From jack@solucorp.qc.ca Tue Jan 29 01:39:05 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g0T6d4Ah029729 for ; Tue, 29 Jan 2002 01:39:04 -0500 Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g0T6K8R18807 for ; Tue, 29 Jan 2002 01:20:08 -0500 Received: from remtk.solucorp.qc.ca (g36-101.citenet.net [206.123.36.101]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g0T6M5B52863 for ; Tue, 29 Jan 2002 01:22:05 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g0T6LRJ03481 for vserver@dns.solucorp.qc.ca; Tue, 29 Jan 2002 01:21:27 -0500 From: Jacques Gelinas Date: Tue, 29 Jan 2002 01:21:27 -0500 To: Vserver mailing list Subject: vserver 0.10 change log X-mailer: tlmpmail 0.1 Message-ID: <20020129012127.151a5d49e79f@remtk.solucorp.qc.ca> X-IMAPbase: 1012314422 1321 Status: RO X-Status: X-Keywords: X-UID: 1 vserver 0.10 Change log 1. Enhancements 1.1. /usr/lib/vserver/vdu: New This is a limited clone of the du command. It skips file with more than one link. It is used to evaluate the disk usage of an unified vserver. Using the normal du for this task is misleading since it will count all unified files. 1.2. /usr/sbin/newvserver: more stats The utility now reports more statistic about the amount of file and directory copied/linked. 1.3. CAP_SYS_CHROOT capability It is now possible to remove this capability from a vserver (No process, not even root, in a vserver can use the chroot system call). Just place !CAP_SYS_CHROOT in the S_CAPS variable of the vserver configuration file. To support this feature, the /usr/sbin/vserver script had to be reworked a bit since entering a vserver context involves using chroot. So we had to kind of enter the context, then kill CAP_SYS_CHROOT 1.4. chroot and security issues: plugged The new ctx-6 kernel solves the issues with chroot. With previous kernel, root inside a vserver with the CAP_SYS_CHROOT capability was able to escape out of the vserver and enter the root server. We solve this using a single line in fs/namei.c:vfs_permission(). All chroot escape involves walking you way toward the real root using relative chdir (chdir("..")). The trick was to make the /vservers directory into a "no man land" by issuing the following command: chmod 000 /vservers Setting these permission bits (well turning them all off) make the directory inaccessible for any other user than root. The change in the kernel ctx-6 makes such a directory unusable even by root in a different security context (not 0). The /usr/sbin/vserver will create the /vservers appropriately. If the directory exist, it will check the permissions and signal the admin if they are not 000. 1.5. New kernel ctx-6 The new kernel patch-2.4.17ctx-6 introduce many enhancements. This is still binary compatible, so moving to this kernel does not involve any configuration changes. Updating to vserver 0.10 is recommended, but there is no special upgrade step. The features are: + /dev/pts is now private in each vserver. One vserver can't see or interfere with the other pseudo-tty of the other server, including the root server. + Network device: A vserver can only see the network device associated with its ipv4 root. + system V ipc: The sysv ipc resources are now private per security context. + The fakeinit concept allow usage of a normal /sbin/init in a vserver. + A signal handling bug was solved. The most noticeable feature is that cntrl-C now work when using "vserver name enter". Other networking issue are probably solved by this. You can get the patch and binaries as usual from ftp://ftp.solucorp.qc.ca/pub/vserver. The pub/vserver/patches also contains a relative patch from ctx-5 to ctx-6. You can review what was done this way. This kernel plugs probably most security issues. There is still to many things visible in /proc as seen from a vserver. A new file system called vproc will be written to provide a limited view. While this kernel should prevent a vserver administrator to gain access to the vserver, there are still ways to produce some DOS by exhausting all resources. The nproc feature works correctly and control the amount of processes used by a vserver. Some more work is needed to address all the other resource limits (files, memory, ...) 1.6. No NIS domain in a vserver A vserver may be run with a different NIS domain name than the root server. Or it could run with the same. To keep the same domain name, one just had to set the S_DOMAINNAME variable to the vserver configuration file to nothing. There were no way to tell that you did not want a NIS domain name in a vserver when there was one set in the root server. You can now enter "none" as the S_DOMAINNAME value to achieve this. 1.7. Per vserver /sbin/init The ctx-6 kernel supports the fakeinit context flag. This flag is entered in the S_FLAGS line of the vserver configuration file (/etc/vservers/xx.conf). Once you set this flag, the vserver will be started and stop using /sbin/init, found in the vserver environment. This is a normal /sbin/init as supplied by the distribution. You should take care of cleaning up /etc/inittab in the vserver environment. Using this feature, it is possible to use various run level in the vserver, switch between them and so on. You can also use respawn /etc/inittab services as well. Here is what fakeinit does in the kernel: This assigned the current process so it works like the process number 1. Using this trick, a normal /sbin/init may be run in a vserver. The /usr/sbin/vserver command will use /sbin/init to start and stop a vserver. A properly configured /etc/inittab is needed though. + Processes loosing their parent are re-parent to this process. + getppid() done by child process of this process returns 1. + getpid() done by this process returns 1. + This process is not shown in /proc since process number 1 is always shown. + An "initpid" entry is available in /proc/*/status to tell which process is the fake init process. One nice thing about this feature is that the /usr/sbin/vserver is somewhat distribution independent. It simply runs /sbin/init to start a vserver and then "/sbin/init 6" to stop it (and then kills the remaining process). There are some drawbacks (for now) though and input are welcome. First, the vserver start-up is no more synchronous. The /usr/sbin/vserver used to run "/etc/rc.d/rc 3" and wait until it ends. Now, it runs /sbin/init, but /sbin/init won't end until the vserver ends. So /usr/sbin/vserver has to let go /sbin/init in background. This is a little annoying. When a vserver is started like this, we don't see all the service started as before. Without fakeinit, we see each service getting started and a OK/FAIL message for each. Now, it goes completely silent. I have not investigated this behavior. I suspect /sbin/init is opening a new tty (console) and runs the start-up scripts using that newly open console. Since /sbin/init runs all the start-up code, we don't know when it is done so we can't run the post-start section of the /etc/vservers/xx.sh script properly. Note that both start-up strategy still work: fakeinit and the original. So you current vserver installation will work as before without any fiddling. Once we have iron out the fakeinit drawback, this will become the default way of doing things. 1.8. Some capability missing The chcontext and reducecap utility were incomplete. Many capabilities were not handled. They are now complete. 2. Bug fixes 2.1. /usr/sbin/vserver-stat: some fixes The vserver-stat utility had various output glitches. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From jack@solucorp.qc.ca Thu Jan 31 11:04:37 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g0VG4aAh018070 for ; Thu, 31 Jan 2002 11:04:36 -0500 Received: from noc.easyspace.net (noc.easyspace.net [62.254.202.67]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g0VFhQR26212 for ; Thu, 31 Jan 2002 10:43:26 -0500 Received: from hoffman.vilain.net (gw1.noc.easyspace.net [62.254.202.66]) by noc.easyspace.net (8.11.0/8.11.0) with ESMTP id g0VFO7630786 for ; Thu, 31 Jan 2002 15:24:07 GMT Received: from hoffman.vilain.net ([127.0.0.1] helo=hoffman ident=sam) by hoffman.vilain.net with smtp (Exim 3.33 #1 (Debian)) id 16WJNf-0008Dg-00 for ; Thu, 31 Jan 2002 15:44:07 +0000 Date: Thu, 31 Jan 2002 15:44:07 +0000 From: Sam Vilain To: Vserver mailing list Subject: p->p_opptr = child_reaper; X-Mailer: Sylpheed version 0.7.0 (GTK+ 1.2.10; i386-debian-linux-gnu) X-Face: NErb*2NY4\th?$s.!!]_9le_WtWE'b4;dk<5ot)OW2hErS|tE6~D3errlO^fVil?{qe4Lp_m\&Ja!;>%JqlMPd27X|;b!GH'O.,NhF*)e\ln4W}kFL5c`5t'9,(~Bm_&on,0Ze"D>rFJ$Y[U""nR Status: RO X-Status: X-Keywords: X-UID: 2 exit.c seems to be different in 2.4.18-pre7 than in 2.4.17: for_each_task(p) { if (p->p_opptr == father) { /* We dont want people slaying init */ p->exit_signal = SIGCHLD; p->self_exec_id++; /* Make sure we're not reparenting to ourselves */ if (p == reaper) p->p_opptr = child_reaper; else p->p_opptr = reaper; if (p->pdeath_signal) send_sig(p->pdeath_signal, p, 0); } } This patch doesn't apply: *************** *** 167,171 **** p->exit_signal = SIGCHLD; p->self_exec_id++; ! p->p_opptr = child_reaper; if (p->pdeath_signal) send_sig(p->pdeath_signal, p, 0); } --- 176,180 ---- p->exit_signal = SIGCHLD; p->self_exec_id++; ! p->p_opptr = reaper; if (p->pdeath_signal) send_sig(p->pdeath_signal, p, 0); } Can anyone tell me what's happening here? Sam. From jack@solucorp.qc.ca Thu Jan 31 11:09:36 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g0VG9ZAh018091 for ; Thu, 31 Jan 2002 11:09:35 -0500 Received: from noc.easyspace.net (noc.easyspace.net [62.254.202.67]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g0VFfwR26195 for ; Thu, 31 Jan 2002 10:41:59 -0500 Received: from hoffman.vilain.net (gw1.noc.easyspace.net [62.254.202.66]) by noc.easyspace.net (8.11.0/8.11.0) with ESMTP id g0VFMY630723 for ; Thu, 31 Jan 2002 15:22:34 GMT Received: from hoffman.vilain.net ([127.0.0.1] helo=hoffman ident=sam) by hoffman.vilain.net with smtp (Exim 3.33 #1 (Debian)) id 16WJMB-0008Db-00 for ; Thu, 31 Jan 2002 15:42:35 +0000 Date: Thu, 31 Jan 2002 15:42:34 +0000 From: Sam Vilain To: Vserver mailing list Subject: s_context in /proc/NNNN/stat? X-Mailer: Sylpheed version 0.7.0 (GTK+ 1.2.10; i386-debian-linux-gnu) X-Face: NErb*2NY4\th?$s.!!]_9le_WtWE'b4;dk<5ot)OW2hErS|tE6~D3errlO^fVil?{qe4Lp_m\&Ja!;>%JqlMPd27X|;b!GH'O.,NhF*)e\ln4W}kFL5c`5t'9,(~Bm_&on,0Ze"D>rFJ$Y[U""nR Status: RO X-Status: X-Keywords: X-UID: 3 I was thinking it would probably be useful to include the security context in /proc/NNN/stat so that psutils and other similar tools could have a selection and display switch for it. Would that be the right way to do it? Sam. From jack@solucorp.qc.ca Fri Feb 1 16:44:07 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g11Li6Ah028716 for ; Fri, 1 Feb 2002 16:44:06 -0500 Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g11LOcR02189 for ; Fri, 1 Feb 2002 16:24:38 -0500 Received: from remtk.solucorp.qc.ca (g39-165.citenet.net [206.123.39.165]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g11LRDB98019 for ; Fri, 1 Feb 2002 16:27:13 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g11LHfm04206 for vserver@dns.solucorp.qc.ca; Fri, 1 Feb 2002 16:17:41 -0500 From: Jacques Gelinas Date: Fri, 1 Feb 2002 16:17:41 -0500 To: Vserver mailing list Subject: re: s_context in /proc/NNNN/stat? X-mailer: tlmpmail 0.1 Message-ID: <20020201161741.126af2ec96a3@remtk.solucorp.qc.ca> Status: RO X-Status: X-Keywords: X-UID: 4 On Thu, 31 Jan 2002 15:42:34 -0500, Sam Vilain wrote > I was thinking it would probably be useful to include the security context > in /proc/NNN/stat so that psutils and other similar tools could have a > selection and display switch for it. > > Would that be the right way to do it? We have it in /proc/NNNN/status, as well as few other things such as the ipv4root. It that enough ? --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From jack@solucorp.qc.ca Fri Feb 1 22:32:04 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g123W3Ah030584 for ; Fri, 1 Feb 2002 22:32:04 -0500 Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g123FPR10691 for ; Fri, 1 Feb 2002 22:15:25 -0500 Received: from remtk.solucorp.qc.ca (g36-123.citenet.net [206.123.36.123]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g123I2B15230 for ; Fri, 1 Feb 2002 22:18:02 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g122lEG05070 for vserver@dns.solucorp.qc.ca; Fri, 1 Feb 2002 21:47:14 -0500 From: Jacques Gelinas Date: Fri, 1 Feb 2002 21:47:14 -0500 To: Vserver mailing list Subject: re: Ethernet binding problems X-mailer: tlmpmail 0.1 Message-ID: <20020201214714.830fd117ae8d@remtk.solucorp.qc.ca> Status: RO X-Status: X-Keywords: X-UID: 5 On Thu, 31 Jan 2002 13:15:18 -0500, Matthew Brichacek wrote > Hello, I have been using vserver for a few days to set up a test lab. > The servers themselves are running fine, however I am getting some very > erratic behavior out of the ethernet. When I reboot and bond all the > servers to myri0 it will only bond 5 (sometimes), the other 5 I can > enter by hand (sometimes) other times I get the errors: > > ifconfig myri0:10 192.168.1.210 up > SIOCSIFFLAGS: Cannot assign requested address > SIOCSIFFLAGS: Cannot assign requested address Are you using kernel 2.4.17ctx-6 ? There is a bug/feature in this kernel: A vserver only see the network device it has been assigned to. So far so good, this is the feature. Now this feature was implemented in the kernel using the ipv4root as the key. So it is not per se a vserver concept. For example, if you do this on the console. /sbin/ifconfig you see everything. then you do /usr/sbin/chbind --ip 1.2.3.4 /bin/sh /sbin/ifconfig exit you end up seeing nothing. The chbind call is tying this process to the IP 1.2.3.4 and now the kernel only reports about the interface matching this one: None. Now, how is this affecting you. I guess that you wanted access to ssh or some telnet services in the vserver, so you disabled the sshd or xinetd services on the root server and enabled v_sshd or v_xinetd. Then you log to the root server using one ssh or telnet. the v_xx service are tying a service to a single IP, allowing the various vservers to bind to the same service. By binding sshd to a single IP, all shells started by sshd inherit this binding. With ctx-6, they can't see all the interfaces. So if you try to start a new vserver, or restart an old one, you will see those messages. I have fixed this problem by disabling this functionality for security context 0. So the root server still see all device and vserver only see their own stuff. The solution for now is to start vservers from the console, or do /usr/sbin/chbind --ip 0.0.0.0 /bin/sh /usr/sbin/vserver server start Note that root in security context 0 already had the ability to change its ipv4root binding unlike root in vserver which are locked with this IP. > i will get the same errors with eth0 and eth1 also. Am i reaching a > limitation in the TCP/IP stack? It doesn't seem like it since I can > still add them by hand when the machine feels like letting me. Is there > a kernel config option I am missing? (all packages/kernel built > manually) I have attached a copy of my 01.conf (it's the same for all > except the IP and hostname change) and my .config. If you need anything > else please let me know. It's a cosmetic bug :-) Sorry! --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From jack@solucorp.qc.ca Sat Feb 2 06:31:31 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g12BVUAh000694 for ; Sat, 2 Feb 2002 06:31:30 -0500 Received: from mail1-gui.server.ntli.net (mail1-gui.server.ntli.net [194.168.222.13]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g12BHTR17974 for ; Sat, 2 Feb 2002 06:17:29 -0500 Received: from irishsea.home.craig-wood.com ([62.253.119.64]) by mail1-gui.server.ntli.net (Post.Office MTA v3.1 release PO203a ID# 0-33929U70000L2S50) with ESMTP id AAA14596; Sat, 2 Feb 2002 11:17:23 +0000 Received: (from ncw@localhost) by irishsea.home.craig-wood.com (8.11.6/8.11.6) id g12BHMU32259; Sat, 2 Feb 2002 11:17:22 GMT Date: Sat, 2 Feb 2002 11:17:22 +0000 From: Nick Craig-Wood To: Jacques Gelinas Cc: Vserver mailing list Subject: Re: Ethernet binding problems Message-ID: <20020202111722.A32169@axis.demon.co.uk> References: <20020201214714.830fd117ae8d@remtk.solucorp.qc.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020201214714.830fd117ae8d@remtk.solucorp.qc.ca>; from jack@solucorp.qc.ca on Fri, Feb 01, 2002 at 09:47:14PM -0500 Status: RO X-Status: X-Keywords: X-UID: 6 On Fri, Feb 01, 2002 at 09:47:14PM -0500, Jacques Gelinas wrote: > Now, how is this affecting you. I guess that you wanted access to ssh or > some telnet services in the vserver, so you disabled the sshd or xinetd > services on the root server and enabled v_sshd or v_xinetd. Then you > log to the root server using one ssh or telnet. the v_xx service are tying > a service to a single IP, allowing the various vservers to bind to the same > service. > > By binding sshd to a single IP, all shells started by sshd inherit this > binding. With ctx-6, they can't see all the interfaces. So if you try > to start a new vserver, or restart an old one, you will see those messages. > > I have fixed this problem by disabling this functionality for security context > 0. So the root server still see all device and vserver only see > their own stuff. For the specific case of sshd you can use ListenAddress in /etc/ssh/sshd_config instead of v_sshd which I guess would fix the above problem too. ListenAddress Specifies the local addresses sshd should listen on. The follow- ing forms may be used: ListenAddress host|IPv4_addr|IPv6_addr ListenAddress host|IPv4_addr:port ListenAddress [host|IPv6_addr]:port If port is not specified, sshd will listen on the address and all prior Port options specified. The default is to listen on all local addresses. Multiple ListenAddress options are permitted. Additionally, any Port options must precede this option for non port qualified addresses. -- Nick Craig-Wood ncw1@axis.demon.co.uk From jack@solucorp.qc.ca Sat Feb 2 10:27:16 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g12FRGAh001440 for ; Sat, 2 Feb 2002 10:27:16 -0500 Received: from n010080.nbs.netland.nl (n010123.nbs.netland.nl [217.170.46.123] (may be forged)) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g12FFwR21428 for ; Sat, 2 Feb 2002 10:15:58 -0500 Received: from office.netland.nl (shocks.nbs.arts-betel.org [192.168.11.25] (may be forged)) by n010080.nbs.netland.nl (8.11.0/8.11.0) with ESMTP id g12FFvP24981 for ; Sat, 2 Feb 2002 16:15:57 +0100 Message-ID: <3C5C02A8.7000604@office.netland.nl> Date: Sat, 02 Feb 2002 16:15:52 +0100 From: Ron Arts Reply-To: raarts@office.netland.nl Organization: Netland Internet Services User-Agent: Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:0.9.7) Gecko/20011221 X-Accept-Language: nl, en MIME-Version: 1.0 To: Vserver mailing list Subject: vserver-stat output corrupted - increasing loadavg values References: <20020201161741.126af2ec96a3@remtk.solucorp.qc.ca> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Status: RO X-Status: X-Keywords: X-UID: 7 Hi, I'm running vserver (very enthusiastic about it BTW). I'm experiencing ever increasing loadavg values. It does not seem to do any harm, also the machine does not seem to be actually slowing down, very responsive, no diskactivity. vserver-stat output: CTX# PROC QTY VSZ RSS userTIME sysTIME UPTIME NAME 0 33 52Mb 4Kb 24m03.25 9m52.21 17h23m58 root server 4 36 1Gb 298Kb 5m12.08 m39.72 17h11m49 db 5 23 860Mb 68Kb 5m11.24 m40.88 17h11m41 mir1 7 18 1Gb 20Kb 5m24.91 m39.97 17h11m31 web 8 18 1Gb 14Kb m02.73 m00.16 11m18.18 www1 9 18 1Gb 14Kb m01.36 m00.16 11m08.99 www2 11 212174386176b 420Kb m01.70 m01.80 8m54.12 pro1 vtop output: 3:54pm up 17:25, 1 user, load average: 48.83, 36.04, 17.78 168 processes: 167 sleeping, 1 running, 0 zombie, 0 stopped CPU0 states: 0.0% user, 0.0% system, 0.0% nice, 100.0% idle CPU1 states: 0.4% user, 6.2% system, 0.0% nice, 92.5% idle Mem: 384832K av, 377360K used, 7472K free, 0K shrd, 43440K buff Swap: 522072K av, 35492K used, 486580K free 45392K cached PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND 16944 root 14 0 1132 1132 836 R 7.1 0.2 0:02 top 1 root 8 0 524 524 496 S 0.0 0.1 0:05 init 2 root 9 0 0 0 0 SW 0.0 0.0 0:00 keventd 3 root 19 19 0 0 0 SWN 0.0 0.0 0:00 ksoftirqd_CPU0 4 root 19 19 0 0 0 SWN 0.0 0.0 0:00 ksoftirqd_CPU1 5 root 9 0 0 0 0 SW 0.0 0.0 0:24 kswapd 6 root 9 0 0 0 0 SW 0.0 0.0 0:00 bdflush 7 root 9 0 0 0 0 SW 0.0 0.0 0:01 kupdated 78 root 9 0 0 0 0 SW 0.0 0.0 0:00 khubd 184 root 9 0 0 0 0 SW 0.0 0.0 0:00 kjournald 185 root 9 0 0 0 0 DW 0.0 0.0 0:10 kjournald Previously all was running well, but it started when I renamed 4 vservers (renamed top level directory, and /etv/ververs/ config filenames). I did not change anything else inside any vservers. After rebooting the machine the vserver-stat output was still corrupted, but the loadavg did not increase any more. I'm running 2.4.17ctx-6 Any ideas? Ron From jack@solucorp.qc.ca Mon Feb 4 11:55:07 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g14Gt5Ah027745 for ; Mon, 4 Feb 2002 11:55:06 -0500 Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g14GQMR10083 for ; Mon, 4 Feb 2002 11:26:22 -0500 Received: from remtk.solucorp.qc.ca (g39-9.citenet.net [206.123.39.9]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g14GQb683383 for ; Mon, 4 Feb 2002 11:26:37 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g14G1Fu03835 for vserver@dns.solucorp.qc.ca; Mon, 4 Feb 2002 11:01:15 -0500 From: Jacques Gelinas Date: Mon, 4 Feb 2002 11:01:15 -0500 To: Vserver mailing list Subject: re: [useradd] Adding user fails in vserver X-mailer: tlmpmail 0.1 Message-ID: <20020204110115.9ac72b21840a@remtk.solucorp.qc.ca> Status: RO X-Status: X-Keywords: X-UID: 8 On Mon, 4 Feb 2002 10:10:17 -0500, Thomas Preissler wrote > Hello, > > I just figured out, that adding a user with "useradd " > fails with "useradd: cannot rewrite password file". > > vs1:~ # lsattr /etc/passwd > ------------ /etc/passwd > > Is this already known and how do I avoid this? First time I hear this. I HAS to work. What are you getting if you do /usr/lib/vserver/showattr /vserver/name/etc/passwd normally, there should not be any extended attribute on this file. It should print 00000000. Note that showattr is simply a stripped down lsattr We have added one new extended attribute and the stock lsattr does not show it. showattr simply dumps the bits. I just tried it on a unified rh7.2 and mdk8.1 vserver and both are working. Which distribution is this ? version ? I assume this vserver is unified. Send me (as an attachement) the output of the following command rpm -qf /etc/passwd --dump Normally, this file should be duplicated when you create a vserver. So each vserver should be able to use whatever tool it wants to maintain it. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From jack@solucorp.qc.ca Mon Feb 4 12:00:14 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g14H0DAh027807 for ; Mon, 4 Feb 2002 12:00:14 -0500 Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g14GQOR10086 for ; Mon, 4 Feb 2002 11:26:24 -0500 Received: from remtk.solucorp.qc.ca (g39-9.citenet.net [206.123.39.9]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g14GQc683386 for ; Mon, 4 Feb 2002 11:26:39 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g14GMrO03864 for vserver@dns.solucorp.qc.ca; Mon, 4 Feb 2002 11:22:53 -0500 From: Jacques Gelinas Date: Mon, 4 Feb 2002 11:22:53 -0500 To: Vserver mailing list Subject: re: vserver-stat output corrupted - increasing loadavg values X-mailer: tlmpmail 0.1 Message-ID: <20020204112253.af653811b683@remtk.solucorp.qc.ca> Status: RO X-Status: X-Keywords: X-UID: 9 On Sat, 2 Feb 2002 16:15:52 -0500, Ron Arts wrote > Hi, > > I'm running vserver (very enthusiastic about it BTW). > I'm experiencing ever increasing loadavg values. It does not > seem to do any harm, also the machine does not seem to be > actually slowing down, very responsive, no diskactivity. Indeed, vtop shows a very high load, yet, shows that both cpus are pretty much doing nothing. I have seen this sometime. This is probably a kernel bug. Basicaly, the loadavg is computed from all the processes READY at a given time. In general, a process is either Sleeping or Ready to run. For some reason, a process get in a Ready state yet, is not really ready to run. It is locked somewhere in the kernel, in a driver for example. So the loadavg account for this process, but given it is not really ready, it does not use any CPU at all. To see this, using the /usr/sbin/vps command /usr/sbin/vps ax You will see 46 lines with the status R instead of S. These are the offending processes. Now why they are blocked this way, I can't tell. But knowing which processes are stuck may help. > vtop output: > > 3:54pm up 17:25, 1 user, load average: 48.83, 36.04, 17.78 > 168 processes: 167 sleeping, 1 running, 0 zombie, 0 stopped > CPU0 states: 0.0% user, 0.0% system, 0.0% nice, 100.0% idle > CPU1 states: 0.4% user, 6.2% system, 0.0% nice, 92.5% idle > Mem: 384832K av, 377360K used, 7472K free, 0K shrd, 43440K buff > Swap: 522072K av, 35492K used, 486580K free 45392K cached > > PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND > 16944 root 14 0 1132 1132 836 R 7.1 0.2 0:02 top > 1 root 8 0 524 524 496 S 0.0 0.1 0:05 init > Previously all was running well, but it started when I renamed 4 vservers > (renamed top level directory, and /etv/ververs/ config filenames). > I did not change anything else inside any vservers. When you rename a vserver and it is running, you must also rename the /var/run/vservers/name.ctx file. Unless you do so, the vserver script will think the vserver is not running. > After rebooting the machine the vserver-stat output was still corrupted, > but the loadavg did not increase any more. Are you using vserver 0.10. Some fixes were made to the vserver-stat utility (guillaume ?) --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From jack@solucorp.qc.ca Mon Feb 4 15:34:39 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g14KYbAh029251 for ; Mon, 4 Feb 2002 15:34:38 -0500 Received: from mail.SerNet.DE (mail.SerNet.DE [193.159.217.66]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g14KAHR15104 for ; Mon, 4 Feb 2002 15:10:17 -0500 Received: from intern.SerNet.DE by mail.SerNet.DE with esmtp (Exim 2.12 #1) for vserver@dns.solucorp.qc.ca id 16XpRR-0003cJ-00; Mon, 4 Feb 2002 21:10:17 +0100 Received: by intern.SerNet.DE id 16XpRR-0003nN-00; Mon, 04 Feb 2002 21:10:17 +0100 From: Krischan Jodies To: Subject: Re: [useradd] Adding user fails in vserver Date: Mon, 4 Feb 2002 21:06:49 +0100 References: <20020204110115.9ac72b21840a@remtk.solucorp.qc.ca> In-Reply-To: <20020204110115.9ac72b21840a@remtk.solucorp.qc.ca> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit Message-Id: Organization: Service Network GmbH, Goettingen, Germany Status: RO X-Status: X-Keywords: X-UID: 10 Am Montag, 4. Februar 2002 17:01 schrieb Jacques Gelinas: > First time I hear this. I HAS to work. I have an idea what the reason could be: Maybe the different distributions use buggy sources for their useradd. We have the same problem on a SuSE 7.3. Our vserver /etc Directorys are completly unique for every vserver, we do not unify in the common way, instead we mount --bind /usr /bin /sbin /lib from a master partition in every vserver. So there are no special flags on any file in the vserver. dynip:~ # ./showattr /etc/passwd /etc/passwd 00000000 Lutz Pressler noticed the same problem in another place: krischan@dynip:~> mail Mail version 8.1 6/6/93. Type ? for help. "/var/mail/krischan": 1 message 1 new >N 1 root@dynip.sernet.de Mon Feb 04 19:45 14/486 "test" & q Unable to lock mailbox: Permission denied I straced useradd and found this difference between a "normal" linux useradd and ctx-6: [normal linux] umask(0777) = 022 open("/etc/passwd+", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 5 umask(022) [...] [ctx-6] umask(0777) = 022 open("/etc/passwd+", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = -1 EACCES (Permission denied) umask(022) = 0777 write(2, "useradd: cannot rewrite password"..., 38useradd: cannot rewrite password file ) = 38 open() while using umask 0777 delivers EACCES even if you are root. A little test program strips the problem down: #include #include #include #include #include #include int main () { int fd; umask(0777); if ((fd = open("testfile",O_WRONLY|O_CREAT|O_TRUNC, 0666)) < 0) { printf("%s\n",strerror(errno)); } printf("%d\n",fd); } If you try it on in the main server: server[0]:~ # rm testfile server[0]:~ # ./test 3 server[0]:~ # ./test 3 server[0]:~ # uname -a Linux server 2.4.17ctx-6 #1 Wed Jan 30 14:31:55 CET 2002 i686 unknown server[0]:~ # -> root may open the file with permission 0000 wether the file exists or not. in the vserver: dynip[30]:~ # ./test Permission denied -1 dynip[30]:~ # ls -l testfile ---------- 1 root root 0 Feb 4 20:39 testfile dynip[30]:~ # rm testfile rm: remove write-protected file `testfile'? y dynip[30]:~ # ./test Permission denied -1 dynip[30]:~ # -> root must not open the file with permission 0000 under any circumstances It looks a little different in the main server when you are not root: test@server:~> rm testfile rm: remove write-protected file `testfile'? y test@server:~> ./test 3 test@server:~> ./test Permission denied -1 test@server:~> -> It works for a normal user if the file did not exist before. So the point in a vserver environment is, that root gets permission denied even when the file did _not_ exist before and is tried to be opened with file mode 0000. The not working code in the mail command tries a similar open before it fails: open("/var/mail/.dynip.4f490", O_WRONLY|O_CREAT|O_TRUNC|O_EXCL|O_SYNC, 0) = -1 EACCES (Permission denied) (unchanged umask but mode 0) Any idea which dropped capability this might be? Perhaps it has something to do with your chroot hack? Please try a strace on your redhat / mandrake useradd to see what happens when /etc/passwd+ is openend with umask 0777. I will attach my straces of useradd and mail. I would assume, that if this idea really is right, the bug is located in the programs that open files without sufficent permission to write into them (and afterwards are surprised that they really can't write) and not the kernel/ctx-patch. (But of course we would be happy if you find a way to fix this anyways :-)) Thanks, Krischan -- Service Network GmbH, mailto:kjodies@SerNet.DE, http://www.SerNet.DE phone: +49-551-370000-0, fax: +49-551-370000-9 From jack@solucorp.qc.ca Mon Feb 4 18:06:34 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g14N6XAh030282 for ; Mon, 4 Feb 2002 18:06:34 -0500 Received: from n010080.nbs.netland.nl (n010123.nbs.netland.nl [217.170.46.123] (may be forged)) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g14MiMR18368 for ; Mon, 4 Feb 2002 17:44:22 -0500 Received: from office.netland.nl (shocks.nbs.arts-betel.org [192.168.11.25] (may be forged)) by n010080.nbs.netland.nl (8.11.0/8.11.0) with ESMTP id g14MiL627597 for ; Mon, 4 Feb 2002 23:44:21 +0100 Message-ID: <3C5F0EC0.8020005@office.netland.nl> Date: Mon, 04 Feb 2002 23:44:16 +0100 From: Ron Arts Reply-To: raarts@office.netland.nl Organization: Netland Internet Services User-Agent: Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:0.9.7) Gecko/20011221 X-Accept-Language: nl, en MIME-Version: 1.0 To: Vserver mailing list Subject: Re: vserver-stat output corrupted - increasing loadavg values References: <20020204112253.af653811b683@remtk.solucorp.qc.ca> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Status: RO X-Status: X-Keywords: X-UID: 11 Jacques Gelinas wrote: > When you rename a vserver and it is running, you must also rename the > /var/run/vservers/name.ctx file. Unless you do so, the vserver script will > think the vserver is not running. > > >>After rebooting the machine the vserver-stat output was still corrupted, >>but the loadavg did not increase any more. >> > > Are you using vserver 0.10. Some fixes were made to the vserver-stat utility > (guillaume ?) > Yes, I am using 0.10, and I stopped all vservers before renaming. Ron From jack@solucorp.qc.ca Mon Feb 4 18:14:13 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g14NECAh030352 for ; Mon, 4 Feb 2002 18:14:12 -0500 Received: from n010080.nbs.netland.nl (n010123.nbs.netland.nl [217.170.46.123] (may be forged)) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g14MuHR18605 for ; Mon, 4 Feb 2002 17:56:17 -0500 Received: from office.netland.nl (shocks.nbs.arts-betel.org [192.168.11.25] (may be forged)) by n010080.nbs.netland.nl (8.11.0/8.11.0) with ESMTP id g14MuH628104 for ; Mon, 4 Feb 2002 23:56:17 +0100 Message-ID: <3C5F118C.6000408@office.netland.nl> Date: Mon, 04 Feb 2002 23:56:12 +0100 From: Ron Arts Reply-To: raarts@office.netland.nl Organization: Netland Internet Services User-Agent: Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:0.9.7) Gecko/20011221 X-Accept-Language: nl, en MIME-Version: 1.0 To: vserver@dns.solucorp.qc.ca Subject: Re: [useradd] Adding user fails in vserver References: <20020204110115.9ac72b21840a@remtk.solucorp.qc.ca> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Status: RO X-Status: X-Keywords: X-UID: 12 Krischan Jodies wrote: > Am Montag, 4. Februar 2002 17:01 schrieb Jacques Gelinas: > > >>First time I hear this. I HAS to work. >> > > I have an idea what the reason could be: Maybe the different distributions > use buggy sources for their useradd. > [ removed ] > (unchanged umask but mode 0) > > Any idea which dropped capability this might be? Perhaps it has something to > do with your chroot hack? > > Please try a strace on your redhat / mandrake useradd to see what happens > when /etc/passwd+ is openend with umask 0777. I will attach my straces of > useradd and mail. > > I would assume, that if this idea really is right, the bug is located in the > programs that open files without sufficent permission to write into them (and > afterwards are surprised that they really can't write) and not the > kernel/ctx-patch. (But of course we would be happy if you find a way to fix > this anyways :-)) > > Thanks, > > Krischan > I experience the same problem on a plain redhat-7.2 distribution and 2.4.17ctx6. Also straced useradd, and came to the same conclusion: umask(0777) gives problems when creating files. I don't think its an application problem. Maybe an interaction between ctx6 and some other kernel feature? I enabled BSD process accounting, PCMCIA (wireless LAN), Quota, EXT3 amongh others, but otherwise a fairly minimal kernel. Ron Arts From jack@solucorp.qc.ca Tue Feb 5 00:12:20 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g155CJAh008886 for ; Tue, 5 Feb 2002 00:12:20 -0500 Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g154kFR25476 for ; Mon, 4 Feb 2002 23:46:16 -0500 Received: from remtk.solucorp.qc.ca (g36-99.citenet.net [206.123.36.99]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g154ka640317 for ; Mon, 4 Feb 2002 23:46:36 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g154lGM05006 for vserver@dns.solucorp.qc.ca; Mon, 4 Feb 2002 23:47:16 -0500 From: Jacques Gelinas Date: Mon, 4 Feb 2002 23:47:16 -0500 To: vserver@dns.solucorp.qc.ca Subject: Re: [useradd] Adding user fails in vserver X-mailer: tlmpmail 0.1 Message-ID: <20020204234716.24974c002753@remtk.solucorp.qc.ca> Status: RO X-Status: X-Keywords: X-UID: 13 On Mon, 4 Feb 2002 23:56:12 -0500, Ron Arts wrote > I experience the same problem on a plain redhat-7.2 distribution and > 2.4.17ctx6. Also straced useradd, and came to the same conclusion: umask(0777) > gives problems when creating files. I don't think its an application > problem. I confirmed this was a ctx-6 issue today. I will do ctx-7 tomorrow. