--- Log opened pon maj 03 00:00:46 2004 00:02:42< Bertl> noel: so what do you think? 00:03:08< noel> Bertl: still reading but from my view its very good and understandable. 00:03:24< Bertl> it's getting heavier at the end ... 00:08:14< UFOczek> Bertl: but you made patch for wolk without grsecurity ;) 00:08:25< UFOczek> so i have to do my own patch anyway 00:08:33< Bertl> no, mcp will do that for you ;) 00:09:12< Bertl> mcp said, if I adapt it, he makes sure that it works 00:09:18< Bertl> together with grsec ... 00:09:37< UFOczek> in 2.4 series, i had grs with rsbac ;-) 00:09:47< UFOczek> now it's quite harder.. 00:10:07< Bertl> hmm, well let me ask three simple questions: 00:10:37< Bertl> a) how do you configure the Barrier on 2.6 and does it work? 00:11:14< Bertl> b) what does Proc-FS Security mean to you, and what entries can be changed? 00:11:40< Bertl> c) What capabilities are considered unsafe? is CAP_NET_RAW safe? 00:11:56< Bertl> you probably know all answers ... right? 00:12:13< UFOczek> no :-) 00:12:27< UFOczek> first, what is Barrier ? 00:12:29< UFOczek> -) 00:12:56< noel> Bertl: I think its OK. The only thing maybe is the length. are there limits? 00:13:16< UFOczek> one thing that is allways make me laugh: 00:13:20< UFOczek> makes 00:14:10< Bertl> noel: not that I know of ... 00:14:35< Bertl> UFOczek: and why do you want to use grsec? 00:14:43< UFOczek> Bertl: chroot restricitions 00:15:27< Bertl> well, if you know grsec as well as vserver, then I would not rely on any security ;) 00:16:00< Bertl> don't get me wrong, people usually rely on 'provided' security like grsec or lids or something like this 00:16:18< UFOczek> i have allready grs with vserver 00:16:32< UFOczek> |root@strefa:~# vserver www enter 00:16:32< UFOczek> |ipv4root is now XXX.XXX.XXX.XXX 00:16:32< UFOczek> |New security context is 200 00:16:32< UFOczek> |root@strefa:/# cd /proc 00:16:32< UFOczek> |root@strefa:/proc# ls |grep 1 00:16:34< UFOczek> |1/ 00:16:37< UFOczek> |root@strefa:/proc# ls -ld 1 00:16:39< UFOczek> |/bin/ls: 1: No such file or directory 00:16:44< UFOczek> isn't that funny ? 00:17:47< Bertl> well, no ... why should it be? 00:19:22< UFOczek> in `ls` i can find process 1 00:19:33< UFOczek> but in `ls -la 1` i cant find it 00:20:39< UFOczek> i'll go sleeping 00:20:42< UFOczek> gnight all 00:20:51< Bertl> UFOczek: do you want to know why? 00:20:55< UFOczek> yup 00:21:09< Bertl> it's simple ... the kernel actually uses two different functions 00:21:23< Bertl> in the first case, you list /proc 00:21:27< Bertl> which does a readdir 00:21:40< Bertl> in the second one, you stat the /proc/1 entry 00:21:50< Bertl> which uses another kernel function ... 00:22:06< Bertl> the one doing the pathwalk obviously blocks '1' 00:22:23< Bertl> the one doing the pid listing isn't hiding '1' which makes some sense ... 00:22:56< Bertl> does this make sense to you? 00:32:32>> tchan [~Terry@218.82.99.67] has joined #vserver 00:33:33< Bertl> hi terry? 00:35:21< tchan> hi Bertl 00:35:49< tchan> just checking in, while I'm on vacation in Shanghai... 00:36:07< Bertl> great, what can you see/do there? 00:37:19< tchan> visiting relatives, eating lots of Shanghai style food, knock-off close shopping :-) 00:38:01< tchan> knock-off clothes shopping, I meant 00:38:14< Bertl> hmm, sounds good, how does 'real' Shanghai style food taste? 00:45:07< tchan> my wife is from here and loves it of course. My family is from Hong Kong, so I prefer Cantonese style. Toronto and Vancouver are almost as good as food in HK. 00:47:54< UFOczek> thank you very much for explain, Bertl !! 00:55:42< Bertl> tchan: hmm, well although that explains a lot, it doesn' answer my question ;) 00:59:13< tchan> I have trouble setting aside my notions on what "good" Chinese food is supposed to be like, hence the explanation. I really don't like Shanghai style food. Too bland for my tastes. 01:00:32< Bertl> so you prefer spicy food ... on the edge to dangerous? 01:03:22< Bertl> (somewhere between hot and incendiary?) 01:07:10< Doener> damn... you hit my taste... now i'm hungry... 01:07:42< Bertl> hmm, good point, time for a midnight snack ... 