[00:27] Cmaj (~cmaj@3ffe:bc0:5f3:1:9999:911:c3d3:5431) joined #vserver. [01:25] click (click@gonnamakeyou.com) joined #vserver. [01:25] grmph [01:25] same to you too! 8-) [01:25] ah, you're awake [01:25] iptables inside a vserver? [01:25] big nono! [01:26] or does that have to be applied on the root-server. [01:26] ok [01:26] just what I needed to know [01:26] :) [01:26] 8-] [01:26] got this stupid halfassed customer that wants to use a gameserver, and allow cracked clients to join [01:26] told him to set it to lan-mode, but nooooooo, he wants it public [01:26] cracked means? [01:27] pirated ver of some game [01:27] is that legal? [01:27] no [01:27] isn't that supporting illegal activity then? [01:28] but most game wwould be boring if there where no pirated user to play with you :) so some gmes compagny dont mathers [01:28] i told him to stuff himself tho', but it made me curious as to the iptables inside vs-question [01:28] probably those games, which do not have a large user base anyway ... [01:28] i've never thought of it actually :) [01:29] Bertl: urm, battlefield1942/desert combat [01:29] Bertl: it does have a huge base [01:29] never heard of it ;) [01:29] goodie :) [01:29] serving (~serving@213.186.188.205) left irc: Read error: Connection reset by peer [01:30] is there another company making good games besides idSoft? *G* [01:32] yeas french one ubisoft [01:33] ubisoft! [01:33] splinter cell! [01:33] :) [01:33] darned good [01:33] where are the sources? does it run on linux? [01:34] they've been thinking of porting it actually [01:34] hm, now, where was that posting. [01:34] linux-gamers or somewhere [01:34] same for UT ... unfortunately they never got to actually do it ... [01:34] UT ? it's ported. [01:35] no, they said, they'll port it ;) [01:35] or was that ut2003? [01:35] one of those was ported, and works as well (tried) [01:35] can't remember which, as I seldom play [01:35] yeah, ut2003 runs on my linux machine ;) [01:36] most online game have server on linux :) [01:36] ah, it wasn't the game itself, it was the gameserver. [01:37] he wanted to filter out the traffic that does the cd-check using iptables [01:37] doooh [01:37] put the game in lan mode! [01:37] hey isnt there an emulator or something that make you run most games on linux [01:37] Cmaj: winex? [01:37] ahahi would not help :) [01:38] i dunno :) [01:38] Cmaj: the transgaming engine? [01:38] something i read .. dont know what it is [01:38] www.transgaming.com I think [01:38] C64 emulator? [01:38] Bertl: woooh, last ninja! [01:39] <-- master of 1,2,3 and remix! [01:39] no too play windows direct x games ..mame is on linux i think for that [01:39] well, I programmed the Floppy on C64 to do funny things ... [01:39] Cmaj: then its transgamings directx wrapper, it's called WineX [01:39] and Impossible Mission was great ... [01:40] hm, you're an old c64-scener? [01:40] very old, yes ... [01:41] catalog [01:42] later switched to amiga ;) [01:43] in my time it was an apple [01:44] oooh ... [01:44] i'm an old c64/amiga scener as well [01:45] well, had 2-3 presentations on the amiga sessions in austria, most time showing the 'interactive' mandelbrot stuff I wrote ... [01:45] made music, graphics and some code for a group called creators on the c64, moved to amiga and Network, then founded our own team Virtual Designz which is more or less 'dead' these days, except for releasing a few intro's now and then. [01:45] augh! i hate bugs. doesnt matter what im trying to do i run into more bugs that keep me form doign what i want to do. this is great for the people recieving bug reports but its not a very big consolation to me. [01:46] talon: new bugs? let's hear! [01:46] Bertl: non vserver related bug. [01:47] hmm, does this mean we are bug free? [01:47] heh. no not likely just that im currently distracted by another bug in another project. [01:48] im sure i will find more in vserver soon.(although id love to be wrong about that) [01:57] Bertl: did santa bring you a tft ? [01:57] nope, did not ... [01:57] Bertl: oh [01:57] Bertl: i suppose 15 is too small ? [01:58] well probably was busy bringing other people more useful stuff ... [01:58] bertl definatly deserves a nice flatscreen for all teh work he does. [01:59] wish i had a flatscreen. [02:00] JonB: atm I'm using a Hewlett-Packard HP HP TFT450 here ... [02:00] 14.5" 1024 x 768 ... [02:01] Bertl: how big is that ? [02:01] Bertl: just one ? [02:01] wow... debian-sarge has __NR_vserver in the system headers [02:02] w00t? :) [02:02] nais [02:02] great! [02:02] weære going mainstream on debian :))) [02:02] æ = ' [02:02] JonB: 14.5" is a little smaller than 