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From jack@solucorp.qc.ca Tue Feb 5 03:00:28 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1580SAh013498 for ; Tue, 5 Feb 2002 03:00:28 -0500 Received: from mail.paradigm4.com.au (rucc1.paradigm4.com.au [203.30.104.9]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g157aLR28036 for ; Tue, 5 Feb 2002 02:36:21 -0500 Received: (qmail 20266 invoked from network); 5 Feb 2002 07:43:41 -0000 Received: from p47.paradigm4.com.au (HELO mail.DigitalAngel.com.au) (bofh@203.30.104.47) by server.paradigm4.com.au with SMTP; 5 Feb 2002 07:43:41 -0000 Received: (qmail 13068 invoked from network); 5 Feb 2002 07:38:39 -0000 Received: from charley.home (HELO charlie) (10.0.0.4) by stanley.home with SMTP; 5 Feb 2002 07:38:39 -0000 From: edward@paradigm4.com.au Organization: Paradigm4 To: Vserver mailing list Date: Tue, 5 Feb 2002 18:52:49 +1100 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: [useradd] Adding user fails in vserver Message-ID: <3C602A01.12243.C5777F@localhost> Priority: normal In-reply-to: <20020204234716.24974c002753@remtk.solucorp.qc.ca> X-mailer: Pegasus Mail for Win32 (v3.12c) Status: RO X-Status: X-Keywords: X-UID: 14 I still don't understand why we need chmod 0 tricks. Isn't the following good enough? /* chroot call - still leaves the cwd pointing outside vserver */ if(chroot(root_dir)) { perror("chroot failed"); exit(1) }; /* fix the cwd */ if(chdir("/") { perror("chdir failed"); exit(1) }; /* it should be safe at this point, right? */ /* and of course, now you can also */ /* drop the CAP_SYS_CHROOT for the truly paranoid */ Ed On Monday, 4 February 2002 at 23:47, Jacques Gelinas wrote: > On Mon, 4 Feb 2002 23:56:12 -0500, Ron Arts wrote > > > I experience the same problem on a plain redhat-7.2 distribution and > > 2.4.17ctx6. Also straced useradd, and came to the same conclusion: umask(0777) > > gives problems when creating files. I don't think its an application > > problem. > > I confirmed this was a ctx-6 issue today. I will do ctx-7 tomorrow. > > > --------------------------------------------------------- > Jacques Gelinas > vserver: run general purpose virtual servers on one box, full speed! > http://www.solucorp.qc.ca/miscprj/s_context.hc > From jack@solucorp.qc.ca Tue Feb 5 09:19:59 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g15EJwAh015979 for ; Tue, 5 Feb 2002 09:19:59 -0500 Received: from nninfo2.comm.it ([213.92.77.67]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g15DuaR03284 for ; Tue, 5 Feb 2002 08:56:36 -0500 Received: from MICROXP ([62.110.198.130]) by nninfo2.comm.it (8.9.3/8.9.3) with SMTP id OAA16319 for ; Tue, 5 Feb 2002 14:57:36 +0100 From: "Dave" To: "Vserver mailing list" Subject: Connection Ip address of a context Date: Tue, 5 Feb 2002 14:56:00 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <3C602A01.12243.C5777F@localhost> Status: RO X-Status: X-Keywords: X-UID: 15 Hi, i wonder how difficult it is to modify the kernel so that it uses the context ip address ad a source address when connecting to external services. Right now, the host server ip address is used, and this prevents accurate traffic accounting. Dave. From jack@solucorp.qc.ca Tue Feb 5 12:36:20 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g15HaJAh017587 for ; Tue, 5 Feb 2002 12:36:20 -0500 Received: from ns1.mtl.toxik.net (modemcable200.184-201-24.mtl.mc.videotron.ca [24.201.184.200]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g15H7GR08439 for ; Tue, 5 Feb 2002 12:07:17 -0500 Received: (qmail 20349 invoked by alias); 5 Feb 2002 17:05:38 -0000 Received: from koala.mtl.toxik.net (HELO toxik.com) (192.168.1.112) by ns1.mtl.toxik.net with SMTP; 5 Feb 2002 17:05:38 -0000 Message-ID: <3C600FEF.5030206@toxik.com> Date: Tue, 05 Feb 2002 12:01:35 -0500 From: Toxik - Martial Rioux Organization: Toxik Technologies Inc. User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.4) Gecko/20011126 Netscape6/6.2.1 X-Accept-Language: en-us, fr-ca MIME-Version: 1.0 To: raarts@office.netland.nl CC: Vserver mailing list Subject: Re: vserver-stat output corrupted - increasing loadavg values References: <20020201161741.126af2ec96a3@remtk.solucorp.qc.ca> <3C5C02A8.7000604@office.netland.nl> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Status: RO X-Status: X-Keywords: X-UID: 16 Hi, This morning I got the same vserver-stat output problem. I just send a patch to vserver-stat maintainer (Guillaum) and I hope he will integrate in the next vserver-stat release. If you have any questions feel free to contact me directly. Ron Arts wrote: > Hi, > > I'm running vserver (very enthusiastic about it BTW). > I'm experiencing ever increasing loadavg values. It does not > seem to do any harm, also the machine does not seem to be > actually slowing down, very responsive, no diskactivity. > > vserver-stat output: > > CTX# PROC QTY VSZ RSS userTIME sysTIME UPTIME NAME > 0 33 52Mb 4Kb 24m03.25 9m52.21 17h23m58 root > server > 4 36 1Gb 298Kb 5m12.08 m39.72 17h11m49 db > 5 23 860Mb 68Kb 5m11.24 m40.88 17h11m41 mir1 > 7 18 1Gb 20Kb 5m24.91 m39.97 17h11m31 web > 8 18 1Gb 14Kb m02.73 m00.16 11m18.18 www1 > 9 18 1Gb 14Kb m01.36 m00.16 11m08.99 www2 > 11 212174386176b 420Kb m01.70 m01.80 8m54.12 pro1 > > vtop output: > > 3:54pm up 17:25, 1 user, load average: 48.83, 36.04, 17.78 > 168 processes: 167 sleeping, 1 running, 0 zombie, 0 stopped > CPU0 states: 0.0% user, 0.0% system, 0.0% nice, 100.0% idle > CPU1 states: 0.4% user, 6.2% system, 0.0% nice, 92.5% idle > Mem: 384832K av, 377360K used, 7472K free, 0K shrd, 43440K > buff > Swap: 522072K av, 35492K used, 486580K free 45392K > cached > > PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND > 16944 root 14 0 1132 1132 836 R 7.1 0.2 0:02 top > 1 root 8 0 524 524 496 S 0.0 0.1 0:05 init > 2 root 9 0 0 0 0 SW 0.0 0.0 0:00 keventd > 3 root 19 19 0 0 0 SWN 0.0 0.0 0:00 > ksoftirqd_CPU0 > 4 root 19 19 0 0 0 SWN 0.0 0.0 0:00 > ksoftirqd_CPU1 > 5 root 9 0 0 0 0 SW 0.0 0.0 0:24 kswapd > 6 root 9 0 0 0 0 SW 0.0 0.0 0:00 bdflush > 7 root 9 0 0 0 0 SW 0.0 0.0 0:01 kupdated > 78 root 9 0 0 0 0 SW 0.0 0.0 0:00 khubd > 184 root 9 0 0 0 0 SW 0.0 0.0 0:00 kjournald > 185 root 9 0 0 0 0 DW 0.0 0.0 0:10 kjournald > > Previously all was running well, but it started when I renamed 4 vservers > (renamed top level directory, and /etv/ververs/ config filenames). > I did not change anything else inside any vservers. > > After rebooting the machine the vserver-stat output was still corrupted, > but the loadavg did not increase any more. > > I'm running 2.4.17ctx-6 > Any ideas? > > Ron > > > -- Martial Rioux Infrastructures and Technologies Toxik Technologies Inc. - Montreal, QC, Canada www.toxik.com - Phone: (514) 528-6945 Ext 223 · Fax: (514) 221-3329 From jack@solucorp.qc.ca Tue Feb 5 13:36:33 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g15IaWAh018198 for ; Tue, 5 Feb 2002 13:36:33 -0500 Received: from aquarius.diginode.net (aquarius.diginode.net [216.13.250.50]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g15I8VR10539 for ; Tue, 5 Feb 2002 13:08:31 -0500 Received: (qmail 7109 invoked from network); 5 Feb 2002 18:06:52 -0000 Received: from zerowing.pop-star.net (208.181.22.52) by aquarius.diginode.net with SMTP; 5 Feb 2002 18:06:52 -0000 Subject: Re: Connection Ip address of a context From: Andy Kwong To: Dave Cc: Vserver mailing list In-Reply-To: References: Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Evolution/1.0.2 Date: 05 Feb 2002 10:09:44 -0800 Message-Id: <1012932585.21392.9.camel@zerowing.pop-star.net> Mime-Version: 1.0 Status: RO X-Status: X-Keywords: X-UID: 17 That's strange because I've been using ctx-3 for months and I swear outgoing connections within a context binds to the correct context IP. On Tue, 2002-02-05 at 05:56, Dave wrote: > Hi, > > i wonder how difficult it is to modify the kernel so that it uses the > context ip address ad a source address when connecting to external services. > > Right now, the host server ip address is used, and this prevents accurate > traffic accounting. > > Dave. > From jack@solucorp.qc.ca Tue Feb 5 14:13:35 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g15JDYAh018531 for ; Tue, 5 Feb 2002 14:13:35 -0500 Received: from remtk.solucorp.qc.ca (dns.unigiciel.com [207.253.4.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g15IhUR11910 for ; Tue, 5 Feb 2002 13:43:30 -0500 Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g15IidG03099 for vserver@dns.solucorp.qc.ca; Tue, 5 Feb 2002 13:44:39 -0500 From: Jacques Gelinas Date: Tue, 5 Feb 2002 13:44:39 -0500 To: Vserver mailing list Subject: re: Connection Ip address of a context X-mailer: tlmpmail 0.1 Message-ID: <20020205134439.f9122576dc1e@remtk.solucorp.qc.ca> Status: RO X-Status: X-Keywords: X-UID: 18 On Tue, 5 Feb 2002 14:56:00 -0500, Dave wrote > Hi, > > i wonder how difficult it is to modify the kernel so that it uses the > context ip address ad a source address when connecting to external services. > > Right now, the host server ip address is used, and this prevents accurate > traffic accounting. ??? This is what it is doing right now. Something must be missing. Do you have an example (an application) I can use to replicate the problem. For example, if you do this /usr/sbin/chbind --ip 1.2.3.4 /bin/sh telnet some_host you will find it is not working since it is trying to bind to 1.2.3.4 (which is for most people, not a valid interface). --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From jack@solucorp.qc.ca Tue Feb 5 14:20:01 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g15JK0Ah018575 for ; Tue, 5 Feb 2002 14:20:01 -0500 Received: from remtk.solucorp.qc.ca (dns.unigiciel.com [207.253.4.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g15IofR12111 for ; Tue, 5 Feb 2002 13:50:41 -0500 Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g15Ipog03117 for vserver@dns.solucorp.qc.ca; Tue, 5 Feb 2002 13:51:50 -0500 From: Jacques Gelinas Date: Tue, 5 Feb 2002 13:51:50 -0500 To: Vserver mailing list Subject: Re: [useradd] Adding user fails in vserver X-mailer: tlmpmail 0.1 Message-ID: <20020205135150.c56b4dddd00a@remtk.solucorp.qc.ca> Status: RO X-Status: X-Keywords: X-UID: 19 On Tue, 5 Feb 2002 18:52:49 -0500, edward@paradigm4.com.au wrote > I still don't understand why we need chmod 0 tricks. > Isn't the following good enough? > > /* chroot call - still leaves the cwd pointing outside vserver */ > if(chroot(root_dir)) { perror("chroot failed"); exit(1) }; > /* fix the cwd */ > if(chdir("/") { perror("chdir failed"); exit(1) }; > /* it should be safe at this point, right? */ > /* and of course, now you can also */ > /* drop the CAP_SYS_CHROOT for the truly paranoid */ > The problem is not the first chroot (the one used to "enter" the vserver). the problem is doing a second chroot while keeping the current directory behind. Once the chroot is done, you are free to do chdir (".."). Since the test is perform only if the current directory == the process root directory, chdir("..") works and let you out of the original vserver root directory. Note that using the dcache in linux, it is possible to tell very efficiently if a chdir("..") yields outside a process root. We can compare directory path directly. So fixing chroot is possible. But I needed a way to fix the issue once for all. Not everyone agree on kernel mailing list that chroot has to be fixed. My one line fix does not change chroot. For sure, you can drop CAP_SYS_CHROOT, but some service may stop working. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From jack@solucorp.qc.ca Tue Feb 5 16:14:50 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g15LEoAh019608 for ; Tue, 5 Feb 2002 16:14:50 -0500 Received: from remtk.solucorp.qc.ca (dns.unigiciel.com [207.253.4.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g15KkWR15467 for ; Tue, 5 Feb 2002 15:46:33 -0500 Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g15KlfB04269 for vserver@dns.solucorp.qc.ca; Tue, 5 Feb 2002 15:47:41 -0500 From: Jacques Gelinas Date: Tue, 5 Feb 2002 15:47:41 -0500 To: Vserver mailing list Subject: re: Performance, memory, etc X-mailer: tlmpmail 0.1 Message-ID: <20020205154741.a46a01df852e@remtk.solucorp.qc.ca> Status: RO X-Status: X-Keywords: X-UID: 20 On Tue, 5 Feb 2002 10:43:46 -0500, Matthew Brichacek wrote > I was able to get 100 servers running on a machine with 511MB ram and > dual P3 933's. After about 100 servers the machine only had about 20 > megs of RAM left, can a machine like this go higher? I am running a > purely proof of concept test right now and each vserver is running > apache and cron at bootup. I didn't try to get any more than 100 > vservers up since I was running out of disk space fast. Have you setup your server unified ? 100 vservers should cost no more than 2-3 gigs The unification has another side effect. All libs and application are shared. I mean, /usr/sbin/httpd and /lib/libc.so.6 are loaded only once in ram. Only the data is different. I have never tried this though. Since vservers have almost no overhead, the question is how many apache can a server run ? > Just out of curiosity, what kind of results have any of you gotten with > running a large amount of vservers on one machine? I am not so much > concerned about how they perform as I am about just getting some raw > numbers about how many vservers a machine will run. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Tue Feb 5 22:54:36 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g163sZAh025277 for ; Tue, 5 Feb 2002 22:54:35 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g163Td723748 for vserver.list; Tue, 5 Feb 2002 22:29:39 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.paradigm4.com.au (rucc1.paradigm4.com.au [203.30.104.9]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g163TbR23744 for ; Tue, 5 Feb 2002 22:29:37 -0500 Received: (qmail 9243 invoked from network); 6 Feb 2002 03:37:14 -0000 Received: from p47.paradigm4.com.au (HELO mail.DigitalAngel.com.au) (bofh@203.30.104.47) by server.paradigm4.com.au with SMTP; 6 Feb 2002 03:37:14 -0000 Received: (qmail 15317 invoked from network); 6 Feb 2002 03:32:00 -0000 Received: from charley.home (HELO charlie) (10.0.0.4) by stanley.home with SMTP; 6 Feb 2002 03:32:00 -0000 From: edward@paradigm4.com.au Organization: Paradigm4 To: Vserver mailing list Date: Wed, 6 Feb 2002 14:46:10 +1100 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: [vserver] Re: [useradd] Adding user fails in vserver Message-ID: <3C6141B2.23586.1B74DA@localhost> Priority: normal In-reply-to: <20020205135150.c56b4dddd00a@remtk.solucorp.qc.ca> X-mailer: Pegasus Mail for Win32 (v3.12c) Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 21 On Tuesday, 5 February 2002 at 13:51, Jacques Gelinas wrote: > On Tue, 5 Feb 2002 18:52:49 -0500, edward@paradigm4.com.au wrote > > /* chroot call - still leaves the cwd pointing outside vserver */ > > if(chroot(root_dir)) { perror("chroot failed"); exit(1) }; > > /* fix the cwd */ > > if(chdir("/") { perror("chdir failed"); exit(1) }; > > /* it should be safe at this point, right? */ > > The problem is not the first chroot (the one used to "enter" the vserver). the > problem is doing a second chroot while keeping the current directory behind. It is my understanding that all the considered chroot exploits ( we are not talking about using devices and mounting tricks as this capability is disabled in vserver ) are based on either using file handle that was open before the first chroot, or the current directory from before the first chroot. Unless I'm missing something, the solution is simple - do not leave any file handles open when you do chroot and do chdir("/") immediately after. Problem solved. > Once the chroot is done, you are free to do chdir (".."). Since the test is perform > only if the current directory == the process root directory, chdir("..") works and let > you out of the original vserver root directory. If you did chdir("/") after the first chroot, subsequent chroot and chdir("..") will not get you out. Ed p.s. speaking of open file handles, what about stdin, stdout and stderr of a process before chroot and after. How is that handled? From vserver.error@solucorp.qc.ca Wed Feb 6 04:41:17 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g169fHAh026780 for ; Wed, 6 Feb 2002 04:41:17 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g168m5g29350 for vserver.list; Wed, 6 Feb 2002 03:48:05 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from web4.internetx.de (web4.internetx.de [195.127.139.92]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g168m3R29346 for ; Wed, 6 Feb 2002 03:48:04 -0500 Received: from thomasp.internetx.de ([195.127.139.8]) by web4.internetx.de (8.12.2/8.12.2) with ESMTP id g168m2GG007104 for ; Wed, 6 Feb 2002 09:48:02 +0100 Received: (from tomtom@localhost) by thomasp.internetx.de (8.11.3/8.11.3/SuSE Linux 8.11.1-0.5) id g168lJ806366 for vserver@dns.solucorp.qc.ca; Wed, 6 Feb 2002 09:47:19 +0100 Date: Wed, 6 Feb 2002 09:47:18 +0100 From: Thomas Preissler To: vserver@dns.solucorp.qc.ca Subject: [vserver] virtual ip in vserver Message-ID: <20020206094718.H3899@thomasp.internetx.de> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i Organization: InterNetX, Regensburg, Germany X-Uptime: 9:24am up 15:41, 12 users, load average: 0.01, 0.09, 0.07 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 22 Hello, we want to set up a big virtual machine for our customer. My question is, how can define, that a vserver has additional ip-addresses? Like in Master-VServer - nearly the same. Thanks in advance. Tom Mit freundlichen Grüssen/Regards, TEAM INTERNETX / UnixSysAdmin _______________________________________ InterNetX GmbH, DNS Service Center Maxstrasse 6, D-93047 Regensburg Thomas Preißler, Preissler@internetx.de Tel. +49 941 5955916 Fax. 5955968 From vserver.error@solucorp.qc.ca Wed Feb 6 15:27:30 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g16KRSAh031047 for ; Wed, 6 Feb 2002 15:27:29 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g16KFxB11993 for vserver.list; Wed, 6 Feb 2002 15:15:59 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g16KFxR11989 for ; Wed, 6 Feb 2002 15:15:59 -0500 Received: from remtk.solucorp.qc.ca (g39-4.citenet.net [206.123.39.4]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g16KGb626781 for ; Wed, 6 Feb 2002 15:16:37 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g16KFk812455 for vserver@dns.solucorp.qc.ca; Wed, 6 Feb 2002 15:15:46 -0500 From: Jacques Gelinas Date: Wed, 6 Feb 2002 15:15:45 -0500 To: Vserver mailing list Subject: [vserver] kernel 2.4.17ctx-7 available X-mailer: tlmpmail 0.1 Message-ID: <20020206151545.3a1b00a4ec39@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 23 The kernel 2.4.17ctx-7 is available at ftp.solucorp.qc.ca/pub/vserver. You will find the usual binary release (SMP and uniprocessor) as usual, the file patch-2.4.17ctx-7 (relative to vanilla 2.4.17) and the file patches/patch-2.4.17-ctx6-ctx7 Here is a change log The "no man land" feature of ctx-6 to plug chroot security issues was too agressive. It now only applies to directories, not files. This solves the useradd issue. "ps axf" works again. getppid() had been fixed to support the fakeinit concept (one /sbin/init per vserver) and it was improperly handling process with no parent (ppid == 0). It was always return 1 instead of 0 for those processes. This was confusing "ps axf" for one. /dev/pts was not readable "globally" by security context 1. With all this behind us, we will concentrate on stuff like resource allocation (per vserver ulimit) and multi-ip support. Please beat this one :-) --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Wed Feb 6 15:51:09 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g16Kp8Ah006356 for ; Wed, 6 Feb 2002 15:51:09 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g16KZd512381 for vserver.list; Wed, 6 Feb 2002 15:35:39 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail1-gui.server.ntli.net (mail1-gui.server.ntli.net [194.168.222.13]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g16KZcR12377 for ; Wed, 6 Feb 2002 15:35:38 -0500 Received: from irishsea.home.craig-wood.com ([62.253.119.64]) by mail1-gui.server.ntli.net (Post.Office MTA v3.1 release PO203a ID# 0-33929U70000L2S50) with ESMTP id AAA6785 for ; Wed, 6 Feb 2002 20:35:36 +0000 Received: (from ncw@localhost) by irishsea.home.craig-wood.com (8.11.6/8.11.6) id g16KZZj04173 for vserver@dns.solucorp.qc.ca; Wed, 6 Feb 2002 20:35:35 GMT Date: Wed, 6 Feb 2002 20:35:35 +0000 From: Nick Craig-Wood To: Vserver mailing list Subject: Re: [vserver] Re: [useradd] Adding user fails in vserver Message-ID: <20020206203535.A4082@axis.demon.co.uk> References: <20020205135150.c56b4dddd00a@remtk.solucorp.qc.ca> <3C6141B2.23586.1B74DA@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3C6141B2.23586.1B74DA@localhost>; from edward@paradigm4.com.au on Wed, Feb 06, 2002 at 02:46:10PM +1100 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 24 On Wed, Feb 06, 2002 at 02:46:10PM +1100, edward@paradigm4.com.au wrote: > It is my understanding that all the considered chroot exploits ( we > are not talking about using devices and mounting tricks as this > capability is disabled in vserver ) are based on either using file > handle that was open before the first chroot, or the current > directory from before the first chroot. > > Unless I'm missing something, the solution is simple - do not leave > any file handles open when you do chroot and do chdir("/") > immediately after. Problem solved. I'm afraid not. I wrote a proof of concept exploit which will break any chroot provided the user that runs it has CAP_CHROOT. I'll email the exploit to you if you want. > > Once the chroot is done, you are free to do chdir (".."). Since > > the test is perform only if the current directory == the process > > root directory, chdir("..") works and let you out of the original > > vserver root directory. > > If you did chdir("/") after the first chroot, subsequent chroot and > chdir("..") will not get you out. Unfortunately it will. Assume you've done all your chrooting magic. Now cd / (in the chroot). Chroot into /tmp. Your current working directory is now above your root directory. You can now cd .. with impunity and when you've got where you want to be, chroot ".". -- Nick Craig-Wood ncw@axis.demon.co.uk From vserver.error@solucorp.qc.ca Wed Feb 6 19:54:15 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g170sFAh017273 for ; Wed, 6 Feb 2002 19:54:15 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g170WIg17186 for vserver.list; Wed, 6 Feb 2002 19:32:18 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.conostix.com (perycles.synoptic.be [195.207.52.190] (may be forged)) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g170WGR17182 for ; Wed, 6 Feb 2002 19:32:17 -0500 Received: from localhost (fpmip@localhost) by mail.conostix.com (8.11.6/8.11.2) with ESMTP id g170WH905584 for ; Thu, 7 Feb 2002 01:32:17 +0100 Date: Thu, 7 Feb 2002 01:32:17 +0100 (CET) From: vserver@fruru.com X-X-Sender: fpmip@mail.conostix.com To: vserver@solucorp.qc.ca Subject: Re: [vserver] RE: Performance, memory, etc In-Reply-To: <02d601c1af69$13fa1d30$b5a401d5@home4v9eek8u3l> Message-ID: X-Swedish-Chef: Bork-Bork-Bork X-Plan: World Domination MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 25 On Wed, 6 Feb 2002, John Lyons wrote: > > > Would it be possible to have two/three/multiple IPv4 roots in a vserver ? > > That way we could do virtual hosting per vserver. > > I didn't think that anyone was doing virtual hosting based on IP's anymore? not for web serving, no. > (Or have I misunderstood your question?) i don't think so, but the world is larger than webservers only ;-) > > We're using name based virtual hosting ie 1 ip to multiple domains. Can't > see a lot of need for 1 ip per domain? Cheers Tycho -- Tycho Fruru tycho.fruru@conostix.com Users' impressions of different operating systems, expressed as emoticons: Linux: :) Windows: XP From vserver.error@solucorp.qc.ca Wed Feb 6 22:25:52 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g173PpAh027867 for ; Wed, 6 Feb 2002 22:25:52 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1735OS19945 for vserver.list; Wed, 6 Feb 2002 22:05:24 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.paradigm4.com.au (rucc1.paradigm4.com.au [203.30.104.9]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g1735LR19941 for ; Wed, 6 Feb 2002 22:05:22 -0500 Received: (qmail 3792 invoked from network); 7 Feb 2002 03:13:08 -0000 Received: from p47.paradigm4.com.au (HELO mail.DigitalAngel.com.au) (bofh@203.30.104.47) by server.paradigm4.com.au with SMTP; 7 Feb 2002 03:13:08 -0000 Received: (qmail 17771 invoked from network); 7 Feb 2002 03:07:46 -0000 Received: from charley.home (HELO charlie) (10.0.0.4) by stanley.home with SMTP; 7 Feb 2002 03:07:46 -0000 From: edward@paradigm4.com.au Organization: Paradigm4 To: vserver@solucorp.qc.ca Date: Thu, 7 Feb 2002 14:21:53 +1100 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: [vserver] Re: [useradd] Adding user fails in vserver Message-ID: <3C628D81.17099.3B7A31@localhost> Priority: normal In-reply-to: <20020206133010.c2a3faecfc2c@remtk.solucorp.qc.ca> X-mailer: Pegasus Mail for Win32 (v3.12c) Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 26 On Wednesday, 6 February 2002 at 13:30, Jacques Gelinas wrote: > You have a clean state. No open directory. You current > directory point to /vservers/v1 > > You do chroot ("/vservers/v1"); > > At this point, all is clean. > > Then root inside the vserver v1 do this > > int fd = open ("/",O_RDONLY); > > Now fd point to /vservers/v1 effectivly > > chroot ("/tmp"); > > Now we are in a chroot inside a chroot. Note that on the kernel > side, the current process has its root in /vservers/v1/tmp, but > there is no such a thing as nested chroot. I mean, all the kernel > knows from now on is that this process has /vservers/v1/tmp > as its root and it can't tell the difference between a process > like this one and another process having done > > chroot ("/vservers/v1/tmp") > > right from the root server. > > Now, the process simply do > > fchdir (fd) > > Its current directory is now /vservers/v1. So even if the chroot > system call had force the current directory to /tmp (/vservers/v1/tmp) > now, the process current directory is behind the process root. From > now on, the process can perform file operation behind its root. > But it is locked into using relative addressing. Whenever it does Yep, I understand now. That sucks. What's the point of chroot then if it's so easy to break out ( provided you have CAP_SYS_CHROOT of course ). I have to admit I was somewhat reluctant to apply vfs_permission change to the 2.2.20ctx patch because I was fearing that it may break some progs and I didn't understand the issue fully. Now that I do, I'll have to add the fix asap. thanks Ed From vserver.error@solucorp.qc.ca Wed Feb 6 22:31:31 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g173VUAh027910 for ; Wed, 6 Feb 2002 22:31:30 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g173BlH20032 for vserver.list; Wed, 6 Feb 2002 22:11:47 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.paradigm4.com.au (rucc1.paradigm4.com.au [203.30.104.9]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g173BjR20027 for ; Wed, 6 Feb 2002 22:11:45 -0500 Received: (qmail 4323 invoked from network); 7 Feb 2002 03:19:34 -0000 Received: from p47.paradigm4.com.au (HELO mail.DigitalAngel.com.au) (bofh@203.30.104.47) by server.paradigm4.com.au with SMTP; 7 Feb 2002 03:19:34 -0000 Received: (qmail 17798 invoked from network); 7 Feb 2002 03:14:14 -0000 Received: from charley.home (HELO charlie) (10.0.0.4) by stanley.home with SMTP; 7 Feb 2002 03:14:14 -0000 From: edward@paradigm4.com.au Organization: Paradigm4 To: vserver@solucorp.qc.ca Date: Thu, 7 Feb 2002 14:28:21 +1100 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: [vserver] Re: [useradd] Adding user fails in vserver Message-ID: <3C628F05.15252.416602@localhost> Priority: normal In-reply-to: <20020206203535.A4082@axis.demon.co.uk> References: <3C6141B2.23586.1B74DA@localhost>; from edward@paradigm4.com.au on Wed, Feb 06, 2002 at 02:46:10PM +1100 X-mailer: Pegasus Mail for Win32 (v3.12c) Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 27 On Wednesday, 6 February 2002 at 20:35, Nick Craig-Wood wrote: > I wrote a proof of concept exploit which will break any chroot > provided the user that runs it has CAP_CHROOT. I'll email the exploit > to you if you want. yes please do. > > If you did chdir("/") after the first chroot, subsequent chroot and > > chdir("..") will not get you out. > > Unfortunately it will. Assume you've done all your chrooting magic. > Now cd / (in the chroot). Chroot into /tmp. Your current working > directory is now above your root directory. You can now cd .. with > impunity and when you've got where you want to be, chroot ".". Thanks, Jacques already explained it to me. Ed From vserver.error@solucorp.qc.ca Wed Feb 6 23:05:33 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1745WAh028128 for ; Wed, 6 Feb 2002 23:05:32 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g173e3X20432 for vserver.list; Wed, 6 Feb 2002 22:40:03 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from hunt.vizional.com (hunt.vizional.com [216.52.247.10]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g173e3R20428 for ; Wed, 6 Feb 2002 22:40:03 -0500 Received: (qmail 28619 invoked from network); 7 Feb 2002 03:28:04 -0000 Received: from unknown (HELO POST.sm1.vizional.com) (216.52.247.254) by hunt.vizional.com with SMTP; 7 Feb 2002 03:28:04 -0000 X-MimeOLE: Produced By Microsoft Exchange V6.0.4712.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01C1AF89.1D819074" Subject: [vserver] Kill script Date: Wed, 6 Feb 2002 19:39:58 -0800 Message-ID: <484A0FDBBF168642A08EDA7BDAC18FE210D9A1@POST.sm1.vizional.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Kill script Thread-Index: AcGviR2zRghQf+DtRi+d2m9gddnOmg== From: "Philip Snyder" To: Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 28 This is a multi-part message in MIME format. ------_=_NextPart_001_01C1AF89.1D819074 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Here's something I hacked together. By no means does it encompass the entire wealth of the kill command... but it makes killing a process in context much more straight forward. Hope someone else finds this of use as well. Will add multiple process & signal support soon. -Philip <>=20 ------_=_NextPart_001_01C1AF89.1D819074 Content-Type: application/octet-stream; name="vkill" Content-Transfer-Encoding: base64 Content-Description: vkill Content-Disposition: attachment; filename="vkill" IyEvdXNyL2Jpbi9wZXJsIC13CiMKIyBraWxsIHdyYXBwZXIgZm9yIHZzZXJ2ZXIuIAojIFBoaWxp cCBTbnlkZXIgPHBzbnlkZXJAdml6aW9uYWwuY29tPgojIDIwMDIvMDIvMDYgMTk6MDAgUFNUCiMK CgokUFJPQyA9ICRBUkdWWzBdOwoKIyBHcmFiIHRoZSBvdXRwdXQgZnJvbSBhIGNvbnRleHQgcXVl cnkgYWdhaW5zdCB0aGlzIHByb2Nlc3MgaWQKb3BlbihQSCwgIi91c3Ivc2Jpbi9jaGNvbnRleHQg LS1jdHggMSBjYXQgL3Byb2MvJFBST0Mvc3RhdHVzIDI+JjEgfCIpOwoKIyBMb29wIHRocm91Z2gg dGhlIG91dHB1dAp3aGlsZSAoPFBIPikgewoKICAjIFNlYXJjaGluZyBmb3IgYSBsaW5lIHRoYXQg bG9va3MgbGlrZSB0aGlzOgogICMgc19jb250ZXh0OiAjCiAgaWYgKC9ec19jb250ZXh0OiAoWzAt OV0rKS8pIHsKCiAgICBwcmludCAiUHJvY2VzcyBpZCAkUFJPQyB3YXMgZm91bmQgaW4gc2VjdXJp dHkgY29udGV4dCAkMS5cbiI7CgogICAgIyBNYWtlIHN1cmUgdGhlIHByb2Nlc3MgaXMgaW4gYSB2 c2VydmVyIGNvbnRleHQKICAgIGlmICgkMSA+IDApIHsKCiAgICAgICMgU2luY2Ugd2UgaGF2ZSB0 aGUgY29udGV4dCBhbmQgdGhlIHByb2Nlc3MgaWQsIHdlIGNhbiBraWxsIGl0CiAgICAgIHByaW50 ICIgKyBLaWxsaW5nLi4uICI7CiAgICAgIGAvdXNyL3NiaW4vY2hjb250ZXh0IC0tY3R4ICQxIGtp bGwgJFBST0NgOwogICAgICBwcmludCAiW2RvbmVdXG4iOwoKICAgIH0gZWxzZSB7CgogICAgICAj IE5vdCBpbiB2c2VydmVyIGNvbnRleHQsIHNvIGl0cyBhIHByb2Nlc3Mgb24gdGhlIGFjdHVhbCBz ZXJ2ZXIKICAgICAgcHJpbnQgIiArIEtpbGxpbmcuLi4gIjsKICAgICAgYGtpbGwgJFBST0NgOwog ICAgICBwcmludCAiW2RvbmVdXG4iOwoKICAgIH0KICAgIGV4aXQ7CiAgfQp9CgpwcmludCAiUHJv Y2VzcyBpZCAkUFJPQyBub3QgZm91bmQuXG4iOwpleGl0Cg== ------_=_NextPart_001_01C1AF89.1D819074-- From vserver.error@solucorp.qc.ca Fri Feb 8 04:45:01 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g189j0Ah022281 for ; Fri, 8 Feb 2002 04:45:01 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g189KqW19852 for vserver.list; Fri, 8 Feb 2002 04:20:52 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.trekia.se (stratos.trekia.se [212.105.83.242]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g189KjR19845 for ; Fri, 8 Feb 2002 04:20:51 -0500 Received: from localhost (jonas@localhost) by mail.trekia.se (8.11.1/8.11.1) with ESMTP id g189KSk20937 for ; Fri, 8 Feb 2002 10:20:29 +0100 X-Authentication-Warning: stratos.trekia.se: jonas owned process doing -bs Date: Fri, 8 Feb 2002 10:20:28 +0100 (CET) From: =?ISO-8859-1?Q?Jonas_Bj=F6rklund?= X-X-Sender: jonas@stratos To: vserver@solucorp.qc.ca Subject: [vserver] memory Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 29 Hi, I installed vserver yesterday. I'm very impressed! I did have some problem with the init scripts since I'm not running RedHat. But now it's working. I have a question, is it possbile to limit the memory for each vserver? From vserver.error@solucorp.qc.ca Fri Feb 8 05:12:52 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g18ACpAh022396 for ; Fri, 8 Feb 2002 05:12:51 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g189n6H20468 for vserver.list; Fri, 8 Feb 2002 04:49:06 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g189n5R20464 for ; Fri, 8 Feb 2002 04:49:06 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id A6EBFFFC for ; Fri, 8 Feb 2002 10:48:59 +0100 (CET) Subject: [vserver] vserver vs. freevsd From: klavs klavsen To: vserver@solucorp.qc.ca Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-zxQPHZJ6n4RGAUaz+YjW" X-Mailer: Evolution/1.0.1 Date: 08 Feb 2002 10:48:59 +0100 Message-Id: <1013161739.2346.9.