[00:01] okay kloo, you think that this modification does work now for 'normal' use? [00:23] miller7 (none@213.239.180.106) left irc: Ping timeout: 485 seconds [00:41] frz (~frz@213.235.213.90) left irc: Quit: Download Gaim: http://gaim.sourceforge.net/ [00:48] it seems so Bertl, but it's only been a few hours. [00:48] ah okay ... [00:49] so I include that into the lnext devel release then ;) [00:50] i'll meditate on the more general problem in my sleep. :) [00:50] make it so, and let me know about the results ;) [00:51] thanks for the fix Bertl. [00:51] np [00:51] see you! [00:51] cu2 [00:51] kloo (~kloo@213-84-79-23.adsl.xs4all.nl) left irc: Quit: Client exiting [01:18] serving (~serving@213.186.188.205) joined #vserver. [01:28] sorry, i was out for a while.. [01:29] np [01:29] would you like me to repeat my questions? [02:22] pRiV (dbox3@81.92.166.46) joined #vserver. [02:22] pRiV: any new exploits? [02:22] hehe, no. =) [02:24] But can it be that with wrong permissions the exploit still works? [02:26] Bertl, for your information, Iīm now progging the new system for www.whatshells.de. Vserver based, of course. ;-) [02:27] well sure, currently the stable release doesn't use the barrier flag stuff [02:27] the barrier is now built of IUNLINK + 000 [02:27] if one of those conditions isn't met, there is no barrier, and you can still escape ... [02:28] =) [02:28] If you thinkt this is ok? [02:28] if you manage to modify any of those, you are out ... [02:28] well, there is no good solution to that atm, but there are two solutions in the near future [02:29] Did you notice the Linux Kernel developers, or itīs a own solution of vserver? [02:29] first, the barrier flag will replace all that crap, then we will use the rbind and CLONE_NS [02:30] as LKML and Linus' Kernel is involved, this is nothing new ... [02:30] IIRC, Linus said some years? ago, that chroot() is broken and unfixable [02:31] lol [02:31] good to know. =) [02:31] Lets see if there is a bug without ".." but real "/"... [02:32] Im must only get the right inode. =) [02:32] :-P [02:33] But actually I donīt see a way. [02:33] well, I'm pretty sure, you have to do more then that, but go ahead surprise me ... [02:33] Which flowers are you offering me for another exploit? ;-) [02:34] the funny part about that exploit was, that nobody actually spent a though on protecting the chmod() so it wasn't a flaw actually, more a door, nobody saw ... [02:34] lol [03:05] Medivh (ck@62.93.217.199) got netsplit. [03:05] Medivh (ck@62.93.217.199) returned to #vserver. [03:24] mugwump (~sv@202-0-63-86.adsl.paradise.net.nz) joined #vserver. [03:25] hi sam! [03:25] Hi there herb [03:27] I've been off looking for more work over the last couple of weeks... down in Wellington (NZ's capital) [03:27] and successful? [03:28] I've got several quite promising leads ... I'm pretty confident I'll find something really good within a month or so [03:28] maybe much sooner [03:28] sounds good .. [03:29] One position is the network security dude for the local Uni ... now *that* would be interesting [03:29] They're looking to move from Solaris to Linux... [03:30] well for sure you would have some time to work on vserver, right? [03:33] Sure, until I start working. I've done the showing up in a suit and performing networking part, now is the first phase of waiting for it to stew... [03:33] do you normally wear suits? [03:35] To interviews :) [03:35] Actually I went to one interview wearing a T-Shirt with a massive... [03:35] _ _ ___ _ _ [03:35] hmm, well, my experience was, that it isn't good to pretend to be somebody (clothing) you aren't [03:36] | || | / _ \| || | [03:36] | || |_| | | | || |_ [03:36] |__ _| |_| |__ _| [03:36] |_| \___/ |_| [03:36] [03:36] /shirt/tie: not found [03:37] I've been a suit in the past. I don't mind being a suit again, in Wellington. [03:37] hehe that sounds funny .. [03:37] http://www.ntkmart.co.uk/images/404.jpg [03:43] mugwump (~sv@202-0-63-86.adsl.paradise.net.nz) left irc: Quit: Restarting X [03:47] mugwump (~sv@202-0-63-86.adsl.paradise.net.nz) joined #vserver. [03:48] _shur1 (~shushushu@vserver.electronicbox.net) left irc: Ping timeout: 483 seconds [03:59] _shur1 (~shushushu@vserver.electronicbox.net) joined #vserver. [04:18] mugwump (~sv@202-0-63-86.adsl.paradise.net.nz) left irc: Quit: Console irssi sucks [04:24] noel- (~noel@pD952CD82.dip.t-dialin.net) joined #vserver. [04:28] Nick change: noel- -> noel [04:28] hmm, looks like a real join ;) [04:28] jepp.:) not a "we-kick-you-after-24-hours" [04:29] yeah, so how is your vserver today? [04:30] I didn't update to 1.26 but will do it tomorrow. [04:30] the sparc64 has some scsi/harddrive problems.:( it hangs after some days when its runing with high io load.:( [04:31] hmm, vserver related? [04:31] noel_ (~noel@pD952C66D.dip.t-dialin.net) left irc: Ping timeout: 504 seconds [04:32] no. its the scsi system. I will replace the harddisk and look if its fixed. [04:32] hmm, scsi ofter has timing issues .. [04:32] what does you help more, runing 1.3x or 2.6 kernel with exp on sparc64? [04:33] hmm, probably both, currently the