15" [02:02] Bertl: do you have a GFX card with a DVI out [02:03] Bertl: it needs to be a female DVI on the gfx card [02:03] hmm, maybe I have one somewhere ... let me take a look ... [02:04] Bertl: i suppose you dont [02:05] well I remember that one of the nVidia cards had one ... but I can not find it atm ... [02:06] Bertl: okay [02:07] currently I use a matrox card here MGA G200 [02:07] Bertl: so, just one monitor? [02:08] well, here yes, my other location has a Belinea CRT ... [02:08] Bertl: other location ? [02:10] I 'commute?' between Laaben and Pama .. under the week it's usually Laaben, at the weekend Pama [02:12] here I have the TFT450 in Pama the Belinea 103070 IIRC a 17" CRT ... [02:12] how far are they apart ? [02:12] and why do you commute ? [02:12] and just where are they located anyway ? [02:14] they are in Austria, Europe, about 120km apart, and my parents live in Pama and my girl and I live in Laaben (any further questions ;) [02:15] Bertl: yeah [02:15] Bertl: suppose you somehow got your hands on a second tft with ONLY dvi, could you get a dual screen setup ? [02:16] hmm, probably ... [02:16] Nick change: cdub -> cgone [02:16] Bertl: hmm [02:18] it's gonna be hell shipping it without the original case :( [02:19] it's probably hell to ship it anyway ... [02:19] Bertl: why ? [02:20] big, heavy parts tend to be expensive when shipped ... [02:20] Bertl: the original case, and that foam, that was easy [02:20] okay, a tft isn't that big ... [02:20] Bertl: and it's just a 15" [02:21] hm... [02:21] wonder if fedora supports vserver out of the rh -kernel... [02:21] wrapping it with styrofoam or foam rubber should do the trick ... [02:22] (sorry was meant for JonB ;) [02:22] i know [02:22] :) [02:24] how is 1.26 towards fedoras kernel? [02:24] i'd need the vanilla kernel, or does it patch in nicely? [02:25] (thinking of the old RHx.x patch-set that existed) [02:25] Bertl: HAHAHA, no it wont [02:25] Bertl: shipping someting that far, it needs to be firmly secured [02:25] Bertl: and i dont know if i want to sent it to you yet, but i do have one 15"tft i dont use since i bought my PB [02:26] PB? [02:26] Bertl: PowerBook [02:26] click: well for now it requires a vanilla kernel ... [02:26] ok, fetching that as well then [02:26] rick12321 (~rick12312@113.192.33.65.cfl.rr.com) joined #vserver. [02:27] Hello [02:27] hi rick12321! [02:27] #!/usr/bin/shellmod [02:27] whats that? newvserver script [02:27] I have no idea ... where did you find it? [02:28] in the newvserver shell script [02:28] i created a vserver, but I cannot su to root [02:28] what tools? [02:28] I can ssh to the vserver, but su says bad password even though i set it [02:28] and what kernel/vserver version by the way? [02:28] by entering the vserver and running passwd [02:28] 2.4.24-vs1.26 [02:29] util-vserver 0.28 or 0.29? [02:29] Bertl: i had 2 15"tft dual screen at my linux, but the powerbook only has one external screen, so the other is just standing there :/ [02:29] 28 [02:29] Bertl: anyway, i'll think about it [02:29] should i up it to 29? [02:29] let's check with enrico ... sec [02:29] rick12321: thats part of the debian vserver package? [02:29] well, bed time [02:30] no I am not using debian [02:30] everything i have downloaded has been source [02:30] JonB (~NoSuchUse@kg203.kollegiegaarden.dk) left irc: Read error: Connection reset by peer [02:30] oh shite, bedtime ... almost forgot I've got a meeting tomorrow :/ [02:31] rick12321: well, might need parts of linuxconf, i'm not sure tho', using debianized scripts [02:31] <-- goes to bed [02:31] cya [02:31] thx [02:31] hmm [02:31] enrico sais, that must be part of the linuxconf package ... [02:31] s/sais/says/ [02:32] i am downloading linuxconf now [02:32] thanks for the pointer [02:32] np [02:32] is vserver used in any production environments? [02:33] heres my main question. I ran fdisk while in a vserver [02:33] and I was able to delete my swap partition [02:33] that seems bad [02:34] is something not set up right [02:35] ad production env: yes, have a look at the linux-vserver.org page, there is a subpage containing companies using it [02:35] in a correctly configured vserver you have no block devices to do fdisk on ... [02:35] ok good. it must be a setting then [02:36] # ls -la /vservers/XXXX/dev/ [02:36] drwxr-xr-x 3 root root 4096 Dec 14 17:29 ./ [02:36] drwxr-xr-x 18 root root 4096 Jun 4 2003 ../ [02:36] crw-rw-rw- 1 root root 1, 7 Apr 6 2003 full [02:36] srw-rw-rw- 1 root root 0 Dec 14 17:29 log= [02:36] crw-rw-rw- 1 root root 1, 3 Apr 6 2003 null [02:36] crw-rw-rw- 1 root root 5, 2 Feb 13 16:27 ptmx [02:36] drwxr-xr-x 2 root root 0 