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 30 --=-zxQPHZJ6n4RGAUaz+YjW Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi guys, I'm looking for a secure environment to run 1 virtual server, on 1 real machine - for the purpose of protecting the machine against dumb users, hacked services and so forth. vserver requires a kernel patch. freevsd doesn't. I'm unfortunately not clever enough to figure out, if that means that freevsd is less safe than vserver, or if vserver is just troublesome as it can't use the standard kernel. I hoped you could help me with the (dis)advantages of vserver over freevsd. Thankyou in advance. --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-zxQPHZJ6n4RGAUaz+YjW Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8Y58L4c1kHlhtW8oRAo9WAKCmIITJklhqAw25VlJve4AOGuog/QCgiC5o ASyDxyQKE3h///zLoQr3QM0= =2S0s -----END PGP SIGNATURE----- --=-zxQPHZJ6n4RGAUaz+YjW-- From vserver.error@solucorp.qc.ca Fri Feb 8 06:07:40 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g18B7dAh022636 for ; Fri, 8 Feb 2002 06:07:40 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g18Aj4G21802 for vserver.list; Fri, 8 Feb 2002 05:45:04 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.paradigm4.com.au (rucc1.paradigm4.com.au [203.30.104.9]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g18Aj2R21798 for ; Fri, 8 Feb 2002 05:45:03 -0500 Received: (qmail 24698 invoked from network); 8 Feb 2002 10:53:07 -0000 Received: from p47.paradigm4.com.au (HELO mail.DigitalAngel.com.au) (bofh@203.30.104.47) by server.paradigm4.com.au with SMTP; 8 Feb 2002 10:53:07 -0000 Received: (qmail 22807 invoked from network); 8 Feb 2002 10:47:43 -0000 Received: from charley.home (HELO charlie) (10.0.0.4) by stanley.home with SMTP; 8 Feb 2002 10:47:43 -0000 From: edward@paradigm4.com.au Organization: Paradigm4 To: vserver@solucorp.qc.ca Date: Fri, 8 Feb 2002 22:01:39 +1100 MIME-Version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Subject: Re: [vserver] memory Message-ID: <3C644AC3.13398.24D5ED@localhost> Priority: normal In-reply-to: X-mailer: Pegasus Mail for Win32 (v3.12c) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from Quoted-printable to 8bit by dns.solucorp.qc.ca id g18Aj2R21798 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 31 On Friday, 8 February 2002 at 10:20, Jonas Björklund wrote: > I have a question, is it possbile to limit the memory for each vserver? Not directly atm ( work in progress ) but you can limit the number of processes in each vserver ( NPROC parameter ) and you can limit the memory that a single vserver process can have e.g. # limit RSS, DSS of a single process to 8MB and VM size of a process to 16MB ulimit -m 8192 -d 8192 -v 16384 # you can also limit the stack size ulimit -s 8192 # and the max. amount of "locked" memory ( not allowed to be swapped out ) ulimit -l 8192 # start your vserver vserver start ... adjust the values as you see fit. Ed From vserver.error@solucorp.qc.ca Fri Feb 8 06:42:24 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g18BgNAh022777 for ; Fri, 8 Feb 2002 06:42:24 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g18BC3822225 for vserver.list; Fri, 8 Feb 2002 06:12:03 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from nninfo2.comm.it ([213.92.77.67]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g18BC2R22221 for ; Fri, 8 Feb 2002 06:12:03 -0500 Received: from MICROXP ([62.110.198.130]) by nninfo2.comm.it (8.9.3/8.9.3) with SMTP id MAA13821 for ; Fri, 8 Feb 2002 12:13:02 +0100 From: "Dave" To: Subject: RE: [vserver] vserver vs. freevsd Date: Fri, 8 Feb 2002 12:11:55 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <1013161739.2346.9.camel@amd.vsen.dk> Importance: Normal Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 33 > vserver requires a kernel patch. freevsd doesn't. I'm unfortunately not > clever enough to figure out, if that means that freevsd is less safe > than vserver, or if vserver is just troublesome as it can't use the > standard kernel. I'm a former FreeVSD developer, and all I can say is stay away from it. The company that was supporting the project has decided to close the source and to release it as a commercial product. There have been very few updates in the last year. Also, freevsd does require a lot of patches in the standard library and the basic administration tools (fileutils) and is much harder to maintain than what I've seen on vserver. Also, vserver is much more secure and flexible than freevsd from what I've seen till now. I'm currently working on a new project which will take the best of the two worlds, but there won't be anything to play with for a few weeks from now. Till then, i'd use vserver if I had to start from scratch. Dave. From vserver.error@solucorp.qc.ca Fri Feb 8 07:15:19 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g18CFJAh022913 for ; Fri, 8 Feb 2002 07:15:19 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g18BnP723149 for vserver.list; Fri, 8 Feb 2002 06:49:25 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from rhenium.btinternet.com (rhenium.btinternet.com [194.73.73.93]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g18BnOR23143 for ; Fri, 8 Feb 2002 06:49:25 -0500 Received: from host213-1-132-69.btinternet.com ([213.1.132.69] helo=john-new) by rhenium.btinternet.com with esmtp (Exim 3.22 #8) id 16Z9Wo-0000qB-00 for vserver@solucorp.qc.ca; Fri, 08 Feb 2002 11:49:19 +0000 Received: from 192.168.0.1 by john-new ([192.168.0.1] running VPOP3) with SMTP for ; Fri, 8 Feb 2002 11:49:00 -0000 From: "John Lyons" To: Subject: RE: [vserver] vserver vs. freevsd Date: Fri, 8 Feb 2002 11:48:59 -0000 Message-ID: <025801c1b096$98f5c0b0$0100a8c0@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: Importance: Normal X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 34 > I'm a former FreeVSD developer, and all I can say is stay > away from it. LOL, I've got visions of an AA meeting. Dave stands up and admits he's a recovering FreeVSD developer and it's a 'bit shakey' We all clap, and offer words of encouragement :-) (Sorry I have a strange imagination!) I've been trying to tempt some of the FreeVSD users to try vserver as I felt that it had the potential to be so much better and easier to use that FreeVSD. > I'm currently working on a new project which will take the > best of the two worlds, but there won't be anything to play with for a few > weeks from now. Till then, i'd use vserver if I had to start from scratch. Will this be Opensource? Sounds interesting :-) From vserver.error@solucorp.qc.ca Fri Feb 8 07:40:43 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g18CegAh023028 for ; Fri, 8 Feb 2002 07:40:43 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g18CJr623682 for vserver.list; Fri, 8 Feb 2002 07:19:53 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g18CJqR23678 for ; Fri, 8 Feb 2002 07:19:52 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id E2E86FFC for ; Fri, 8 Feb 2002 13:19:47 +0100 (CET) Subject: RE: [vserver] vserver vs. freevsd From: klavs klavsen To: vserver@solucorp.qc.ca In-Reply-To: <024f01c1b091$c7d50ee0$0100a8c0@johnnew> References: <024f01c1b091$c7d50ee0$0100a8c0@johnnew> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-Llgbzl/nRBFKTF0axIYE" X-Mailer: Evolution/1.0.1 Date: 08 Feb 2002 13:19:47 +0100 Message-Id: <1013170788.1697.15.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 35 --=-Llgbzl/nRBFKTF0axIYE Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Fri, 2002-02-08 at 12:14, John Lyons wrote: >=20 > > I'm looking for a secure environment to run 1 virtual server, > > on 1 real > > machine - for the purpose of protecting the machine against > > dumb users, hacked services and so forth. >=20 > Vserver is THE solution not freevsd. Based on what arguments/features? =20 > > vserver requires a kernel patch. freevsd doesn't. I'm > > unfortunately not clever enough to figure out, if that means that freev= sd > is less safe > > than vserver, or if vserver is just troublesome as it can't use the > > standard kernel. >=20 > OK, if you're not experienced enough to patch the kernel forget FreeVSD. = The > mailing list for freevsd is full of people trying to install, configure a= nd > use it who are having all sorts of problems. I have no problem with compiling/patching kernels. Sorry if I somehow gave that impression. I just want the safest possible setup for my need. was also thining of asking alter, how LIDS works with the vserver patch. =20 > My advice to you would be to try the binary kernel first. > I found that it didn't have the network driver loaded that I wanted and I > didn't want to load it as a module. In Dec 2001 I'd never built a kernel = but > within an hour of starting I'd patched the kernel, built it, installed > vserver and was well on my way to getting my first vserver running. There's a binary kernel for vserver? well i'll just compile my own, if I decide that vserver is the best for me :-) =20 > There are several tutorials on this eg > http://www.linuxgazette.com/issue68/ghosh.html >=20 > Stick with vserver it beats freevsd hands down for ease of use. ease of use, isn't enough, if it doesn't have the necessary features. freevsd comes with some webpage management utilities. sounds pretty nice. =20 --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-Llgbzl/nRBFKTF0axIYE Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8Y8Jj4c1kHlhtW8oRAiUzAKCoWeZIvRiAA7pkX9efAAXaiqs+CACfTYjM hewA2FrDiXQKvnktCqGXHyM= =4SAT -----END PGP SIGNATURE----- --=-Llgbzl/nRBFKTF0axIYE-- From vserver.error@solucorp.qc.ca Fri Feb 8 07:50:25 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g18CoOAh023058 for ; Fri, 8 Feb 2002 07:50:25 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g18CRWn23906 for vserver.list; Fri, 8 Feb 2002 07:27:32 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g18CRVR23902 for ; Fri, 8 Feb 2002 07:27:31 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id 8438DFFC for ; Fri, 8 Feb 2002 13:27:31 +0100 (CET) Subject: RE: [vserver] vserver vs. freevsd From: klavs klavsen To: vserver@solucorp.qc.ca In-Reply-To: References: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-B+ZuHa/8vX62SJNMmNsp" X-Mailer: Evolution/1.0.1 Date: 08 Feb 2002 13:27:31 +0100 Message-Id: <1013171251.1697.24.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 36 --=-B+ZuHa/8vX62SJNMmNsp Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Fri, 2002-02-08 at 12:11, Dave wrote: > > vserver requires a kernel patch. freevsd doesn't. I'm unfortunately not > > clever enough to figure out, if that means that freevsd is less safe > > than vserver, or if vserver is just troublesome as it can't use the > > standard kernel. >=20 > I'm a former FreeVSD developer, and all I can say is stay away from it. T= he > company that was supporting the project has decided to close the source a= nd > to release it as a commercial product. There have been very few updates i= n > the last year. but they already have a commercial counterpart for it ..(proVSD) they intend to close down the OpenSource part of the project? damn. few updates are not good. what about vserver? it's v0.10 - that doesn't sound to me like, it has much development going on. If the mailinglists archive were accessible via web, one might see how much is going on, and what troubles people have. If you want, I'm sure, I could talk to www.sslug.dk (danish LUG), as they have such a system - and they also have news access to mailinglists. >=20 > Also, freevsd does require a lot of patches in the standard library and t= he > basic administration tools (fileutils) and is much harder to maintain tha= n > what I've seen on vserver. Also, vserver is much more secure and flexible > than freevsd from what I've seen till now. sounds like a big plus for vserver. couldn't see any patches in the freevsd-1.4.9 rpm, so I didn't know. =20 > I'm currently working on a new project which will take the best of the tw= o > worlds, but there won't be anything to play with for a few weeks from now= . > Till then, i'd use vserver if I had to start from scratch. ok. Not to be a sour grape, but perhaps it would be a good idea to add your ideas/time to vserver instead - to provide 1 great product with features and flexibility - instead of two products with half the developers (or so).=20 Thank you for your info. --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-B+ZuHa/8vX62SJNMmNsp Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8Y8Qz4c1kHlhtW8oRAtd3AJ9dEpG0tyACK8mRQjodI+XZ+j0QjQCeJob0 pHiKJ+6v6lLqeFHR98CzROE= =01rA -----END PGP SIGNATURE----- --=-B+ZuHa/8vX62SJNMmNsp-- From vserver.error@solucorp.qc.ca Fri Feb 8 07:55:21 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g18CtLAh023074 for ; Fri, 8 Feb 2002 07:55:21 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g18CXBF24054 for vserver.list; Fri, 8 Feb 2002 07:33:11 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from web4.internetx.de (web4.internetx.de [195.127.139.92]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g18CXAR24050 for ; Fri, 8 Feb 2002 07:33:10 -0500 Received: from thomasp.internetx.de ([195.127.139.8]) by web4.internetx.de (8.12.2/8.12.2) with ESMTP id g18CX3N4014511 for ; Fri, 8 Feb 2002 13:33:03 +0100 Received: (from tomtom@localhost) by thomasp.internetx.de (8.11.3/8.11.3/SuSE Linux 8.11.1-0.5) id g18CWGw29839 for vserver@solucorp.qc.ca; Fri, 8 Feb 2002 13:32:16 +0100 Date: Fri, 8 Feb 2002 13:32:16 +0100 From: Thomas Preissler To: vserver@solucorp.qc.ca Subject: Re: [vserver] memory Message-ID: <20020208133215.M3899@thomasp.internetx.de> References: Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: ; from jonasb@hem.passagen.se on Fri, Feb 08, 2002 at 10:20:28AM +0100 Organization: InterNetX, Regensburg, Germany X-Uptime: 10:17am up 1 day, 16:35, 23 users, load average: 0.07, 0.15, 0.06 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 37 * Jonas Björklund wrote on 08 Feb 2002: > Hi, > > I installed vserver yesterday. I'm very impressed! I did have some problem > with the init scripts since I'm not running RedHat. But now it's working. Which problems exactly did you have? I can't start my rc-Scripts with init, too. I use plain SuSE 7.2. > > I have a question, is it possbile to limit the memory for each vserver? Oh, you want a "vulimit", isnt it? Greetz, Tom From vserver.error@solucorp.qc.ca Fri Feb 8 08:17:34 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g18DHXAh023209 for ; Fri, 8 Feb 2002 08:17:34 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g18Co4u24446 for vserver.list; Fri, 8 Feb 2002 07:50:04 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tungsten.btinternet.com (tungsten.btinternet.com [194.73.73.81]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g18Co4R24442 for ; Fri, 8 Feb 2002 07:50:04 -0500 Received: from host213-122-198-201.dial.btopenworld.com ([213.122.198.201] helo=john-new) by tungsten.btinternet.com with esmtp (Exim 3.22 #8) id 16ZATa-0003oo-00 for vserver@solucorp.qc.ca; Fri, 08 Feb 2002 12:50:04 +0000 Received: from 192.168.0.1 by john-new ([192.168.0.1] running VPOP3) with SMTP for ; Fri, 8 Feb 2002 12:49:31 -0000 From: "John Lyons" To: Subject: RE: [vserver] vserver vs. freevsd Date: Fri, 8 Feb 2002 12:49:29 -0000 Message-ID: <027001c1b09f$0d8d3090$0100a8c0@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <1013170788.1697.15.camel@amd.vsen.dk> Importance: Normal X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 38 > > Stick with vserver it beats freevsd hands down for ease of use. > ease of use, isn't enough, if it doesn't have the necessary features. > freevsd comes with some webpage management utilities. sounds pretty > nice. www.webhostingtalk.com discussions on freevsd explain how poor and restricted the web based control panel is. Vserver doesn't have a web based admin package with it yet (I'm trying to sort that out) but with root access to your virtual server you can easily install webmin which has 10 times as many features as the FreeVSD control panel. Regards John Lyons DomainCity http://www.domaincity.co.uk support@domaincity.co.uk ICQ 74187012 *********************************************************************** Please quote your account number in the subject line of all emails. Failure to do so may result in your enquiries taking longer to process. *********************************************************************** From vserver.error@solucorp.qc.ca Fri Feb 8 08:23:22 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g18DNLAh023245 for ; Fri, 8 Feb 2002 08:23:21 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g18Cw7x24593 for vserver.list; Fri, 8 Feb 2002 07:58:07 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.microbsd.net ([65.162.182.40]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g18Cw6R24589 for ; Fri, 8 Feb 2002 07:58:07 -0500 Received: from vpan (vpan [65.162.182.40]) by mail.microbsd.net (Postfix) with ESMTP id B6FF02299D for ; Fri, 8 Feb 2002 08:56:33 -0500 (EST) Subject: RE: [vserver] Control Panel From: Kerberus To: vserver@solucorp.qc.ca In-Reply-To: <027001c1b09f$0d8d3090$0100a8c0@johnnew> References: <027001c1b09f$0d8d3090$0100a8c0@johnnew> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Evolution/1.0.1 Date: 08 Feb 2002 08:56:33 -0500 Message-Id: <1013176593.97919.1.camel@vpan.netwolves.com> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 39 Who needs/wants a control panel ?????? I might just have such a beast I developed a while back ! > > www.webhostingtalk.com discussions on freevsd explain how poor and > restricted the web based control panel is. > > Vserver doesn't have a web based admin package with it yet (I'm trying to > sort that out) but with root access to your virtual server you can easily > install webmin which has 10 times as many features as the FreeVSD control > panel. From vserver.error@solucorp.qc.ca Fri Feb 8 08:47:15 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g18DlEAh023357 for ; Fri, 8 Feb 2002 08:47:14 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g18Cx4024608 for vserver.list; Fri, 8 Feb 2002 07:59:04 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tungsten.btinternet.com (tungsten.btinternet.com [194.73.73.81]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g18Cx3R24604 for ; Fri, 8 Feb 2002 07:59:03 -0500 Received: from host213-122-198-201.dial.btopenworld.com ([213.122.198.201] helo=john-new) by tungsten.btinternet.com with esmtp (Exim 3.22 #8) id 16ZAcI-00050i-00 for vserver@solucorp.qc.ca; Fri, 08 Feb 2002 12:59:03 +0000 Received: from 192.168.0.1 by john-new ([192.168.0.1] running VPOP3) with SMTP for ; Fri, 8 Feb 2002 12:58:43 -0000 From: "John Lyons" To: Subject: RE: [vserver] vserver vs. freevsd Date: Fri, 8 Feb 2002 12:58:43 -0000 Message-ID: <027101c1b0a0$56508ce0$0100a8c0@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <1013171251.1697.24.camel@amd.vsen.dk> Importance: Normal X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 40 > what about vserver? it's v0.10 - that doesn't sound to me like, it has > much development going on. > There are many more FreeVSD developers and users than vserver, but there aren't many users of FreeVSD that are actually able to contribute to it's development because it's such a complex package and the company behind FreeVSD are very cautious about accepting contributions from people outside the development group. Vserver was developed in house some time ago to facilitate specific development/testing tasks. It was released as open source in Oct last year, v0.1, as a fairly coherent system. There have been 10 versions released in 4 months. That's a much better development rate than Freevsd is going through, although I will concede FreeVSD has been around for longer. Regards John Lyons DomainCity http://www.domaincity.co.uk support@domaincity.co.uk ICQ 74187012 *********************************************************************** Please quote your account number in the subject line of all emails. Failure to do so may result in your enquiries taking longer to process. *********************************************************************** From vserver.error@solucorp.qc.ca Fri Feb 8 09:11:09 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g18EB8Ah023566 for ; Fri, 8 Feb 2002 09:11:08 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g18DgVZ25451 for vserver.list; Fri, 8 Feb 2002 08:42:31 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from nninfo2.comm.it ([213.92.77.67]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g18DgUR25447 for ; Fri, 8 Feb 2002 08:42:31 -0500 Received: from MICROXP ([62.110.198.130]) by nninfo2.comm.it (8.9.3/8.9.3) with SMTP id OAA21077 for ; Fri, 8 Feb 2002 14:43:35 +0100 From: "Dave" To: Subject: RE: [vserver] vserver vs. freevsd Date: Fri, 8 Feb 2002 14:42:26 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <1013170788.1697.15.camel@amd.vsen.dk> Importance: Normal Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 41 > ease of use, isn't enough, if it doesn't have the necessary features. > freevsd comes with some webpage management utilities. sounds pretty > nice. The webadmin scripts of freevsd have not been updated for 5 releases of freevsd now. They're missing important parts that were developed after. Dave. From vserver.error@solucorp.qc.ca Fri Feb 8 09:32:05 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g18EW4Ah023733 for ; Fri, 8 Feb 2002 09:32:04 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g18E05f25697 for vserver.list; Fri, 8 Feb 2002 09:00:05 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.trekia.se (stratos.trekia.se [212.105.83.242]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g18E04R25693 for ; Fri, 8 Feb 2002 09:00:04 -0500 Received: from localhost (jonas@localhost) by mail.trekia.se (8.11.1/8.11.1) with ESMTP id g18E03111282 for ; Fri, 8 Feb 2002 15:00:03 +0100 X-Authentication-Warning: stratos.trekia.se: jonas owned process doing -bs Date: Fri, 8 Feb 2002 15:00:03 +0100 (CET) From: jonasb@hem.passagen.se X-X-Sender: jonas@stratos To: vserver@solucorp.qc.ca Subject: Re: [vserver] memory In-Reply-To: <20020208133215.M3899@thomasp.internetx.de> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 42 Hi, > > I installed vserver yesterday. I'm very impressed! I did have some problem > > with the init scripts since I'm not running RedHat. But now it's working. > > Which problems exactly did you have? > > I can't start my rc-Scripts with init, too. > > I use plain SuSE 7.2. I use Debian. And I changed vserver script: #STARTCMD="/etc/rc.d/rc 3" STARTCMD="/etc/init.d/rc 2" Maybe there is more I have to change. But this is OK for now. I did have someproblems with compiling the kernel and vserver-0.10 but those problems was just because of me. =) > > I have a question, is it possbile to limit the memory for each vserver? > > Oh, you want a "vulimit", isnt it? I don't know. What does vulimit do? And where can I find it? From vserver.error@solucorp.qc.ca Fri Feb 8 09:48:47 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g18EmkAh023826 for ; Fri, 8 Feb 2002 09:48:46 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g18ENlC26124 for vserver.list; Fri, 8 Feb 2002 09:23:47 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from protactinium.btinternet.com (protactinium.btinternet.com [194.73.73.176]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g18ENkR26120 for ; Fri, 8 Feb 2002 09:23:47 -0500 Received: from host213-122-194-240.in-addr.btopenworld.com ([213.122.194.240] helo=john-new) by protactinium.btinternet.com with esmtp (Exim 3.22 #8) id 16ZBwH-0005FM-00 for vserver@solucorp.qc.ca; Fri, 08 Feb 2002 14:23:46 +0000 Received: from 192.168.0.1 by john-new ([192.168.0.1] running VPOP3) with SMTP for ; Fri, 8 Feb 2002 14:23:28 -0000 From: "John Lyons" To: Subject: RE: [vserver] Control Panel Date: Fri, 8 Feb 2002 14:23:27 -0000 Message-ID: <028201c1b0ac$2d0e9b40$0100a8c0@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <1013176593.97919.1.camel@vpan.netwolves.com> Importance: Normal X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 43 > Who needs/wants a control panel ?????? I might just have such > a beast I developed a while back ! If you've got something, yes by all means please let me have a nose. Regards John Lyons DomainCity http://www.domaincity.co.uk support@domaincity.co.uk ICQ 74187012 *********************************************************************** Please quote your account number in the subject line of all emails. Failure to do so may result in your enquiries taking longer to process. *********************************************************************** From vserver.error@solucorp.qc.ca Fri Feb 8 09:58:11 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g18EwAAh023930 for ; Fri, 8 Feb 2002 09:58:10 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g18EP6M26170 for vserver.list; Fri, 8 Feb 2002 09:25:06 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from web4.internetx.de (web4.internetx.de [195.127.139.92]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g18EP5R26166 for ; Fri, 8 Feb 2002 09:25:05 -0500 Received: from thomasp.internetx.de ([195.127.139.8]) by web4.internetx.de (8.12.2/8.12.2) with ESMTP id g18EP3N4004549 for ; Fri, 8 Feb 2002 15:25:03 +0100 Received: (from tomtom@localhost) by thomasp.internetx.de (8.11.3/8.11.3/SuSE Linux 8.11.1-0.5) id g18EOHo30981 for vserver@solucorp.qc.ca; Fri, 8 Feb 2002 15:24:17 +0100 Date: Fri, 8 Feb 2002 15:24:17 +0100 From: Thomas Preissler To: vserver@solucorp.qc.ca Subject: Re: [vserver] memory Message-ID: <20020208152417.S3899@thomasp.internetx.de> References: <20020208133215.M3899@thomasp.internetx.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from jonasb@hem.passagen.se on Fri, Feb 08, 2002 at 03:00:03PM +0100 Organization: InterNetX, Regensburg, Germany X-Uptime: 10:17am up 1 day, 16:35, 23 users, load average: 0.07, 0.15, 0.06 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 44 * jonasb@hem.passagen.se wrote on 08 Feb 2002: > Hi, > > > > I installed vserver yesterday. I'm very impressed! I did have some problem > > > with the init scripts since I'm not running RedHat. But now it's working. > > > > Which problems exactly did you have? > > > > I can't start my rc-Scripts with init, too. > > > > I use plain SuSE 7.2. > > I use Debian. And I changed vserver script: > > > #STARTCMD="/etc/rc.d/rc 3" > STARTCMD="/etc/init.d/rc 2" > > Maybe there is more I have to change. But this is OK for now. > > I did have someproblems with compiling the kernel and vserver-0.10 but > those problems was just because of me. =) > > > > I have a question, is it possbile to limit the memory for each vserver? > > > > Oh, you want a "vulimit", isnt it? > > I don't know. What does vulimit do? And where can I find it? Sorry. I did not want to confuse you. It was just an idea. From vserver.error@solucorp.qc.ca Fri Feb 8 10:55:36 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g18FtZAh024514 for ; Fri, 8 Feb 2002 10:55:36 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g18FHiU27181 for vserver.list; Fri, 8 Feb 2002 10:17:44 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.paradigm4.com.au (rucc1.paradigm4.com.au [203.30.104.9]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g18FHgR27177 for ; Fri, 8 Feb 2002 10:17:43 -0500 Received: (qmail 13273 invoked from network); 8 Feb 2002 15:25:43 -0000 Received: from p47.paradigm4.com.au (HELO mail.DigitalAngel.com.au) (bofh@203.30.104.47) by server.paradigm4.com.au with SMTP; 8 Feb 2002 15:25:43 -0000 Received: (qmail 23530 invoked from network); 8 Feb 2002 15:20:21 -0000 Received: from charley.home (HELO charlie) (10.0.0.4) by stanley.home with SMTP; 8 Feb 2002 15:20:21 -0000 From: edward@paradigm4.com.au Organization: Paradigm4 To: vserver@solucorp.qc.ca Date: Sat, 9 Feb 2002 02:34:12 +1100 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: RE: [vserver] vserver vs. freevsd Message-ID: <3C648AA4.16984.11E66A8@localhost> Priority: normal References: In-reply-to: <1013171251.1697.24.camel@amd.vsen.dk> X-mailer: Pegasus Mail for Win32 (v3.12c) Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 45 On Friday, 8 February 2002 at 13:27, klavs klavsen wrote: > If the mailinglists archive were accessible via web, one might see how > much is going on, and what troubles people have. If you want, I'm sure, > I could talk to www.sslug.dk (danish LUG), as they have such a system - > and they also have news access to mailinglists. Sounds like a good idea. Ed From vserver.error@solucorp.qc.ca Fri Feb 8 12:13:46 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g18HDjAh025614 for ; Fri, 8 Feb 2002 12:13:46 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g18GZCL29129 for vserver.list; Fri, 8 Feb 2002 11:35:12 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.paradigm4.com.au (rucc1.paradigm4.com.au [203.30.104.9]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g18GZBR29125 for ; Fri, 8 Feb 2002 11:35:11 -0500 Received: (qmail 16081 invoked from network); 8 Feb 2002 16:43:19 -0000 Received: from p47.paradigm4.com.au (HELO mail.DigitalAngel.com.au) (bofh@203.30.104.47) by server.paradigm4.com.au with SMTP; 8 Feb 2002 16:43:19 -0000 Received: (qmail 23663 invoked from network); 8 Feb 2002 16:37:34 -0000 Received: from charley.home (HELO charlie) (10.0.0.4) by stanley.home with SMTP; 8 Feb 2002 16:37:33 -0000 From: edward@paradigm4.com.au Organization: Paradigm4 To: vserver@solucorp.qc.ca Date: Sat, 9 Feb 2002 03:51:47 +1100 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: RE: [vserver] vserver vs. freevsd Message-ID: <3C649CD3.21197.165709D@localhost> Priority: normal References: <024f01c1b091$c7d50ee0$0100a8c0@johnnew> In-reply-to: <1013170788.1697.15.camel@amd.vsen.dk> X-mailer: Pegasus Mail for Win32 (v3.12c) Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 46 On Friday, 8 February 2002 at 13:19, klavs klavsen wrote: > I have no problem with compiling/patching kernels. Sorry if I somehow > gave that impression. I just want the safest possible setup for my need. > was also thining of asking alter, how LIDS works with the vserver patch. Last time I tried LIDS it clashed with vserver. A lot of work would be needed to adapt/combine both patches which is made even more difficult by LIDS lagging a bit behind in the base kernel ( e.g. their latest 2.4.x is 2.4.16 ). One of the great things about vserver is that it allows you to run more than 1 distro ( or set of servers ) _transparently_ on the same machine. If you are not really interested in that aspect and just want tight ( MAC ) security, you may want to look into SeLinux. http://www.nsa.gov/selinux/ There is also a set of security stuff for 2.4.x which you may find useful: http://www.grsecurity.net/ hth Ed From vserver.error@solucorp.qc.ca Fri Feb 8 14:09:35 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g18J9VAh026757 for ; Fri, 8 Feb 2002 14:09:33 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g18Ic0l31494 for vserver.list; Fri, 8 Feb 2002 13:38:00 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tincan.org ([216.64.180.202]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g18IbxR31490 for ; Fri, 8 Feb 2002 13:37:59 -0500 Received: from localhost (raanders@localhost) by tincan.org (8.9.3/8.8.7) with ESMTP id KAA15011 for ; Fri, 8 Feb 2002 10:37:57 -0800 Date: Fri, 8 Feb 2002 10:37:57 -0800 (PST) From: "Roderick A. Anderson" To: vserver@solucorp.qc.ca Subject: [vserver] New to list Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 47 Hi, Wanted to say hi and how happy I am that Jacques got this list up. I've been fiddling with vserver since late November off and on and actually have a machine running it. Two domains in vservers and one in the main. The main server isn't the greatest solution but since the system is located in colo about 30 miles away and I wanted to get it online I didn't spend a lot of time figuring out a really slick setup. The 'vserver' advantage is I can change it pretty easily from a remote location/login. With that I'd like to know is if anyone has got PostgreSQL (Pg) running in any configuration of main and vservers? I ran into a problem with - what I thing I understand - Pg binding to all the addresses. I created a v_postgresql init script but once I started Pg in a vserver, I couldn't restart it in the main server. Haven't had a chance to retry since I upgraded to the latest ctx kernel and rebooted. There was a short thread on the Pg list about this but I got the idea the fix required changes to the Pg code. Not received by the Pg people very well and Jacques says it shouldn't be a problem. Vserver should do the 'Right' thing. Enough rambling. Again, Hi. Rod -- Let Accuracy Triumph Over Victory Zetetic Institute "David's Sling" Marc Stiegler From vserver.error@solucorp.qc.ca Fri Feb 8 20:43:04 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g191h3Ah029707 for ; Fri, 8 Feb 2002 20:43:04 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g191JWb07533 for vserver.list; Fri, 8 Feb 2002 20:19:32 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from alien.vlad.net (alien.vlad.net [208.236.0.236]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g191JWR07528 for ; Fri, 8 Feb 2002 20:19:32 -0500 Received: from localhost (localhost.localdomain [127.0.0.1]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g191JSAi029504 for ; Fri, 8 Feb 2002 20:19:28 -0500 Date: Fri, 8 Feb 2002 20:19:28 -0500 (EST) From: Vlad To: vserver@solucorp.qc.ca Subject: [vserver] shrink wrap it In-Reply-To: <1013170788.1697.15.camel@amd.vsen.dk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 48 > There's a binary kernel for vserver? well i'll just compile my own, if I > decide that vserver is the best for me :-) > ease of use, isn't enough, if it doesn't have the necessary features. > freevsd comes with some webpage management utilities. sounds pretty > nice. Why is it that every few months people troll up from out of nowhere and expect a full comparison of features between two projects. At $80/box you can go to Best Buy and compare Mandrake and Redhat. However on a free mailing list, especially for a project provided free of charge, it makes for little common sense to show up and start insulting the users and developers of this code. For the record, vserver has the most documentation you will find for a project of this caliber and is very straight forward. There is a detailed installation doc on the web page http://www.solucorp.qc.ca/miscprj/s_context.hc?s1=4&s2=0&s3=0&s4=0&full=0&prjstate=1&nodoc=0 Now on to flaming: Part of dealing with open source projects is doing the research and figuring things out on your own. Perhaps thats why its not in a shrink wrapped box with a choice of 8 different GUI's to hold your hand. It involves research, debugging, and even writing code on your own. Tradeoff is hiring an incompetent consultant or Microsoft, pick your poison. If you expect free help I suggest you ask for it with plenty of detail and outmost respect for the people that you're expecting assistance from. Derogatory comments about development progress or inconvenient mailing list are not a good way to ask for help. Half-assed questions about lids and "standard kernel" just show you didn't even bother to look at the homepage; If you did you'd notice that there is a changelog page: 10 updates in 3 months. and further sarcasm: I think the real problem here is that the project web page doesn't have enough pictures or blinking "NEW" buttons. Reading turns everyone off, and just like back in high school, its easier to just find someone that has read the book already that can summarize it than for you to actually put in some effort. Damn words, they are everywhere! From vserver.error@solucorp.qc.ca Fri Feb 8 21:21:25 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g192LOAh030044 for ; Fri, 8 Feb 2002 21:21:25 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1927vu08335 for vserver.list; Fri, 8 Feb 2002 21:07:57 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from carbon.btinternet.com (carbon.btinternet.com [194.73.73.92]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1927uR08331 for ; Fri, 8 Feb 2002 21:07:57 -0500 Received: from host213-1-171-200.btinternet.com ([213.1.171.200] helo=john-new) by carbon.btinternet.com with esmtp (Exim 3.22 #8) id 16ZMve-0000qN-00 for vserver@solucorp.qc.ca; Sat, 09 Feb 2002 02:07:50 +0000 Received: from 213.1.171.200 by john-new ([213.1.171.200] running VPOP3) with SMTP for ; Sat, 9 Feb 2002 02:07:33 -0000 From: "John Lyons" To: Subject: RE: [vserver] shrink wrap it Date: Sat, 9 Feb 2002 02:07:32 -0000 Message-ID: <001f01c1b10e$895a9cc0$d3bd01d5@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal In-Reply-To: X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 49 > I think the real problem here is that the project web page > doesn't have > enough pictures or blinking "NEW" buttons. Reading turns > everyone off, and > just like back in high school, its easier to just find > someone that has > read the book already that can summarize it than for you to > actually put > in some effort. Damn words, they are everywhere! Well said that man! Vserver is written and supported by people who know what they're talking about. You only have to read this mailing list and compare it to the FreeVSD list to see the differences. This list is populated by developers who are able to discuss kernel code in detail and make an impact (I'm a pleb compared to 99% of vserver gurus here) The freevsd list is full of experienced sys admins and beginners all asking why X feature doesn't work or why their system has stopped working when they did Y. Vserver works and has so much potential because of it's clean look, excellent documentation and simplicity. FreeVSD users download 200 and 300mb skels for their servers because setting up a working virtual server is so complex. There is a danger that new users see a small download file 30 pages of docs and a few FAQ's and think that it's a lightweight package. They couldn't be more wrong. So far Vserver works for me. It does everything I want it to, there are no significant bugs that cause problems and I'm struggling to see what could possibly be done next to the system to improve it. To my mind it works and any further development is tweaking at the edges. (perhaps I'm wrong here as I'm not a teche and don't understand these things but I think it's darn good as it is :-)) Regards John Lyons DomainCity http://www.domaincity.co.uk support@domaincity.co.uk ICQ 74187012 From vserver.error@solucorp.qc.ca Fri Feb 8 22:37:06 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g193b5Ah030609 for ; Fri, 8 Feb 2002 22:37:05 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g193PVN09550 for vserver.list; Fri, 8 Feb 2002 22:25:31 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g193PVR09546 for ; Fri, 8 Feb 2002 22:25:31 -0500 Received: from remtk.solucorp.qc.ca (g39-19.citenet.net [206.123.39.19]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g193QJ648868 for ; Fri, 8 Feb 2002 22:26:25 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g193Cm302989 for vserver@solucorp.qc.ca; Fri, 8 Feb 2002 22:12:48 -0500 From: Jacques Gelinas Date: Fri, 8 Feb 2002 22:12:48 -0500 To: vserver@solucorp.qc.ca Subject: RE: [vserver] Control Panel X-mailer: tlmpmail 0.1 Message-ID: <20020208221248.975955d68928@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 50 On Fri, 8 Feb 2002 08:56:33 -0500, Kerberus wrote > Who needs/wants a control panel ?????? I might just have such a beast I > developed a while back ! What should it contain. I mean, vservers do not requires any special admin tools (webmin, linuxconf, name it, works normally there). So I guess someone wants some control panel to see what is going on, start/stop vserver I am planing a linuxconf module for vserver btw, which would handle the root server side of vserver. Ideas welcome. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Fri Feb 8 22:37:06 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g193b6Ah030610 for ; Fri, 8 Feb 2002 22:37:06 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g193PZe09559 for vserver.list; Fri, 8 Feb 2002 22:25:35 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g193PZR09555 for ; Fri, 8 Feb 2002 22:25:35 -0500 Received: from remtk.solucorp.qc.ca (g39-19.citenet.net [206.123.39.19]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g193Qa648891 for ; Fri, 8 Feb 2002 22:26:36 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g192u7402978 for vserver@solucorp.qc.ca; Fri, 8 Feb 2002 21:56:07 -0500 From: Jacques Gelinas Date: Fri, 8 Feb 2002 21:56:07 -0500 To: vserver@solucorp.qc.ca Subject: Re: [vserver] memory X-mailer: tlmpmail 0.1 Message-ID: <20020208215607.14c274f5f985@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 51 On Fri, 8 Feb 2002 13:32:16 -0500, Thomas Preissler wrote > Which problems exactly did you have? > > I can't start my rc-Scripts with init, too. > > I use plain SuSE 7.2. Since kernel 2.4.17ctx-6 and vserver 0.10, if you set the fakeinit parameter in the S_FLAGS entry of a vserver configuration file, like this S_FLAGS="nproc sched fakeinit" the vserver will be started simply by running /sbin/init. The standard /sbin/init of the distribution. So ajust you /vservers/xx/ete/inittab. removing stuff like the console getty and you are all set. Note that if you create the necessary node in /vserver/xx/dev (tty3 for example) you can very well run a virtual console in a vserver, creating a v-workstation :-) --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Fri Feb 8 22:38:10 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g193c9Ah030615 for ; Fri, 8 Feb 2002 22:38:09 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g193PcC09571 for vserver.list; Fri, 8 Feb 2002 22:25:38 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g193PcR09567 for ; Fri, 8 Feb 2002 22:25:38 -0500 Received: from remtk.solucorp.qc.ca (g39-19.citenet.net [206.123.39.19]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g193Qe648898 for ; Fri, 8 Feb 2002 22:26:40 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g193Jwu02992 for vserver@solucorp.qc.ca; Fri, 8 Feb 2002 22:19:58 -0500 From: Jacques Gelinas Date: Fri, 8 Feb 2002 22:19:58 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] shrink wrap it X-mailer: tlmpmail 0.1 Message-ID: <20020208221958.e2e85ca26571@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 52 On Fri, 8 Feb 2002 20:19:28 -0500, Vlad wrote > I think the real problem here is that the project web page doesn't have > enough pictures or blinking "NEW" buttons. Reading turns everyone off, and > just like back in high school, its easier to just find someone that has > read the book already that can summarize it than for you to actually put > in some effort. Damn words, they are everywhere! :-) Well, the web site has a ton of "new" buttons (well they are not blinking). But those buttons shows up based on what you have read so far in the document. So for you, nothing is new because you have read the document. Once in a while, new stuff appears for you when the document is enhanced. The document stores a cookie in your browser and this cookie is used to track the version of every page you have read in the document. This is stored in a MySQL database. When you visit the document, it can tell which page you have read and have been updated, and which page are really new for you. Btw, I have enhanced the presentation of the document with the table of content on the side. Anyway, this tracking was created to help people follow the evolution of the project. Reading the whole thing over and over to grasp what is new id not possible ... I intend to document all my projects using this technology btw. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Fri Feb 8 22:43:13 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g193hCAh030663 for ; Fri, 8 Feb 2002 22:43:13 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g193Pa109565 for vserver.list; Fri, 8 Feb 2002 22:25:36 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g193PaR09561 for ; Fri, 8 Feb 2002 22:25:36 -0500 Received: from remtk.solucorp.qc.ca (g39-19.citenet.net [206.123.39.19]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g193Qc648895 for ; Fri, 8 Feb 2002 22:26:38 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g192qjs02973 for vserver@solucorp.qc.ca; Fri, 8 Feb 2002 21:52:45 -0500 From: Jacques Gelinas Date: Fri, 8 Feb 2002 21:52:45 -0500 To: vserver@solucorp.qc.ca Subject: Re: [vserver] memory X-mailer: tlmpmail 0.1 Message-ID: <20020208215245.ba83481fff39@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 53 On Fri, 8 Feb 2002 22:01:39 -0500, edward@paradigm4.com.au wrote > On Friday, 8 February 2002 at 10:20, Jonas Björklund wrote: > > > I have a question, is it possbile to limit the memory for each vserver? > > Not directly atm ( work in progress ) > but you can limit the number of processes in each vserver ( NPROC parameter ) > and you can limit the memory that a single vserver process can have > > e.g. > > # limit RSS, DSS of a single process to 8MB and VM size of a process to 16MB > ulimit -m 8192 -d 8192 -v 16384 > # you can also limit the stack size > ulimit -s 8192 > # and the max. amount of "locked" memory ( not allowed to be swapped out ) > ulimit -l 8192 > # start your vserver > vserver start ... > > adjust the values as you see fit. Note that you can configure that in the per-vserver configuration file (/etc/vservers/*.conf). There is the ULIMIT line ULIMIT="-m 8192 -d 8192 -v 16384" and it will be used anytime to start the vserver. You can also use the S_NICE entry to control the nice level of every process in a vserver (the ceiling in fact since a process may request to be even nicer (less priority)). --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Fri Feb 8 22:49:47 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g193nkAh030690 for ; Fri, 8 Feb 2002 22:49:47 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g193Pf409579 for vserver.list; Fri, 8 Feb 2002 22:25:41 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g193PfR09574 for ; Fri, 8 Feb 2002 22:25:41 -0500 Received: from remtk.solucorp.qc.ca (g39-19.citenet.net [206.123.39.19]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g193Qf648901 for ; Fri, 8 Feb 2002 22:26:42 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g1939rY02985 for vserver@solucorp.qc.ca; Fri, 8 Feb 2002 22:09:53 -0500 From: Jacques Gelinas Date: Fri, 8 Feb 2002 22:09:53 -0500 To: vserver@solucorp.qc.ca Subject: RE: [vserver] RE: Performance, memory, etc X-mailer: tlmpmail 0.1 Message-ID: <20020208220953.7da211c5c377@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 54 On Wed, 6 Feb 2002 22:30:00 -0500, vserver@fruru.com wrote > Would it be possible to have two/three/multiple IPv4 roots in a vserver ? > That way we could do virtual hosting per vserver. > > Also, I've noticed that some applications (postgresql 7.2 :-) positively > want to bind to 127.0.0.1 which is hardcoded in the source. This doesn't > work with the current vservers. This is true. One solution would be to have one private loopback per vserver. (127.0.0.N) and translate dynamically from 127.0.0.1 to the vserver one. This is very easy to do for outgoing and incoming. There is a catch though. The current ipv4root of the vserver is mapping a bind(0.0.0.0), to a bind(ip-of-the-vserver). After this little modification in the kernel, the rest of the kernel simply work as usual. Now if a vserver is allowed to have several IP, including a private loopback, someone expect that if a service does a bind(0,0,0.0), it will handle every incoming connection, to any of its allocated IP. So the current vserver solution, which translate to 5 lines of code in the kernel won't work anymore. Someone post a patch I have to review about this btw. Sorry, I am very late but I really wanted to fix some security issues first as vservers are already in production in various places... One solution to the multiple IP per vserver would be to change the semantic a bit. Instead of assigning one IP per vserver, we would assign one network device per vserver. One network interface including all its IP aliases. So doing a bind(0,0,0.0) would translate to handle every connection touching the network device. Those who have been in linux for a long time propably remember the old dummy device, which was used for a long time as the "IP aliases of the poor" until linux supports normal IP aliases. Well, with this idea, the dummy devices may become very popular, again. The next steps in the vserver project are per vserver resources limitation multiple IP solution vserver monitoring, intrusion detection, ... some security framework/administration tools The later includes some normalisation of the rollout concept. The idea is that instead of having one vserver, you would have multiple instance of a vserver. Once instance is production, the other is developpement, the other is old-production and the admin would be able to decide which is which. Well, stuff like that. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Fri Feb 8 23:44:51 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g194ipAh031046 for ; Fri, 8 Feb 2002 23:44:51 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g194a2K10855 for vserver.list; Fri, 8 Feb 2002 23:36:02 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.paradigm4.com.au (rucc1.paradigm4.com.au [203.30.104.9]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g194a0R10849 for ; Fri, 8 Feb 2002 23:36:01 -0500 Received: (qmail 16310 invoked from network); 9 Feb 2002 04:44:15 -0000 Received: from p47.paradigm4.com.au (HELO mail.DigitalAngel.com.au) (bofh@203.30.104.47) by server.paradigm4.com.au with SMTP; 9 Feb 2002 04:44:15 -0000 Received: (qmail 25006 invoked from network); 9 Feb 2002 04:38:38 -0000 Received: from charley.home (HELO charlie) (10.0.0.4) by stanley.home with SMTP; 9 Feb 2002 04:38:38 -0000 From: edward@paradigm4.com.au Organization: Paradigm4 To: vserver@solucorp.qc.ca Date: Sat, 9 Feb 2002 15:52:38 +1100 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: [vserver] New to list Message-ID: <3C6545C6.21424.309A3A@localhost> Priority: normal In-reply-to: X-mailer: Pegasus Mail for Win32 (v3.12c) Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 55 On Friday, 8 February 2002 at 10:37, Roderick A. Anderson wrote: > With that I'd like to know is if anyone has got PostgreSQL (Pg) running > in any configuration of main and vservers? I ran into a problem with - > what I thing I understand - Pg binding to all the addresses. I created > a v_postgresql init script but once I started Pg in a vserver, I > couldn't restart it in the main server. Haven't had a chance to retry > since I upgraded to the latest ctx kernel and rebooted. I had similar problem too, I think it was something to do with the way Pg uses ipc/shared memory. I haven't tried it with the latest kernel yet which is supposed to make ipc private. Ed From vserver.error@solucorp.qc.ca Fri Feb 8 23:46:10 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g194k9Ah031062 for ; Fri, 8 Feb 2002 23:46:10 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g194a6X10865 for vserver.list; Fri, 8 Feb 2002 23:36:06 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.paradigm4.com.au (rucc1.paradigm4.com.au [203.30.104.9]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g194a4R10861 for ; Fri, 8 Feb 2002 23:36:05 -0500 Received: (qmail 16319 invoked from network); 9 Feb 2002 04:44:18 -0000 Received: from p47.paradigm4.com.au (HELO mail.DigitalAngel.com.au) (bofh@203.30.104.47) by server.paradigm4.com.au with SMTP; 9 Feb 2002 04:44:18 -0000 Received: (qmail 25009 invoked from network); 9 Feb 2002 04:38:39 -0000 Received: from charley.home (HELO charlie) (10.0.0.4) by stanley.home with SMTP; 9 Feb 2002 04:38:39 -0000 From: edward@paradigm4.com.au Organization: Paradigm4 To: vserver@solucorp.qc.ca Date: Sat, 9 Feb 2002 15:52:38 +1100 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: [vserver] shrink wrap it Message-ID: <3C6545C6.21433.309A30@localhost> Priority: normal References: <1013170788.1697.15.camel@amd.vsen.dk> In-reply-to: X-mailer: Pegasus Mail for Win32 (v3.12c) Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 56 On Friday, 8 February 2002 at 20:19, Vlad wrote: > Part of dealing with open source projects is doing the research and > figuring things out on your own. Perhaps thats why its not in a shrink > wrapped box with a choice of 8 different GUI's to hold your hand. It I think Jacques will disagree with you on this. I believe he's seeing ease of use as important part of this project, hence the new admin utilities that require linuxconf (not to my personal taste but if it helps people, why not). > If you expect free help I suggest you ask for it with plenty of detail and outmost respect for > the people that you're expecting assistance from. Yes, that's the right way. > Derogatory comments about development progress or inconvenient mailing > list are not a good way to ask for help. That is also true, but why not help anyway. Not everyone has the same communication skills. I believe that encouraging people to learn more with positive feedback instead of exchanging flames is more benefical to everyone. > I think the real problem here is that the project web page doesn't have > enough pictures or blinking "NEW" buttons. Reading turns everyone off, and > just like back in high school, its easier to just find someone that has > read the book already that can summarize it than for you to actually put > in some effort. Damn words, they are everywhere! :) From vserver.error@solucorp.qc.ca Fri Feb 8 23:51:17 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g194pGAh031106 for ; Fri, 8 Feb 2002 23:51:17 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g194a2P10859 for vserver.list; Fri, 8 Feb 2002 23:36:02 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.paradigm4.com.au (rucc1.paradigm4.com.au [203.30.104.9]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g194a1R10850 for ; Fri, 8 Feb 2002 23:36:01 -0500 Received: (qmail 16311 invoked from network); 9 Feb 2002 04:44:15 -0000 Received: from p47.paradigm4.com.au (HELO mail.DigitalAngel.com.au) (bofh@203.30.104.47) by server.paradigm4.com.au with SMTP; 9 Feb 2002 04:44:15 -0000 Received: (qmail 25007 invoked from network); 9 Feb 2002 04:38:39 -0000 Received: from charley.home (HELO charlie) (10.0.0.4) by stanley.home with SMTP; 9 Feb 2002 04:38:39 -0000 From: edward@paradigm4.com.au Organization: Paradigm4 To: vserver@solucorp.qc.ca Date: Sat, 9 Feb 2002 15:52:38 +1100 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: RE: [vserver] shrink wrap it Message-ID: <3C6545C6.32448.309A45@localhost> Priority: normal In-reply-to: <001f01c1b10e$895a9cc0$d3bd01d5@johnnew> References: X-mailer: Pegasus Mail for Win32 (v3.12c) Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 57 On Saturday, 9 February 2002 at 2:07, John Lyons wrote: > Vserver works and has so much potential because of it's clean look, > excellent documentation and simplicity. FreeVSD users download 200 and 300mb > skels for their servers because setting up a working virtual server is so > complex. > > There is a danger that new users see a small download file 30 pages of docs > and a few FAQ's and think that it's a lightweight package. They couldn't be > more wrong. Well, it _is_ a lightweight package, in a good sense. You mentioned the simplicity yourself which makes it easy to audit and understand what's going on. Before I came across vserver in Nov. last year, I tried freevsd, usermode linux, selinux. but neither was suitable for me. Vserver is a great and simple idea and the implementation is getting better and better. Ed From vserver.error@solucorp.qc.ca Sat Feb 9 06:36:46 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g19BakAh003496 for ; Sat, 9 Feb 2002 06:36:46 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g19BExH19506 for vserver.list; Sat, 9 Feb 2002 06:14:59 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.trekia.se (stratos.trekia.se [212.105.83.242]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g19BEvR19502 for ; Sat, 9 Feb 2002 06:14:58 -0500 Received: from localhost (jonas@localhost) by mail.trekia.se (8.11.1/8.11.1) with ESMTP id g19BEZq21322 for ; Sat, 9 Feb 2002 12:14:35 +0100 X-Authentication-Warning: stratos.trekia.se: jonas owned process doing -bs Date: Sat, 9 Feb 2002 12:14:35 +0100 (CET) From: jonasb@hem.passagen.se X-X-Sender: jonas@stratos To: vserver@solucorp.qc.ca Subject: RE: [vserver] RE: Performance, memory, etc In-Reply-To: <20020208220953.7da211c5c377@remtk.solucorp.qc.ca> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 58 Hi! > Instead of assigning one IP per vserver, we would assign one network > device per vserver. I think it would be better to add several IP's instead of a network. Some hostingproviders don't give you IP adresses in the same net. Thanks and keep up the good work! From vserver.error@solucorp.qc.ca Sat Feb 9 07:34:56 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g19CYtAh003734 for ; Sat, 9 Feb 2002 07:34:55 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g19CHTp20531 for vserver.list; Sat, 9 Feb 2002 07:17:29 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g19CHSR20527 for ; Sat, 9 Feb 2002 07:17:29 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id AD1E3FFC for ; Sat, 9 Feb 2002 13:17:21 +0100 (CET) Subject: Re: [vserver] shrink wrap it From: klavs klavsen To: vserver@solucorp.qc.ca In-Reply-To: References: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-beZ1x6QEFWQKqm/1S56K" X-Mailer: Evolution/1.0.1 Date: 09 Feb 2002 13:17:20 +0100 Message-Id: <1013257041.1698.34.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 59 --=-beZ1x6QEFWQKqm/1S56K Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Sat, 2002-02-09 at 02:19, Vlad wrote: >=20 > > There's a binary kernel for vserver? well i'll just compile my own, if = I > > decide that vserver is the best for me :-) > > ease of use, isn't enough, if it doesn't have the necessary features. > > freevsd comes with some webpage management utilities. sounds pretty > > nice. >=20 > Why is it that every few months people troll up from out of nowhere and=20 > expect a full comparison of features between two projects. > At $80/box you can go to Best Buy and compare Mandrake and Redhat. I didn't expect anything. I just figured, that users of the vserver project would have a reasoning for using it, that I would like to know, as I'm looking into the project myself. Also users of one project such as vserver, are almost certain to have reviewed other solutions that try to solve the same problems, and thus I hoped that these people would share their reasoning for choosing vserver. I can't see the harm in asking people why they chose one, over the other. > However on a free=20 > mailing list, especially for a project provided free of charge, it makes=20 > for little common sense to show up and start insulting the users and=20 > developers of this code.=20 I'm sorry if I insulted you, that was not my intent. I think you've heavily misunderstood what I was asking about. >=20 > For the record, vserver has the most documentation you will find for a=20 > project of this caliber and is very straight forward. There is a detailed= =20 > installation doc on the web page=20 > http://www.solucorp.qc.ca/miscprj/s_context.hc?s1=3D4&s2=3D0&s3=3D0&s4=3D= 0&full=3D0&prjstate=3D1&nodoc=3D0 Nice to know. =20 > Now on to flaming: >=20 > Part of dealing with open source projects is doing the research and=20 > figuring things out on your own. Perhaps thats why its not in a shrink=20 > wrapped box with a choice of 8 different GUI's to hold your hand. It=20 > involves research, debugging, and even writing code on your own.=20 I must disagree. If that were so, there wouldn't be as many Linux users as there are today.If a project reaches a broad user-base (including "dumb" users), it will almost certainly gain from that, in many ways. I'm not the great programmer. I've dabbled a little, but haven't coded much the last few years (except for shell scripts and sysadmin perl scripts), as I've been working as a sysadmin. My reason for looking for a project like vserver, is to find an easy and secure way to implement a very secure system. F.ex. if I install a server for a costumer, it would be nice to know, that their services run on a vserver partition, so that if a hacker got in, the measures on the root-server would be able to detect that, and the hacker would not be able to stop this detection.This way I can sleep easy, even though I've given the costumer full access to the vserver. Otherwise I would have to be over them, hoping they remembered to update for each vulnerability and so on. Ease of mind, is a very important thing for me as a System Administrator and Consultant - this also means a lot to the User/Costumer. When I leave the costumer, I know they are gonna do dumb things, I just want to deliver a system, that somehow protects them as well as possible against this. So that they would get an email saying - Whoops.. call a qualified technician - you're in trouble. it's measures like this, that will enable small companys to make use of Open Source Systems, and it is usability like this that will lead to Open Source Conquering the world :-) >Tradeoff=20 > is hiring an incompetent consultant or Microsoft, pick your poison. If yo= u=20 > expect free help I suggest you ask for it with plenty of detail and=20 > outmost respect for the people that you're expecting assistance from.=20 > Derogatory comments about development progress or inconvenient mailing=20 > list are not a good way to ask for help. For the record, I've been a member of SSLUG for many years, and I've helped many people. SSLUG is ONLY about helping people for free. We do't discuss development or anything like that here. try doing this search on google ""klavs klavsen" site:www.sslug.dk" you'lle get more than 1400 hits. Each of them being me helping someone with their specific problem. So please drop the crap about, if you expect free help. I hope only to get, what I myself give out, as should anyone. Apperantly I didn't write humbly enough for your liking. If you think my questions could/should be taken as an insult, I suggest you stop, and try asking me if I meant to insult you. Don't just expect that I did. What you appereantly think is an insult, I see as a straight forward question. Half-assed questions about lids=20 > and "standard kernel"=20 that's not half assed. LIDS does have very good functionality, that one might think could be very good to combine with the qualities of f.ex. vserver. As I can see from the other answers, I'm not the only one thinking this.=20 >just show you didn't even bother to look at the=20 > homepage; If you did you'd notice that there is a changelog page: 10=20 > updates in 3 months.=20 I have seen the homepage. I also know that it took the Linux kernel many years to get where it is now! ie. stability and performance quality software takes time to develop. And I couldn't see any place, saying when this project started, and it only was at 0.10 because it was release as a stable project with release 0.1. don't know why anyone would think a v0.10 should be considered stable and production ready software. Most people change versions to a v1.x when it's stable. >=20 > and further sarcasm: >=20 > I think the real problem here is that the project web page doesn't have=20 > enough pictures or blinking "NEW" buttons. Reading turns everyone off, an= d=20 > just like back in high school, its easier to just find someone that has=20 > read the book already that can summarize it than for you to actually put=20 > in some effort. Damn words, they are everywhere! Haven't you gotten enough of yourself. i have. damn you are not really a people person are you?. What kind of half assed, crap remark is that? =20 --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-beZ1x6QEFWQKqm/1S56K Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD4DBQA8ZRNQ4c1kHlhtW8oRAjGAAJdxCgKy5u0PfmF4IAoQmodGln03AJ0VC1Ic p6v5/y2b959V8DRNIZHE/g== =N7pG -----END PGP SIGNATURE----- --=-beZ1x6QEFWQKqm/1S56K-- From vserver.error@solucorp.qc.ca Sat Feb 9 07:50:57 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g19CouAh003864 for ; Sat, 9 Feb 2002 07:50:57 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g19CQf920676 for vserver.list; Sat, 9 Feb 2002 07:26:41 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g19CQeR20672 for ; Sat, 9 Feb 2002 07:26:41 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id 9AC60FFC for ; Sat, 9 Feb 2002 13:26:40 +0100 (CET) Subject: RE: [vserver] vserver vs. freevsd From: klavs klavsen To: vserver@solucorp.qc.ca In-Reply-To: <3C648AA4.16984.11E66A8@localhost> References: <3C648AA4.16984.11E66A8@localhost> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-Pekds/dGwm+ok5OYnneU" X-Mailer: Evolution/1.0.1 Date: 09 Feb 2002 13:26:40 +0100 Message-Id: <1013257600.1699.38.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 60 --=-Pekds/dGwm+ok5OYnneU Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Fri, 2002-02-08 at 16:34, edward@paradigm4.com.au wrote: > On Friday, 8 February 2002 at 13:27, klavs klavsen wrote: >=20 > > If the mailinglists archive were accessible via web, one might see how > > much is going on, and what troubles people have. If you want, I'm sure, > > I could talk to www.sslug.dk (danish LUG), as they have such a system - > > and they also have news access to mailinglists. >=20 > Sounds like a good idea. glad you liked it. Are the messages from the mailinglist stored in any way at present? I'll talk to SSLUG and get the details of their solution. do you want to start with the web-archives of the mailinglist, or would you like more features? do you have any current plans of doing anything like this, has there been done any work already? Can the solution be hosted on the server that hosts the vserver homepage? If so, who has admin rights to this machine - we'll need to collaborate with someone, who can actully get to the machine and install it.=20 --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-Pekds/dGwm+ok5OYnneU Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8ZRWA4c1kHlhtW8oRAtGHAJ42UJhGSOIhL3Nl72Z3TmKNKkMF/QCfUjDG iFh+w1icK6iInS9BbWasr9U= =yhD3 -----END PGP SIGNATURE----- --=-Pekds/dGwm+ok5OYnneU-- From vserver.error@solucorp.qc.ca Sat Feb 9 07:55:59 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g19CtwAh003878 for ; Sat, 9 Feb 2002 07:55:58 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g19CVdM20754 for vserver.list; Sat, 9 Feb 2002 07:31:39 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g19CVcR20750 for ; Sat, 9 Feb 2002 07:31:38 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id 79ABBFFC for ; Sat, 9 Feb 2002 13:31:38 +0100 (CET) Subject: RE: [vserver] shrink wrap it From: klavs klavsen To: vserver@solucorp.qc.ca In-Reply-To: <3C6545C6.32448.309A45@localhost> References: <3C6545C6.32448.309A45@localhost> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-BkTqI87jaIvVmYzx2uPu" X-Mailer: Evolution/1.0.1 Date: 09 Feb 2002 13:31:38 +0100 Message-Id: <1013257898.1698.42.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 61 --=-BkTqI87jaIvVmYzx2uPu Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Sat, 2002-02-09 at 05:52, edward@paradigm4.com.au wrote: > Well, it _is_ a lightweight package, in a good sense. > You mentioned the simplicity yourself which makes it easy to audit and un= derstand > what's going on. >=20 > Before I came across vserver in Nov. last year, I tried freevsd, usermode= linux, selinux. > but neither was suitable for me. Vserver is a great and simple idea and t= he implementation is=20 > getting better and better. Great. I figured there would be people on the list, who had evaluated all the other solutions for their specific purpose, and that they have a reasoning, as to why they choose vserver. I would very much like to know your purpose for using a product like vserver, and what makes it the best for you. =20 --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-BkTqI87jaIvVmYzx2uPu Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8ZRaq4c1kHlhtW8oRAljaAJ4jRwahkIIJGtykYkAgICfhaf9yVQCdEaQr 6JsGnZisqMTyhuUZ/MCy67c= =jjFu -----END PGP SIGNATURE----- --=-BkTqI87jaIvVmYzx2uPu-- From vserver.error@solucorp.qc.ca Sat Feb 9 10:05:40 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g19F5dAh004634 for ; Sat, 9 Feb 2002 10:05:39 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g19EYNe22897 for vserver.list; Sat, 9 Feb 2002 09:34:23 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from gadolinium.btinternet.com (gadolinium.btinternet.com [194.73.73.111]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g19EYNR22893 for ; Sat, 9 Feb 2002 09:34:23 -0500 Received: from host213-122-123-136.in-addr.btopenworld.com ([213.122.123.136] helo=john-new) by gadolinium.btinternet.com with esmtp (Exim 3.22 #8) id 16ZYa5-0000C3-00 for vserver@solucorp.qc.ca; Sat, 09 Feb 2002 14:34:21 +0000 Received: from 213.122.123.136 by john-new ([213.122.123.136] running VPOP3) with SMTP for ; Sat, 9 Feb 2002 14:34:02 -0000 From: "John Lyons" To: Subject: RE: [vserver] shrink wrap it Date: Sat, 9 Feb 2002 14:33:59 -0000 Message-ID: <002f01c1b176$d180c8e0$b38c7ad5@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <1013257898.1698.42.camel@amd.vsen.dk> Importance: Normal X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 62 > Great. I figured there would be people on the list, who had evaluated > all the other solutions for their specific purpose, and that > they have a reasoning, as to why they choose vserver. We were looking for something that would allow us to deliver dedicated server style hosting packages on a shared hosting platform. Ensim and FreeVSD were considered, Ensim was dismissed from day 1 as it's a paid for package. We couldn't compete with FreeBSD and FreeVSD hosts if we had to take a large software cost into account. I'd monitored the mailing list for FreeVSD for over 12 months and tried on many occasions to get it working over the last 12 months. I'm not an experienced sys admin, I've been using Linux servers for 3 years, I don't have a desktop Linux box but I do run 10 Linux servers quite well. My biggest worries with FreeVSD were:- What happens when FreeVSD needs upgrading to the next version, am I going to struggle? If the host server starts playing up am I going to be able to fix it? Do I understand enough about the nuts and bolts of FreeVSD to be able to trouble shoot if something goes wrong? I've read the documentation cover to cover and read most messages on the mailing list for 12 months. It may be that I'm just thick :) but I still don't fell confident with it. The answers to the above questions ruled out using it on a mission critical system. > I would very much like to know your purpose for using a product like > vserver, and what makes it the best for you. I installed vserver for the first time in Dec. It worked first time and I'd got a vserver running after 20 mins work and reading the docs. Problems like needing CAP_NET_RAW in the conf file were fixed after a quick mail to the mailing list, a big DOH!, & slap on the forehead. Within 48 hours of starting to use vserver I'd patched and compiled my first kernel, something I'd never dared to do before. What's most important is that there are examples in the documentation to explain what each addition to the kernel does. I understand how and why vserver works and with my limited knowledge and experience that's a good thing! I now have two non production servers. One runs 5 live vs's the other backs them up to provide hardware failover. I'm 3 weeks into basic testing trials with 5 customer. A fuller scale trial starts with another 5 customers in 3 weeks time after I hope to have upgraded both servers to ctx-10. In the next 4 to 8 weeks we're hoping that we'll have done enough testing to launch the vserver as the basis for a new hosting package. So far so good, no serious bugs found and all is going well. If you're a serious/experienced sys admin it'll take you 30 to 60 mins to down load and install vserver on a test machine and then you can get a feel for it. (I'd put money on you not being able to do that with FreeVSD) Regards John Lyons DomainCity http://www.domaincity.co.uk support@domaincity.co.uk ICQ 74187012 *********************************************************************** Please quote your account number in the subject line of all emails. Failure to do so may result in your enquiries taking longer to process. *********************************************************************** From vserver.error@solucorp.qc.ca Sat Feb 9 13:55:40 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g19ItdAh006622 for ; Sat, 9 Feb 2002 13:55:40 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g19IaTA27044 for vserver.list; Sat, 9 Feb 2002 13:36:29 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g19IaMR27040 for ; Sat, 9 Feb 2002 13:36:23 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id 38CC7FFC for ; Sat, 9 Feb 2002 19:36:14 +0100 (CET) Subject: RE: [vserver] shrink wrap it From: klavs klavsen To: vserver@solucorp.qc.ca In-Reply-To: <002f01c1b176$d180c8e0$b38c7ad5@johnnew> References: <002f01c1b176$d180c8e0$b38c7ad5@johnnew> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-NljUGPRArTEGrgFTjsyE" X-Mailer: Evolution/1.0.1 Date: 09 Feb 2002 19:36:10 +0100 Message-Id: <1013279775.1688.8.