unrelease 1.3.x would be nice, we changed something in the network stack, and I'm very curious if this works on sparc64 too ... [04:34] so if you want to play with that, I can upload a patch .. [04:34] ok. will try them both next week at work.:) one day 2.6 and one 2.4. [04:34] 2.6 patch will be done tomorrow .. [04:34] thats OK. will look at the machine on Thuesday so there is no hurry.:) [04:35] its 2.3x oclock here. good night together.:) [04:35] night! [06:35] okay, wish you all a good night .. cu [06:35] Nick change: Bertl -> Bertl_zZz [08:42] Medivh (ck@62.93.217.199) got netsplit. [08:42] Medivh (ck@62.93.217.199) returned to #vserver. [10:01] Action: kestrel can test the sparc64 support next week if you like [10:25] jap (~root@jap.globe.cz) left irc: Remote host closed the connection [10:59] jap (~root@jap.globe.cz) joined #vserver. [13:36] still waiting on rob to return form NY so i can put a sparc dedicated to vserver development/testing under sparc64 on the net. [13:44] kestrel: what linux distro are your sparcs running? [14:29] debian [14:30] i tried splack (slackware for sparc), but it's equivalent to slackware 8.1 [14:31] hmm i tried ot get to teh splack pages but they were down when i tried. [14:31] i knwo the last official slack distro that supporetd sparc was 7. [14:31] gentoo works rather well. [14:31] debian was more troubble than it was worth. [14:32] woody installs just fine but its woody and too outdated to build modern stuff without major work. theni managed ot screw up the install by using apt ptointed to testing rather than using dist-update. (dselect wasnt too pretty in either case) [14:33] gentoo isnt exactly like slack but close enough. and easy to keep up to date with emerge. [14:35] cant say i like the fbconsole or openrpom console suppot much. non fbconsole is pretty broken unless you just use serial and teh fbconsole seems to corrupt the text and force you to do a lot of screen refreshes if your using the console. but thats more of a kernel problem than a distro problem. [14:42] yeah, i like gentoo [14:42] but on my u10, it would take forever to compile anything [14:43] thats what i installed it on. only took overnight for a emerge -u system after doing a stage 3 tarball. [14:43] so i went for debian...i haven't had too many issues, except for, as you say, lack of testing [14:43] dont have to do a full bootstrap. [14:43] yeah, but i'd much rather not have to wait at all :) [14:44] i wish you could get jigdo to get you a sarge cd. [14:45] debian just doesnt mesh well with what im used to. (BSD/Solaris and a little slackware) [14:45] why sarge? [14:46] kestrel: because its much moe up to date than woody. [14:46] and hopefully will be released in the near future. [14:46] that's what i'm using [14:46] i booted woody, then updated to sarge [14:46] well, whatever testing is [14:46] yeah thats sarge. [14:47] im not likely to switch now that i have gentoo on it though. [14:47] is unstable the one that they initially develop on, or is testing? [14:47] i think its unstable. [14:47] with testing being the next release. [14:47] ah, then i am on testing [14:47] i'd prefer slackware though :) [14:47] mmm, slackware [14:48] i like slack and gentoo because they dont get in your way. [14:48] real easy to start with a base system with no wacky package managers to deal with. or annyoing install systems. [14:50] absolutely [14:50] i really like the gentoo method. boot teh cd, ifconfig, add a route. pull up lynx and fetch the install guide. make a partition, create a filesystem. untar a stage tarball into the fs. chroot there build a kernel and run silo to install the boot block. [14:50] you are the installer. [14:51] yeah, it's not bad [14:52] i just don't want to be compiling heaps of crap on old, slow machines [14:52] and i could never figure out (not that i tried all *that* hard) how to get binary packages built, then use them on other machiens [14:52] only have to update it once. then you only have to compile the bits that need updating later. the U10 isnt htta slow for building individual packages. [14:53] at least the 440Mhz ones arent. [14:53] yes, well, mine is a 330 [14:54] and it is excruciatingly slow [14:54] to be honest though aside form peole here asking for a box to play with sparc64 vserver support on ive never had much of a reason to install linux on sun hardware over Solaris. [14:55] i have a backup server running linux although i might eventually put solaris back on it. its mainly running linux becuas eim more familiar with linux raid support. [14:55] if i ever learn disksuite thats likely to chnage though. [14:56] no, it's a bit pointless really, unless you have no choice [14:58] esp with Solaris 9 and 10 being so nice. linux feel very rough acounrd the edges in comparason. althogugh there are a few things you can do in BSD and linux that you cant currently do with solaris. mainly stuff like samba mounts. which arent normally a big issue. [14:59] still cant beat solaris for long term support though. only thign even close would be debian. [14:59] i like being able to put solaris on a