Dec 14 17:27 pts/ [02:36] crw-r--r-- 1 root root 1, 8 Apr 6 2003 random [02:36] crw-rw-rw- 1 root root 5, 0 Feb 13 01:58 tty [02:36] crw-r--r-- 1 root root 1, 9 Apr 6 2003 urandom [02:36] crw-rw-rw- 1 root root 1, 5 Apr 6 2003 zero [02:37] and creating new devices is prohibited by the capability system [02:37] awesome [02:37] this vserver is great [02:37] yeah, I agree ... [02:44] linuxconf takes forever to compile [02:44] is this mozilla or something [02:44] probably, I do not use it ... [02:45] you dont use the newvserver script? [02:45] nope, IMHO there are better ways to get a new server [02:45] are there any .conf files on the net? i see all the directives, but is there an example of a secure one? [02:46] thats all i want the newvserver script for [02:47] well, that is quite simple ... [02:49] IPROOT="eth0:192.168.0.1" [02:49] ONBOOT=yes [02:49] ULIMIT="-HS -u 100" [02:49] S_HOSTNAME=my.test.org [02:49] S_DOMAINNAME= [02:49] S_NICE= [02:49] S_CAPS= [02:49] S_CONTEXT=1001 [02:49] that should do for a start ... [02:49] awesome thx [02:49] i have a feeling something i didnt put isnt letting me become root when I ssh to the vserver [02:49] because even when i put the right password it says incorrect [02:50] it might be interesting to add some flags if you want to limit the number of processes or use fair scheduling ... [02:50] did you check the syslog on that vserver? [02:50] yes i am interested in all of that. i especially like the ability to control the overall nice level [02:50] no good idea [02:51] overall nice is done with S_NICE, the flags with S_FLAGS="sched nproc" [02:52] Feb 13 18:22:47 gambit su[32717]: Authentication failed for root [02:52] Feb 13 18:22:47 gambit su[32717]: - pts/2 rick-root [02:52] no clues really [02:52] sched is the fair scheduling (which accounts all processes in a vserver as one) and nproc is the maximum number of process limit ... [02:53] is there some special way i have to change the root password? [02:53] awesome [02:53] try to trace the su (for example with strace) [02:53] ok [02:53] i really wish i knew how to read this [02:54] well, can you upload it somewhere? [02:54] yea 1 sec [02:54] best would be "strace -fF -s 1000 -o sulog.txt su [02:56] http://webmail.liquidpages.com/strace.txt [02:56] oh ok [02:56] let me do that [02:56] hmm ... [02:56] i cant do that while i am in the vserver, does it matter if i do it as the master root user [02:57] semget(1, 4096, IPC_CREAT|0x40171140|0400) = -1 ENOSYS (Function not implemented) [02:57] this is slackware 9.0 [02:57] that looks fishy to me ... [02:57] really how so [02:57] maybe you disabled shared memory or something like this? [02:57] in the kernel ... [02:57] let me see [02:57] might not be a problem anyway ... [02:58] Action: rick12321 make menuconfig [02:58] open("/etc/shadow", O_RDONLY) = -1 EACCES (Permission denied) [02:58] open("/etc/suauth", O_RDONLY) = -1 ENOENT (No such file or directory) [02:58] that probably is a problem though ... [02:58] hmm [02:58] root@gambit:/vservers/test/etc# ls -al shadow [02:58] -rw------- 1 root root 1332 Feb 13 18:23 shadow [02:58] no file called suauth [02:58] but not in my master system either [02:59] did you lose the suid flag on su maybe? [02:59] oh damn thats the problem, shit [02:59] # ls -la `which su` [02:59] -rwsr-xr-x 1 root root 17912 Mar 7 2002 /bin/su* [02:59] my fault [02:59] yes you are right 100% [02:59] in that case, I would check for other suid/sgid binaries as well ;) [03:00] it was my fault, because on my master system, i set it to world nothing [03:00] but i was a dumbass and fixed it with a sledgehammer [03:02] so just so i know, strace displays the system calls in the binary [03:02] live and learn ... [03:03] true story [03:03] so say i had a quad xeon system and loaded it up with 20 vservers, i wonder how it would run [03:03] great ... [03:04] I tested on dual PIII 1GHz with up to 60 servers ... [03:04] were the vservers doing anything [03:04] thats the specs this box is [03:04] dual p3 1ghz [03:04] yeah, each one apache, postfix, mysql, logger ... [03:04] excellent [03:05] i cant believe this isnt very popular [03:05] this totally changes linux security [03:05] well, it was dormant for some time ... [03:06] i run a site that gets tons and tons of hack attempts, so its only a matter of time before someone roots it. with this, i can run the entire "server" in a vserver. and schedule backups from the master server [03:06] just make sure to make it secure ... for example the proc entries ... [03:06] backups to the master server rather [03:06] there are lots of docs on this, which one is the best for security. i need