--- Log opened ¶ro maj 05 00:00:00 2004 00:01:09< Napalm> Doener: ok, this now makes no sense /usr/local/sbin/util-vserver-vars shows VROOTDIR='/vservers' 00:01:40< Doener`> argh... sec, i'm dubm... 00:01:49< Napalm> i'll run make with uninstall 00:01:57< Doener`> wait... 00:02:05< Napalm> ok 00:03:35< Napalm> ok i was using the old tools and there was none of this .defaults 00:03:38< Doener`> is there a /usr/local/etc/vserver/.default/vdirbase symlink? 00:03:49< Doener`> Napalm: the configuration changed a lot 00:04:08< Bertl> may I suggest something? 00:04:42< Napalm> Doener: lrwxrwxrwx 1 root root 9 May 4 21:04 vdirbase -> /vservers 00:04:53< Doener`> Bertl: you're kidding, aren't you? your suggestions are always very welcome :) 00:05:07< Napalm> Bert: please do? 00:05:08< Bertl> just because atm, you seem UNSTOPABLE! 00:05:14< Bertl> ;) 00:05:30< Bertl> actually I have two suggestions ... 00:05:35< Doener`> Napalm: ok, guess i was going the wrong direction... go and reinstall ;) 00:05:49< Bertl> a) be careful with alpha tools and vs1.27 00:05:54< Napalm> shall i wait for berts ideas? 00:06:12< Bertl> b) if you have an existing 'old' vserver install use the legacy mode ... 00:06:14< Doener`> yes! Bertl is THE man to ask :) 00:06:23< Bertl> so what to do now ... 00:06:35< Bertl> simple, you want to test alpha? make a symlink ... 00:07:03< Bertl> you want to use alpha, for further development? get used to the new setup/config scheme ... 00:07:28< Bertl> in the latter case, the best way is to create a new vserver from scratch ... 00:07:40< Bertl> (there is an explanation on the alpha util-vserver page) 00:08:02< Bertl> then walk the 'new' config with the flower page opened in your browser ... 00:08:47< Bertl> and as I alread suggested, the config can be found by: 00:08:54< Bertl> vserver-info - SYSINFO 00:09:10< Napalm> Bert: so the alpha util-vserver is no good for me at the moment? I will resetup everything, what kernel patches are recommened, I am starting on 2.4.20-8, RH9 00:09:31< Bertl> really depends on where you are heading ... 00:10:11< Bertl> http://www.13thfloor.at/vserver/s_release/overview/ 00:10:14< Napalm> im going to need a stable base to setup 3 VServers on then i can test other softare 00:10:29< Bertl> this is the stable branch, kernel and tools ... 00:10:43< Bertl> http://www.13thfloor.at/vserver/s_release/v1.27/ 00:11:06< Napalm> i have 2.4.26-vs1.27 at the moment 00:11:11< Bertl> vanilla kernel 2.4.26 + patches are perfect 00:11:36< Bertl> util-vserver 0.29.4 are the 'old'/'stable' tools for that 00:11:42< Napalm> but i should be using util-vserver-0.29.4-1mdk.i586.rpm 00:11:54< Bertl> you can recompile your own rpm 00:12:12< Bertl> either use the Mandrake src rpm, or just the sources 00:12:22< Bertl> with rpmbuild -tb 00:12:55< Bertl> you'll need (or should use) a recent C99 compiler and dietlibc for that 00:13:37< Bertl> (and the libext2-devel package IIRC) 00:13:50< Napalm> its building now 00:14:12< Bertl> uninstall the other tools, before you install that package ... 00:14:29< Napalm> of course ;) 00:14:49< Bertl> don't forget, many features available in devel and alpha utils are not available here ... 00:15:17< Bertl> but for a production system, it's still a good solution ... 00:16:05< Bertl> btw, Doener please don't let me stop you from helping people on the channel, it's the last thing I want ... 00:17:04>> chaosle [~yvan@port-212-202-168-55.dynamic.qsc.de] has joined #vserver 00:17:07< Napalm> lol 00:17:10< chaosle> hi all 00:17:14< Doener`> don't worry ;) 00:17:17< Bertl> I appreciate the time you spend here helping others ... 00:17:27< Bertl> hi chaosle! 00:18:11< chaosle> the problem i had yesterday was fixed by using gcc3.3.3 from gnu.org instead of the suse linux gcc3.3.1 00:18:33< chaosle> everything works fine now ... thx for help 00:18:37< Bertl> hmm, so suse is now compiling with a broken compiler, clever trick! 00:19:48< Napalm> ouch 00:20:05< Napalm> rpms have been built now 00:20:12< Napalm> util-vserver-0.29.4-0.i386.rpm util-vserver-linuxconf-0.29.4-0.i386.rpm util-vserver-debuginfo-0.29.4-0.i386.rpm 00:20:28< Bertl> and some more ... 00:20:31< Napalm> want me to upload a copy to my webserver, so others can enjoy rh9 builds 00:20:53< Bertl> np there, upload it, and add a link to the wiki if you like ... 00:23:43< Napalm> i'll make a site with a couple of pages and then add a link to the wiki 00:24:21< Napalm> Quote of the Day: "Bert king of vserver" 00:24:31< Bertl> hmm .. consider doing those pages on the wiki itself 00:24:51< Bertl> this way they, a) can be edited, b) do not use yet another layout ... 00:25:30< Napalm> Bert: ps hows this wiki work? no authentication needed? 00:25:31>> taxcollector [~taxcollec@192.16.167.161] has joined #vserver 00:25:53< Bertl> no, but you can set your preferences, so it will show your name and not the ip 00:26:24< Bertl> and there is a preview ;) 00:29:24< taxcollector> Bertl: I've had a chance to read your vserver paper (version 5-1) and had a couple of comments... 00:29:42< Bertl> written or just in mind? 00:29:52< taxcollector> Just in mind... 00:29:59< Bertl> let's hear ... 00:30:01< taxcollector> I good compose them in an e-mail if you prefer 00:30:06< taxcollector> s/good/could/ 00:30:17< Bertl> whatever you prefer ... 00:31:11< taxcollector> Well, maybe clarification on one of my points here; others to follow in e-mail... 00:31:39< Bertl> okay ... 00:31:44< taxcollector> When you say that you need to ensure that the barrier flag must be set on the root directory of each VPS do you mean /vservers? 00:31:51< taxcollector> Or do you mean /vservers/xxx? 00:32:26< Bertl> hmm, good point, actually it should be /vservers ... 00:32:48< taxcollector> OK, that's what I thought you meant -- otherwise things wouldn't work properly. 00:32:53< Bertl> so it's not the root directory, but the parent ... 00:33:24< Bertl> the interesting question now is, would it work with the root too, with the new barrier flag? 00:33:25< taxcollector> Also, with the advent of private namespaces does the need for the BARRIER flag go away? 00:33:40< taxcollector> It works with 1.3.9.1 at least. 00:33:51< taxcollector> Is that different than the pre14 flag? 00:33:57< chaosle> good night all 00:33:59< Bertl> no, that's the same 00:34:01>> chaosle [~yvan@port-212-202-168-55.dynamic.qsc.de] has left #vserver [Leaving] 00:34:27< taxcollector> And when I say it works I mean that the exploit recently posted in Feb fails 00:34:47< Bertl> the private namespaces will not require the barrier, when they are working as expected 00:35:18< Bertl> currently one issue is the remaining 'old' mount point, which could affect the namespace security ... 