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 63 --=-NljUGPRArTEGrgFTjsyE Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Thank you John, for taking the time. On Sat, 2002-02-09 at 15:33, John Lyons wrote: > We were looking for something that would allow us to deliver dedicated > server style hosting packages on a shared hosting platform. Ensim and > FreeVSD were considered, Ensim was dismissed from day 1 as it's a paid fo= r > package. We couldn't compete with FreeBSD and FreeVSD hosts if we had to > take a large software cost into account. >=20 > I'd monitored the mailing list for FreeVSD for over 12 months and tried o= n > many occasions to get it working over the last 12 months. I'm not an > experienced sys admin, I've been using Linux servers for 3 years, I don't > have a desktop Linux box but I do run 10 Linux servers quite well. >=20 > My biggest worries with FreeVSD were:- >=20 > What happens when FreeVSD needs upgrading to the next version, am I going= to > struggle? > If the host server starts playing up am I going to be able to fix it? > Do I understand enough about the nuts and bolts of FreeVSD to be able to > trouble shoot if something goes wrong? I get your worries. It shouldn't be so hard. It didn't look so hard to me, but then again, the RPM's I downloaded didn't contain a kernel patch, or even a kernel. But after what I've heard from you guys, and seeing as I haven't gotten (almost) any response from freevsd mailinglist, it does seem as freevsd is dying. >=20 > I've read the documentation cover to cover and read most messages on the > mailing list for 12 months. It may be that I'm just thick :) but I still > don't fell confident with it. The answers to the above questions ruled ou= t > using it on a mission critical system. >=20 > > I would very much like to know your purpose for using a product like > > vserver, and what makes it the best for you. >=20 > I installed vserver for the first time in Dec. It worked first time and I= 'd > got a vserver running after 20 mins work and reading the docs. Problems > like needing CAP_NET_RAW in the conf file were fixed after a quick mail t= o > the mailing list, a big DOH!, & slap on the forehead. Within 48 hours of > starting to use vserver I'd patched and compiled my first kernel, somethi= ng > I'd never dared to do before. >=20 > What's most important is that there are examples in the documentation to > explain what each addition to the kernel does. I understand how and why > vserver works and with my limited knowledge and experience that's a good > thing! I agree. >=20 > I now have two non production servers. One runs 5 live vs's the other bac= ks > them up to provide hardware failover. I'm 3 weeks into basic testing tria= ls > with 5 customer. A fuller scale trial starts with another 5 customers in = 3 > weeks time after I hope to have upgraded both servers to ctx-10. In the n= ext > 4 to 8 weeks we're hoping that we'll have done enough testing to launch t= he > vserver as the basis for a new hosting package. So far so good, no seriou= s > bugs found and all is going well. sounds good. Nice to know. =20 > If you're a serious/experienced sys admin it'll take you 30 to 60 mins to > down load and install vserver on a test machine and then you can get a fe= el > for it. (I'd put money on you not being able to do that with FreeVSD) well.. I've setup and administered cnn.dk, bt.dk, berlingske.dk (last 2 are biggest newspapers in DK - bt.dk alone has approx 3 mill. pageviews a week) and 17 other sites for the last 3 years :-) - does give you some experience.I've just quit my job, to be an independant Open Source Consultant.. having fun. Do you know, if I can run OpenLDAP, Samba, Apache+php and MySQL on a vserver? --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-NljUGPRArTEGrgFTjsyE Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8ZWwa4c1kHlhtW8oRAudVAJ9euRr81mc48v/hIcS2rHBOR7ukfQCgsJS3 yyuU0mSOxytR7O9mZbGm6FA= =lBfk -----END PGP SIGNATURE----- --=-NljUGPRArTEGrgFTjsyE-- From vserver.error@solucorp.qc.ca Sat Feb 9 14:31:18 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g19JVHAh006990 for ; Sat, 9 Feb 2002 14:31:17 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g19Iq3S27323 for vserver.list; Sat, 9 Feb 2002 13:52:03 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tincan.org ([216.64.180.202]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g19Iq3R27318 for ; Sat, 9 Feb 2002 13:52:03 -0500 Received: from localhost (raanders@localhost) by tincan.org (8.9.3/8.8.7) with ESMTP id KAA09588 for ; Sat, 9 Feb 2002 10:51:56 -0800 Date: Sat, 9 Feb 2002 10:51:56 -0800 (PST) From: "Roderick A. Anderson" To: vserver@solucorp.qc.ca Subject: RE: [vserver] shrink wrap it In-Reply-To: <1013257898.1698.42.camel@amd.vsen.dk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 64 On 9 Feb 2002, klavs klavsen wrote: > I would very much like to know your purpose for using a product like > vserver, and what makes it the best for you. Well you'll like this. It was the first thing I'd seen outside and IBM mainframe that did this. And I happened across it while reading Linux Weekly News. I've used Linuxconf - and get down right ticked off when I can't - since Redhat Linux 4.2 I think and I knew of Jacques quick response to problems and suggestions for it. What the heck. Couldn't be any easier. Spent several hours over a couple of days reading the documentation and musing how to upgrade my Redhat Linux 7.2 kernel so it matched the, then 2.4.16 kernel, vserver was using. Got really frustrated and mail Jacques (on a week-end no less) then said what the heck and installed it. Heard back Jacques with a lucid explanation why I was making it too difficult. Made a few configuration changes and had it working. A few more messages - pre mailing list - to work some of ideas into my thick head and was informed of the standing joke at Solucorp. 'No more than 3 vservers per developer per day.' If it is that easy and useful how wrong could I go? In another message I mention I have three domains - two on vservers and I'm looking at how to use it for small companies that need/want their departments to have each have their own servers but the load is low enough to make another chunk of hardware too expensive. Loads of other ideas including student machines - sys admin training - that they can screw up totally but not affect the main or other students servers. You might get the idea I REALLY like vserver and you'd be right. Regards, Rod -- Let Accuracy Triumph Over Victory Zetetic Institute "David's Sling" Marc Stiegler From vserver.error@solucorp.qc.ca Sat Feb 9 14:50:01 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g19Jo0Ah007146 for ; Sat, 9 Feb 2002 14:50:01 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g19JZBB27952 for vserver.list; Sat, 9 Feb 2002 14:35:11 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g19JZAR27948 for ; Sat, 9 Feb 2002 14:35:10 -0500 Received: (qmail 6130 invoked by uid 0); 9 Feb 2002 19:35:08 -0000 Received: from pd9e39c08.dip.t-dialin.net (HELO starbase) (217.227.156.8) by mail.gmx.net (mp010-rz3) with SMTP; 9 Feb 2002 19:35:08 -0000 Date: Sat, 9 Feb 2002 20:33:14 +0100 From: Christian To: vserver@solucorp.qc.ca Subject: Re: [vserver] RE: Performance, memory, etc Message-Id: <20020209203314.150a9556.chth@gmx.net> In-Reply-To: <20020208220953.7da211c5c377@remtk.solucorp.qc.ca> References: <20020208220953.7da211c5c377@remtk.solucorp.qc.ca> X-Mailer: Sylpheed version 0.7.0 (GTK+ 1.2.10; i386-debian-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 65 On Fri, 8 Feb 2002 22:09:53 -0500 Jacques Gelinas wrote: > Someone post a patch I have to review about this btw. Sorry, I am very > late but I really wanted to fix some security issues first as vservers > are already in production in various places... Yep .. that was me, actually its outdated and i have other priorities. Since it seems in the last posts that people want to use it comercially i would like to say that some financial foundation would increase its priority dramatically (i have no regular income this time). Unless someone else adopts the idea i will do it anyways .. but it might take some time. > One solution to the multiple IP per vserver would be to change the > semantic a bit. Instead of assigning one IP per vserver, we would assign > one network device per vserver. One network interface including all its > IP aliases. So doing a bind(0,0,0.0) would translate to handle every > connection touching the network device. Those who have been in linux for > a long time propably remember the old dummy device, which was used for a > long time as the "IP aliases of the poor" until linux supports normal IP > aliases. Well, with this idea, the dummy devices may become very > popular, again. binding more than one ip is often needed for Proxy-Servers, Backside-Databases, Maintainance-Networks, Intranets which usually reside on another nic and dummy devices are just a workaround like using iptables/NAT currently. I dont think that the 'single-device' is a flexible idea. My idea was that there are two (or maybe more.. but a small static amount) of ip/mask pairs, the first ip is the default ip whcih is used for bind(0.0.0.0) but all other ips which are match the masked ip are bindable too. additionally a nested chbind within a vserver can be used to constrain the ip/ranges further (i didnt tested recently if recursive vservers work .. would be fine either). From vserver.error@solucorp.qc.ca Sat Feb 9 15:56:00 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g19KtxAh007591 for ; Sat, 9 Feb 2002 15:56:00 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g19KYUc28915 for vserver.list; Sat, 9 Feb 2002 15:34:30 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tungsten.btinternet.com (tungsten.btinternet.com [194.73.73.81]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g19KYSR28911 for ; Sat, 9 Feb 2002 15:34:29 -0500 Received: from host213-122-127-145.in-addr.btopenworld.com ([213.122.127.145] helo=john-new) by tungsten.btinternet.com with esmtp (Exim 3.22 #8) id 16ZeCZ-0003Tl-00 for vserver@solucorp.qc.ca; Sat, 09 Feb 2002 20:34:28 +0000 Received: from 213.122.127.145 by john-new ([213.122.127.145] running VPOP3) with SMTP for ; Sat, 9 Feb 2002 20:34:10 -0000 From: "John Lyons" To: Subject: RE: [vserver] shrink wrap it Date: Sat, 9 Feb 2002 20:34:09 -0000 Message-ID: <001a01c1b1a9$213a1ad0$917f7ad5@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) Importance: Normal In-Reply-To: <1013279775.1688.8.camel@amd.vsen.dk> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: A X-Keywords: X-UID: 66 > Do you know, if I can run OpenLDAP, Samba, Apache+php and MySQL on a > vserver? I've got apache, php, Mysql running from both RPM's and source. Can't see a problem with Samba but I've never used OpenLDAP so I can't comment. Regards John Lyons DomainCity http://www.domaincity.co.uk support@domaincity.co.uk ICQ 74187012 *********************************************************************** Please quote your account number in the subject line of all emails. Failure to do so may result in your enquiries taking longer to process. *********************************************************************** From vserver.error@solucorp.qc.ca Sat Feb 9 18:54:39 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g19NsVAh009244 for ; Sat, 9 Feb 2002 18:54:37 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g19NVfB31774 for vserver.list; Sat, 9 Feb 2002 18:31:41 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from alien.vlad.net (alien.vlad.net [208.236.0.236]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g19NVeR31770 for ; Sat, 9 Feb 2002 18:31:40 -0500 Received: from localhost (localhost.localdomain [127.0.0.1]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g19NVeAi008837 for ; Sat, 9 Feb 2002 18:31:41 -0500 Date: Sat, 9 Feb 2002 18:31:40 -0500 (EST) From: Vlad To: vserver@solucorp.qc.ca Subject: RE: [vserver] shrink wrap it In-Reply-To: <001a01c1b1a9$213a1ad0$917f7ad5@johnnew> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 67 lib/util_sock.c:open_socket_in(824) bind failed on port 139 socket_addr=0.0.0.0 (Address already in use) OpenLDAP 2.0.21 works alright. Actually the only thing that has ever failed me inside vserver has been the default bind, but after recompiling that kicked in as well. Samba is a bit tricky, although I think its definately something I broke since it tries to bind to the wrong address... nmbd is a pain. lib/util_sock.c:open_socket_in(824) bind failed on port 139 socket_addr=0.0.0.0 (Address already in use) lib/util_sock.c:open_socket_in(824) bind failed on port 137 socket_addr=xxx.xxx.xxx.xxx (Cannot assign requested address) -Vlad (yes, I know what it says but there is absolutely nothing running on 139, even nmap can't find it) On Sat, 9 Feb 2002, John Lyons wrote: > > I've got apache, php, Mysql running from both RPM's and source. Can't see a > problem with Samba but I've never used OpenLDAP so I can't comment. > From vserver.error@solucorp.qc.ca Sat Feb 9 21:51:54 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1A2prAh010430 for ; Sat, 9 Feb 2002 21:51:53 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1A2BU801892 for vserver.list; Sat, 9 Feb 2002 21:11:30 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.paradigm4.com.au (rucc1.paradigm4.com.au [203.30.104.9]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g1A2BSR01888 for ; Sat, 9 Feb 2002 21:11:29 -0500 Received: (qmail 22052 invoked from network); 10 Feb 2002 02:19:47 -0000 Received: from p47.paradigm4.com.au (HELO mail.DigitalAngel.com.au) (bofh@203.30.104.47) by server.paradigm4.com.au with SMTP; 10 Feb 2002 02:19:47 -0000 Received: (qmail 27093 invoked from network); 10 Feb 2002 02:13:59 -0000 Received: from charley.home (HELO charlie) (10.0.0.4) by stanley.home with SMTP; 10 Feb 2002 02:13:59 -0000 From: edward@paradigm4.com.au Organization: Paradigm4 To: vserver@solucorp.qc.ca Date: Sun, 10 Feb 2002 13:27:59 +1100 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: [vserver] RE: mailing list archives Message-ID: <3C66755F.880.152EA5@localhost> Priority: normal References: <3C648AA4.16984.11E66A8@localhost> In-reply-to: <1013257600.1699.38.camel@amd.vsen.dk> X-mailer: Pegasus Mail for Win32 (v3.12c) Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 68 On Saturday, 9 February 2002 at 13:26, klavs klavsen wrote: > On Fri, 2002-02-08 at 16:34, edward@paradigm4.com.au wrote: > > On Friday, 8 February 2002 at 13:27, klavs klavsen wrote: > > > > > If the mailinglists archive were accessible via web, one might see how > > > much is going on, and what troubles people have. If you want, I'm sure, > > > I could talk to www.sslug.dk (danish LUG), as they have such a system - > > > and they also have news access to mailinglists. > > > > Sounds like a good idea. > glad you liked it. Are the messages from the mailinglist stored in any > way at present? I have no idea. Are they? I'll talk to SSLUG and get the details of their > solution. do you want to start with the web-archives of the mailinglist, > or would you like more features? web accessible/searchable archives would be useful but I'd settle for mail accessible archives too ( something in the lines of ezmlm-idx ) > Can the solution be hosted on the server that hosts the vserver > homepage? If so, who has admin rights to this machine - we'll need to > collaborate with someone, who can actully get to the machine and install You'd have to get solucorp.qc.ca guys to answer this one. I'm on the other end of the globe. I could organize hosting mail archives and/or mailing list on one of our servers down under, but considering that most people on this list live in western/northern hemisphere, it wouldn't be efficient, so something hosted in Europe or US would be more appropriate. Ed From vserver.error@solucorp.qc.ca Sat Feb 9 21:55:21 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1A2tKAh010480 for ; Sat, 9 Feb 2002 21:55:20 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1A2QYT02105 for vserver.list; Sat, 9 Feb 2002 21:26:34 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.paradigm4.com.au (rucc1.paradigm4.com.au [203.30.104.9]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g1A2QXR02101 for ; Sat, 9 Feb 2002 21:26:33 -0500 Received: (qmail 22505 invoked from network); 10 Feb 2002 02:34:59 -0000 Received: from p47.paradigm4.com.au (HELO mail.DigitalAngel.com.au) (bofh@203.30.104.47) by server.paradigm4.com.au with SMTP; 10 Feb 2002 02:34:59 -0000 Received: (qmail 27110 invoked from network); 10 Feb 2002 02:29:13 -0000 Received: from charley.home (HELO charlie) (10.0.0.4) by stanley.home with SMTP; 10 Feb 2002 02:29:13 -0000 From: edward@paradigm4.com.au Organization: Paradigm4 To: vserver@solucorp.qc.ca Date: Sun, 10 Feb 2002 13:43:12 +1100 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: RE: [vserver] shrink wrap it Message-ID: <3C6678F0.20183.231EF4@localhost> Priority: normal References: <002f01c1b176$d180c8e0$b38c7ad5@johnnew> In-reply-to: <1013279775.1688.8.camel@amd.vsen.dk> X-mailer: Pegasus Mail for Win32 (v3.12c) Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: A X-Keywords: X-UID: 69 On Saturday, 9 February 2002 at 19:36, klavs klavsen wrote: > Do you know, if I can run OpenLDAP, Samba, Apache+php and MySQL on a > vserver? LDAP, Apache+PHP and MySQL should be totally transparent. Samba is a bit tricky because of the netbios broadcasts ( nmbd only ). Mind you, you don't _have_ to restrict the IP address of vserver with "chbind", especially if you are only running one of them. Something you have to understand is that vserver is not a rigid "must use every feature" package. There's security contexts, separating processes namespaces so they don't see each other and cannot interact with each other. And there's "chbind" feature which allows you to restrict local ip address for all ipv4 connectivity inside vserver and transparently convert ( functionally) "Listen 0.0.0.0" to "Listen 1.2.3.4" ( if you did chbind --ip 1.2.3.4 ) so you don't have to change config files inside each vserver. hth Ed From vserver.error@solucorp.qc.ca Sat Feb 9 22:15:06 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1A3F5Ah010641 for ; Sat, 9 Feb 2002 22:15:05 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1A2sqa02537 for vserver.list; Sat, 9 Feb 2002 21:54:52 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.paradigm4.com.au (rucc1.paradigm4.com.au [203.30.104.9]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g1A2soR02533 for ; Sat, 9 Feb 2002 21:54:51 -0500 Received: (qmail 23963 invoked from network); 10 Feb 2002 03:03:15 -0000 Received: from p47.paradigm4.com.au (HELO mail.DigitalAngel.com.au) (bofh@203.30.104.47) by server.paradigm4.com.au with SMTP; 10 Feb 2002 03:03:15 -0000 Received: (qmail 27172 invoked from network); 10 Feb 2002 02:57:29 -0000 Received: from charley.home (HELO charlie) (10.0.0.4) by stanley.home with SMTP; 10 Feb 2002 02:57:29 -0000 From: edward@paradigm4.com.au Organization: Paradigm4 To: vserver@solucorp.qc.ca Date: Sun, 10 Feb 2002 14:11:28 +1100 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: RE: [vserver] shrink wrap it Message-ID: <3C667F90.3638.3CFF5E@localhost> Priority: normal References: <3C6545C6.32448.309A45@localhost> In-reply-to: <1013257898.1698.42.camel@amd.vsen.dk> X-mailer: Pegasus Mail for Win32 (v3.12c) Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 70 On Saturday, 9 February 2002 at 13:31, klavs klavsen wrote: > I would very much like to know your purpose for using a product like > vserver, and what makes it the best for you. many purposes, actually: - transparent independant virtual servers with possibly different distros on the same machine; - sandbox environment for running untrusted binaries; - perfect framework for IDS setup ( security+integrity tools running in the root server with no network access and all network services inside their respective vservers ) - use your imagination... Why do I like it so much? - It's simple and elegant; - It's easy to audit ( try auditing selinux sources ); - It is a complete solution, not something that relies on twitching the userland, e.g. creating "pseudo-root admin" like freevsd; - There is no practical performance loss ( compare this with VMware and usermode linux ); - "unify" feature provides a way for very efficient use of memory. Running 100 webservers is not using much more RAM than running 1 webserver because the binaries and libraries are hard linked and only loaded into memory once for all those 100 servers; - it is as stable as the base stock kernel; - it still has many things to be added and I can contribute some of those. As far as I'm concerned, this is the future. I wouldn't run any public accessible network service unless it's under vserver. Ed From vserver.error@solucorp.qc.ca Sun Feb 10 10:58:52 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1AFwqAh010709 for ; Sun, 10 Feb 2002 10:58:52 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1AFbTf17984 for vserver.list; Sun, 10 Feb 2002 10:37:29 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1AFbRR17980 for ; Sun, 10 Feb 2002 10:37:28 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id B95D91000 for ; Sun, 10 Feb 2002 16:37:25 +0100 (CET) Subject: [vserver] chroot breaking From: klavs klavsen To: vserver@solucorp.qc.ca In-Reply-To: <3C66755F.880.152EA5@localhost> References: <3C648AA4.16984.11E66A8@localhost> <3C66755F.880.152EA5@localhost> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-9LNj0bC+kTHUrbm8lkRC" X-Mailer: Evolution/1.0.1 Date: 10 Feb 2002 16:37:25 +0100 Message-Id: <1013355446.1685.14.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 71 --=-9LNj0bC+kTHUrbm8lkRC Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi guys, I have a security question, in regards to vserver. I read this article about chrooting your services http://www.gnujobs.com/Articles/23/chroot.html and if you did so, as I understand it - it would be kind of achieving the same as vserver - from a hackers standpoint - without all the smart benefits.(no disrespect meant). In the comments I saw this article about breaking a chroot. http://www.bpfh.net/simes/computing/chroot-break.html My question is, if anyone know or have tried wether or not the chroot functionality of vserver can be broken like this? or does the kernel changes help ensure, this never happens? This just to know how well I should sleep at night, with vserver installed :-) /Klavs =20 --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-9LNj0bC+kTHUrbm8lkRC Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8ZpO14c1kHlhtW8oRAr6qAJoCpjFGtXNeeq86yq5Ne33cRa/trQCfaSij 08fw1IxPPfVtCTsZfuDCGtk= =bjfS -----END PGP SIGNATURE----- --=-9LNj0bC+kTHUrbm8lkRC-- From vserver.error@solucorp.qc.ca Sun Feb 10 11:12:03 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1AGBxAh010797 for ; Sun, 10 Feb 2002 11:12:02 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1AFqH718219 for vserver.list; Sun, 10 Feb 2002 10:52:17 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1AFqGR18215 for ; Sun, 10 Feb 2002 10:52:16 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id 467691000 for ; Sun, 10 Feb 2002 16:52:15 +0100 (CET) Subject: RE: [vserver] shrink wrap it From: klavs klavsen To: vserver@solucorp.qc.ca In-Reply-To: <3C6678F0.20183.231EF4@localhost> References: <002f01c1b176$d180c8e0$b38c7ad5@johnnew> <3C6678F0.20183.231EF4@localhost> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-3vGNyT+EQBECuHT4+XHW" X-Mailer: Evolution/1.0.1 Date: 10 Feb 2002 16:52:14 +0100 Message-Id: <1013356335.1665.29.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 72 --=-3vGNyT+EQBECuHT4+XHW Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Sun, 2002-02-10 at 03:43, edward@paradigm4.com.au wrote: > On Saturday, 9 February 2002 at 19:36, klavs klavsen wrote: >=20 > > Do you know, if I can run OpenLDAP, Samba, Apache+php and MySQL on a > > vserver? >=20 > LDAP, Apache+PHP and MySQL should be totally transparent. sounds good. >=20 > Samba is a bit tricky because of the netbios broadcasts > ( nmbd only ).=20 Please bear with me.. but why? because listening for broadcast packages requires some speciel ability of some sort?=20 shouldn't it just be covered by listening for packages on port 137 - and then broadcasts to that port should be forwarded to the process also? > Mind you, you don't _have_ to restrict the IP address of vserver with "ch= bind",=20 > especially if you are only running one of them. I have 2 scenario questions: if the server only has One IP, and=20 1) all the services listening on that IP, ran under each vserver - would there be security issues? 2) 1 of the services (ssh for instance) ran on the root-server - would there be security issues? =20 > Something you have to understand is that vserver is not a=20 > rigid "must use every feature" package. luckily. I like to have choices. =20 > There's security contexts, separating processes namespaces so they don't = see > each other and cannot interact with each other. but only if they don't run on the same vserver?=20 Can I run - 2 or more chroot'ed services on 1 vserver? or can vserver it self restrict/chroot each service - kinda like LIDS does? >=20 > And there's "chbind" feature which allows you to restrict local ip addres= s for all ipv4 connectivity > inside vserver and transparently convert ( functionally) "Listen 0.0.0.0"= to "Listen 1.2.3.4" ( if you=20 > did chbind --ip 1.2.3.4 ) so you don't have to change config files inside= each vserver. sounds like a smart way to do it. Am looking forward to actually trying vserver.=20 I hope I can help with the progress of vserver.=20 If there were a Todo list, with status of each bullit - one could get a quick idea of weather or not ones expertice could help the project in any way.=20 btw. can or will vserver be implemented in the standard kernel source tree? that would expand it's knowledge and usage to a much broader user-base and just like it did for ReiserFS help the project gain developers and bug-hunters. Are there any reasons why vserver should not be a part of the standard kernel source? I don't know so much about this, only know what I can read from LWN and such. =20 --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-3vGNyT+EQBECuHT4+XHW Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8Zpcu4c1kHlhtW8oRAjPdAKCj1xioWR09iHIGTIPbVpNBbRrhpACgmf9g 2mU68r0wFAtiVpcW9mUwUpQ= =EVh1 -----END PGP SIGNATURE----- --=-3vGNyT+EQBECuHT4+XHW-- From vserver.error@solucorp.qc.ca Sun Feb 10 12:53:49 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1AHrnAh011413 for ; Sun, 10 Feb 2002 12:53:49 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1AHZeV20039 for vserver.list; Sun, 10 Feb 2002 12:35:40 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tux.rsn.bth.se (tux.rsn.bth.se [194.47.143.135]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1AHZdR20035 for ; Sun, 10 Feb 2002 12:35:39 -0500 Received: from localhost (gandalf@localhost [127.0.0.1]) by tux.rsn.bth.se (8.12.1/8.12.1/Debian -5) with ESMTP id g1AHZQpb004617 for ; Sun, 10 Feb 2002 18:35:26 +0100 Date: Sun, 10 Feb 2002 18:35:26 +0100 (CET) From: Martin Josefsson X-Sender: gandalf@tux.rsn.bth.se To: vserver@solucorp.qc.ca Subject: Re: [vserver] chroot breaking In-Reply-To: <1013355446.1685.14.camel@amd.vsen.dk> Message-ID: X-message-flag: Get yourself a real mail client! http://www.washington.edu/pine/ MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 73 On 10 Feb 2002, klavs klavsen wrote: > Hi guys, > > I have a security question, in regards to vserver. > > I read this article about chrooting your services > http://www.gnujobs.com/Articles/23/chroot.html > and if you did so, as I understand it - it would be kind of achieving > the same as vserver - from a hackers standpoint - without all the smart > benefits.(no disrespect meant). > > In the comments I saw this article about breaking a chroot. > http://www.bpfh.net/simes/computing/chroot-break.html > > My question is, if anyone know or have tried wether or not the chroot > functionality of vserver can be broken like this? or does the kernel > changes help ensure, this never happens? > > This just to know how well I should sleep at night, with vserver > installed :-) The new stuff in the ctx-7 patch fixes all chroot breakouts that I know of. the way described in http://www.bpfh.net/simes/computing/chroot-break.html is plugged. What I'm talking about is breaking out of a vserver, that should be fixed in ctx-7. But if you have a new chroot in a vserver that chroot could be broken out of but the attacker would still not be able to get out of the vserver. chroot() is unsafe by nature. but if you can limit the directoryaccess as done in vfs_permission in the ctx-6 and 7 patches then you can limit them from getting out, but this can currently only be done in one stage. So a second chroot in a vserver is quite insecure. /Martin Never argue with an idiot. They drag you down to their level, then beat you with experience. From vserver.error@solucorp.qc.ca Sun Feb 10 14:38:16 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1AJcFAh012455 for ; Sun, 10 Feb 2002 14:38:15 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1AJNOC22009 for vserver.list; Sun, 10 Feb 2002 14:23:24 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from gadolinium.btinternet.com (gadolinium.btinternet.com [194.73.73.111]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1AJNNR22005 for ; Sun, 10 Feb 2002 14:23:24 -0500 Received: from host213-122-118-182.in-addr.btopenworld.com ([213.122.118.182] helo=john-new) by gadolinium.btinternet.com with esmtp (Exim 3.22 #8) id 16ZzZH-0002G4-00 for vserver@solucorp.qc.ca; Sun, 10 Feb 2002 19:23:20 +0000 Received: from 127.0.0.1 by john-new ([127.0.0.1] running VPOP3) with SMTP for ; Sun, 10 Feb 2002 19:23:03 -0000 From: "John Lyons" To: Subject: RE: [vserver] shrink wrap it Date: Sun, 10 Feb 2002 19:22:56 -0000 Message-ID: <000301c1b268$5bd03840$42847ad5@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) Importance: Normal In-Reply-To: <1013356335.1665.29.camel@amd.vsen.dk> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 74 > if the server only has One IP, and > > 1) all the services listening on that IP, ran under each > vserver - would there be security issues? I'm not sure if I understand this question correctly. But I think you're suggesting running multiple vservers under the same IP address? If so this isn't possible. From my understanding of the system each vserver needs it's own unique IP address. > Can I run - 2 or more chroot'ed services on 1 vserver? or can > vserver it self restrict/chroot each service - kinda like LIDS does? If you need to run 2 or 3 chrooted services just run each service in it's own vserver rather than trying to subdivide a vserver down into smaller chunks. (Fine of course unless your customer has a vserver and wants to run a service in a chroot environment) Regards John Lyons DomainCity http://www.domaincity.co.uk support@domaincity.co.uk ICQ 74187012 *********************************************************************** Please quote your account number in the subject line of all emails. Failure to do so may result in your enquiries taking longer to process. *********************************************************************** From vserver.error@solucorp.qc.ca Sun Feb 10 16:37:48 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1ALblAh013352 for ; Sun, 10 Feb 2002 16:37:48 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1ALLjD24059 for vserver.list; Sun, 10 Feb 2002 16:21:45 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from priv-edtnes15-hme0.telusplanet.net (defout.telus.net [199.185.220.240]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1ALLjR24055 for ; Sun, 10 Feb 2002 16:21:45 -0500 Received: from iris ([142.179.16.5]) by priv-edtnes15-hme0.telusplanet.net (InterMail vM.5.01.04.01 201-253-122-122-101-20011014) with SMTP id <20020210212139.LVC25967.priv-edtnes15-hme0.telusplanet.net@iris> for ; Sun, 10 Feb 2002 14:21:39 -0700 Message-ID: <041301c1b278$acd0a8a0$8201a8c0@iris> From: "Andy Kwong" To: Subject: [vserver] Vserver and /var/run Date: Sun, 10 Feb 2002 13:19:50 -0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0410_01C1B235.9E62CB10" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 75 This is a multi-part message in MIME format. ------=_NextPart_000_0410_01C1B235.9E62CB10 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable On line 80 in /usr/sbin/vserver it is - rm -fr var/run/* Shouldn't it be - rm -f var/run/*.pid This is because it is removing /var/run/named/ and other directories = that some programs need to write their pid files to. ------=_NextPart_000_0410_01C1B235.9E62CB10 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
On line 80 in /usr/sbin/vserver it is=20 -
 
          &nbs= p;    =20 rm -fr var/run/*
 
Shouldn't it be -
 
          &nbs= p;    =20 rm -f var/run/*.pid
 
This is because it is removing = /var/run/named/ and=20 other directories that some programs need to write their pid files=20 to.