01:09:35< eyck> nightie-night. 01:09:45< Doener> night eyck 01:09:47< Bertl> cya 01:10:58< Doener> hmm... i'll get some sleep, too... g'night everyone! 01:11:10< Bertl> night Doener! 01:44:19>> monrad [~monrad@213083190250.sonofon.dk] has quit [Quit: Leaving] 02:12:21< Bertl> okay folks, have a good night! 02:12:41>> Bertl is now known as Bertl_zZ 03:26:26>> Netsplit uranium.oftc.net <-> jupiter.oftc.net quits: dsanta, kestrel, _id_bbl 03:28:41>> Netsplit over, joins: _id_bbl, kestrel, dsanta 03:54:35< kestrel> hi 04:25:15>> Apollo [Apollo@panther.norcomcable.ca] has quit [Read error: Connection reset by peer] 04:59:21>> tchan [~Terry@218.82.99.67] has quit [Quit: Leaving] 05:54:39>> g0atygun [shotgun@shotygun.com] has joined #vserver 05:54:39>> Shotygun [shotgun@shotygun.com] has quit [Remote host closed the connection] 06:18:08>> g0atygun is now known as Shotygun 08:03:40>> _id_bbl is now known as _id 08:03:51< _id> good morning 08:32:26< eyck> morning' 08:34:51>> matthias [matthias@e-16.vc-graz.ac.at] has joined #vserver 09:39:02>> matthias [matthias@e-16.vc-graz.ac.at] has quit [Quit: using sirc version 2.211+KSIRC/1.3.10] 09:42:24< UFOczek> good morning 10:58:58>> cereal[n\a] is now known as cereal 11:10:24>> Doener` [~doener@pD95883FD.dip.t-dialin.net] has joined #vserver 11:17:36>> Doener [~doener@pD9588041.dip.t-dialin.net] has quit [Ping timeout: 480 seconds] 11:46:08>> cereal is now known as cereal[n\a] 12:16:51>> serving [~serving@213.186.189.95] has quit [Read error: Connection reset by peer] 14:07:33>> rs [rs@ice.aspic.com] has joined #vserver 14:07:40< rs> hi 14:12:52>> serving [~serving@213.186.189.95] has joined #vserver 14:17:28>> Apollo [~throwaway@caracal.norcomcable.ca] has joined #vserver 14:48:24>> Doener` is now known as Doener 14:53:34>> hiaslboy [matthias@i-166.vc-graz.ac.at] has joined #vserver 15:38:00>> _id [~id@p50835CF7.dip.t-dialin.net] has quit [Ping timeout: 480 seconds] 15:47:35>> _id [~id@pD9519E32.dip.t-dialin.net] has joined #vserver 16:23:31>> g0atygun [shotgun@shotygun.com] has joined #vserver 16:23:32>> Shotygun [shotgun@shotygun.com] has quit [Remote host closed the connection] 16:30:31>> Bertl_zZ is now known as Bertl 16:30:40< Bertl> morning everyone! 16:31:07< mcp> Bertl: ja Dir auch gute Nacht ;) 16:31:26< Bertl> thank you mcp! 16:31:50< mcp> ;) 16:32:00< Bertl> mcp: btw, is there a wolk for 2.6.6-rc3? 16:32:18< Bertl> I'd hate to backport all this stuff 8-) 16:32:38< mcp> no. I stop for the moment until all that -rmap changes from -mm are in and I suggest you stop too doing a vserver for 2.6-wolk until I come up with a new wolk after 2.6.6 16:35:19>> infowolfe [~infowolfe@pcp04891550pcs.frnkmd01.md.comcast.net] has joined #vserver 16:35:32< Bertl> hi infowolfe! 16:36:01< Bertl> mcp: okay, no problem with that ... 16:36:14< mcp> k 16:53:44< rs> hi Bertl 16:54:27< rs> did you got my mail ? 16:54:49< rs> oups just saw yours 17:15:48< rs> Bertl: do you want my we memory debug logs ? :) 17:16:11< Bertl> did you do more debugging? 17:16:30< Bertl> (or better logging?) 17:16:36>> count [~count@buserror-extern.convergence.de] has joined #vserver 17:16:40< rs> I didn't change anything 17:16:41< count> heya ... 17:16:45< Bertl> hi count! 17:16:56< count> hey Bertl :) just the person I wanted to meet .. 17:17:04< count> Bertl: uhm, what about vserver for 2.6.x? 17:17:07< Bertl> rs: ad mail: looks like 2 processes belonging to the 'context' 17:17:09>> count is now known as Guest250 17:17:11< rs> just let people use vserver with debug on 17:17:29< Bertl> Guest250: well 1.9.0pre13 is there ... 17:17:55< Guest250> whoops. 17:17:59>> Guest250 is now known as TheCount 17:18:03< rs> hmm your're right, very strang 17:18:04< rs> root 9593 33 0.0 0.0 1296 412 ? D< 13:31 0:00 init boot 17:18:08< rs> root 9915 33 0.0 0.0 1712 744 ? S< 13:31 0:00 minilogd 17:18:11< TheCount> Bertl: hm. am I blind? 17:18:19< rs> name is no longer shown 17:18:29< rs> looks like an util-vserver bug 17:18:42< Bertl> TheCount: no, just missing information ;) 17:18:55< TheCount> Bertl: seems like ;) I just look on 13thfloor.at for anything 17:19:01< TheCount> Bertl: where should I look? :) 17:19:03< rs> init is deflated 17:19:13< Bertl> yeah, good start, and it will be there this week, I guess .. 