00:35:46< Bertl> but I guess we will have a solution for that in a few weeks ... 00:36:08< taxcollector> Would that imply that the only file system specific support necessary for vserver for unification? 00:36:15< Bertl> but it should not hurt to add the barrier for namespace based vservers too (better safe than sorry ;) 00:36:51< taxcollector> OK; I ask because I am exploring the possibility of using vservers on IBM's GPFS, which is not entirely open source. 00:36:53< Bertl> well, yes, you could drop that too, if you do not use unified files 00:37:21< Bertl> does it support linux xattribs? 00:37:25< taxcollector> No 00:37:34< Bertl> extended attributes or acl? 00:37:44< taxcollector> It does have ACL 00:38:10< Bertl> well, one could use this for a workaround ... 00:40:00< Bertl> what is 'the' advantage of GPFS over other solutions? 00:41:02< taxcollector> GPFS is a cluster file system; all nodes in our linux cluster access it. 00:41:19< taxcollector> Why this particular parallel FS was chosen; I don't know. 00:42:33< Bertl> hmm, you might get into real trouble ... 00:43:18< Bertl> well, really depends on what you want from the system ... 00:44:02< taxcollector> I'm not married to the NAS; I'll probably just use each node's local drive 00:44:08< Bertl> but for example, disk limits or context quota is unlikely to work with that ... if no source code is available ... 00:44:32< taxcollector> Yeah, that was a limitation I might be willing to live with. 00:45:20< Bertl> do you plan to open it for customers as Guest root? 00:45:31< taxcollector> I was 00:46:08< Bertl> does GPFS have some notion of 'volumes' or 'mounts' ? 00:46:08< taxcollector> hey aren't customers per se 00:46:13< taxcollector> Yup 00:46:24< Bertl> so you could make a volume for each vserver? 00:46:40< taxcollector> I could, but I wouldn't be likely to. 00:46:52< taxcollector> I'm not really worried about quotas 00:47:06< Bertl> hmm, because that would also be able to solve all the barrier flag stuff ... 00:47:35< Bertl> ... would be a solution to ... 00:47:36< taxcollector> Ah, I see. If each vserver is on a separate volume there isn't anything to esacpe out to. 00:48:01< Bertl> not if the parent of all those mount points is protected ;) 00:48:46< Napalm> Bert: All added, http://www.linux-vserver.org/, under downloads section.. last link 00:49:33< Bertl> great, thanks! 00:50:09< Napalm> no proble, btw i luv the vserver ideas and especially this project 00:50:31< Bertl> we try to be cute and soft ;) 00:50:37< Napalm> lol ;) 00:51:00>> shuri [~shushushu@cpu183.adsl.qc.bellglobal.com] has joined #vserver 00:51:10< shuri> hello 00:51:19< kestrel> hey herbert, does bme for 2.4.25 work fine in 2.4.26? 00:51:20< Napalm> ooh could i ask bert, what the title of the software you are using for the wiki 00:51:33< kestrel> i don't get any rejects 00:51:36< Bertl> btw, today there should be some native english speaker around, right? 00:51:49< shuri> native french:P 00:51:55< taxcollector> I am a native English speaker, although sometimes my typing does not reflect it. 00:52:00< Bertl> kestrel: well it 'should' work ... although willi suggested some improvements 00:52:07< kestrel> oh, such as? 00:52:23< Bertl> hmm, let me see if I can find it ... 00:52:27< shuri> bert i got some time to test exp 1.9.0pre14 00:52:35< kestrel> all i really want is read only bind mounts 00:52:37< shuri> can you give me the link 00:52:40< shuri> to dl it 00:53:49< Bertl> shuri: sure ... 00:54:14< Bertl> it's at a brand new location ... ;) 00:54:15< Bertl> http://vserver.13thfloor.at/Experimental/ 00:54:20< shuri> haaa 00:54:22< shuri> nice! 00:54:50< shuri> thx 00:55:10< shuri> hope i will not get the same bug as with ore10 00:55:34< Napalm> http://tavi.sourceforge.net/ < found it 00:56:11< Bertl> yep, it's a little modified to the 'original' 00:56:25< Bertl> kestrel: 00:56:27< Napalm> was there any major bugs? 00:56:28< Bertl> I suspect that the offending hunk is this one in the patch : 00:56:28< Bertl> @@ -1025,6 +1043,9 @@ int open_namei(const char * pathname, in 00:56:28< Bertl> error = path_lookup(pathname, LOOKUP_PARENT, nd); 00:56:28< Bertl> if (error) 00:56:28< Bertl> I coulreturn error; 00:56:31< Bertl> + error = -EROFS; 00:56:33< Bertl> + if (MNT_IS_RDONLY(nd->mnt)) 00:56:36< Bertl> + goto exit; 00:56:49< Bertl> Oh BTW, sorry, I forgot to tell you that at least the workaround works 00:56:49< Bertl> perfectly (commenting the lines out). 00:57:08< Bertl> so it seems to be an improvement ;) 00:57:28< Bertl> Napalm: no no errors, small feature additions ... 00:57:39< Bertl> s/errors/bugs/ 00:58:22< Bertl> taxcollector: if you get around, could you check the paper for grammar and spelling? (proof-read it?) 00:59:02< taxcollector> No problem; on my first read most of it was fine. I will send an e-mail with nitpicks. 00:59:19< Bertl> thanks in advance ... 01:00:18< Bertl> Napalm: did you find the preview button? 01:01:13< Napalm> Bert: Yes, is there a problem? 01:01:47< Bertl> no, just that one of my additions to the wiki was to send an email to a special mailing list whenever something is changed ... 01:02:09< Bertl> you can subscribe to that mailing list, btw ... 01:02:13< Napalm> i hav'nt changed anything but add a link to the main page 01:02:20< Napalm> ohhh 01:02:31< Napalm> yep im joined to the mailinglist 01:03:00< Napalm> Bert: i read the info, so i just email into the mailinglist email addy and it goes out to everyone? 01:03:32< Bertl> that is the vserver ml, yes, the wiki ml is read only ... 01:03:46< Bertl> (two mailing lists) 01:03:52< Napalm> theres two mailinglists? :s 01:04:03< Napalm> im subscribed to the vserver ml 01:04:10< Bertl> I thought so ... 01:04:23< Bertl> the wiki mailing list looks like this: 01:04:32< Bertl> 3718 May 04 Linux-VServer Wi 14 [wiki] Page 'Vserver Utils 0.29.4-0 RH9 R 01:04:41< Bertl> Just for your information, 01:04:41< Bertl> Napalm changed the page titled 'Vserver Utils 0.29.4-0 RH9 RPMs' 01:04:41< Bertl> [http://www.linux-vserver.org/index.php?page=Vserver+Utils+0.29.4-0+RH9+RPMs] 01:04:41< Bertl> Comment: 01:04:41< Bertl> enjoy, 01:04:43< Bertl> Herbert 01:05:11< Napalm> have you mailed the ml? 01:05:25< Bertl> no, that happens automagically ;) 01:05:34>> axu [gl@83-64-20-69.dynamic.home.xdsl-line.inode.at] has quit [Quit: Leaving] 01:05:41< Bertl> (but only for the wiki ml ;) 01:05:44< Napalm> now i see your changes 01:05:45< Napalm> ;) 01:05:46< Bertl> are you confused now? 01:05:49< Napalm> nope 01:05:54< Napalm> btw, theres a weird entry to the Wiki http://www.linux-vserver.org/index.php?page=http%3A 01:06:04< Bertl> yep, I know ... 