machien and not have to worry about upgrading for 5 years or longer. and have a nice steady stream of patches. [15:00] yeah, it is pretty solid [15:02] for a server i dont need bleeding edge features on and plan to use long term i definatly consider solaris high on the list of choices. i dont like having to do us upgrades every year or so. if i actually need advanced features id probably go for FreeBSD and then linux in that order. [15:04] if it wasnt for the server appliance box im working on i probably still wouldnt be doing much with linux. [15:05] FreeBSD has jails but its nowhere near as good as vserver in teh stable releases. [15:05] or even in the technology releases. [15:06] and ive already played with UML and didnt like it very much. [15:06] and one of teh project goals is to provide virtual dedicated server support. [15:11] vserver is the shit in that respect [15:11] uml is just too damned slow [15:11] either way a hell of a lot more interesteing than my previous work which was maintaining 3rd party COM objects in java for Sun One ASP. [15:12] hehe :) [15:12] i learned to hate java with a passion. [15:12] i can imagine [15:12] it wouldnt be so bad if sun could admit its not perfect for everything and fucking gosling isnt always right. [15:13] and they didnt change ti every week. [15:13] Winks (~paul@cpc1-stre1-6-0-cust47.bagu.cable.ntl.com) joined #vserver. [15:13] in new and interesting ways. [15:13] i swear iw ill strangle gosling if i ever run into him. [15:13] sun would be much betetr off if he hadnt made java. [15:15] i like the idea of resource partitioning instead of virtual machines. [15:15] it makes so much more sense. [15:15] in theroy you can put vserver to good use on a 386 if you wanted to. [15:15] and you probably wouldnt see much extra load. [15:18] Solaris 10 is supposed to have somthign very much like vserver in it when its finally released. [15:19] havent seen it get into the early access builds yet though. [15:20] Winkie (~paul@cpc1-stre1-6-0-cust47.bagu.cable.ntl.com) left irc: Ping timeout: 492 seconds [15:20] yes, i have heard that myself [15:20] kind of like what they do with the 10K+ [15:21] or HP with their soft partitions on the superdomes [15:23] it's supposed to be 38 degrees C here tomorrow [15:23] that is going to be unpleasant [15:23] well not like the 10K+ thats done in hardware. [15:23] but i wouldnt be suprised if some of teh solaris zones functionality might give teh vserver project some ideas. [15:24] hopefully it wont remain vaporware. [15:24] i plan to port my configuration framework to it. [15:25] i can't see why it would [15:26] solaris isn't really known for its vaporware [15:28] would be nice if they allow you to run different solaris versions on teh same machine at one time. [15:30] man, that would be so cool [15:30] the virtual switching they're trying to introduce sounds pretty interesting too [15:30] network switching, that is [15:31] didnt read about that. [15:31] but sounds cool none the less. [15:32] i iwsh they woudl release a filesystem developers kit. [15:32] like they do with teh device driver kit. [15:32] if they could jsut document the vfs system it wouldnt be hard. [15:32] id love ot get working smbmount on solaris. [15:34] right now i run Solaris 8 on my workstation, 9 on the Ultras and Solaris 2.6 and 7 on seprate drives on an SS2. and 2.6 on my tadpole SPARCbook 3GX. [15:35] id upgrade the tadpole but thats the last supported version of solaris that runs on it. [15:35] mmm, i bet that's speedy [15:35] i also have my workstation set up to provide a netboot server for NetBSD. [15:36] so i can boot into netbsd on the tadpole or ss2. [15:37] the ss2 is too slow to use for much other than verifying thigns work with older solaris versions. or for code profiling since it makes any performance problems dramatic. [15:37] id like to replace it with a multi cpu SS10. [15:38] a dinky 40 mhz sun4c isnt really very useful for much. i probably power it up after other month or so. [15:38] its also got a dead idprom. [15:38] mmm, useful [15:38] so i have to fill in the idprom values when i power it on. [15:39] only adds an extra minute to boot time. certanly not worth buying a new prom chip. [15:40] make a great disposable box for testing potentailly destructive things on. [15:41] not bad for somthign like a diskless dumb terminal though. [15:42] which is what i originally pulled it off teh junkpile for. i had a vt220 connetced to it for ircing in the living room with. [15:44] i hate using old sparcs, they run like molasses [15:44] Action: talon should go to boat anchors anonymous. [15:44] it's aggravating [15:44] Action: kestrel agrees [15:44] i dont mind sun4m boxes. so much. [15:44] not great for compiling but after that its not so bad. [15:45] as long as you have plenty of ram and a fast disk. [15:45] i use my u10 all day, every day, and it is not fun [15:45] sun4c is really pointless though. [15:45] i think i coudl blow it away with an equiv 386 box. [15:45] i would gladly trade it in for a piii 550 or similar [15:45] heh im happy with my U10. [15:45] you have a 3d