[00:36] Nick change: Bertl_oO -> Bertl [00:42] Bertl: the quota patch aganst stable appears to work just fine. as well as the bme patch. although i didnt test teh noatime stuff. [00:42] good! [00:43] and i will probably start working on a context quota howto sometime tonight. [00:44] so can I release the stable quota stuff, then? [00:44] dont see why not. didnt have any problems with it. [00:44] okay, because A.Mery and Co are waiting for it ;) [00:45] if theres any test youd like me to run first i could try them. [00:45] you probably did better tests than I ... [00:45] how does the patch differ from what we built last time, btw? [00:46] did you compare the patched sources? [00:46] just basic inode accoutning checks, soft quota limits, soft quota timeout/enforcement. and hard limits. [00:46] no. i can try though. [00:46] didnt try that. [00:46] well, if you have the code around, you could simply compare it with diff ... [00:46] as far as behavior i dont see difference from a user point of view. [00:47] yeah i have the code. [00:47] good, might be interesting, as those where two different direction, we came from ... [00:47] +s [00:48] the older one is from q0.12 on stable to q0.13, the newer one, a straight backport from devel ... [00:48] hmm. how do i try to compare with a patch aganst 2.4.25 vs some 2.4.24 code? [00:48] or do you just want to compare aganst q0.12 patch ? [00:49] hmm, okay we did the previous against 2.4.24 .. then forget it ... [00:49] i think we migth have fixed a 2.4.25 one too. [00:49] if i recall correctly it was just a couple of lines that needed changing. [00:49] one of htem was a missed else statement if i recall correctly. [00:50] to keep everythign form going back to ctx0. [00:50] yeah, that was in fs/inode.c [00:51] all i know is teh quota patch you gave me works just fine with vs1.26 under 2.4.25rc1 as far as i can tell. [00:52] only thign i havent tried yet is having multiple contexts running all using context quotas. [00:52] and seeing if theres any issues. [00:52] okay, I'll update the vserver patch to 2.4.25-rc2 and the q0.13 to that, could you give that another spin? maybe with different contexts? [00:53] sure [00:53] just have to create another context real quick. [01:06] _shur1 (~shushushu@vserver.electronicbox.net) left irc: Ping timeout: 483 seconds [01:10] hmm odd. [01:10] means? [01:11] i setup some new vservers and i get permission denied when i try to access anythign in them from a different context. [01:11] not quite sure why. [01:12] well, that is a feature, inter context protection ... [01:12] we introduced that some time ago, after an extensive opinion poll [01:13] basically xid=N can see xid=0 and xid=N files but not xid=M (M!=N) files [01:13] well i mean i cant access anything. works fine for the ctx100 vserver which is mounting its binarys from a ro bme mount. [01:13] _shur1 (~shushushu@vserver.electronicbox.net) joined #vserver. [01:13] but try the same thing for other vservers and it fails. [01:13] all the vserver files are theri own context and the bind mounted files are ctx0. [01:14] hmm, the original for the ro mount hasn't tagxid enabled by any chance? [01:14] and i didnt do the permission fixes for teh exploit yet. [01:14] yeah its on a tagxid fs. [01:15] okay, then just for a simple test, verify that they are still have xid=0 [01:15] for both, the bind ro mount and the original [01:17] hmm i just redid the template dir with chctx and it just works now. [01:18] hrm... [01:21] so where they in a different context? [01:21] it might be that either the ro bind moves the inodes into a new context ... [01:22] or access from inside the vserver changes the xid of the underlying files ... [01:22] trying to figure it out. they were all ctx0 now im having the same problem with another vserver... very odd. [01:23] or not so mysterious after all i missed soem mount points in that vserver. [01:23] let me make sure of a few things here. [01:23] okay ... [01:32] hmm for now i think i will chalk it up to not creating a new vserver environment for a while and screwing somthign up. but i will be doing mroe checking later. [01:32] right now though im setting up the extra vservers for quota. [01:34] serving (~serving@213.186.188.205) left irc: Ping timeout: 488 seconds [01:38] so far so good. [01:38] enabling quotas in a 3rd vserver. [01:50] ok seems to work correctly between two running vservers trying inthe 3rd. i expect it to just work. [01:51] i think i know what happened in the first case. [01:51] withteh permissions. [01:51] i thik i might have accidentally set one of the bind mounts to 100 when i started ctx100 without the ro bind path. [01:51] patch even. [01:52] hmm ... interesting ... [01:56] yeah seems to work fine across 3 contexts. [01:56] cratign another to see if i get teh odd permission problem again. [02:03] yeah