[00:01] click (click@gonnamakeyou.com) joined #vserver. [00:02] urgh [00:03] ExpiryJames (~james@h24-71-63-164.ok.shawcable.net) left irc: Ping timeout: 499 seconds [00:09] ExpiryJames (~james@h24-71-63-164.ok.shawcable.net) joined #vserver. [00:13] ensc (~ircensc@ultra.csn.tu-chemnitz.de) left irc: Read error: No route to host [00:14] ensc (~ircensc@ultra.csn.tu-chemnitz.de) joined #vserver. [00:24] jes (~jes@cpc1-leed5-3-0-cust196.ldst.cable.ntl.com) joined #vserver. [00:25] hi jes! [00:25] Hi all, I'm getting the error "Can't set the ipv4 root (Function not implemented)" when I try and start my vserver...anyone got any ideas? [00:25] Heya Bertl [00:26] http://vserver.13thfloor.at/Stuff/testme.sh [00:26] run this on the host, and let me know what it says ... [00:26] ok, one sec [00:27] ./testme.sh [00:27] Linux-VServer Test [V0.07] (C) 2003-2004 H.Poetzl [00:27] Can't set the new security context [00:27] : Function not implemented [00:27] chcontext failed! [00:27] Can't set the ipv4 root (Function not implemented) [00:27] chbind failed! [00:27] Linux 2.6.3 x86_64/0.28/0.28 [E] [00:29] hmm, you did patch the kernel with the vserver patch? [00:29] this is with a 2.6.3 kernel on AMD64, it seems to compile fine [00:29] there didn't seem to be one for the version I downloaded [00:29] oops yes I did [00:29] sorry misread what you typed there [00:29] yeah I patched my kernel [00:30] okay, good, let me check this, brb ... [00:30] k ty [00:35] this is an issue with the tools, enrico is currently investigating which tool versions should work ... [00:35] ahhhh ok [00:35] (x86_64 has a different syscall number) [00:35] ahhh right [00:36] so the kernel patch seems to have worked, just the userspace tools need "adjusted"? [00:36] can't tell yet ;) [00:36] lol [00:37] is there anything I can do to help? [00:37] you could try 0.29.2 in the meantime ... [00:37] 0.29.1+2 should have it [00:37] thats the 0.29 tools you mean? [00:37] should my kernel be ok? [00:38] after recompile, give the testme.sh a run, then we'll see [00:38] ok, one sec [00:38] wait a sec...am I recompiling kernel or just user tools? [00:38] util-vserver 0.29 != 0.29.2 (FYI) [00:39] lol...ok I'm lost...what am I downloading? [00:39] probably the wrong file ;) sec [00:39] lol [00:40] http://www-user.tu-chemnitz.de/~ensc/util-vserver/pre/util-vserver-0.29.2.tar.bz2 [00:42] ok downloading [00:42] ok, installed [00:43] now try the script ... [00:44] ./testme.sh [00:44] Linux-VServer Test [V0.07] (C) 2003-2004 H.Poetzl [00:44] Can't set the new security context [00:44] : Function not implemented [00:44] chcontext failed! [00:44] Can't set the ipv4 root (Function not implemented) [00:44] chbind failed! [00:44] Linux 2.6.3 x86_64/0.29.2/0.29.2 [E] [00:44] hrm .. okay, that's a bug, ... [00:44] all I had to do was run the patch against the kernel source, compile and reboot right? [00:44] no other patches after that? [00:44] yep [00:44] ok [00:44] please check with 'strace chcontext true' [00:44] is there anyway for me to check that it's compiled into the kernel ok? [00:45] want the output pasted here? [00:45] could you make it available via web? [00:45] yep, one sec [00:48] what is the patch version you used for that kernel? [00:48] http://www.daedalus-solutions.co.uk/jes/output.txt [00:48] http://www.13thfloor.at/vserver/e_patches/vs-26x/patch-2.6.3-vs0.09.diff [00:48] seemed to apply fine [00:48] no errors [00:48] it's supposed to apply fine ;) [00:48] enrico? syscall_273(0xffffffffffffffff, 0, 0, 0x20d10, 0x5032f0, 0x20d11, 0xbffff7c8, 0xbffff7c8, 0xbffff7c8, 0xbffff7c8, 0xbffff7c8, 0xbffff7c8, 0xbffff7c8, 0xbffff7c8, 0xbffff7c8, 0xbffff7c8, 0xbffff7c8, 0xbffff7c8, 0xbffff7c8, 0xbffff7c8, 0xbffff7c8, 0xbffff7c8, 0xbffff7c8, 0xbffff7c8, 0xbffff7c8, 0xbffff7c8, 0xbffff7c8, 0xbffff7c8, 0xbffff7c8, 0xbffff7c8, 0xbffff7c8, 0xbffff7c8) = -1 (errno 38) [01:38] loger joined #vserver. [01:38] is there a possibility to mount the /proc of the host system into a vserver or is this no good idea due to security issues ? [01:38] hi Cyrix! [01:38] the proc is normally mounted inside a vserver [01:39] jes: I'm stupid ... you have to edit the following file: [01:39] include/asm-x86_64/unistd.h [01:40] (search for the following line:) [01:40] __SYSCALL(__NR_vserver, sys_ni_syscall) [01:40] thats from the tools root dir? [01:40] not the kernel source? [01:40] and change the sys_ni_syscall to sys_vserver [01:40] in the kernel source [01:40] ok [01:40] ok found that line [01:40] Cyrix: but you have the proc security feature to make only certain proc entries visible inside a vserverf [01:41] ok, recompile kernel, switch and reboot? [01:42] are you sure Bertl? then I'm confused why phpSysInfo is unable to show me any infos [01:42] probably because you have the security feature enabled ;) [01:42] (for 1.3.x and vs0.09 it's enabled as default) [01:42] is this security enabled by default ? [01:42] 23:43 < Bertl> (for 1.3.x and vs0.09 it's enabled as default) [01:45] um....i only have 1.24 as you should remember [01:45] ok, rebooting again [01:45] if I would remember every person's vserver version, I would require a brain the size of an elephant ... (or an elephant ;) [01:45] lol@Bertl [01:45] okay 1.24 has this but it is disabled by default ... [01:45] I always go for the latest version, I like the papercuts you get from being on the bleeding edge ;) [01:45] Cyrix: what was the reason for 'only' 1.24 again? [01:46] it was simply the latest stable version the last time i had enough time to compile myself a new kernel :) [01:46] jes: you'll now get some funny syscall logging ... but that shouldn't hurt too much .. think of it as vserver internal information exposed ;) [01:46] lol [01:47] ok, I'm back in again [01:47] try the chcontext again? [01:47] yup [01:47] [root@cerberus root]# chcontext --ctx 100 true [01:47] New security context is 100 [01:47] woohoo! [01:47] Cyrix: what does chcontext --ctx 100 ls /proc show? [01:47] I take it thats a good sign Bertl? [01:47] jes: now test the testme.sh ... [01:47] [root@cerberus tmp]# ./testme.sh [01:47] Linux-VServer Test [V0.07] (C) 2003-2004 H.Poetzl [01:47] chcontext is working. [01:47] chbind is working. [01:47] Linux 2.6.3 x86_64/0.29.2/0.29.2 [E] [01:47] --- [04:17] loger joined #vserver. [04:19] ensc (~ircensc@ultra.csn.tu-chemnitz.de) joined #vserver. [04:25] serving (~serving@213.186.190.121) joined #vserver. [04:42] ben (~ben@bengrimm-host225.dsl.visi.com) left irc: Ping timeout: 480 seconds [05:02] Nick change: cdub -> cgone [06:07] cool! solaris zones is in the new solaris express release. you guys might be interested in it as its very similar to vserver [06:07] http://www.sun.com/bigadmin/content/zones/ [06:07] Action: talon_afk runs off to install the new solaris 10 beta [06:21] that's very cool [06:21] not much demand for solaris though [06:25] matta: theres plenty of big shops that use solaris. and i know people will love this. i also plan to make my product support both vserver and zones. [06:26] since i plan to sell a solaris version. [06:26] you're just making a front end? [06:26] heh [06:26] more of a configuration libary with a default front en don it but yeah. [06:26] i guess i could make my CP easily converted to this also [06:27] the web interface just calls a bunch of backend scripts (ie. addvps) [06:27] so different addvps for each system [06:27] only problem is the options [06:27] different options for each system [06:27] ive been planning to make mine portable for a while now. im just glad i actually have zones to develop with in paralel now. [06:31] basicly what im working on is a linux distro based around vserver with a cobalt like configuration interface built around a portable and documented perl library. that web,menu and command line tools are built around. and i plan on selling the config interface for solaris and possibly freebsd in the future. hopefulyl if its good enough maybe sun will ship it with thier low end 1U rackmount solaris boxes. [06:37] i know a few cobalt guys at sun, and ive been working on this since i got news they were killing off the cobalt. [10:09] Nick change: Mcleod[Zzz] -> Mcleod [10:44] Nick change: Bertl_zZ -> Bertl [10:44] morning everyone, anything urgent? [10:45] Bertl: nothign urgent, but you asked a whiel ago how solaris zones compares to vserver. you can look at the specs at http://www.sun.com/bigadmin/content/zones/ [10:46] might give you some ideas. [10:46] hmm, okay, probably you already did, right? so what are the advantages over vserver? [10:47] morning? [10:47] i guess it's like 3am [10:47] oh, you r what, 5 hours ahead? [10:48] always ;) [10:48] im still looking at it but basicly, it has full virtualization of network devices. resource limits on everything that are dynamicaly reconfigurable and can be automatically reallocated to other zones as utilization changes. [10:49] you can moutn NFS shares inside zones and they