card for yours? [15:46] id like to put one on mine. [15:46] so i can use mplayer full screen. [15:46] well, it has an ati rage [15:46] nahh i meant a UPA card like creator3d or elite3d [15:46] the built in video sucks. [15:46] indeed it does [15:46] at least i can get 1600x1200, that was lucky [15:47] i was fearful that it would only do 1024x768 at 16-bit [15:47] i went from using the sparcbook to a 440Mhz U10 with 650MB of ram. [15:48] as my main machine. [15:48] that would have been quite an improvement [15:49] but then, you come home and use your athlon 2200 with radeon 9600 and think to yourself, "that blows" [15:49] before that my fastest machine was an R5000 MIPS box a nicely decked out SGI indy. [15:49] and it cost less than a 18GB sun hard drive ;) [15:49] i still miss that machine. [15:50] ehh? since when do you need sun branded drives? [15:50] since we have a sun support contract [15:50] oh heh. [15:50] never had one of those. [15:50] had sun throw hardware at us. [15:50] never had a support contract. [15:50] our U10s came form a sun education center. [15:51] ah [15:51] we have platinum support on all our sun gear [15:51] we were working on somthing for them a tthe time and they threw some EOL hardware at us for development. [15:51] actually, did you hear that they're insisting that any administrators who log a call with their support, must be sun certified? [15:52] that is very sucky [15:52] heh. esp if your company wont pay for certification. [15:52] thats expensive. [15:52] well, our company will, but it means MANY hours of boring-arse exams and training [15:52] god, it's going to be excruciating [15:52] i liek sun technology but i think the business managers have lost their damn minds at sun. [15:52] what does your company develop? [15:53] i think many would agree with you [15:54] kestrel: we mostly just do consulting work. so mainyl custom stuff. [15:54] the server appliance im working on now is an attempt to get into selling hardware. [15:54] ah [15:54] with virtual servers on top [15:54] yeah. [15:54] clusterable, i presume? [15:55] not sure about that yet. its more like a cobalt but put togeather a lot saner. [15:55] and not targeted exclusivly at idiots. [15:55] heh, good call [15:55] idiots are high maintenance [15:56] our public page is quite out of date but its at www.amoebasoft.com [15:56] you can see the sun one ASp stuff we were doing before. [15:57] never made much money off of it considering how hard sun tried to kill off chilisoft asp. [15:58] you're located in the US? [15:58] yeah. [15:59] in southern tier NY of all places. [15:59] that doesn't mean much to me, except for new york :) [15:59] basicly inthe middle of nowhere in new york state. [16:00] ah [16:01] its just me, and two other guys. one guy does web stuff and windows development. and me and teh other guy do linux/unix projects. [16:01] cool [16:01] small is good [16:01] we arent rich but it gives us a place to live. [16:03] i think that's the ultimate goal [16:03] not bad considering we started with nothing. [16:04] being rich is just icing on the cake [16:04] lasted through a lot of hard times too. [16:05] especially the last few years, i imagine :\ [16:05] nasty, nasty times [16:05] Action: talon nods [16:05] brb, coffee [16:05] thats why we are inthe middle of nowhere. [16:05] because its cheap. [16:05] as long as we can get contracts its not too hard to live here. [16:06] rent is only 425$ a month.a nd most things we can telecommute to do. [16:06] witht eh ocasional trip to NYC. [16:07] one of the beauties of our industry [16:08] have you used subversion? [16:08] ive heard of it. havent used it though. [16:08] only ever used RCS and cvs. [16:08] i am going to give it a whirl, cvs is pissing me off [16:08] heh, sweet RCS [16:08] heh i hear that. [16:09] the nice thing about rcs is how easy it is to import into a cvs tree later. i used it long before cvs because i didnt need the features. [16:09] i mainly use it for config files tehse days. [16:09] or just personal projects i dont feel like putting on the cvs server yet. [16:09] i tried arch out, but it was too much effort to learn compared to subversion, which is mostly compatible with CVS (from a command line perspective) [16:10] yeah, i use rcs in exactly the same way [16:10] it's perfect for config files, as you say [16:10] we keep our 20,000 zone files in rcs ;) [16:11] svn can import cvs trees [16:11] apparently, i haven't tried it myself [16:11] never tried sccs i assume its a lot like rcs. [16:11] rcs works on more systems so i never bothered with it. [16:12] most people never see the point in revision control though. [16:13] you try to explain it to them and they just give you a blank stare. [16:13] does subversion have anything similar ot webcvs? [16:16] no idea...but it uses webdav via apache as its transport, so it wouldn't surprise me [16:16] though i'm using the ssh tunneled version myself [16:16] i mean the web based utility for browsing the tree and getting colorized diffs etc. [16:17] yes, i know [16:18] i'm also looking at www.pkgsrc.org [16:19] i'm thinking