looks like it was my fault re teh permission problem. [02:07] yeah id say its acting plenty stable enough. [02:07] seems to work as expected over 4 different vserver instances with unique context ids. [02:09] and the ro bind mount doesnt seem to be doing anything strange. [02:15] morning [02:19] _shur1 (~shushushu@vserver.electronicbox.net) left irc: Ping timeout: 483 seconds [02:22] bertl: still there? [02:34] yup, but I was cooking ... [02:41] okay, I verified 2.5.25-rc2-vs1.26 here .. so [02:41] I just update the q0.13 to that and have both released ... [02:47] bme seems to be working too. although i havent tested noatim etc. but basic ro mounts do seem to work fine. [02:48] setting upa fresh slackware box to use in writing the vserver/quota howto (clean example machine) [02:49] been using my own slackware based distro until now. [02:49] Topic changed on #vserver by Bertl!~herbert@MAIL.13thfloor.at: http://linux-vserver.org/ || latest stable 1.26, devel 1.3.7, exp 0.07 [02:49] mostly the same but probably just different enough. [02:51] slackware is GOOD [02:51] is it? [02:51] yes it is [02:52] JonB (~NoSuchUse@83.89.173.209) joined #vserver. [02:52] Hi Jon! [02:52] hey Bertl [02:52] Bertl: are you still up ? [02:53] hmm, well yes, I'm still up, but since when? [02:54] i figure slack would make a good example box anyway since its about as close as you get to a vanilla linux distro. [02:55] hmm, probably [02:59] basicly im going to cover. patching, configuring and building a 2.4.25 kernel with vs1.26 and the quota and bme patches. building and installing the utilities. setting up the vservers fs. creating a template vserver. and creating real vservers based on it. [02:59] and then how to setup the per context quotas. [02:59] and the vroot devices etc. [03:00] might even make a script for it not sure bout that one yet. [03:03] sound pretty impressive ... [03:07] JonB (~NoSuchUse@83.89.173.209) left irc: Quit: Leaving [03:13] just a basic step by step document. [03:14] you know the background docs I made some years? ago? [03:14] http://www.13thfloor.at/old/VServer/ [03:14] yeah. well some of it. most of what i used was an outdated howto someone else wrote and what was on the context quota patch page. [03:14] i think i read some of that as well. [03:15] although it left out the context quota stuff. [03:15] http://www.13thfloor.at/old/VServer/Concepts.shtml [03:15] that should be useful if you want to explain some things ... [03:15] and that could be a base for the how-to http://www.13thfloor.at/old/VServer/HowTo_LVMQS.shtml [03:16] Action: talon nods. i will probably use some of that. [03:16] will this be html, txt or wiki? [03:16] i will let you have a look at it before i tihink about releasing it. [03:16] probably a flat text file. [03:17] okay, would be nice though if you could format it for the wiki afterwards ... [03:18] i might even use groff to format it into text/html/pdf [03:18] probably just text for teh first draft. [03:26] although i might just use the -me macros [03:29] serving (~serving@213.186.188.205) joined #vserver. [03:30] used to use troff a lot so im a bit mor comfortable with it. and it can be easily generated into any format. [03:53] Bertl, what exactly is wrong with 2.6 stuff now ? [03:54] hmm, why? [03:54] waiting to know when i can switch to 2.6 [03:54] well, did you test vs0.07 yet? [03:55] wasn't going to test until i learned any caveats [03:55] so you'll never know ;) [03:56] my devel server is 2.6 due to nfs compatibility issues [04:02] so what stops you? have a try on vs0.07, and report what doesn't work in your setup ;) [04:03] this way we can improve it, if everybody waits until it's extensively tested, no testing will happen and we'll all die long before vserver for 2.6 is ready ... [04:14] thats a great way to put it :) [04:15] hmm, could it be that nobody rated the Context Quota stuff on freshmeat? [04:15] its on freshmeat? [04:15] hmm, yeah, for a long long time now ... [04:16] dont check freshmeat often. [04:16] (it was more a sublime message, than criticism ;) [04:17] i actualyl heard about vserver from a friend of mine. when i was talking to him about UML vs vmware vs FreeBSD jail etc. [04:18] okay, I'll go to bed now ... have a nice wossname ... [04:18] cu all tomorrow, I hope ... [04:18] night. [04:18] night talon! [04:18] will hopefulyl have some of the document done by tomorrow. [04:18] Nick change: Bertl -> Bertl_zZ [04:18] don't hurry ... [04:24] noel- (~noel@pD952CB42.dip.t-dialin.net) joined #vserver. [04:32] noel (~noel@p50859C15.dip.t-dialin.net) left irc: Ping timeout: 504 seconds [05:37] im not in a hurry. when i mean some of the document i mean an outline. :) [05:38] lala [05:53] Doener (~doener@pD9E12D8C.dip.t-dialin.net) left irc: Ping timeout: 488 seconds [05:55] Doener (~doener@p5082DACD.dip.t-dialin.net) joined #vserver. [06:17] Nick change: talon -> talon_zz [06:19] Doener_zZz (~doener@pD9E12D8B.dip.t-dialin.net) joined #vserver. [06:26] Doener (~doener@p5082DACD.dip.t-dialin.net) left irc: Ping timeout: 488 seconds [07:15] kestrel (athomas@home.swapoff.org) left irc: Quit: bye [07:45] Nick change: surriel -> riel [08:11] so, time for a user-mode-win2k port ;-) [08:16] ;) [09:56] Nick change: Bertl_zZ -> Bertl [09:57] morning everyone! [10:01] Nick change: Doener_zZz -> Doener [10:01] morning [10:01] mornin Doener! [10:01] hi bertl [10:03] hmm... i was quite an example of a windows user when i started using linux and obviously made a mistake back in the time i setup my box... [10:03] Filesystem 1K-blocks Used Available Use% Mounted on [10:03] /dev/hdb1 34606040 10902628 21945504 34% / [10:04] is there a non-destructive way to fix this? [10:04] hmm, that is the only partition on that disk? [10:04] yes [10:04] and the only disk in the system? [10:05] no, there's a second disk with 'that other os' on it [10:05] ah okay, then you have a non destructive way to fix it ... [10:07] 'just' create a minimal linux boot system on the second disk, which contains useless junk anyway ;) (well, you could backup that befor doing so) and boot from the second disk, then use resize*fs to shrink the partition to a saner values, and create new partitions, expanding them as you go ... [10:10] uhm... what about a rescue cd? [10:10] cowards way out ;) yes of course ... [10:11] i still need windows from time to time, because some guys at university are heavy into it and i don't trust windows enough to let it shrink the ntfs partition ;) [10:11] so be it ... [10:34] Doener (~doener@pD9E12D8B.dip.t-dialin.net) left irc: Quit: Leaving [11:03] Anyone around? [11:04] nope ;) [11:05] what's up, what do you need? [11:05] kramer (~kramer@80.86.100.172) joined #vserver. [11:05] Quick question about limitations of vservers [11:05] hi kramer! [11:05] theoretically, what are the maximum number of contexts that could run? [11:05] Nick change: _maharaja -> maharaja [11:05] WSU: about 65533 I guess ... [11:06] I am running into a problem, have 83 vservers running, and am starting to have apache report out of disk space [11:06] though the drive is not 50% full [11:06] a) where does it report this (might be shmem?) [11:07] [Fri Feb 13 00:56:55 2004] [crit] (28)No space left on device: mod_jk: could not create jk_log_lock [11:07] b) what does it report [11:07] in the apache error log [11:07] quota patch is compiled in the kernel, though no device is mounted with it enabled [11:07] sounds like a 'locking' attempt ... [11:08] ok, and what are the limits, or what would be causing it? [11:09] don't know, you probably have to strace that jakarta module ... [11:10] if I know what actually fails on the syscall level, I might be able to tell you more ... [11:11] it's also happening on a different context that doesn't have jakarta. the same lock error [11:12] what do I need to do to give you what you nee [11:12] d [11:12] [Fri Feb 13 00:52:03 2004] [crit] (28)No space left on device: mod_rewrite: could not create rewrite_log_lock [11:12] get strace (>= 4.5) and try to log the entire path until there is that lock error ... [11:13] strace -fF -s 1000 -o lock.log [11:13] -k- [11:14] do I need to patch my kernel for strace to work (2.4.24 vs1.26) [11:15] no [11:27] http://vserver.zevlag.com/vs/lock.log [11:27] output from strace -fF -s 1000 -o lock.log /etc/init.d/httpd start [11:28] /var/log/httpd/error_log shows [Fri Feb 13 01:26:25 2004] [crit] (28)No space left on device: mod_rewrite: could not create rewrite_log_lock [11:28] Configuration Failed! [11:31] 5888 semget(IPC_PRIVATE, 1, IPC_CREAT|0x180|0600) = -1 ENOSPC (No space left on device) [11:31] you ran out of semaphores ... [11:31] check the /proc entries for that ... [11:35] cat /proc/sys/kernel/sem [11:36] cat /proc/sys/kernel/sem [11:36] 250 32000 32 128 [11:37] semmsl semmns semopm semmni [11:37] are there any good pages with details on the ULimits? [11:37] ENOSPC A semaphore set has to be created but the system limit for the maximum number of semaphore [11:37] sets (SEMMNI), or the system wide maximum number of semaphores (SEMMNS), would be [11:37] exceeded. [11:37] what details would you prefer? [11:38] manpage: probably bash and setrlimit [11:38] Just general understanding, so I can limit number of proccess for each vserver and such [11:40] ulimits are per process, not per vserver, in stable, there is a hack ('NPROC' flag) to propagate that value to the per vserver rlimits, in devel this is done with a separate tool and can be changed at runtime ... [12:47] Doener (~doener@pD9E12EE4.dip.t-dialin.net) joined #vserver. [12:48] Nick change: Bertl -> Bertl_oO [12:48] hi [13:14] [HvD] (~guess@62.99.252.14) joined #vserver. [13:36] Doener (~doener@pD9E12EE4.dip.t-dialin.net) left irc: Quit: Leaving [14:36] virtuoso (~shisha@ip114-115.adsl.wplus.ru) left irc: Quit: Out-of-office. [14:44] Bertl: i have a security problem [14:45] Bertl: i did a dd if=/dev/sda1 and worked [14:45] anybody, any ideas? [15:00] ok, so we have a BIG problem [15:01] i dd'ed the swap partition [15:01] and worked [15:01] and then strings | less on the resulting file [15:02] it was all my passwords, the other users' passwords, everything [15:02] and all from a root shell in a vserver [15:06] Doener (~doener@pD9E12EE4.dip.t-dialin.net) joined #vserver. [15:51] [16:04] Last message repeated 1 time(s). [16:04] Doener (~doener@pD9E12EE4.dip.t-dialin.net) left irc: Quit: Leaving [16:19] kramer: why were those device nodes in your vserver? [16:20] that seems to be the real security problem to me. [16:22] Nick change: talon_zz -> talon [16:30] a full device tree in your vserver /dev is really not a good idea as you seem to have found out. it only requires a bare minimum of devices. the vserver create command should have made a bare dev tree for you. [16:32] erm i mean build. [16:49] ok, i created the vservers with a self made script [16:50] but it doesn't mount anything in /dev/ or /proc [16:51] just creates /etc/vservers/$NAME and /vserver/$NAME, and rpm -UVH' --root=/vservers/$NAME [16:52] which probably installs an RPM that creates a full /dev tree [16:53] oh [16:53] Action: kramer feeling stupid [16:54] ok, so *I* have some bit of a problem [16:54] root@test1:/vservers/foo# ls -lR dev [16:54] dev: [16:54] total 4 [16:54] crw-rw-rw- 1 root root 1, 7 Jan 27 20:45 full [16:54] brw-r--r-- 1 root root 4, 0 Jan 28 16:42 hdv1 [16:54] prw------- 1 root root 0 Jan 27 21:53 initctl| [16:54] crw-rw-rw- 1 root root 1, 3 Jan 27 20:45 null [16:54] crw-rw-rw- 1 root root 5, 2 Jan 27 20:45 ptmx [16:54] drwxr-xr-x 2 root root 4096 Jan 27 20:45 pts/ [16:54] crw-r--r-- 1 root root 1, 8 Jan 27 20:45 random [16:54] srw------- 1 root root 0 Feb 10 08:13 reboot= [16:54] crw-rw-rw- 1 root root 5, 0 Jan 27 20:45 tty [16:54] crw-r--r-- 1 root root 1, 9 Jan 27 21:52 urandom [16:54] crw-rw-rw- 1 root root 1, 5 Jan 27 20:45 zero [16:54] thats all you need. [16:54] and hdv1 is normally created a sjust a zero length file unless your using the vroot device. [16:55] ok, so: what does vserver $NAME create? [16:55] which is a device that doenst allow reads ro writes but proxys quota ioctl calls. [16:55] or is it vserver $NAME build [16:55] vserver $name build. [16:56] with a certain version of the tool you can prevent it from creating a whole vserver by extting the UTIL_VSERVER_AVOID_COPY environment variable. [16:56] and it should jsut create an empty tree. [16:56] ok, help me out here... the documentation was scarce, and I had to make my own script [16:56] i think ensc made a newer version of teh tools that does this via a flag instead. [16:57] so... what if someone who has root access on a vserver installs the dev tree? from a rpm, for instance [16:58] you cant use mknod inside a vserver. [16:58] so it would fail. [16:58] aha.... [16:58] you have to create teh device nodes int eh vserver filesystem from outside teh context. [16:58] ok, got it [16:59] onyl special files you can create are fifos. [16:59] inside a context. [16:59] and i think named pipes as well. [16:59] so: what's the *proper* way of creating a new vserver? newvserver script didn't work [16:59] erm same thing. [17:00] i dont think im an authority on that one (yet). but the way i do it it use vserver $name build. with UTIL_VSERVER_AVOID_COPY set to 1 then i copy over everything form a template tree. [17:00] except dev. [17:01] thats basicly how i do it. except i try and save sapce by using read only --bind mounts thanks to bertl's bind mount extension patch that makes that possible. [17:02] but the copy method shoudl work just fine. and i think the vserver foo build script does exactly that by default withou the env set. [17:02] except it copys directorys form teh host system. [17:02] into the vserver root. [17:02] at least 0.26 did. [17:02] im going ot be trying it again with teh most recent util-vserver package. [17:03] im sure thats probably out of date. [17:03] but it does work for me. [17:05] never tried it on a redhat box though. [17:06] only slackware. [17:06] shouldnt make a difference though. except the scirpt might be more friendly to working on a redhat box and you might not even need to do a lot fo things by hand. [17:09] the vserver buidl command shoudl create a dev like i showed above adn make a $name.conf file in /etc/vservers for you. [17:09] and if you didnt set that env or used the new flag that ensc put in to basicly do the same thing. it should copy selected files from your host system into the new root. [17:11] teh vserver script is a shell script. [17:11] so you