01:06:19< Bertl> obviously somebody tried to trick the wiki ;) 01:06:20>> Shotygun [shotgun@shotygun.com] has joined #vserver 01:06:43< Bertl> hi Shotygun! 01:07:51< Doener`> maybe that's a new movement :) instead of creating senseless mirc scripts they now hack wikis 01:08:01< Napalm> lol 01:08:12>> g0atygun [shotgun@shotygun.com] has quit [Remote host closed the connection] 01:08:17< Doener`> could be considered equally difficult... 01:08:36< Bertl> well, I have to admit that I'm surprised that the wiki concept works that well ... 01:08:58< Napalm> what happens if someone edits the wiki wrong? 01:09:03< Napalm> can you revert the changes? 01:09:33< Bertl> yes, I do backups on a regular basis, but except for some very stupid wannabe hacker, it never happened ... 01:09:56< Bertl> we added the Hacker Page for this poor guy ... 01:10:07< Napalm> lol 01:11:03< Doener`> i fear that it just works because it is unknown to the average user... once wikis attract more people, some kiddies will think it'd be cool to hack them... 01:11:50 * Napalm rolls eyes 01:11:53< Bertl> hmm, I guess there are actually two reasons for not 'hacking' or changing them ... 01:12:09< Napalm> then you would have to implement authorization 01:12:29< Bertl> a) it doesn't buy you any respect/karma ... 01:13:47< Napalm> Did everyone here about the new Intel release? 10gbps ethernet cards 01:14:03< Napalm> reference url: http://thewhir.com/marketwatch/int050404.cfm 01:14:11< Bertl> b) changing it is somewhat unethical (against common code) 01:14:48< Bertl> so they did get their 10GB adapter working? 01:15:02< Napalm> i guess it seems so 01:15:58< Bertl> ~ $5000 not too shabby! 01:17:21< Doener`> hmm... anyone heard about the ms vserver stuff? 01:17:44< Bertl> no? did they port solaris slices? 01:17:49< Bertl> ;) 01:18:22< Doener`> just saw it on a magazine while waiting for my train today... 01:18:46< Napalm> yes i have Doener, it was posted on the whir 01:19:15< Bertl> I guess it's better than everything else, and much easier to use, and secure, right? 8-) 01:20:36< Doener`> probably ;) and most important: it looks nicer 01:20:36< Napalm> yea right, lol ;) 01:21:04< Bertl> ah, yes, with the new Aqua^H^H^H^HM$ look and feel ;) 01:21:41< Napalm> secure microsoft homeuser - now pick only 2 words, because they can never make three 01:22:59< Doener`> there are a lot of windows with nice borders for virtually everyone to look into the system, some important ones may even have stained glass so that only bill can look through them 01:23:12< Bertl> can anybody tell the one single innovation M$ did? 01:24:01< Bertl> (and I tried hard to find others ;) 01:24:32< Napalm> ;) 01:24:47< Bertl> nobody? 01:25:02< Doener`> lemme think... that's a HARD question... 01:26:21< taxcollector> http://www.vcnet.com/bms/departments/innovation.shtml 01:27:08< Napalm> nice find taxcollector 01:27:19< Napalm> thats going out too all my friends 01:27:20< Bertl> he knows how to google ;) 01:27:23< taxcollector> :) 01:28:15< Doener`> and the accepted ones are probably even going to be rejected... 01:28:19< Napalm> has anyone here google-wacked? 01:28:39< Bertl> yep, I've also written an auto whacker ... some time ago ;) 01:28:47< Napalm> :O 01:28:58< Napalm> wooo, nicce one 01:30:12< Bertl> hmm . let me see if I can still find it ;) 01:31:30< kestrel> hey, has anybody tried ifrename with vserver? 01:32:11< Bertl> nope, seems to be one one of my archive tapes ... 01:32:22< Bertl> kestrel: yes, but it is of limited use ... 01:32:24< Napalm> Bert: shame.. :( 01:32:39< kestrel> ah, why is that? 01:33:02< Bertl> because you get into hells kitchen if you have the same name twice ... 01:33:09< Bertl> ;) 01:33:15< kestrel> oh yes, of course 01:33:16< Doener`> Bertl: what is the one single innovation ms did? or did you mean BOB? 01:33:27< Bertl> actually the paper clip ... 01:33:31< kestrel> i was just thinking of giving each vserver an ethX name rather than a dummy0: name 01:33:41< Bertl> but that's basically the same ... ;) 01:34:06< Bertl> kestrel: what about vnet0 - vnetX 01:34:08< Napalm> Bert: can what kestrel is saying be done with ifrename 01:34:15< Bertl> yep 01:34:22< kestrel> vnetX, even better 01:34:50< Doener`> ok, i'm off to bed... have to get up in ~5 hours... way too soon ;( 01:34:55< Doener`> g'night everyone! 01:35:08< Bertl> night Doener`! 01:35:30< Napalm> is anyone here from the UK? 01:35:35< Bertl> there is some code, adding a new kind of dummy device (something designed for that purpose) which is already called vnetX 01:37:08< Bertl> if you are interested in extending this one .. I can provide the existing framework ... 01:37:46< Napalm> Bert: i would be very interested 01:38:19< Bertl> hmm, in the code? 01:38:41< Napalm> Bert: in generating a util, yes? 01:38:47< kestrel> herbert: how is it different from dummy0? 01:39:31< Bertl> well, it provides the hooks for adding per vserver 'virtualized' network accounting ... 01:40:17< kestrel> ah 01:40:17< kestrel> i'd be interested 01:40:23< kestrel> in looking at the code 01:41:51< kestrel> i can't promise much, having only had limited exposure to kernel hacking, but i'll give it a go :) 01:42:00< Napalm> i think i might build a RH version of ifrename, i can only seem to find the debian version 01:42:16< Bertl> iptools2 01:43:01< Napalm> Bert: ? 01:43:53< Bertl> the package iptools2 which contains the ip utility should contain the ifrename IIRC 01:47:02< Napalm> the only download reference i can find is ftp://ftp.funet.fi/pub/mirrors/ftp.inr.ac.ru/ip-routing/ 01:47:51>> Netsplit oxygen.oftc.net <-> arion.oftc.net quits: dsanta, ensc, kestrel, _id_m12, Shotygun 01:47:51< Bertl> kestrel: 01:47:52< Bertl> http://vserver.13thfloor.at/Experimental/patch-2.4.23-rc1-vn0.04.diff 01:49:23>> Netsplit over, joins: _id_m12, Shotygun, dsanta, ensc, kestrel 01:49:32< Bertl> okay, everone back? 01:49:41< Bertl> everyone, even? 01:50:29>> serving [~serving@213.186.189.95] has joined #vserver 01:50:47< Napalm> what just happeneds bert? 01:50:57< Bertl> we had a netsplit ... 01:51:59< Bertl> kestrel: ? 01:53:31< kestrel> yep? 01:53:45< Bertl> okay, we had a netsplit ... 01:53:57< Bertl> http://vserver.13thfloor.at/Experimental/patch-2.4.23-rc1-vn0.04.diff 01:54:10< Bertl> (this was the first/old attempt on 2.4) 01:54:16< kestrel> ah, cool 01:54:20< Bertl> http://vserver.13thfloor.at/Experimental/patch-2.6.5-rc2-bk7-vs0.09.28-nn0.01.diff 01:54:28< Bertl> and this for 2.6 ... 