [20:58] what are 'wrong' values? [20:58] well [20:58] I copied 1GB file, copied it to a dir and then deleted the 1 GB file [20:58] the /dev/hda4 should have 800 mB [20:59] but it shows 1.86MB [20:59] which is just wrong [20:59] I had previously mounted the 1GB file as /dev/loop, maybe this has to do with it? [20:59] ah, ok [20:59] i forgot that i hat that i had to use the serial console [21:01] miller7: well, I would say it isn't deleted yet ;) [21:01] you just can't see it anymore ... [21:02] ic [21:02] when will it be deleted? tomorrow morning? :P [21:02] loset -d probably releases that disk space ... [21:02] losetup -d /dev/loop [21:03] true [21:03] bert, you have a solution to everything [21:03] I am amazed [21:07] unfortunately not everything ... still working on that philosophers stone thingy ... [21:09] Sh[a]de (shade@cpe109.bb101.cablesurf.de) joined #vserver. [21:09] how can I see the inodes occupied in a directory and below? [21:09] just count files? [21:10] or there's another way? [21:10] hello back [21:10] hi Sh[a]de! [21:10] hey Sh[a]de [21:10] miller7: find | wc -l [21:10] hey bertl: how are u? [21:10] fine thanks ... and you? [21:10] Bertl: thought so [21:10] oh fine too thanks [21:11] can i ask you some questions about enricos tools for the pbvsc project? [21:11] that is the php frontend, right? [21:11] right [21:12] well, sure you can, maybe I can answer some of them ;) [21:12] <_shuri> php frontend?? [21:12] <_shuri> for vserver? [21:12] yes [21:12] ah _shuri, good that we got your attention ;) [21:12] doing what? creating them? [21:12] :) [21:12] not only [21:12] create, start, stop, overview and more [21:12] who makes it? [21:13] a community project from me [21:13] <_shuri> yes Bertl:P [21:13] url? [21:13] _shuri: could you send me the config which produced the compile error, or make it available somewhere? [21:13] http://vserver.wireless-winds.de [21:13] what's the userid for the demo? [21:13] <_shuri> Bertl i del it [21:13] <_shuri> :( [21:14] <_shuri> The page cannot be displayed [21:14] need a login? [21:14] yes please [21:14] <_shuri> is ok now [21:14] ok sry i can give u a login later, first i have some question :) just querry me for a login [21:15] Bertl: whats the command to create with a spec. ip and hostname? [21:15] vserver build Name --ip 1.2.3.4 --hostname BlaBla did not work [21:16] hmm, enrico mumbled something about a syntax diagram/ebnf or such ... let me see if I can find it ... [21:16] ok [21:16] take your time, im here ;) [21:17] for all who login in to the demo: This is a Alpha Version, so dont be hurry about some errors ;) [21:24] soon the first alpha public version will be released, we hope :) [21:24] good luck Sh[a]de [21:24] we only need some informations about the create command [21:24] but Bertl is searching :) [21:30] You can Start/Stop/Restart follow v-child at this time [21:30] VM1 and VM2 [21:30] no shyness :) [21:31] <_shuri> Starting the virtual server VM1 [21:31] <_shuri> Server VM1 is not running [21:31] <_shuri> Starting system log daemon: syslogd. [21:31] <_shuri> Starting kernel log daemon: klogd. [21:31] <_shuri> Starting internet superserver: inetd. [21:31] <_shuri> LO [21:31] <_shuri> veru nice Sh[a]de [21:31] and if anything faild, this line is in red [21:32] sorry Sh[a]de, can't find that doc (from enrico) [21:32] Bertl: np [21:32] Bertl: have you tried selinux? [21:32] we have enough work on the other functions [21:32] arekm: not yet ... [21:33] is unification implemented / working in stable kernel