--- Log opened pi± maj 07 00:00:32 2004 00:03:55< Napalm> lo anyone around? 00:05:47< taxcollector> I am, not that I will likely be of much help. 00:06:30< Napalm> i think you can be 00:07:08< Napalm> I have been assigned 3 IPs to this server, but the subnet maski does'nt seem right to me 00:07:15< taxcollector> Let's see 00:07:45< Napalm> heres the current setup: x.x.x.250-252 but the subnet mask on the host machines eth0 adapter is 255.255.255.0 00:08:25< taxcollector> That is fine 00:08:31< taxcollector> There are other IPs on your subnet 00:08:36< taxcollector> just not allocated to you. 00:09:27< Napalm> so if i assign them to the vservers then they should work? 00:10:23< taxcollector> I don't see why they wouldn't 00:10:39< Napalm> hmm this is strange the box has'nt got shellmod on it 00:13:20>> Bertl_zZ is now known as Bertl 00:13:26< Bertl> ahh ... much better ... 00:13:50< Napalm> wb Bert 00:14:01< Bertl> hi Napalm! hi taxcollector! 00:14:12< taxcollector> Howdy 00:14:15< Napalm> Bert: do you know where abouts you get shellmod? 00:14:27< Bertl> isn't it part of the linuxconfig package? 00:14:49< Napalm> thats what i ghout 00:14:51< Napalm> thought 00:14:56< Napalm> i think the system needs updating 00:15:13< Napalm> Bert: i installed somthing like apt-get or something to update my rh9 system before, is that the right name? 00:15:14< Bertl> well, IIRC the only script which requires the shellmod is the newvserver, right? 00:16:48< Bertl> taxcollector: again many thanks for proof reading ... 00:16:59< taxcollector> You're welcome 00:17:42< Napalm> anyone used 'yum' before? 00:18:04< Bertl> .oO( sounds yummy ;) 00:18:37< Napalm> :) heh 00:18:50< Napalm> http://apt.freshrpms.net/ 00:23:05>> monrad [~monrad@213083190243.sonofon.dk] has quit [Quit: Leaving] 00:24:02< Napalm> Bert: just as a note APT is an update system for linux, you can even install it on the vservers and run it via 'vserver xXx shexec apt-get update; vserver xXx shexec apt-get upgrade' 00:24:31< Napalm> it will update all RPMs where nessacery 00:24:34< Napalm> :) 00:25:08< Napalm> ps. it seems that APT also works for Debian 00:25:37< Napalm> Debian APT link: http://www.apt-get.org/ 00:26:53< Bertl> *hehe* 00:27:06< Napalm> Advanced Package Tool 00:27:09< Bertl> Napalm: apt-get is _the_ debian tool 00:27:19< Napalm> i know theres a release for RH9 00:27:20< Bertl> besides dpkg ... 00:27:51< Bertl> and I know apt-get-rpm (the one you are talking about) but I prefer urpmi ;) 00:28:20< Napalm> :P ;) 00:30:50< Bertl> taxcollector: may I ask you a few questions regarding the paper? 00:31:00< taxcollector> Sure 00:31:25< Bertl> - There are several kinds of Virtual Machines (VMs) which are 00:31:26< Bertl> - providing similar features and which only differ in the 00:31:26< Bertl> + There are several kinds of Virtual Machines (VMs) which 00:31:26< Bertl> + provide similar features, but differ in the 00:31:26< Bertl> degree of abstraction and the methods used for virtualization. 00:31:34< Bertl> what about: 00:32:18< Bertl> There are several kinds of Virtual Machines (VMs), 00:32:18< Bertl> providing similar features, only differing in the 00:32:19< Bertl> degree of abstraction and the methods used for virtualization. 00:32:40< Bertl> ? 00:34:13< taxcollector> Going over different word patterns... 00:34:40< taxcollector> Nothing exactly wrong with what you wrote, it just isn't usual word phrasing 00:35:00< taxcollector> s/, providing/that provide 00:35:36< Bertl> okay, I'm trying to understand the semantical difference (if any) between them ... because 00:35:49< taxcollector> no difference 00:35:58< taxcollector> just one is more "natural" than the other 00:36:03< taxcollector> If you want to use "providing" 00:36:10< Bertl> for me, There are several kinds of Virtual Machines (VMs) which provide similar features, but differ in the degree of abstraction ... 00:36:20< Napalm> brb 00:36:42< Bertl> means that each VM provides similar features, but is different in the degree of abstraction ... 00:37:35< Bertl> where "There are several kinds of Virtual Machines (VMs), providing similar features, only differing in the degree of abstraction and the methods used for virtualization." means that they might be equal in the degree or method too ... 00:37:55< Bertl> so something like "at most differing in ..." 00:38:26< taxcollector> so you mean "degree of abstraction and/or the methods used for virtualization"? 00:39:03< Bertl> well, I mean, if they differ at all, then they 'just' differ in the degree of abstraction or the method used ;) 00:39:29< taxcollector> OK; let me re-read the different versions of the sentences a couple more times. ;) 00:40:34< Bertl> and you are right, 'basically' is basically my favorite word :( 00:42:39< taxcollector> There are several kinds of Virtual Machines (VMs) which provide similar features, but may differ in the degree of abstraction and the methods used for virtualization. 00:42:42< taxcollector> ? 00:43:04< Bertl> ah, yeah, that's what I was searching for ... 00:43:09< taxcollector> If you want to use the "providing" variant... 00:43:16< taxcollector> you would say something like... 00:43:38< taxcollector> "serveral kinds of VMs, each providing" 00:44:00< taxcollector> The word "each" makes the sentence more natural 00:44:24< taxcollector> I don't know the techical English language term to describe it however ;) 00:44:27< Bertl> okay, I think I understand ... 00:44:47< Bertl> another one: 00:44:53< Bertl> - This usually requires a great deal of administrative work 00:44:53< Bertl> + This typically requires a great deal of administrative work 00:44:53< Bertl> which usually reduces overall stability and security. 00:45:27< Bertl> is the typically just because of the word repetition, or is there another reason for _not_ using usually in the first part of the sentence? 00:45:29< taxcollector> Usually :) you don't want to overuse words in a sentence 00:45:42< taxcollector> Word repetition 00:45:56< Bertl> okay, thanks, thought so, just wanted to make sure ;) 00:46:21< taxcollector> In that particular case you could probably leave it 00:46:40< taxcollector> Repeating the word "usually" might give it more ephasis or something 00:46:54< taxcollector> Or sound better 00:47:33< Bertl> funny detail (info for you): one of the most problematic words for me is the german 'Paket' which translates to both package and packet, meanine quite something different ;) 00:48:05< taxcollector> :) 00:48:41< taxcollector> You did a good job regarding that in this paper at least 00:49:05< Bertl> yeah, that one I know, so I try to avoid it ;) 00:49:27< Bertl> another one: 00:49:29< Bertl> - Distributions are not tied to a special kernel, but they 00:49:29< Bertl> - bring their own set of tools, and applications. 00:49:29< Bertl> + Distributions are not tied to a special kernel. 00:49:29< Bertl> + Nevertheless they will bring their own set of tools and applications 00:49:38< taxcollector> OK 00:49:44< Bertl> (note: I added the last line, it's not part of your corrections) 00:50:07< Bertl> and a period is missing ;) 00:50:52< Bertl> maybe a hyphen would be a good thing here? 00:51:19< Bertl> or how do you call the 'dash' used to separate thoughts? 00:51:28< taxcollector> em-dash 00:51:33< taxcollector> the --- 00:51:38< taxcollector> no, just -- 00:51:39< taxcollector> sorry 00:51:58< Bertl> actually -- = en-dash and --- = em-dash, right? 00:52:17< Bertl> where en-dash is used in separating digits ... 00:52:26< taxcollector> You are correct 00:52:34 * Bertl *strike!* 00:52:38< taxcollector> :) 00:53:00< Bertl> okay, so would: 00:53:05< taxcollector> Usually I don't write em-dashes in ASCII though :) 00:53:11< Bertl> Distributions are not tied to a special kernel - nevertheless 00:53:12< taxcollector> Your change is good 00:53:18< Bertl> they will bring their own set of tools and applications. 00:53:24< taxcollector> Actually forget the dash 00:53:26< Bertl> be acceptable? 00:53:28< taxcollector> Separate sentences is fine 00:53:33< Bertl> okay, good ... 00:53:35< taxcollector> but put comma after NEvertheless 00:53:45< Bertl> ah yeah ... 00:54:17< Bertl> that brings me to the capitalization ... 00:54:57< Bertl> I never understood the principles of english capitalization, I know, there are some words which require to be capitalized (like God and I) 00:55:05< taxcollector> and English :) 00:55:13< Medivh> hi ;) 00:55:18< Bertl> hi Medivh! 00:55:30< Bertl> hmm, so it would be English capitalization then ;) 00:55:51< taxcollector> in irc anything goes 00:56:01< Medivh> taxcollector, I take it you're a native speaker? ;) 00:56:07< taxcollector> Yes 00:56:30< Bertl> okay, so I started to capitalize words and groups of words meaning something special ... like Linux Virtual Server ;) 00:56:39< taxcollector> Right, I noticed that. 00:56:44< taxcollector> That was OK. 00:57:07< Bertl> now I get soon into hells kitchen when I do that with Linux Kernel for example ... 00:57:14< taxcollector> You are free to make up your own convention; you just have to be consisent. Let's see if I can find an example 00:57:24< taxcollector> Yeah, that was one I wasn't sure about 00:58:36< taxcollector> "contexts" was one where that might be one or two instances that need to be changed 00:59:03< taxcollector> 'Spectator' context vs Host Context 00:59:10< Bertl> okay, so if I choose my set of 'capitalized' words, and I stick to it, it's probably okay, right? 00:59:15< taxcollector> For sure. 00:59:33< Bertl> okay, another general question: regarding quoting 01:01:12< Bertl> I'm not entirely sure how single and double quotes are used ... my impression was that single quotes somehow abstract and emphasise a word .. where double quotes are more the typical quoting use for phrases ... 01:01:28< taxcollector> Depends on where you are from 01:01:36< Bertl> uh-oh! 01:01:40< taxcollector> Americans do it differently from English 01:01:54< Bertl> okay, please elaborate on that ... 01:01:56< taxcollector> You can just choose one 01:02:21< taxcollector> If I used double-quotes instead of singles in my modifications, that wasn't deliberate 01:02:42< taxcollector> And even different Americans do it differently 01:03:05< Medivh> Bertl, someone should prolly also check the document for AE/BE consistency ... pretty tricky sometimes 01:03:06< taxcollector> There is your quote philosopy 01:03:20< Medivh> for example, [00:53:56] that brings me to the capitalization ... <--- capitalization = AE, capitalisation = BE ;) 01:03:50< Bertl> yeah, thanks, but I guess ispell is here very british, isn't it? 01:04:04< Bertl> eh, I mean British of course ;) 01:04:09< taxcollector> True 01:04:16< Medivh> actually never used ispell, so not sure about that ;) 01:04:40< taxcollector> I guess that is something else you have to decide and just be consistent 01:04:42< Bertl> actually you can choose the library, but IIRC I installed the British one ... 01:05:24< Bertl> but you are right, this has to be checked too ... 01:06:06< Bertl> taxcollector: still time for some more questions? 01:06:10< taxcollector> For sure 01:06:13< Napalm> back 01:06:18< Bertl> hi Napalm! 01:06:23< Napalm> wow, alots been going on while ive been away 01:06:45< Bertl> yeah, taxcollector is so kind to teach me native English! 01:06:56< taxcollector> Native American at least. :) 01:07:01< Napalm> heh 01:07:06< Napalm> U.S. English 01:07:10< Napalm> ;) 01:07:13< Bertl> well, that is supposed to be 'some' kind of English at least ;) 01:07:29< Napalm> center or centre, color or colour ;) 01:07:59< Bertl> I say potato and you say potato ... *didl dum* 01:08:05< taxcollector> labeled or labelled, theatre or theater, cheque or check 01:08:16< Napalm> path or sidewalk 01:08:23< Bertl> pavement it is! 01:08:30< Napalm> hahahah :) 01:09:02< Napalm> who thought english was the easiest language to learn 01:09:02< Bertl> okay taxcollector: which/that ... 01:09:25< Bertl> Recent Linux Kernels already provide many security features which/that ... 01:09:40< Bertl> both possible, or is 'which' just bad here ... 01:10:03< taxcollector> Both possible, neither bad 01:10:05< Napalm> Bert: btw, thx again its all compiled and complete now and all written down on paper now to transfer to the Wiki 01:10:17< taxcollector> Let me look that one up again 01:10:39< Bertl> Napalm: ah great .. let me know when you are done, I'll have a look at it (regarding contents) 01:11:07< albeiro> any link ? 01:11:24< Bertl> for what exactly? 