01:54:52< Bertl> it's a little outdated, but might even work ... 01:55:07< kestrel> heh 01:55:34< kestrel> so is this supposed to be the network virtualisation you have been talking about? 01:55:41< Bertl> only one interface for now, but that can be changed easily ... 01:55:43< kestrel> or is this something a little less ambitious? 01:56:05< Bertl> I was, and I am still investigating the different options ... 01:56:26< kestrel> ah, okay 01:56:38< Bertl> but so far, I came to the conclusion, that we have to avoid real-virtual interfaces ... 01:57:01< Bertl> if we do not want to lose performance ... 01:57:27< kestrel> hmm, okay 01:57:37< Bertl> for example the idea using tagged packages to/from ipfilter isn't such a bad one ;) 01:57:47< kestrel> yeah, i read that on the ml the other day 01:58:08< Bertl> so my basic idea is the following: 01:58:26< Bertl> - create a new network context which knows about allowed ips/ranges 01:58:48< Bertl> - allow config stuff ip/ifconfig on a virtual interface within those limits 01:59:10< Bertl> - make some rules, supported by the tagging with iptables 01:59:31< Bertl> - have the packets delivered via normal delivery ... (no changes needed) 01:59:31>> dsanta [~santa@c68.190.156.105.roc.mn.charter.com] has quit [Remote host closed the connection] 01:59:42>> dsanta [~santa@c68.190.156.105.roc.mn.charter.com] has joined #vserver 02:00:01< Bertl> this would allow for full speed networking, with almost no cost (at least not on the fast path) 02:00:25< kestrel> sounds good to me 02:00:28< Bertl> and who cares if ifconfig takes 200msec longer? 02:00:49< kestrel> and you still get the feel of a real interface 02:00:53< Bertl> so that is basically the way I want to go ... 02:01:29< kestrel> sounds great herbert 02:01:35< shuri> yes 02:01:40< shuri> very interrsting! 02:01:44< Bertl> I'm not sure if we need virtualized iptables, but this would be an option ... 02:02:15< Bertl> actually it would be a 2 level hierarchy ... 02:02:41< kestrel> iptables would be like sugar for me...nice to have, but not necessary 02:03:08< Bertl> yeah, I see that very similar ... 02:03:12< kestrel> hey, is the uptime patch still in vserver? 02:03:22< Bertl> depends on the release ... 02:03:45< Bertl> 1.9.x has uptime virtualization ... 02:03:54< kestrel> 1.27 is what i am on 02:04:07< Bertl> this one doesn't ... 02:06:10< taxcollector> Bertl: Earlier you mentioned that I might be able to use ACLs as a workaround for file systems where one couldn't add barrier flag support. What did you have in mind? 02:09:17< Bertl> basically you just need to get some info attached to each inode, it doesn't matter where this info is ... 02:09:27>> stupidawy [foo@you.wish.you.were.pimp.olicio.us] has quit [Ping timeout: 480 seconds] 02:09:52< Bertl> a future version of linux-vserver might use exteded attributes for that purpose (instead of xattrs) 02:12:08>> stupidawy [foo@198.77.239.131] has joined #vserver 02:12:09< taxcollector> Ah, OK. In that scenario, the kernel patch would just inspect the file for whatever marking mechanism I defined. 02:12:45< Medivh> virtual iptables would probably be nice for companies providing commercial vservers 02:12:52< Bertl> exactly ... basically this is done now for the xattr, and a different part of the patch 'adapts' the xattrs to understand barrier and iunlink 02:13:28< Bertl> Medivh: well, yes, but there is also an already existing solution to that ... just nobody did it, afaik 02:13:44< Medivh> Bertl, there is an existing solution? which one? 02:14:26< Bertl> you could use a simple script/wrapper to send the iptable stuff out of the vserver (even the vshelper would do) and add the rules after checking to the host table ... 02:15:08< Bertl> sure needs some pretty smart scripts ... but hey if you can charge money for that ;) 02:15:53< Medivh> heheh :) 02:16:16< Bertl> btw, vserver iptables have some really bad issues ... 02:16:17< Medivh> well i don't charge :p was thinking to, but lacking the money to invest in hardware at the moment 02:16:52< Bertl> especially if some -j target requires a kernel module to be loaded ;) 02:17:04< Medivh> true 02:17:38< Bertl> so doing it in userspace, on the host, would probably be the best solution after all ... 02:18:24< broo> you could have a file that the vserver wrote to that a process in the main server watched and implemented the iptable rules in it 02:18:55< Bertl> yes, but there are simpler and securer solutions to that ... 02:19:32< Bertl> for example simply forwarding the iptables communication to an userspace helper ... 02:20:08< Bertl> vserver-iptables -> netlink (kernel) -> userspace-helper -> host-iptables 02:21:06< Bertl> so if somebody is going to do the userspace stuff, I do not see a big problem doing the kernel space part ,) 02:21:07< broo> hmm, yeah forgot about netlink 02:21:32< broo> though I thought that was for packet injection 02:22:05< Bertl> netlink is used for many communications nowadays ... 02:23:02>> stupidawy [foo@198.77.239.131] has quit [Ping timeout: 480 seconds] 02:23:18< broo> would it be hard to simply have a /proc entry that a userspace program could interact on a per context basis to do iptables stuff 02:24:16< Bertl> well proc entries (especially writable ones) are not such a good idea, and why change the interface if iptables already uses the netlink interface ... 02:24:21>> click [click@gonnamakeyou.com] has joined #vserver 02:24:26< Bertl> hi click! 02:25:00< broo> ah that I didn't know, hmm I guess I need to go look at iptables, yep no sense reinventing the wheel 02:26:56< broo> what all would be needed in the userspace portion? I guess I'd be interested in trying to work it out 02:26:59>> stupidawy [foo@you.wish.you.were.pimp.olicio.us] has joined #vserver 02:27:28< Bertl> well, guess the main part would be validating and merging the rules ... 02:27:36< click> heya... 02:27:41< click> back in norway again :/ 02:27:55< Bertl> doesn't sound like an improvement? 02:28:04< click> i hate just tired 02:28:23< click> i hate tracelling, and now I'm just tired, I ment 02:28:29< click> travelling 02:28:49< Bertl> I just was about to answer 'me neither!' 02:29:52< click> four days on trains, buses and planes. Kind of dead brainwise. 02:30:06< Bertl> okay ... but tired is a good point ... 02:30:39< Bertl> I guess I call it a day .. and we save some discussion for tomorrow ... 02:30:48< click> just fixing up on some last minute work, and I'm off to bed. 02:31:04< Bertl> broo: I'd suggest getting familiar with iptables, and iptables internals ... 