patch? [21:34] sure [21:34] Bertl: probably most (if not all) vserver things can be done in selinux [21:35] yes, I know, Rik tried some time ago, and stopped at half the way, because he didn't want to make the se stuff stackable ... [21:36] but maybe you can answer some questions regarding selinux, if you know it well?! [21:37] (regarding vserver, and implementation with selinux) [21:49] so we have to work on pbvsc... if any questions to our projekt we have a irc channel to on: irc.bongster.de in #pbvsc or use the page, point: Public Wishlist (http://vserver.wireless-winds.de) [22:01] Cyrix (~cyrix@d102-13.dsl.expressnet.de) joined #vserver. [22:01] good evening [22:01] hey Cyrix [22:02] i have a problem running an apt-get from my vserver ... it doen't seem to connect [22:07] Cyrix6x86 (~cyrix@d102-13.dsl.expressnet.de) joined #vserver. [22:07] Cyrix (~cyrix@d102-13.dsl.expressnet.de) left irc: Read error: Connection reset by peer [22:07] Cyrix: check resolv.conf in /etc/ [22:07] Cyrix: can u ping some other hosts in your v? [22:08] Cyrix: if yes check your sources.apt [22:11] Cyrix (~cyrix@d102-13.dsl.expressnet.de) joined #vserver. [22:11] Cyrix6x86 (~cyrix@d102-13.dsl.expressnet.de) left irc: Read error: Connection reset by peer [22:15] Cyrix (~cyrix@d102-13.dsl.expressnet.de) left irc: Read error: Connection reset by peer [22:21] Cyrix (~root@d102-13.dsl.expressnet.de) joined #vserver. [22:22] sorry guys ... having extreme connection problems ... i hope this time it works better [22:22] did i miss an answer ? [22:22] 20:08 < Sh[a]de> Cyrix: check resolv.conf in /etc/ [22:22] 20:09 < Sh[a]de> Cyrix: can u ping some other hosts in your v? [22:22] 20:09 < Sh[a]de> Cyrix: if yes check your sources.apt [22:24] as i said already ... my source-list is copied from my working host system ... just as my resolv.conf [22:25] i think the problem is ftp ... as i had to implement SNAT for my vserver to connect to the internet [22:26] which kernel, which patches? [22:33] Cyrix (~root@d102-13.dsl.expressnet.de) left irc: Ping timeout: 492 seconds [22:33] Cyrix (~root@d102-13.dsl.expressnet.de) joined #vserver. [22:36] no idea ? not even how could i trace out whats wrong ? [22:36] hmm, you have no idea, what kernel you are using? [22:36] or what patches you applied? [22:37] im using a vanilla 2.4.24 kernel with only the vserver 1.24 patch applied, nothing else [22:37] is there a minimum debian vserver available for download somewhere? [22:38] you sound so confused ... is this an unnormal behaviour of my system ? [22:38] okay, http://vserver.13thfloor.at/Stuff/testme.sh [22:38] what does this give on your system? [22:38] miller7: make you own ;) [22:39] Sh[a]de: that's what I want not to do :) [22:39] brb [22:39] miller7: hmm sry i don't know about a mini image [22:39] np, thanks [22:43] Linux-VServer Test [V0.06] (C) 2003-2004 H.Poetzl [22:43] ./testme.sh: chcontext: command not found [22:43] chcontext failed! [22:43] ./testme.sh: chbind: command not found [22:43] chbind failed! [22:43] Linux 2.4.24-vs1.24 i586// [J] [22:43] --- [22:43] hmm, doesn't look like a healthy vserver system :( [22:45] i think the script gets confused because the files got installed in /usr/local/lib/util-vserver instead of /usr/lib/util-vserver ... i didn't moved them because i'm not sure if it works with them in that place [22:46] out=`chcontext --ctx 1 grep -Ee '[[]|s_context|VxID' /proc/self/status` [22:46] doesn't look like it assumes anything about the location, huh? [22:47] maybe you should configure