01:11:25< Napalm> Bert: will do. shall i make a small tutorial about RH9 and some links to APT so on so that there is a small section on RH9 01:12:10< taxcollector> which vs that is another big debate 01:12:17< Napalm> Bert: when i upgrade to Fedora i can write that up aswell, this way it helps everyone 01:12:30< taxcollector> In the places where I changed it, one sounded more like the way I would say it 01:12:33< Bertl> no problem with that, maybe you should also have a look at enricos work regarding this, as he uses the apt-get for hist alpha tools ... 01:12:38< taxcollector> which is not necessarily how someone else would say it 01:12:51< Bertl> taxcollector: okay, no problem with that, was just curious ... 01:12:53< taxcollector> In the spirit of changing as little as possible I probalby shouldn't have done it as much as I did 01:13:18< taxcollector> Some of them are probably remnants of changes I made, then reversed, but didn't reverse completely. 01:13:53< taxcollector> http://groups.google.com/groups?q=g:thl3704762235d&dq=&hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=1992Jul3.202052.8811%40cco.caltech.edu 01:14:07< taxcollector> This person has a good explanation of which vs that 01:15:14< Bertl> ah, okay, sounds good to me ... 01:16:07< Bertl> next one: 01:16:08< Bertl> /usr/include/linux/capability.h on most Linux systems, an 01:16:08< Bertl> - overview of "considered important" capabilities is given here. 01:16:08< Bertl> + overview of important capabilities is given here. 01:16:38< taxcollector> Using "considered" as an adjective that way is not quite right 01:16:38< Bertl> I added the "considered important" part here, because it's a matter of priorization ... IMHO 01:17:02< Bertl> well some CAPs might be important to me, but not to the reader ;) 01:17:10< Bertl> how would I express that? 01:17:14< taxcollector> The quotes around them make it like you are being sarcastic :) 01:17:33< Bertl> okay ... that's not the intention, so what are the alternatives? 01:17:45< taxcollector> In the paper you are writing everything from your perspective 01:18:02< Bertl> so no need to even mention it? 01:18:03< taxcollector> that's why you generally don't say "In my opinon..." 01:18:15< taxcollector> I don't think you need to 01:18:21< Bertl> okay, I can live with that ... 01:18:34< taxcollector> If you want to emphasize that these are important for Linux-VServer you can say that 01:18:57< taxcollector> or substitute important with relevant 01:19:10< Bertl> I see, but that's not really the case here, os leaving it out, is probably fine ... 01:19:15< Napalm> Bert: if i install the decicated box as mydomain.com/ns1.mydomain.com, can the vservers be serverX.mydomain.com if so the S_HOSTNAME should be serverX or the full domain name 01:19:53< taxcollector> another change I didn't catch in that sentence... 01:20:02< taxcollector> oops never mind 01:20:17< Bertl> the fully qualified name is normally used for domainname, and not for the hostname ... 01:20:51< Bertl> so I'd just use serverX for the S_HOSTNAME, but it should work with the FQ-named too ... 01:21:46< Bertl> taxcollector: and another one: (let me know when you get tired ;) 01:21:58< taxcollector> I am here to serve :) 01:22:04< Bertl> .. File Attributes that can be toggled .. 01:22:14< taxcollector> ah...that was a funny one 01:22:16 * Bertl .oO( strong words! ) 01:22:44< Bertl> I'm not convinced that toggle is the correct one here? 01:23:11< taxcollector> It is somewhat informal; I kinda struggled with that one 01:23:13< Bertl> the interface doesn't know anything about toggling attributes ... it can set or clear an attribute like a flag 01:23:36< taxcollector> That's what toggling means 01:23:39< Bertl> actually it is implemented as a flagword so, it is a flag ... 01:23:45< taxcollector> Like a light switch 01:24:12< Bertl> for me toggle means 'change' from one state to the other ... with a 'single' action 01:24:35< Bertl> but you can for example set a flag, when it is already set ... 01:24:46< Bertl> where toggling would clear it ... 01:25:00< taxcollector> just a sec 01:25:41< Napalm> Bert: thx again ;) 01:25:51< Bertl> you're welcome ... have fun! 01:28:31< taxcollector> here is a better revision 01:28:44< taxcollector> basic set of File Attributes that permit certain properties to be changed. 01:28:57< taxcollector> s/permit/allow as you which 01:29:01< taxcollector> er, as you wish 01:30:14< Bertl> okay ... that sound good to me .. 01:30:49< Bertl> next: 01:30:50< Bertl> + To simplify administration, 01:30:50< Bertl> + the Host Context 01:30:50< Bertl> + is treated like the other contexts as far as process isolation is concerned. 01:31:05< Bertl> what about the following: 01:32:06< taxcollector> The thing that bugged me about that paragraph was there was anything simultaneous. 01:32:15< Bertl> + To simplify administration, the Host Context isn't treated 01:32:15< Bertl> + any differently from any other context, as far as process isolation is concerned. 01:32:28< Bertl> or something along this path ... 01:32:43< taxcollector> That is better than mine 01:33:03< Bertl> or should this be 'than' instead of 'from'? 01:33:46< taxcollector> than is better 01:34:19< taxcollector> remove comma after context too 01:34:32< taxcollector> causes unecessary pause in this case 01:34:36< Bertl> okay, so it would read like this: 01:34:46< Bertl> + To simplify administration, the Host Context isn't treated 01:34:47< Bertl> + any differently than any other context as far as process isolation is concerned. 01:34:55< taxcollector> Yup. That is good. 01:35:01< Bertl> + To allow for process overview, a special 01:35:01< Bertl> + 'Spectator' context has been defined for looking at all 01:35:15< Bertl> and what about a different ending like: 01:35:33< Bertl> + To allow for process overview, a special 01:35:33< Bertl> + 'Spectator' context has been defined to peek at all 01:35:33< Bertl> processes at once. 01:35:52< taxcollector> That is good 01:37:15< Napalm> yay, i found linuxconf homepage http://www.solucorp.qc.ca/linuxconf/ 01:37:28< Bertl> another general question: I assume my sentences are unusually long, for the typical English documentation, right? 01:37:54< taxcollector> Yeah, that was one thing I tried to tackle 01:38:11< taxcollector> That's a German thing, right? 01:38:20< taxcollector> Not a Bertl thing? 01:38:30< Bertl> that is some kind of childhood trauma ... 01:40:02< Napalm> lol 01:40:03< Bertl> my German teacher once told me, that I shouldn't start every sentence with the same word, and because at this time, I didn't bother to think about changing this, I just wrote my next essay in three sentences ... 01:40:31< Bertl> covering about 3-4 pages in total ... 01:40:36< taxcollector> LOL 01:40:46< Napalm> lolo 01:40:51< Napalm> :) 01:41:06< Medivh> then what did your German teacher say about that? :P 01:42:05< Bertl> well, it was some kind of silent agreement after that - no more complaining about different sentence starts from her side, no more gramatically correct sentences longer than half a page from mine ... 01:43:15< Napalm> Bert: how old are you? 01:43:22< Bertl> 34 atm 01:43:48< Bertl> hmm, wrong, I'm 33, but who cares ;) 01:44:02< Napalm> anyone else like to say how old they are? 01:44:04< Napalm> im 20 01:44:20< Medivh> 22 ;) 01:44:39< Bertl> okay, okay, I see I'm too old for that 8-) 01:45:31< Bertl> taxcollector: yet another one ... 01:45:34< Bertl> While early Linux-VServer versions tried to 01:45:34< Bertl> - fix this by funny methods, the recent version 01:45:34< Bertl> + fix this by unusual methods, recent versions 01:45:45< taxcollector> funny haha or funny strange 01:45:49< Bertl> in this case I would like to say ... 01:45:59< Bertl> fix this by "funny" methods ... 01:46:21< Bertl> because actually the first few implementations where really "funny" in a sarcastic way ... 01:46:28< taxcollector> OK 01:46:38< Bertl> they didn't work at all ;) 01:46:44< taxcollector> :) 01:46:45< Napalm> grrrrm im going to cryy :'( 'warning: linuxconf-1.32r1-1.i386.rpm error: Failed dependencies: libstdc++-libc6.2-2.so.3 is need... :'( 01:46:58< Bertl> but they had excellent explanations how they do what they didn't do ;) 01:47:14< Medivh> Napalm, I understand you're working on RH9? if so, do you have compat-libstdc++ installed? 01:47:15< Bertl> Napalm: recompile the source rpm 01:47:34< Medivh> unless, of course, you want to rebuild the source rpm ... i was going to add :p 01:47:53 * Bertl .oO( will probably require you to install the entire rpm repository, but ... ) 01:48:07< Napalm> so that will solve it, why is that error there? how comes i can rebuild it without those librarys installed? 01:48:19< Bertl> because it's a version issue 01:48:35< Bertl> libstdc++ is part of the gcc 01:48:41>> serving [~serving@213.186.189.95] has joined #vserver 01:48:43< Medivh> Napalm, it used the libstd++ on the box the rpm is built on ... yours is a newer version, so the older one it is looking for isn't there 01:49:16< Bertl> if you have an older or newer one than the one it was compiled for, you get this failed dependancy .. 01:49:24< Medivh> compat-libstdc++ _might_ be the older version it's looking for, so you can either try installing it and then linuxconf again, or rebuild the source rpm 01:49:42< Napalm> hmm i'll try and build the rpms 01:50:01< Medivh> personally I prefer rebuilding it for my system, too 01:50:17< taxcollector> rpm -q -f /usr/lib/libstdc++-libc6.2-2.so.3 01:50:26< taxcollector> results in compat-libstdc++-7.3-2.96.118 01:50:41< Bertl> taxcollector: just to verify that .. you did try the Barrier on the vserver's root directory too, right? 01:51:07< taxcollector> Yes; I couldn't start up vservers with the flag set 01:51:19< Bertl> okay, that was what I wanted to know ... 01:51:50< Bertl> + would make set uid and set gid 01:51:54< Napalm> i only have /usr/lib/libstdc++.so.5.0.3 i guess i should get an update for GCC then? 01:52:09< Bertl> wouldn't make set-UID and set-GID be better here? 01:52:49< Medivh> Napalm, nah, if you rebuild the source rpm it will compile for the libstdc++ version that is installed on your machine right now 01:53:05< taxcollector> I missed that; I don't think set-UID is better though 01:53:15< Napalm> its 'rpm -ta source.tar.gz' to rebuild right? 01:53:22< taxcollector> I think most documentation uses "setuid"? 01:53:26< Napalm> *rpmbuild 01:53:28< Medivh> Napalm, yep 01:53:36< Bertl> hmm, let's google for that ;) 01:53:41< Medivh> or rpmbuild -ba file.src.rpm 01:53:53< Medivh> depending on what your input is - a source tarball, or a source rpm 01:54:34< Bertl> 309,000 for setuid. 01:54:35< Bertl> 19,900 for set-UID 01:54:36< taxcollector> You probably don't have to capitalize uid, gid, and xid in general. 01:54:49< taxcollector> The masses triumph 01:54:50< Bertl> yep, that is a clear decision ... 01:55:00< taxcollector> education the democratic way 01:55:34< taxcollector> "But Mom, Google says 100,000 people are jumping off bridges" 01:55:42< Bertl> well, the language is adapted for the masses in sometimes strange ways ... 01:55:43< Napalm> ahahaha 01:56:17< Medivh> speaking of Google, I wonder why "to google" will make it into the dictionaries ;) 01:56:22< Medivh> s/why/when 01:56:54< Bertl> about 295,000 for jumping off the bridge. 01:56:55< Bertl> about 532,000 for staying on the bridge. 01:56:56< Bertl> *smile* 01:57:13< Bertl> try it yourself ;) 01:57:50< Medivh> i find the Google results for "miserable failure" quite interesting :p 01:58:04< Medivh> the first result, actually 01:58:11< Bertl> feeling lucky? 01:58:57< Bertl> did you ever try "100!" or "2^64" ? 01:59:08< taxcollector> Yeah, those a neat 01:59:33< Medivh> heh, nice, didn't know it does that ;) 02:00:00< Napalm> it gets better guys 02:00:03< taxcollector> or 5 meters in feet 02:00:22< Napalm> http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&q=34+kilobits+per+second+to+gigabytes+per+month 02:00:32< Napalm> :D:D:D:D 02:01:05< Bertl> last time I searched for a phrase, and mistyped every word of it, and google corrected the entire phrase without even blinking ... 02:01:31< Medivh> quite a nice search engine it is 02:01:42< Medivh> i'm curious how their IPO will turn out 02:01:43>> anonymouscoward [~nwalsh@shaggy.internode.com.au] has joined #vserver 02:01:56< Bertl> hi coward! 02:02:09< Napalm> no ones comments on my google search :'( 02:03:10< taxcollector> Nice search Napalm 02:03:12< taxcollector> ;) 02:03:33< Napalm> yay :) 02:03:35< Napalm> ;) 02:03:37< Medivh> taxcollector, gonna buy Google stocks? ;) 02:03:50< Napalm> hey try this one... 'french military victories' then press 'im feeling lucky' 02:03:58< Bertl> ah, well while the philosophical importance of converting kilobits/s to gigabytes/month should not be underestimated, the real life demands to convert it to $/h ;) 02:04:40< taxcollector> No Google stocks for me I should think 02:04:53< Medivh> especially if some kiddo attacks your name servers, like it happened here earlier today *grrr* 02:06:31< Napalm> no one liked my 'im feeling lucky'? 