are only visible to that zone. (ie you cant even see it in the gobal zone IE ctx0) [10:49] hmm, the nfs? part is also in vs0.09 ;) [10:50] the pdf describes it in more detail and im still going through it. if anythign the admin tools might be intresting. [10:50] getting ready to create a few zones on a test box i set up an hour ago. [10:51] going to try quotas on it :) [10:51] ic ... [10:51] okay, let me know what you find out ... [10:51] wonder what the scalability is like [10:51] you can have 8192 zones max on a machine. [10:51] seems it'd be comparable to vserver [10:52] sounds like it virtualizes the kernel [10:52] how many you can run effectivly depends on the resource footprint of each zone and the hardware resources. [10:52] matta: yeah, at least thats what the docs say. [10:52] stupid pdf can't be read under xpdf [10:53] Bertl: whast the upper limit on contexts? just curious. [10:54] processes in zones will be unable to control [10:54] global aspects of the system configuration such as run level, most [10:54] physical devices, and network routing tables. [10:54] i know the bs is 1 and all.. [10:54] talon_afk: basically 49151 for the static and 16383 for dynamic [10:54] [root@uml11 home]# time dd if=/dev/zero of=testfile bs=1 count=3G [10:54] 92348255+0 records in [10:54] 92348254+0 records out [10:54] real 4m40.611s [10:54] user 0m32.254s [10:54] sys 4m8.248s [10:55] doesn't that seem a bit slow [10:55] Nick change: talon_afk -> talon [10:55] hrm, i guess it makes sense the small block size would kill it [10:55] Bertl: oh yeah it also looks like teh capability system they put ontop of solaris is a bit more fine tuned to teh job than the linux capability system. [10:55] read write at one byte ... [10:56] speaking of which [10:56] talon: we are currently addressing this ;) [10:56] Bertl: i hope they both end up compraable. sinc ei plan to make equal use of both. [10:57] i will certanly help any way i can. [10:57] has any work actually been done on that? [10:57] did you see my wish list herbert? :) [10:58] hmm, actually no ... [10:58] 22:25 struct vcmd_ctx_caps_v0 { [10:58] 22:25 uint64_t scaps; [10:58] 22:25 uint64_t ccaps; [10:58] 22:25 uint64_t cmask; [10:58] 22:25 }; [10:58] matta: where is your wishlist? [10:58] http://www.tektonic.net/public/vserver_hosting_req.txt [10:58] didn't see anything on the ml? [10:58] lol good luck! [10:59] yes, i know first 4 are essentially done [10:59] Ability to change hostname [10:59] done [10:59] done? [10:59] sure, since a long time ... [10:59] that's a major one honestly [10:59] uhm [10:59] i mean from within vserver [10:59] during runtime [10:59] try with 1.3.x or vs0.09, just use hostname [11:00] really? [11:00] nice [11:00] you would not believe how many people [11:00] e-mailed me [11:00] actually from the testme.sh one test checks this ;) [11:00] balking that I gave them root access [11:00] and that when they try to run hostname it says they must be root [11:00] and they get all snotty [11:00] that's why I put that in there :) [11:00] probably you need a cap for that too ... [11:00] CAP_NET_ADMIN I bet... [11:00] which isn't very safe [11:01] this is why we are addressing those issues ... [11:01] i might just enable CAP_SYS_RESOURCE [11:01] Sub-capabilities - More specifically named needs to be able to run wit [11:01] for named [11:01] not only for named for many other -d [11:01] remember, the list is for hosting [11:01] Virtualized /proc/mounts [11:01] done [11:01] hrm [11:02] i know you have the patch for no /proc/mounts [11:02] and private namespace [11:02] yeah, private namespace includes that [11:02] but does private namespace virtualize /proc/mounts ? [11:02] yes [11:02] ok [11:02] that explains it then [11:02] only thing is sub-capabilites and iptables and then throw it all together [11:02] but sure a nice list, could you post it on the mailing list? [11:03] i guess iptables isn't really required [11:03] maybe with a request to comment on it ... [11:03] and bind can be gotten around with CAP_SYS_RESOURCE [11:03] I'd like to see the community priorities on that ... [11:03] ok [11:04] okay, have to go now, will be back in 1-2 hours ... [11:04] talon, matta cu [11:04] Nick change: Bertl -> Bertl_oO [11:04] Bertl: bye. [11:05] hope you find the pdf interesting. [11:08] ben- (ben@bengrimm-host229.dsl.visi.com) left irc: Read error: Connection reset by peer [11:11] ok [11:11] it's sent [11:12] Action: talon goes back to sleep after reading a bit more. [11:13] had some more work fall into my lap, hope to have some mroe howto stuff done around monday. [11:30] AHTOH (~Anton@212.1.230.115) joined #vserver. [11:30] hi ppl [11:56] rs (rs@ice.aspic.com) joined #vserver. [11:57] hello [12:50] jes (~jes@cpc1-leed5-3-0-cust196.ldst.cable.ntl.com) joined #vserver. [12:50] morning all [12:58] Nick change: Bertl_oO -> Bertl [12:58] hi everyone! [12:59] kestrel (~athomas@syd-h43C.adsl.AlwaysONLINE.net.au) joined #vserver. [12:59] hello [13:00] hi alec! [13:00] hey herbert, how are you? [13:00] fine thanks, how are you? [13:01] ooh. [13:01] *yawn* [13:01] <-- dead tired [13:02] 24 hrs up agaaaain. [13:02] fucking idiots that doesn't show up on time [13:02] can't close the club when I don't have the key. [13:04] hmm ... [13:05] jh hi bertl [13:05] jes: I ahve some ideas what to try .. you wanna test? [13:05] hi Anton! [13:06] hi i have couple quesyion [13:06] let's hear ... [13:06] 1st -- how can i write 2 ips in old conf file [13:07] IP_ROOT="192.168.0.1 192.168.0.2" [13:07] Heya Bertl [13:07] sorry was AFK [13:08] sure..Bertl! [13:08] and is it ok if they are in different interfaces on host? [13:08] and different network of course [13:08] ensc came up with a change last night to change the int declaration to long for sys_vserver [13:09] extern asmlinkage long [13:09] sys_vserver(uint32_t cmd, uint32_t id, void *data) [13:09] but running the test script now gives some failures [13:11] brb...just grabbing a coffee [13:12] ok [13:12] Anton: yes just use "eth0:192.168.0.1/24 eth1:192.168.1.1/24" [13:13] ok i see [13:13] another question is about proc [13:13] i am fixing proc problem using your vproc /proc/* /proc/*/* [13:13] but does that makes /proc/mtab readable for virtuals? [13:14] ok back [13:14] Anton /proc/mounts if you are referring to that, isn't affected/controlled by the vproc security ... [13:14] dont we have any security holes via proc? [13:15] yes, we have, that is why the rpoc security was introduced ... [13:15] s/rpoc/proc/ [13:16] jes: while the general idea was okay (enricos) the cause is somewhere else ... [13:16] how was it introduced and how dhoul i use it [13:16] ahhh ok [13:16] i use 1.3.7 + 0.29 [13:17] well Bertl...if you have anything else to try, I have a spare few hours ;) [13:17] okay [13:17] Anton, what do you mean by introduced? [13:18] http://www.linux-vserver.org/index.php?page=ChangeLog [13:18] Bertl, should I revert the int/long change I made last night? the test script now gives - [13:18] (this is the history) [13:18] [root@cerberus tmp]# ./testme.sh [13:18] Linux-VServer Test [V0.07] (C) 2003-2004 H.Poetzl [13:18] chcontext is working. [13:18] chbind is working. [13:18] Linux 2.6.3 x86_64/0.29.2/0.29.2 [E] [13:18] --- [13:18] [001]# succeeded. [13:18] [011]# succeeded. [13:18] [031]# failed. [13:18] [101]# succeeded. [13:18] [102]# succeeded. [13:18] [201]# succeeded. [13:18] [202]# failed. [13:18] yes, we have, that is why the rpoc security was introduced ... [13:19] you said about introduces [13:19] oaky [13:20] http://archives.linux-vserver.org/200401/0125.html [13:20] (have a look at that) [13:20] jes, could you explain me the changes you and enrico did? [13:20] ok thnx will look firstly [13:21] but what about wriring to proc? [13:21] writing [13:21] Bertl: in kernel/vserver/switch.c changed the following extern asmlinkage int [13:21] sys_vserver(uint32_t cmd, uint32_t id, void *data) [13:21] where there is no entry, it can't be written to ... [13:21] to extern asmlinkage long [13:21] sys_vserver(uint32_t cmd, uint32_t id, void *data) [13:21] okay, yes that is necessary and useful ... [13:21] i.e, changed the "extern asmlinkage" bit [13:24] and that was it Bertl [13:24] good, I'll fix up the rest, and make a patch available ... [13:24] ok...anything you'd like me to test out? [13:25] not atm, but in a few minutes ... [13:25] *nods* [13:34] [HvD] (~guess@62.99.252.14) joined #vserver. [13:34] <[HvD]> marc ? [13:35] hmm, would a bertl do in the meantime? [13:36] surriel (~riel@imladris.surriel.com) left irc: Ping timeout: 480 seconds [13:36] lol [13:49] loger joined #vserver. [13:52] surriel (~riel@imladris.surriel.com) joined #vserver. [13:59] I like this channel, you have a flurry of activity followed by long gaps to get a few cups of coffee in ;) [13:59] does a vserver copy works in 29.196? [14:03] stubbsd (~stubbsd@217.206.216.194) joined #vserver. [14:03] surriel (~riel@imladris.surriel.com) left irc: Ping timeout: 485 seconds [14:03] Anton: you have to ask enrico about that (ensc) [14:07] <[HvD]> nop sorry .. wrong window .. ;-) [14:07] <[HvD]> bertl wont release wolk ;-) [14:08] jes: http://vserver.13thfloor.at/Experimental/delta-2.6.3-vs0.09-vs0.09.3.diff [14:08] please give it a try, I'm out for lunch now ... will be back soon [14:08] Nick change: Bertl -> Bertl_oO [14:10] sorry Bertl, was AFK [14:11] Bertl, do I apply that to a clean kernel, or can I apply it to mine "as-is"? [14:11] ahhh ok, catch you after lunch [14:15] patching file kernel/vserver/switch.c [14:15] Hunk #1 FAILED at 30. [14:15] 1 out of 1 hunk FAILED -- saving rejects to file kernel/vserver/switch.c.rej [14:19] ok, patched that file manually [14:25] [root@cerberus tmp]# ./testme.sh [14:25] Linux-VServer Test [V0.07] (C) 2003-2004 H.Poetzl [14:25] chcontext is working. [14:25] chbind is working. [14:25] Linux 2.6.3 x86_64/0.29.2/0.29.2 [E] [14:25] --- [14:25] [001]# succeeded. [14:25] [011]# succeeded. [14:25] [031]# failed. [14:25] [101]# succeeded. [14:26] [102]# succeeded. [14:26] [201]# succeeded. [14:26] [202]# failed. [14:26] ok...give me a shout when you need to bang your head against the wall again Bertl ;) [14:31] stubbsd (~stubbsd@217.206.216.194) got netsplit. [14:31] jes (~jes@cpc1-leed5-3-0-cust196.ldst.cable.ntl.com) got netsplit. [14:31] serving (~serving@213.186.190.121) got netsplit. [14:31] talon (talon@host-63-149-223-100.irwinresearch.com) got netsplit. [14:31] mcp (~hightower@wolk-project.de) got netsplit. [14:32] stubbsd (~stubbsd@217.206.216.194) returned to #vserver. [14:32] jes (~jes@cpc1-leed5-3-0-cust196.ldst.cable.ntl.com) returned to #vserver. [14:32] serving (~serving@213.186.190.121) returned to #vserver. [14:32] talon (talon@host-63-149-223-100.irwinresearch.com) returned to #vserver. [14:32] mcp (~hightower@wolk-project.de) returned to #vserver. [14:32] #vserver: mode change '+o mcp' by ChanServ!services@services.oftc.net [14:35] surriel (~riel@imladris.surriel.com) joined #vserver. [14:42] bengrimm (~ben@bengrimm-host225.dsl.visi.com) joined #vserver. [15:09] jes (~jes@cpc1-leed5-3-0-cust196.ldst.cable.ntl.com) left irc: Remote host closed the connection [15:18] Nick change: Bertl_oO -> Bertl [15:19] jes (~jes@cpc1-leed5-3-0-cust196.ldst.cable.ntl.com) joined #vserver. [15:19] bah, damn ISP [15:19] jes? [15:19] ah oaky ... [15:19] yep Bertl, sorry got disconnected [15:20] that patch is against the vs0.09 [15:20] bengrimm (~ben@bengrimm-host225.dsl.visi.com) left irc: Read error: Connection reset by peer [15:20] so you ahve to get 2.6.3, then patch vs0.09 then the 0.09.3 patch [15:20] thats what I did [15:20] and you got a reject? [15:21] yes [15:21] that is very unlikely .. but let me verify that ... [15:21] ok, let me try again to make sure I didn't screw up [15:22] bengrimm (~ben@bengrimm-host225.dsl.visi.com) joined #vserver. [15:22] mcp (~hightower@wolk-project.de) left irc: Ping timeout: 485 seconds [15:22] [root@cerberus linux-2.6.3]# patch -p1 < delta-2.6.3-vs0.09-vs0.09.3.diff [15:22] patching file arch/arm/kernel/ecard.c [15:22] patching file arch/mips/kernel/linux32.c [15:22] patching file arch/parisc/kernel/sys_parisc32.c [15:22] patching file arch/ppc64/kernel/sys_ppc32.c [15:22] patching file arch/s390/kernel/compat_linux.c [15:22] patching file arch/sparc64/kernel/sys_sparc32.c [15:22] patching file include/asm-x86_64/unistd.h [15:22] patching file include/linux/vserver/context.h [15:22] mcp (~hightower@wolk-project.de) joined #vserver. [15:22] patching file include/linux/vserver/legacy.h [15:22] patching file include/linux/vserver/namespace.h [15:22] patching file include/linux/vserver/switch.h [15:22] patching file kernel/sys.c [15:22] patching file kernel/vserver/Makefile [15:22] patching file kernel/vserver/context.c [15:22] patching file kernel/vserver/namespace.c [15:22] patching file kernel/vserver/switch.c [15:23] Hunk #1 FAILED at 30. [15:23] 1 out of 1 hunk FAILED -- saving rejects to file kernel/vserver/switch.c.rej [15:23] ahhhh no....I know what it is [15:23] hmm? [15:23] last night I modified the patch script when Enrico suggested changing the int to a long [15:23] doh! [15:24] AHTOH (~Anton@212.1.230.115) left #vserver (Client exiting). [15:24] hmm, okay, shouldn't make a difference, though ... [15:24] *nods* [15:24] I would ask you to do the testme.sh again with -vv option (2x v) and make the output available somewhere on the web ... [15:24] ok...one sec [15:25] Nick change: bengrimm -> ben- [15:25] hi ben! [15:25] hiya Bertl [15:25] http://www.daedalus-solutions.co.uk/jes/testme.txt [15:26] mcp (~hightower@wolk-project.de) got netsplit. [15:26] surriel (~riel@imladris.surriel.com) got netsplit. [15:26] talon (talon@host-63-149-223-100.irwinresearch.com) got netsplit. [15:26] stubbsd (~stubbsd@217.206.216.194) got netsplit. [15:26] serving (~serving@213.186.190.121) got netsplit. [15:26] okay, jes, get your vi ready, we have to do some debugging ... [15:26] okeee [15:27] mcp (~hightower@wolk-project.de) returned to #vserver. [15:27] surriel (~riel@imladris.surriel.com) returned to #vserver. [15:27] stubbsd (~stubbsd@217.206.216.194) returned to #vserver. [15:27] serving (~serving@213.186.190.121) returned to #vserver. [15:27] talon (talon@host-63-149-223-100.irwinresearch.com) returned to #vserver. [15:27] kernel/vserver/legacy.c [15:28] int vc_new_s_context(uint32_t ctx, void *data) [15:28] line 90- [15:28] we add the folowing line before this comment: [15:28] /* legacy hack, will be removed soon */ [15:29] printk("context/A %d\n", ctx); [15:29] ok done [15:29] and just before that line [15:29] if (((ctx > MAX_S_CONTEXT) && (ctx != VX_DYNAMIC_ID)) || [15:29] (line 122) [15:30] same printk? [15:30] printk("context/B %d,%d,%d \n", ctx, MAX_S_CONTEXT, VX_DYNAMIC_ID); [15:30] ok done [15:30] and before if (!new_vxi) [15:31] printk("context/C %d,%p\n", ctx, new_vxi); [15:31] done [15:31] and right after ret = vx_migrate_task(current, new_vxi); [15:31] printk("context/D %d,%d\n", ctx, ret); [15:32] done [15:32] god bless cut&paste ;) [15:32] okay, compile and reboot please ... [15:32] jes and the queen! ;) [15:32] lol indeed [15:34] rebooting [15:34] you are quite fast, or is it the machine? [15:34] to reboot? [15:34] yep [15:35] yeah it's reasonably quick [15:35] now when it's up again, we need to check the following: [15:35] chcontext true [15:36] and that should output 1-4 lines to dmesg [15:36] [root@cerberus tmp]# chcontext true [15:36] New security context is 49152 [15:36] ooo [15:36] that looks promising? [15:36] hrm, well it doesn show the bug? [15:36] context/A -1 [15:36] context/B -1,65535,-1 [15:36] context/C -1,00000100f786c800 [15:36] context/D -1,0 [15:37] quite perfect ... [15:37] lol [15:37] okay, lets try something else: [15:37] chcontext --hostname zaphod uname -a [15:37] [root@cerberus tmp]# chcontext --hostname zaphod uname -a [15:37] Host name is now zaphod [15:37] New security context is 49153 [15:37] Linux zaphod 2.6.3 #2 SMP Thu Feb 26 12:35:02 GMT 2004 x86_64 unknown unknown GNU/Linux [15:38] [root@cerberus tmp]# hostname [15:38] cerberus [15:38] hrm [15:38] okay run the testme.sh again ... [15:38] [root@cerberus tmp]# ./testme.sh [15:38] Linux-VServer Test [V0.07] (C) 2003-2004 H.Poetzl [15:38] chcontext is working. [15:38] chbind is working. [15:38] Linux 2.6.3 x86_64/0.29.2/0.29.2 [E] [15:38] --- [15:38] [001]# succeeded. [15:38] [011]# succeeded. [15:38] [031]# succeeded. [15:38] [101]# succeeded. [15:38] [102]# succeeded. [15:38] [201]# succeeded. [15:38] [202]# succeeded. [15:38] hmmmmm [15:38] errr how has adding debug messages fixed it? [15:38] lol [15:39] unless I screwed up with the patches before [15:39] (which is always possible) [15:39] hum good question, I would consider the folowing options in that order: [15:39] - you didn't install the patched kernel [15:39] - the kernel build system screwed up [15:39] - the compiler is broken [15:40] but, we ar going to test this ... [15:40] hmmmm, well being biased, I don't think it's 1 or 3 ;) [15:40] which gcc do you use? [15:40] 3.3.3 [15:40] compiled *loads* of stuff with it [15:40] hmm, new but should be okay ... [15:41] okay, let's make a simple test, just uncomment all the printk's [15:41] ok [15:42] you mean comment out? not uncomment [15:42] hmm, no native speaker, please explain ;) [15:42] lol [15:42] you want the printk's removed I mean [15:43] /* printk */ is this uncomment or comment out? [15:43] comment out I'd say [15:43] and uncomment? [15:43] removing the comments to give "printk" [15:43] okay so comment out it is ;) [15:44] lol depends on the context I suppose (excuse the pun!) [15:44] talon (talon@host-63-149-223-100.irwinresearch.com) got netsplit. [15:44] stubbsd (~stubbsd@217.206.216.194) got netsplit. [15:44] surriel (~riel@imladris.surriel.com) got netsplit. [15:44] serving (~serving@213.186.190.121) got