17:19:17< rs> can't bother why 17:19:36< TheCount> Bertl: ah, okay. how usable do you think it'll be? 17:19:44< Bertl> vserver.13thfloor.at/Experimental 17:19:54< TheCount> Bertl: (I'm not trying to imply anything, just curious about the state) 17:20:00< Bertl> we are aproaching devel status ... 17:20:26< Bertl> and it already has a dozen more features than 2.4 devel ... 17:20:33< TheCount> Bertl: sounds nice :) 17:21:02< Bertl> http://www.linux-vserver.org/index.php?page=Release+FAQ 17:21:06< TheCount> Bertl: ok, I'll keep on checking there, and report back, if I have anthing to contribute :) 17:22:17< Bertl> make it so .. you are always welcome ... 17:22:37< TheCount> Bertl: thanks :) it's a pleasure using your software! 17:22:38>> TheCount [~count@buserror-extern.convergence.de] has quit [Quit: [BX] Leggo my Eggo!] 17:24:10< UFOczek> anybody is using 2.6.5 with lvm ? 17:24:27< Bertl> lvm2/dm you mean? 17:25:36< Bertl> rs: did you read my error reporting form posted some time ago on the ml? 17:25:57< UFOczek> no... i have lvm for 2.4 but i'm trying to boot on 2.6.5 and i cant mount lvm partitions 17:26:05< UFOczek> and it's not working 17:26:14< Bertl> UFOczek: because there is no lvm in 2.6 17:26:20< UFOczek> so what i have to do now ? 17:26:30< UFOczek> in 2.6 is lvm2, right ? 17:26:32< Bertl> you can upgrade to lvm2 based on device mapper 17:26:43< UFOczek> I'll loose files ? 17:26:44< Bertl> but be careful, you can't downgrade ... 17:26:57< Bertl> no, upgrade should work as expected 17:27:02< UFOczek> any howto ? 17:27:07< UFOczek> how to do it ? 17:27:17< Bertl> yep, there are some, most distros also do automatic upgrade 17:27:28< UFOczek> i'm slackware user (and #slackware owner) ;-) 17:27:52< Bertl> just gogle for lvm lvm migration 17:27:56< Bertl> lvm2 even 17:28:31 * Bertl .oO( clumsy fingers today, maybe I should stop coding ;) 17:29:08< UFOczek> thank you :) 17:30:33< rs> Bertl: yes I have, if you are talking about the same 17:33:51< Bertl> rs: okay, just thought something like the half hidden /proc is a good candidate for such a report ... 17:34:31< Bertl> btw, I suspect that 2.6.6* has broken some things ... but we will not know until final 2.6.6 comes out 17:41:36< UFOczek> hm 17:41:43< UFOczek> device-mapper is enabled in my kernel 17:42:08< Bertl> you need the lvm2 userspace tools ... 17:42:17< UFOczek> yup 17:42:18< UFOczek> i got it 17:43:31< UFOczek> but vgscan says that i dont have device-mapper in kernel ;) 17:44:48< UFOczek> i'll use google, huh 17:46:02< Bertl> okay, dinner time ... back in 30 17:46:08>> Bertl is now known as Bertl_oO 17:53:53< infowolfe> hi Bertl_oO 17:53:59< infowolfe> sorry for the delay... 17:54:24< infowolfe> my baby crapped itself last night (on a firmware upgrade, my SATA controller died) so i'm stuck in linux and i'm thinking of staying here... 18:08:54>> infowolfe [~infowolfe@pcp04891550pcs.frnkmd01.md.comcast.net] has quit [Quit: restarting X11] 18:09:55>> infowolfe [~infowolfe@pcp04891550pcs.frnkmd01.md.comcast.net] has joined #vserver 18:09:58>> infowolfe [~infowolfe@pcp04891550pcs.frnkmd01.md.comcast.net] has quit [Quit: ] 18:13:02>> Bertl_oO is now known as Bertl 18:15:19< Bertl> rs: okay, let's have a look at the loadaverage issue ... 18:15:45>> infowolfe [~infowolfe@pcp04891550pcs.frnkmd01.md.comcast.net] has joined #vserver 18:15:58< Bertl> welcome back infowolfe! 18:24:13< infowolfe> thanks Bertl 18:24:35< Bertl> last week, somebody was looking for gentoo help? 18:25:35< Bertl> rs: are you still around? 18:26:25< infowolfe> oh really? 18:26:31 * infowolfe is sorry, he's been busy 18:26:44< Bertl> yes, didn't even know where to send him :( 18:29:40< infowolfe> Bertl, my ICQ is 7749229 and AIM is parkerisageek 18:30:03< Bertl> is that so? 18:30:06< Bertl> 8-) 18:31:07< infowolfe> well... umm, let's see 18:31:33< infowolfe> i've gotten some pretty decent anti-aliasing going on my GeForce 4 Ti 4800 SE because i tried to flash the firmware on my raid card and it borked :-\ 18:31:47< infowolfe> so... my windows install is fsck'd 18:32:06< Bertl> okay, I count this as a good start ... 