that would be handy for maintaining custom slackware and solaris packages [16:19] as long as your building the packages anyway. [16:19] you might want to check out pacman. [16:19] yeah, i am doing it manually at the moment [16:19] not fun [16:19] www.archlinux.org/pacman [16:20] not sure if it runs on solaris or not havent tried it. [16:20] farily simple package manager [16:20] smells like slackware! ;) [16:21] not for me though, i need to build native packages [16:21] well pkgsrc is just rpm. [16:21] ie. solaris native packages [16:21] oh wait [16:21] im thinking of somthign different. [16:21] yeah, pkgsrc is a ports tree [16:21] but it can build native packages for numerous unices [16:21] does pkgsrc crate native packages now ? [16:21] cool. [16:21] that's what it tells me [16:22] i need ot take a look at that. [16:22] i wonder if i ti will build irix packages. [16:22] somthign that builds soalris native packages would be great. [16:22] looks like it [16:22] IRIX 6.5/mips [16:22] IRIX64 6.5/mips [16:22] they're on its list [16:22] heh cool. [16:23] have to try it on my workstation some time. [16:23] i'm about to try it in a slackware vserver [16:24] riel (~riel@riel.netop.oftc.net) left irc: Read error: No route to host [16:24] unriel [16:25] ahh i think it uses teh netbsd package tools. [16:25] for binary packages. [16:25] not native OS package formats. [16:25] well, this sentence led me to believe otherwise: "Support for binary-only distributions is available for both native platforms and NetBSD emulated platforms." [16:26] but i could be misunderstanding it [16:29] but either way wether or not it uses its own package tools ofr installing binary packages its still useful. [16:29] this is true [16:30] i can always generate the solaris packages from the netbsd ones, if required [16:33] kestrel: i like to see a program that converts one package format to another or somthing even more like libtool but with an actual purpose (unlike libtool...) which is a generic package description used to generate a package. and depending on what platform your on it takes that description and builds a native package. [16:33] somthing developers could just put in their vanilla source tree and add as a makefile target. [16:34] i would also like to see that [16:36] ofcourse i dont see it ever used even if it did exist. its hard enough to get people to make thier code run on anything other than redhat these days. [16:36] hahah, so true [16:36] pisses me offf [16:36] let alone solaris [16:36] or something really obscure [16:36] i think i had one developer tell me "im not breaking my code just to make it run on solaris." [16:37] a few years ago. [16:37] i mean god forbid it runs on a standards complaint OS. [16:37] indeed [16:38] i think they should be forced to read a few richard stevens books before writing half the stuff they put out these days. [16:39] its one thing when tehy are just simply ignorant abotu whats a standard interface adn whats not. [16:39] btu what really pisses me off is when they are activly linux only. [16:39] even linux on x86 only which is even worse. [16:39] definitely [16:40] like they are on some holy crusade to make sure you can never find thier software useful. [16:40] actually, you might be interested in this: http://www.easysw.com/epm/ [16:40] it's quite similar to what you were wanting [16:40] i contributed the slackware support myself [16:41] unfortunately, as you mentioned, developers rarely include the packaging scripts for it [16:42] heh cool. definatly got to bookmark that. [16:46] damn. thats exactly what i wanted. [16:47] probably going to use that for anything i release. [16:47] it's pretty cool [16:47] glad someone else out there had teh same idea. [16:47] i discovered it because somebody contributed an epm profile for one of my projects [16:47] how long has it been around? [16:47] a couple of years, that i'm aware of [16:47] iv elooked for somthing like that before and couldnt find it. [16:48] surriel (~riel@imladris.surriel.com) joined #vserver. [16:49] Nick change: surriel -> riel [16:51] ahh released in 99 [16:52] thanks for the link. [16:52] np [16:54] i like how it can auto-generate a list file from a directory [16:58] this could help with future projects of ours. [16:58] cool, do i get a spotters fee? ;) [16:59] i wonder if its easy to plug in new package formats. [16:59] id love to make it work with pacman packages. [17:00] well, as i mentioned, i did the slackware package support and it wasn't too hard [17:02] cool i have a use for this. i eventually plan to make the configuration interfaces work under our linux distro (which uses pacman) and under solaris. [17:04] je (~je@hd5e25b7f.gavlegardarna.gavle.to) left irc: Read error: Connection reset by peer [17:07] je (~je@hd5e25b7f.gavlegardarna.gavle.to) joined #vserver. [17:43] Doener_zZz (~doener@p5082D829.dip.t-dialin.net) joined #vserver. [17:44] source code looks fairly streight forward. [17:51] Doener (~doener@pD9E12687.dip.t-dialin.net) left irc: Ping timeout: 485 seconds [18:01] yeah [18:17] Action: talon reads teh illuminatus while he