02:06:47< Medivh> Napalm, knew that one already ;) 02:06:49< Bertl> sure, we all *loved* it ... 02:06:50< Medivh> good one tho 02:06:56< Napalm> oh 02:07:21< Napalm> :) well its nice to know ppl like it 02:07:30< Bertl> taxcollector: 02:07:35< Bertl> - Having context information available with 02:07:36< Bertl> + If context information is available with 02:07:43< Bertl> each inode, it seems logical to extend the 02:07:43< Bertl> access controls to check against context too. 02:07:55< Bertl> any comments on that? 02:08:44< taxcollector> Yup... 02:08:47< Napalm> this linuxconf is really starting to piss-me-off it wont build the rpms from the tar.gz or the src.rpm 02:09:02< Medivh> isn't it "access controls to check against context, too." ? 02:09:15< taxcollector> "Having context"... isn't quite correct English 02:09:19< taxcollector> You could say: 02:09:27< taxcollector> Since you have context... 02:09:30< taxcollector> If you have context... 02:09:35< Bertl> what about 'Now with context inf... 02:09:37< taxcollector> Because there is context... 02:10:07< taxcollector> This was something I found kinda tricky 02:10:20< taxcollector> Are you discusing the development process of Linux-VServer here? 02:10:21< Bertl> Now with context information available with each inode, ... ? 02:10:21< Napalm> how do i get the latest libc things? 02:11:05< Bertl> yeah, basically it should explain that the access control was a side-effect because it was simple to implement ;) 02:11:56< Bertl> something along the line: hmm, now that we have xid for each file, why not check against it? 02:12:50< Medivh> Bertl, "available with each inode" sounds a bit strange to me ... wouldn't "available within each inode" describe it better? 02:13:47< taxcollector> I see what you are saying Bertl... 02:13:58< Bertl> well, the inode is represented in various ways throughout the kernel ... and the xid is stored differently in most of them ... 02:14:32< Bertl> so saying 'within' doesn't sound wrong to me, but is it necessary? 02:14:46< Medivh> maybe taxcollector can tell us :) 02:15:06< Bertl> probably ... let's wait and see ... 02:15:09< taxcollector> The problem I have with "Now" is that in the preceeding paragraphs you aren't discussing the process of building Linux-Vserver... 02:15:33< taxcollector> but are somewhat describing what you have to do generally 02:15:33< Bertl> okay, it's more general, right? 02:16:10< Bertl> okay, let's focus on the 'Having' part , which is obviously not so well chosen ... 02:16:30 * Bertl .oO( maybe that's an SQL relict? ) 02:16:45< taxcollector> :) 02:17:31< taxcollector> How aobut "Once context information is available..." 02:17:42< Bertl> yeah, that was what I was looking for ... 02:17:44< taxcollector> and change seems to is 02:17:53< taxcollector> So: 02:18:10< taxcollector> Once context information is available with each inode, it is logical... 02:18:19< Bertl> - Having context information available with 02:18:19< Bertl> + Once context information is available for 02:18:19< Bertl> each inode, it seems logical to extend the 02:18:26< Bertl> for better than with? 02:18:35< taxcollector> I don't think it matters much whether you say within or with 02:18:48< taxcollector> Oh.. 02:18:51< taxcollector> um 02:19:14< taxcollector> for is better 02:19:41< Medivh> yep sounds even better than what I suggested 02:19:59< taxcollector> but I still think s/seems/is 02:20:11< Bertl> great, great ... the power of the collective ;) 02:20:22< Bertl> okay is it is! 02:20:25< Medivh> We are the Borg. [tm] :p 02:21:03< Bertl> but what about 'it is a logical consequence to .." 02:21:14< Bertl> or logical step ... 02:21:31< taxcollector> logical step works 02:21:42< Bertl> + Once context information is available for 02:21:45< taxcollector> a logical step 02:21:46< Bertl> + each inode, it is a logical step to extend the 02:21:46< Bertl> access controls to check against context too. 02:22:07< taxcollector> good 02:23:21< Bertl> ITEM UID32/GID32 or EXTERNAL 02:23:21< Bertl> - This format uses, up to now 02:23:21< Bertl> + This format uses the 02:23:21< Bertl> unused space within the disk inode to store the 02:23:57< Bertl> well, I need to communicate the fact, that the space we use for storing the xid, might be used tomorrow by the filesystem maintainer :( 02:24:13< taxcollector> I thought that was your intention 02:24:21< Bertl> so something like 'yet unused' ? 02:24:35< Medivh> or currently unused 02:24:46< Bertl> sounds even better ... 02:24:52< taxcollector> current unused +1 02:24:58< taxcollector> er, currently unused +1 :) 02:25:30< Bertl> and I change the second part of the sentence from 02:25:45< Bertl> eh, second sentence I mean ... 02:25:46< Bertl> + context information. This is currently only 02:25:51< Bertl> defined for ext2/ext3 but will be also defined 02:26:08< Bertl> to ' At the moment, this is only defined ... 02:26:18< Bertl> to avoid repeating currently ;) 02:26:25< Bertl> oaky? 02:26:27< taxcollector> good 02:27:05< Medivh> I prolly would have said 'as of now', but I don't think it makes any difference 02:27:31< Bertl> sounds good too, any objections? 02:27:35< taxcollector> Nope 02:28:01< Bertl> + context information. As of now this is only 02:28:12< Bertl> is there a colon required after the now? 02:28:14< Napalm> yes at last 02:28:16< Napalm> i did it 02:28:17< taxcollector> nope 02:28:25< taxcollector> comma maybe 02:28:26< Bertl> okay, thought so, but wasn't sure ... 02:28:35< Medivh> comma I'd put 02:28:58< Bertl> eh, comma I meant, okay .. nevermind ... I'll add it ;) 02:29:25< taxcollector> It depends if you want the reader to pause 02:30:09< Bertl> like in good old analog modem times ;) 02:30:21< taxcollector> true :) 02:30:27< Medivh> hey, my mother still uses one of these :P 02:30:41< Bertl> for cooking? 02:30:47< Medivh> no, for surfing the net ;) 02:30:58< Bertl> for a moment I was worried ;) 02:31:27< Bertl> okay, another one bit vs. bits (not to speak of pieces ;) 02:31:36< Bertl> Advantage: works on all 32bit U/GID FSs. 02:31:36< Bertl> - Drawback: GID is reduced to 16 bit. 02:31:36< Bertl> + Drawback: GID is reduced to 16 bits. 02:31:41< taxcollector> If you say 32bit no pural 02:31:54< Bertl> and for 16bit? 02:31:59< taxcollector> If you say something is x bits, then plural 02:32:06< taxcollector> same thing 02:32:31< Bertl> so x is reduced to 32 bits but, x is then 32 bit, right? 02:32:34< taxcollector> e.g. This is a 64bit CPU. That means it uses 64 bits for .... 02:32:40< taxcollector> That's right 02:32:52< Bertl> okay, guess I finally got that ... 02:34:25< Bertl> + a number of modifications, that are not really required, 02:34:26< Bertl> + but extremely useful. 02:34:40< Bertl> what about: but have proven extremely useful? 02:34:58< taxcollector> have been proven 02:35:09< taxcollector> er, never mind 02:35:10< taxcollector> have proven 02:35:55< Medivh> how about s/really required/mandatory/? 02:36:16< taxcollector> That works; is more formal 02:36:46< Bertl> btw, another side question: if I want to express, that something might be/work different for you, than it did for me .. how would I say that, in normal conversation? 02:36:59< taxcollector> your mileage may vary :) 02:37:05< taxcollector> or YMMV 02:37:09< Napalm> Bert: how do you safley delete a vserver? 02:37:17< Bertl> okay I used that until now, but I wasn't sure that this is correct 02:37:23< Bertl> thanks for the confirmation ... 02:37:42< Bertl> Napalm: stop it - then remove the config - then the root dir 02:38:26< Bertl> so what about: 02:38:31< Bertl> In addition to the bare minimum, there are 02:38:34< Bertl> + a number of modifications, that are not mandatory, 02:38:34< Bertl> + but have proven extremely useful over time. 02:38:41< Bertl> (over time was added) 02:38:58< taxcollector> remove comma after modifications 02:40:13< Bertl> so this is a tough one, probably just an oversight ... 02:40:18< Bertl> - Nowadays this flag word supports quite a number 02:40:18< Bertl> - of flags, a flag word mask, which allows to 02:40:18< Bertl> + This flag word supports quite a number 02:40:18< Bertl> + of flags, a flag-word mask, which allows to 02:40:36< Bertl> "flag word" vs "flag-word" 02:41:01< taxcollector> You started hypenating at one point, I think I made a few changes so it would be more consistent 02:41:13< taxcollector> Does not need to be hyphenated; depends on your preference. 02:41:33< Bertl> okay, but I guess I should be consistent within the same sentence, right? 02:41:52< taxcollector> doh, yes 02:41:55< taxcollector> oversight on my part 02:42:06< Bertl> and the question is, would flag-word-mask be better or 'just' harder to read? 02:42:11< Napalm> now im going to cry 02:42:17< taxcollector> hard to read 02:42:36< Napalm> can anyone help me???? 02:42:37< taxcollector> and not quite conventional 02:42:39< Bertl> Napalm: let me guess, you removed _all_ your servers? 02:42:56< Napalm> Bert: nope, it wont install any 02:43:17< Napalm> Can't open file /vservers/server1/var/run/utmp (No such fil 02:43:24< Bertl> why do you think that is so 02:43:32< Napalm> '/usr/sbin/newvserver: line 474: /vservers/server1/etc/hosts: No such fi...' 02:43:40< Napalm> 'Can't execute passwd (No such file or dire' 02:43:48< Napalm> why is this happeneing to me? 02:44:05< Medivh> sounds as if there aren't all RPMS availbale required for installing a vserver 02:44:27< Bertl> okay, one step after the other .. a) what did you change, b) what did work before? 02:44:43< Napalm> Bert: a) nothing b) its a new setup 02:45:31< Bertl> hmm, well, although I can interpret your answer ... it might look a little confusing ... 02:45:47< Bertl> Q: "what did you change" A: "nothing" 02:46:05< Bertl> Q: " what worked before" A: "it's a new setup" 02:46:22< Napalm> its never worked as its a new installation of everything 02:46:27< Bertl> so the answers should be a) "everything" 02:46:33< Bertl> and b) nothing? 02:46:54< Napalm> soz 02:46:57< Napalm> :( 02:47:04< Bertl> just trying to figure out what the issue might be ... 02:47:40< Bertl> enrico, are you still around? any ideas? 02:47:55< Medivh> Napalm, you might wanna try to use an image from http://www.jvds.com/vserver/ if newvserver is giving you trouble, might be easier 02:48:33< Napalm> hmm, i did that before and i had just as many problems 02:48:47< Bertl> well, thing is, newvserver (although really beloved by debian folks), is actually depreciated ... 02:49:23< Bertl> but I know that the stable tools currently aren't able to fully replace that script ... 02:50:04< Bertl> what did the newvserver script do? try to describe what happened on your system ... 02:50:23< Bertl> did you use the linuxconf frontend? 02:50:34< Napalm> yes 02:50:35< Bertl> did it copy some stuff at all (into the vserver dir) 02:50:55< Bertl> or is that an almost empty dir .. about 1M or less in size? 02:50:56< Napalm> its mapped the devices and procs 02:51:33< Napalm> thats it 02:52:03< Bertl> okay ... so what happened is that it didn't copy/clone anything ... 02:52:31< Bertl> did you specify to copy the host system? 02:52:41< Napalm> yes clone '/' 02:52:52< Napalm> nothing got actually copied 02:52:56< Bertl> but it didn't do it ... 02:52:56< taxcollector> Bertl: I have to sign off; let's finish up tomorrow. 02:52:58< taxcollector> See ya 02:53:01>> taxcollector [~taxcollec@192.16.167.161] has quit [Quit: ] 02:54:02< Napalm> before we go anywhere wheres the config for vserver so i can change the VSERVER_ROOT to /vs/ 02:54:26< Bertl> really depends on the tool version, you are with 0.29.05 atm? 02:54:27< Medivh> I think you just found your problem :) 02:55:08< Napalm> im using util-vserver-0.29.5-0 02:55:15< Bertl> sublime message -- we love the moon 02:56:30< Bertl> okay, search for util-vserver-vars 02:56:43< Medivh> btw, there isn't by any chance someone here who might need 4x 512 MB PC1600 DDR RAM, Registered, ECC? :p 02:57:05< Bertl> np, send it over ... my postal address is ... 02:57:11< Medivh> heheh ;> 02:57:20< Medivh> i was thinking more like ... selling it :P 02:57:28< Bertl> ah, okay ... :( 02:57:36< Medivh> didn't have any luck on ebay, probably cause it are a bit special modules 02:57:54< Medivh> *they 02:58:32< Bertl> aha? 02:58:40< Napalm> Bert: i cant remove the old directory? 02:58:41< Napalm> d--------- 2 root root 4096 May 7 01:52 vservers 02:58:54< Medivh> Bertl, special as in "used for servers usually" 02:59:02< Bertl> Napalm: probably because the /proc is mounted ... 