18:41:33>> rs [rs@ice.aspic.com] has quit [Quit: leaving] 18:43:26< Bertl> an debian folks around here? I have a dpkg/apt-get question 18:44:34< broo> might be able to answer 18:44:48< Bertl> I'm missing /usr/include/* stuff ... 18:45:03< Bertl> and I would like to find out which package this would be ... 18:45:31< Bertl> so I tried dpkg -S /usr/include/sys 18:45:37< broo> libc6-dev 18:46:02< Bertl> yes, figured this after some while, thanks, but how to find out? 18:46:33< broo> well you can either dpkg -S /full/path/to/a/file 18:46:49< broo> or you can go to debians website and click on the debian packages on the side bar 18:46:54< Bertl> ah it has to be a file ... 18:47:12< broo> and there is a search there where you can put in vague information and it'll come up with lists of packages 18:47:15< Bertl> hmm, no luck 18:47:16< Bertl> debian:~# dpkg -S /usr/include/error.h 18:47:16< Bertl> dpkg: /usr/include/error.h not found. 18:47:35< broo> yeah you actually have to have the file and the package to use dpkg -S 18:47:46< broo> it only searches installed packages (chicken egg on that one) 18:47:52< Bertl> well, that's kind of defeating the purpose, isn't it? 18:48:19< Bertl> doesn't apt-get somehow know where a file should be coming from? 18:48:28< broo> and on freenode in #debian there is a way to query for packages from files from a bot there, but I haven't used that 18:48:59< Bertl> on mandrake I just do urpmf and it tells me the package(s) 18:49:02< broo> no apt-get has a list of package names and descriptions of the packages, it doesn't file a list of files contained in the package 18:49:57< Bertl> well, okay, guess I have to live with it ... 18:50:06< Bertl> thanks for the help ... 18:50:29< broo> apt-cache might help you with that somewhat 18:50:50< broo> apt-cache search piece_of_information will usually come up with a relevant package 18:55:16< Bertl> okay, thanks again, good to know ... 19:11:33< Doener> re 19:11:37< Bertl> hi Doener! 19:13:34>> grzegbor [grzegbor@orion.media4u.pl] has joined #vserver 19:13:57< Bertl> hi grzegbor! 19:14:06< grzegbor> hi Bertl! 19:14:10< grzegbor> :)))))) 19:14:22< Bertl> are you sure you have all your vovels? 19:14:52< Bertl> ;) 19:15:26< Doener> Bertl: there's apt-file to search for files in packages, but it's a little slow and it has its own database, so more updating has to be done :/ 19:15:57< Bertl> okay, I see ... that should be able to find not installed stuff to, right? 19:16:03< Doener> right 19:16:05< broo> sweet learn something new everyday 19:17:32>> shuri [~shushushu@cpu183.adsl.qc.bellglobal.com] has joined #vserver 19:17:50< Bertl> hi shuri! 19:17:55< shuri> hi Bertl 19:18:28< Doener> i still prefer the web-based search on packages.debian.org simply because it is much faster 19:19:43< Bertl> is there some kind of package search for debian which also includes non debian repositories? 19:19:58 * Bertl .oO( probably a stupid question ;) 19:20:55< Doener> what do you mean by non-debian? other repositories of debian packages like backports.org? 19:22:16>> grzegbor [grzegbor@orion.media4u.pl] has quit [Quit: "Man who fight with wife all day, get no peace at night!"] 19:23:20< Doener> or a search that includes for example a rpm repository? 19:25:17< Bertl> to be honest soemthing like pbone.net ... 19:29:39>> grzegbor [grzegbor@orion.black.pl] has joined #vserver 19:29:50< Bertl> welcome back grzegbor! 19:30:07< grzegbor> hi Bertl :) 19:30:24< Bertl> for a moment I thought I scared you! 19:31:17< grzegbor> no, i didnt :)( 19:31:18< grzegbor> :)) 19:31:19< hiaslboy> apt-get .org has more than the usual repositories available for searching 19:31:45< hiaslboy> (but it does not include the debian-Repositories for the search ... 19:32:13< Bertl> okay, so with apt-get + debian you'll probably get most of them, right? 19:32:15< Doener> hiaslboy: yeah, but not for files in the packages but only for the packages themselves ;) 19:32:31< hiaslboy> Doener: that is right ... 