waits for bertl to come back so he can talk about the quota stuff some more. [18:26] Nick change: Bertl_zZz -> Bertl [18:26] hmm speak of the devil. [18:26] Action: Bertl enters the stage from the left ;) [18:26] hi everyone! [18:26] hi talon! [18:27] good morning. [18:27] guess what, I fixed the quota stuff?! [18:27] sounds good. [18:27] what did you find out about it all? [18:27] you have to add one line to make it work ;) [18:28] and as usuall, the issues where self made ... [18:30] in fs/inode.c about line 100 [18:30] if (sb->s_flags & MS_TAGXID) [18:30] inode->i_xid = current->xid; [18:30] inode->i_xid = 0; /* maybe xid -1 would be better? */ [18:30] this has obviously to be changed to: [18:30] if (sb->s_flags & MS_TAGXID) [18:30] inode->i_xid = current->xid; [18:30] else [18:30] inode->i_xid = 0; [18:31] why does this mess up the quota system so much? [18:31] simple, everything is created in xid=0, thus only xid 0 quota applies on creation, writing and deleting happens in the 'correct' context [18:33] so then, did context quotas ever really work propperly until now then? [18:34] yep, that change was introduce a few releases ago :( [18:34] +d [18:34] (the xid=0) [18:35] and thus I simply broke quota myself :) [18:35] until i noticed :) [18:35] wouldnt have noticed at all if i hadnt tried ot check inode quotas because at first glance block quotas seem to work. [18:36] that is because most block operations happen after the file is created ... [18:36] and at this time it has already moved into the 'correct' context [18:38] simple else statement. [18:39] Action: talon makes the change to a 2.4.24 kernel with teh 1.26 release and previous quota patches. [18:43] did the other changes you made to the quota patches up to this point help anything? [18:44] yup, sure they fixed ' [18:44] hidden' bugs ... [18:44] only visible in cornercases (move from/to context without hash) etc ... [18:45] glad i could help shed light on some of those cases. [18:46] I glad and very thankful that you did ;) [18:46] hopefully most of my observations were helpful in pinpointing the problems. i was never sure if i was being specific enough ro explaining the exact setup. [18:48] hmm, well I found it by checking about 200 lines of quota debug messages in a perfectly working case ;) [18:49] first thought my printk was missing an argument, but then I saw that the xid was zero on that file ;) [18:49] im curios, what do you use to maintain your patches? [18:51] hmm, maintain, hmm, what exactly do you mean? [18:51] mergeing them with different kernel revisions and such. and tracking changes to the patch set. [18:52] do you have a cvs tree where you work off of a specific kernel revision? [18:53] ah, okay, no, I tried cvs for a short amount of time, but the amount of information was too huge ... [18:53] I keep them separated into several 'logical' chunks [18:54] they are known as the split-* or broken out patches ... [18:55] as I follow the kernel releases very closely (at least for myself), the changes are usually minimal [18:56] mergin with a new kernel, takes some time, but that can't be done automatically, as the changes might collide with the vserver stuff anyway (like in the debian kernel) [18:57] i dont plan to stray too far from a vanilla kernel aside form adding the netfilter and vserver patches. and maybe the nonexec stack patch. [19:01] I had netfilter in the patchsets for some time ... maybe I'll add them again ... the nonexec stack stuff seems useful too, could you provide an uptodate url? [19:02] dont have it right now. rob sugested it to me (orother unix guy) [19:02] our other unix guy even. [19:03] are there per context ram limits? [19:03] no, just virtual memory [19:03] using ulimit? [19:04] nope, using the ml patches for stable and it's included in devel [19:05] cool will probably try to get that working as well. does it have any known side effects with vs+the quota patches ? [19:06] well, I would say if you add only a few non-critical patches, you are with devel 1.3.x anyway ;) [19:07] i might end up with whatever devel ends up turning into when its released depending on how long this all takes. [19:08] oh yeah forgot to mention the bme patches. [19:08] cant forget those. [19:08] ;) [19:10] well quotas definatly apper to be acting much better. but im still confused about the inode count. [19:10] and block count. [19:10] where it says i have 4 files instead of 3. [19:10] riel (~riel@riel.netop.oftc.net) left irc: Quit: Client exiting [19:10] riel (~riel@laptop.surriel.com) joined #vserver. [19:11] and 20 blocks instead of 16. [19:11] mdaur (mdaur@p509168CA.dip.t-dialin.net) joined #vserver. [19:12] hmm [19:12] just a second i might know where that comes from. [19:12] hi mdaur! [19:12] hi [19:13] hmm no no group quotas. [19:14] 1.25 seems to be broken? [19:14] hmm depends on what you mean? [19:15] chmod issues? [19:15] yup, if you distro/users create 000 dirs, they lose ... [19:16] Action: talon tries recreating the quota files. [19:16] ok i didn't realize that 1.26 is also released [19:17] Bertl: why use chmod at all? why not have a