------=_NextPart_000_0410_01C1B235.9E62CB10-- From vserver.error@solucorp.qc.ca Mon Feb 11 05:38:35 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1BAcYAh019881 for ; Mon, 11 Feb 2002 05:38:35 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1BAG2E04761 for vserver.list; Mon, 11 Feb 2002 05:16:02 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1BAG1R04757 for ; Mon, 11 Feb 2002 05:16:02 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id DAFC31000 for ; Mon, 11 Feb 2002 11:16:00 +0100 (CET) Subject: Re: [vserver] chroot breaking From: klavs klavsen To: vserver@solucorp.qc.ca In-Reply-To: References: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-3HSm6sYBs1bGwUYcZCty" X-Mailer: Evolution/1.0.2 Date: 11 Feb 2002 11:16:00 +0100 Message-Id: <1013422561.2830.2.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 76 --=-3HSm6sYBs1bGwUYcZCty Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Sun, 2002-02-10 at 18:35, Martin Josefsson wrote: > > My question is, if anyone know or have tried wether or not the chroot > > functionality of vserver can be broken like this? or does the kernel > > changes help ensure, this never happens? > >=20 > > This just to know how well I should sleep at night, with vserver > > installed :-) >=20 > The new stuff in the ctx-7 patch fixes all chroot breakouts that I know > of. the way described in > http://www.bpfh.net/simes/computing/chroot-break.html is plugged. ctx-7? isn't the latest release ctx-6? you mean that it will be fixed once ctx-7 hits the street? >=20 > What I'm talking about is breaking out of a vserver, that should be fixed > in ctx-7. But if you have a new chroot in a vserver that chroot could be > broken out of but the attacker would still not be able to get out of the > vserver. ok. Thanks. looking forward to getting a secure vserver. > /Martin >=20 > Never argue with an idiot. They drag you down to their level, then beat y= ou with experience. I love that quote :-) =20 --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-3HSm6sYBs1bGwUYcZCty Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8Z5ng4c1kHlhtW8oRAhnQAKCS3WpPbyqruj0AcYqOq6+d0KEbBgCfXp6s mB8n4ktoz/iOqYzlCaXi0mg= =A0UH -----END PGP SIGNATURE----- --=-3HSm6sYBs1bGwUYcZCty-- From vserver.error@solucorp.qc.ca Mon Feb 11 05:49:21 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1BAnKAh019948 for ; Mon, 11 Feb 2002 05:49:21 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1BASMe05203 for vserver.list; Mon, 11 Feb 2002 05:28:22 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1BASKR05199 for ; Mon, 11 Feb 2002 05:28:21 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id F32241000 for ; Mon, 11 Feb 2002 11:28:13 +0100 (CET) Subject: Re: [vserver] chroot breaking From: klavs klavsen To: vserver@solucorp.qc.ca In-Reply-To: References: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-8qfjQvHLwbvHHw/6N3Hb" X-Mailer: Evolution/1.0.2 Date: 11 Feb 2002 11:28:13 +0100 Message-Id: <1013423294.2834.4.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 77 --=-8qfjQvHLwbvHHw/6N3Hb Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Sun, 2002-02-10 at 18:35, Martin Josefsson wrote: >=20 > The new stuff in the ctx-7 patch fixes all chroot breakouts that I know > of. the way described in > http://www.bpfh.net/simes/computing/chroot-break.html is plugged. >=20 I missed that even though only ctx-6 was mentioned under the news, there ac= tually was a ctx-7 patch in the ftp-directory.=20 --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-8qfjQvHLwbvHHw/6N3Hb Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8Z5y94c1kHlhtW8oRAhzRAJ9aJzoUy/m4dYi3uoJwb132rxJ/uwCglH30 EtjzMwDfzuhs0rGEb71l4gQ= =TFe2 -----END PGP SIGNATURE----- --=-8qfjQvHLwbvHHw/6N3Hb-- From vserver.error@solucorp.qc.ca Mon Feb 11 12:42:15 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1BHgDAh022781 for ; Mon, 11 Feb 2002 12:42:14 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1BH87Q13790 for vserver.list; Mon, 11 Feb 2002 12:08:07 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from n010095.nbs.netland.nl (fw-office.netland.nl [217.170.32.40]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1BH86R13783 for ; Mon, 11 Feb 2002 12:08:06 -0500 Received: from office.netland.nl (ts.office.netland.nl [192.168.170.55]) by n010095.nbs.netland.nl (8.11.0/8.11.0) with ESMTP id g1BH86G08193 for ; Mon, 11 Feb 2002 18:08:06 +0100 Message-ID: <3C67FA76.6000208@office.netland.nl> Date: Mon, 11 Feb 2002 18:08:06 +0100 From: Ron Arts Organization: Netland Internet Services BV User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.6) Gecko/20011120 X-Accept-Language: nl, en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] Vserver and /var/run References: <041301c1b278$acd0a8a0$8201a8c0@iris> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 78 Right!! So that's probably what was killing my /var/run/mysqld directory! I did not look into it thoroughly yet, glad you beat me to it ;-) thanks Andy. Ron Andy Kwong wrote: > On line 80 in /usr/sbin/vserver it is - > > > > rm -fr var/run/* > > > > Shouldn't it be - > > > > rm -f var/run/*.pid > > > > This is because it is removing /var/run/named/ and other directories > that some programs need to write their pid files to. > -- Netland Internet Services bedrijfsmatige internetoplossingen http://www.netland.nl Kruislaan 419 1098 VA Amsterdam info: 020-5628282 servicedesk: 020-5628280 fax: 020-5628281 From vserver.error@solucorp.qc.ca Mon Feb 11 13:11:02 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1BIB2Ah023019 for ; Mon, 11 Feb 2002 13:11:02 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1BHtFS15055 for vserver.list; Mon, 11 Feb 2002 12:55:15 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tincan.org ([216.64.180.202]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1BHtFR15047 for ; Mon, 11 Feb 2002 12:55:15 -0500 Received: from localhost (raanders@localhost) by tincan.org (8.9.3/8.8.7) with ESMTP id KAA02918 for ; Mon, 11 Feb 2002 10:17:35 -0800 Date: Mon, 11 Feb 2002 10:17:35 -0800 (PST) From: "Roderick A. Anderson" To: vserver@solucorp.qc.ca Subject: Re: [vserver] Vserver and /var/run In-Reply-To: <041301c1b278$acd0a8a0$8201a8c0@iris> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 79 On Sun, 10 Feb 2002, Andy Kwong wrote: > On line 80 in /usr/sbin/vserver it is - > > rm -fr var/run/* > > Shouldn't it be - > > rm -f var/run/*.pid > > This is because it is removing /var/run/named/ and other directories > that some programs need to write their pid files to. Interesting. Could it be working because it comes after most of the other services - or at least in runlevel 3. My Redhat Linux 7.1ish system only has v_sshd, linuxconf-setup, and local after vserver for kills. Rod -- Let Accuracy Triumph Over Victory Zetetic Institute "David's Sling" Marc Stiegler From vserver.error@solucorp.qc.ca Mon Feb 11 13:20:35 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1BIKYAh023104 for ; Mon, 11 Feb 2002 13:20:35 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1BHwl915091 for vserver.list; Mon, 11 Feb 2002 12:58:47 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from aquarius.diginode.net (aquarius.diginode.net [216.13.250.50]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g1BHwkR15087 for ; Mon, 11 Feb 2002 12:58:46 -0500 Received: (qmail 20727 invoked from network); 11 Feb 2002 17:55:33 -0000 Received: from zerowing.pop-star.net (208.181.22.52) by aquarius.diginode.net with SMTP; 11 Feb 2002 17:55:33 -0000 Subject: Re: [vserver] Vserver and /var/run From: Andy Kwong To: vserver@solucorp.qc.ca In-Reply-To: <3C67FA76.6000208@office.netland.nl> References: <041301c1b278$acd0a8a0$8201a8c0@iris> <3C67FA76.6000208@office.netland.nl> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Evolution/1.0.2 Date: 11 Feb 2002 09:59:57 -0800 Message-Id: <1013450397.19534.14.camel@zerowing.pop-star.net> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 80 And on line 208 as well. On Mon, 2002-02-11 at 09:08, Ron Arts wrote: > Right!! So that's probably what was killing my /var/run/mysqld > directory! I did not look into it thoroughly yet, glad you > beat me to it ;-) > > thanks Andy. > > Ron > > Andy Kwong wrote: > > > On line 80 in /usr/sbin/vserver it is - > > > > > > > > rm -fr var/run/* > > > > > > > > Shouldn't it be - > > > > > > > > rm -f var/run/*.pid > > > > > > > > This is because it is removing /var/run/named/ and other directories > > that some programs need to write their pid files to. > > > > > -- > Netland Internet Services > bedrijfsmatige internetoplossingen > > http://www.netland.nl Kruislaan 419 1098 VA Amsterdam > info: 020-5628282 servicedesk: 020-5628280 fax: 020-5628281 > From vserver.error@solucorp.qc.ca Mon Feb 11 15:38:27 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1BKcNAh024350 for ; Mon, 11 Feb 2002 15:38:25 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1BKK1118846 for vserver.list; Mon, 11 Feb 2002 15:20:01 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tincan.org ([216.64.180.202]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1BKK1R18842 for ; Mon, 11 Feb 2002 15:20:01 -0500 Received: from localhost (raanders@localhost) by tincan.org (8.9.3/8.8.7) with ESMTP id MAA06342 for ; Mon, 11 Feb 2002 12:42:20 -0800 Date: Mon, 11 Feb 2002 12:42:20 -0800 (PST) From: "Roderick A. Anderson" To: vserver@solucorp.qc.ca Subject: Re: [vserver] Vserver and /var/run In-Reply-To: <3C67FA76.6000208@office.netland.nl> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 81 On Mon, 11 Feb 2002, Ron Arts wrote: > Right!! So that's probably what was killing my /var/run/mysqld > directory! Now my previous response sounds really silly. I was thinking of taking the system up and down not taking vserver up and down ... Rod -- Let Accuracy Triumph Over Victory Zetetic Institute "David's Sling" Marc Stiegler From vserver.error@solucorp.qc.ca Tue Feb 12 03:22:36 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1C8MZAh030336 for ; Tue, 12 Feb 2002 03:22:35 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1C82fZ30197 for vserver.list; Tue, 12 Feb 2002 03:02:41 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from nninfo2.comm.it ([213.92.77.67]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1C82eR30193 for ; Tue, 12 Feb 2002 03:02:40 -0500 Received: from MICROXP ([62.110.198.130]) by nninfo2.comm.it (8.9.3/8.9.3) with SMTP id JAA03542 for ; Tue, 12 Feb 2002 09:03:46 +0100 From: "Dave" To: Subject: RE: [vserver] vserver vs. freevsd Date: Tue, 12 Feb 2002 09:01:46 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <025801c1b096$98f5c0b0$0100a8c0@johnnew> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 82 > (Sorry I have a strange imagination!) Sure you do :-) > Will this be Opensource? > Sounds interesting :-) I will be for as much as possible. I'm not sure about the fancy features as I'm developing them from scratch, but the functionality will be there (i.e. distributed physical and virtual server control). Dave. From vserver.error@solucorp.qc.ca Tue Feb 12 06:58:01 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1CBw0Ah000448 for ; Tue, 12 Feb 2002 06:58:01 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1CBWft01170 for vserver.list; Tue, 12 Feb 2002 06:32:41 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from n010095.nbs.netland.nl (fw-office.netland.nl [217.170.32.40]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1CBWeR01166 for ; Tue, 12 Feb 2002 06:32:40 -0500 Received: from office.netland.nl (ts.office.netland.nl [192.168.170.55]) by n010095.nbs.netland.nl (8.11.0/8.11.0) with ESMTP id g1CBWdG25504 for ; Tue, 12 Feb 2002 12:32:39 +0100 Message-ID: <3C68FD57.4040706@office.netland.nl> Date: Tue, 12 Feb 2002 12:32:39 +0100 From: Ron Arts Organization: Netland Internet Services BV User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.6) Gecko/20011120 X-Accept-Language: nl, en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] Vserver and /var/run References: <041301c1b278$acd0a8a0$8201a8c0@iris> <3C67FA76.6000208@office.netland.nl> <1013450397.19534.14.camel@zerowing.pop-star.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 83 By the way, I replaced both instances with find /var/run/ -name \*.pid -exec rm -f {} \; Also changed `sleep 2` into `sleep 5` when stopping vservers. 2 seconds weas not enough for my MySQL setup. Ron Andy Kwong wrote: > And on line 208 as well. > > On Mon, 2002-02-11 at 09:08, Ron Arts wrote: > >>Right!! So that's probably what was killing my /var/run/mysqld >>directory! I did not look into it thoroughly yet, glad you >>beat me to it ;-) >> >>thanks Andy. >> >>Ron >> >>Andy Kwong wrote: >> >> >>>On line 80 in /usr/sbin/vserver it is - >>> >>> >>> >>> rm -fr var/run/* >>> >>> >>> >>>Shouldn't it be - >>> >>> >>> >>> rm -f var/run/*.pid >>> >>> >>> >>>This is because it is removing /var/run/named/ and other directories >>>that some programs need to write their pid files to. >>> >>> >> >>-- >>Netland Internet Services >>bedrijfsmatige internetoplossingen >> >>http://www.netland.nl Kruislaan 419 1098 VA Amsterdam >>info: 020-5628282 servicedesk: 020-5628280 fax: 020-5628281 >> >> > -- Netland Internet Services bedrijfsmatige internetoplossingen http://www.netland.nl Kruislaan 419 1098 VA Amsterdam info: 020-5628282 servicedesk: 020-5628280 fax: 020-5628281 From vserver.error@solucorp.qc.ca Tue Feb 12 13:08:28 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1CI8RAh003458 for ; Tue, 12 Feb 2002 13:08:27 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1CHnxr08865 for vserver.list; Tue, 12 Feb 2002 12:49:59 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from aquarius.diginode.net (aquarius.diginode.net [216.13.250.50]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g1CHnwR08858 for ; Tue, 12 Feb 2002 12:49:58 -0500 Received: (qmail 10281 invoked from network); 12 Feb 2002 17:47:13 -0000 Received: from zerowing.pop-star.net (208.181.22.52) by aquarius.diginode.net with SMTP; 12 Feb 2002 17:47:13 -0000 Subject: Re: [vserver] Vserver and /var/run From: Andy Kwong To: vserver@solucorp.qc.ca In-Reply-To: <3C68FD57.4040706@office.netland.nl> References: <041301c1b278$acd0a8a0$8201a8c0@iris> <3C67FA76.6000208@office.netland.nl> <1013450397.19534.14.camel@zerowing.pop-star.net> <3C68FD57.4040706@office.netland.nl> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Evolution/1.0.2 Date: 12 Feb 2002 09:51:15 -0800 Message-Id: <1013536278.20982.2.camel@zerowing.pop-star.net> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 84 Yes, that makes good sense. On Tue, 2002-02-12 at 03:32, Ron Arts wrote: > By the way, I replaced both instances with > > find /var/run/ -name \*.pid -exec rm -f {} \; > > Also changed `sleep 2` into `sleep 5` when stopping > vservers. 2 seconds weas not enough for my MySQL setup. > > Ron > > Andy Kwong wrote: > > > And on line 208 as well. > > > > On Mon, 2002-02-11 at 09:08, Ron Arts wrote: > > > >>Right!! So that's probably what was killing my /var/run/mysqld > >>directory! I did not look into it thoroughly yet, glad you > >>beat me to it ;-) > >> > >>thanks Andy. > >> > >>Ron > >> > >>Andy Kwong wrote: > >> > >> > >>>On line 80 in /usr/sbin/vserver it is - > >>> > >>> > >>> > >>> rm -fr var/run/* > >>> > >>> > >>> > >>>Shouldn't it be - > >>> > >>> > >>> > >>> rm -f var/run/*.pid > >>> > >>> > >>> > >>>This is because it is removing /var/run/named/ and other directories > >>>that some programs need to write their pid files to. > >>> > >>> > >> > >>-- > >>Netland Internet Services > >>bedrijfsmatige internetoplossingen > >> > >>http://www.netland.nl Kruislaan 419 1098 VA Amsterdam > >>info: 020-5628282 servicedesk: 020-5628280 fax: 020-5628281 > >> > >> > > > > > -- > Netland Internet Services > bedrijfsmatige internetoplossingen > > http://www.netland.nl Kruislaan 419 1098 VA Amsterdam > info: 020-5628282 servicedesk: 020-5628280 fax: 020-5628281 > From vserver.error@solucorp.qc.ca Wed Feb 13 07:24:36 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1DCOZAh016049 for ; Wed, 13 Feb 2002 07:24:36 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1DBxef27274 for vserver.list; Wed, 13 Feb 2002 06:59:40 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1DBxdR27270 for ; Wed, 13 Feb 2002 06:59:39 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id C1B3A1000 for ; Wed, 13 Feb 2002 12:59:32 +0100 (CET) Subject: [vserver] vserver mailinglist available via web From: klavs klavsen To: vserver@solucorp.qc.ca Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-oDwzSbIjxH4xj3pNP/xE" X-Mailer: Evolution/1.0.2 Date: 13 Feb 2002 12:59:31 +0100 Message-Id: <1013601573.1694.21.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: A X-Keywords: X-UID: 85 --=-oDwzSbIjxH4xj3pNP/xE Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi guys, As I mentioned, I was hoping the vserver crew/site would like the email postings on the mailinglist to be available via the web. Some of the advantages of this, would be 1) users could search the archives for answers (google indexes them), before posting. 2) it would be appearent to people what's going on in the list(s)..I like openness, hope you do too. Openness also might inspire people to help? ..=20 well, I checked out my local LUG (www.sslug.dk - 6000+ members) and their mailinglist archives they convert to html via: http://www.oac.uci.edu/indiv/ehood/mhonarc.html Is this something you want? or should I just drop the idea? --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-oDwzSbIjxH4xj3pNP/xE Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8alUj4c1kHlhtW8oRAqDSAJ9trqr75zFg1HGEg9FZchEOu9sggACgm9Ki 5ya0jZZ5ANmis61dJ0tn9sI= =4Hn6 -----END PGP SIGNATURE----- --=-oDwzSbIjxH4xj3pNP/xE-- From vserver.error@solucorp.qc.ca Wed Feb 13 08:31:49 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1DDVmAh016500 for ; Wed, 13 Feb 2002 08:31:48 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1DD4Ob28296 for vserver.list; Wed, 13 Feb 2002 08:04:24 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tux.rsn.bth.se (tux.rsn.bth.se [194.47.143.135]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1DD4NR28292 for ; Wed, 13 Feb 2002 08:04:24 -0500 Received: from localhost (gandalf@localhost [127.0.0.1]) by tux.rsn.bth.se (8.12.1/8.12.1/Debian -5) with ESMTP id g1DD47iW008605 for ; Wed, 13 Feb 2002 14:04:07 +0100 Date: Wed, 13 Feb 2002 14:04:07 +0100 (CET) From: Martin Josefsson X-Sender: gandalf@tux.rsn.bth.se To: vserver@solucorp.qc.ca Subject: [vserver] Possible to see all ipaddresses off all interfaces in a vserver Message-ID: X-message-flag: Get yourself a real mail client! http://www.washington.edu/pine/ MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 86 Hi, I noticed that it's possible to see all ipaddresses on all interfaces in an vserver when it should only be possible to see the ipv4root address. ifconfig works as it should but ip from the iproute2 package uses netlink IIRC and there I can see all addresses of all interfaces. I'll see if I can take a look at it later this evening. /Martin Never argue with an idiot. They drag you down to their level, then beat you with experience. From vserver.error@solucorp.qc.ca Wed Feb 13 09:50:00 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1DEo0Ah017153 for ; Wed, 13 Feb 2002 09:50:00 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1DEKo829524 for vserver.list; Wed, 13 Feb 2002 09:20:50 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tincan.org ([216.64.180.202]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1DEKnR29520 for ; Wed, 13 Feb 2002 09:20:49 -0500 Received: from localhost (raanders@localhost) by tincan.org (8.9.3/8.8.7) with ESMTP id GAA21727 for ; Wed, 13 Feb 2002 06:20:48 -0800 Date: Wed, 13 Feb 2002 06:20:48 -0800 (PST) From: "Roderick A. Anderson" To: vserver@solucorp.qc.ca Subject: Re: [vserver] Possible to see all ipaddresses off all interfaces in a vserver In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 87 On Wed, 13 Feb 2002, Martin Josefsson wrote: > Hi, > > I noticed that it's possible to see all ipaddresses on all interfaces in > an vserver when it should only be possible to see the ipv4root address. Seems to me the lastest kernel and package make this so. Here is the results of ifconfig in a virtaul server eth0 Link encap:Ethernet HWaddr 00:80:AD:71:22:2C UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:701060 errors:0 dropped:0 overruns:0 frame:0 TX packets:48393 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:76531350 (72.9 Mb) TX bytes:7184647 (6.8 Mb) Interrupt:11 Base address:0xe800 eth0:vs1 Link encap:Ethernet HWaddr 00:80:AD:71:22:2C inet addr:216.64.180.227 Bcast:216.64.180.255 Mask:255.255.255.255 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Base address:0xe800 lo Link encap:Local Loopback UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:877 errors:0 dropped:0 overruns:0 frame:0 TX packets:877 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:75810 (74.0 Kb) TX bytes:75810 (74.0 Kb) > ifconfig works as it should but ip from the iproute2 package uses netlink > IIRC and there I can see all addresses of all interfaces. OOPS! Is the above relavant? Regards, Rod -- Let Accuracy Triumph Over Victory Zetetic Institute "David's Sling" Marc Stiegler From vserver.error@solucorp.qc.ca Wed Feb 13 10:34:57 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1DFYtAh017518 for ; Wed, 13 Feb 2002 10:34:56 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1DFMM731915 for vserver.list; Wed, 13 Feb 2002 10:22:22 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1DFMMR31911 for ; Wed, 13 Feb 2002 10:22:22 -0500 Received: from remtk.solucorp.qc.ca (g36-97.citenet.net [206.123.36.97]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g1DFO0651741 for ; Wed, 13 Feb 2002 10:24:03 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g1D62A702721 for vserver@solucorp.qc.ca; Wed, 13 Feb 2002 01:02:10 -0500 From: Jacques Gelinas Date: Wed, 13 Feb 2002 01:02:10 -0500 To: vserver@solucorp.qc.ca Subject: RE: [vserver] shrink wrap it X-mailer: tlmpmail 0.1 Message-ID: <20020213010210.2c01ebd43fd6@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 88 On Sat, 9 Feb 2002 19:36:10 -0500, klavs klavsen wrote > > Do you know, if I can run OpenLDAP, Samba, Apache+php and MySQL on a > vserver? OpenLDAP. apache+php, and MySQL work with vanilla configuration. There is something with Samba. I have not yet figure it out. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Wed Feb 13 12:10:53 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1DHAqAh018499 for ; Wed, 13 Feb 2002 12:10:53 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1DGj7u01139 for vserver.list; Wed, 13 Feb 2002 11:45:07 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1DGj7R01135 for ; Wed, 13 Feb 2002 11:45:07 -0500 Received: from remtk.solucorp.qc.ca (g36-120.citenet.net [206.123.36.120]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g1DGkt663554 for ; Wed, 13 Feb 2002 11:46:55 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g1DGaYU05431 for vserver@solucorp.qc.ca; Wed, 13 Feb 2002 11:36:34 -0500 From: Jacques Gelinas Date: Wed, 13 Feb 2002 11:36:34 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] vserver mailinglist available via web X-mailer: tlmpmail 0.1 Message-ID: <20020213113634.dea999265b06@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 89 On Wed, 13 Feb 2002 12:59:31 -0500, klavs klavsen wrote > Hi guys, > > As I mentioned, I was hoping the vserver crew/site would like the email > postings on the mailinglist to be available via the web. We are now working on it (with klavs). Since I kept a copy of the list since day one, this will make an interesting read for new comers. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Wed Feb 13 12:52:50 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1DHqoAh019154 for ; Wed, 13 Feb 2002 12:52:50 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1DHU1C02150 for vserver.list; Wed, 13 Feb 2002 12:30:01 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tux.rsn.bth.se (tux.rsn.bth.se [194.47.143.135]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1DHU0R02119 for ; Wed, 13 Feb 2002 12:30:00 -0500 Received: from localhost (gandalf@localhost [127.0.0.1]) by tux.rsn.bth.se (8.12.1/8.12.1/Debian -5) with ESMTP id g1DHTqiW009740 for ; Wed, 13 Feb 2002 18:29:52 +0100 Date: Wed, 13 Feb 2002 18:29:52 +0100 (CET) From: Martin Josefsson X-Sender: gandalf@tux.rsn.bth.se To: vserver@solucorp.qc.ca Subject: Re: [vserver] Possible to see all ipaddresses off all interfaces in a vserver In-Reply-To: Message-ID: X-message-flag: Get yourself a real mail client! http://www.washington.edu/pine/ MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 90 On Wed, 13 Feb 2002, Roderick A. Anderson wrote: > Here is the results of ifconfig in a virtaul server > > eth0 Link encap:Ethernet HWaddr 00:80:AD:71:22:2C > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:701060 errors:0 dropped:0 overruns:0 frame:0 > TX packets:48393 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:100 > RX bytes:76531350 (72.9 Mb) TX bytes:7184647 (6.8 Mb) > Interrupt:11 Base address:0xe800 > > eth0:vs1 Link encap:Ethernet HWaddr 00:80:AD:71:22:2C > inet addr:216.64.180.227 Bcast:216.64.180.255 Mask:255.255.255.255 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > Interrupt:11 Base address:0xe800 > > lo Link encap:Local Loopback > UP LOOPBACK RUNNING MTU:16436 Metric:1 > RX packets:877 errors:0 dropped:0 overruns:0 frame:0 > TX packets:877 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:75810 (74.0 Kb) TX bytes:75810 (74.0 Kb) > > > > ifconfig works as it should but ip from the iproute2 package uses netlink > > IIRC and there I can see all addresses of all interfaces. > > > OOPS! Is the above relavant? It shows that it works for the ifconfig case :) ifconfig and iproute2 doesn't use the same method of communication with the kernel. /Martin Never argue with an idiot. They drag you down to their level, then beat you with experience. From vserver.error@solucorp.qc.ca Wed Feb 13 13:58:38 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1DIwbAh019999; Wed, 13 Feb 2002 13:58:37 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1DIWin04821 for vserver.list; Wed, 13 Feb 2002 13:32:44 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from hotmail.com (f101.pav1.hotmail.com [64.4.31.101]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1DIWhR04817 for ; Wed, 13 Feb 2002 13:32:44 -0500 Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 13 Feb 2002 10:32:42 -0800 Received: from 66.120.42.35 by pv1fd.pav1.hotmail.msn.com with HTTP; Wed, 13 Feb 2002 18:32:38 GMT X-Originating-IP: [66.120.42.35] From: "Carl Leonard" To: vserver@solucorp.qc.ca Subject: re: [vserver] vserver mailinglist available via web Date: Wed, 13 Feb 2002 10:32:38 -0800 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 13 Feb 2002 18:32:42.0927 (UTC) FILETIME=[D2F5F3F0:01C1B4BC] Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: A X-Keywords: X-UID: 91 Could we take a few steps to try and protect the email addresses of the list members? Just about every publically accessible web page will eventually get hit by the spammers running thier web bot address suckers. I get enough spam as it is. Here is my suggestion for how to block virtually all of them. Make a front page that states that there is a password to get in. Put the username and password on the page. It could just be vservers and vservers. The bots pass on all password protected pages. -----Original Message----- From: Jacques Gelinas [mailto:jack@solucorp.qc.ca] Sent: Wednesday, February 13, 2002 8:37 AM To: vserver@solucorp.qc.ca Subject: re: [vserver] vserver mailinglist available via web On Wed, 13 Feb 2002 12:59:31 -0500, klavs klavsen wrote >Hi guys, > >As I mentioned, I was hoping the vserver crew/site would like the email >postings on the mailinglist to be available via the web. We are now working on it (with klavs). Since I kept a copy of the list since day one, this will make an interesting read for new comers. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc _________________________________________________________________ Join the world’s largest e-mail service with MSN Hotmail. http://www.hotmail.com From vserver.error@solucorp.qc.ca Wed Feb 13 14:35:40 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1DJZdAh020399; Wed, 13 Feb 2002 14:35:39 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1DJA0I05608 for vserver.list; Wed, 13 Feb 2002 14:10:00 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1DJA0R05594 for ; Wed, 13 Feb 2002 14:10:00 -0500 Received: from remtk.solucorp.qc.ca (g39-193.citenet.net [206.123.39.193]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g1DJBn677359 for ; Wed, 13 Feb 2002 14:11:49 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g1DJ9ju01020 for vserver@solucorp.qc.ca; Wed, 13 Feb 2002 14:09:45 -0500 From: Jacques Gelinas Date: Wed, 13 Feb 2002 14:09:45 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] Possible to see all ipaddresses off all interfaces in a vserver X-mailer: tlmpmail 0.1 Message-ID: <20020213140945.2598770b5128@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 92 On Wed, 13 Feb 2002 14:04:07 -0500, Martin Josefsson wrote > Hi, > > I noticed that it's possible to see all ipaddresses on all interfaces in > an vserver when it should only be possible to see the ipv4root address. > > ifconfig works as it should but ip from the iproute2 package uses netlink > IIRC and there I can see all addresses of all interfaces. Here is a fix, relative to 2.4.17ctx-7. You still see the list of device, but only the IP address of your ipv4root. *** net/ipv4/devinet.bak Thu Jan 31 14:37:27 2002 --- net/ipv4/devinet.c Wed Feb 13 13:33:31 2002 *************** *** 918,923 **** --- 918,926 ---- read_lock(&in_dev->lock); for (ifa = in_dev->ifa_list, ip_idx = 0; ifa; ifa = ifa->ifa_next, ip_idx++) { + if (current->s_context != 0 + && current->ipv4root != 0 + && current->ipv4root != ifa->ifa_local) continue; if (ip_idx < s_ip_idx) continue; if (inet_fill_ifaddr(skb, ifa, NETLINK_CB(cb->skb).pid, --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Wed Feb 13 15:58:58 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1DKwvAh021223; Wed, 13 Feb 2002 15:58:58 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1DKX3w07185 for vserver.list; Wed, 13 Feb 2002 15:33:03 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from alien.vlad.net (alien.vlad.net [208.236.0.236]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1DKX3R07181 for ; Wed, 13 Feb 2002 15:33:03 -0500 Received: from localhost (localhost.localdomain [127.0.0.1]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1DKX2Ai020890 for ; Wed, 13 Feb 2002 15:33:03 -0500 Date: Wed, 13 Feb 2002 15:33:02 -0500 (EST) From: Vlad To: vserver@solucorp.qc.ca Subject: re: [vserver] vserver mailinglist available via web In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 93 Sure, I'll do that. But thats not going to stop people from harvesting email addresses. :) -Vlad On Wed, 13 Feb 2002, Carl Leonard wrote: > Could we take a few steps to try and protect the email addresses > of the list members? Just about every publically accessible web > page will eventually get hit by the spammers running thier web bot > address suckers. I get enough spam as it is. > > Here is my suggestion for how to block virtually all of them. > Make a front page that states that there is a password to get > in. Put the username and password on the page. It could just > be vservers and vservers. The bots pass on all password protected > pages. > > > > -----Original Message----- > From: Jacques Gelinas [mailto:jack@solucorp.qc.ca] > Sent: Wednesday, February 13, 2002 8:37 AM > To: vserver@solucorp.qc.ca > Subject: re: [vserver] vserver mailinglist available via web > > > On Wed, 13 Feb 2002 12:59:31 -0500, klavs klavsen wrote > >Hi guys, > > > >As I mentioned, I was hoping the vserver crew/site would like the email > >postings on the mailinglist to be available via the web. > > We are now working on it (with klavs). Since I kept a copy of the list > since day one, this will make an interesting read for new comers. > > --------------------------------------------------------- > Jacques Gelinas > vserver: run general purpose virtual servers on one box, full speed! > http://www.solucorp.qc.ca/miscprj/s_context.hc > > > _________________________________________________________________ > Join the world’s largest e-mail service with MSN Hotmail. > http://www.hotmail.com > From vserver.error@solucorp.qc.ca Wed Feb 13 16:40:54 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1DLeqAh021640; Wed, 13 Feb 2002 16:40:53 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1DLO2X08272 for vserver.list; Wed, 13 Feb 2002 16:24:02 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.thedeacon.org (thedeacon.org [64.71.202.149]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1DLO1R08268 for ; Wed, 13 Feb 2002 16:24:01 -0500 Received: from thedeacon.org (cyrix-m3.thedeacon.org [172.23.172.133]) by mail.thedeacon.org (Postfix) with SMTP id F3D91241CD for ; Wed, 13 Feb 2002 14:23:54 -0700 (MST) Received: from 204.118.209.253 (SquirrelMail authenticated user deacon) by webmail.thedeacon.org with HTTP; Wed, 13 Feb 2002 14:26:25 -0700 (MST) Message-ID: <3436.204.118.209.253.1013635585.squirrel@webmail.thedeacon.org> Date: Wed, 13 Feb 2002 14:26:25 -0700 (MST) Subject: [vserver] Patches against 2.4.18-ac and XFS? From: "Paul Kreiner" To: X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal X-Mailer: SquirrelMail (version 1.2.3 [cvs]) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 94 Hi all, Just a query - I've been maintaining my own patches to keep vserver in sync with -ac kernels ('cause I like their stability better than the vanilla tree) and also running on XFS-patched kernels. For instance, I've currently got patches against 2.4.17-xfs, 2.4.18-pre9- ac2, and 2.4.18-pre9-ac2-xfs. Note that I don't use vunify, so I doubt that XFS would work with it out-of-the-box, but the rest of the vserver functionality is there. Would this be something useful to anyone else on the list? Cheers, _Paul K. From vserver.error@solucorp.qc.ca Wed Feb 13 16:56:29 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1DLuSAh021775; Wed, 13 Feb 2002 16:56:28 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1DLaIu08569 for vserver.list; Wed, 13 Feb 2002 16:36:18 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from aquarius.diginode.net (aquarius.diginode.net [216.13.250.50]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g1DLaHR08565 for ; Wed, 13 Feb 2002 16:36:17 -0500 Received: (qmail 26935 invoked from network); 13 Feb 2002 21:33:26 -0000 Received: from zerowing.pop-star.net (208.181.22.52) by aquarius.diginode.net with SMTP; 13 Feb 2002 21:33:26 -0000 Subject: Re: [vserver] Patches against 2.4.18-ac and XFS? From: Andy Kwong To: vserver@solucorp.qc.ca In-Reply-To: <3436.204.118.209.253.1013635585.squirrel@webmail.thedeacon.org> References: <3436.204.118.209.253.1013635585.squirrel@webmail.thedeacon.org> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Evolution/1.0.2 Date: 13 Feb 2002 13:37:31 -0800 Message-Id: <1013636251.21359.35.camel@zerowing.pop-star.net> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 95 Hi Paul, Thanks for your merging work. It should be useful for some of us that are testing out vserver functionality. I am having problems with 2.4.17-ctx7 and mounting and umounting ext3 fs on loop devices (it hard locks), which the newer kernels might help. Do you have a address where it can be downloaded? Thanks. On Wed, 2002-02-13 at 13:26, Paul Kreiner wrote: > Hi all, > > Just a query - I've been maintaining my own patches to keep vserver in sync > with -ac kernels ('cause I like their stability better than the vanilla > tree) and also running on XFS-patched kernels. > > For instance, I've currently got patches against 2.4.17-xfs, 2.4.18-pre9- > ac2, and 2.4.18-pre9-ac2-xfs. Note that I don't use vunify, so I doubt > that XFS would work with it out-of-the-box, but the rest of the vserver > functionality is there. > > Would this be something useful to anyone else on the list? > > Cheers, > > _Paul K. > > From vserver.error@solucorp.qc.ca Wed Feb 13 19:18:24 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1E0IMAh023119; Wed, 13 Feb 2002 19:18:23 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1DNh2B11172 for vserver.list; Wed, 13 Feb 2002 18:43:02 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.thedeacon.org (thedeacon.org [64.71.202.149]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1DNh1R11168 for ; Wed, 13 Feb 2002 18:43:01 -0500 Received: from thedeacon.org (cyrix-m3.thedeacon.org [172.23.172.133]) by mail.thedeacon.org (Postfix) with SMTP id 38155241CD; Wed, 13 Feb 2002 16:43:00 -0700 (MST) Received: from 204.118.209.253 (SquirrelMail authenticated user deacon) by webmail.thedeacon.org with HTTP; Wed, 13 Feb 2002 16:45:30 -0700 (MST) Message-ID: <3710.204.118.209.253.1013643930.squirrel@webmail.thedeacon.org> Date: Wed, 13 Feb 2002 16:45:30 -0700 (MST) Subject: Re: [vserver] Patches against 2.4.18-ac and XFS? From: "Paul Kreiner" To: In-Reply-To: <1013636251.21359.35.camel@zerowing.pop-star.net> References: <1013636251.21359.35.camel@zerowing.pop-star.net> X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal Cc: X-Mailer: SquirrelMail (version 1.2.3 [cvs]) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 96 Andy, Browse to thedeacon.org/vserver. Currently just my 2.4.18-pre9-ac2 patch is up, but I'll add my XFS patches when I get a chance to build & test them. _Paul K. Andy Kwong writes: > Thanks for your merging work. It should be useful for some of us that > are testing out vserver functionality. I am having problems with > 2.4.17-ctx7 and mounting and umounting ext3 fs on loop devices (it hard > locks), which the newer kernels might help. Do you have a address where > it can be downloaded? > > Thanks. From vserver.error@solucorp.qc.ca Wed Feb 13 22:30:35 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1E3UYAh024932; Wed, 13 Feb 2002 22:30:35 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1E3ATw14434 for vserver.list; Wed, 13 Feb 2002 22:10:29 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1E3ATR14430 for ; Wed, 13 Feb 2002 22:10:29 -0500 Received: from remtk.solucorp.qc.ca (g39-32.citenet.net [206.123.39.32]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g1E3CL619627 for ; Wed, 13 Feb 2002 22:12:22 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g1E1bVe04540 for vserver@solucorp.qc.ca; Wed, 13 Feb 2002 20:37:31 -0500 From: Jacques Gelinas Date: Wed, 13 Feb 2002 20:37:31 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] Patches against 2.4.18-ac and XFS? X-mailer: tlmpmail 0.1 Message-ID: <20020213203731.a39125587e48@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 97 On Wed, 13 Feb 2002 14:26:25 -0500, Paul Kreiner wrote > Hi all, > > Just a query - I've been maintaining my own patches to keep vserver in sync > with -ac kernels ('cause I like their stability better than the vanilla > tree) and also running on XFS-patched kernels. > > For instance, I've currently got patches against 2.4.17-xfs, 2.4.18-pre9- > ac2, and 2.4.18-pre9-ac2-xfs. Note that I don't use vunify, so I doubt > that XFS would work with it out-of-the-box, but the rest of the vserver > functionality is there. xfs supports extended attributes, so I guess very little must be added to support immutable-linkage-invert. > Would this be something useful to anyone else on the list? I think so. Send me the URL and I will put it in the FAQ. I will release ctx-8 and vserver-0.11 this week. It comes with a little helper for such projects: The system call numbers are extracted from the running kernel. Those utilities (chbind, chcontext and friends) used the current system call number (226 and 227) by default, but can probe the kernel to find out the current value of those syscall. To make it short, the utility now works with older ctx kernel and with newer, even if the system call number have changed. No need to recompile the utilities. This should help until the vserver concept make its way in the standard kernel. Note also that ftp.solucorp.qc.ca/pub/vserver/patches always contains relative patches (ctx-6 to ctx-7 and so on), so you should be able to track the change very easily. Thanks! --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Thu Feb 14 03:47:10 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1E8l9Ah027105; Thu, 14 Feb 2002 03:47:09 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1E8RIb19181 for vserver.list; Thu, 14 Feb 2002 03:27:18 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1E8RIR19177 for ; Thu, 14 Feb 2002 03:27:18 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id CC88C1000 for ; Thu, 14 Feb 2002 09:27:16 +0100 (CET) Subject: re: [vserver] vserver mailinglist available via web From: klavs klavsen To: vserver@solucorp.qc.ca In-Reply-To: References: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-x3NsR3BDEyyJ1UmpUzYr" X-Mailer: Evolution/1.0.2 Date: 14 Feb 2002 09:27:14 +0100 Message-Id: <1013675236.1696.2.