02:59:08< Bertl> (inside this dir) 02:59:15< Napalm> nothing is inside the dir 02:59:29< Napalm> i'll give the server a reboot now i have changed the VSERVER_ROOT 02:59:30< Bertl> check with /proc/mounts for details ... and chattr -i the dir 02:59:50< Bertl> both might be causing your troubles ... 03:00:14< Napalm> nothings mounted from that folder 03:00:17< Medivh> Bertl, thing is that my girlfriend's employer filed for bankrupty and didn't pay salaries for two months now already, so I'm running low on money ... searching for opportunities to sell some unneeded stuff :) 03:01:34< Bertl> ah so you are usually spending the money of your gf, right? ;) 03:02:01< Medivh> well we live together, so we share money on rent, buying food etc. ;) 03:02:11< Napalm> i think a file handle might be left open from using vserver command or newvserver script 03:02:46< Bertl> unlikely .. this only prevents unmounting not removal ... 03:03:37< Medivh> Napalm, lsof -n | grep /vs/server1 and you'll know 03:03:58< Bertl> Medivh: well, if it turns out, that you a) can't use the memory, and b) can't sell it for whatever reason, I guess donating it (for example to linux-vserver) would be an option ;) 03:04:10< Napalm> Medivh: nothing got returned from that commnad 03:04:19< Medivh> Napalm, then there's no open file handles 03:05:05< Napalm> ive rebooted it and i still cant remove the directory 03:05:18< Bertl> did you try the chattr? 03:05:27< Bertl> or have a look with lsattr first ... 03:05:45< Medivh> Bertl, if I can't get it sold, I might just do that ... but at least have to try selling with the current situation at hand :/ 03:05:53< Napalm> Bert: 'lsattr /vservers' returns nothing 03:06:10< Bertl> yeah, sure, no need to mention that ... 03:06:21< Bertl> lsattr -d /vservers ? 03:06:54>> monrad [~monrad@213083190226.sonofon.dk] has joined #vserver 03:06:54< Medivh> Napalm, what does rm -rf /vs/server1 give you anyway? 03:07:05< Bertl> hi monrad! 03:07:11< Napalm> Bert: -----------t- /vservers 03:07:40< Napalm> done it :) 03:07:47< Napalm> ' chattr -t /vservers 03:07:52< Bertl> okay ... 03:07:58< Bertl> leftover from the barrier ... 03:07:59< Napalm> thx Bert 03:08:15< Napalm> yet again, Bert king of Vserver 03:14:45< Bertl> Ash: Sure, I could have stayed in the past. I could have even been king. But in my own way, I am king. 03:14:48< Bertl> [he grabs girl] 03:14:51< Bertl> Ash: Hail to the king, baby. 03:15:01< Bertl> ;) 03:15:27< Napalm> ;) heheh 03:15:42< monrad> hi god morning or evening or what ever :) 03:15:56< Bertl> good wossname to you too! 03:15:56< Napalm> bow down to king bert :) 03:16:23< monrad> wossname ? 03:16:50< Bertl> don't tell me you do not know 'wossname'? 03:17:02< monrad> i have no clue 03:17:21< monrad> not at this time and after all those beers 03:18:07< Bertl> so you probably don't know Terry Pratched - sometimes acused of writing literature - either, right? 03:18:40< Napalm> Bert: 'Father Hogmass' 03:18:41< Napalm> :) 03:18:46< Napalm> what a great book 03:18:59< monrad> nope i dont know him 03:19:05< Bertl> something you should definitely change when the beer-factor is low again ... 03:19:32< monrad> well i guess it is going to fall after the Roskilde festival 03:20:57< Bertl> ah, something .dk specific with music and such, right? 03:21:14< monrad> music and beer 03:21:45< monrad> well not .dk specific there are quite a bit of people from norway, sweden and germany and other places too 03:21:57< monrad> about an 70.000-100.000 03:22:11< Bertl> I.c. ... 03:22:19< Medivh> maybe I should come around, not too far from .dk here ;) 03:22:59< monrad> well i live in Roskilde and i hope i get the same job as last year 03:23:11< monrad> working on one of the scenes as a stage hand 03:24:00< Bertl> that is probably something funny to do, right? 03:24:26< Medivh> btw, Bertl, thanks for "20 Apr: [VServer 1.3.9] released (Herbert)." 03:24:34< monrad> yes it is quite funny but also hard like unloading massiv attacks 5 trucks 03:24:48< Medivh> Bertl, nice b-day release for me ;-) 03:25:23< Bertl> if you had said earlier, I'd released a special Medivh version ;) 03:25:32< Medivh> heheh :) 03:25:43 * Bertl .oO( oh my God, what have I done ... ;) 03:26:34< Medivh> hmm, tomorrow (or rather today) will be kernel upgrade day for me 03:26:40< Medivh> need to upgrade kernels on 20 machines heh 03:26:49< Bertl> to 2.6/vs1.9.0 ? 03:27:20< Medivh> 2.4.26, no vserver patch ... those are webhosting machines of a customer of mine 03:27:56< Medivh> he asked me to do it as he doesn't have a clue about kernels really ... and considering the vulnerability in 2.4.25, upgrading web hosting machines is probably wise ;) 03:28:43< Medivh> wouldn't be the first time he got hacked due to a) a customer of his running some phpnuke vulnerable to remote command executing and b) running a vulnerable kernel ;) 03:28:57< Medivh> *execution 03:29:23< Medivh> you just reminded me I finally need to test 2.6 though :) 03:29:34< Bertl> yeah, keeping a system up to date is crucial for security ... 03:29:50< Bertl> that is why M$ release a new version of Win* every year ;) 03:30:07< Medivh> indeed it is ... been running my webhosting machines for 5 years now and noone could ever get in :) 03:30:19< Bertl> not even you? 8-) 03:30:29< Medivh> lol, well except for me ;) 03:30:47< Bertl> ah, so the security _is_ flawed after all! 03:31:07< Medivh> oO( damn he considers me a security risk :P) 03:32:25< Medivh> btw, Bertl, remember when I asked you about that sql-traffic-logging apache module? 03:32:51< Bertl> vaguely ... 03:33:04< Medivh> found a nice solution after all, mod_logio + a perl script which does the sql part :) 03:33:38< Bertl> published it? 03:33:58< Medivh> not yet, I'm working on something bigger which will include it though 03:34:15< Napalm> Medivh: ive downloaded one of those images in bz2 i un bzipped it, now i have a tar how do i get that to a img file? 03:34:16< Medivh> or actually, will start working soon by doing a rewrite of what I currently have 03:34:53< Bertl> Napalm: hum, why would you want to? 03:35:02< Napalm> so i cant mount it 03:35:03< Medivh> Napalm, just mkdir /vservers/vserver1; cd /vservers/vserver1; tar xfv /path/to/image.tar 03:35:26< Medivh> Bertl, you might know "Confixx"? 03:35:27< Napalm> ahh 03:36:33< Bertl> Medivh: heard of it ... also heard of the devil btw ... 03:37:06< Medivh> well you can export DEVIL=confixx actually :P 03:37:26< Medivh> i'm planning to code something similar to confixx, just better, free and open source of course 03:37:59< Bertl> ahh, that is a word! 03:38:01>> serving [~serving@213.186.189.95] has quit [Read error: Connection reset by peer] 03:38:56< monrad> well i think i will get some sleep there is a whole new day of drinking tomorrow/today :) see ya 03:39:10>> monrad [~monrad@213083190226.sonofon.dk] has quit [Quit: Leaving] 03:45:14< Napalm> Bert you still around? 03:45:16< Medivh> i'll be off to bed too now ... today's gonna be a busy day :) 03:45:22< Medivh> g'night guys 03:45:28< Napalm> night Medivh 03:45:44< Bertl> night Medivh! 03:45:52< Bertl> yep I'm still around ... 03:46:10< Napalm> how would i change it so that S_CAPS has CAP_NET_RAW be default? 03:46:17< Bertl> usually you can tell that by looking at my nick (FYI) 03:47:15< Bertl> well, a) you shouldn't give that, because it allows to sniff the traffic of other vservers, and b) there are some default files, but I don't know where they are located ... 03:47:58< Napalm> but the users cant ping without it? 03:48:23< Bertl> yes, they can, just install a sane ping, like the hping2 or poink ... 03:48:52< Napalm> ok 03:48:56< Napalm> :) 03:48:59< Bertl> ping is somewhat obsolete, as it insists in creating the packets itself ... 03:49:13< Bertl> thus requiring the RAW access ... 03:52:12< Napalm> this is still showing errors even when i tell it to clone from the extracted image files 03:52:15< Napalm> :'( 03:52:44< Bertl> what about 'starting' the extracted image? 03:53:21< Bertl> or more precisely, copying over the extracted files to the vserver dir? 03:53:44< Napalm> how do you use 'vserver build'? 03:54:45< Bertl> vserver wossname build ? 03:55:05< Bertl> that will give you an empty server ... 03:55:09< Napalm> theres an option to the vserver command called build? 03:55:12< Napalm> ahh i c 03:55:28< Napalm> its not my day 04:02:53< Bertl> okay, enough for me for today .. I'm off to bed now ... 04:02:57< Napalm> ok 04:03:03< Bertl> cya tomorrow ... 04:03:05< Napalm> im just about to go to bed 04:03:07< Napalm> cya 04:03:07>> dionv [~dionv@masq-van7ant.skynet.ca] has joined #vserver 04:03:13>> Napalm [~napalm@host81-7-22-112.adsl.v21.co.uk] has quit [Quit: ] 04:03:19< Bertl> hi dionv! 04:03:30< Bertl> anything urgent? 04:03:34< dionv> hi Bertl 04:03:53< dionv> Not so much urgent, just trying to figure things out. 04:03:57< Bertl> because I'm just about going to bed ... 04:04:11< Bertl> so if you have a quick question, go ahead ... 04:04:27< dionv> I hear you. I should be going soon too. I'll be quick then... 04:05:34< dionv> Following the Gentoo stuff on the Wiki site, but nothing is mentioned of fstab. My vserver doesn't like to default gentoo fstab, and a blank one isn't liked either. Suggestions? 04:06:34< Bertl> yeah, adapt the scripts (of the vserver) not to do any of those mounting/unmounting things done on a normal server 04:07:04< Bertl> same goes for the hardware detection and hwclock setting/resetting ... 04:08:19< dionv> Got the clock (it was listed on the wiki), was wondering about the mounting. I'll remove that and see. Don't think there's any h/w detection, but I'll verify that too. Thanks. 04:08:44< Bertl> you're welcome ... have a good night ... 04:08:56< dionv> Good night to you as well. 04:09:00>> Bertl is now known as Bertl_zZ 04:15:18>> dionv [~dionv@masq-van7ant.skynet.ca] has quit [Quit: dionv] 04:22:55>> dionv [~chatzilla@masq-van7ant.skynet.ca] has joined #vserver 04:38:40>> dionv [~chatzilla@masq-van7ant.skynet.ca] has left #vserver [] 05:31:22>> serving [~serving@213.186.191.61] has joined #vserver 05:33:54>> serving- [~serving@213.186.191.61] has joined #vserver 05:33:55>> serving [~serving@213.186.191.61] has quit [Read error: Connection reset by peer] 05:38:32>> serving- [~serving@213.186.191.61] has quit [Read error: Connection reset by peer] 05:40:26>> _shuri_ [~shushushu@cpu183.adsl.qc.bellglobal.com] has joined #vserver 05:40:26>> shuri [~shushushu@cpu183.adsl.qc.bellglobal.com] has quit [Read error: Connection reset by peer] 05:40:28>> _shuri_ is now known as shuri 06:29:02>> infowolfe [~infowolfe@pcp04891550pcs.frnkmd01.md.comcast.net] has quit [Remote host closed the connection] 07:21:20>> lexo_ is now known as franck 07:24:24>> suhcoolbro [~Suh@67-42-222-123.ptld.qwest.net] has joined #vserver 07:30:23>> infowolfe [~infowolfe@pcp04891550pcs.frnkmd01.md.comcast.net] has joined #vserver 07:34:26>> serving [~serving@213.186.191.61] has joined #vserver 07:35:42>> suhcoolbro [~Suh@67-42-222-123.ptld.qwest.net] has quit [Quit: NO CARRIER] 07:38:39>> serving [~serving@213.186.191.61] has quit [Read error: Connection reset by peer] 07:51:52>> infowolfe [~infowolfe@pcp04891550pcs.frnkmd01.md.comcast.net] has quit [Remote host closed the connection] 07:52:58>> infowolfe [~infowolfe@pcp04891550pcs.frnkmd01.md.comcast.net] has joined #vserver 07:53:40>> infowolfe [~infowolfe@pcp04891550pcs.frnkmd01.md.comcast.net] has quit [Quit: ] 08:05:14>> gilbert [~gilbert@208-186-222-203.nrp4.brv.mn.frontiernet.net] has quit [Quit: ] 08:54:14>> chaosle [~yvan@port-212-202-168-55.dynamic.qsc.de] has joined #vserver 08:54:26>> chaosle [~yvan@port-212-202-168-55.dynamic.qsc.de] has quit [Quit: ] 09:07:47>> hiaslboy is now known as hiaslboy_oO 09:20:00>> _id_m12 [~id@pD9E61626.dip.t-dialin.net] has quit [Ping timeout: 480 seconds] 09:29:36>> _id_m12 [~id@pD9E614D3.dip.t-dialin.net] has joined #vserver 09:35:49>> serving [~serving@213.186.191.61] has joined #vserver 10:04:39>> v00dY is now known as blabla223 10:08:33>> blabla223 [v00dy@62.241.52.129] has quit [Remote host closed the connection] 10:11:46>> v00dY [v00dy@62.241.52.129] has joined #vserver 10:19:29>> _id_m12 is now known as id_ill 10:26:03>> mhepp [~mhepp@r72s22p13.home.nbox.cz] has joined #vserver 11:11:10>> Doener_ [~doener@p5082D993.dip.t-dialin.net] has joined #vserver 11:18:10>> Doener` [~doener@p5082DB41.dip.t-dialin.net] has quit [Ping timeout: 480 seconds] 12:44:37>> infowolfe [~infowolfe@pcp04891550pcs.frnkmd01.md.comcast.net] has joined #vserver 12:48:28>> Netsplit uranium.oftc.net <-> nucleon.oftc.net quits: anonymouscoward 12:48:32>> Netsplit over, joins: anonymouscoward 12:48:32>> unununium.oftc.net changed the topic of #vserver to: http://linux-vserver.org/ | latest stable 1.27, devel 1.3.9, exp 1.9.0pre14 12:53:05>> ozan [~ozan@dsl81-215-53583.adsl.ttnet.net.tr] has joined #vserver 12:53:16< ozan> hello all 12:53:41< mids> hi ozan 12:54:48< Doener_> hi 12:54:53>> Doener_ is now known as Doener 12:59:34< ozan> what s up ? i was wondering vserver patch work with 2.4.27-pre1? 