can modify it to do what you like. [17:12] or you can just look at what it does and create a custom script. [17:12] for the creation part. [17:15] im pretty sure with teh new tools though it does all that already. as far as having the options to clone a vserver [17:16] Action: talon doesnt want to get ensc mad at him by teling you the gritty detaisl of an out of date tool. [17:17] the mailing list would probably be a better place to ask come ot think of it. [17:19] a lot more people in there using vserver for much mreo serious daily use than i do. at the moment. although i am working on a document you might find useful. after i get up to date on everything and piece togeather all the loosely organized documents i need. [17:26] Nick change: Bertl_oO -> Bertl [17:26] hi everyone! [17:27] good morning Bertl [17:27] Bertl: i havent set this guy on the wrong path have i ? [17:27] hi meebey! hi talon! [17:28] whom? kramer? (still reading) [17:29] yeah. [17:29] hmm, there is a page, enrico updates, about the alpha branch, you know that? [17:30] no actually i dont. but i will be looking into it today because i have to if i want to write a propper howto document. [17:30] i havent used anythign other than 0.26 other than to test compiling 0.28 on sparc64 [17:30] those are his 'devel' tools but I'm pretty confident, they will sone become 'stable' [17:31] s/sone/soon/ [17:31] thats why im starting on a fresh machien form scratch for the document. [17:32] i have an outline at talon.home.cosmic-cow.net/howto.html thats the layout i have in my head right now. [17:33] looks good ... [17:34] thats generated from groff using the -me macros and teh html backend. i can also make that in ascii and postscript and PDF from teh same sources. [17:35] im a bit rusty with it since i havent used teh unix typesetter in a couple of years. [17:35] but i know it better than html. [17:35] Bertl: is there a FAQ thing for vserver? maybe add the bind8 bug thing to it? [17:35] Bertl: I just heard from a long vserver user that problem is pretty known [17:36] there are severyl FAQs .. find an appropriate one, and please add it, if it's not already there .. [17:36] thanx talon for the tips [17:36] just got baxk to the computer [17:36] Bertl: ok [17:37] after i write this it will probably be the last document i write for vserver in a while. but i do think it would be a good idea to see if anyone is interetsed in being the documentation maintainer and be in charge of organizing all the documentation in one place and weeding out the out of date stuff. [17:37] meebey: http://www.linux-vserver.org/index.php?page=Linux-Vserver+FAQ [17:37] G,1 [17:38] Bertl: thats a problem though which I didnt have [17:38] Bertl: should I add my thing? [17:39] if you do it in the 'nice' style the FAQ is formatted, yes, please go ahead ... [17:39] k [17:39] maybe as separate bind8 subpoint, with some references/remarks [17:40] what was the status, bind9 works without the capset? [17:40] (linuxcaps I mean) [17:40] thats what i remember reading. [17:41] i also remember reading a lot of not very nice things said about the bind9 developers where i read that too :) [17:42] hum, but not on the vserver ml, right? (ah, you didn't subscribe ;) [17:42] not yet. but i do go through teh archives every other day. [17:42] which ones, by the way? [17:43] http://list.linux-vserver.org/archive/vserver/ [17:43] interesting ... [17:44] afk, brb [17:45] thats why i ended up writing teh howto. i was goign to subscribe to post the quotatool changes and realized it did no good if you arent running current quota patches. [17:48] Action: talon goes back to refreshing himself on propper troff macro usage. [17:53] hhhmm [17:59] okay, I'm back ... [18:00] Bertl: check the FAQ [18:00] talon: you might find paul's archives better if you are looking for something ... [18:01] meebey: did already, looks useful so far, although it might make sense to reduce the level of indentation ... but we'll see ... [18:01] :) [18:02] wasnt too easy for me, never did wiki style :) [18:02] well, isn't too hard, if ther is some example available, right? [18:03] right, I looked at other places and tried to figure out what those keychars mean :) [18:03] # seems to be for space indentation [18:03] * a subpoint [18:04] well, if you want to know all the details, just follow the 'BIG LINK' in the second line on each page ;) [18:04] called FormattingRules [18:04] :)) [18:04] experiemting is more fun [18:05] maybe tonight I will release pre-version debian packages [18:05] Bertl: never used it to search. moer just to keep up with the current postst. [18:05] are here any debian users which may wanna try my packages? [18:05] although i did go throught almost the whole archive one time. [18:06] I can give it a try on my parisc box? 8-) [18:06] id love a parisc box. never touched