netsplit. [15:44] mcp (~hightower@wolk-project.de) got netsplit. [15:44] thanks for clarifying that ... ;) [15:44] ok done, compile, reboot? [15:44] yep [15:45] please feel free to correct my english whenever I get it wrong ... I'm trying to improve ... [15:45] mcp (~hightower@wolk-project.de) returned to #vserver. [15:45] surriel (~riel@imladris.surriel.com) returned to #vserver. [15:45] stubbsd (~stubbsd@217.206.216.194) returned to #vserver. [15:45] serving (~serving@213.186.190.121) returned to #vserver. [15:45] talon (talon@host-63-149-223-100.irwinresearch.com) returned to #vserver. [15:45] Bertl, you're far better at "foreign" language than I am, trust me ;) [15:45] but I want to be purrfect ;) [15:46] lol typical programmer ;) [15:46] ok rebooting [15:46] lol I'm sure I must be due a fcsk this time [15:47] Action: ben- thinks Bertl is reasonably fluent [15:47] or even an fsck [15:47] lol [15:48] ok booted up now [15:48] paul (~irssi@195.202.59.150) joined #vserver. [15:49] [root@cerberus tmp]# chcontext true [15:49] New security context is 49154 [15:49] hi [15:49] hi paul! [15:49] [root@cerberus tmp]# ./testme.sh [15:49] Linux-VServer Test [V0.07] (C) 2003-2004 H.Poetzl [15:49] chcontext is working. [15:49] chbind is working. [15:49] Linux 2.6.3 x86_64/0.29.2/0.29.2 [E] [15:49] --- [15:49] [001]# succeeded. [15:49] [011]# succeeded. [15:49] bertl - I'm assuming you learned english in school? [15:49] [031]# succeeded. [15:49] [101]# succeeded. [15:49] [102]# succeeded. [15:49] [201]# succeeded. [15:49] [202]# succeeded. [15:49] hi Paul [15:49] hmm, jes, I guess that's pretty clear ... [15:49] [root@cerberus tmp]# chcontext --hostname zaphod uname -a [15:49] Host name is now zaphod [15:49] New security context is 49157 [15:49] Linux zaphod 2.6.3 #3 SMP Thu Feb 26 12:47:34 GMT 2004 x86_64 unknown unknown GNU/Linux [15:49] it must have been the build system 8-) [15:50] lol...ok shall I try and start the vserver now? [15:50] ben-: well I learned english at school, but not really ... [15:51] and sometimes I regret that I didn't start earlier ... but as I said, I'm constantly trying to improve ... [15:51] [root@cerberus vservers]# vserver mytest start [15:51] Starting the virtual server mytest [15:51] Error: /proc must be mounted [15:51] To mount /proc at boot you need an /etc/fstab line like: [15:51] /proc /proc proc defaults [15:51] In the meantime, mount /proc /proc -t proc [15:51] Server mytest is not running [15:51] ipv4root is now 192.168.1.109 [15:51] New security context is 49158 [15:51] that's okay ... [15:51] Can't execute /etc/rc.d/rc (No such file or directory) [15:51] [root@cerberus vservers]# vserver mytest enter [15:51] Error: /proc must be mounted [15:51] To mount /proc at boot you need an /etc/fstab line like: [15:51] /proc /proc proc defaults [15:51] In the meantime, mount /proc /proc -t proc [15:51] ipv4root is now 192.168.1.109 [15:51] you ar now hitting the proc security ... [15:51] Can't set the new security context [15:51] : Invalid argument [15:51] ahhh ok [15:51] bert: you're far enough along now, just that last 1% I suppose [15:52] hmmm but I can't enter the vserver Bertl? [15:53] hmm, let's see ... [15:54] first enable the /proc for everything ... [15:54] setattr --~hide /proc/* /proc/*/* /proc/*/*/* [15:55] [root@cerberus vservers]# setattr --~hide /proc/* /proc/*/* /proc/*/*/* [15:55] -bash: setattr: command not found [15:55] hmmmm [15:55] you mean chattr? [15:55] then check with vserver-stat if anything is reported [15:55] nope util-vserver should contain a setattr [15:56] ahhh ok, it just doesn't install it [15:56] [root@cerberus src]# ./setattr --~hide /proc/* /proc/*/* /proc/*/*/* [15:56] Invalid option --~hide [15:57] hmm, check with --help [15:57] [root@cerberus src]# ./setattr [15:57] showattr file ... [15:57] Presents extended file attribute. [15:57] setattr --immutable --immulink file ... [15:57] Sets the extended file attributes. [15:57] ahh, you ahve the stable branch, right ... [15:57] These utilities exist as an interim until lsattr and [15:57] chattr are updated. [15:58] forget it, get the vproc tool from my site, or the alpha util-vserver [15:58] got a direct link? [15:58] sec [15:58] re [15:59] http://www.13thfloor.at/vserver/s_release/v1.24/vkill-0.01.tar.bz2 [15:59] http://www.13thfloor.at/vserver/s_release/v1.24/vproc-0.01.tar.bz2 [15:59] hi rs! [15:59] ok done [15:59] Bertl: how the immulink is implemented ? is it an xattr or just a new chattr ? [16:00] -ch [16:00] chattr atm, but we want to switch to ea anyway (at least on 2.6) [16:00] ok, what do I do with this vproc? [16:00] k [16:01] vproc -e /proc/* /proc/*/* /proc/*/*/* [16:01] but with xattr you still need to patch the filesystem to do something with the attr, isn't it ? [16:01] oooo LOTS of errors [16:01] jes: will give you some errors, but that's okay for now ... [16:01] ./vproc: ioctl not supported on /proc/927/root/home [16:01] ./vproc: ioctl not supported on /proc/927/root/initrd [16:01] etc [16:02] ahh ok [16:02] done then ;) [16:02] rs: yes, but the checks are minimal ... [16:02] jes: proceed with the vserver-stat ;) [16:02] [root@cerberus vproc-0.01]# vserver-stat [16:02] CTX PROC VSZ RSS userTIME sysTIME UPTIME NAME DESCRIPTION [16:02] 0 74 826MB 35kB m04.96 m08.40 14m41.16 root server [16:02] Bertl: yep I understand [16:03] jes: okay so the context was started, but no runlevel script was found, which in turn led to shutting down the context again ... [16:03] ok [16:03] try with the folowing test: [16:03] chcontext --ctx 100 sleep 100 [16:04] chcontext --ctx 100 sleep 100 & [16:04] and then vserver-stat [16:04] [root@cerberus rc.d]# chcontext --ctx 100 sleep 100 & [16:04] New security context is 100 [16:04] [1] 2054 [16:04] [root@cerberus rc.d]# vserver-stat [16:04] CTX PROC VSZ RSS userTIME sysTIME UPTIME NAME DESCRIPTION [16:04] 0 74 826MB 35kB m05.81 m08.63 16m30.20 root server [16:04] 100 1 6MB 163B m00.00 m00.00 m12.62 [16:04] okay, so that's working too ... [16:04] woohoo ;) [16:05] I'd say, the only thing you have to figure out now, is how to build a working vserver ... [16:05] lol [16:05] well I did "vserver mytest build" [16:05] [root@cerberus rc.d]# ls -al /vservers/mytest/etc/rc [16:05] lrwxrwxrwx 1 root root 7 Feb 26 10:12 /vservers/mytest/etc/rc -> rc.d/rc* [16:05] and there seems to be an rc script [16:06] maybe it's not executebale? maybe the proc was missing, try to start it once again ... [16:07] [root@cerberus etc]# pwd [16:07] [root@cerberus etc]# ls -al rc [16:07] lrwxrwxrwx 1 root root 7 Feb 26 10:12 rc -> rc.d/rc* [16:07] [root@cerberus etc]# ls -al rc.d/rc [16:07] -rwxr-xr-x 1 root root 3526 Sep 25 11:12 rc.d/rc* [16:08] [root@cerberus etc]# vserver mytest start [16:08] Starting the virtual server mytest [16:08] Server mytest is not running [16:08] ipv4root is now 192.168.1.109 [16:08] New security context is 49160 [16:08] Can't execute /etc/rc.d/rc (No such file or directory) [16:08] hmmm maybe its something *in* the rc file? [16:09] lol time to scrap that vserver and create a new one [16:09] maybe something was foobar'ed with the /proc system when I created it [16:10] Bertl will I need to run that vproc command again if I reboot my server? [16:10] yes, that should get in a sanitized version into rc.local or a separate runlevel script [16:11] you need to figure out what proc entries are safe and required for your vservers .. then only make them available to thm ... [16:11] +e [16:11] ahhh ok [16:11] and that vproc command does that? [16:12] yes, basically you specify the entries to be enabled on the vproc command line [16:12] so, say I can run "vproc -e /proc/cpuinfo" (for example)? [16:12] right I see [16:12] exactly [16:12] I get ya [16:14] just out of interest will it still work if I make /vservers a soft link to /usr/local ? [16:17] hmm should, you ahve to make sure that the barrier is intact on the actual directory [16:18] barrier? [16:18] you don't want vserver root to take a walk on your host, right? [16:18] chmod 0000 /vserver and chattr =t /vservers [16:18] ahhh right [16:19] that is for stable, but _not_ for devel or vs0.09 [16:19] *nods* [16:19] devel and 2.6 uses --barrier [16:19] Bertl: added a new barrier-check? [16:19] ah [16:19] goodie [16:19] :) [16:19] yes, it's a flag like the iunlink [16:20] wow....building a vserver likes memory - [16:20] Mem: 3978912 3969672 9240 [16:20] basically the inode cache ... [16:20] total used free shared buffers cached [16:20] Mem: 3978912 3969672 9240 0 105028 3484420 [16:20] you can get the same result by doing: [16:20] find . -type f -exec cat {} >/dev/null \; [16:20] lol [16:21] that will pull in all the inodes ... [16:21] so, once I get this vserver built and working [16:21] I can enter it, then remove all the software I don't want in there? [16:22] and I don't need to worry about screwing up my host when I'm inside the vserver? [16:22] no worries, if you've