19:36:27< Bertl> has anybody tested 1.9.0pre regarding barrier or iunlink/unification yet? 19:37:03>> taxcollector [~taxcollec@192.16.167.161] has joined #vserver 19:37:14< Bertl> ahh, taxcollector, my man! 19:37:19< taxcollector> Howdy! 19:38:22< Bertl> taxcollector: last time you asked regarding the devel stuff and unification, right? 19:38:28< taxcollector> Yup. 19:38:32< Doener> Bertl: damn, how could i forget ;) you could give rpmseek.com a try... main problem for me is, that it seems like it does know about the different debian branches... 19:39:20< Bertl> taxcollector: could you give this one a try? 19:39:22< Bertl> http://vserver.13thfloor.at/Experimental/delta-vs1.3.9-vs1.3.9.1.diff 19:39:24< taxcollector> Sure 19:45:20< UFOczek> what is delat? 19:45:21< UFOczek> delta ? 19:46:01< Bertl> delta is a letter of the greek alphabet ... often used to depict a difference ... 19:46:13< UFOczek> i'm asking about patch ... ;-) 19:46:18< Bertl> in this case, delta is an incremental patch ... 19:46:35< UFOczek> i see. 19:46:40>> LeXo_ is now known as franck 19:46:50< UFOczek> good to know,thanx :) 19:46:54< Bertl> morning franck! 19:47:30< Bertl> taxcollector: are you using ext3? 19:47:36< taxcollector> Yup. 19:47:48< Bertl> then please change the following, after applying that patch: 19:48:22< Bertl> fs/ext3/inode.c : in ext3_setattr() 19:48:41< Bertl> the line goto err_out in 19:48:42< Bertl> + if (ia_valid & ATTR_ATTR_FLAG) { 19:48:42< Bertl> + error = ext3_setattr_flags(inode, attr->ia_attr_flags); 19:48:42< Bertl> + goto err_out; 19:48:42< Bertl> + } 19:48:52< Bertl> should actually read 19:48:52< UFOczek> I = tab 19:48:59< Bertl> if (error) 19:48:59< Bertl> goto err_out; 19:49:50< taxcollector> OK; I'll replace all four lines with the two lines you just indicated 19:50:02< Bertl> no, just the goto_err_out 19:50:09< taxcollector> OK 19:50:17< taxcollector> I'll add the one line 19:50:27< Bertl> that's not perfect, but it should work for now ... 19:50:53< Bertl> I'll come up with something better in a few hours, but I#d like to know if that fixes your issues ... 19:51:07< taxcollector> For sure; I'm compiling now. 19:55:47< no_maam_> hi 19:55:54< Bertl> hi! 19:56:30< no_maam_> Bertl: got time now? 19:57:11< Bertl> sure ... 19:57:13< no_maam_> ok 19:58:00< no_maam_> we are doing our plan at http://www.elmarlecher.de/wiki/wiki.pl?VirtuellesLinux 20:07:37>> cereal[n\a] [~cereal@217-20-113-196.internetserviceteam.com] has quit [Ping timeout: 480 seconds] 20:10:15< taxcollector> Bertl: That 1.3.9.1 delta patch seems to work; my test case that failed yesterday succeeds. 20:10:28< taxcollector> Thanks. 20:16:43>> noel- [~noel@pD9FFEB22.dip.t-dialin.net] has joined #vserver 20:16:54< Bertl> taxcollector: okay, good! 20:21:00>> JonB [~NoSuchUse@129.142.112.33.ip.tele2adsl.dk] has joined #vserver 20:24:15>> noel [~noel@pD9FFEF8B.dip.t-dialin.net] has quit [Ping timeout: 480 seconds] 20:27:00>> hiaslboy [matthias@i-166.vc-graz.ac.at] has quit [Ping timeout: 480 seconds] 20:40:21>> noel- [~noel@pD9FFEB22.dip.t-dialin.net] has quit [Quit: Client exiting] 20:43:12>> taxcollector [~taxcollec@192.16.167.161] has quit [Quit: ] 20:44:13>> JonB [~NoSuchUse@129.142.112.33.ip.tele2adsl.dk] has quit [Quit: Leaving] 20:52:11>> taxcollector [~taxcollec@192.16.167.161] has joined #vserver 20:52:12>> Bertl [~herbert@MAIL.13thfloor.at] has quit [Quit: Changing server] 20:56:54>> Bertl [~herbert@MAIL.13thfloor.at] has joined #vserver 20:57:16< Bertl> hmm, did I miss something? 20:57:44< taxcollector> I don't think so 21:00:12< no_maam_> Bertl: away again? 21:00:36< Bertl> somehow the join killed my connections ;) 21:04:21< UFOczek> Weclome back, Bertl!! :-)) 21:06:34< Bertl> thanks UFOczek! 21:06:42< UFOczek> you are quite funny :) 21:06:53< Bertl> UFOczek: you read mcp's statement about wolk! 21:07:21< UFOczek> Bertl: where ?? at wolk homepage? 21:07:36< Bertl> no, here at #vserver ... 21:07:40< grzegbor> UFOczek: hi :) 21:07:51< Bertl> 16:32 < Bertl> mcp: btw, is there a wolk for 2.6.6-rc3? 