13:00:21< ozan> i have to use libata and i got patch for it ... :) 13:03:51< ozan> or patch for 2.6 stable enouh? 13:06:19< Doener> ozan: you could just try to apply the 1.27 patch for 2.4.26 to 2.4.27-pre1... or wait for Bertl_zZ and ask him to do a patch for 2.4.27-pre1 13:08:22< ozan> i tried but there is rejects .. 13:08:42< ozan> umm , better to wait bertl i gues 13:43:54>> mhepp [~mhepp@r72s22p13.home.nbox.cz] has quit [Remote host closed the connection] 14:13:54>> Apollo [~throwaway@caracal.norcomcable.ca] has joined #vserver 14:14:04>> Apollo [~throwaway@caracal.norcomcable.ca] has quit [Quit: ] 14:36:17>> hvd [~Miranda@62.99.252.14] has left #vserver [] 14:47:41>> rs [rs@ice.aspic.com] has joined #vserver 14:47:45< rs> hi 14:54:36>> kestrel [athomas@38.6.233.220.exetel.com.au] has quit [Read error: Connection reset by peer] 14:55:29>> kestrel [athomas@38.6.233.220.exetel.com.au] has joined #vserver 15:04:36>> Bertl_zZ is now known as Bertl 15:04:45< mids> howdy 15:04:56< Bertl> hi everyone! 15:05:27< Bertl> hi rs! hi ozan! 15:05:33< Bertl> hi mids of course! 15:12:46>> Apollo [~throwaway@caracal.norcomcable.ca] has joined #vserver 15:16:02< Bertl> hi Apollo! 15:21:32< ozan> hello bertl whats up 15:22:58< ozan> is it so deffucult to make 1.26 work with 2.4.27-pre1 ? 15:23:19< ozan> i have to use libata , and it is only works with it .. 15:27:17< kestrel> hey herbert 15:27:34< Bertl> hi alec! 15:27:57< Bertl> ozan: well, I'm adapting the patch to 2.4.27-pre2 atm, not a big deal ;) 15:28:58< ozan> i just got libata for 2.4.27pre1 :) 15:29:17< ozan> i hate this new sata boxes :) 15:29:22< Bertl> well, pre2 patch should work for pre1 too ... 15:29:35< Bertl> and the libata patch for pre1 should work for pre2 too ;) 15:29:53< ozan> thats great :) when do you think it will be ready? :P 15:30:22< Bertl> hmm, well I'd say in 10 seconds or so ... 15:30:33< ozan> hueuhe :))))) 15:32:53< Bertl> http://vserver.13thfloor.at/Experimental/patch-2.4.27-pre2-vs1.27.diff 15:33:28< ozan> let me try .. 15:35:27< Doener> Bertl: regarding service (ml), vserver xxx service yyy stop results in vserver xxx suexec root /sbin/service yyy stop, just saves some typing... you don't even need 'suexec root', 'exec' is just fine... 15:36:03< Bertl> okay, and debian doesn't allow for that? not that we really need it ... 15:36:17< Doener> and from the service script: SERVICEDIR="/etc/init.d" 15:36:17< Doener> env -i LANG=$LANG "${SERVICEDIR}/${SERVICE}" ${OPTIONS} 15:36:40< Doener> so after all you basically get: vserver xxx exec /etc/init.d/sshd stop 15:36:50< Bertl> obviously I confused it with the chkconfig option ... which I like very much ... 15:37:38< Doener> only interesting thing is that it 'emulates' restart by calling the script with stop and start 15:38:10< Bertl> well, that has it's advantage on 'older' services 15:38:12< Doener> and that you can list the status of all services, which means it calls xxx status for all xxx in /etc/init.d 15:38:32< Doener> i know, so i considered it interesting ;) 15:38:51< Bertl> but you are probably right, that this can be removed from the vserver command ... 15:38:54< Doener> nevertheless, the option for vserver really just saves about 5 keystroke 15:38:57< Doener> s 15:39:17< Bertl> (which is what enrico probably has done already ;) 15:40:22>> monrad [~monrad@213083190250.sonofon.dk] has joined #vserver 15:40:31< Bertl> hi monrad! 15:40:36< monrad> hi 15:43:13< Doener> oops... that forward caused the mail to look really ugly... 15:47:59< Nesh> Bah! 15:48:08< Nesh> Red Hat Enterprise Linux ES release 3 (Taroon Update 1) 15:48:08< Bertl> hi dinesh! 15:48:13< Nesh> hi bert! 15:55:15< kestrel> so...what's up with this new vserver config format in the alpha tools? 15:55:39< Bertl> hmm, you know the flowerpage? 15:55:53< kestrel> nope 15:56:15< Bertl> you know the alpha util-vserver page? 15:56:19< kestrel> yep 15:56:24< kestrel> i was just reading it 15:56:30< Bertl> there is a link to the 'flowerpage' 15:56:47< kestrel> AHA 15:56:59< kestrel> wow, that is so ugly 15:57:22< Bertl> yeah, enrico tried hard ... 15:57:29< Bertl> ... and succeded ... 15:57:47 * ozan compiling 2.4.27-pre2-vs1.27 15:58:00< kestrel> he sure did 15:58:09< Bertl> ozan: so libata applied? 15:58:10< kestrel> fortunately, i have links to preserve my sanity 15:58:17< ozan> yet .. no prob :) 15:58:34< kestrel> does vshelper actually work yet? 15:58:54< ozan> i will make it custom install cd for debian woody .. then install 15:59:21< Bertl> kestrel: well, for about half a year or so, yes ... 15:59:27< kestrel> haha :) 15:59:36< kestrel> the only thing similar i have ever used is vreboot 16:00:14< Bertl> hmm, that is your fault ... not mine ;) 16:00:41>> mhepp [~mhepp@r72s22p13.home.nbox.cz] has joined #vserver 16:00:47< kestrel> :P 16:00:58< Bertl> hi mhepp! 16:01:14< mhepp> hi Bertl 16:01:40< kestrel> hey herbert, is there a patch to "cull" /proc/mounts? 16:01:48< kestrel> ie. to reduce it so it only shows mounts inside the vserver? 16:02:29< Bertl> no, there is one to remove the entire /proc/mounts, and this is also a flag in 1.9.X ... 16:02:58< Bertl> there is no simple way to tell which mounts are 'inside' a vserver ... 16:03:34< kestrel> it seems to be "adjusting" the /proc/mounts view in some fashion 16:03:47< kestrel> eg. in ctx 0 i see this: /dev/vg00/build /vservers/build xfs rw 0 0 16:03:55< kestrel> and in ctx 2 i see this: /dev/vg00/build / xfs rw 0 0 16:04:24< Bertl> are you using namespaces? 16:04:47< kestrel> how do i tell? 16:05:06< Bertl> hmm, probably not, if you do not know ... 16:05:09< Bertl> kernel/tool version? 16:05:22< kestrel> hehe 16:05:36< kestrel> Linux cavern 2.4.26-vs1.3.9 #18 Fri May 7 22:30:16 EST 2004 i686 unknown unknown GNU/Linux 16:05:55< kestrel> util-vserver-0.29.211 16:06:02< kestrel> magic! 16:06:23< Bertl> hmm, you might use namespaces, although you don't know ;) 16:06:30< kestrel> hehehe, anything is possible 16:06:37< Nesh> friggin ES 16:06:51< Bertl> so you like the new? RH? 16:06:51< kestrel> he talks about interface naming in the config too 16:06:55< Nesh> no 16:06:58< kestrel> but i suspec that will not be magical 16:07:05< kestrel> * name 16:07:09< Nesh> 10:06:39 up 17:06, 2 users, load average: 1.27, 1.08, 0.64 16:07:15< Nesh> CPU states: cpu user nice system irq softirq iowait idle 16:07:15< Nesh> total 18.0% 0.0% 6.0% 1.2% 0.8% 8.6% 65.4% 16:07:19< kestrel> When this file exists, the interface will be named with the text in this file. 16:07:21< Nesh> it says 65% idel 16:07:27< Nesh> but load it high? 16:07:44< Bertl> one has nothing to do with the other ... 16:07:48< Nesh> oh 16:08:06< Nesh> so why is my load high P 16:08:16< Bertl> example: consider 10 processes waiting for I/O ... 16:08:34< Bertl> they will not use up much cpu, but will be accounted to the load 16:08:58< Nesh> hmm 16:09:09< Nesh> there should be a tool that breaks it all out :) 16:09:19< Bertl> like ps? 16:09:48< Nesh> hehe 16:09:54< Nesh> sorted! 16:10:31< Nesh> ps shows io wait? 16:26:22>> Apollo [~throwaway@caracal.norcomcable.ca] has quit [Quit: ] 16:28:51< kestrel> hey herbert, what is the "scope" of an interface? 16:29:17< kestrel> in the context of /etc/vservers 16:31:29< Bertl> hmm, I do not understand that question :) 16:31:33>> mlgd [~mlgd@194.206.160.208] has joined #vserver 16:31:36< mlgd> hello 16:31:45< Bertl> hi mlgd! 16:31:59< mlgd> i have a problem to run vserver on Debian sarge 16:32:47 * Bertl is now doing some cooking ... (increased latency) 16:32:50< mlgd> i have this message when i run it : Can't set the ipv4 root (Bad address) 16:33:30< kestrel> herbert: the file /etc/vservers/vserver-name/interfaces/scope ... 16:33:35< kestrel> there is also a per-interface scope 16:33:48< mids> mlgd: what is your IPROOT set to in /etc/vservers/.conf ? 16:34:14< mlgd> 192.168.0.101 16:34:54< mlgd> my eth1 : 192.168.0.1 16:35:07< mids> and IPROOTDEV ? 16:35:30< mlgd> IPROOTDEV=eth1 16:35:38< mlgd> it' all right ? 16:35:48< mids> looks good so far 16:36:06< mids> but I am a vserver n00b, so that doesn't say much 16:36:33< mids> http://list.linux-vserver.org/archive/vserver/msg04461.html 16:36:37< Bertl> mlgd: do the following: 16:36:37< mids> [vserver] Can't set the ipv4 root (Bad address) 16:36:52< mlgd> same think 16:36:58< Bertl> before vserver start: ifconfig -a 16:37:17< Bertl> then the vserver startup 16:37:28< Bertl> then again ifconfig -a 16:37:39< Bertl> (try a vserver stop before) 16:37:53< mlgd> i have : eth1: 16:38:00< Bertl> and upload the complete output somewhere ... so we can look at it ... 16:38:36< Bertl> you can replace sensitive information with consistant placeholders ... 16:39:50< mlgd> i reboot the server 16:44:33< mlgd> Bertl : it's ok 16:48:57< mlgd> somebody here ? 16:53:38< mlgd> i'm alone ! 16:53:49< Bertl> no, you are not 16:54:03< Bertl> as I said increased latency ... I'm cooking ;) 16:54:03< mlgd> Bertl : do you see my ifconfig.txt 16:54:30< mlgd> sorry, i'm working, it's 4:54 pm here 16:54:42< Bertl> okay, here too ;) 16:54:54< Bertl> looks good to me ... 16:55:05< Bertl> server mlgd is started? 16:55:18< mlgd> no 16:55:23< mlgd> vserver mlgd status : 16:55:35< mlgd> Server mlgd is not running 16:55:56< Bertl> where is the output of vserver mlg start? 16:55:59< Bertl> +d 16:56:09< mlgd> on my ssh :) 16:56:26< mlgd> Starting the virtual server mlgd 16:56:26< mlgd> Server mlgd is not running 16:56:26< mlgd> Can't set the ipv4 root (Bad address) 16:57:37< Bertl> okay, now if you do vserver mlgd stop 16:57:45< Bertl> and then vserver mlgd start again? 16:57:53< mlgd> Stopping the virtual server mlgd 16:57:53< mlgd> Server mlgd is not running 16:58:44< mlgd> :( 16:58:45< Bertl> and the start? 16:58:57< mlgd> Starting the virtual server mlgd 16:58:57< mlgd> Server mlgd is not running 16:58:57< mlgd> Can't set the ipv4 root (Bad address) 16:59:15< Bertl> okay ... let's check the versions/installation ... 16:59:36< Bertl> http://vserver.13thfloor.at/Stuff/testme.sh 16:59:47< Bertl> execute this on the host, and let me know what it says ... 17:02:25< mlgd> ok 17:03:13< Bertl> okay that pretty much explains it ;) 17:03:25< Bertl> Can't set the new security context 17:03:25< Bertl> : Function not implemented 17:03:25< Bertl> chcontext failed! 17:03:25< Bertl> Can't set the ipv4 root (Bad address) 17:03:25< Bertl> chbind failed! 17:03:27< Bertl> Linux 2.4.25-1-k7 i686/0.29/0.29 [J] 17:03:40< Bertl> a) your kernel is not vserver patched 17:03:46< mlgd> ? 17:03:53< Bertl> b) you are using old (obsolete) tools 17:04:08< mlgd> b) i'm on Debian Sarge 17:04:35< mlgd> a) i'have installed "kernel-patch-ctx" 17:04:50< mlgd> but how patch kernel ? 17:04:57< Bertl> well, but you probably havent compiled a new kernel yet ... 17:05:09< Bertl> (and installed it) 17:05:21< mlgd> yes i don't have compile kernel 17:05:33< Bertl> so this needs to be done first ... after that 17:05:55< mlgd> ok 17:05:57< Bertl> you should update the tools, some debian folks around here will help you to find the correct ones ... 17:07:33>> mhepp [~mhepp@r72s22p13.home.nbox.cz] has quit [Remote host closed the connection] 17:25:38< mlgd> somebody speak french ? 17:26:33< mids> a bit 17:26:42< mids> but I deny speaking it in the channel :) 17:48:59< Bertl> okay .. off for a while ... 17:49:04>> Bertl is now known as Bertl_oO 18:04:43>> pflanze [~chris@gate.wyona.com] has joined #vserver 18:04:49< pflanze> Hello 18:04:53< mids> hi pflanze 18:06:56< mlgd> hello 18:07:35 * ozan 2.4.27-pre2-vs1.27 works nice with libata ... :) thanks bertl 18:09:58< maharaja> libata? 18:10:13< pflanze> Does anyone know more about this "namespace" thing the alpha vserver stuff is using? 18:10:32< pflanze> More than what is written on http://www.linux-vserver.org/?page=alpha+util-vserver 18:11:25< ozan> with sata support .. 18:12:09< maharaja> i c 18:12:14>> rs_ [rs@ice.aspic.com] has joined #vserver 18:13:54>> rs [rs@ice.aspic.com] has quit [Read error: Connection reset by peer] 18:22:50>> mlgd [~mlgd@194.206.160.208] has quit [Quit: mIRC.fr Dernier cri !! mirc traduit entièrement en français ! Disponible sur http://www.oubah.com ! n'hésitez pas !] 