to read how to limit dev devices and proc entries [03:07] you have to 'remove' critical proc entries from the vservers view ... [03:07] so if i just remove the dev and proc files, it is fine [03:07] this can be done with the vproc tool, available on the download page ... [03:07] ah ok [03:07] regarding dev, the list I posted before should be all that is required ... [03:08] ok [03:08] the authors of this should really add a contribution page [03:08] like paypal donations [03:08] http://www.13thfloor.at/vserver/donate/ [03:08] haha now i have to put my money where my mouth is [03:09] thx [03:09] np ;) [03:09] i hope i can help to make the project more popular. [03:10] rick12321: how did you hear about that project? [03:10] i am going to link it from tons of places [03:10] i knew of the concept and i just typed some keywords in google [03:11] ahh the all-knowing garbage dump ... [03:11] :) [03:12] i rated vserver on freshmeat as i am a little hard i give a 8 :) [03:13] what country is .at [03:13] the dude who writes this [03:15] seems like linuxconf is a lot like webmin [03:15] .at is in austria ... [03:15] I mean is Austria ;) [03:16] ok, glad its not afganistan [03:16] this is in Europe ... [03:16] what do you want to know about 'the dude who writes this'? [03:16] AHAHAH YEAS ;P [03:29] serving (~serving@213.186.188.205) joined #vserver. [04:24] noel_ (~noel@pD9E098E4.dip.t-dialin.net) joined #vserver. [04:26] Cmaj (~cmaj@3ffe:bc0:5f3:1:9999:911:c3d3:5431) left irc: Ping timeout: 483 seconds [04:29] WSU (~Josh@ny.webpipe.net) left irc: Quit: Leaving [04:32] noel- (~noel@pD952CB42.dip.t-dialin.net) left irc: Ping timeout: 504 seconds [05:35] okay, folks, have a good wossname, cu tomorrow! [05:35] Nick change: Bertl -> Bertl_zZ [06:13] mugwump (~sv@218-101-44-11.paradise.net.nz) joined #vserver. [07:06] lucks (~c8415a70@humbolt.nl.linux.org) joined #vserver. [07:06] hola [07:07] lucks (~c8415a70@humbolt.nl.linux.org) left irc: Client Quit [08:24] Cmaj (~cmaj@3ffe:bc0:5f3:1:9999:911:c3d3:5431) joined #vserver. [09:08] Cmaj (~cmaj@3ffe:bc0:5f3:1:9999:911:c3d3:5431) left irc: Quit: BitchX-1.0c19 -- just do it. [09:14] Cmaj (~cmaj@3ffe:bc0:5f3:1:9999:911:c3d3:5431) joined #vserver. [09:50] ensc (~ircensc@ultra.csn.tu-chemnitz.de) left irc: Ping timeout: 480 seconds [10:07] mugwump (~sv@218-101-44-11.paradise.net.nz) left irc: Quit: Lost terminal [12:53] Doener (~doener@pD958818B.dip.t-dialin.net) joined #vserver. [12:56] good morning [12:56] hi Doener [12:57] JonB (~NoSuchUse@129.142.112.33.ip.tele2adsl.dk) joined #vserver. [14:52] mhepp (~mhepp@r72s22p13.home.nbox.cz) joined #vserver. [15:32] loger joined #vserver. [15:51] JonB (~NoSuchUse@129.142.112.33.ip.tele2adsl.dk) joined #vserver. [16:05] Nick change: Bertl_zZ -> Bertl [16:05] morning everyone! [16:05] guten tag [16:07] hi mids! [16:12] rick (~rick@adsl-065-083-169-002.sip.mco.bellsouth.net) joined #vserver. [16:12] Hello [16:13] hey rick [16:13] I just started with vserver yesterday [16:14] i just patched the kernel with the quota mod [16:15] hi rick! [16:15] Hi! [16:15] did you lose your 12321 or are you a different rick? [16:16] same rick [16:16] different computer [16:17] does the vserver need any mirrors? [16:17] i made a paypal donation yesterday, and i can donate some pretty serious bandwidth [16:17] i work at a datacenter [16:18] well we where thinking about mirrors, haven't got to actually do something about it .. but yes, it's a good idea, and thanks again for your donation ;) [16:19] so today you are attacking quota? [16:19] yes [16:19] you are going fast man! [16:19] just finished, booting into the new kernel now [16:19] this is very exciting for me [16:20] i see a lot of promise with this [16:20] you have to consider a few things, or otherwise you will be disappointed by quota/dlimit stuff ... [16:20] deus (~dr@pD9507EE1.dip0.t-ipconnect.de) joined #vserver. [16:20] hi [16:20] hi [16:20] di deus! [16:20] s/di/hi/ [16:20] what should i consider [16:21] first, to use quota or disk limits, you have to 'tag' each file with an xid (context id) [16:21] do you think it would be possible/feesible to run the entire system in a vserver, and the "main" server is just a simple OS necessary to boot the system and configure the network [16:21] and store the kernel [16:21] guys, i have got a question: how can I "kill" a running vserver? [16:21] deus: vserver stop doesn't work I presume? [16:21] yes [16:22] by running the entire system in a vserver, if it gets hacked, the hacker cannot demolish the system [16:22] and wouldnt even have to know he is in a vserver [16:22] rick: well if you think as entire system