02:31:20< Bertl> (there are some good documentations from Rusty on the net) 02:31:48< broo> yep, I was just reading some netlink docs and I'll go look at iptables as well 02:32:10< Bertl> everybody else is welcome to spend some thoughts on the networking concept, and point out existing flaws ... 02:32:42< Bertl> okay, so have a nice one everyone, cya all tomorrow ... 02:32:52>> Bertl is now known as Bertl_zZ 02:35:06>> Apollo [Apollo@panther.norcomcable.ca] has joined #vserver 02:56:46>> Apollo [Apollo@panther.norcomcable.ca] has quit [Quit: ] 03:12:08< Napalm> night Everyone 03:12:58< taxcollector> night 03:12:59>> gilbert [gilbert@208-186-222-203.nrp4.brv.mn.frontiernet.net] has joined #vserver 03:13:00< Napalm> night taxcollector, broo,nesh, kestrel, doener 03:14:00< Napalm> nick Napalm_Oo 03:14:10>> Napalm is now known as Napalm_Oo 03:16:37< gilbert> hello 03:16:48< taxcollector> Howdy 03:16:50< gilbert> i have a question about a security context 03:16:56< gilbert> message 03:17:53< taxcollector> I'm not an expert, but why don't you post the message and see if anyone responds? 03:18:04< gilbert> ok 03:18:16< gilbert> let me get a copy paste action going on 03:18:44< gilbert> [root@air508 vservers]# vserver test start 03:18:44< gilbert> > Starting the virtual server test 03:18:44< gilbert> > Server test is not running 03:18:44< gilbert> > ipv4root is now 69.64.37.50 03:18:44< gilbert> > New security context is 49165 03:19:52< gilbert> Herbert Poetzel told me there "this means that no runlevel services are 03:19:52< gilbert> selected or activated ... 03:20:13< gilbert> thanks to anyone for your input 03:27:36>> anonymouscoward [~nwalsh@shaggy.internode.com.au] has left #vserver [Kopete 0.8.1 : http://kopete.kde.org] 03:30:17< taxcollector> gilbert: did you run ntsysv? 03:36:11< taxcollector> Maybe the "VServer creation" portion of http://www.linux-vserver.org/index.php?page=FedoraHowTo will help you. 03:36:13>> taxcollector [~taxcollec@192.16.167.161] has quit [Remote host closed the connection] 03:37:02>> Napalm_Oo is now known as Napalm_zZ 03:45:12< gilbert> thanks for your input guys 03:45:21< gilbert> ill mess around and try things 03:47:44>> shuri [~shushushu@cpu183.adsl.qc.bellglobal.com] has quit [Ping timeout: 480 seconds] 03:51:03>> shuri [~shushushu@cpu183.adsl.qc.bellglobal.com] has joined #vserver 03:54:42>> shuri [~shushushu@cpu183.adsl.qc.bellglobal.com] has quit [Read error: Connection reset by peer] 04:11:40>> ensc [~ircensc@ultra.csn.tu-chemnitz.de] has quit [Ping timeout: 480 seconds] 04:47:56>> ensc [~ircensc@ultra.csn.tu-chemnitz.de] has joined #vserver 05:20:25>> anonymouscoward [~nwalsh@shaggy.internode.com.au] has joined #vserver 05:25:18>> no_maam [~erik@datenzone.de] has quit [Ping timeout: 480 seconds] 05:29:00>> no_maam [~erik@datenzone.de] has joined #vserver 06:11:34 * broo is away: hey look over there -> 07:05:32>> lexo_ is now known as franck 07:48:24< kestrel> read only bind mounts are cool herbert 07:59:30>> nalfein [~gaertner@212.68.83.129] has joined #vserver 09:19:55>> _id_m12 [~id@pD95E9DF0.dip.t-dialin.net] has quit [Ping timeout: 480 seconds] 09:29:47>> _id_m12 [~id@pD9519040.dip.t-dialin.net] has joined #vserver 09:50:25>> Khahan [~Filbert@D5E0E5F0.kabel.telenet.be] has quit [Read error: Connection reset by peer] 10:06:12>> rs [rs@ice.aspic.com] has joined #vserver 10:06:15< rs> hi 10:57:11>> Filther [~root@212.52.166.22] has joined #vserver 10:57:31< Filther> hi 10:59:07< Filther> hmm 10:59:41>> Filther [~root@212.52.166.22] has quit [Quit: ] 10:59:51>> root [~root@212.52.166.22] has joined #vserver 11:00:12>> root_ [~root@212.52.166.22] has joined #vserver 11:00:15>> root is now known as Eryr 11:00:23>> root_ is now known as Filther 11:00:28>> Eryr [~root@212.52.166.22] has quit [Quit: ] 11:00:28< Filther> hi 11:00:41>> mids [mids@mids.student.utwente.nl] has joined #vserver 11:06:04< Filther> if I try to stop a vserver, I get an error "Can't set the new security context" 11:06:19< Filther> and I also get this error if I try to enter that vserver 11:06:25< Filther> using vserver v_name enter 11:06:39< Filther> ...or chcontext --ctx ctnumber /bin/sh 11:06:42< Filther> can someone help? 11:07:13< Filther> other (unused) contexts work 11:10:38>> Doener_ [~doener@pD9588E7C.dip.t-dialin.net] has joined #vserver 11:17:49>> Doener` [~doener@pD9E12807.dip.t-dialin.net] has quit [Ping timeout: 480 seconds] 11:38:02>> Napalm_zZ is now known as Napalm 11:38:18< Napalm> hello everyone 11:38:28< Filther> hi 11:39:02< Napalm> hi 11:39:48< Napalm> what kernel and utils are you using 11:40:22< Filther> kernel 2.4.24 11:40:26< Filther> and latest utils 11:40:34< Filther> (util-vserver-0.29.4-1mdk.i586.rpm) 11:40:50< Napalm> and you are running mandrake? 11:40:53< Filther> yes 11:41:23< Napalm> type in "uname -r" and let me know the result 11:41:25< Filther> ...and vserver worked since the past 3 months, now.. 11:41:34< Filther> 2.4.24-vs1.24 11:41:55< Napalm> hmm 11:41:59< Filther> I've downloaded the new utils because I thought that something was wrong with the old ones 11:42:03< Filther> but... still the same error 11:42:27< Napalm> i suggest you build the latest version of the kernel 11:42:36< Napalm> vs1.27 11:43:02< Filther> that will require a restart... ah... alright ;> 11:43:09< Filther> now I'm away 11:43:16< Filther> thanks for the advice 11:43:18< Filther> bye 11:43:22< Napalm> bye 11:43:46< Filther> quit 11:43:49>> Filther [~root@212.52.166.22] has quit [Quit: Filther has no reason] 11:44:04>> mhepp [~mhepp@r72s22p13.home.nbox.cz] has joined #vserver 12:41:10< Napalm> be back later everyone 12:41:14>> Napalm [~napalm@host81-7-22-112.adsl.v21.co.uk] has quit [Quit: ] 13:19:34>> loger1 [~loger@213.159.118.2] has joined #vserver 13:21:20>> loger [~loger@213.159.118.2] has quit [Ping timeout: 480 seconds] 13:21:21>> loger1 is now known as loger 14:20:17>> Apollo [~throwaway@caracal.norcomcable.ca] has joined #vserver 14:44:02 * Nesh yawns 14:57:48>> Bertl_zZ is now known as Bertl 14:58:29< Bertl> morning everyone ... 14:58:36< TheSeer> heya :) 14:58:41< Bertl> only a short visit .. have to leave soon ... 14:58:43< broo> morning 14:59:49< Bertl> hmm, I read about the issues Filther had with 0.29.4, can anybody confirm those, or the opposite? 15:01:26< Bertl> okay, anyway, have to leave now, will be back in the evening ... 