HP-UX before. [18:06] no hp-ux, pure linux of course ... [18:07] :) [18:07] Action: meebey dtx: need more energy drinks [18:07] time to hardcore packaging [18:07] id probably try linux on it too. but im sure it wouldnt be as interesting sinc eive already done that on other platforms :) [18:07] it's the hell ... [18:07] ive heard bad things about it. [18:07] maybe I should go back to windows [18:07] since its partly opensource now... [18:08] :-P [18:08] ugh yeah but woudl you really WANT the windows source? [18:08] not like you could do anything with it. [18:08] hmm, did somebody find their 'lost' sources? [18:08] yes [18:08] its real source :) [18:08] C and C++ [18:08] like paintbrush etc [18:08] the windows API specs are bad enough without the source that implements it. [18:09] could you grep for 'bill sux' in there? [18:09] no bill gates inside it [18:09] I did already [18:09] but I found funny things [18:09] should I paste 2 or 3? [18:09] funny stuff, always ... [18:10] one second [18:10] private/shell/win16/commctrl/ctl3d.c: // Some ugly shit goin' on here! [18:10] the comments are the best [18:11] or [18:11] private/shell/shell32/util.h:// around the fucking peice of shit compiler we pass the last param as an LPVOID instead of a LPITEMIDLIST [18:11] private/shell/applets/cleanup/cleanmgr/dmgrdlg.cpp: // I have no idea what all this TUNEUP and SAGESET crap means, but the old code [18:11] private/shell/applets/welcome/html/sources.inc:# needed to get around stupid IE Build crap: [18:12] not suprising m$ programmers are strssed out. [18:12] i would be too if i had to work on that crap. [18:12] :) [18:12] funny although is, MS knows Linux [18:13] they have a constant for it [18:13] private/ntos/udfs/udf.h:#define OSIDENTIFIER_UNIX_LINUX 5 [18:13] id rather work on vanilla System V Release 3.2.2 sources on a 3b2 than work on windows code. (i actually do have both items btw in storage). [18:13] private/ntos/ke/ia64/fetypes.h:#ifndef unix [18:13] and they use unix for compiling/developing or something [18:14] tons of #ifdef unix [18:14] or #ifndef unix [18:14] I remember coding a ray tracer with borland C++ some centuries ago ... [18:14] it gave different results each compile ... [18:14] private/shell/iexplore/unixstuff.cpp [18:14] or that [18:14] i know dos sources have a few things borrowed from xenix. [18:14] unixstuff in Inter Explorer :) [18:14] Internet Explorer even [18:16] i really wonder what microsoft would be like today if they hadnt abandonded their unix distro. [18:16] at least for the server end. [18:17] :) [18:17] probably would have made unix just as bad as NT> [18:17] private/shell/shell32/util.h:// the fucking alpha cpp compiler seems to fuck up the goddam type "LPITEMIDLIST", so to work [18:17] sounds frustratet [18:17] -t+d [18:17] hey I remember reading an article about the hidden scripting powers with windows NT, they describe the 'brand new' tool, called 'sed' and how you can use it ;) [18:18] heh. [18:18] rs (~rs@ice.aspic.com) joined #vserver. [18:18] hello guys [18:18] hi rs! [18:18] like mos tthings they claim is new in NT its only about 30 years new... or more. [18:18] and done worse than the original. [18:19] what brings you here rs? [18:19] private/inet/wininet/urlcache/cachapiw.cxx:BUT HOW DOES THE DAMN THING WORK? [18:19] I plan to run vserver :) [18:19] private/inet/mshtml/src/site/ole/olesite.cxx: // Damn alpha version of the VM is still busted. Stupid code [18:19] rs: good plan! what do you need? [18:19] maybe thats why they stopped the alpha port? [18:20] is vserver works with vlan interfaces ? [18:20] nope, it uses normal interface aliases [18:20] kramer (~kramer@80.86.100.172) left irc: Remote host closed the connection [18:20] and it's not possible ? [18:21] what is not possible? you mean using vlan interfaces like eth0.253 ? [18:21] it should be great to be able to have vserver on a different vlan than the hosting server [18:21] Bertl: yes [18:21] should be no problem, vserver doesn't care about the base interface [18:22] it is based on IPs and aliases ... if you have one of them, it should work ;) [18:22] ok I gonna test it [18:22] let me know if you encounter any issues ... [18:23] and if you are going to test, there is a devel version (1.3.7) with an improved network source discovery ... [18:24] did anyone used selinux+vserver? [18:25] Bertl: I keep you posted :) [18:25] thanks! [18:26] Bertl: are you herbert poetzl ? [18:27] that is correct [18:27] nice to meet you :) [18:27] great work ! [18:27] thanks again! but it would be nothing without the community ... [18:28] I'm working for an european hosting compagnie, and we plan to use vserver for our VDS offer [18:29] sounds good, if you have any questions, let me know ... [18:29] so you should hear from me :) [18:30] snmpwalk: Failure in sendto (Invalid argument) [18:30] 