like X86 and such, it is possible but not advantageous ... [16:22] deus: what tools/vserver/patches do you use? [16:23] rick: XFree86 I mean [16:23] i am thinking more for a server [16:23] brb [16:24] deus: http://vserver.13thfloor.at/Stuff/testme.sh (give that a spin, and let me know what it reports) [16:25] Bertl: your parport.c program, "-p select parport id (0 default)\n" is that which pins on the parport, or is it which parport to use ? [16:26] the -p is the parport to use ... [16:26] Bertl you've got the output as querry [16:26] Bertl: how does your util know which pins to send data at ? [16:26] deus: 2.4.22-vs1, where did that come from? [16:27] thats the 1.00 patch from your site [16:27] JonB: 8 bits = a byte is the command argument ... so 1 is pin 1, 2 pin 2, 4 pin 3 ... [16:27] Bertl: ahh [16:28] deus: hmm -EXTRAVERSION = [16:28] +EXTRAVERSION = -vs1.00 [16:28] Bertl: i found a cable which has parport connection types, but not all lines are wired up [16:28] not necessary to have all, for reset, one is sufficient, but I guess a parport cable will at least connect the data lines ... [16:29] deus: did you modify the kernel name afterwards? [16:29] (the extraversion to be precise) or is this some copy/paste error? [16:30] deus: anyway, you know the context id of the vserver you want to kill? [16:30] yes, i changed it, because of some little modifications [16:30] Bertl: yes [16:30] Bertl: it seems like data0 and data1 are connected at least [16:30] okay do 'chcontext --ctx killall -TERM' [16:31] JonB: well that should work for reset, and maybe power? [16:31] Bertl: power? you want to be able to power it completely off and on ? [16:32] well, is it ATX? [16:32] no, AT [16:32] then no power ... just reset ... [16:32] Bertl: i figured i would just leave it always on [16:32] Bertl: okay [16:33] Bertl it doesn't work [16:33] chcontext --ctx 3 killall TERM [16:33] New security context is 3 [16:33] TERM: no process killed [16:34] ah sorry, forgot that killall is different to killall5 [16:35] should read ''chcontext --ctx killall5 -TERM' [16:35] or if -TERM isn't recognized, then 15 [16:35] Bertl, THX [16:35] you're welcome ... [16:36] btw. here is something for the hall of fame [16:36] 1:36pm up 53 days, 45 min, 1 user, load average: 936.72, 678.29, 280.40 [16:36] USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT [16:36] root pts/12 pd9507ee1.dip0.t 1:35pm 0.00s 0.06s 0.01s w [16:36] deus: newer releases feature a special vkill to send signals to all processes in a context ... [16:37] thats one hell of a' load [16:37] yup ... [16:37] *g* [16:38] guess it is at least a 2way machine, probably 4 (2xHT) [16:38] nice [16:38] Bertl: your new testmachine ? [16:39] bert, so you do not think running the main OS in a vserver would be benefecial? [16:39] for security [16:39] basically the server would require 2 IPs, one for the core and one for the workable OS [16:39] well, you need a minimal OS on the server, of course it makes sense to put everything network related on a vserver [16:40] but you wouldnt be able to. doesnt running in a vserver stop you from configuring the network [16:40] the network is configured outside, but used mostly/only from inside a vserver [16:41] yes that is correct [16:41] i agree [16:41] i think an entirely jailrooted vserver OS would be so secure [16:41] deus: feel free to add you to the VServer Hosting or VServer Users page on linux-vserver.org [16:41] s/you/yourself/ [16:42] i'll do [16:42] rick: would it ? what about that resent chroot hole ? [16:42] in vserver? [16:42] the worst that happens is you are as secure as every other server out there [16:42] rick: no, in your car [16:43] yes, that is correct, we missed the obvious for a long long time ... [16:43] but the same happened/happens to the kernel from time to time ... [16:43] yes about every 6 months there is a kernel exploit [16:43] trace, do_brk [16:43] in the last year [16:43] ptrace rather [16:44] so it can be considered safe, if you keep up to date, and fix the hole, before anybody uses it ;) [16:44] running the os in a vserver would add an additional layer of protection. because you would need a linux kernel exploit and a vserver exploit at the same time [16:45] rick: if the kernel is exploit able, so is the vserver [16:45] for a security only use of vservers this is correct, unfortunately not for providers, selling vservers [16:46] deus (~dr@pD9507EE1.dip0.t-ipconnect.de) left irc: Quit: fractal 1.0.9b60 - Anything you say will be misquoted & used against you. - http://fractalscript.com [16:46] JonB: depends, if the kernel exploit buys you user->root that doesn't mean that