set it up the barrier properly [16:22] :) [16:23] (or as bertl said, using devel or 2.6) [16:23] lol [16:23] <-- doesn't, yet. [16:23] Well I'm using 2.6, does that mean the barrier is automatic? [16:23] dunno, not using 2.6 [16:23] bertl? [16:23] as you can tell I'm a newbie ;) [16:23] you need to add the barrier flag with setattr ... [16:23] so...let me get this right I could create /usr/local/vservers [16:23] so you won't get around compiling the alpha util vserver I guess ... [16:23] jes: newbies learn, and so do you, I'm much of a newbie myself as well [16:24] then link /vservers to it [16:24] jes: yup [16:24] then setattr --barrier /usr/local/vservers ? [16:24] jes: it's not required to link it [16:24] you have other options to do that ... [16:24] one is, with the alpha tools, you can simply specify the location [16:25] another would be using --bind mounts [16:25] so B barrier in place, b barrier not in place? [16:25] [root@cerberus /]# vserver mytest build [16:25] Directory /vservers/mytest has been populated [16:25] Can't set the new security context [16:25] : Invalid argument [16:25] Can't set the new security context [16:25] : Invalid argument [16:25] Can't set the new security context [16:25] broo: hi, and right! [16:25] Is that anything to worry about? [16:25] maharaja (maja@ipax.tk) left irc: Quit: changing servers [16:25] hmm jes, don't know yet, guess we'll ahve to wait for enrico ... [16:25] maharaja (maja@ipax.tk) joined #vserver. [16:26] hmmm same thing again Bertl [16:26] [root@cerberus /]# vserver mytest start [16:26] Starting the virtual server mytest [16:26] Server mytest is not running [16:26] ipv4root is now 192.168.1.109 [16:26] New security context is 49161 [16:26] Can't execute /etc/rc.d/rc (No such file or directory) [16:26] jes: but you could give the alpha tools a try, there is even a page for it ... sec [16:26] stubbsd (~stubbsd@217.206.216.194) left irc: Ping timeout: 485 seconds [16:26] http://www.linux-vserver.org/index.php?page=alpha+util-vserver [16:26] stubbsd (~stubbsd@217.206.216.194) joined #vserver. [16:27] this, besides other things, shows how the create vservers out of thin air ;) [16:27] lol just what I need [16:27] status was 0.28.195 but latest alpha is 0.29.196 IIRC [16:28] the 0.28.195 didn't seem to play nicely with a 2.6.3 kernel, but the alpha tool set worked very nicely [16:29] ok compiling that [16:29] ooo errors [16:29] lol [16:29] /lib/modules/2.6.3/build/include/asm/io_apic.h:68: warning: no semicolon at end of struct or union [16:29] /lib/modules/2.6.3/build/include/asm/io_apic.h:73: warning: type defaults to `int' in declaration of `bits' [16:29] /lib/modules/2.6.3/build/include/asm/io_apic.h:73: warning: `packed' attribute ignored [16:29] /lib/modules/2.6.3/build/include/asm/io_apic.h:73: confused by earlier errors, bailing out [16:30] for example [16:33] yeah I had a few like that as well, mine were linux fs ones and I ended up include before in I think rpm-fake.c and secure-mount.c [16:33] because certain types weren't being declared because of either __KERNEL__ defines protecting them or other defines [16:34] brb [16:35] /usr/include/asm-generic/statfs.h:26: error: parse error before "__u64" [16:35] /usr/include/asm-generic/statfs.h:27: error: ISO C forbids data definition with no type or storage class [16:35] /usr/include/asm-generic/statfs.h:28: error: parse error before "f_bavail" [16:35] these were the kind I was getting [16:36] this is a sign of broken headers, either in util-vserver or in glibc ... [17:25] hmm, am I still here? [17:26] serving (~serving@213.186.190.121) left irc: Read error: Connection reset by peer [17:33] no :) [17:34] <-- offline in a moment, off to my gf [17:34] new gf! [17:34] hurray! [17:34] :D [17:34] hmm, guess we won't see you here for a while, right? [17:39] either that or he'll be back very soon ;> [17:40] hehe [17:47] _maharaja (maja@ipax.tk) joined #vserver. [17:47] maharaja (maja@ipax.tk) left irc: Read error: Connection reset by peer [17:57] loger8 joined #vserver. [17:57] loger (~loger@213.159.118.2) left irc: Ping timeout: 480 seconds [17:57] Nick change: loger8 -> loger [17:59] nah, I'll be back. Most probably some time tonight, as she's having an exam tomorrow :) [17:59] well, I'm off :) (had to stop some music-downloads) [17:59] cya click [18:00] cya [18:00] cya, take care all! [18:00] *poof* [18:05] hmmm still get that rc problem Bertl [18:12] mcp (~hightower@wolk-project.de) left irc: Ping timeout: 485 seconds [18:13] jes: as I said, you have to talk to enrico about that, I'm pretty sure the vserver kernel stuff now works ... [18:13] we can do some tests, but I don't know what could be the reason for 'not' executing the rc script ... [18:16] ahhh ok thanks Bertl [18:16] I'm just strace'ing it now [18:17] ben- (~ben@bengrimm-host225.dsl.visi.com) left irc: Read error: Connection reset by peer [18:18] ben- (~ben@bengrimm-host225.dsl.visi.com) joined #vserver. [18:19] seems to open the rc fine, just can't execute it, even though the perms are ok [18:19] hmm, check two things: [18:20] a) does the rc execute when you do a 'vserver enter' and then the /etc/rc? [18:20] b) does the 'shell' given in the shebang line exist, and is it executable from within the context? [18:20] [root@cerberus init.d]# vserver mytest2 enter [18:20] ipv4root is now 1.2.3.4 [18:20] Can't set the new security context [18:20] : Invalid argument [18:21] hrm, okay, try it with: [18:21] chcontext --ctx 100 chroot /path/to/vserver [18:21] chcontext --ctx 100 chroot /path/to/vserver /bin/bash [18:22] [root@cerberus mytest2]# chcontext --ctx 100 chroot /vservers/mytest2 /bin/bash [18:22] New security context is 100 [18:22] chroot: /bin/bash: No such file or directory [18:22] hmm, could be a hint? [18:22] [root@cerberus mytest2]# ls -al /vservers/mytest2/bin/bash [18:22] -rwxr-xr-x 1 root root 752328 Aug 4 2003 /vservers/mytest2/bin/bash* [18:22] except it is there [18:23] [root@cerberus mytest2]# chroot /vservers/mytest2 /bin/bash [18:23] chroot: /bin/bash: No such file or directory [18:23] hmmm curious, even a normal chroot doesn't work! [18:23] okay lets try with chcontext --ctx 100 chroot /vservers/mytest2 ls /bin [18:23] hang on, somethings definitely up here...a normal chroot should work surely [18:24] I agree ... [18:24] [root@cerberus mytest2]# pwd [18:24] [root@cerberus mytest2]# bin/bash [18:24] [root@cerberus mytest2]# pwd [18:25] lol damn, doesn't paste the lines that start with slash [18:25] [root@cerberus mytest2]# pwd [18:25] "/vservers/mytest2" [18:25] use / /xy [18:25] without the quotes [18:25] okay ... try a chroot /vservers/mytest2 [18:26] [root@cerberus mytest2]# chroot /vservers/mytest2 [18:26] chroot: /bin/bash: No such file or directory [18:26] weird [18:26] so something makes your bash invisible ... [18:26] apparently so [18:26] okay let's check the perms ... [18:26] ahaha!!!! [18:26] ls -lad / /vservers /vservers/mytest2 [18:26] [root@cerberus mytest2]# ldd bin/bash [18:26] libtermcap.so.2 => /lib64/libtermcap.so.2 (0x0000002a9566a000) [18:26] libdl.so.2 => /lib64/libdl.so.2 (0x0000002a9576e000) [18:26] libc.so.6 => /lib64/libc.so.6 (0x0000002a95872000) [18:26] /lib64/ld-linux-x86-64.so.2 => /lib64/ld-linux-x86-64.so.2 (0x0000002a95556000) [18:27] could be the fact there's no /lib64 in the chroot environment [18:27] and they do not exist inside the vserver? [18:27] no, they weren't copied in [18:27] harhar ... [18:27] bingo :) [18:27] okay, fix that and try again ;) [18:28] and please, please write a bugreport to ensc (enrico) [18:30] stubbsd (~stubbsd@217.206.216.194) left irc: Quit: Leaving [18:30] hmmm still no joy [18:30] grrrrr [18:30] stubbsd (~stubbsd@217.206.216.194) joined #vserver. [18:30] okay, let's continue where we stopped ... [18:31] haha! [18:31] furthur [18:31] [root@cerberus mytest2]# chroot /vservers/mytest2 [18:31] id: cannot find name for group ID 0 [18:31] id: cannot find name for user ID 0 [18:31] bash: /usr/local/bin/frm: No such file or directory [18:31] grep: error while loading shared libraries: libpcre.so.0: cannot open shared object file: No such file or directory [18:31] Last message repeated 1 time(s). [18:31] [I have no name!