1.3.x or 1.2? [18:30] hhhmm sounds like I need more CAPs [18:31] 1.26 [18:32] sendto sounds like the network stuff we modified in 1.3.7, maybe it would be worth a try if you can resolve this with throwing CAPs on it ;) [18:32] s/can/can't/ [18:33] I am searchfing for the CAPs list [18:33] less /usr/include/linux/capabilit* [18:34] another question: is the IULINK attribut can be used thru NFS ? [18:35] I whan to mount vserver root fs thru the network [18:35] yes, basically support is there, only NFSv3 and higher IIRC, but you need vserver patched kernels on both sides ... and nfs xattr support [18:35] and I guess it is untested ;) [18:36] It will :) [18:37] hhmm [18:37] rs: be careful with NFS setups, they are a little tricky anyway, unless you use the new tcp NFS ... [18:37] CAP_NET_ADMIN I could try [18:37] then I should move those script to an own vserver [18:38] Bertl: and if I don't use the NFS xattr but I set flags from the nfs server [18:39] NET_ADMIN didnt help [18:39] ? [18:39] maybe SYS_ADMIN [18:39] nope [18:39] I dont see other CAP which I could use [18:40] rs: I'm on lkml, and there where a dozen different threads regarding NFS and UDP based connections, and the problems they pose in recent kernels, consensus from Trond was, use the TCP or live with it ;) [18:40] hhhm ping also doesnt work, but I allowed CAP_NET_RAW [18:40] S_CAPS="CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN" [18:40] how can I see that those caps are active? [18:40] in /proc/self/status [18:41] which var? [18:41] *cap* [18:41] CapInh:0000000000000000 [18:41] CapPrm:00000000f42c34ff [18:41] CapEff:00000000f42c34ff [18:41] CapBset:00000000f42c34ff [18:41] that? [18:41] yup [18:42] how can I make it human readable :-P [18:42] there is a tool for that, but it is also possble with a pen and some paper ... [18:42] ups I bet I know the problem [18:42] damn [18:43] btw, looks like a lot of caps you have there ... [18:43] only those 3 for testing [18:44] pRiV (dbox3@81.92.166.46) left irc: [18:44] CapInh:0000000000000000 [18:44] CapPrm:0000000000000000 [18:44] CapEff:0000000000000000 [18:44] CapBset:00000000d40c04ff [18:44] this is a typical setup ;) [18:47] nope sendto fails [18:47] so vserver doesnt like snmp* [18:48] shit [18:49] did you read what I wrote? [18:49] yes [18:49] I am still testing diff stuff [18:50] 16:34 < Bertl> sendto sounds like the network stuff we modified in 1.3.7, maybe it would be worth a try if you can resolve this with throwing [18:50] CAPs on it ;) [18:50] I am not ready yet for 1.3* [18:51] okay, then don't say 'vserver doesnt like snmp*', say 'stable vserver ...' 8-) [18:51] sorry dude, stable branch of vserver doesnt like snmp (sendto) [18:52] that should be also added to the FAQ [18:52] can I use util-vserver 0.28 for 1.3* ? [18:52] I dont need anything fancy, just basic vserver [18:53] guess it should work ... [18:53] basic (core) utils work since 0.26 IIRC [18:53] ok, then I will make my debian package usable, and go and try 1.3 branch [18:54] its "only" a homeserver but it does very important things for me [18:54] I btw plan to put all major daemons into an own vserver, (mysql, apache, bind, postfix) [18:55] is someone maintain devel debian packages somewhere ? [18:55] devel vserver.. [18:55] rs: only old tools are maintained [18:55] rs: the current tools I will maintain [18:56] Bertl: thanks again for making such great vserver ;) [18:57] meebey: too bad :) [18:57] meebey: you're welcome, and I hope you enjoy linux-vserver [18:57] vserver is a gift from heaven for admins [19:04] Bertl: has anyone banged on sysv IPC facilitys in different contexts? im pretty sure those are sepereated per vserver. but i was wondering if there is any performance impact. [19:04] hmm, probably not ... (both banging and impact) [19:05] but they are seperated per context though right? [19:07] might be, don't remember atm ... [19:39] JonB (~NoSuchUse@129.142.112.33.ip.tele2adsl.dk) joined #vserver. [19:48] hi Jon! [19:53] hey Bertl [19:53] Action: riel merges rmap15l up to 2.4.25-rc2 [19:54] ah master Rik is back to rmap, maybe we have a version for 2.4.25, available before 2.4.25 is actually out then ... [20:03] what about Master Bertl, what is he coding now ? [20:04] we (enrico and I) are currently searching for a zombie issue with detaching vserver contexts ... [20:04] Bertl: detaching? is that when you enter and leave it again ? [20:05] hmm, no actually it is 'simple' spawning with initpid and leaving the children alone ;) [20:06] when does it happen ? [20:07] when I do 'chcontext --disconnect --flag fakeinit sleep 2' for example ... [20:08] and why would you do that ? [20:08] starting or stopping a context ? [20:08] you have to ask enrico about that ... [20:08] http://www-user.tu-chemnitz.de/~ensc/ctxzombie.c [20:09] ensc: btw, where does util vserver