you become host root ... [16:46] Bertl: prove that is doesnt [16:46] i am a vserver user. i use a kernel exploit to become root. root of my vserver. without a vserver exploit, I am unable to become root of the master system [16:47] JonB: can't be proven, just argumented ... here are my arguments: [16:47] you can be root right now on a vserver and you are unable to touch the master system [16:47] just think of the vserver root password as the linux kernel exploit\ [16:47] it only gets you vserver root [16:47] JonB: most exploits use the kernel to modify the uid of some task, or to execute suid code [16:48] if you can modify the uid, you can modify the context [16:48] JonB: both will not be able to modify the xid per se ... you need a special exploit to do that [16:49] the second one isn't able to do that anyways ... [16:49] so from a security perspective, it just increases security ... [16:49] the worst that happens is you are like a normal server, right [16:50] assumed that there is no extra hole/bug/exploit in vserver, yes [16:50] so like I said, you would need 2 exploits at the same time [16:50] Bertl: the pc817, which legs do i need to connect to the parport, and which to the reset ? [16:51] it's an optocoupler ... they have a sender and a receiver ... you see the diagram? [16:51] Bertl: yes, i see it [16:52] but they named their legs, 1 anode, 2 cathode, and 3 emitter and 4 collector [16:52] yeah, we do the folowing trick, so nothing can go wrong, you have data0/1 right? [16:52] Bertl: i have those [16:53] connect them to 1,2 (the sender) [16:53] over those 100 OHM resistors ... [16:54] Bertl: i suppose the cable has to be a straight through ? [16:54] and the lines 3,4 go to the reset pins of the motherboard [16:54] Bertl: okay, i'll do that [16:54] where is information on limiting vserver rights to dev devices and /proc [16:54] it is beneficial if you can turn it around on the motherboard, as you probably do not know which one is the gnd and which the reset ... [16:55] Bertl: that figures [16:55] (will ned a test to figure that out, or a detailed docu) [16:55] if you know which one is the ground, then emitter is the one to connect to [16:56] rick: for /dev it's the list I gave you yesterday [16:56] (or the set which is created by vserver build [16:56] Bertl: my cable is not straightthrough, but the wires inside does have color codes. i suppose i can use that ? [16:56] I lost it I apologize, buffer ran out [16:57] JonB: straight through is a feature of the connectors, not of the cable itself, I assume you cut off the other end anyway ... [16:57] rick: no problem, try 'vserver TEST build' [16:57] then do a 'ls -la /vservers/TEST/dev' [16:57] i'll go burn my fingers [16:57] be careful! [16:57] ok [16:58] does test have to be capitalized [16:58] because I already have a "test" vserver and I dont want them to overwrite each other [16:58] i made it test2, is that ok [16:58] vserver test2 build [16:59] perfect ... upper and lower case does matter, so no problem there ;) [16:59] ok its doing things I suppose [17:00] if it is doing too many things, you probably need an option, which limits it to the minimum, what tools do you use atm? [17:01] let me check [17:01] vr-tools-0.14 vserver-0.29 [17:01] and the kernel patch for vserver itself and quota [17:02] hmm, well, would be worth a try to switch to util-vserver ... vserver-0.29 is currently unmaintained ... [17:02] ah ok [17:02] it is copying things [17:02] yeah probably the host server ... [17:02] i see the process running, it is just that some of my directories are very large [17:02] 14239 pts/2 R 0:36 \_ cp -ax /sbin /bin /etc /usr /var /lib /vservers/test2/. [17:02] try to stop it, and have a look at the /dev [17:02] ok [17:02] should be already there ... [17:03] ls -la /vservers/test2/dev [17:03] it didnt get there yet :( [17:03] hmm [17:03] what distro do you use? [17:03] its slackware 9 [17:03] usr is 1.2gb and var is 486mb [17:04] hmm, you know how to uninstall vserver-0.29? [17:04] I do not [17:04] make uninstall? [17:04] try it ... don't know if it supports it ... [17:04] it does not [17:05] shouldnt i just be able to install the newest binaries [17:05] and overwrite these [17:05] the util-vserver uses a different dir layout ... [17:05] you end up with a mix of both ... [17:05] well i could always just delete all the binaries [17:05] but fortunately the vserver tools are in some 'known' locations ... [17:06] let me check that ... sec [17:06] actually i do have util-vserver-0.28 [17:07] should i upgrade to .029 [17:07] http://vserver.13thfloor.at/Stuff/vserver-0.29.list [17:07] ah okay, you have enricos