@cerberus /]# [18:31] lol love the prompt [18:32] broo (~broo@host30-5.btbx.net) left #vserver (Client exiting). [18:33] [root@cerberus mytest2]# vserver mytest2 start [18:33] Starting the virtual server mytest2 [18:33] Server mytest2 is running [18:33] muahaha! [18:33] ben- (~ben@bengrimm-host225.dsl.visi.com) left irc: Read error: Connection reset by peer [18:33] [root@cerberus mytest2]# vserver-stat [18:33] CTX PROC VSZ RSS userTIME sysTIME UPTIME NAME DESCRIPTION [18:33] 0 78 881MB 38kB m58.87 2m28.08 2h45m53 root server [18:33] 49184 3 8MB 733B m00.00 m00.00 1m21.62 mytest2 [18:34] ben- (~ben@bengrimm-host225.dsl.visi.com) joined #vserver. [18:34] [root@cerberus mytest2]# vserver mytest2 enter [18:34] ipv4root is now 1.2.3.4 [18:34] New security context is 49184 [18:34] bash: /usr/local/bin/frm: No such file or directory [18:34] looks like it works now Bertl! [18:34] great! [18:34] [root@vserver:mytest2 /]ps aufgx [18:34] USER PID PU %MEM VSZ RSS TTY STAT START TIME COMMAND [18:34] root 16969 5.5 0.0 8784 2472 pts/1 R 15:36 0:00 /bin/bash -login [18:34] root 17033 0.0 0.0 6248 740 pts/1 R 15:36 0:00 \_ ps aufgx [18:34] root 1 0.0 0.0 2572 508 ? S 12:50 0:05 init [3] [18:34] root 16232 0.0 0.0 3892 1756 ? S 15:34 0:00 minilogd [18:34] root 16388 0.0 0.0 2584 592 ? S 15:34 0:00 syslogd -m 0 [18:34] root 16735 0.0 0.0 2576 584 ? S 15:34 0:00 crond [18:34] Bertl, you're a wizard and a God! [18:34] one advice: start using static context ids ... [18:34] ;) [18:34] yeah? [18:34] whys that? [18:35] the dynamic context ids will come over you when you start using/testing quota and disk limits ;) [18:35] ahhh ok [18:36] okay, I'm pushing the changes we did to the next release ... [18:36] the testme.sh works now for all tests, right? [18:36] [root@cerberus tmp]# ./testme.sh [18:36] Linux-VServer Test [V0.07] (C) 2003-2004 H.Poetzl [18:36] chcontext is working. [18:36] chbind is working. [18:36] Linux 2.6.3 x86_64/0.29.2/0.29.2 [E] [18:36] --- [18:36] [001]# succeeded. [18:36] [011]# succeeded. [18:36] [031]# succeeded. [18:36] [101]# succeeded. [18:36] [102]# succeeded. [18:37] [201]# succeeded. [18:37] [202]# succeeded. [18:37] hmmm just got to get my networking etc sorted out now [18:39] and don't forget, some features are still not there (in 2.6) [18:39] mhepp (~mhepp@r72s22p13.home.nbox.cz) joined #vserver. [18:39] hi mhepp! [18:39] Hi] [18:40] ;) [18:40] hi [18:40] mcp (~hightower@wolk-project.de) joined #vserver. [18:40] *nods* Bertl, nope it looks great to me so far [18:41] hi mhepp [18:41] just got to re-read all the docs now Bertl ;) [18:41] hehe, to verify what I said, right? [18:41] lol no...so I know what I'm doing [18:41] lol [18:42] ·'~'·._.· [18:46] hmmm, ssh'ing to the IP I gave the vserver takes me to the host [18:46] thats not right ;) [18:46] you probably do not limit the host's sshd, to some host ips [18:47] doh! [18:47] Bertl....I bet you've heard these questions a million times before right? [18:47] ;) [18:47] this can be either done via the config or by using the v_sshd script ... and yes I've heard them ;) [18:47] then you must have the patience of a Saint [18:48] I won't go that far, but usually I'm patient ... [18:52] holy crap...I'm in [18:52] Bertl, you're a genius [18:52] saint/god/genius/wizard [18:52] take your pick ;) [18:54] hmm, every time I leave the house, the clouds start playing over my head ... circling around and suddenly it starts raining .... do you think there is a relation? 8-) [18:54] lmao [18:54] cause and effect I'd say [18:55] hmmm ok Bertl..one FINAL question then I'll leave you alone I promise ;) [18:55] [root@vserver:mytest2 /]hostname vserver1 [18:55] hostname: you must be root to change the host name [18:55] thats logged in as root within the vserver [18:55] you need a capability for that one ... [18:55] ahh ok [18:56] /usr/include/linux/capability.h [18:56] CAP_SYS_ADMIN [18:56] and you do not want to give that atm ... [18:56] ok [18:57] so how would I change the hostname then? From outside of the vserver by editting the files manually? [18:57] but in one of the next releases, this will be controlled by the vserver caps, which then will allow to turn this on/off in a safe manner ... [18:57] basically the hostname is set via the chcontext --hostname command on the startup [18:57] ahhhh [18:57] so changing that in the config file, will change that on the next vserver restart [18:58] I see [18:58] next question? [18:59] I have build a new server, its using vserver (1.3.7), when I try an enter a vserver it say, vc_new_s_context(): Invalid argument? [18:59] any ideas, [18:59] -- sorry was that not any open offer :-) [18:59] that is at least interesting ... [18:59] s/any/an/ [18:59] please give the testme.sh a spin ... [18:59] ok [19:00] http://vserver.13thfloor.at/Stuff/testme.sh [19:01] all worked, pritty colours . [19:02] It does issue a warning when I try and enter it, "WARNING: can not find configuration, assuming legacy method" [19:04] could you provide the first 3 lines please? [19:05] hmm, actually 4 lines ... [19:05] of the output from testme.sh? [19:05] yup! [19:05] good morning [19:05] hi matt! [19:06] wow Bertl...I'm VERY impressed so far with this [19:06] dude, what's the replacement for vshelper? [19:06] I thought vshelper WAS the replacement?? :) [19:06] yeah ... we are 'discussing' this on the ml atm [19:06] i just read [19:06] Linux-VServer Test [V0.07] (C) 2003-2004 H.Poetzl [19:06] New security context is 1 [19:06] chcontext is working. [19:06] chbind is working. [19:06] Linux 2.4.25 i686/0.28.195/0.28.195 [Ea] [19:07] okay stubbsd, update the tools to 0.29.196 and try again ... [19:07] thanks. [19:08] matta: for hierarchical servers, the vshelper concept won't work ... [19:08] because the 'parent' vserver has to handle the 'reboot' for the child server [19:09] where is the 0.29.196 version, checked at 13floor ? [19:09] this doesn't work with the vshelper interface, so we had to think about something else ... and the current state of the brainstorming done so far is an event interface ... [19:09] stubbsd: http://www.linux-vserver.org/index.php?page=alpha+util-vserver [19:10] Thanks, [19:22] Bertl: I get the same thing [19:22] okay, how did you get your server installed? [19:23] (the vserver) [19:23] the vserver was copyed over from a server running in the stable branch. [19:23] hang on. [19:23] ah okay, so this server doesn't have an alpha-type config [19:24] hrm... new config is 'ok' [19:24] ok its just that vserver, another vserver works :-) [19:24] i didn't mind the old config file style [19:24] sorry about the hassel, what is the alpha-type? [19:25] seems ok? [19:25] serving (~serving@213.186.190.121) joined #vserver. [19:25] were can I find info about the new alpha-type configs? [19:26] stubbsd: build a vserver using vserver build with the -m option [19:26] it will create a template for you [19:26] http://www.linux-vserver.org/index.php?page=alpha+util-vserver [19:26] after that it's pretty self explainatory [19:29] hrm, highpoint was no help [19:29] i e-mailed them bitching that they didn't release a driver, i got a canned response stating they were working on it but there was no release date [19:30] so the highpoint isn't working? [19:31] it works under 2.4 [19:31] and it's the only device on the board? [19:32] usually there is a second, non raid controller onboard ... [19:32] i just figured once 2.6 gets the tbf/memlimit/quota portions working on it that would be enough for an open test [19:32] maybe they'll release it in the next few weeks [19:32] and the next question, it isn't supported by the 'normal' ide driver? [19:32] you could use that one (generic) and just do soft raid ... [19:33] we're talking about editing fstab and changing drivers remotely... [19:33] and this place will charge me for every fuckup, their very hands-off [19:33] i do have an APC reboot port though [19:33] :) [19:33] it's interesting, I always hear the same words, but nobody does something to improve it ... [19:34] well, the real problem is money [19:35] i'm not impressed with this opteron as it is [19:36] like, at all [19:36] this was my comparision [19:36] server #1: Dual Xeon 2.4Ghz, 2GB RAM, 3ware controller with 2x200GB drivers in raid-1 [19:36] 2.4.24-ck1 [19:37] server is currently running 26 UML's and is suing 1.1GB of swap space [19:37] server #2 Dual Opteron 1.4Ghz, 1GB RAM, HighPoint controller with 3x80GB SATA drivers in raid-5 [19:38] tests comparing kernel compiles of 2.4.22-1.2174.nptl with stock configuration [19:38] oh, #2 is completely idle [19:38] #2 is also 2.4.24-ck1 [19:38] server #1: 3:02s [19:39] server #2: 2:29s [19:39] writing out a 30GB file via dd: [19:39] 2 mins 29 for a kernel compile? [19:39] server #1: 24m19.172s [19:39] server #2: 42m57.008s [19:39] ... [19:39] #1 was jfs, #2 was xfs filesystem [19:40] xfs always does better in benchmarks over jfs [19:40] are you using a 64bit kernel matta? [19:40] something definitely wrong with that picture [19:41] jes: no [19:41] shouldn't matter to much [19:41] you can forget the dd test, this doesn't show anything ... [19:41] well... i mean really [19:42] use bonnie++ if you want something with relevance ... [19:42] I'm not sure you can really compare a raid-1 test versus a raid-5 test with dd [19:42] it's real results for writing a sequential file [19:42] why not? everything points to the raid-5 should be faster [19:42] writing to the buffer cache, yes ... [19:43] raid-5 generally writes faster, xfs is generally faster, SATA vs PATA drives... [19:43] i was just perhaps expecting better [19:43] SATA doesn't have tremendous speed over PATA [19:43] right, but it can communicate with all drives concurrently [19:44] which is a huge benefit for being used with raid-5 [19:44] 3xdisk in raid 5 isn't necessarily faster than 2x raid1 [19:44] dont forget, you always have two disks working and the parity ... [19:44] also matta, try doing the test with a 2.6 kernel with irqbalance [19:45] it would also be significant if the APIC actually is working/enabled correctly ... [19:45] what command line did you use for the dd test matta, I'll try it here [19:45] dual 244, with 4x250Gb SATA drives [19:45] time dd if=/dev/zero of=test bs=1024 count=30M [19:45] and of course, the SATA driver is kinda proprietary so it might not give the full throughput yet ... [19:46] matt, you have both machines at hand? [19:47] yeah [19:47] perhaps the opteron will shine under real user load [19:47] which is what i'm hoping [19:47] could you test with hdparm on both? [19:47] i don't care much for how fast it can compile a kernel [19:47] wow...core dump [19:47] lol [19:47] but it's really hard to benchmark real world [19:48] hdparm -tT /dev/one-disc [19:48] hdparm -tT /dev/raid-device [19:48] I got a core dump at exactly 512Mb [19:48] weird [19:48] ahhh, my ulimits [19:48] dog! [19:48] doh! [19:48] /dev/zero is empty, you ahve to refill it ;) [19:48] these are no idea [19:48] er, ide to the system [19:49] hdparm doesn't care ;) [19:49] i can't do one disk [19:49] it's hardware raid controllers [19:49] okay, then just the raid ... [19:49] this is the dual xeon: [19:50] /dev/sda: [19:50] Timing buffer-cache reads: 2420 MB in 2.00 seconds = 1208.79 MB/sec [19:50] Timing buffered disk reads: 154 MB in 3.02 seconds = 50.94 MB/sec [19:50] btw, it is a shame to use hw raid on a 3ware for mirroring ... [19:50] dual opteron: [19:50] /dev/sda: [19:50] Timing buffer-cache reads: 2076 MB in 2.00 seconds = 1036.96 MB/sec [19:50] Timing buffered disk reads: 44 MB in 3.08 seconds = 14.30 MB/sec [19:50] holy crap...your disks are cack [19:50] Bertl: it's only the 2 port model [19:50] 7602 i think [19:50] so the opteron is limited to basic ide speed [19:50] yeah [19:50] that sucks [19:50] matta, whats "hdparm -i /dev/sda" [19:50] that doesn't work ;) [19:51] looks like DMA isn't enabled or something [19:51] no? [19:51] right [19:51] it's scsi as far as linux knowns [19:51] er, knows [19:51] jes: what does yours say? [19:51] but it should be possible to enable dma for the controller (e.g. via the bios) [19:51] wow [19:51] [root@cerberus ddtest]# hdparm -i /dev/hdg [19:51] /dev/hdg: [19:51] Model=WDC WD1200JD-00FYB0, FwRev=02.05D02, SerialNo=WD-WMAEL1029132 [19:51] Config={ HardSect NotMFM HdSw>15uSec SpinMotCtl Fixed DTR>5Mbs FmtGapReq } [19:51] so 50MB/s vs 14MB/s [19:51] RawCHS=16383/16/63, TrkSize=57600, SectSize=600, ECCbytes=74 [19:51] BuffType=DualPortCache, BuffSize=8192kB, MaxMultSect=16, MultSect=off [19:51] CurCHS=65535/1/63, CurSects=4128705, LBA=yes, LBAsects=234441648 [19:51] IORDY=on/off, tPIO={min:120,w/IORDY:120}, tDMA={min:120,rec:120} [19:51] jes: the -tT benchmark :) [19:51] PIO modes: pio0 pio1 pio2 pio3 pio4 [19:51] DMA modes: mdma0 mdma1 mdma2 [19:51] UDMA modes: udma0 udma1 udma2 udma3 udma4 *udma5 [19:51] AdvancedPM=no WriteCache=enabled [19:51] Drive conforms to: device does not report version: [19:52] * signifies the current active mode [19:52] oh lol [19:52] well I'm running that dd test at the moment [19:52] cancel the dd [19:53] so I'd blame the broken driver/missing support from highpoint for that [19:54] basically I would say the opteron and the xeon should be fairly equal ... [19:55] hmmm curious [19:55] Filther (Filther@62-77-207-174.vnet.hu) joined #vserver. [19:55] lol my hdparm locks up [19:55] hi [19:55] hi Filther! [19:56] I have a question that was answered some time ago on the mailing list [19:56] great! [19:56] :) [19:56] when I start up a vserver [19:56] we collect them ... [19:56] let's say v_test [19:56] okay? [19:56] then sometimes it's impossible to connect before a ping is made from the machine of the vserver [19:57] (by entering with vserver v_test enter, and then ping google.com) [19:57] [root@cerberus home]# hdparm -tT /dev/hde [19:58] /dev/hde: [19:58] Timing buffer-cache reads: 2984 MB in 2.00 seconds = 1491.48 MB/sec [19:58] Timing buffered disk reads: 143 MB in 3.03 seconds = 47.19 MB/sec [19:58] it seems as if the network was put to sleep, if nothing happens for some time [19:58] that looks to me like an arp issue ... [19:59] could you show me the packet trace of an unanswered ping, where it hits the host, and a host unreachable is returned (icmp)? [19:59] well, if I can start it with 'problems'... :) [20:00] matta what does "hdparm /dev/sda" give you? [20:03] jes: it's scsi [20:03] hdparm is primarily for ide [20:03] readonly = 0 (off) [20:03] geometry = 19458/255/63, sectors = 312602880, start = 0 [20:03] that's all I get [20:03] ahh ok [20:05] Bertl: I can't reproduce the error now [20:05] what could be wrong anyway? [20:06] so i tested the kernel compile again, dual xeon got 2m even [20:06] ugh [20:06] jes: what distro is your server? [20:06] stubbsd (~stubbsd@217.206.216.194) left irc: Quit: Leaving [20:06] fedora? [20:06] Filther: my guess would be one of your routers is not asking for the ip, just assuming it's not there ... [20:07] and how could I correct that? :) [20:07] probably by configuring the router correctly ... [20:08] but, of course it might be a vserver (or even kernel) related issue, I just can't tell without a packet log ... [20:08] alright, packet log... I'll be waiting for it :> [20:08] tcpdump -s 10000 -vvnei [20:09] what should I paste? [20:09] lot of packets... [20:09] yeah, do that when the error happens ;) [20:09] good point. [20:09] :) [20:10] then try a ping to the vserver, and make that available somewhere on the web ... [20:10] send me a note, and I'll have a look at it ... [20:10] alright [20:10] Mandrake matta [20:10] sorry was AFK [20:11] jes: good choice! [20:11] lol it was definitely the best for x86_64 when I was looking around at the time [20:11] okay, I'm translocating now ... will be back in about 2 hours ... [20:11] our server runs Mandrake :) [20:12] that is why we answer your questions 8-) [20:12] k, cya Bertl and thanks for all the help [20:12] np, cya later ... [20:12] Nick change: Bertl -> Bertl_oO [20:36] Nick change: cgone -> cdub [20:41] ooo crap, lots of errors compiling the tools now [20:41] Doener_zZz (~doener@pD9E12EB7.dip.t-dialin.net) joined #vserver. [20:42] anyone alive out there? [20:43] Nick change: Doener_zZz -> Doener_ [20:47] Filth_er (Filther@62-77-207-174.vnet.hu) joined #vserver. [20:47] Filther (Filther@62-77-207-174.vnet.hu) left irc: Read error: Connection reset by peer [20:47] Filth_er (Filther@62-77-207-174.vnet.hu) left irc: Quit: [20:47] Filth_er (Filther@62-77-207-174.vnet.hu) joined #vserver. [20:49] Doener (~doener@pD9E121CC.dip.t-dialin.net) left irc: Ping timeout: 480 seconds [20:54] _shur1 (~shushushu@vserver.electronicbox.net) left irc: Ping timeout: 480 seconds [21:00] _shur1 (~shushushu@vserver.electronicbox.net) joined #vserver. [21:09] netrose (john877@FL3-24.217.241.239.charter-stl.com) left irc: [21:09] netrose_ (~netrose@FL3-24.217.241.239.charter-stl.com) joined #vserver. [21:10] netrose_ (~netrose@FL3-24.217.241.239.charter-stl.com) left #vserver. [21:10] netrose_ (~netrose@FL3-24.217.241.239.charter-stl.com) joined #vserver. [21:11] Nick change: netrose_ -> netrose [21:12] netrose (~netrose@FL3-24.217.241.239.charter-stl.com) left #vserver. [21:12] netrose (~netrose@FL3-24.217.241.239.charter-stl.com) joined #vserver. [21:15] Filth_er (Filther@62-77-207-174.vnet.hu) left irc: Quit: Leaving [21:16] mhepp (~mhepp@r72s22p13.home.nbox.cz) left irc: Remote host closed the connection [21:17] jes (~jes@cpc1-leed5-3-0-cust196.ldst.cable.ntl.com) left irc: Remote host closed the connection [21:24] soor (~as@p5080BD8F.dip.t-dialin.net) joined #vserver. [21:30] jes (~jes@cpc1-leed5-3-0-cust196.ldst.cable.ntl.com) joined #vserver. [21:31] rs (rs@ice.aspic.com) left irc: Quit: pula [21:51] netrose (~netrose@FL3-24.217.241.239.charter-stl.com) left irc: Quit: Off I go.... [21:51] jes (~jes@cpc1-leed5-3-0-cust196.ldst.cable.ntl.com) left irc: Remote host closed the connection [21:52] netrose (~netrose@FL3-24.217.241.239.charter-stl.com) joined #vserver. [21:56] JonB (~NoSuchUse@kg203.kollegiegaarden.dk) joined #vserver. [21:59] Hest (~NoSuchUse@129.142.112.33.ip.tele2adsl.dk) joined #vserver. [22:07] JonB (~NoSuchUse@kg203.kollegiegaarden.dk) left irc: Ping timeout: 480 seconds [22:07] Nick change: Hest -> JonB [22:35] jes (~jes@cpc1-leed5-3-0-cust196.ldst.cable.ntl.com) joined #vserver. [22:38] jes (~jes@cpc1-leed5-3-0-cust196.ldst.cable.ntl.com) left irc: Quit: [22:47] Nick change: Bertl_oO -> Bertl [22:48] jes (~jes@cpc1-leed5-3-0-cust196.ldst.cable.ntl.com) joined #vserver. [22:48] hi all [22:48] hi everyone! [22:48] heya