21:07:51< Bertl> 16:32 < mcp> no. I stop for the moment until all that -rmap changes from -mm 21:07:51< Bertl> are in and I suggest you stop too doing a vserver for 2.6-wolk until 21:07:51< Bertl> I come up with a new wolk after 2.6.6 21:07:52< UFOczek> Bertl: just looking above 21:08:03< UFOczek> damn! 21:08:39< albeiro> Bertl: well, he seems to be right 21:09:32< Bertl> albeiro: and I answered ... 21:09:34< Bertl> 16:36 < Bertl> mcp: okay, no problem with that ... 21:10:56< UFOczek> so we have to wait to 2.6.6 release day 21:11:37< albeiro> ok 21:11:43< UFOczek> that's about few weeks. 21:11:58 * albeiro is looking forward to play again with vserver 21:20:22< Bertl> should not be that long ... 21:24:37>> shuri [~shushushu@cpu183.adsl.qc.bellglobal.com] has quit [Read error: Connection reset by peer] 21:33:36< UFOczek> do i have any other way ? i have to wait.. 21:34:34>> click [click@gonnamakeyou.com] has joined #vserver 21:39:51>> LeXo_ [~LeXo@lns-th2-4f-81-56-252-185.adsl.proxad.net] has joined #vserver 21:42:28< Bertl> hi click ! 21:43:52>> ensc [~ircensc@ultra.csn.tu-chemnitz.de] has joined #vserver 21:44:03< Bertl> morning enrico! 21:44:09< ensc> hi 21:44:51< no_maam_> ensc: hi 21:45:47< no_maam_> ensc: we are currently at #chaos-darmstadt on ircnet 21:46:42>> click [click@gonnamakeyou.com] has quit [Quit: Hm, what's this cable? What happens if I give it a real yank? *Te....] 21:46:55>> franck [~LeXo@lns-th2-4f-81-56-252-185.adsl.proxad.net] has quit [Ping timeout: 480 seconds] 22:01:23>> chaosle [~yvan@port-212-202-168-55.dynamic.qsc.de] has joined #vserver 22:01:31< chaosle> hi all 22:02:56< Bertl> hi chaosle! 22:22:00< chaosle> Bertl, i need your wisdom again ... i had to change from redhat to suse as host ...no i get the error: Can't chroot to directory . (Operation not permitted) 22:22:18< chaosle> util-vserver compiled with ./configure CFLAGS=-O0 CXXFLAGS=-O0 22:22:22< chaosle> suse 9.0 22:22:40< chaosle> gcc 3.3.1 22:23:01< chaosle> Linux-VServer Test [V0.07] (C) 2003-2004 H.Poetzl 22:23:01< chaosle> chcontext is working. 22:23:01< chaosle> chbind is working. 22:23:01< chaosle> Linux 2.4.26-vs1.27 i686/0.29.4/0.29.4 [E] 22:23:01< chaosle> --- 22:23:03< chaosle> [001]# succeeded. 22:23:04< chaosle> [011]# succeeded. 22:23:10< chaosle> [031]# succeeded. 22:23:12< chaosle> [101]# succeeded. 22:23:14< chaosle> [102]# succeeded. 22:23:15< chaosle> [201]# failed. 22:23:18< chaosle> [202]# succeeded. 22:23:20< chaosle> :) 22:23:23< Bertl> hm ... 22:23:25< Doener> o.O 22:23:51< chaosle> compiled without CFLAGS=-O0 CXXFLAGS=-O0 failes testme.sh 201 and 202 22:23:56< Bertl> 201 didn't fail with recent util-vserver, maybe you have a mixture? 22:24:04< Bertl> ensc: any ideas? 22:25:18< chaosle> tried 0.29 and 0.29.4 (and vserver 1.39 with 0.29.201 or so ) 22:26:05< ensc> execute the commands manually and see which version was used; the 'operation not permitted' error sounds like a gcc bug 22:27:33< Bertl> really? 22:27:42< chaosle> its the suse modded gcc 3.3.1 22:28:29< chaosle> what do you mean with "execute the commands manually and see which version was used" ? 22:29:05< ensc> afaik, testme.sh has a switch to increase verbosity 22:29:15< chaosle> -v and -vv 22:29:26< chaosle> want to see the output ? 22:29:53>> monrad [~monrad@213083190224.sonofon.dk] has joined #vserver 22:30:08< ensc> see if the used chbind/chcontext versions are from the newly compiled package 22:31:01< chaosle> chcontext is working. 22:31:02< chaosle> s_context: 1 [ 1] 22:31:02< chaosle> chbind is working. 22:31:02< chaosle> ipv4root: 0100007f/00ffffff ipv4root_bcast: ffffffff ipv4root_refcnt: 1 22:31:02< chaosle> ipv4root: 0100007f/00ffffff ipv4root_bcast: ffffffff ipv4root_refcnt: 1 22:31:03< chaosle> chcontext version 0.29.4 22:31:27< chaosle> 40b9b5beda5f8c1f5341161cf62f5805 /usr/local/sbin/chbind 22:31:27< chaosle> 56e4cf87cbb09d5ddd4a01c8e6736cb3 /usr/local/sbin/chcontext 22:32:07< chaosle> and the error ist : [201]# chcontext --ctx 100 --flag fakeinit grep 'initpid: 0' /proc/self/status 22:32:07< chaosle> New security context is 100 22:32:07< chaosle> initpid: 0 22:32:07< chaosle> [201]# failed. 