tools then ... [17:07] drwxr-xr-x 2 root root 312 Feb 14 07:36 cq-tools-0.06/ [17:07] -rw-r--r-- 1 root root 9235 Sep 10 16:29 cq-tools-0.06.tar.bz2 [17:07] drwxrwxrwx 13 rick 1000 1176 Feb 13 11:32 util-vserver-0.28/ [17:07] -rw-r--r-- 1 root root 161223 Feb 5 19:57 util-vserver-0.28.tar.bz2 [17:07] drwxr-xr-x 3 root root 280 Feb 14 07:39 vr-tools-0.14/ [17:07] -rw-r--r-- 1 root root 16536 Oct 17 22:20 vr-tools-0.14.tar.bz2 [17:07] drwxr-xr-x 7 200 ftp 2800 Feb 13 17:56 vserver-0.29/ [17:07] -rw-r--r-- 1 root root 101758 Feb 13 17:54 vserver-0.29.src.tar.gz [17:08] okay, that already is a mix ;) [17:08] util-vserver-0.28/ (or util-vserver-0.29) replaces vserver-0.29/ [17:08] what about util .29 [17:08] did you install the vserver-0.29? [17:09] yes [17:09] okay, then please use the list I posted, to remove those files ... [17:09] 15:09 < Bertl> http://vserver.13thfloor.at/Stuff/vserver-0.29.list [17:09] ok [17:09] check the config files and/or save them somewhere ... [17:10] is there some easy shell script to delete all those with a list [17:10] you can write one, as simple as ' rm -i `cat vserver-0.29.list`' [17:11] after all, it's unix ;) [17:11] cool thanks [17:11] why would I need to backup the config files [17:12] i dont need the vserver i created [17:14] should I use util .28 or .29 [17:15] newer version means more features, but less tested ;) [17:15] decisions decisions [17:15] but enrico is good at fixing bugs so I would go for 0.29 ;) [17:15] ok i will go for it [17:25] rick: regarding the /proc security, the best would be to start with all entries disabled and see what you vservers actually need [17:27] ok thanks [17:32] ah finally done with the transfer of the mailserver onto a vserver [17:32] good work! [17:33] took time, but its done [17:33] qmail+vpopmail+mysql+courier+other stuff [17:33] i got to admit that it works like a charm [17:34] I prefer postfix, but probably your setup is different ... [17:34] well, we need virtual emails, thus qmail adds some stuff [17:34] vpopmail and qmailadmin [17:34] allowing mailinglists etc [17:34] had no problem with that, postfix does this too [17:34] any webbased adminstuff for postfix regarding ezmlom ? [17:34] ezmlm even [17:35] don't know ezmlm? [17:35] a mailinglist manager [17:35] wnat to take a look? [17:35] *want [17:35] sure ... [17:35] www.shellparadise.net/admin/qma [17:36] see privmsg on pw [18:15] okay, leaving now .. will be back in the evening ... [18:15] Nick change: Bertl -> Bertl_oO [18:46] rmoriz (rmoriz@rmoriz.cpan.de) left irc: Ping timeout: 501 seconds [18:50] rmoriz (rmoriz@rmoriz.cpan.de) joined #vserver. [19:14] suhcoolbro (~Suh@67-42-232-200.ptld.qwest.net) joined #vserver. [19:35] mhepp (~mhepp@r72s22p13.home.nbox.cz) left irc: Remote host closed the connection [20:05] JonB (~NoSuchUse@129.142.112.33.ip.tele2adsl.dk) left irc: Quit: Leaving [20:09] JonB (~NoSuchUse@kg203.kollegiegaarden.dk) joined #vserver. [20:52] Nick change: Bertl_oO -> Bertl [20:52] hi folks! [20:53] Bertl: hi [20:53] Bertl: it works, but strangely [20:54] define stangely! [20:54] basically it is supposed to do the following: [20:54] parport 2 (press reset) [20:55] Bertl: first of all, a -h does not tell me i have to give an extra parameter [20:55] parport 1 (release reset) [20:55] parport 0 normal state [20:55] why do i have to send a release ? [20:55] i think i do 1 and hen 0 [20:55] and it works [20:55] why do you need to release the reset button on your pc? [20:55] but with a -p 0 1 [20:55] but with a -p 0 0 [20:56] weah, works too ... [20:56] s/weah/yeah/ [20:56] no, i mean, why does your tool not send the release ? [20:56] because often (for power for example) you need to hold it 4 secs [20:56] oh [20:56] but also some reset logics do not work with short amounts of time ... [20:57] and I wanted to keep that tool simple and efficient ;) [20:57] anyway, i am compiling 2.4.25-rc2 with your 1.3.7 [20:57] great! [20:57] Bertl: okay [20:57] Bertl: the address right now is 194.239.210.77 [20:57] you should be able to ssh in as root [20:57] no serial console yet [20:58] and the remote reset has to be webpaged [20:58] root@194.239.210.77's password: [20:59] or do you prefer a key? [20:59] jonb [20:59] i dont care [20:59] we need to change it as well [21:00] it's a UP kernel atm, right? [21:01] right [21:01] default debian 2.4 kernel [21:01] bf24 install kernel [21:04] 00:11.0 Ethernet controller: Macronix, Inc. [MXIC] MX987x5 (rev 25) [21:04] what is that? [21:05] a ethernet controller [21:06] never heard of that brand ... [21:07] JonB: okay, you can change the root passwd ... [21:07] (I added a key to the root account) [21:11] i think the chipset is myson [21:13] hey that thing even has a working APIC, good board ... [21:16] it is a tyan [21:19] let's see if we can boost the disk performance ... [21:20] why ? [21:20] improved responsiveness ... [21:21] yep, works ... [21:21] Bertl: what did you do ? 