15:01:41>> Bertl is now known as Bertl_oO 15:15:27>> Apollo [~throwaway@caracal.norcomcable.ca] has quit [Quit: ] 15:20:22>> lexo [~franck@62.240.242.34] has joined #vserver 15:20:35>> lexo [~franck@62.240.242.34] has quit [Quit: ] 15:21:02>> lexo [~franck@62.240.242.34] has joined #vserver 15:57:30>> SwatCT [~fswat@pc-68-118-199-9.will.ct.charter.com] has joined #vserver 15:58:20>> SwatCT [~fswat@pc-68-118-199-9.will.ct.charter.com] has left #vserver [] 16:28:07>> shuri [~shushushu@cpu183.adsl.qc.bellglobal.com] has joined #vserver 16:37:34>> chaosle [~yvan@port-212-202-168-55.dynamic.qsc.de] has joined #vserver 16:39:40>> Doener_ is now known as Doener 16:39:53< Doener> re 16:40:50>> virtuoso [~s0t0na@113ppp11.telegraph.spb.ru] has joined #vserver 16:50:35>> gilbert [gilbert@208-186-222-203.nrp4.brv.mn.frontiernet.net] has quit [Quit: ] 16:56:25>> Doener [~doener@pD9588E7C.dip.t-dialin.net] has quit [Quit: Leaving] 16:58:07>> Doener [~doener@pD9588E7C.dip.t-dialin.net] has joined #vserver 16:58:20>> Doener is now known as identify 16:58:29>> identify is now known as Doener 16:58:46< Doener> oops 17:06:58>> chaosle [~yvan@port-212-202-168-55.dynamic.qsc.de] has left #vserver [Leaving] 17:15:31>> lexo [~franck@62.240.242.34] has quit [Quit: User pushed the X - because it's Xtra, baby] 17:28:31>> mhepp [~mhepp@r72s22p13.home.nbox.cz] has quit [Remote host closed the connection] 17:44:17>> netrose [netrose@24.207.228.55] has quit [Quit: ] 17:58:34>> shuri [~shushushu@cpu183.adsl.qc.bellglobal.com] has quit [Read error: Connection reset by peer] 18:36:09>> rs [rs@ice.aspic.com] has quit [Quit: home] 18:44:49>> mids [mids@mids.student.utwente.nl] has left #vserver [] 19:49:42>> mids [mids@mids.student.utwente.nl] has joined #vserver 20:03:18>> taxcollector [~taxcollec@192.16.167.161] has joined #vserver 20:08:40>> Khahan [~Filbert@D5E0628B.kabel.telenet.be] has joined #vserver 20:09:36>> Apollo [~throwaway@caracal.norcomcable.ca] has joined #vserver 20:17:32>> Filther [Filther@82.131.182.187] has joined #vserver 20:17:33< Filther> hi 20:17:52< taxcollector> Howdy 20:18:14< Filther> is Bertl here? 20:18:42< taxcollector> He is offline, indicated by the _oO suffix to his nickname 20:19:03< Filther> hmm... 20:19:05< Filther> :) 20:19:55< Filther> why is it that I cannot stop a vserver using vserver v_name stop? 20:20:11< Filther> it says I don't have permission to change to the context of the vserver 20:20:40< Filther> but, only if I try to enter a 'used' context (which a vserver uses) 20:21:28< Filther> there's also a /dev/pty/1, and /dev/pty/5 file that I cannot delete from the vserver 20:22:08< taxcollector> Are you trying to stop the vserver using the root account on the host? 20:22:26< Filther> yes, the root account on the server that runs the vservers 20:22:49< Filther> and it worked before.. but suddenly, all got messed up :/ 20:24:26< taxcollector> Unfortunately, I can not be of any help. I am somewhat of a vserver newb. 20:27:11< Filther> I've started another vserver now, and I can shut that down easily 20:27:19< Filther> seems like something sucks in the running ones :P 20:29:11>> loger [~loger@213.159.118.2] has quit [Read error: Connection reset by peer] 20:30:24>> loger [~loger@213.159.118.2] has joined #vserver 20:38:20< Filther> alright, I've rebooted the main server... 20:38:21< Filther> :( 20:38:31< Filther> it was online for 90 days now 20:38:32< Filther> :) 20:40:20< taxcollector> :) 20:40:44< Filther> that's since the beginning of its first launch :P 20:41:14< Filther> hmm.. the reboot was successful 20:41:19< Filther> now that's a surprise! :) 20:41:40< Filther> I'd never thought I've edited the config files properly ;) 20:44:36< Filther> alright, that's all 20:44:38< Filther> byebye! 20:44:39>> Filther [Filther@82.131.182.187] has quit [Quit: Leaving] 20:51:37>> monrad [~monrad@213083190237.sonofon.dk] has joined #vserver --- Log closed ¶ro maj 05 20:57:44 2004 --- Log opened ¶ro maj 05 20:57:46 2004 20:57:46>> albeiro [albeiro@linux.gentoo.pl] has joined #vserver 20:57:46>> Irssi: #vserver: Total of 36 nicks [0 ops, 0 halfops, 0 voices, 36 normal] 20:57:55>> Khahan [~Filbert@D5E0628B.kabel.telenet.be] has joined #vserver 20:57:59>> Nesh [~dmistry@su-nat.datapipe.net] has joined #vserver 20:57:59>> no_maam [~erik@datenzone.de] has joined #vserver 20:57:59>> UFOczek [ufoczek@hood.openbug.net] has joined #vserver 20:57:59>> ensc [~ircensc@ultra.csn.tu-chemnitz.de] has joined #vserver 20:58:04>> Irssi: Join to #vserver was synced in 18 secs 20:58:05>> monrad [~monrad@213083190237.sonofon.dk] has joined #vserver 20:59:03>> UFOczek is now known as Guest268 20:59:08>> loger [~loger@213.159.118.2] has joined #vserver 21:00:14>> Guest268 is now known as UFOczek 21:01:15>> UFOczek is now known as Guest270 21:02:26>> Guest270 is now known as UFOczek 21:03:29>> UFOczek is now known as Guest271 21:04:38>> Guest271 is now known as UFOczek 21:05:41>> UFOczek is now known as Guest272 21:06:50>> Guest272 is now known as UFOczek 21:07:50>> UFOczek is now known as Guest273 21:08:06>> no_maam [~erik@datenzone.de] has left #vserver [] 21:09:03>> Guest273 is now known as UFOczek 21:10:04>> UFOczek is now known as Guest274 21:11:15>> Guest274 is now known as UFOczek 21:12:15>> UFOczek is now known as Guest276 21:13:27>> Guest276 is now known as UFOczek 21:14:28>> UFOczek is now known as Guest277 21:15:39>> Guest277 is now known as UFOczek 21:16:41>> UFOczek is now known as Guest279 21:17:51>> Guest279 is now known as UFOczek 21:18:54>> UFOczek is now known as Guest280 21:20:03>> Guest280 is now known as UFOczek 21:21:03>> UFOczek is now known as Guest281 21:22:16>> Guest281 is now known as UFOczek 21:23:15>> UFOczek is now known as Guest282 21:24:16>> Guest282 is now known as UFOczek 21:25:18>> UFOczek is now known as Guest283 21:26:28>> Guest283 is now known as UFOczek 21:27:33>> UFOczek is now known as Guest284 21:27:51< mids> Guest284: would you mind stopping that? 21:28:40>> Guest284 is now known as UFOczek 21:29:45>> UFOczek is now known as Guest285 21:30:43< eyck> yeah, typical behaviour for slackware user, yuck. 21:30:52>> Guest285 is now known as UFOczek 21:31:56>> UFOczek is now known as Guest286 21:33:04>> Guest286 is now known as UFOczek 21:34:08>> UFOczek is now known as Guest287 21:35:16>> Guest287 is now known as UFOczek 21:36:17>> UFOczek is now known as Guest288 21:37:28>> Guest288 is now known as UFOczek 21:38:28>> UFOczek is now known as Guest289 21:39:40>> Guest289 is now known as UFOczek 21:39:47< broo> a macro that goes off every minute? 