18:28:45>> taxcollector [~taxcollec@192.16.167.161] has joined #vserver 18:29:49< ensc> pflanze: namespaces are describing the mounted filesystems of a process (that's why, /proc/mounts is a symlink to /proc/self/mounts). With CLONE_NS (see man 2 clone), you can create a new, independent namespace and additional mount- or unmount-operations will not affect other processes (and vice versa) 18:30:38< pflanze> k 18:31:24< pflanze> I was just wondering if my gentoo startup problems could be related to my fiddling around with host based mounts 18:31:25< ensc> damn... since I use the new spamfilter, I do not get spams anymore and can not learn the Bayes filter which was dropped when I moved the spamfilter into an own vserver 18:31:56< ensc> other mounts are still visible in /proc/mounts 18:32:26< pflanze> I was mounting proc,devpts,tmp from the host's /etc/fstab instead of the /etc/vserver/foo/fstab 18:32:48< pflanze> But I've now reverted it back and gentoo still does not work 18:33:08< ensc> ??? 18:33:26< pflanze> It terminates with a segfault. 18:33:39< ensc> it==??? 18:33:39< pflanze> I'm not 100% sure if it's /sbin/init which is segfaulting. 18:34:18< ensc> do you tried to turn on core-ulimits? 18:34:33< pflanze> yes, but I've never got any core 18:34:46< pflanze> well, 18:34:53< pflanze> *how* is the question. 18:35:11< pflanze> prolly some config thing 18:35:24 * pflanze starts up flower page 18:36:26< ensc> with old kernel, you can use the 'ulimits' directory 18:37:01< ozan> gott a go .. se ya all 18:37:02< ensc> I do not know if core is supported by the new vlimit 18:37:17>> ozan [~ozan@dsl81-215-53583.adsl.ttnet.net.tr] has quit [Quit: [BX] With a BitchX here and a BitchX there, here a BitchX there a BitchX everywhere a BitchX] 18:37:27< pflanze> I'm using 2.4.21+1.3.8 18:37:45< pflanze> s/21/26/ 18:37:55>> Shotygun [shotgun@shotygun.com] has quit [Remote host closed the connection] 18:37:55< ensc> I never tried 1.3.x... 18:38:03>> Shotygun [shotgun@shotygun.com] has joined #vserver 18:38:31< ensc> pflanze: what gives 'vserver-info - FEATURE migrate; echo $?' there? 18:39:07< pflanze> 1 18:39:34< pflanze> Hm: "A directory with ulimits. Possible resources are cpu, data, fsize, locks, memlock, nofile, nproc, rss and/or stack." 18:39:36< ensc> ok; 'ulimits' should work there 18:39:44< pflanze> core is not mentioned 18:40:48< ensc> oh... I forgot it. Then, the host-value will be used 18:41:04< pflanze> Well but then it doesn't work, no core ever written anywhere 18:41:35< pflanze> even if core is nonzero on the host 18:41:46< pflanze> s/if/when/ 18:42:57< ensc> replace /sbin/init in the vserver with a bash-scriplet like '#!/bin/sh\nulimit -a' 18:43:02< ensc> (and make it executable) 18:43:44< ensc> you are using the plain-initstyle, right? 18:44:14< pflanze> yes 18:44:22< pflanze> good idea 18:44:28< pflanze> (tm) 18:45:36< pflanze> but: if core is set to 0 by some vserver tool, that script should not be able to widen it again, right? 18:47:58< ensc> should be possible when the 'ulimits' flag is not set 18:48:47< pflanze> Hm, one should read error messages in detail! 18:48:48< pflanze> May 7 18:47:44 elvis kernel: grsec: signal 11 sent to (vps:5865) UID(0) EUID(0), parent (vserver:22893) UID(0) EUID(0) 18:49:12< pflanze> "vps": that means it's not the gentoo server itself, but some vserver stuff? 18:49:47< ensc> yes; the place where it happens would be interesting 18:50:02< pflanze> why does vserver call vps? 18:51:04< ensc> e.g. to determine if the context exists 18:51:54< pflanze> And why does it only segfault when I want to start a gentoo gues and not with any of my woody/sarge guests? 18:52:19< ensc> to answer this, it would be interesting to know where it happens 18:52:54< pflanze> how should I find out? strace makes it hang, iirc. 18:53:07>> g0atygun [shotgun@shotygun.com] has joined #vserver 18:53:08>> Shotygun [shotgun@shotygun.com] has quit [Remote host closed the connection] 18:53:48< rs_> ensc: I found some strang thing on which I would like to investigate with you 18:54:10< rs_> I don't have time for now, but if you have time later I will expose them to you 18:54:46< ensc> pflanze: is core-file size set to !=0 in the host? 18:54:50< ensc> rs_: ok 18:56:04< ensc> pflanze: vps should be strace-able when it is started in ctx 1 18:56:46>> rs_ [rs@ice.aspic.com] has quit [Quit: home] 18:59:42< pflanze> ensc: yep, "ulimit -c unlimited; vserver gentoo start; find / -name core" does not show up any core file. 19:00:12< pflanze> (and grsecurity says: May 7 18:58:56 elvis kernel: grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by (vps:8139) UID(0) EUID(0), parent (vserver:22889) UID(0) EUID(0) 19:00:13< pflanze> ) 19:00:50< pflanze> So the tools somewhere *do* set the core ulimit. 19:00:59< ensc> pflanze: replace 'vps' with a script calling 'ulimit -c inf; exec vps_ "$@"' 19:02:22< pflanze> /opt/vserver//sbin/vps: line 3: ulimit: inf: invalid number 19:02:25< pflanze> :o) 19:02:42< pflanze> unlimited is correct 19:04:48< pflanze> ok that helped 19:06:01< pflanze> Hm, gdb is not very informative: 19:06:03< pflanze> bt 19:06:04< pflanze> #0 0x0000589d in ?? () 19:06:14< pflanze> Core was generated by `/opt/vserver/sbin/vps_ ax'. 19:06:43< ensc> ok; rebuild the tools with 'CFLAGS="-O0 -g3"' 19:08:45>> Bertl_oO is now known as Bertl 19:09:05< Bertl> hi everyone! 19:09:57< Bertl> ah enrico, do you have some time for the namespace cleanup now? 19:10:18< ensc> will have to go shopping in a few minutes... 19:10:41< pflanze> cc1: error: invalid option `-O0 -g3' 19:10:54< Bertl> ensc: hmm, well when do you _think_ that you will have time for this unimportant detail? 19:11:14< pflanze> sorry found the bug 19:12:22< ensc> Bertl: I do not have a good idea how this can be implemented cleanly. Perhaps evertyhing above '.' should be kept and all other mounts be removed. But can this implemented cleanly in the kernel? 19:12:46< ensc> and what is with i/o redirections e.g. to /var? 19:13:18< Bertl> that actually is what we should talk about, IMHO there is no problem, because we can cleanly separate context mounts from system mounts ... 19:13:43< ensc> mounting happens in host-ctx 19:13:51< Bertl> why is that so? 19:14:36< Bertl> isn't that basically working around the namespace idea itself? 19:15:06< ensc> some user-scripts may be placed between mount and init. 19:15:35< Bertl> fine, what's the problem? 19:16:12< ensc> filesystems would be mounted with another ctx than the ctx which is used to run init 19:16:23< Bertl> for me the steps are clear: 19:16:36< Bertl> 1) create a new context (with namespace) 19:16:45< Bertl> 2) do some mounting (like for proc) 19:16:52< Bertl> 3) start some scripts 19:17:07< Bertl> 4) finish the setup with the init flag 19:17:18< Bertl> 5) context is working on it's own ... 19:17:51< Bertl> now somewhere between 3 and up to 4, we can do the cleanup ... 19:18:12< Bertl> it could even be part of the final init clearing 19:18:30< pflanze> ensc: 19:18:31< pflanze> (gdb) bt 19:18:31< pflanze> #0 0x00006080 in ?? () 19:18:48< pflanze> that's the whole difference with the -g3 compiled binary 19:19:06< Bertl> / is going to remain anyway, and all fs mounting is done from _inside_ the context 19:19:29< ensc> Bertl: I am not sure if I need to execute some things in host-ctx 19:19:39< ensc> pflanze: are you using dietlibc? 19:19:43< pflanze> yes 19:19:52< ensc> is there something a '-Os' flag? 19:20:08< pflanze> moment 19:20:17< pflanze> nope 19:20:32< pflanze> CFLAGS = -O0 -g3 -std=c99 -Wall -pedantic -W 19:23:27< ensc> pflanze: I mean when compiling the files; e.g. 'diet -Os gcc ...' 19:24:31< pflanze> diet gcc -DHAVE_CONFIG_H -I. -I. -I. -I ./lib -I ./ensc_wrappers -D _GNU_SOURCE -O0 -g3 -std=c99 -Wall -pedantic -W -MT src/vps.o -MD -MP -MF "src/.deps/vps.Tpo" -c -o src/vps.o `test -f 'src/vps.c' || echo './'`src/vps.c; 19:24:51< pflanze> I'll configure w/o diet 19:32:06< ensc> Bertl: this will need lots of rewriting and I have at least one application where a scriptlet needs to run in host-ctx 19:33:03< Bertl> so what's the point of using namespaces then? 19:33:22< pflanze> ensc: without dietlibc I get: 19:33:24< pflanze> #0 0x0000629e in ?? () 19:33:24< pflanze> #1 0x4003ddc6 in __libc_start_main () from /lib/libc.so.6 19:33:47< pflanze> and I *did* make clean before a new make && make install 19:34:45< pflanze> well I am using grsecurity with it's address space randomization, but that should not disturb gdb afaik. 19:35:06< ensc> Bertl: some kind of chroot() attacks are not working 19:35:22< Bertl> well, they are also not working with the Barrier, right? 19:35:32< ensc> correct 19:36:13< Bertl> so for me the only advantage of the namespace (aside from some drawbacks, like the complicated enter) is that there are per vserver mounts 19:36:43< Bertl> and that is exactly the part which isn't working as expected, if we do not cleanup the namespace first ;) 19:37:11< ensc> Bertl: can you decide if '.' is a grant*parent of a mountpoint? 19:37:47< Bertl> hmm, I can walk the entire vfs mount tree up and down ... 19:38:06< pflanze> every time I try to use gdb it doesn't work. :o/ 19:38:24< pflanze> (except with my own simple programs.) 19:38:40< Bertl> pflanze: maybe your security doesn't permit it ;) 19:38:59< pflanze> I've just checked, a simple program from myself does work with gdb. 19:39:15< pflanze> So it's not grsecurity's fault. 19:39:37< Bertl> that's jumping to conclusions ... 19:39:45< pflanze> Or at least it doesn't trigger if not using some special feature I'm not using in my proggie. 19:40:02< Bertl> did you debug library loading ... or process execution? threads? 19:40:21< pflanze> nope 19:40:24< ensc> Bertl: but ctx tagging would work: cleanup could remove everything which is not tagged with a childparent-xid of the current parent-xid 19:40:37< ensc> (within the current namespace) 19:41:05< ensc> then I could do the mounts with a dynamic context 19:41:28< Bertl> not sure what a childparent-xid or current parent-xid is, but what I can do is: 19:41:33< ensc> pflanze: try 'chcontext --xid 1 strace -o /tmp/foobar vps_ "$@"' 19:41:43< Bertl> a) tag each vfsmount with the context id 19:42:09< Bertl> b) remove all mounts except those belonging to a specific xid or held by '/' or 'pwd' 19:42:51< ensc> s!childparent!child! 19:42:52< Bertl> c) allow you to manually 'tag' some mounts from the host/parent 19:43:40< ensc> the 'specific xid' would be a problem; it should be every xid which is a children of the current parent-xid 19:44:02< ensc> but I will leave for 15 minutes now... 19:44:11< Bertl> okay, have fun, cya later ... 20:12:53< ensc> ok, back 20:13:06< Bertl> still here ;) 20:13:30< ensc> again... 20:14:15< ensc> this new spamfilter is fascinating... spamreduction by >90% 20:14:35< Bertl> hmm, what is it? 20:14:41< ensc> greylisting 20:14:55< ensc> http://greylisting.org/ 20:15:18< ensc> I do not get spam to train my Bayes filter :( 20:17:45< Bertl> hmm, how should that work ... 20:18:58< ensc> to every unknown (relay,sender,rcpt) triple you say: '4xx try again later'. Good mailers are doing that and are becoming known 20:19:24< ensc> but most spammers are having a hit-and-run strategy and will never do this 'try again later' 20:19:34< Bertl> yep, I read that, but a spam mailer will not use a host with reverse for example ... 20:19:44< ensc> reverse? 20:19:53< Bertl> or the mailer will not identify itself correctly 20:20:18< Bertl> so my minimal postfix settings already filter out those clients 20:20:18< ensc> why? the 'relay' part is the ip of the contacting mta 20:20:39>> taxcollector [~taxcollec@192.16.167.161] has quit [Ping timeout: 480 seconds] 20:21:05< Bertl> if the email is relayed, I'm unable to test the mailer with 4xx only the relay, which is properly set up 20:21:31< Bertl> so no benefit in that either ... 20:21:32< ensc> most spammers do not use relays 20:22:01< Bertl> I do not get direct spam mail ... because spammers are too stupid to setup their mailer/host 20:22:16< ensc> and when they use relays, they will appear in ordinary blacklists sooner or later 20:22:35< Bertl> so it basically doesn't add anything? 20:22:48< ensc> ok, it works at the border only 20:23:01< Bertl> except for a longer delay for wanted email ;) 20:23:20< ensc> at work I am sitting at such a border, and my university introduced greylisting last week too 20:23:41>> taxcollector [~taxcollec@192.16.167.161] has joined #vserver 20:24:15< Bertl> hi taxcollector! 20:24:20< taxcollector> Howdy! 20:25:29< Bertl> ensc: well, would requiring a minimum of correct identification and maybe a reverse lookup of the mailer not be sufficient? 20:25:46< ensc> reverse lookup does not work everytime 20:25:57< ensc> what is 'correct identification'? 