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: A X-Keywords: X-UID: 98 --=-x3NsR3BDEyyJ1UmpUzYr Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi Carl,=20 On Wed, 2002-02-13 at 19:32, Carl Leonard wrote: > Could we take a few steps to try and protect the email addresses > of the list members? Just about every publically accessible web > page will eventually get hit by the spammers running thier web bot > address suckers. I get enough spam as it is. well, at sslug.dk they just add the domain sslug.dk to the email address. I've been a member there for a long time, and have not received spam mail. >=20 > Here is my suggestion for how to block virtually all of them. > Make a front page that states that there is a password to get > in. Put the username and password on the page. It could just > be vservers and vservers. The bots pass on all password protected > pages. well, for extra security that's a good idea, but it does have the drawback, that google no longer will index the archive - so vserver has to maintain their own search engine. with google, you just enter the words and add the site:www.sslug.dk - voila. easier for everyone. =20 --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-x3NsR3BDEyyJ1UmpUzYr Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8a3Ti4c1kHlhtW8oRAoqGAKCznhEjz8Kb47ZgtI5oY3yDlOajRQCffS6/ pdZgKFowBrbYmv2KrZVCkR4= =jv8y -----END PGP SIGNATURE----- --=-x3NsR3BDEyyJ1UmpUzYr-- From vserver.error@solucorp.qc.ca Thu Feb 14 08:46:52 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1EDkpAh001547; Thu, 14 Feb 2002 08:46:52 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1EDPng24183 for vserver.list; Thu, 14 Feb 2002 08:25:49 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1EDPlR24179 for ; Thu, 14 Feb 2002 08:25:48 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id 9F45F1000 for ; Thu, 14 Feb 2002 14:25:41 +0100 (CET) Subject: [vserver] many services - 1 IP. From: klavs klavsen To: Vserver Mailinglist Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-iYD8Ap+2RSZ79BWIC+52" X-Mailer: Evolution/1.0.2 Date: 14 Feb 2002 14:25:40 +0100 Message-Id: <1013693141.1695.20.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: A X-Keywords: X-UID: 99 --=-iYD8Ap+2RSZ79BWIC+52 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi guys, I need to install and maintain 6 kind of servers. 1, with samba and openldap, 1 with Postfix, courier-imap, OpenLdap and Apache and so forth. what i wanted to do, is to have them all installed on 1 physical machine, under each vserver. I was thinking, that it would be a good idea to chroot each service on each server, so that a vulnerability in one, doesn't put the other services on that machine in danger. Unfortunately chroot is not safe (see earlier mail on this list).=20 I've read the docs on the site, but it's not really clear to me if can do this, and how this compares to doing the same with chroot (except for the fact that chroot is not safe and vserver is :-) My questions therefore are these: Can I "chroot" each service on each vserver - without having to create a new vserver (with a new IP) for each service?=20 In the case of postfix and courier-imap can two "chroot" jails share the same files (the maildir)? A final question, if I install ssh on each vserver - and the services are chrooted - will the ssh-users still be able to configure them? - they would with a normal chroot, so that shouldn't be a problem? --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-iYD8Ap+2RSZ79BWIC+52 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8a7rU4c1kHlhtW8oRAnZOAJ9wmUdCwy8D3s0x643qdEgrGAPNLACeIdYV UAzHIs1tkCrc7jobM7WHc+g= =H6tq -----END PGP SIGNATURE----- --=-iYD8Ap+2RSZ79BWIC+52-- From vserver.error@solucorp.qc.ca Thu Feb 14 09:12:06 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1EEC5Ah001817; Thu, 14 Feb 2002 09:12:05 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1EDoAN24629 for vserver.list; Thu, 14 Feb 2002 08:50:10 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1EDo9R24625 for ; Thu, 14 Feb 2002 08:50:09 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id 87D911000 for ; Thu, 14 Feb 2002 14:50:08 +0100 (CET) Subject: [vserver] Re: many services - 1 IP. From: klavs klavsen To: Vserver Mailinglist In-Reply-To: <1013693141.1695.20.camel@amd.vsen.dk> References: <1013693141.1695.20.camel@amd.vsen.dk> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-HbNidnhWoH962TVskQjl" X-Mailer: Evolution/1.0.2 Date: 14 Feb 2002 14:50:08 +0100 Message-Id: <1013694608.1696.33.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 100 --=-HbNidnhWoH962TVskQjl Content-Type: text/plain Content-Transfer-Encoding: quoted-printable I saw on the preliminary mailinglist archive, that lsm.immunix.org has been discussed as a addon to the vserver kernel.patch.=20 I couldn't find the lsm mentioned on www.immunix.org, only stackguard, subdomain and such. I was wondering what your ideas is with this, if any? SubDomain for instance, could perhaps solve the issue of secure chroot within vserver? if vserver doesn not already support it somehow. wonder how SubDomain handles file-sharing between two apps - like the maildirs in my example. Thank you, for your already greatly appreciated input. I was thinking of taking my questions, and adding them to the FAQ or writing my own.. to give people with the curiosity like me, some more answers to their questions.. this would also help show exactly what usage the vserver patch enables. The mailinglist archive will be a great help. On Thu, 2002-02-14 at 14:25, klavs klavsen wrote: > Hi guys, >=20 > I need to install and maintain 6 kind of servers. >=20 > 1, with samba and openldap, 1 with Postfix, courier-imap, OpenLdap and > Apache and so forth. >=20 > what i wanted to do, is to have them all installed on 1 physical > machine, under each vserver. >=20 > I was thinking, that it would be a good idea to chroot each service on > each server, so that a vulnerability in one, doesn't put the other > services on that machine in danger. Unfortunately chroot is not safe > (see earlier mail on this list).=20 >=20 > I've read the docs on the site, but it's not really clear to me if can > do this, and how this compares to doing the same with chroot (except for > the fact that chroot is not safe and vserver is :-) >=20 > My questions therefore are these: >=20 > Can I "chroot" each service on each vserver - without having to create a > new vserver (with a new IP) for each service?=20 >=20 > In the case of postfix and courier-imap can two "chroot" jails share the > same files (the maildir)? >=20 > A final question, if I install ssh on each vserver - and the services > are chrooted - will the ssh-users still be able to configure them? - > they would with a normal chroot, so that shouldn't be a problem? >=20 > --=20 > Regards, > Klavs Klavsen >=20 > -------------| This mail has been sent to you by: |------------ > Klavs Klavsen - OpenSource Consultant=20 > kl@vsen.dk - http://www.vsen.dk >=20 > Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 > Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA > --------------------[ I believe that... ]----------------------- > It is a myth that people resist change. People resist what other > people make them do, not what they themselves choose to do... > That's why companies that innovate successfully year after year > seek their peopl's ideas, let them initiate new projects and > encourage more experiments. -- Rosabeth Moss Kanter >=20 --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-HbNidnhWoH962TVskQjl Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8a8CQ4c1kHlhtW8oRAtCOAKCdFRjurwIk5MjuHkqIQphKij6nZACgoqjV 8/x5O7WT379C4xDV/Uylfkg= =C3AG -----END PGP SIGNATURE----- --=-HbNidnhWoH962TVskQjl-- From vserver.error@solucorp.qc.ca Thu Feb 14 09:51:45 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1EEpiAh002187; Thu, 14 Feb 2002 09:51:44 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1EENBq25240 for vserver.list; Thu, 14 Feb 2002 09:23:11 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tungsten.btinternet.com (tungsten.btinternet.com [194.73.73.81]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1EENAR25236 for ; Thu, 14 Feb 2002 09:23:10 -0500 Received: from host213-122-196-218.in-addr.btopenworld.com ([213.122.196.218] helo=john-new) by tungsten.btinternet.com with esmtp (Exim 3.22 #8) id 16bMmu-0001ey-00 for vserver@solucorp.qc.ca; Thu, 14 Feb 2002 14:23:04 +0000 Received: from 192.168.0.1 by john-new ([192.168.0.1] running VPOP3) with SMTP for ; Thu, 14 Feb 2002 14:22:46 -0000 From: "John Lyons" To: Subject: [vserver] apache rpm install Date: Thu, 14 Feb 2002 14:22:44 -0000 Message-ID: <006101c1b563$12ab71e0$0100a8c0@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <1013694608.1696.33.camel@amd.vsen.dk> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 101 I'm trying to put together a number of vservers to run apache, php and mysql. Easy normally, but I'm making things hard for myself :-) I could install these from source on each vs but that wastes disk and memory as each apache would have it's own separate binary and future upgrades would be a 'by hand' process on each vs. Also I don't think I can unify from a source install as there's no rpm file list to be queried. I could install from rpms but that would remove the flexibility to compile apache and php with the goodies that we all like to add :-) My guess was that I could get a src.rpm package, modify it to compile in the features that I need, create a compiled rpm package that I can then install on each vs using the vs tools which will then be capable of being unified. Am I on the right lines here and would anyone care to point me in the direction of a guide to a DIY src.rpm build. I've compiled packages from source and installed rpm's but building an rpm is new ground for me and googles not coming up with the goods :-( Regards John Lyons DomainCity http://www.domaincity.co.uk support@domaincity.co.uk ICQ 74187012 *********************************************************************** Please quote your account number in the subject line of all emails. Failure to do so may result in your enquiries taking longer to process. *********************************************************************** From vserver.error@solucorp.qc.ca Thu Feb 14 10:38:08 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1EFc7Ah002627; Thu, 14 Feb 2002 10:38:08 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1EF6sX25996 for vserver.list; Thu, 14 Feb 2002 10:06:54 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from alien.vlad.net (alien.vlad.net [208.236.0.236]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1EF6sR25992 for ; Thu, 14 Feb 2002 10:06:54 -0500 Received: from localhost (localhost.localdomain [127.0.0.1]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1EF6sAi002368 for ; Thu, 14 Feb 2002 10:06:54 -0500 Date: Thu, 14 Feb 2002 10:06:54 -0500 (EST) From: Vlad To: Vserver Mailinglist Subject: Re: [vserver] many services - 1 IP. In-Reply-To: <1013693141.1695.20.camel@amd.vsen.dk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 102 I think thats the basis for chroot - it binds the new context to an ip address... otherwise you might as well just set up a generic chroot for each service.. What you can try and do is create your vservers in private address space (192.168, 10.0.) and then do port forwards from the 1 real ip address.. -Vlad On 14 Feb 2002, klavs klavsen wrote: > Hi guys, > > I need to install and maintain 6 kind of servers. > > 1, with samba and openldap, 1 with Postfix, courier-imap, OpenLdap and > Apache and so forth. > > what i wanted to do, is to have them all installed on 1 physical > machine, under each vserver. > > I was thinking, that it would be a good idea to chroot each service on > each server, so that a vulnerability in one, doesn't put the other > services on that machine in danger. Unfortunately chroot is not safe > (see earlier mail on this list). > > I've read the docs on the site, but it's not really clear to me if can > do this, and how this compares to doing the same with chroot (except for > the fact that chroot is not safe and vserver is :-) > > My questions therefore are these: > > Can I "chroot" each service on each vserver - without having to create a > new vserver (with a new IP) for each service? > > In the case of postfix and courier-imap can two "chroot" jails share the > same files (the maildir)? > > A final question, if I install ssh on each vserver - and the services > are chrooted - will the ssh-users still be able to configure them? - > they would with a normal chroot, so that shouldn't be a problem? > > From vserver.error@solucorp.qc.ca Thu Feb 14 14:41:51 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1EJfoAh012664; Thu, 14 Feb 2002 14:41:50 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1EJNsq31620 for vserver.list; Thu, 14 Feb 2002 14:23:54 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from noc.easyspace.net (noc.easyspace.net [62.254.202.67]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1EJNsR31616 for ; Thu, 14 Feb 2002 14:23:54 -0500 Received: from hoffman.vilain.net (gw1.noc.easyspace.net [62.254.202.66]) by noc.easyspace.net (8.11.0/8.11.0) with ESMTP id g1EJ3LQ26306 for ; Thu, 14 Feb 2002 19:03:21 GMT Received: from hoffman.vilain.net ([127.0.0.1] helo=hoffman ident=sam) by hoffman.vilain.net with smtp (Exim 3.33 #1 (Debian)) id 16bRTx-000721-00 for ; Thu, 14 Feb 2002 19:23:49 +0000 Date: Thu, 14 Feb 2002 19:23:48 +0000 From: Sam Vilain To: vserver@solucorp.qc.ca Subject: Re: [vserver] RE: Performance, memory, etc In-Reply-To: <02d601c1af69$13fa1d30$b5a401d5@home4v9eek8u3l> References: <02d601c1af69$13fa1d30$b5a401d5@home4v9eek8u3l> X-Mailer: Sylpheed version 0.7.0 (GTK+ 1.2.10; i386-debian-linux-gnu) X-Face: NErb*2NY4\th?$s.!!]_9le_WtWE'b4;dk<5ot)OW2hErS|tE6~D3errlO^fVil?{qe4Lp_m\&Ja!;>%JqlMPd27X|;b!GH'O.,NhF*)e\ln4W}kFL5c`5t'9,(~Bm_&on,0Ze"D>rFJ$Y[U""nR Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 103 On Wed, 6 Feb 2002 23:50:37 -0000 "John Lyons" wrote: > I didn't think that anyone was doing virtual hosting based on IP's > anymore? We're using name based virtual hosting ie 1 ip to multiple > domains. Can't see a lot of need for 1 ip per domain? You need it for SSL. One hostname per certificate per IP; the certificate, which is passed before any HTTP/1.1 host information is exchanged, contains the host name. Browser response when the two don't match varies from spitting up a nasty looking warning page to refusing to load the site. Sam. From vserver.error@solucorp.qc.ca Fri Feb 15 03:56:10 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1F8u9Ah019860; Fri, 15 Feb 2002 03:56:09 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1F8SrL12796 for vserver.list; Fri, 15 Feb 2002 03:28:53 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1F8SrR12792 for ; Fri, 15 Feb 2002 03:28:53 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id 6A6A51000 for ; Fri, 15 Feb 2002 09:28:53 +0100 (CET) Subject: Re: [vserver] many services - 1 IP. From: klavs klavsen To: Vserver Mailinglist In-Reply-To: References: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-L73po2vmM3ahNTExyvq1" X-Mailer: Evolution/1.0.2 Date: 15 Feb 2002 09:28:53 +0100 Message-Id: <1013761733.1733.13.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: A X-Keywords: X-UID: 104 --=-L73po2vmM3ahNTExyvq1 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi Vlad, On Thu, 2002-02-14 at 16:06, Vlad wrote: > I think thats the basis for chroot - it binds the new context to an ip=20 > address... otherwise you might as well just set up a generic chroot for=20 > each service..=20 damn. you sure? I'm not so sure. bastille-linux chroots your bind service for instance, and it doesn't change the config or the IP it runs on. and Shouldn't you be able to bind a specific chroot jail to a specific port/IP instead of a specific Unique IP? (the last is just plain dumb if you have many services). =20 > What you can try and do is create your vservers in private address space=20 > (192.168, 10.0.) and then do port forwards from the 1 real ip address.. =20 that's a work around.. but I would be very sorry to have to do that, as it adds complexity to my firewall script.. If it doesn't need to be there.. Remove it :-) > On 14 Feb 2002, klavs klavsen wrote: >=20 > > Hi guys, > >=20 > > I need to install and maintain 6 kind of servers. > >=20 > > 1, with samba and openldap, 1 with Postfix, courier-imap, OpenLdap and > > Apache and so forth. > >=20 > > what i wanted to do, is to have them all installed on 1 physical > > machine, under each vserver. > >=20 > > I was thinking, that it would be a good idea to chroot each service on > > each server, so that a vulnerability in one, doesn't put the other > > services on that machine in danger. Unfortunately chroot is not safe > > (see earlier mail on this list).=20 > >=20 > > I've read the docs on the site, but it's not really clear to me if can > > do this, and how this compares to doing the same with chroot (except fo= r > > the fact that chroot is not safe and vserver is :-) > >=20 > > My questions therefore are these: > >=20 > > Can I "chroot" each service on each vserver - without having to create = a > > new vserver (with a new IP) for each service?=20 > >=20 > > In the case of postfix and courier-imap can two "chroot" jails share th= e > > same files (the maildir)? > >=20 > > A final question, if I install ssh on each vserver - and the services > > are chrooted - will the ssh-users still be able to configure them? - > > they would with a normal chroot, so that shouldn't be a problem? > >=20 > >=20 >=20 --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-L73po2vmM3ahNTExyvq1 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8bMbF4c1kHlhtW8oRAtoKAKCk9Lxd/y3IrbKXc18iGKNtasHrrwCfbnAc PMf2ggTMQJs95+469ocR/7U= =CVzJ -----END PGP SIGNATURE----- --=-L73po2vmM3ahNTExyvq1-- From vserver.error@solucorp.qc.ca Fri Feb 15 04:03:08 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1F937Ah021078; Fri, 15 Feb 2002 04:03:07 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1F8PPs12767 for vserver.list; Fri, 15 Feb 2002 03:25:25 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1F8POR12760 for ; Fri, 15 Feb 2002 03:25:24 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id F1F7B1000 for ; Fri, 15 Feb 2002 09:25:20 +0100 (CET) Subject: Re: [vserver] apache rpm install From: klavs klavsen To: Vserver Mailinglist In-Reply-To: <006101c1b563$12ab71e0$0100a8c0@johnnew> References: <006101c1b563$12ab71e0$0100a8c0@johnnew> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-Bkf1DqPywY1FxPK0iArh" X-Mailer: Evolution/1.0.2 Date: 15 Feb 2002 09:25:20 +0100 Message-Id: <1013761521.1733.9.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 105 --=-Bkf1DqPywY1FxPK0iArh Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi John, On Thu, 2002-02-14 at 15:22, John Lyons wrote: >=20 > I'm trying to put together a number of vservers to run apache, php and > mysql. Easy normally, but I'm making things hard for myself :-) Don't we all. > I could install from rpms but that would remove the flexibility to compil= e > apache and php with the goodies that we all like to add :-) yup. =20 > My guess was that I could get a src.rpm package, modify it to compile in = the > features that I need, create a compiled rpm package that I can then insta= ll > on each vs using the vs tools which will then be capable of being unified= . what I would do, is get a src.rpm - pick out the .spec file.. with rpm2cpio apache.src.rpm | cpio -t (find the exact path of the apache.spec and run rpm2cpio apache.src.rpm | cpio -ivd ./patch/to/apache.spec modify it to suit your needs.. build it. I usually call my apache packages for apache-KTK-version (this way my upgrade scripts won't think that my apache packages is the one that is in a newer version on some update-mirror site..=20 > Am I on the right lines here and would anyone care to point me in the > direction of a guide to a DIY src.rpm build. I've compiled packages from > source and installed rpm's but building an rpm is new ground for me and > googles not coming up with the goods :-( you can just build a src.rpm by: rpm --rebuild apache.src.rpm (I think you can only change Compiler options, don't know if you can change -configure options - without disassembling the package and packing it again.. :-) --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-Bkf1DqPywY1FxPK0iArh Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8bMXw4c1kHlhtW8oRAimEAJ9IGfIcnCPluRAT+H/2dtdSB+/gVQCglqNS gRfg7jR+HUGQB92CJyXt7eg= =D6EM -----END PGP SIGNATURE----- --=-Bkf1DqPywY1FxPK0iArh-- From vserver.error@solucorp.qc.ca Fri Feb 15 06:13:22 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1FBDLAh021953; Fri, 15 Feb 2002 06:13:22 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1FAww915311 for vserver.list; Fri, 15 Feb 2002 05:58:58 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from noc.easyspace.net (noc.easyspace.net [62.254.202.67]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1FAwvR15307 for ; Fri, 15 Feb 2002 05:58:57 -0500 Received: from hoffman.vilain.net (gw1.noc.easyspace.net [62.254.202.66]) by noc.easyspace.net (8.11.0/8.11.0) with ESMTP id g1FAcOQ01610 for ; Fri, 15 Feb 2002 10:38:24 GMT Received: from hoffman.vilain.net ([127.0.0.1] helo=hoffman ident=sam) by hoffman.vilain.net with smtp (Exim 3.33 #1 (Debian)) id 16bg4t-0007wX-00 for ; Fri, 15 Feb 2002 10:58:55 +0000 Date: Fri, 15 Feb 2002 10:58:55 +0000 From: Sam Vilain To: vserver@solucorp.qc.ca Subject: Re: [vserver] RE: Performance, memory, etc In-Reply-To: <20020208220953.7da211c5c377@remtk.solucorp.qc.ca> References: <20020208220953.7da211c5c377@remtk.solucorp.qc.ca> X-Mailer: Sylpheed version 0.7.0 (GTK+ 1.2.10; i386-debian-linux-gnu) X-Face: NErb*2NY4\th?$s.!!]_9le_WtWE'b4;dk<5ot)OW2hErS|tE6~D3errlO^fVil?{qe4Lp_m\&Ja!;>%JqlMPd27X|;b!GH'O.,NhF*)e\ln4W}kFL5c`5t'9,(~Bm_&on,0Ze"D>rFJ$Y[U""nR Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: A X-Keywords: X-UID: 106 Jacques Gelinas wrote: > This is true. One solution would be to have one private loopback per > vserver. (127.0.0.N) and translate dynamically from 127.0.0.1 to the > vserver one. [...] > The current ipv4root of the vserver is mapping a bind(0.0.0.0), to a > bind(ip-of-the-vserver). After this little modification in the kernel, > the rest of the kernel simply work as usual. Just a thought, perhaps changing any call to bind(127.0.0.0/8) to bind(ip_root) would be a nice quick hack; --- net/ipv4/af_inet.c Fri Feb 15 10:33:10 2002 +++ net/ipv4/af_inet.c.orig Fri Feb 15 10:31:16 2002 @@ -489,7 +489,7 @@ s_addr = addr->sin_addr.s_addr; if (current->ipv4root != 0){ // printk ("ipv4root0 %08lx %08x\n",current->ipv4root,s_addr); - if (s_addr == 0 || (s_addr>>24 & 0xFF) == 127 ){ + if (s_addr == 0){ s_addr = current->ipv4root; }else if (s_addr != current->ipv4root){ return -EADDRNOTAVAIL; Is this breaking network sanity too much? :-) Sam. From vserver.error@solucorp.qc.ca Fri Feb 15 08:27:18 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1FDRHAh022890; Fri, 15 Feb 2002 08:27:17 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1FD9N817677 for vserver.list; Fri, 15 Feb 2002 08:09:23 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from priv-edtnes11-hme0.telusplanet.net (fepout3.telus.net [199.185.220.238]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1FD9NR17673 for ; Fri, 15 Feb 2002 08:09:23 -0500 Received: from iris ([142.179.16.5]) by priv-edtnes11-hme0.telusplanet.net (InterMail vM.5.01.04.01 201-253-122-122-101-20011014) with SMTP id <20020210212504.PIMW3650.priv-edtnes11-hme0.telusplanet.net@iris> for ; Sun, 10 Feb 2002 14:25:04 -0700 Message-ID: <042301c1b279$26787520$8201a8c0@iris> From: "Andy Kwong" To: Subject: [vserver] Re: Vserver and /var/run Date: Sun, 10 Feb 2002 13:23:14 -0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0420_01C1B236.17F9A7A0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 107 This is a multi-part message in MIME format. ------=_NextPart_000_0420_01C1B236.17F9A7A0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable And on line 208 as well. ----- Original Message -----=20 From: Andy Kwong=20 To: vserver@solucorp.qc.ca=20 Sent: Sunday, February 10, 2002 1:19 PM Subject: Vserver and /var/run On line 80 in /usr/sbin/vserver it is - rm -fr var/run/* Shouldn't it be - rm -f var/run/*.pid This is because it is removing /var/run/named/ and other directories = that some programs need to write their pid files to. ------=_NextPart_000_0420_01C1B236.17F9A7A0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
And on line 208 as well.
----- Original Message -----
From:=20 Andy=20 Kwong
Sent: Sunday, February 10, 2002 = 1:19=20 PM
Subject: Vserver and = /var/run

On line 80 in /usr/sbin/vserver it is = -
 
          &nbs= p;    =20 rm -fr var/run/*
 
Shouldn't it be -
 
          &nbs= p;    =20 rm -f var/run/*.pid
 
This is because it is removing = /var/run/named/=20 and other directories that some programs need to write their pid files = to.
------=_NextPart_000_0420_01C1B236.17F9A7A0-- From vserver.error@solucorp.qc.ca Fri Feb 15 08:49:04 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1FDn3Ah023047; Fri, 15 Feb 2002 08:49:03 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1FDXqr18221 for vserver.list; Fri, 15 Feb 2002 08:33:52 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1FDXqR18217 for ; Fri, 15 Feb 2002 08:33:52 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id C53071000 for ; Fri, 15 Feb 2002 14:33:41 +0100 (CET) Subject: Re: [vserver] many services - 1 IP. From: klavs klavsen To: Vserver Mailinglist In-Reply-To: References: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-FwhIK+3Y3f9LVGrT6wJR" X-Mailer: Evolution/1.0.2 Date: 15 Feb 2002 14:33:41 +0100 Message-Id: <1013780021.1731.48.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 108 --=-FwhIK+3Y3f9LVGrT6wJR Content-Type: multipart/mixed; boundary="=-e+oBEx9OYf7Ys0oDg3ru" --=-e+oBEx9OYf7Ys0oDg3ru Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Fri, 2002-02-15 at 14:06, Vlad wrote: >=20 > That was bad wording on my part; I was talking about basis for vserver,=20 > not chroot. You are right, you can chroot bind easilly=20 > (http://www.linux.org/docs/ldp/howto/Chroot-BIND8-HOWTO.html) but that=20 > requires hacking the source a bit. ok.=20 =20 > The reason it works for bastille is because they chroot bind, they=20 > don't create a separate server for it. So in order to allow someone to=20 > administer the service you have to give them an account on the root=20 > server.. and there is no way to use that to run multiple name servers on=20 > the same machine, just makes sure that if your bind gets hacked they don'= t=20 > get rootshell.=20 Yup. And that's what I wanted under each vserver (with a seperate IP for each vserver).. so that when I have my 6 vservers, each service on the vserver is protected against holes in the other services.. and I don't want to run 1 service on each vserver. :-( I don't understand what you mean by binding chroot to a=20 > port... but it doesn't sound pretty..=20 =20 --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-e+oBEx9OYf7Ys0oDg3ru Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part Content-Transfer-Encoding: base64 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjEuMC42IChHTlUv TGludXgpCkNvbW1lbnQ6IEZvciBpbmZvIHNlZSBodHRwOi8vd3d3LmdudXBnLm9yZwoKaUQ4REJR QThiUTB6NGMxa0hsaHRXOG9SQWlIM0FKOTY0cmlEMTRVNmFPNnlJcUxkbEVEc2VGTnZ6d0NkR0Vh Rgo2cFF4NG5QRUs3bFZkaWdXVVhDUlB2TT0KPUNaeU8KLS0tLS1FTkQgUEdQIFNJR05BVFVSRS0t LS0tCg== --=-e+oBEx9OYf7Ys0oDg3ru-- --=-FwhIK+3Y3f9LVGrT6wJR Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8bQ414c1kHlhtW8oRAmZ+AJ950PW2T79v+eG4XRLiPY1/LuIHOgCgt7rG xzbGVdG99Ufp48ngX4UnQFw= =I0K5 -----END PGP SIGNATURE----- --=-FwhIK+3Y3f9LVGrT6wJR-- From kl@vsen.dk Fri Feb 15 09:05:52 2002 Return-Path: Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1FE5pAh023270 for ; Fri, 15 Feb 2002 09:05:51 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id A6D6F1000; Fri, 15 Feb 2002 15:05:45 +0100 (CET) Subject: Re: [vserver] many services - 1 IP. From: klavs klavsen To: Vlad , Vserver Mailinglist In-Reply-To: References: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-FWVrwiSmmdPLv1llKRgW" X-Mailer: Evolution/1.0.2 Date: 15 Feb 2002 15:05:45 +0100 Message-Id: <1013781945.1733.59.camel@amd.vsen.dk> Mime-Version: 1.0 Status: RO X-Status: A X-Keywords: X-UID: 109 --=-FWVrwiSmmdPLv1llKRgW Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Fri, 2002-02-15 at 14:45, Vlad wrote: >=20 > Oohhh... I get it now.. Somehow in your response the main part of the=20 > problem got lost. I just went back to your original message: :-) =20 > And yeah, thats correct. You can use chroot within the virtual server, an= d=20 > you can do it securely. There was a bug where you could use chroot=20 > within vserver to escape out of the vserver and back into the root server= .=20 > That has been fixed for a while. ;) but chroot is still buggy (even if it's running under a vserver) so that one could break out of a chroot jail and get to other services on the same vserver? >=20 > To save you some time, if you do go with bind inside virtual server make=20 > sure you compile it without linux caps; they will fail inside vserver. ok. I'm kinda sad, that this means one can't use standard rpm's.. cause I'm gonna setup these systems in small shops, where they don't have the knowledge/expertise to compile themselves, and therefore standard distribution rpm compatability would be great to have.. I guess, I'm gonna have to think of something.. :-( Then I will have install the services on the costumer machines, without vserver (unless they explicitly want it with its advantages and disadvantages), this would mean that I have to copy config files over ONLY.. from the vserver to the costumer server - whereas otherwise I would be able to just copy the vserver directory :-( and then I would have to maintain a secured base linux system, for the costumer server. I'm just gonna use my vserver box's root server for that. Well it seems the path is becoming more clear to me now :-) it's difficult to make a standard installation, that doesn't remove flexibility and ease of use and doesn't compromise security either. P.S. I've sent this mail to the vserver-mailinglist also, so that others might gain from our discussion :-) --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-FWVrwiSmmdPLv1llKRgW Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8bRW54c1kHlhtW8oRAugtAKCQFKixspp0F7Ikr2+cQ3/DuzdHhwCfdTVi fgH5Kvx2Az4Jbu7OstChR4k= =5xD4 -----END PGP SIGNATURE----- --=-FWVrwiSmmdPLv1llKRgW-- From vserver.error@solucorp.qc.ca Fri Feb 15 09:20:02 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1FEK1Ah023444; Fri, 15 Feb 2002 09:20:02 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1FE5pi18916 for vserver.list; Fri, 15 Feb 2002 09:05:51 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1FE5oR18912 for ; Fri, 15 Feb 2002 09:05:50 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id A6D6F1000; Fri, 15 Feb 2002 15:05:45 +0100 (CET) Subject: Re: [vserver] many services - 1 IP. From: klavs klavsen To: Vlad , Vserver Mailinglist In-Reply-To: References: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-FWVrwiSmmdPLv1llKRgW" X-Mailer: Evolution/1.0.2 Date: 15 Feb 2002 15:05:45 +0100 Message-Id: <1013781945.1733.59.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 110 --=-FWVrwiSmmdPLv1llKRgW Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Fri, 2002-02-15 at 14:45, Vlad wrote: >=20 > Oohhh... I get it now.. Somehow in your response the main part of the=20 > problem got lost. I just went back to your original message: :-) =20 > And yeah, thats correct. You can use chroot within the virtual server, an= d=20 > you can do it securely. There was a bug where you could use chroot=20 > within vserver to escape out of the vserver and back into the root server= .=20 > That has been fixed for a while. ;) but chroot is still buggy (even if it's running under a vserver) so that one could break out of a chroot jail and get to other services on the same vserver? >=20 > To save you some time, if you do go with bind inside virtual server make=20 > sure you compile it without linux caps; they will fail inside vserver. ok. I'm kinda sad, that this means one can't use standard rpm's.. cause I'm gonna setup these systems in small shops, where they don't have the knowledge/expertise to compile themselves, and therefore standard distribution rpm compatability would be great to have.. I guess, I'm gonna have to think of something.. :-( Then I will have install the services on the costumer machines, without vserver (unless they explicitly want it with its advantages and disadvantages), this would mean that I have to copy config files over ONLY.. from the vserver to the costumer server - whereas otherwise I would be able to just copy the vserver directory :-( and then I would have to maintain a secured base linux system, for the costumer server. I'm just gonna use my vserver box's root server for that. Well it seems the path is becoming more clear to me now :-) it's difficult to make a standard installation, that doesn't remove flexibility and ease of use and doesn't compromise security either. P.S. I've sent this mail to the vserver-mailinglist also, so that others might gain from our discussion :-) --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-FWVrwiSmmdPLv1llKRgW Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8bRW54c1kHlhtW8oRAugtAKCQFKixspp0F7Ikr2+cQ3/DuzdHhwCfdTVi fgH5Kvx2Az4Jbu7OstChR4k= =5xD4 -----END PGP SIGNATURE----- --=-FWVrwiSmmdPLv1llKRgW-- From vserver.error@solucorp.qc.ca Fri Feb 15 09:38:49 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1FEcmAh023592; Fri, 15 Feb 2002 09:38:49 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1FEAXH19043 for vserver.list; Fri, 15 Feb 2002 09:10:33 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1FEAWR19039 for ; Fri, 15 Feb 2002 09:10:32 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id 85DE01000 for ; Fri, 15 Feb 2002 15:10:31 +0100 (CET) Subject: [vserver] what about a Todo list? From: klavs klavsen To: Vserver Mailinglist Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-AWdsY+rMrkk9243w0p2v" X-Mailer: Evolution/1.0.2 Date: 15 Feb 2002 15:10:31 +0100 Message-Id: <1013782231.1731.65.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 111 --=-AWdsY+rMrkk9243w0p2v Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi guys, I was thinking that if the vserver site, had a Todo list of wanted features/bug-fixes.. people would more easily be able to see wether or not they could/would contribute to the project.