21:40:37>> lexo_ [~LeXo@lns-th2-4f-81-56-252-185.adsl.proxad.net] has joined #vserver 21:40:41>> UFOczek is now known as Guest290 21:41:26>> taxcollector is now known as taxcollector_oO 21:41:52>> Guest290 is now known as UFOczek 21:42:53>> UFOczek is now known as Guest291 21:43:04>> taxcollector_oO [~taxcollec@192.16.167.161] has quit [Remote host closed the connection] 21:43:20 * hiaslboy slaps Guest291 around with a small 50lb Unix Manual 21:44:05>> Guest291 is now known as UFOczek 21:45:05>> UFOczek is now known as Guest292 21:46:17>> Guest292 is now known as UFOczek 21:47:01>> franck [~LeXo@lns-th2-4f-81-56-252-185.adsl.proxad.net] has quit [Ping timeout: 480 seconds] 21:47:18>> UFOczek is now known as Guest293 21:48:29>> Guest293 is now known as UFOczek 21:48:59< Doener> UFOczek: please stop it! 21:49:33>> UFOczek is now known as Guest294 21:50:40< hiaslboy> Doener: I believe that is a script and nothing else ... it is only worth if u are the admin to kick him of the list ... 21:50:41>> Guest294 is now known as UFOczek 21:51:00< albeiro> kick it somebody ! 21:51:09>> lexo_ is now known as franck 21:51:42< Doener> hiaslboy: just wanted to try out if he notices when i use UFOczek instead of Guest### 21:51:46>> UFOczek is now known as Guest295 21:52:16< Doener> albeiro: feel free to ignore him ;) 21:52:50< albeiro> Doener: for sure, but you know, for such a behaving he/it should have been kicked 21:52:53>> Guest295 is now known as UFOczek 21:53:55>> UFOczek is now known as Guest296 21:54:15< Doener> Bertl once had (half-)op in here, but i guess he had his reasons for giving it up... now everyone's equally powerless *g* 21:55:05>> Guest296 is now known as UFOczek 21:55:14< albeiro> Doener: heh, few weeks ago this channel was open for everyone, i made a mistake op-ing me on another channel, and gain op here ;) 21:55:38>> gilbert [gilbert@208-186-222-203.nrp4.brv.mn.frontiernet.net] has joined #vserver 21:55:40< albeiro> btw - he is doing the same on wolk also 21:55:47< gilbert> hello 21:56:05>> UFOczek is now known as Guest297 21:56:05< albeiro> Doener: who is from stff on oftc ? 21:56:05< gilbert> hello world :) 21:56:13< albeiro> stuff even 21:56:15< Doener> hi gilbert 21:56:38< gilbert> holy cow the computer spoke back to me 21:56:40< gilbert> ;) 21:56:43< Doener> albeiro: dunno, this is the only channel on oftc i know ;) 21:56:51< mids> mcp did register the channel 21:56:53>> anonymouscoward [~nwalsh@shaggy.internode.com.au] has quit [Ping timeout: 480 seconds] 21:56:58< mids> he for sure can get ops 21:57:17>> Guest297 is now known as UFOczek 21:57:20< albeiro> he is away probably 21:57:23< albeiro> f* 21:57:30< albeiro> i will find someone from stuff 21:57:41< gilbert> i'm still having troulbe and was woundering if someone would help me with the network configuration 21:58:20>> UFOczek is now known as Guest298 21:59:30>> Guest298 is now known as UFOczek 21:59:46< gilbert> anyone know anything about the newserver command 22:00:31>> UFOczek is now known as Guest299 22:00:41< Guest299> sorry for that 22:00:56< albeiro> Guest299: you are dead 22:01:06< Guest299> yup 22:01:06< Guest299> sorry 22:01:07< Guest299> :D 22:01:10< mids> gilbert: I use the debian-newvserver.sh script 22:01:19< gilbert> ok thanks 22:01:24< albeiro> Guest299: what it was ? 22:01:27>> Guest299 is now known as UFOczek 22:01:30< gilbert> ill look into that 22:01:37< gilbert> i have a redhat 9 server 22:01:39< albeiro> UFOczek: stop it now 22:01:44< UFOczek> sorry sorry 22:01:51< mids> /ignore *!ufoczek@hood.openbug.net 22:01:55< UFOczek> :-P 22:01:56< mids> that helps on most decent irc client 22:01:58< mids> problem solved 22:02:00< albeiro> heh 22:02:07< UFOczek> i didn't loaded my services script 22:02:46< UFOczek> so it didn't identify me automatly 22:25:56>> Bertl_oO is now known as Bertl 22:26:08< Bertl> evening everyone! 22:26:17< UFOczek> Hi Bertl ! 22:27:11< Doener> Hi Bertl 22:27:16< Bertl> what's up? 22:28:31< UFOczek> nothing... still waiting for new version of -wolk with vserver included ;) 22:28:57>> taxcollector [~taxcollec@192.16.167.161] has joined #vserver 22:29:01< hiaslboy> Filther needed some help from you, but solved it with reboot after not getting help 22:34:03< Bertl> hmm, okay, anybody tested 0.29.4 with vs1.27 and enter? 22:36:53>> boCKY`love`Dani [~Bowo@p5088D732.dip0.t-ipconnect.de] has joined #vserver 22:37:27< Bertl> hi boCKY who is Dani? 22:37:36< boCKY`love`Dani> huhu :) 22:37:47< boCKY`love`Dani> she is a very n1 girl :D 22:38:20< boCKY`love`Dani> why do you ask? 22:39:15< Bertl> because I'm curious! 22:39:38< boCKY`love`Dani> k 22:39:44< boCKY`love`Dani> << german boy ;\ 22:40:32< Bertl> hmm, well and Dani does or doesn't IRC? 22:41:41< boCKY`love`Dani> mhhh... i woulp like to say, she is tu stupid 4 irc :) 22:42:58< taxcollector> Strong words boCKY. :) 22:43:18< boCKY`love`Dani> sry *wein* 22:43:45< boCKY`love`Dani> www.bocky.org <<< this is my page :P 22:43:58< Doener> i wonder if one can really be too stupid for irc? 22:44:06< Doener> s/\?// 22:44:07< Bertl> hmm, and it show pictures of Dani? 22:44:12< Bertl> +s 22:44:41< boCKY`love`Dani> no, because sie will es net :) 22:45:41< Bertl> so you are in love with a stupid girl (your words) and want us to have a look at your page, with no photos of her? 22:46:03< boCKY`love`Dani> lol. one moment 22:46:24>> nalfein [~gaertner@212.68.83.129] has quit [Quit: Serverwechsel] 22:49:18< boCKY`love`Dani> she is a girl, which not know irc! 22:50:39< boCKY`love`Dani> ist vera heavy to talk with you, because im a bad english-boy 22:51:57< Bertl> ah okay, so she isn't too stupid for IRC, right? 22:52:26< boCKY`love`Dani> right right! 22:52:44< boCKY`love`Dani> Bertl: you are from? 22:52:47< Bertl> and she is with you now? 22:53:20< boCKY`love`Dani> no, she is @ home :) 22:54:48< Bertl> ah, that's why you are on IRC, right? 22:55:00< boCKY`love`Dani> jo jo 22:55:05< boCKY`love`Dani> im alone 22:56:58< Bertl> hmm, and what is your relation to linux-vserver? 22:57:29< boCKY`love`Dani> by chance 22:57:59< Bertl> hmm, so you found this channel, and thought to yourself, let's talk a little about .. ? 22:58:16< boCKY`love`Dani> ./list ... 22:58:30< taxcollector> Bertl: Sorry for the interruption, but when you say "bucket of a certain 22:58:31< taxcollector> size S which is filled with a specified amount 22:58:31< taxcollector> of tokens R each interval T, until a maximum 22:58:31< taxcollector> M is reached" .... 22:58:47< Bertl> then this is stupid! 22:58:47< taxcollector> Doesn't M == S? 22:59:11< Bertl> yeah, obviously I lost the flow somewhere in the sentence ... 22:59:32< Bertl> I wondered why M was already used, as I wanted to use it for the Minimum ... 22:59:41< taxcollector> OK 22:59:51< Doener> hehe 23:00:02< boCKY`love`Dani> http://linux-vserver.org/ <<< what is it? 23:00:06< boCKY`love`Dani> webhosting`? 