22:32:21< ensc> what gives 'which chcontext'? 22:32:24< chaosle> dont know exactly what you need to know :) 22:32:36< ensc> and chcontext --version? 22:36:41< chaosle> /usr/local/sbin/chcontext 22:36:42< chaosle> chcontext version 0.29.4 22:36:42< ensc> and this binary was compiled with '-O0' flags? 22:36:42< chaosle> CFLAGS=-O0 CXXFLAGS=-O0, yes 22:36:42>> serving [~serving@213.186.189.95] has quit [Ping timeout: 480 seconds] 22:36:42< ensc> chaosle: can you try a 'make clean; make all' and execute "./chcontext --ctx 100 --flag fakeinit grep 'initpid: 0' /proc/self/status" in src/? 22:37:36< chaosle> New security context is 100 22:38:39< Bertl> ensc: ad fakeinit, something with the 211 tools isn't working as expected, probably my fault, but I don't know yet, is it working for you? 22:38:55< ensc> Bertl: on which kernel? 22:39:01< Bertl> 2.6/19.0pre13 22:39:45< ensc> what is wrong there? 22:39:46< Bertl> btw, I have some 'unexpected' effects on my test setup, with the newer tools ... 22:40:28< Bertl> 2.6.6-rc3/1.9.0pre13 ancient tools 0.24 (Jack) 22:41:02< Bertl> # vserver XXXX start 22:41:02< Bertl> Starting the virtual server XXXX 22:41:02< Bertl> Server XXXX is not running 22:41:02< Bertl> broadcast: Unknown host 22:41:02< Bertl> SIOCSIFADDR: Invalid argument 22:41:04< Bertl> rm: unable to remove `var/run/utmp': Operation not permitted 22:41:07< Bertl> touch: var/run/utmp: Permission denied 22:41:09< Bertl> Can't open file var/run/utmp (Permission denied) 22:41:12< Bertl> ulimit: 1: Illegal option -u 22:41:14< Bertl> ipv4root is now 192.168.0.2 22:41:17< Bertl> Host name is now XXXX.test.org 22:41:20< Bertl> Domain name is now 22:41:22< Bertl> New security context is 1001 22:41:25< Bertl> Kernel do not support chrootsafe(), using chroot() 22:41:27< Bertl> Starting system logger: [ OK ] 22:41:30< Bertl> the SIOCSIFADDR is from the missing eth0 config ... 22:41:34< Bertl> the unable to remove `var/run/utmp' .. is strange, but was always there ... 22:41:50< Bertl> now with util-vserver-0.29.211 22:42:10< ensc> does not look like the new configuration scheme... 22:42:18< Bertl> no, it isnt ... 22:42:36< ensc> I never tried old vservers with the 2.6 patches 22:42:52< ensc> something wents wrong at interface setup already 22:42:53< Bertl> # vserver XXXX start 22:42:53< Bertl> WARNING: can not find configuration, assuming legacy method 22:42:53< Bertl> Starting the virtual server XXXX 22:42:53< Bertl> Server XXXX is not running 22:42:53< Bertl> ifspec: ioctl(SIOCGIFNETMASK): Cannot assign requested address 22:42:55< Bertl> broadcast: Unknown host 22:42:58< Bertl> rm: unable to remove `var/run/utmp': Operation not permitted 22:43:00< Bertl> touch: var/run/utmp: Permission denied 22:43:03< Bertl> chgrp: var/run/utmp: Operation not permitted 22:43:05< Bertl> chmod: var/run/utmp: Operation not permitted 22:43:08< Bertl> fakerunlevel: open("var/run/utmp"): Permission denied 22:43:10< Bertl> ulimit: 1: Illegal option -u 22:43:13< Bertl> ipv4root is now 192.168.0.2 22:43:16< Bertl> Host name is now XXXX.test.org 22:43:18< Bertl> Domain name is now 22:43:21< Bertl> New security context is 1001 22:44:16< Bertl> any idea where the var/run/utmp stuff comes from? 22:44:28< ensc> chaosle: please execute 'chcontext --ctx 100 --flag fakeinit cat /proc/self/status' and post the capability lines 22:46:08< chaosle> CapInh: 0000000000000000 22:46:08< chaosle> CapPrm: 000000004000085e 22:46:08< chaosle> CapEff: 000000004000085e 22:46:08< chaosle> CapBset: 000000004000085e 22:46:21< ensc> hmm, looks very randomly... 22:47:47< ensc> chaosle: can you add a 'printf("%08x\n", remove_cap);' in lib/syscall-compat.hc:37? 22:48:31< ensc> Bertl: what can cause EPERM when executing unlink as root? 22:49:10< ensc> are there some '-i' attributes ? 22:49:24< Bertl> hmm, good question ... some xid mismatch, some immutable flags, some directory which is not writeable ... 22:50:10< chaosle> ensc, and again make clean && make all ? 