20:27:07< ensc> Bertl: can you access http://www.tu-chemnitz.de/urz/netz/statistik/mail/ ? Do you see the jump in 'Abgewiesene Emails' in the last week? This is caused by greylisting 20:27:28< Bertl> if some host says, HELO/EHLO spammer.localhost and has ip x.y.z.v 20:27:46< Bertl> and a) spammer.localhost doesn't resolve to x.y.z.v 20:27:59< Bertl> or a) isn't valid 20:28:09< Bertl> b) isn't valid 20:30:19< ensc> domains are cheap and it is easy to create an A record for 'EHLO foobar.uy' 20:30:23< Bertl> ensc: you mean the purple values? 20:30:40< Bertl> starting with 25-03 ? 20:31:16< ensc> the whole ammount; there are listed successfully delivered mails only (those who sent the 'DATA') 20:31:39< ensc> 2004-04-30 20:32:44< Bertl> well, I'm not convinced that doing some basic checks wouldn't accomplish the same ... 20:34:38< ensc> not in this ammount, and there may be valid reason why other checks fail. With greylisting, good mails will not be reject but only delayed 20:36:31< Bertl> and spam mails sent with next month's software will be accepted, because this software will do the resend ... 20:37:43< ensc> in the meantime, the IP is on a blacklist and the mail in razor/pyzor 20:38:17< Bertl> yes, that's true for now, but not any longer true next month 20:38:27< ensc> why? 20:38:48< ensc> blacklists and razor/pyzor are realtime 20:38:53< Bertl> todays spam software doesn't resend the mail 20:39:14< Bertl> next months spam software will resend it, so no benefit from that 20:39:52< ensc> spammers are living from sending huge amounts of spam. so the chances are very high that they will sent to a spamtrap address at the first try which updates the blacklist. 20:40:02< Bertl> if you want to buy time for blacklists, you would be better of accepting the mail in the first place, and waiting a few minutes (hours?) until you deliver it 20:40:39< ensc> yes, there is recommended a delay of 1 hour; currently I am using 15 minutes 20:41:03< Bertl> and if every mail relay adds 15 minutes, I'm better of with snail mail ... 20:41:16< Bertl> (not to think of 1 hour each ;) 20:41:26< ensc> why? it's not every email but only the first one from an (relay,sender,rcpt) tripel 20:42:05< ensc> e.g. your mail at sunday was delayed, but now you are on a whitelist 20:42:10< Bertl> which means that somebody trying to reach me, using 3-4 hops will have to wait 8 hours for his reply ... 20:42:27< ensc> hops? 20:42:32< Bertl> relays ... 20:43:11< monrad> in which senarios do you use that many relays ? 20:43:12< ensc> why so much? Usually there is MUA/sender -> relay -> MTA -> MUA/rcpt 20:43:30< Bertl> don't get me wrong, I think the basic idea is not that bad ... 20:43:54< Bertl> but client authentication would be better for example ... 20:44:11< ensc> how should I authenticate me? 20:45:01< Bertl> via pgp keys for example? 20:45:24< ensc> and unknown people can not send mail to you? 20:46:09< monrad> well that would break the system, greylisting does not have that problem 20:47:06< Bertl> look 90% of the spam I get looks like this: 20:47:11< Bertl> Received: from cpe-138-130-72-238.nsw.bigpond.net.au 20:47:11< Bertl> +(CPE-138-130-72-238.nsw.bigpond.net.au [138.130.72.238]) 20:47:11< Bertl> by mail.13thfloor.at (Postfix) with SMTP id AC7A851007C 20:47:11< Bertl> for ; Fri, 7 May 2004 05:41:31 +0200 (CEST) 20:47:11< Bertl> X-Message-Info: 680bhYteAG39HTkygb017nqZSEdtoKY2OMX36qKmKNJ1 20:47:14< Bertl> Received: from dns02hotmail.com ([186.226.237.35]) by 20:47:16< Bertl> +obc818-k1.RIBBGGRZYFDCFJ@hotmail.com with Microsoft SMTPSVC(5.0.2195.6824); 20:47:19< Bertl> Thu, 06 May 2004 14:29:59 -0200 20:47:37< Bertl> a delay would mean fun, but wouldn't buy me anything, right? 20:48:07< monrad> well it might have got into pyzor,dcc or razor if you are useing them 20:48:20< ensc> mail from hotmail MTAs is seldom since they have restrictions in the meantime 20:48:50< Bertl> monrad: okay, so why should I reject this mail in the first place? 20:49:25< Bertl> I could simply wait an hour until I deliver it, then check the blacklist again ... 20:49:52< ensc> for this mail, greylisting will not work good, since hotmail resends it. But as monrad said, chances are high, that it is listed in razor/pyzor/dcc 20:50:18< Bertl> so, then just checking that will do the trick, right? 20:50:24< monrad> yes i found out that most of the spam i got was marked by some services after my line was down for 2 days 20:50:36< monrad> kinda an unwilling greylisting :) 20:50:49< ensc> Bertl: no; it may be fresh spam at the first try and not known to razor 20:51:14< Bertl> okay enrico, but where is the advantage in sending an 4xx then? 20:51:52< monrad> ensc: not to debate which is best but i found that that out of 400 spams most were found by pyzor then dcc and razor found the least 20:51:56< ensc> it will be delayed for a certain time, but probably sent to other (spamtrap) addresses which are registering it at razor 20:52:34< Bertl> yes, but why 4xx instead of accept and hold? 20:52:55< monrad> because many spam sender dont resend and the same goes for virus 20:53:15< Bertl> monrad: ah okay, virus is a good argument ... 20:53:15< ensc> Bertl: save bandwidth 20:53:19< ensc> and diskspace 20:53:23< Bertl> ensc: hum? 20:53:50< Bertl> you mean sending a 4xx does save bandwidth overall? 20:53:55< ensc> the initial EHLO/RCPT/MAIL sequence is much shorter then the DATA part 20:53:59< ensc> yes 20:54:26< ensc> see http://projects.puremagic.com/greylisting/ 20:54:38< ensc> " This gives us a net gain of over 1.67 Gbytes of traffic that was saved by implementing Greylisting in our tests. And that's just on a fairly small site." 20:56:07< monrad> ensc: are you useing postfix ? 20:56:09< ensc> Bertl: and as said: most current spam is sent by hit-and-run MTAs but not by resending ones 20:56:14< ensc> no, sendmail 20:56:23< ensc> (in vservers) ;) 20:56:33< monrad> hehe i use postfix in vserver :) 20:57:33< ensc> I need a small nullmailer for vservers, but have not found a such one yet. The 'nullmailer' MTA does not really fit my wishes 20:57:46< monrad> but i wait with the greylisting untill 2.1 is in debian unstable 20:58:00< monrad> i use ssmtp in the other vservers 20:59:18< ensc> ah yes. It heard that it is complicated to setup filters for postfix. Something like working in the mailqueue... 20:59:38< Bertl> not really ... 21:00:52< monrad> in there new version there is some new policy stuff in 21:04:17< ensc> mmh, ssmtp does not seem to exist outside of Debian and Gentoo. Google returns lots of 'vulnerabilities' pages; is there an URL of the officail project? 21:06:16< monrad> maybe is debian the new upstream upstream 21:07:52< monrad> hmm 21:08:01< monrad> maybe just one upstream 21:12:06< serving> . 21:12:08< serving> hi all 21:12:35< serving> do we need to keep anything in /dev/ ? 21:12:41< Bertl> yep 21:12:48< serving> HI Bertl :) 21:12:52< serving> what ? 21:13:25< Bertl> full hdv1 null ptmx pts/ random tty urandom zero 21:15:07< serving> I dont have hdv1 in /dev :O 21:15:39< Bertl> well, you can live without that ... 21:16:03< Bertl> but some will require it, for example those with quota needs 21:16:36< serving> how is it created ? 21:17:25< Bertl> in your case with 'touch /dev/hdv1' 21:17:51< pflanze> ensc: I've had lengthy talks with grsecurity people. 21:17:52< serving> no , I meant at vserver install time ? 21:18:02< ensc> pflanze: any results? 21:18:11< pflanze> While grsecurity *may* interfere with stack frames / gdb, 21:18:21< pflanze> I've now explicitely switched that off 21:18:29< pflanze> and it still gives the same meaningless bt 21:18:36< Bertl> serving: probably with 'touch' too ... 21:18:51< serving> ic . thanx 21:19:09< pflanze> Any strange stuff with vps? 21:19:14< ensc> pflanze: can you strace it? 21:19:16< pflanze> I think I'm going to compile it manually now 21:19:28< pflanze> well, vps on the cmd line does not segfault 21:21:54< Bertl> taxcollector: are you ready for another round? 21:22:11< pflanze> any idea to how to make it segfault? 21:23:20< ensc> pflanze: dunno... as said: please strace it in the wrapper-script 21:23:58< pflanze> (but strace from outside makes it break iirc) 21:24:22< pflanze> ensc: here's what grsec says, if PAX is enabled (it gets this instead of sig 11): 21:24:23< pflanze> May 7 21:02:00 elvis kernel: PAX: execution attempt in: , 00000000-00000000 00000000 21:24:23< pflanze> May 7 21:02:00 elvis kernel: PAX: terminating task: /opt/vserver/sbin/vps_(vps_):4913, uid/euid: 0/0, PC: 000071a3, SP: 593222d4 21:24:23< pflanze> May 7 21:02:00 elvis kernel: PAX: bytes at PC: . 21:24:40< pflanze> Maybe this could give you a hint. 21:25:11< pflanze> maybe not:) 21:25:12< ensc> does not tell me anything... 21:25:30< ensc> 19:41 < ensc> pflanze: try 'chcontext --xid 1 strace -o /tmp/foobar vps_ "$@"' 21:28:48< pflanze> ensc: 21:28:50< pflanze> pflanze, your problem is that the crash occurs in a region that is not by mapped anything 21:28:50< pflanze> so gdb can't resolve it to any symbolic name 21:28:50< pflanze> to me it looks like some invalid function ptr dereference 21:28:50< pflanze> could be the entry point of a library that wasn't properly relocated, or something 21:28:50< pflanze> what does strace show on that failing app? 21:29:55< Bertl> okay, pflanze, this happens when you do what exactly? 21:30:09< pflanze> "vserver gentoo start" 21:30:18< ensc> pflanze: does not tell me anything. Please try the strace'ing! 21:30:30< Bertl> and it's the vps command which fails? 21:30:37< taxcollector> Bertl: I'm back and ready for another round when you are 21:30:48< Bertl> pflanze: try the vps on the host ... 21:30:52< Bertl> taxcollector: great! 21:30:53< taxcollector> Fogot to change my nick when I went out to grab a hotdog ;) 21:31:08< Bertl> no problem, I don't want to starve you to death ... 21:31:10< Bertl> ;) 21:31:16< Bertl> +you+ 21:31:27< Bertl> arg! 21:31:38< Bertl> no problem, I don't want you to starve to death .. ;) 21:32:01< pflanze> (Bertl: vps on the commandline does not segfault.) 21:34:05< Bertl> hmm, and after a segfault you have a coredump, right? 21:34:09< pflanze> yes 21:34:17< Bertl> and files tells you? 21:34:33< Bertl> I mean 'file' 21:34:47< pflanze> /core: ELF 32-bit LSB core file Intel 80386, version 1 (SYSV), SVR4-style, SVR4-style, from 'vps_' 21:35:05< Bertl> hmm vps_ strange, enrico what is this? 21:35:11< pflanze> that's my rename 21:35:19< Bertl> rename of what? 21:35:22< pflanze> It needed a wrapper to ulimit -c unlimitedd 21:35:38< Bertl> huh? 21:35:54< pflanze> vps is a script that does ulimit then exec vps_ "$@" 21:36:08< pflanze> vps_ == original vps 21:36:29>> gilbert [~gilbert@208-186-222-203.nrp4.brv.mn.frontiernet.net] has joined #vserver 21:36:48< Bertl> hi gilbert! 21:37:16< Bertl> hmm, pflanze, are you sure that it isn't your modification which fails? 21:37:24< pflanze> no 21:37:30< pflanze> the segfault was always there 21:37:35< Bertl> then try the vps_ on the host, please 21:37:42< pflanze> how on the host? 21:38:02< Bertl> Host means on xid=0 21:38:57< pflanze> I use "vps auxww" all the time, I've never seen a segfault 21:39:20< Bertl> could you use vps_ please? 21:39:57< pflanze> yes 21:40:04< pflanze> same 21:40:16< Bertl> same = works, or same = segfaults? 21:40:39>> lexo_ [~LeXo@lns-th2-4f-81-56-252-185.adsl.proxad.net] has joined #vserver 21:40:50< Bertl> hi lexo_! 21:41:17< gilbert> helo bert1 and people 21:41:29< pflanze> does not segfault on the commandline. 21:41:38< pflanze> vps is really only 2 lines of shell script! 21:41:57< Bertl> okay, now use gdb, the coredump and the vps_ executable ... 21:42:12< pflanze> and 'vps' never segfaulted on the cmdline before my wrapper, and always did on vserver gentoo start. 21:42:31< Bertl> could you do that for me? 21:42:36< pflanze> That's where I'm currently :), gdb does not want to show a bt 21:42:54< pflanze> (see my discussion with ensc) 21:42:57< Bertl> what was the command issued to start gdb ... 21:43:09< pflanze> gdb /opt/vserver/sbin/vps_ /core 21:43:28< Bertl> okay, an where says? 21:45:04< pflanze> #0 0x00006c5c in ?? () 21:45:06< pflanze> #1 0x4003ddc6 in __libc_start_main () from /lib/libc.so.6 21:45:07< ensc> pflanze: wait... the fault is probably not in my vps, but in ps... 21:45:10< pflanze> this was compiled with -O0 -g3 21:45:12< pflanze> and dietlibc disabled 21:45:24< pflanze> ah?! 21:45:26< ensc> pflanze: can you do 'gdb /bin/ps /core' 21:45:27< pflanze> hehe 21:45:49< ensc> I am lazy an call 'ps' with argv[0]=='vps_' 21:45:54< pflanze> nope 21:45:55< pflanze> warning: core file may not match specified executable file. 21:46:00< pflanze> and no bt either 21:47:05< ensc> pflanze: can you add "argv[0][0]='X';" before src/vps.c:245? 