syscall that does the change securely instead of relying on fixing chmod? [19:17] well, we have that in devel, but it is untested ... [19:18] and it was the minimal change required to fix that issue quick ;) [19:19] talon: dumpe2fs -h should give you some info about your fs [19:19] also whats the sequence of events when the vserver starts a vserver? chmod, change ipv4root, ulimit?, chcontext with /etc/rc.d/rc.M as arugment? [19:19] vserver script i mean. [19:19] well have a look there ... [19:20] I'm pretty sure that differes between enricos and jacks versions ... [19:22] are there any hints running an snmp daemon in monitor mode (ctx=1) [19:26] hmm, are there any problems with that? [19:26] no but i think i will do it [19:30] hmm ok i think i found out where the files = 4 comes from. do hard links consume inodes? [19:30] the link count is 2 on my home directory. [19:30] hmm, no they usually don't [19:31] what does dumpe2fs report? [19:31] dumpe2fs -h ? [19:32] yep, you probably have to do some math to sum up all the other files ... [19:32] probably not very accurate anyway ... [19:34] hmm odd. [19:34] okay, I'll have a bath now ... will be back in an hour ... [19:35] i had some files owned by me but a very high groupid. [19:35] chgrp them to users and teh counts all match up. [19:35] hmm, sounds good, did you change the xid tagging some time ago? [19:36] ehh? [19:36] yeah. [19:36] that probably messed up that files ... [19:36] the 'correct' way to change from one xid taggin to another isn't implemented yet ... [19:36] my homedir and .bash_history was what was messe dup. [19:37] it would require to read the xid from all files on a filesystem, then change the tagxid method, then reapply the context information ... [19:37] well, maybe we can solve this with EA too in 2.6 SE [19:38] okay, off to bath I go, cu later ... [19:38] Nick change: Bertl -> Bertl_oO [19:43] hmm... [19:43] i cant make my file count go down below 4. [19:43] even by removing the two dotfiles in my homedir. [19:44] it was at 4 before i removed them. [19:46] Action: talon scratches his head and plays with it some more. [19:52] mdaur (mdaur@p509168CA.dip.t-dialin.net) left irc: Quit: cya [20:17] hmm i mihgt have found a bme bug. [20:18] yep [20:18] if you try to touch a file on a reoad only bind mount. [20:19] the filesystem state goes to busy. [20:19] and you cant ever un mount it. [20:21] for example i start the vserver. and try to touch the file /usr/share/foo which doesnt exist as an unpriv user that also doesnt even have permissions for that dir. i get operation not permitted read only filesystems. [20:21] read onyl filesystem even. [20:21] shut down teh vserver. [20:21] and the /usr bind mount fails to unmount saying its busy. [20:22] i think i can reproduce this on a vanilla kernel with just bme patches as well. [20:23] trying that now. hopefulyl you will have more things to look at when you get back form your bath :) [20:24] going to have to start a tally for all teh corner cases i find. [20:26] lp (~lpressl@interner.SerNet.DE) left #vserver. [20:41] JonB (~NoSuchUse@129.142.112.33.ip.tele2adsl.dk) joined #vserver. [20:45] root@test1:~# mount -oro --bind /sbin /mnt [20:45] root@test1:~# su talon [20:45] talon@test1:/root$ whoami [20:45] talon [20:45] talon@test1:/root$ touch /mnt/foo [20:45] touch: cannot touch `/mnt/foo': Read-only file system [20:45] talon@test1:/root$ exit [20:45] exit [20:45] root@test1:~# umount /mnt [20:45] umount: /mnt: device is busy [20:45] Last message repeated 1 time(s). [20:45] vanilla kernel. [20:45] with bme patch 2.4.25-rc1 [21:10] loger joined #vserver. [21:12] not sure if its atime related or not. i was attempting to use touch to create a file that didnt exist. [21:12] as a non root user. on a ro bind mount point. [21:14] Panter: do you need ipv6? [21:15] didnt try touching a file that already existed. but i can try that. [21:15] yup, would make sense ... [21:16] maybe it's a missing put() on the error path ... [21:16] all i know is touching a file that doesnt exist makes teh fs go busy. [21:16] what kernel do you use to test atm? [21:16] 2.4.25-rc1 [21:17] Sh[a]de (shade@cpe109.bb101.cablesurf.de) left irc: Quit: Excursion (On IRC.BONGSTER.DE [#wwip, #german-elite and #lov]) [21:18] touching existing files also causes it to go busy. [21:19] probably any operation involving write to the fs id imagine. [21:19] just for the fun of doing it, try chmod on the file [21:20] ok. [21:20] gotta reboot again [21:20] hmm, shouldn't be another mount sufficient [21:21] well yeah i suppose so. [21:23] chmod doesnt cause busy. [21:23] so it is a directory related issue ... [21:24] what about removing a file which doesn't exist? [21:26] nope [21:27] okay, currently compiling linux-2.4.23-bme0.03 [21:29] i wonder how many more things like this i will run into. [21:29] Bertl: im interested in ipv6 and my provider say that their vserver dosn't support ipv6 [21:30] talon: would you like to become linux-vserver chief of QA and Testing? 