get the sys_vserver syscall numbers from? [20:09] currently, it is #ifndef __NR_vserver ... #define __NR_vserver 273 [20:10] has a chance to override this [20:11] perhaps later I will use the arch-numbers, but currently it is 273 everywhere [20:11] okay, that will give troubles on different archs, you know that? [20:11] what are the options? [20:12] either make it 'configurable' with --with-syscall= or read it from the kernel source tree, or use the assigned number per arch [20:13] 'perhaps later I will use the arch-numbers' means the latter [20:39] Cmaj (~cmaj@3ffe:bc0:5f3:1:9999:911:c3d3:5431) left irc: Quit: again kern update [20:46] Cmaj (~cmaj@3ffe:bc0:5f3:1:9999:911:c3d3:5431) joined #vserver. [20:49] | 2.4.25-rc2-vs1.26 #1 Fri Feb 13 12:26:03 EST 2004 | looks good for now ;) [20:50] great! [21:06] click (click@gonnamakeyou.com) left irc: Quit: Be right back! [21:32] rs (~rs@ice.aspic.com) left irc: Quit: leaving [21:38] Termin4t0r (Termin4t0r@pD904A1DB.dip.t-dialin.net) joined #vserver. [21:38] hi [21:39] hi! [21:39] just one question: i can't set the date within a vserver - i get "operation not permitted" [21:39] and that is a good thing! [21:39] why [21:39] otherwise you would change your kernel clock for all processes ... [21:40] hm thats bad.. my server is in the usa and so the time differs from the time in germany [21:40] why do you want to set the date _inside_ a vserver? [21:40] it should be sufficient to set the timezone correctly ... [21:41] using timeconfig only brings errors [21:42] copy /usr/share/zoneinfo/CET to /etc/localtime that should be enough [21:42] provided that the server is set up correctly and uses UTC [21:43] hm i did that now the time is the us time [21:43] hehe [21:43] before it had the german time + 1 hour [21:43] somehow this problem looks familiar ;) [21:43] so they didn't setup the host correctly then ... [21:44] well you can knowingly use the wrong timezone info which does the right offset (most of the time) [21:44] or bother them to set the host time to UTC [21:51] mh could you tell me what the need to do i will write them [21:52] just set the host clock to UTC and use the appropriate timezone in their servers (probably US time for most) with the /etc/localtime setup ... [21:52] btw, what vserver version is this? [21:52] (just curious) [21:52] i think 1.22 [21:53] hmm, so you can easily escape and do it yourself ;) [21:54] ? [21:55] well, 1.22 should be vulnerable to the chroot escape exploit ... [21:57] i said the hostmaster to set the time to utc - he did that [21:57] the host has now Fri Feb 13 19:58:00 UTC 2004 [21:57] perfect, you now should be able to use the CET file in /etc/localtime and have CET time [21:58] shouldn't that be [21:58] Fri Feb 13 18:53:36 UTC 2004 [21:59] Fri Feb 13 19:01:16 UTC 2004 [21:59] or that to be precise ... [22:00] you're right :) he changed it [22:00] and now my vs has the correct time *happy* [22:00] perfect, as it should be ;) [22:03] yep :) [22:35] Cmaj (~cmaj@3ffe:bc0:5f3:1:9999:911:c3d3:5431) left irc: Ping timeout: 483 seconds [22:40] Termin4t0r (Termin4t0r@pD904A1DB.dip.t-dialin.net) left irc: [22:59] JonB (~NoSuchUse@129.142.112.33.ip.tele2adsl.dk) left irc: Quit: Leaving [23:04] JonB (~NoSuchUse@kg203.kollegiegaarden.dk) joined #vserver. [23:04] hey Bertl [23:05] jup? [23:06] Bertl: i'm reinstalling the server now [23:06] Bertl: how do we ensure that only you reset it ? [23:09] hmm, how do I reset it (in principle)? [23:10] Bertl: well, that remote reset device [23:10] ah, did you build it? [23:11] no, but i will [23:11] Bertl: but that uses a serial or parallel line [23:11] ah okay ... well, that uses the parport then ... [23:11] Bertl: i cant just connect that to a port [23:12] yeah, you need to be root to access the parport, and [23:12] Bertl: because if i do, and someone portscans the machine... *puff* reset [23:12] this can be used to allow a simple tool (which toggles those lines) to be accessed [23:12] only from a specific account/setup/webpage/etc ... [23:13] iirc, you where experimenting with a port which gives access to the serial line, right= [23:13] s/=/?/ [23:17] Bertl: i havent experimentet yet, but i wanted to [23:17] as for the reset [23:17] i suppose i could put it behind a BIG RED BUTTON on a .htpass protected webpage [23:18] that would be a good idea, for example ... [23:18] "DO NOT PUSH THIS BUTTON" [23:19] or something *grin* [23:24] Bertl: how old a dual machine do you want to test on ? [23:24] Bertl: my dorm have a old old dual p90 with 48 MB ram [23:25] hmm, guess that won't be able to hold many vservers ... [23:25] correct [23:25] mine is a dual p200mmx with 192 mb ram' [23:26] that should be better [23:26] that is _much_ better ... [23:28] yeah, actualy useable [23:30] and it can get more memory if i get my hands on some [00:00] --- Sat Feb 14 2004