22:50:17< ensc> chaosle: yep 22:50:53< Bertl> d--------- 9 root root 1024 May 2 18:58 /vservers 22:50:53< Bertl> drwxr-xr-x 17 root root 1024 May 3 21:49 /vservers/XXXX 22:50:53< Bertl> drwxr-xr-x 20 root root 1024 Nov 19 05:36 /vservers/XXXX/var 22:50:53< Bertl> drwxr-xr-x 5 root root 1024 May 3 21:48 /vservers/XXXX/var/run 22:50:53< Bertl> -rw-r--r-- 3 root root 384 May 2 18:56 /vservers/XXXX/var/run/utmp 22:51:00< chaosle> 00000000 22:51:00< chaosle> 00000000 22:51:00< chaosle> New security context is 100 22:51:23< Bertl> /vservers/XXXX/var/run/utmp Immutable 22:51:34< Bertl> hmm, where did this come from ... investigating ... 22:52:36< ensc> chaosle: are there still teh same capabilities at 'chcontext --ctx 100 --flag fakeinit cat /proc/self/status'? 22:52:56>> Apollo [~throwaway@caracal.norcomcable.ca] has quit [Quit: ] 22:52:59< Bertl> ensc: okay, thanks didn't think of that simple solution ;) 22:54:11< Bertl> btw, fakeinit is somehow not working ... 22:55:02< Bertl> or, to put it the other way round, how is it supposed to work with 0.29.211, for let's say, a command line example with vcontext, chcontext, vattributes and such? 22:55:37< ensc> /usr/sbin/vcontext --create -- /usr/sbin/vattribute --set -- /usr/sbin/vcontext --fakeinit --endsetup --migrate-self -- grep initpid: /proc/self/status 22:55:59< ensc> or: bash -x chcontext --flag fakeinit grep 'initpid:' /proc/self/status 22:56:24< Bertl> yep, that should be enough, thought so .. so it's probably a fault on my side ... 22:56:26< chaosle> CapInh: 0000000000000000 22:56:26< chaosle> CapPrm: 000000004000085e 22:56:26< chaosle> CapEff: 000000004000085e 22:56:26< chaosle> CapBset: 000000004000085e 22:56:29< chaosle> no changes 22:57:16< ensc> chaosle: ok, now give out the value of 'msg.remove_cap' instead of 'remove_cap' 22:58:21< ensc> chaosle: which compiler was used for the kernel? 22:58:40< chaosle> also gcc 3.3.1 (suse linux) 22:59:29< ensc> the '000000004000085e' looks like an address 23:01:23>> LeXo_ is now known as franck 23:01:49< Bertl> ensc: do we have any problems if we drop the VCMD_get_iattr_v0 completely for 1.9.0? 23:01:55< chaosle> msg.remove_cap : 00000000 23:01:55< chaosle> 00000000 23:02:12< Bertl> (should read VCMD_set_iattr_v0) 23:02:58< chaosle> doesnt msg.remove_cap = remove_cap; means that it must be the same or am i in the worng file ? 23:03:17< chaosle> worng = wrong 23:04:10< chaosle> lib/syscall-compat.hc:37? 23:04:53< ensc> strange... what is capbset for the current process? 23:04:58>> monrad [~monrad@213083190224.sonofon.dk] has quit [Quit: Leaving] 23:06:06< chaosle> "what is capbset for the current process" <- ?!?! where do i look this up ?!? 23:07:02< ensc> Bertl: no problem with it... 23:07:17< ensc> chaosle: the CapBset: value from 'cat /proc/self/status' 23:07:53< ensc> chaosle: yes, both values should be the same and they are it (000000000) 23:09:38< chaosle> CapBset: 00000000fffffeff 23:10:59< ensc> mmh... perhaps the kernel has been miscompiled... 23:11:53< chaosle> ok ... and where in the kernel i have to make changes ? 23:14:19< ensc> mmh... try to compile kernel/vcontext.c without optimizations (or only moderate ones) 23:14:45< ensc> but isn't somewhere an update for the SUSE gcc compiler? 23:15:22< ensc> I heard several reports about it so SUSE should provide an errata 23:15:25< chaosle> not at the suse update page 23:23:13< chaosle> ensc, you mean the problem is on my host side ? new gcc and new kernel could fix the problem ? 23:25:25< ensc> chaosle: I can not explain it; the structure is filled with correct data (000000), the old bset is ok (00000000fffffeff), and the new one should be 'bset & ~(0000000)'; there is nothing which can modify it between the vserver() syscall and the place where it gets evaluated in the kernel 23:25:44< ensc> I would suggest to write a bugreport for the SUSE support 23:26:16< ensc> good thing is, that it is 100% reproducible 23:27:02< Bertl> hmm, did anybody strace the stuff? 23:27:17< Bertl> maybe even with strace 4.5.1 + vserver patch? 23:29:02< chaosle> ensc thx a lot for your help 23:59:39< Bertl> ensc: did you test the barrier in 1.9.0 yet? 23:59:40>> axu [gl@83.64.2.169] has joined #vserver 23:59:43< axu> hi folks 23:59:49< axu> hi betl :) --- Log closed wto maj 04 00:00:00 2004