8-) [21:31] Bertl: dont knwo if i have tiem to test everything but its a good bet that i will be testing a lot of the functionality over the next month or two as i try vserver in different configurations to try and get it ready to integrate into our distro. [21:32] goign to have to start a running tally of bugs soon though. :) [21:33] lost count of how many times ive compiled the linux kernel by now though. [21:34] i think im avraging like 15 or so compiles a day. [21:34] okay, my test script, which I can make available if you are interested, runs fine on 2.4.23-bme0.03 and umount is no problem after that run ... [21:34] yeah id be intrested in the script. [21:35] Bertl: i've to go now... ill come back tommorrow i think [21:35] Panter (~panter@p50902B51.dip.t-dialin.net) left irc: [21:36] the patch im using is the 2.4.22-rc2-bme0.3 patch. [21:36] yeah, that is the same I always used ... [21:37] are the bind mounts inside teh same fs ? [21:37] or mounted across to a new fs? [21:37] across a new fs ... hmm, you are doing it on the same I assume? [21:37] im mounting parts of an fs inside itself. [21:38] try it with mounting a tree to another directory inside the same fs. [21:38] should trigger it then. [21:39] hmm, actually there are 3 cases: [21:39] a) mount onto another fs [21:39] b) mounted onto another place in the same fs [21:39] c) mount in place [21:39] mount in place? [21:39] /bin/mount --bind -o ro /mnt/part1 /mnt/part1 [21:40] ahh whast the use of that ? [21:40] never tried that. [21:40] making parts of a rw partition ro ;) [21:40] case b is all ive done. [21:40] i wouldnt be surpsied if case c also triggers though. [21:40] similar to case b. [21:42] c) works here too .. [21:42] hmm lets see that script. [21:43] im not using 2.4.23 though. [21:43] actually it's a tiny script calling some C test code ... so let me dig that out, and make it available ... I have to verify that it is testing the right things too first ... [21:44] ive only used command line tools. [21:44] has been quite some time since I wrote that patch ;) [21:44] could be they do somthing the C program doesnt. [21:44] havent tested it on a 2.4.23 kernel either 2.4.24 and up. [21:45] shouldnt make a difference but if that doesnt work thats all i can think of. [21:45] also. let me try doign these operatiosn as root. [21:46] no thats not a factor. [21:46] i was changing to an unpriv user before testing. root is teh same effect. [21:48] id just use touch to see if you can reprooduce it. and if you can strace touch to see what syscalls its using on the directory. [21:49] Action: talon builds a 2.4.23 kernel [21:50] okay, have to leave for a moment, brb .. [21:50] Nick change: Bertl -> Bertl_oO [22:07] 2.4.24 only contains security fixes [22:07] afaik [22:07] just want to be exactly the same was what hes using to test it. cant hurt. [22:08] and when trying to reproduce a problem lots of seemingly unrelated things can interact IME. [22:13] and considering the kernel i was using before was 2.4.25-rc1... [22:14] and the 2.4.24 kernel wasnt vanilla. [22:17] i c [22:22] i actually like trying to make software fall over. [22:48] Nick change: Bertl_oO -> Bertl [22:49] ok i was able to make it happen on 2.4.23 im trying a 2.4.23 kernel without quota support compiled in now. [22:49] just on a hunch. [22:49] <_shur1> got 5 servers to recompile today:( [22:49] hmm, why's that? [22:50] <_shur1> damm exploits! [22:50] a new exploit? [22:50] linux or other OS? [22:50] <_shur1> i run 1.24 [22:50] oh. [22:50] ok [22:50] just making sure no new kernel exploits came out while i was off in my own world. [22:51] <_shur1> got to upgrade... to 1.26 [22:53] nope can reproduce it still. [22:54] try this mkdir 1; mkdir 2; mount -oro --bind 1 2; touch 2/blah; umount 2 [22:54] okay, I discovered that my tests require a prepopulated dir, so they aren't working without that, and somehow that was lost over time .. [23:14] Doener_aw (~doener@pD9E12F72.dip.t-dialin.net) joined #vserver. [23:16] Nick change: Doener_aw -> Doener [23:16] hi [23:17] hi! [23:18] Doener_zZz (~doener@p5082D829.dip.t-dialin.net) left irc: Ping timeout: 501 seconds [23:21] # /bin/umount /mnt/part3 [23:21] umount: /mnt/part3: Device or resource busy [23:21] serving (~serving@213.186.188.205) left irc: Read error: Connection reset by peer [23:23] Bertl: good i was starting to worry that you couldnt reproduce it. [23:27] although my umount command just says device is busy [23:27] instead of Device or resource busy. [23:34] http://vserver.13thfloor.at/Stuff/fstest-0.02.tar.bz2 [23:35] hmm you forgot to include errno.h [23:35] I always forget ;) [23:35] newer glibcs dont allow you to do exter int errno. [23:37] ok. so what do you want me to do with teh compiles fstest? [23:37] hmm, nothing, you wanted that stuff, remember? [23:37] yeah. although mainly when you said you couldnt recreate it. [23:38] still have to test if this is present on .22rcX ... [23:38] maybe it was there from the beginning, now that I think about it, never tried to unmount it ;) [23:39] hope im not making a pest of myself. giving you so much to do. [23:46] no problem with that, there is no pressure for me ... ;) [00:00] --- Mon Feb 9 2004