23:00:13< Bertl> no, much cooler! 23:00:18< boCKY`love`Dani> hihi :P 23:00:28< boCKY`love`Dani> tell me more! 23:00:40< Bertl> you know what chroot() is? 23:02:35< boCKY`love`Dani> jap! 23:02:44< Bertl> will be a little busy the next few hours ... 23:03:01>> Bertl is now known as Bertl_Radio 23:03:14< boCKY`love`Dani> im a supporter 4 shell- and webhosting :) 23:05:00>> Apollo [~throwaway@caracal.norcomcable.ca] has quit [Quit: ] 23:07:23< boCKY`love`Dani> tschö mit ö or cya :D 23:07:29< boCKY`love`Dani> g n8 23:07:33>> boCKY`love`Dani [~Bowo@p5088D732.dip0.t-ipconnect.de] has quit [Quit: ] 23:10:34< Doener> Bertl_Radio: you're on air? or just listening? 23:11:04< Bertl_Radio> not yet, but soon ... 23:11:12< Bertl_Radio> (on air ;) 23:11:52< Bertl_Radio> http://c-radar.ccc.de:8000/icy_0.ogg 23:21:21>> Napalm [~napalm@host81-7-22-112.adsl.v21.co.uk] has joined #vserver 23:21:26< Napalm> hello everyone 23:21:32< Bertl_Radio> hi Napalm! 23:21:36< Napalm> sorry im on late this evening 23:21:56< Napalm> ive found a new problem, im sure your going to hate me bert 23:21:59< Napalm> ;) 23:22:14< Bertl_Radio> I really doubt this ... 23:23:15< Napalm> http://www.vhd.org.uk/vserver-start-log.txt 23:23:24< Doener> hehem firefox tries to download the stream before handing it over to mplayer... 23:23:29< Doener> s/m/,/ 23:23:41< Bertl_Radio> Napalm: ah, that is an old one ... and not even vserver related ;) 23:23:48< Napalm> really, oh 23:24:07 * Napalm cowers down feeling very silly 23:24:09< Bertl_Radio> yeah, somewhere around 2.4.22 they changed the kernel interface for ulimits 23:24:28< Bertl_Radio> you have to use -HS now instead of -H in your config ... 23:26:53< Napalm> Bert: thats really wierd, it seems my orginal config files had the HS where the new one i made vds01 did'nt have that by default, i will check the newvserver.defaults file 23:27:32< Bertl_Radio> probably the defaults are still wrong 23:27:59< Napalm> there is no section on the defaults conf for it, i will note it down as a comment 23:28:23< Bertl_Radio> maybe even post something to the mailinglist ... 23:33:22< Doener> Bertl_Radio: could you announce when you're actually on air? the current track does not really match my taste of music... 23:33:38< Bertl_Radio> probably a few minutes ... 23:33:59< Napalm> hey Doener 23:34:01< Bertl_Radio> they are working on the technical issues ... 23:34:13< Doener> Hi Napalm 23:34:50< Napalm> should i check the IRC logs, is there anything ive missed? 23:35:09< Doener> 23:10:33 Bertl_Radio: you're on air? or just listening? 23:35:09< Doener> 23:11:04 not yet, but soon ... 23:35:09< Doener> 23:11:11 (on air ;) 23:35:09< Doener> 23:11:52 http://c-radar.ccc.de:8000/icy_0.ogg 23:35:32< Napalm> mp3 stream? 23:35:38< Bertl_Radio> ogg ... 23:35:44< Bertl_Radio> (german) 23:35:57< Napalm> im english 23:36:00< Napalm> :s 23:37:43< taxcollector> Shouldn't babelfish have an audio language translator by now? :) 23:37:59< Napalm> lol 23:38:42< Napalm> hey taxcollectori made a php ouput handler that uses babelfish to translate into different languages, ps mysql caching aswell 23:39:41< taxcollector> Cool 23:39:49>> Bertl_Radio is now known as Bertl_OnAir 23:39:55>> nalfein [~gaertner@212.68.83.129] has joined #vserver 23:40:13< Napalm> does anyone know for what reason i would be getting failed messages while trying to stop a vserver 23:40:30< Napalm> everything states it starts ok 23:40:54< Napalm> http://www.vhd.org.uk/vserver-stop-log2.txt 23:43:35< Doener> that the kernel logger fails to stop seems logical to me... did you check the logs regarding the sshd failure? 23:44:16< Doener> btw: no sense in html tags when using txt as suffix ;) results in wrong mime type 23:44:39< Napalm> lol, its the time of night 23:44:56< Napalm> damn that makes me look like a idiot 23:45:32< Napalm> :) new channel comment: Napalm the Idiot cant figure out the difference between txt and html 23:46:09< Doener> well, i don't care much ;) 23:47:53< Doener> Napalm: i'm bad at searching today... could you give me an url to newvserver? 23:48:43< Napalm> Doener: URL to which utils rpms? 23:49:15< Doener> is it in the utils package? i can't find it on the box i'm logged onto... 23:49:29< Napalm> yep 23:49:42< Doener> which version? 23:49:56< Napalm> what kernel patch are you using? 23:50:39< Doener> 1.27 + util-vserver 0.29.4(source) and there's no newvserver ... 23:51:13>> serving [~serving@213.186.189.95] has quit [Read error: Connection reset by peer] 23:51:28< Napalm> are you using RH? if so what version because im compiled RPMS for RH9 23:52:06< Napalm> http://www.linux-vserver.org/index.php?page=Vserver+Utils+0.29.4-0+RH9+RPMs 23:52:16< Doener> all boxes are running debian... i don't need the script apart from the fact that i wanted to look into the ulimit issue ;) 23:52:48< Napalm> well the source bzip is http://www.13thfloor.at/vserver/s_release/v1.27/util-vserver-0.29.4.tar.bz2 23:53:48< Napalm> i compiled the bzip straight to rpm so the newvserver code must be in there 23:54:24< Napalm> its a shell script for use with shellmod 23:55:32< Napalm> heres one for you Doener 23:56:04< Napalm> on starting that same vserver i have filed messages with i get an apache error 23:56:05< Napalm> Starting httpd: (98)Address already in use: make_sock: could not bind to address 192.168.0.54:80 no listening sockets available, shutting down 23:56:17< Doener> ah, i need to enabled it with configure... 23:56:38< Doener> that's probably cause the httpd in the host bound itself to 0.0.0.0 23:56:55< Doener> netstat -plunt will tell you if i'm right ;) 23:56:58< Napalm> it was 0.0.0.0:80 so im thinking that it was because of of that so i changed it to the vserver ip 23:57:36< Doener> just inside the vserver? 23:58:10< Napalm> host is running httpd bound to 0.0.0.0:80 i suppose i can bind the host to its ip 23:58:19< Doener> you basically just need to change it in the host, the vserver can't 'steal' ports away from other vservers as long as you don't do ip address sharing between vservers 23:58:31< Napalm> but does'nt that still mean all the vservers will have this problem as soon as one has bound to 0.0.0.0:80 23:58:43< Napalm> ahh 23:58:49< Napalm> thx ;) your a star 23:59:01< Napalm> im really starting to get the hang of vserver now 23:59:57< Doener> IIRC a vserver that tries to bind to 0.0.0.0 will be bound to the its first assigned ip address... but that may already have changed, last time i had a look at the code was around 1.21 or something --- Log closed czw maj 06 00:00:05 2004