yout PATH properly, then? [22:47] im not sure where to set this systemwide...never done something like that before in debian [22:48] well, I guess it would be sufficient to do: [22:48] export PATH=$PATH:/usr/local/sbin:/usr/local/bin: for now ... [22:49] you dont know either ? what a pity [22:50] youam (~youam@sc-gw.scientific.de) left irc: Ping timeout: 492 seconds [22:50] it's probably in your /etc/profile or /etc/bashrc ... [22:50] Linux-VServer Test [V0.06] (C) 2003-2004 H.Poetzl [22:50] Can't set the new security context [22:50] : Operation not permitted [22:50] chcontext failed! [22:50] chbind is working. [22:50] Linux 2.4.24-vs1.24 i586/chcontext 0.27/chbind 0.27 [E] [22:51] you are running this on the host? [22:53] syes, should i run it on the vserver ? [22:53] or as root on the host ? [22:54] as root on the host ... [22:54] and you get permission denied? [22:55] nono this wasnt as root ... this is as root : [22:55] Linux-VServer Test [V0.06] (C) 2003-2004 H.Poetzl [22:55] chcontext is working. [22:55] chbind is working. [22:55] Linux 2.4.24-vs1.24 i586/chcontext 0.27/chbind 0.27 [E] [22:55] --- [22:55] [001]# succeeded. [22:55] [011]# succeeded. [22:55] [031]# succeeded. [22:55] [101]# succeeded. [22:55] [102]# succeeded. [22:55] [201]# failed. [22:55] [202]# succeeded. [22:55] okay, that looks reasonable for stable ... [22:55] what about 201 ? [22:55] doesn't work under stable ... [22:56] okay, and you have troubles using apt-get on a vserver, right? [22:58] wget doesn't work either ... just tested it ... it looks like theres no internet connection [22:59] although i followed the insctructions in http://list.linux-vserver.org/archive/vserver/msg04557.html [22:59] okay, let's take a closer look on that, ifconfig shows what in your vserver? [23:01] do you need the complete output ? [23:01] the display is same as on the host system by the way [23:01] no, only the relevant sections ;) [23:02] hmm, sure that it is the same? [23:02] ok the local ones eth1 Link encap:Ethernet HWaddr 00:48:54:50:BC:0C [23:02] UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 [23:02] RX packets:49810 errors:0 dropped:0 overruns:0 frame:0 [23:02] TX packets:51326 errors:0 dropped:0 overruns:0 carrier:0 [23:02] collisions:0 txqueuelen:1000 [23:02] RX bytes:5111145 (4.8 MiB) TX bytes:12723042 (12.1 MiB) [23:02] Interrupt:10 Base address:0xd000 [23:02] eth1:serv Link encap:Ethernet HWaddr 00:48:54:50:BC:0C [23:02] inet addr:192.168.0.101 Bcast:192.168.0.255 Mask:255.255.255.0 [23:02] UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 [23:02] Interrupt:10 Base address:0xd000 [23:03] yes im sure [23:05] okay, do you have a web page or something where you could put up some config files/output? [23:06] not at the moment ... i could emal them to you [23:06] hmm, sec [23:06] k [23:12] *sigh* okay, send it per email ... [23:12] I need: [23:13] 1) your /etc/vservers/.conf [23:13] 2) the output of ifconfig -a [23:13] 2) from the host or from the vserver ? [23:13] 3) the output of strace -fF -s 10000 ping 128.130.2.3 [23:14] 2) best from both ... [23:14] ok [23:14] (but you said, they are the same ;) [23:14] okay, that's it for now ... well be more later ... [23:15] right ;) but i always looked at it without -a [23:16] ok i'll send it in a moment to you...have someone on the phone [23:45] loger joined #vserver. [23:48] deadguy (deadguy@bananajoe.big.du.se) left irc: Ping timeout: 480 seconds [23:52] deadguy (deadguy@bananajoe.big.du.se) joined #vserver. [00:00] --- Mon Jan 26 2004