32 bit, dma ? [21:21] hdparm -c 1 -u 1 -d 1 /dev/hda [21:22] that does ? [21:22] why is that not on by default? [21:22] /dev/hda: [21:22] setting 32-bit I/O support flag to 1 [21:22] setting unmaskirq to 1 (on) [21:22] setting using_dma to 1 (on) [21:22] I/O support = 1 (32-bit) [21:22] unmaskirq = 1 (on) [21:22] using_dma = 1 (on) [21:23] not all chipsets do support that ... [21:24] ok [21:29] Bertl: cd /usr/src/linux [21:29] Bmake-kpkg kernel-image [21:29] that is how you make a kernel package under debian? [21:30] yes [21:30] shall I do that now? [21:30] it makes a debian kernel package [21:31] how does it know where to take the kernel/config from? [21:31] current dir? [21:32] fs/fs.o: In function `proc_virtual_readdir': [21:32] fs/fs.o(.text+0x26a60): undefined reference to `__cmpdi2' [21:32] fs/fs.o(.text+0x26a77): undefined reference to `__cmpdi2' [21:32] fs/fs.o(.text+0x26a8a): undefined reference to `__cmpdi2' [21:32] fs/fs.o(.text+0x26aa7): undefined reference to `__cmpdi2' [21:32] fs/fs.o(.text+0x26abe): undefined reference to `__cmpdi2' [21:32] looks like that compiler issue ... [21:34] just type in /usr/src/linux [21:34] correct [21:34] i get that one as well [21:34] but as i am making dinner... [21:35] take your time, no need to hurry ... [21:35] i was hoping you would fix/finish it ;-p [21:35] ah, I see, probably requires a 'newer' compiler ... [21:36] this one miscomplies an integer division ... [21:36] and obviously thinks that the result should be float ... [21:36] or something like that ... [21:36] okay [21:36] which gcc ? [21:37] well I use 2.96 mdk (version of 2.95) [21:37] but 3.3.2 should do as well [21:38] but maybe we should work on a 'workaround' as this seems common for debian ... [21:42] installing 3.3, see you later this evening [21:42] thanks [22:18] okay, trying with 3.3 [22:55] Bertl: same problem [22:55] hmm, intereting ... [22:56] I'll investigate ... [22:56] dualp200mmx:/usr/src/linux# gcc --version [22:56] 2.95.4 [22:56] hmm, same compiler, right? [22:57] check the Makefile [22:57] wrong place, host gcc is only used for depend ;) [22:57] HOSTCC = gcc-3.3 [22:57] where then ? [22:58] and make menuconfig and such stuff, let me fix that ;) [22:58] where then ? [22:58] CFLAGS_KERNEL = -g -V 3.3 [22:58] or if you want CC = $(CROSS_COMPILE)gcc [22:59] gcc: installation problem, cannot exec `cpp0': No such file or directory [22:59] hmm, where is the original Makefile? [22:59] why doesn't that vi(m)? make backups? [23:00] ask debian [23:00] okay, I'll continue from here .... [23:06] Bertl: i never got arround trying to setup the console on serial port [23:06] I'll do that too ... do not worry ... [23:07] Bertl: then i'll never learn ;-P [23:07] you can monitor my steps, what about screen? [23:07] i forgot to install it [23:07] I did not ;) [23:07] and how can i monitor that ? [23:07] other than ttysnoop ? [23:08] though that might be an aix program [23:08] get a shell on that host [23:08] got it [23:08] resize it to 100x32 [23:08] then do screen -x [23:09] done [23:09] ey that worked [23:09] :) [23:09] you can type too ... [23:10] ok [23:11] how can I tell what packages are installed? [23:14] how can I list the files a dpkg contains? [23:15] tanjix (tanjix@pD904A149.dip.t-dialin.net) joined #vserver. [23:15] hi together [23:15] hi tanjix! [23:15] dpkg -L [23:16] Bertl, is vserver running on redhat enterprise ? [23:16] don't know, tell me! [23:16] does RHEL work with vanilla kernels? [23:16] if yes, it should be fine with vserver too ... [23:16] tanjix: if you have a support contract you might void that [23:17] JonB: i don't have [23:17] Bertl, I'm not sure.. never used rhel before [23:17] me neither, you'll have to test ... [23:17] ok, thought you would know anything or someone told you [23:18] sorry, I don't know anything ;) [23:18] no prob, i think i'll have a try :) [23:19] tanjix: okay [23:21] Bertl: your vserver patch does not apply cleanly to rc2, so you might have to download rc1 [23:22] hogwash, we upload a new patch ;) [23:23] ofc [23:43] and, did you follow my moves, and learn something? [23:44] i'm looking [23:45] but i'm not sure i can retrace all your steps [23:45] if you have questions, just ask ... [23:45] i know [23:59] jon, IIRC you mentioned some time ago, that you would like good project for development? [00:00] --- Sun Feb 15 2004