Bertl [22:48] hi jes! [22:48] lol just in time to fix my latest problem ;) [22:49] hey [22:49] hi Jon! [22:49] TheSeer (~theseer@border.office.salesemotion.net) left irc: Ping timeout: 480 seconds [22:49] hi JonB [22:49] jes, let's hear about it ... [22:49] Bertl, I tried to recompile the tools, so I could specify a new vrootdir...but for some reason it doesn't compile anymore [22:50] wondering if it's a kernel headers problem [22:50] what is the message? [22:50] lots of errors...one sec [22:50] In file included from /lib/modules/2.6.3/build/include/linux/thread_info.h:20, [22:50] from /lib/modules/2.6.3/build/include/linux/spinlock.h:12, [22:50] from /lib/modules/2.6.3/build/include/linux/blockgroup_lock.h:8, [22:50] from /lib/modules/2.6.3/build/include/linux/ext2_fs_sb.h:19, [22:50] from /lib/modules/2.6.3/build/include/linux/ext2_fs.h:20, [22:50] from lib/ext2fs.h:25, [22:51] from lib/ioctl-getext2flags.hc:24, [22:51] from lib/syscall_getiattr-fscompat.hc:23, [22:51] from lib/syscall_getiattr.c:36: [22:51] /lib/modules/2.6.3/build/include/linux/bitops.h: In function `get_bitmask_order': [22:51] /lib/modules/2.6.3/build/include/linux/bitops.h:78: warning: implicit declaration of function `fls' [22:51] and lots of others like that [22:51] until finally at the end - [22:51] /lib/modules/2.6.3/build/include/asm/io_apic.h:68: error: parse error before "u32" [22:51] /lib/modules/2.6.3/build/include/asm/io_apic.h:68: warning: no semicolon at end of struct or union [22:51] /lib/modules/2.6.3/build/include/asm/io_apic.h:73: warning: type defaults to `int' in declaration of `bits' [22:51] /lib/modules/2.6.3/build/include/asm/io_apic.h:73: warning: `packed' attribute ignored [22:51] /lib/modules/2.6.3/build/include/asm/io_apic.h:73: confused by earlier errors, bailing out [22:51] make[2]: *** [lib/lib_libvserver_la-syscall_getiattr.lo] Error 1 [22:51] make[1]: *** [all-recursive] Error 1 [22:52] hmm, interesting ... [22:52] secondly....(you didn't think I'd just have one problem didya?).... [22:52] nope, didn't believe you for a second ... [22:52] I did a "vproc -d /proc/cpuinfo" in my host, thinking that would mean it would no longer show up in my vserver but it does [22:53] have I misunderstood what the vproc command does? [22:53] I stopped and restarted the vserver [22:53] nope, but the interface changed, and it now either requires trickery or the setattr [22:53] ahhh ok [22:54] basically the vproc tool is for stable only [22:54] ahhh right ok, ty [22:54] 1.3.7 and 0.08 use the same interface, where 0.09 changed that [22:54] the alpha tools, if they compile, support the new interface ... [22:54] well I was only "playing around" with it to see if I could stop my vserver from showing network stuff from my host (in a netstat command etc) [22:56] hmm, did you change the kernel/kernel path after a compile or did you clean the kernel source tree? [22:56] as for the compiler errors, I think I'll try a make depend type wotsit on my kernel later when I get a chance and reboot [22:56] nope, I didn't think so [22:56] because to me it looks like the compile is choking on some inappropriate kernel headers ... [22:57] yeah [22:57] so a "make mrproper" ? [22:57] what did you do just before you compiled the tools the last time? [22:57] you did compile them, right? [22:57] errr nothing...everything seemed to be working fine when we last talked [22:57] yes I did [22:58] but I thought i'd change the path, so I did a configure again...worked fine, then the recompile choked [22:58] okay, so you built the tools, then some time passed, now you re-build them, and they fail, right? [22:58] I tried a few make clean's, but same problem [22:58] yes [22:58] make cleans in the tools dir? [22:58] yes [22:58] okay, two things to try, and please check your history first ... [22:58] fleshcrawler (~fleshcraw@port-212-202-204-54.reverse.qdsl-home.de) joined #vserver. [22:59] hi powermage! [22:59] hi there!!! [22:59] hi fleshcrawler [22:59] fleshcrawler: how's the music? [22:59] fine fine... had another gig some weeks ago. [23:00] I haven't been here coz I started learning for some exams in two weeks. [23:00] jes: a) unpack the tools to a new location and configure tem as you did last time [23:00] ok [23:00] jes: b) remove the link in /lib/modules to the headers ... [23:00] ty Bertl [23:01] right I'll give that a go later, it's just about food time now ;) [23:01] thanks for the help again Bertl [23:01] fleshcrawler: and we thought you abandoned vserver ... ;) [23:01] back in a bit [23:01] jes (~jes@cpc1-leed5-3-0-cust196.ldst.cable.ntl.com) left irc: Quit: Leaving [23:01] no way! indeed I set up another one [23:01] good to hear ... [23:02] after my exams I'll continue exploring everything.^ [23:03] i just stopped by because I have some serious trouble. [23:03] with the music? [23:04] no :-) [23:04] do you have some time that I may ask a question? [23:04] ah, okay, maybe we can help, then ... [23:04] thanx [23:04] okay... I updated my kernel to 2.6.3 and now vserver starts crying that /proc is not mounted. [23:04] uset setattr, next question! [23:05] ;) [23:05] hehe. I think that's all if it works after that. [23:05] are the new kernelconfigs for vservers for the vserver prject here? [23:06] okay, I guess you do not know what I'm talking about regarding proc ... [23:06] Nick change: cdub -> cgone [23:06] yep [23:06] good, here is something to read for you to get the picture ... [23:07] great [23:07] humm, linux.vserver.org is down? [23:08] humm, linux-vserver.org is down? [23:08] i have it in my browser history. [23:08] so it should have worked shortely [23:08] but now it's down. right. [23:08] that's bad ... [23:09] but has the proc problem something todo with the new 2.6.3 kernel? [23:10] yes, okay, guess I have to exokain it once again ... [23:10] ah saved by the bell, it's back ;) [23:10] yep [23:10] http://archives.linux-vserver.org/200401/0125.html [23:11] read this, and let me know when you're finished ... [23:11] alright! [23:11] thanks [23:11] then take a look at this: [23:11] http://www.linux-vserver.org/index.php?page=Proc-Security [23:11] (which actually describes the 2.6.3 behaviour) [23:16] ah! okay. I think i get it. [23:16] you can enable all entries by doing setattr --~hide /proc/* /proc/*/* /proc/*/*/* [23:17] this will restore the 'known' state ... [23:17] thanx! [23:17] util-vserver 0.29 is latest? [23:17] but I'd advise to select only those entries that are secure ... [23:17] 0.29 is the last stable, but to use 0.09 you have to get the alpha tools [23:17] s/last/latest/ [23:18] I'll restore old state and take a closer look when I have more time. [23:18] http://www.linux-vserver.org/index.php?page=alpha+util-vserver [23:28] looks like it compiles. [23:28] latest version is 0.29.196 btw [23:29] that was the one i took [23:29] perfect ;) [23:29] wait! these tools are to unify vservers to save space, etc? [23:30] hmm, yes, very similar as the old tools did before ... [23:31] yes. but when I tried to compile some elder version it didn't work. [23:31] ah okay .. [23:31] looks like setattr worked. I'm shutting down the crippled servers [23:31] no need to [23:31] the proc security affects all servers ... [23:32] yes. but I made the stupid attempt to mount --bind /proc into my servers. [23:32] ah okay ... [23:32] okay... let's see! [23:33] ha! great! works again! thank you! [23:33] you're welcome! [23:33] have fun! [23:33] I googled for the problem but didn't find anything so I came to bother you. [23:34] np, as you can see it was a good decision ... [23:35] yes... but i don't want to bother for every problem i find. usually I try to fix it by myself. I think you're busy enough. [23:36] you are right, but basically this is a question of overall effectiveness and scaleability ... [23:37] so if you, for example, encounter this issue, and do not think about it, instead go asking me, it's very ineffective ... [23:37] but if you spend two days searching for a solution, instead of asking here, it's also ineffective [23:38] hmm. yeah ;-) [23:38] hmm, replace effective with efficient ... [23:38] lol [23:39] so from my point of view, the best way would be: [23:39] well. i know what you meant. false friends :-). [23:39] spend halve an hour on solving the issue yourself, then come ask, will take another 30 mins, then write some mail/howto/etc, where I can point the next person to ... [23:40] oh my god, atm my english is really broken ... [23:40] apply a patch! :-P [23:40] yeah, right, working on it ... [23:41] I planned to do some documentation in the future. but right now I have to focus on my exams. In two weeks it will be over and I'll reenter my work. [23:50] virtuoso (~shisha@38ppp2.telegraph.spb.ru) joined #vserver. [23:51] hi virtuoso! [23:56] I guess I have to put the setattr thing into an init skript, right? [23:57] right, either rc.local or separate script [00:00] --- Fri Feb 27 2004