21:47:41< ensc> oh no... does not work 21:47:47>> william [bill@wfamy.net1.nerim.net] has joined #vserver 21:47:47>> franck [~LeXo@lns-th2-4f-81-56-252-185.adsl.proxad.net] has quit [Ping timeout: 480 seconds] 21:47:50< ensc> should be handled already 21:48:00< ensc> pflanze: please do the strace 21:48:16< Bertl> hi bill! 21:48:31< Bertl> taxcollector: okay, then let's continue ... 21:48:34< william> hi 21:48:34< taxcollector> OK 21:52:31< william> i try to fight with vserver. I compiled a kernel under debian i apt-get install vserver. I create a vserver test but when i try to log in my test vserver i arrive in / in my computer 21:54:52< taxcollector> How are you logging in william? 21:56:25< william> computer eth0: 172.20.55.243 eth0:test 172.20.55.242 i connect with ssh bill@172.20.55.242 21:56:41< ensc> pflanze: any progress with strace? 21:56:46< taxcollector> Did you check out this FAQ: http://www.paul.sladen.org/vserver/faq/ ? 21:57:21< pflanze> ensc: well, I don't know how to make it segfault 21:57:38< ensc> pflanze: it does not happen when you strace it? 21:57:42< pflanze> no 21:57:56< pflanze> not even when I just run it by itself 21:58:01< pflanze> (as I said) 21:58:26< ensc> you are doing the strace in the 'vps' wrapper script which is called by 'vserver ... start', right? 21:58:28< pflanze> only when being used by "vserver gentoo start" (and *maybe* other vserver guests too, have to check) 21:58:34< pflanze> AH 21:58:37< pflanze> 'course :) 21:58:39< william> i am reading http://www.linux-vserver.org/index.php?page=Linux-Vserver+FAQ i jump to the other one. let read :-) 22:00:19< pflanze> ensc: upeek: ptrace(PTRACE_PEEKUSER,29787,44,0): No such process 22:00:32< pflanze> that's what I meant with "iirc" 22:00:53< ensc> pflanze: do you followed 21:25 < ensc> 19:41 < ensc> pflanze: try 'chcontext --xid 1 strace -o /tmp/foobar vps_ "$@"' 22:00:55< pflanze> It's the same message I got when I tried "strace -o foo vserver foo enter" 22:00:56< ensc> ? 22:01:01< pflanze> yes 22:02:10< pflanze> vserver gentoo stop just emits the above "upeek:" line, then waits infinitely 22:02:14< pflanze> start is the same 22:02:55< ensc> pflanze: can you comment out the 'switchToWatchXid' related block in src/vps.c 22:02:56< ensc> ? 22:03:53< pflanze> sorry no, start "worked" sort of 22:04:05< pflanze> but did not write any output 22:04:12< pflanze> to the strace -o file 22:04:42< ensc> does this 'chcontext --xid 1 strace -o /tmp/foobar vps_' command works when it is called from the cli? 22:05:00< pflanze> ah not it did write output. strange 22:05:27< pflanze> (last time i had an emtpy output file for whatever reason) 22:05:39< pflanze> I'll do -o `tempfile` now 22:06:27< pflanze> (btw I always get this since I installed the alpha tools: 22:06:28< pflanze> # vserver scrat stop 22:06:28< pflanze> vkill: vc_ctx_kill(): No such process 22:06:29< pflanze> ) 22:06:37< ensc> does not matter 22:06:48< ensc> there is now a 2>/dev/null in CVS 22:08:08< pflanze> (with strace -o `tempfile --prefix=myvps_` /opt/vserver/sbin/vps_ "$@" I get 3 output files, none of them zero, dunno why I got the zero file first but anyway) 22:08:27< pflanze> *but* it does not segfault anymore with the strace 22:08:50< william> ok work better now thx. 22:09:20< taxcollector> np 22:09:22< pflanze> I'm now going to do the switchToWatchXid out 22:09:38< ensc> does not make a difference 22:10:13< ensc> pflanze: comment out the last 'exitLikeProcess()' and try it again without the strace 22:12:30< pflanze> does not segfault anymore, either 22:13:43< pflanze> yep, I've double checked: with the exitLikeProcess in, it segfaults, without it, it doesn't. 22:15:15< ensc> place a 'return 0;' before this exitLikeProcess() 22:16:27< pflanze> does not segfault 22:17:29< ensc> ok, exitLikeProcess() waits for 'ps' and exits like this command --> 'ps' segfaults 22:17:48< ensc> any syslog entries? 22:18:48< pflanze> ..AH, and so vps_ artificially generates a core dump which overwrites the core dump of the ps.. 22:19:40< pflanze> no syslog entries (except for kern.log of course) 22:20:00< ensc> yes 22:20:07>> Khahan [~Filbert@D5E0628B.kabel.telenet.be] has quit [Ping timeout: 480 seconds] 22:20:26< ensc> but I can not explain why you do not see the ps segfault 22:20:33< pflanze> this means that now that we don't dump ourselfs, it should be a ps dump now 22:21:11< pflanze> Well, I see exaclty 4 segfaults in the kernel log upon each vserver start; 22:21:30< pflanze> but one of them is on the subsequent restart of this particular vserver I think 22:21:41< pflanze> or maybe it's 2 and 2? 22:22:10< pflanze> no, 3 of them are at the same time, 1 of them is 5 seconds later 22:23:32< pflanze> and ps itself does not segfault, 22:23:54< pflanze> or I would see it in the kernel log (grsec logging, like it showed vps_ before) 22:24:19< pflanze> So your hypothesis does not seem true. 22:25:30< ensc> I do not know, how the grsec segfault logger works 22:25:58< pflanze> ensc: the guy in #grsecurity is very helpful, reading the assembler to find out what's happening.. 22:26:25< pflanze> should I paste the discussion (to you privately)? 22:27:13< ensc> perhaps 'ps' is not seen it is executed in ctx 1? 22:27:31< ensc> +since 22:27:48< pflanze> Segfauls of processes in ctx 1 or any others *are* logged, afaik 22:28:48< pflanze> yep, this is from "kill -SEGV $$" from inside a vserver (logged in by ssh): 22:28:50< pflanze> May 7 22:28:08 elvis kernel: grsec: From 195.226.6.75: signal 11 sent to (bash:8755) UID(0) EUID(0), parent (sshd:30663) UID(0) EUID(0) 22:28:50< pflanze> May 7 22:28:08 elvis kernel: grsec: From 195.226.6.75: signal 11 sent to (bash:8755) UID(0) EUID(0), parent (sshd:30663) UID(0) EUID(0) 22:28:50< pflanze> May 7 22:28:08 elvis kernel: grsec: From 195.226.6.75: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by (bash:8755) UID(0) EUID(0), parent (sshd:30663) UID(0) EUID(0) 22:29:05< pflanze> strange that the sig11 is logged twice, though 22:29:10>> Khahan [~Filbert@D5E0628B.kabel.telenet.be] has joined #vserver 22:36:32< ensc> pflanze: somehow, you can create pid-tagged coredumps 22:36:52< pflanze> hm, I've thought about it 22:36:54< ensc> echo 1 > /proc/sys/kernel/core_uses_pid 22:37:05< pflanze> but iirc that's not in standard 2.4 kernel (and neither in grsec) 22:37:08< pflanze> ah? 22:37:15< ensc> I am using 2.4.26 22:42:15< pflanze> hm, somehow it does not write core dumps anymore now 22:42:18< pflanze> AH 22:42:26< pflanze> bad me, I was searching with find -name core 22:45:35< pflanze> -rw------- 1 root root 208896 2004-05-07 22:43 /core.391 22:45:35< pflanze> -rw------- 1 root root 208896 2004-05-07 22:43 /vservers/scrat/gentoo/core.26989 22:45:35< pflanze> -rw------- 1 root root 208896 2004-05-07 22:43 /vservers/scrat/gentoo/core.28523 22:45:35< pflanze> -rw------- 1 root root 212992 2004-05-07 22:43 /vservers/scrat/gentoo/core.29589 22:46:10< pflanze> these are the 4 events that are also logged, with the same pids 22:46:43< pflanze> (no other pid logged, no other core around (so *no* double logging)) 22:47:41< ensc> they are all from vps? 22:48:39< pflanze> yep, "file" says for all of them 22:48:48< pflanze> from 'vps_' 22:50:30< pflanze> and gdb does not warn for any of them when using /opt/vserver/sbin/vps_ as program, 22:50:46< pflanze> and for all of them bt gives the same (except for address randomization) 22:51:41< ensc> can you add some debug-code in lib_internal/util-exitlikeprocess.c? e.g. 'dprintf(2, "%u\n", status);' after the wait()? 22:53:54< pflanze> hm, where is this logged to, then using the plain init style? 22:54:43< ensc> should not matter, but you could write to fd 42 and execute 'vserver ... start 42>&1' 22:54:57< pflanze> on vserver stop, I see it to the terminal, but start does omit it 22:56:30< pflanze> hm, it does not even write to the file I gave it 22:56:37< pflanze> start 42>outfile 22:56:39< pflanze> outfile is empty 22:56:52< pflanze> on start 22:57:15< ensc> mmh... can you disable the vshelper? 22:57:20< pflanze> added a line above wait now 22:57:37< pflanze> disable the vshelper? 22:57:41< Bertl> okay, upsdated the paper, new version is at: 22:57:43< Bertl> http://vserver.13thfloor.at/Stuff/PAPER-05.4.txt 22:57:49< ensc> e.g. echo '/bin/true >/proc/sys/kernel/vshelper' 22:59:24< pflanze> what should have changed? still segfaults, still no output on fd 42 23:00:04< pflanze> eh 23:00:08< pflanze> your line wasbuggy :) 23:00:20< ensc> ah ok... 23:00:43< ensc> wanted to test your attention 23:00:55< Bertl> *hehe* 23:02:07< pflanze> hm, no segfault anymore 23:02:16< pflanze> (stil no output to fd 42) 23:02:43< Bertl> okay, enough for now ... cya all later ... 23:02:52< ensc> ok, /sbin/init exits and reboots. 23:03:03>> Bertl is now known as Bertl_oO 23:03:16< ensc> pflanze: activate vshelper logging 23:03:49< ensc> ln -s /var/log/vshelper /etc/vservers/.defaults/apps/vshelper/logfile 23:03:58< ensc> and change the '42' to '2' back 23:04:01< pflanze> already done so 23:04:14< pflanze> no logging output anymore since the echo, of course 23:04:25< ensc> is there any output in the segfault case? 23:04:42< pflanze> Fri May 7 22:58:59 CEST 2004: vshelper restart 49194 23:04:42< pflanze> Fri May 7 22:58:59 CEST 2004: vshelper restart2 49194 23:04:42< pflanze> Restarting vserver '/opt/vserver/etc/vservers/scrat' 23:04:42< pflanze> Can't ignore signal CHLD, forcing to default. 23:04:42< pflanze> Fri May 7 22:59:05 CEST 2004: vshelper restart2 49195 23:05:07< pflanze> that's all - always the same 23:05:42< pflanze> note that the last restart is because the gentoo guest does fail (my primary problem) and upon subsequent boot, 23:05:52< pflanze> debian is choosen instead which stays. 23:06:02< ensc> vshelper gets probably invoked when you do 'vserver ... start' 23:06:30< pflanze> yes I think so 23:13:41< ensc> pflanze: was it you who called the util-vserver tools from a sarge-chroot with vshelper? 23:13:49< pflanze> yes 23:14:34< ensc> when calling 'gdb ...' you took the correct vps binary, right?? 23:14:48< pflanze> yes the one inside the chroot 23:17:56< pflanze> Hm, straange: 23:18:10< pflanze> now it stays with gentoo 23:18:23< pflanze> but it won't start sshd 23:18:48< pflanze> except when starting it manually as "sshd -d" 23:19:18< pflanze> ah, there are no processes aroung 23:19:20< pflanze> around 23:19:42< pflanze> aha: it died, but since vshelper is off, it can't reboot 23:19:58< william> i have allways /proc error when entering a vserver 23:20:17< william> but it is in may /etc/fstab in the vserver 23:22:46< pflanze> william: stable or alpha? 23:23:37< william> patch-2.4.26-vs1.3.9.diff kernel 2.4.26 23:23:59< pflanze> vserver --version 23:25:00< pflanze> ? 23:25:08< william> lot of output 23:25:15< william> but no version 23:25:15< pflanze> just the version number 23:25:22< pflanze> hm then it's probably stable 23:25:55 * pflanze logs into old stable machine to revive memories 23:25:56< william> dpkg give me ii vserver 0.29-3 Virtual private servers and context switching 23:27:05< pflanze> I'm not 100% sure if the 1.3.9 diff is usable with the old tools. 23:27:19< pflanze> You'd have to ask enrico or Bertl 23:27:41< pflanze> you did not have to put /vserver/*/proc into any fstab with the old tools 23:27:44< william> i will switch to util-tools tomorow no pb for me 23:27:47< pflanze> it did mount it all by itself 23:27:52< taxcollector> It is recommended to use the alpha tools for the devel branch 23:27:52< ensc> william: was vprocunhide called? 23:28:49< william> vprocunhide called? ? 23:28:58< ensc> pflanze: create a symlink from one of your ttys to /etc/vservers/.defaults/apps/init/tty 23:29:22< ensc> pflanze: tty == either /dev/tty[1-9]+, or 'tty' output in an xterm 23:29:50< ensc> william: ok, does not exists in 'vserver' tools, but /proc is hidden by default (at least with 2.6 tools) 23:29:56< ensc> s!tools!kernel patch! 23:30:24< william> ok i will try it tomorow 23:30:35< william> go to sleep hard day. see you 23:31:24>> william [bill@wfamy.net1.nerim.net] has quit [Quit: Leaving] 23:33:24< pflanze> ensc: still no output, except for one line: 23:33:25< pflanze> vkill: vc_ctx_kill(): No such process 23:33:27< pflanze> :) 23:33:37< pflanze> this time it is with start! 23:33:46< ensc> in this tty or xterm? 23:33:50< pflanze> so the tty redirection does take effect, but not enough 23:33:52< pflanze> in xterm 23:34:52< pflanze> (ssh login that is) 23:50:16< pflanze> So why does it only segfault if vshelper is active? 23:52:46< ensc> dunno; it may be a grsec thing when binaries are called from the kernel 23:53:09< ensc> certain restrictions, other mapping, ... 23:53:13< pflanze> aha 23:53:41< pflanze> you mean that the *vshelper* is calling vps? 23:53:46< ensc> yes 23:53:51< ensc> it calls 'vserver ... stop' 23:54:12< pflanze> k --- Log closed sob maj 08 00:00:48 2004