=20 It also helps to show how far the project has come, and how far it has travelled (even more so, if you kept the already finished Todo's at the bottom). It would certainly help me, to see if there were any part of the vserver project where I could contribute.. and also it would enable me to see, if my needs/ideas were already on the Todo list, so that I could perhaps team up with people who has the same goal. What do you think? I'd like to help making it, and the FAQ I talked about earlier if you think that's a good idea. I would like it to be a collaborate effort, as that will make it better - and also ensure the work gets used :-) --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-AWdsY+rMrkk9243w0p2v Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8bRbX4c1kHlhtW8oRAmX2AJ4mumJjFt/lLi9LSVqViPy7suTTdwCfUeKW NQur+jStuXWBr/yliLCApLY= =24XM -----END PGP SIGNATURE----- --=-AWdsY+rMrkk9243w0p2v-- From vserver.error@solucorp.qc.ca Fri Feb 15 10:41:36 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1FFfZAh024168; Fri, 15 Feb 2002 10:41:36 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1FFTcg20646 for vserver.list; Fri, 15 Feb 2002 10:29:38 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from alien.vlad.net (alien.vlad.net [208.236.0.236]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1FFTcR20642 for ; Fri, 15 Feb 2002 10:29:38 -0500 Received: from localhost (localhost.localdomain [127.0.0.1]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1FFTcAi024053 for ; Fri, 15 Feb 2002 10:29:38 -0500 Date: Fri, 15 Feb 2002 10:29:38 -0500 (EST) From: Vlad To: Vserver Mailinglist Subject: Re: [vserver] what about a Todo list? In-Reply-To: <1013782231.1731.65.camel@amd.vsen.dk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 112 > I was thinking that if the vserver site, had a Todo list of wanted > features/bug-fixes.. people would more easily be able to see wether or > not they could/would contribute to the project. http://www.solucorp.qc.ca/miscprj/s_context.hc?s1=6&s2=0&s3=0&s4=0&full=0&prjstate=1&nodoc=0 > It also helps to show how far the project has come, and how far it has > travelled (even more so, if you kept the already finished Todo's at the > bottom). http://www.solucorp.qc.ca/changes.hc?projet=vserver&version=all > I'd like to help making it, and the FAQ I talked about earlier if you > think that's a good idea. I would like it to be a collaborate effort, as > that will make it better - and also ensure the work gets used :-) http://www.solucorp.qc.ca/howto.hc?projet=vserver If you have something to contribute to the project why don't you just email the stuff to Jacques? From vserver.error@solucorp.qc.ca Fri Feb 15 11:16:47 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1FGGkAh024466; Fri, 15 Feb 2002 11:16:46 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1FFtYL21215 for vserver.list; Fri, 15 Feb 2002 10:55:34 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from chichen.dd.lt.qc.ca (modemcable036.49-203-24.mtl.mc.videotron.ca [24.203.49.36]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1FFtYR21211 for ; Fri, 15 Feb 2002 10:55:34 -0500 Received: from canyon.logisoftech.com (canyon.localdomain [192.168.4.2]) by chichen.dd.lt.qc.ca (8.9.3/8.8.7) with ESMTP id JAA05420; Fri, 15 Feb 2002 09:55:42 -0500 Date: Fri, 15 Feb 2002 11:41:35 -0500 (EST) From: "Bourque, Guillaume" To: Vserver Mailinglist cc: klavs klavsen Subject: Re: [vserver] many services - 1 IP. In-Reply-To: <1013781945.1733.59.camel@amd.vsen.dk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 113 Hello ! >ok. I'm kinda sad, that this means one can't use standard rpm's.. cause >I'm gonna setup these systems in small shops, where they don't have the >knowledge/expertise to compile themselves, and therefore standard >distribution rpm compatability would be great to have.. Almost every package work's correclty out of the box in vservers environnement and for bind you can use djbdns, that's what I did and it is working very well for me ! BTW dbjdns is so fast ! Cheer's -- --------------------- La qualité avant tout ! ---------------------- Guillaume Bourque Conseiller technologique LogiSoft Technologies inc. Tél. (514) 576-7638 Fax: (450) 649-6134 -------------------- http://www.logisoftech.com -------------------- From vserver.error@solucorp.qc.ca Fri Feb 15 11:27:48 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1FGRlAh024587; Fri, 15 Feb 2002 11:27:48 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1FG96D21455 for vserver.list; Fri, 15 Feb 2002 11:09:06 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from lakemtao03.cox.net (mtao3.east.cox.net [68.1.17.242]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1FG95R21451 for ; Fri, 15 Feb 2002 11:09:05 -0500 Received: from gregg ([68.3.68.74]) by lakemtao03.cox.net (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with SMTP id <20020215160905.NKGR5816.lakemtao03.cox.net@gregg> for ; Fri, 15 Feb 2002 11:09:05 -0500 Message-ID: <012a01c1b63b$19bd5a10$010510ac@gregg> From: "Gregg" To: Subject: [vserver] vserver help Date: Fri, 15 Feb 2002 09:09:08 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: A X-Keywords: X-UID: 114 Hello, I'm new to this group. I just installed vserver yesterday. The installation went fine, I didn't have any difficulties. I used the newvserver to make a test server, I gave it an IP address and called it test. It created the folder under vserver, and copied a bunch of files there. It started fine. Next I entered the vserver using the command vserver test enter. That worked well also, I got this following message: Server test is running ipv4root is now 172.16.5.16 New security context is 2 I checked to see what services where running, and there were very few services running. root 1 0.0 0.5 1384 160 ? S Feb14 0:04 init [3] root 1181 0.0 0.1 1380 32 ? S Feb14 0:00 minilogd root 2615 1.6 4.2 2480 1280 pts/0 S 08:56 0:00 /bin/sh root 2616 0.0 2.3 2600 712 pts/0 R 08:57 0:00 ps aux I tried starting v_httpd and I get the following error. Invalid IP number or host name: eth0 chbind version 0.10 chbind [ --silent ] [ --ip ip_num ] command argument Which is weird, because when I enter the server it says ipv4root is now xx.xx.xx.xx This is a test server, so I'm using internal IPs. I've gone over the documentations a few times online, but I can't seem to figure this out. I also did a few tests. In the test vserver I created an account called admin. I was also able to create an admin account in the main server. Then I created an account called admin2 in the main server, and tried creating that same account in the test vserver, and it says that that account is already created. Isn't the vserver supposed to be able to handle it's own accounts, regardless of what the main server has, or what other vservers have? I know this is a long message, with a bunch of questions, hopefully someone can shed some light for me. Thanks, Gregg From vserver.error@solucorp.qc.ca Fri Feb 15 12:19:45 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1FHJiAh025102; Fri, 15 Feb 2002 12:19:44 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1FH5rD22653 for vserver.list; Fri, 15 Feb 2002 12:05:53 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from protactinium.btinternet.com (protactinium.btinternet.com [194.73.73.176]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1FH5qR22645 for ; Fri, 15 Feb 2002 12:05:52 -0500 Received: from host213-1-137-88.btinternet.com ([213.1.137.88] helo=john-new) by protactinium.btinternet.com with esmtp (Exim 3.22 #8) id 16blnw-0002Z8-00 for vserver@solucorp.qc.ca; Fri, 15 Feb 2002 17:05:49 +0000 Received: from 192.168.0.1 by john-new ([192.168.0.1] running VPOP3) with SMTP for ; Fri, 15 Feb 2002 17:05:32 -0000 From: "John Lyons" To: Subject: RE: [vserver] vserver help Date: Fri, 15 Feb 2002 17:05:31 -0000 Message-ID: <01c001c1b642$f9f0a900$0100a8c0@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <012a01c1b63b$19bd5a10$010510ac@gregg> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 115 > I tried starting v_httpd and I get the following error. > Invalid IP number or host name: eth0 > chbind version 0.10 > chbind [ --silent ] [ --ip ip_num ] command argument v_httpd and all of the v_* init scripts are used to start services on the host server rather than within a vserver. Use the normal init scripts for httpd sshd etc when you're in a vs. > In the test vserver I created an > account called > admin. I was also able to create an admin account in the > main server. Then > I created an account called admin2 in the main server, and > tried creating > that same account in the test vserver, and it says that that > account is > already created. Isn't the vserver supposed to be able to > handle it's own > accounts, regardless of what the main server has, or what > other vservers > have? If you've got admin and admin2 users in the host server when you build your first vs then the users from the host (or reference) server will be coppied into the vserver. From reading the above it doesn't sound like this is what's caused the problem but it's worth knowing. Regards John Lyons DomainCity http://www.domaincity.co.uk support@domaincity.co.uk ICQ 74187012 *********************************************************************** Please quote your account number in the subject line of all emails. Failure to do so may result in your enquiries taking longer to process. *********************************************************************** From vserver.error@solucorp.qc.ca Fri Feb 15 12:23:56 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1FHNtAh025138; Fri, 15 Feb 2002 12:23:56 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1FH5IL22635 for vserver.list; Fri, 15 Feb 2002 12:05:18 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from alien.vlad.net (alien.vlad.net [208.236.0.236]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1FH5IR22631 for ; Fri, 15 Feb 2002 12:05:18 -0500 Received: from localhost (localhost.localdomain [127.0.0.1]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1FH5JAi024985 for ; Fri, 15 Feb 2002 12:05:19 -0500 Date: Fri, 15 Feb 2002 12:05:19 -0500 (EST) From: Vlad To: vserver@solucorp.qc.ca Subject: Re: [vserver] vserver help In-Reply-To: <012a01c1b63b$19bd5a10$010510ac@gregg> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 116 > I tried starting v_httpd and I get the following error. > Invalid IP number or host name: eth0 > chbind version 0.10 > chbind [ --silent ] [ --ip ip_num ] command argument Never got that error. Go into your vserver folder then cwd into etc/xinet.d and edit the file. Change disable to no. Restart that service (or start xinetd) inside your vserver. Then you can telnet inside and play with it that way. Same with ssh/etc. > I also did a few tests. In the test vserver I created an account called > admin. I was also able to create an admin account in the main server. Then > I created an account called admin2 in the main server, and tried creating > that same account in the test vserver, and it says that that account is > already created. Isn't the vserver supposed to be able to handle it's own > accounts, regardless of what the main server has, or what other vservers > have? I know this is a long message, with a bunch of questions, hopefully You're right, each vserver has its own files/authentication. Look inside your vservers etc/passwd and see if any of the users you are adding are showing up... you just might be adding all this stuff to your root server accidentally. -Vlad From vserver.error@solucorp.qc.ca Fri Feb 15 12:28:32 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1FHSWAh025187; Fri, 15 Feb 2002 12:28:32 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1FHFls22887 for vserver.list; Fri, 15 Feb 2002 12:15:47 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tincan.org ([216.64.180.202]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1FHFkR22883 for ; Fri, 15 Feb 2002 12:15:47 -0500 Received: from localhost (raanders@localhost) by tincan.org (8.9.3/8.8.7) with ESMTP id JAA14260 for ; Fri, 15 Feb 2002 09:15:39 -0800 Date: Fri, 15 Feb 2002 09:15:39 -0800 (PST) From: "Roderick A. Anderson" To: vserver@solucorp.qc.ca Subject: Re: [vserver] vserver help In-Reply-To: <012a01c1b63b$19bd5a10$010510ac@gregg> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 117 On Fri, 15 Feb 2002, Gregg wrote: > I tried starting v_httpd and I get the following error. > Invalid IP number or host name: eth0 > chbind version 0.10 > chbind [ --silent ] [ --ip ip_num ] command argument My understanding is v_httpd is run in the main server and the normal httpd is run in the vservers. And it seems to work for me. Best, Rod -- Let Accuracy Triumph Over Victory Zetetic Institute "David's Sling" Marc Stiegler From vserver.error@solucorp.qc.ca Fri Feb 15 14:01:47 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1FJ1kAh026154; Fri, 15 Feb 2002 14:01:47 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1FIiBH24482 for vserver.list; Fri, 15 Feb 2002 13:44:11 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1FIiAR24478 for ; Fri, 15 Feb 2002 13:44:10 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id 559A61000 for ; Fri, 15 Feb 2002 19:44:06 +0100 (CET) Subject: Re: [vserver] many services - 1 IP. From: klavs klavsen To: Vserver Mailinglist In-Reply-To: References: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-Ghc6XmWvvEfHs7AWM2Ha" X-Mailer: Evolution/1.0.2 Date: 15 Feb 2002 19:44:06 +0100 Message-Id: <1013798646.2630.11.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 118 --=-Ghc6XmWvvEfHs7AWM2Ha Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Fri, 2002-02-15 at 17:41, Bourque, Guillaume wrote: > Hello ! >=20 > >ok. I'm kinda sad, that this means one can't use standard rpm's.. cause > >I'm gonna setup these systems in small shops, where they don't have the > >knowledge/expertise to compile themselves, and therefore standard > >distribution rpm compatability would be great to have.. >=20 > Almost every package work's correclty out of the box in vservers > environnement and for bind you can use djbdns, that's what I did and it i= s > working very well for me ! BTW dbjdns is so fast ! Nice to know. Sorry I made it seem so gloomy.. Now I just have to figure Samba out.. heard there were some problems with the broadcasts.. :-) =20 --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-Ghc6XmWvvEfHs7AWM2Ha Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8bVb24c1kHlhtW8oRArLCAJ0bKFvjiMAjrug5ghA7VQzo4YnZ1gCgmQZ7 uEHa/sKgyea1fXJndpzYvF8= =riJF -----END PGP SIGNATURE----- --=-Ghc6XmWvvEfHs7AWM2Ha-- From vserver.error@solucorp.qc.ca Fri Feb 15 14:06:52 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1FJ6pAh026179; Fri, 15 Feb 2002 14:06:51 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1FIlhE24626 for vserver.list; Fri, 15 Feb 2002 13:47:43 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1FIlgR24622 for ; Fri, 15 Feb 2002 13:47:42 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id 2244F1000 for ; Fri, 15 Feb 2002 19:47:41 +0100 (CET) Subject: Re: [vserver] what about a Todo list? From: klavs klavsen To: Vserver Mailinglist In-Reply-To: References: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-LrWHPKiZfVkiESj+/6rX" X-Mailer: Evolution/1.0.2 Date: 15 Feb 2002 19:47:40 +0100 Message-Id: <1013798861.2630.15.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 119 --=-LrWHPKiZfVkiESj+/6rX Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Fri, 2002-02-15 at 16:29, Vlad wrote: >=20 > > I was thinking that if the vserver site, had a Todo list of wanted > > features/bug-fixes.. people would more easily be able to see wether or > > not they could/would contribute to the project.=20 >=20 > http://www.solucorp.qc.ca/miscprj/s_context.hc?s1=3D6&s2=3D0&s3=3D0&s4=3D= 0&full=3D0&prjstate=3D1&nodoc=3D0 But they seem all to be checked (ie. done)..? >=20 > > It also helps to show how far the project has come, and how far it has > > travelled (even more so, if you kept the already finished Todo's at the > > bottom). >=20 > http://www.solucorp.qc.ca/changes.hc?projet=3Dvserver&version=3Dall that does the trick I guess :-) > > I'd like to help making it, and the FAQ I talked about earlier if you > > think that's a good idea. I would like it to be a collaborate effort, a= s > > that will make it better - and also ensure the work gets used :-) >=20 > http://www.solucorp.qc.ca/howto.hc?projet=3Dvserver >=20 > If you have something to contribute to the project why don't you just=20 > email the stuff to Jacques? >=20 I'll write down my questions and the answers I've found and email them :-) --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-LrWHPKiZfVkiESj+/6rX Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8bVfM4c1kHlhtW8oRAv5zAJ9e5MiuOsWhc/trwht5BMP2D6tyXwCdE2r5 qhidpAKJecGXLXDXQ1fYZT0= =ms7l -----END PGP SIGNATURE----- --=-LrWHPKiZfVkiESj+/6rX-- From vserver.error@solucorp.qc.ca Fri Feb 15 15:18:53 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1FKIoAh026786; Fri, 15 Feb 2002 15:18:52 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1FJsVf25964 for vserver.list; Fri, 15 Feb 2002 14:54:31 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from lakemtao03.cox.net (mtao3.east.cox.net [68.1.17.242]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1FJsVR25960 for ; Fri, 15 Feb 2002 14:54:31 -0500 Received: from gregg ([68.3.68.74]) by lakemtao03.cox.net (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with SMTP id <20020215195431.PYXT5816.lakemtao03.cox.net@gregg> for ; Fri, 15 Feb 2002 14:54:31 -0500 Message-ID: <017101c1b65a$98313c80$010510ac@gregg> From: "Gregg" To: References: <01c001c1b642$f9f0a900$0100a8c0@johnnew> Subject: Re: [vserver] vserver help Date: Fri, 15 Feb 2002 12:54:35 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 120 > > I tried starting v_httpd and I get the following error. > > Invalid IP number or host name: eth0 > > chbind version 0.10 > > chbind [ --silent ] [ --ip ip_num ] command argument > > v_httpd and all of the v_* init scripts are used to start services on the > host server rather than within a vserver. Use the normal init scripts for > httpd sshd etc when you're in a vs. > Thanks, I think that was my problem. I got most of the services working now. HTTPD, mysqld. I'm having problems with sendmail however. It starts fine, then after a minute or two, it just dies. I've tried everything I know how. Any ideas on what could be wrong? > > If you've got admin and admin2 users in the host server when you build your > first vs then the users from the host (or reference) server will be coppied > into the vserver. From reading the above it doesn't sound like this is > what's caused the problem but it's worth knowing. Ok, let's see if I got this right. If I got the user admin set in the host server, when I create a vserver, it will be coppied to the vserver. Now, what if I were to delete the user admin in the vserver, will that affect the user admin in the host server? What about the root user in the vserver, if you change the root password in the vserver, does that also change the password for the root in the host server? I think I'm finally getting this down. Thanks for the help guys. From vserver.error@solucorp.qc.ca Fri Feb 15 16:42:39 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1FLgcAh027608; Fri, 15 Feb 2002 16:42:38 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1FLFfU27846 for vserver.list; Fri, 15 Feb 2002 16:15:41 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from protactinium.btinternet.com (protactinium.btinternet.com [194.73.73.176]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1FLFdR27842 for ; Fri, 15 Feb 2002 16:15:40 -0500 Received: from host213-1-182-135.btinternet.com ([213.1.182.135] helo=john-new) by protactinium.btinternet.com with esmtp (Exim 3.22 #8) id 16bphf-0006xn-00 for vserver@solucorp.qc.ca; Fri, 15 Feb 2002 21:15:36 +0000 Received: from 213.1.182.135 by john-new ([213.1.182.135] running VPOP3) with SMTP for ; Fri, 15 Feb 2002 21:15:16 -0000 From: "John Lyons" To: Subject: RE: [vserver] vserver help Date: Fri, 15 Feb 2002 21:15:15 -0000 Message-ID: <000801c1b665$dd8ad560$87b601d5@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) In-reply-to: <017101c1b65a$98313c80$010510ac@gregg> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 121 > I'm having problems with sendmail however. It starts fine, > then after a > minute or two, it just dies. I've tried everything I know > how. Any ideas on what could be wrong? I've got the same problem with one of my vservers. I've started working through logs, and got as far as invalid data format for the emails in /var/log/maillog. Checking the status via /etc/init.d/sendmail gave subsystem locked errors. I've seen this before on non vserver systems so I don't think it's a problem related to the vserver. > Ok, let's see if I got this right. If I got the user admin > set in the host > server, when I create a vserver, it will be copied to the > vserver. Correct because if you use your host server as the reference server all config files will be copied over. Now, > what if I were to delete the user admin in the vserver, will > that affect the user admin in the host server? No because after the vserver has been built the passwd files are two different files in two difference parts of the filesystem. It's just the act of creating the vs that copies conf files thereby transferring settings. > What about the root user in the vserver, if you change the > root password in > the vserver, does that also change the password for the root > in the host server? No. One of the things that I've been looking to do is to expand on the vserver build script so that when the vserver is built you automatically change the root/admin user passwords for the new vserver and change conf files that are specific to that vs. eg making an entry in /etc/mail and httpd.conf to provide basic services for the customers first domain. (All one step beyond vserver core system but useful for hosts using it in a commercial environment, probably something with sed) Regards John Lyons DomainCity http://www.domaincity.co.uk support@domaincity.co.uk ICQ 74187012 *********************************************************************** Please quote your account number in the subject line of all emails. Failure to do so may result in your enquiries taking longer to process. *********************************************************************** From vserver.error@solucorp.qc.ca Fri Feb 15 17:27:04 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1FMR3Ah028046; Fri, 15 Feb 2002 17:27:03 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1FMFrY29068 for vserver.list; Fri, 15 Feb 2002 17:15:53 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from remtk.solucorp.qc.ca (dns.unigiciel.com [207.253.4.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1FMFrR29064 for ; Fri, 15 Feb 2002 17:15:53 -0500 Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g1FMH9810939 for vserver@solucorp.qc.ca; Fri, 15 Feb 2002 17:17:09 -0500 From: Jacques Gelinas Date: Fri, 15 Feb 2002 17:17:09 -0500 To: vserver@solucorp.qc.ca Subject: [vserver] RE: Performance, memory, etc X-mailer: tlmpmail 0.1 Message-ID: <20020215171709.baafe21dfd7c@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 122 On Fri, 15 Feb 2002 10:58:55 -0500, Sam Vilain wrote > Jacques Gelinas wrote: > > > This is true. One solution would be to have one private loopback per > > vserver. (127.0.0.N) and translate dynamically from 127.0.0.1 to the > > vserver one. > [...] > > The current ipv4root of the vserver is mapping a bind(0.0.0.0), to a > > bind(ip-of-the-vserver). After this little modification in the kernel, > > the rest of the kernel simply work as usual. > > Just a thought, perhaps changing any call to bind(127.0.0.0/8) to > bind(ip_root) would be a nice quick hack; > > --- net/ipv4/af_inet.c Fri Feb 15 10:33:10 2002 > +++ net/ipv4/af_inet.c.orig Fri Feb 15 10:31:16 2002 > @@ -489,7 +489,7 @@ > s_addr = addr->sin_addr.s_addr; > if (current->ipv4root != 0){ > // printk ("ipv4root0 %08lx %08x\n",current->ipv4root,s_addr); > - if (s_addr == 0 || (s_addr>>24 & 0xFF) == 127 ){ > + if (s_addr == 0){ > s_addr = current->ipv4root; > }else if (s_addr != current->ipv4root){ > return -EADDRNOTAVAIL; > > Is this breaking network sanity too much? :-) Maybe. If you bind on 127.0.0.1, you do this to tell apart private connection public connection. Now just by binding to 127.0.0.1, you end up opening to the world. While not such a big issue, if an application relies/expects this behavior, their security model is screwed. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Fri Feb 15 17:32:10 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1FMW8Ah028137; Fri, 15 Feb 2002 17:32:09 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1FMH8q29084 for vserver.list; Fri, 15 Feb 2002 17:17:08 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from remtk.solucorp.qc.ca (dns.unigiciel.com [207.253.4.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1FMH8R29080 for ; Fri, 15 Feb 2002 17:17:08 -0500 Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g1FMIPK10944 for vserver@dns.solucorp.qc.ca; Fri, 15 Feb 2002 17:18:25 -0500 From: Jacques Gelinas Date: Fri, 15 Feb 2002 17:18:25 -0500 To: Vserver mailing list Subject: [vserver] mailing list archive X-mailer: tlmpmail 0.1 Message-ID: <20020215171825.79a20b7bf437@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 123 Just to say the mailing list is now archived at http://vserver.vlad.net. It contains every messages sent to the list since day one. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Fri Feb 15 17:50:18 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1FMoGAh028279; Fri, 15 Feb 2002 17:50:17 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1FMaUO29520 for vserver.list; Fri, 15 Feb 2002 17:36:30 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from lakemtao01.cox.net (mtao1.east.cox.net [68.1.17.244]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1FMaTR29516 for ; Fri, 15 Feb 2002 17:36:30 -0500 Received: from gregg ([68.3.68.74]) by lakemtao01.cox.net (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with SMTP id <20020215223627.ENZA3264.lakemtao01.cox.net@gregg> for ; Fri, 15 Feb 2002 17:36:27 -0500 Message-ID: <01be01c1b671$38ddbc60$010510ac@gregg> From: "Gregg" To: References: <000801c1b665$dd8ad560$87b601d5@johnnew> Subject: Re: [vserver] vserver help Date: Fri, 15 Feb 2002 15:36:33 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 124 > I've got the same problem with one of my vservers. I've started working > through logs, and got as far as invalid data format for the emails in > /var/log/maillog. Checking the status via /etc/init.d/sendmail gave > subsystem locked errors. > I've seen this before on non vserver systems so I don't think it's a problem > related to the vserver. Ok, I checked my log files, and this is what I found. NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA: cannot bind: Cannot assign requested address daemon MTA: problem creating SMTP socket Fine, I figured it had something to do with the host server, so I stopped sendmail and mysql on the host server, and loaded sendmail on a vserver, and guess what? It started. Now I can see that the sendmail is running, but it says the following sendmail: rejecting new messages: min free: 100 I went back and checked on the log files, and I got the following: starting daemon (8.11.6): SMTP+queueing@01:00:00 sendmail[2458]: rejecting new messages: min free: 100 sendmail[2046]: alias database /etc/aliases rebuilt by root sendmail[2046]: /etc/aliases: 40 aliases, longest 10 bytes, 395 bytes total sendmail[2080]: starting daemon (8.11.6): SMTP+queueing@00:01:00 sendmail[2080]: rejecting new messages: min free: 100 I know it's probably some configuration deal that I have wrong, so it's not that important I guess, but if anyone has had this similar problem, please share your thoughts! :) Now, back to the host server, I don't have mysqld running or sendmail, which is fine, because I probably wouldn't use the host server for hosting a site or anything anyway. But, when I stop a vserver I get a few error messages. Here's what I get. Sorry if it's too long. Stopping the virtual server test Server test is running ipv4root is now 172.16.5.16 New security context is 2 Stopping MySQL: [FAILED] Stopping httpd: [ OK ] Stopping sshd: [ OK ] Shutting down sendmail: [ OK ] Stopping xinetd: [ OK ] Stopping crond: [ OK ] Shutting down kernel logger: [FAILED] Shutting down system logger: [ OK ] Starting killall: Stopping MySQL: [FAILED] [FAILED] sleep 2 Killing all processes kill -TERM /vservers/test/bin/bash[1173] kill -TERM /vservers/test/usr/libexec/mysqld[1213] kill -TERM /vservers/test/usr/libexec/mysqld[1217] kill -TERM /vservers/test/usr/libexec/mysqld[1218] kill -TERM /vservers/test/usr/libexec/mysqld[1227] kill -TERM /vservers/test/sbin/minilogd[2429] kill -TERM /vservers/test/bin/bash[1173] kill -TERM /vservers/test/usr/libexec/mysqld[1213] kill -TERM /vservers/test/usr/libexec/mysqld[1217] kill -TERM /vservers/test/usr/libexec/mysqld[1218] kill -TERM /vservers/test/usr/libexec/mysqld[2466] It is weird that it's failing to stop the MySQL, because obviously it is running, because in the kill all it's killing the mysqld processes. Any clues? The other one that is failing to stop is kernel logger, which I don't know why that is failing either. Again, these may not be important, I just want to know if there's something I did wrong, or if there is something else I could do. > One of the things that I've been looking to do is to expand on the vserver > build script so that when the vserver is built you automatically change the > root/admin user passwords for the new vserver and change conf files that are > specific to that vs. eg making an entry in /etc/mail and httpd.conf to > provide basic services for the customers first domain. (All one step beyond > vserver core system but useful for hosts using it in a commercial > environment, probably something with sed) > That would be a useful script indeed. I did have to go in and change httpd.conf for my two test vservers by hand, and I'm sure there are many other config files that I missed! :) Thanks again for the help Gregg From vserver.error@solucorp.qc.ca Fri Feb 15 18:39:55 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1FNdrAh028620; Fri, 15 Feb 2002 18:39:54 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1FNP8E30524 for vserver.list; Fri, 15 Feb 2002 18:25:08 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from protactinium.btinternet.com (protactinium.btinternet.com [194.73.73.176]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1FNP6R30520 for ; Fri, 15 Feb 2002 18:25:07 -0500 Received: from host213-122-43-56.in-addr.btopenworld.com ([213.122.43.56] helo=john-new) by protactinium.btinternet.com with esmtp (Exim 3.22 #8) id 16briz-0001id-00 for vserver@solucorp.qc.ca; Fri, 15 Feb 2002 23:25:05 +0000 Received: from 213.122.43.56 by john-new ([213.122.43.56] running VPOP3) with SMTP for ; Fri, 15 Feb 2002 23:24:47 -0000 From: "John Lyons" To: Subject: RE: [vserver] vserver help Date: Fri, 15 Feb 2002 23:24:45 -0000 Message-ID: <001c01c1b677$f4ed2430$87b601d5@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) In-reply-to: <01be01c1b671$38ddbc60$010510ac@gregg> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 125 > sendmail: rejecting new messages: min free: 100 > starting daemon (8.11.6): SMTP+queueing@01:00:00 > sendmail[2458]: rejecting new messages: min free: 100 I'm wondering if you're able to see the full message? Is it something like min free memory, disk space or something else? Are you low on disk space or memory or are you running quotas? > Stopping MySQL: [FAILED] > Shutting down kernel logger: [FAILED] > Starting killall: Stopping MySQL: [FAILED] > [FAILED] > Any clues? Not much I can think of here, I never could get mysql starting and stopping properly with needing to run it as the admin or mysql user. There was a thread here a few days ago about the vserver script running an rm command on /var/run which was killing mysql incorrectly. (The messages are now on a web forum somewhere?) I'm guessing it's all tied in with the bug in the vserver script. Regards John Lyons DomainCity http://www.domaincity.co.uk support@domaincity.co.uk ICQ 74187012 *********************************************************************** Please quote your account number in the subject line of all emails. Failure to do so may result in your enquiries taking longer to process. *********************************************************************** From vserver.error@solucorp.qc.ca Fri Feb 15 19:24:43 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1G0OeAh028895; Fri, 15 Feb 2002 19:24:42 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1G09iq31391 for vserver.list; Fri, 15 Feb 2002 19:09:44 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from localhost.localdomain (pia153-99.pioneernet.net [66.114.153.99]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1G09hR31387 for ; Fri, 15 Feb 2002 19:09:43 -0500 Received: from openwebmail (casonmaster [127.0.0.1]) by localhost.localdomain (8.11.6/8.11.6) with ESMTP id g1G0BbR29114 for ; Fri, 15 Feb 2002 16:11:37 -0800 From: "Wray Cason" To: vserver@solucorp.qc.ca Subject: RE: [vserver] vserver help Date: Fri, 15 Feb 2002 16:11:37 -0800 Message-Id: <20020215161137.A49139@auxiliumcomputing.com> In-Reply-To: <001c01c1b677$f4ed2430$87b601d5@johnnew> References: <01be01c1b671$38ddbc60$010510ac@gregg> X-Mailer: Open WebMail 1.53 20020112 X-OriginatingIP: 192.168.0.2 (auxiliumcomputing) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 126 > > sendmail: rejecting new messages: min free: 100 > > starting daemon (8.11.6): SMTP+queueing@01:00:00 > > sendmail[2458]: rejecting new messages: min free: 100 > > I'm wondering if you're able to see the full message? Is it > something like min free memory, disk space or something else? > Are you low on disk space or memory or are you running quotas? > > > Stopping MySQL: [FAILED] > > Shutting down kernel logger: [FAILED] > > Starting killall: Stopping MySQL: [FAILED] > > [FAILED] > > Any clues? > > Not much I can think of here, I never could get mysql starting > and stopping properly with needing to run it as the admin or > mysql user. I had the same problem with mysqld. I found that the mysql user didn't have access to the var/run directory. It would start showing the following error in the mysqld.log. 020215 09:33:57 mysqld started 020215 9:33:57 /usr/libexec/mysqld: Can't create/write to file '/var/run/mysqld/mysqld.pid' (Errcode: 2) /usr/libexec/mysqld: ready for connections I allowed the mysql user to write to /var/run and manually created the /var/run/mysqld directory and now it can shut itself down properly. > > There was a thread here a few days ago about the vserver script > running an rm command on /var/run which was killing mysql incorrectly. > (The messages are now on a web forum somewhere?) > > I'm guessing it's all tied in with the bug in the vserver > script. > > Regards > > John Lyons > DomainCity > http://www.domaincity.co.uk > support@domaincity.co.uk > ICQ 74187012 > > *********************************************************************** > Please quote your account number in the subject line of all > emails. Failure to do so may result in your enquiries taking -- Wray Cason "Wrayman" Auxilium Computing wrayman@auxiliumcomputing.com 206-595-2080 From vserver.error@solucorp.qc.ca Fri Feb 15 19:35:50 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1G0ZlAh028983; Fri, 15 Feb 2002 19:35:48 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1G0Lfp31543 for vserver.list; Fri, 15 Feb 2002 19:21:41 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tincan.org ([216.64.180.202]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1G0LeR31539 for ; Fri, 15 Feb 2002 19:21:40 -0500 Received: from localhost (raanders@localhost) by tincan.org (8.9.3/8.8.7) with ESMTP id QAA22531 for ; Fri, 15 Feb 2002 16:21:37 -0800 Date: Fri, 15 Feb 2002 16:21:37 -0800 (PST) From: "Roderick A. Anderson" To: vserver@solucorp.qc.ca Subject: [vserver] newvserver and existing directory Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 127 I just tried to use newvserver and got pretty much a failure. I suspect it is an issue I've run into and discussed with Jacques but I'm not sure he had a chance to get around to fixing it. Build a vserver for an already existing directory. This is on a 2.4.17ctx-7 kernel and vserver-0.10-1. I've created - far too many - partitions to place my vservers in. Make the users take the hit if they fill the partition up. The partition is mounted (/vservers/vs3). Did a quick check and can't find where the problem is. Maybe unify won't work on separate partitions. Any thoughts? TIA, Rod -- Let Accuracy Triumph Over Victory Zetetic Institute "David's Sling" Marc Stiegler From vserver.error@solucorp.qc.ca Fri Feb 15 20:00:41 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1G10dAh029195; Fri, 15 Feb 2002 20:00:40 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1G0irf31855 for vserver.list; Fri, 15 Feb 2002 19:44:53 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from rhenium.btinternet.com (rhenium.btinternet.com [194.73.73.93]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1G0ipR31851 for ; Fri, 15 Feb 2002 19:44:52 -0500 Received: from host213-122-63-223.in-addr.btopenworld.com ([213.122.63.223] helo=john-new) by rhenium.btinternet.com with esmtp (Exim 3.22 #8) id 16bsy7-00042w-00 for vserver@solucorp.qc.ca; Sat, 16 Feb 2002 00:44:48 +0000 Received: from 213.122.63.223 by john-new ([213.122.63.223] running VPOP3) with SMTP for ; Sat, 16 Feb 2002 00:44:30 -0000 From: "John Lyons" To: Subject: RE: [vserver] newvserver and existing directory Date: Sat, 16 Feb 2002 00:44:28 -0000 Message-ID: <002801c1b683$17d9df50$87b601d5@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) In-reply-to: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 128 > problem is. Maybe unify won't work on separate partitions. >From the changelog "The /usr/lib/vserver/vbuild utility has been enhanced to stay in one file system only." I don't know whether this is the cause of the problem but it's certianly worth investigating further. Regards John Lyons DomainCity http://www.domaincity.co.uk support@domaincity.co.uk ICQ 74187012 *********************************************************************** Please quote your account number in the subject line of all emails. Failure to do so may result in your enquiries taking longer to process. *********************************************************************** From vserver.error@solucorp.qc.ca Fri Feb 15 21:44:39 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1G2icAh029830; Fri, 15 Feb 2002 21:44:38 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1G2L5d01038 for vserver.list; Fri, 15 Feb 2002 21:21:05 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.paradigm4.com.au (rucc1.paradigm4.com.au [203.30.104.9]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g1G2L3R01034 for ; Fri, 15 Feb 2002 21:21:03 -0500 Received: (qmail 30673 invoked from network); 16 Feb 2002 02:30:32 -0000 Received: from p47.paradigm4.com.au (HELO mail.DigitalAngel.com.au) (bofh@203.30.104.47) by server.paradigm4.com.au with SMTP; 16 Feb 2002 02:30:32 -0000 Received: (qmail 14705 invoked from network); 16 Feb 2002 02:23:56 -0000 Received: from charley.home (HELO charlie) (10.0.0.4) by stanley.home with SMTP; 16 Feb 2002 02:23:56 -0000 From: edward@DigitalAngel.com.au To: vserver@solucorp.qc.ca Date: Sat, 16 Feb 2002 13:37:36 +1100 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: [vserver] mailing list archive Message-ID: <3C6E60A0.31387.813481@localhost> Priority: normal In-reply-to: <20020215171825.79a20b7bf437@remtk.solucorp.qc.ca> X-mailer: Pegasus Mail for Win32 (v3.12c) Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 129 Excellent. I already dug out some message from a while ago to do with the scheduler changes and I have a question. Did the scheduling code of vserver get changed since then? The latest CTX-7 patch still appears to be messing with goodness() rgds Ed From: Rik van Riel (riel_at_conectiva.com.br) Date: Tue Oct 23 2001 - 15:32:11 EDT > Should I port my fairsched patch to a newer 2.4 kernel and > add vserver support for it ? My approach only changes the > priority recalculation in the scheduler and achieves pretty > much the same effect _without_ needing to change goodness(). > > regards, > > Rik On Friday, 15 February 2002 at 17:18, Jacques Gelinas wrote: > Just to say the mailing list is now archived at http://vserver.vlad.net. It contains > every messages sent to the list since day one. From vserver.error@solucorp.qc.ca Sat Feb 16 01:00:52 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1G60pAh031082; Sat, 16 Feb 2002 01:00:51 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1G5k4p03741 for vserver.list; Sat, 16 Feb 2002 00:46:04 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from lakemtao03.cox.net (mtao3.east.cox.net [68.1.17.242]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1G5k3R03737 for ; Sat, 16 Feb 2002 00:46:03 -0500 Received: from gregg ([68.3.68.74]) by lakemtao03.cox.net (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with SMTP id <20020216054603.XIHO5816.lakemtao03.cox.net@gregg> for ; Sat, 16 Feb 2002 00:46:03 -0500 Message-ID: <005d01c1b6ad$36fc5af0$010510ac@gregg> From: "Gregg" To: References: <001c01c1b677$f4ed2430$87b601d5@johnnew> Subject: Re: [vserver] vserver help Date: Fri, 15 Feb 2002 22:46:00 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-Mimeole: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: A X-Keywords: X-UID: 130 > I'm wondering if you're able to see the full message? Is it something like > min free memory, disk space or something else? > Are you low on disk space or memory or are you running quotas? Actually, that is the entire message sendmail is giving me, nothing else. It's the same message it writes in maillog sendmail[2458]: rejecting new messages: min free: 100 That part I haven't figured out yet. > Not much I can think of here, I never could get mysql starting and stopping > properly with needing to run it as the admin or mysql user. > > There was a thread here a few days ago about the vserver script running an > rm command on /var/run which was killing mysql incorrectly. (The messages > are now on a web forum somewhere?) > > I'm guessing it's all tied in with the bug in the vserver script. Well, I did find the thread about the /var/run commands,(THANK YOU FOR THE WEB ARCHIVE) and I did go over it, and I had to modify the mysqld shutdown a bit, but it's shutting down properly without giving errors!! YAY! The only thing that is giving errors when shutting down is the kernel logger, which I haven't figured out why yet. I've been playing with linux for a while now, I'm not an expert at all, but I'm learning slowly. I have tried the FreeVSD, but that was a total mess. The vserver project seems so much more stable and easy to work with, and I did not realize how new it is. I do have some questions that I hope are not too stupid for this list. I installed the vserver on a RH 7.2. I followed the instructions from the documentation. I installed the kernel-2.4.17ctx-7.tar.gz exactly as in the documenation, which seems to work fine, but lilo still wants to boot the original kernel first, so I always have to select the 2.4.17 kernel when booting, how can I get the 2.4.17 to boot first? Next question is about the patches. Was I supposed to patch the kernel? Or was the one I downloaded already patched? Are the patches for people that wish to patch their own kernel, and not use the one distributed? I'm just curious, since I never build a kernel from scratch, or even patched one. Thanks again for the help, I think the vservers are running well except for the sendmail thing, which I will continue to look into. Gregg From vserver.error@solucorp.qc.ca Sat Feb 16 02:02:15 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1G72FAh031546; Sat, 16 Feb 2002 02:02:15 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1G6nkB04548 for vserver.list; Sat, 16 Feb 2002 01:49:46 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from alien.vlad.net (alien.vlad.net [208.236.0.236]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1G6njR04544 for ; Sat, 16 Feb 2002 01:49:45 -0500 Received: from localhost (localhost.localdomain [127.0.0.1]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1G6noAi031469 for ; Sat, 16 Feb 2002 01:49:50 -0500 Date: Sat, 16 Feb 2002 01:49:50 -0500 (EST) From: Vlad To: vserver@solucorp.qc.ca Subject: Re: [vserver] vserver help In-Reply-To: <005d01c1b6ad$36fc5af0$010510ac@gregg> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 131 > I installed the kernel-2.4.17ctx-7.tar.gz exactly as in the documenation, > which seems to work fine, but lilo still wants to boot the original kernel > first, so I always have to select the 2.4.17 kernel when booting, how can I > get the 2.4.17 to boot first? edit your /etc/lilo.conf and make vserver the default; ie default = linux-virtual image=/boot/vmlinuz-2.4.17ctx-7 label=linux-virtual read-only root=/dev/hda1 then just run lilo and it will place a star next to the default kernel I believe. > Was I supposed to patch the kernel? Or was the one I downloaded already > patched? Are the patches for people that wish to patch their own kernel, and > not use the one distributed? I'm just curious, since I never build a kernel > from scratch, or even patched one. You don't have to patch the kernel, you can use the one you downloaded from the web site. It is already patched and compiled for you. If you want to enable some special things then you have to download the kernel source and patch it with the supplied patches. They are all available at the project web site. -Vlad From vserver.error@solucorp.qc.ca Sat Feb 16 12:05:58 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1GH5vAh004046; Sat, 16 Feb 2002 12:05:57 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1GGifj14232 for vserver.list; Sat, 16 Feb 2002 11:44:41 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tux.rsn.bth.se (tux.rsn.bth.se [194.47.143.135]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1GGieR14228 for ; Sat, 16 Feb 2002 11:44:40 -0500 Received: from localhost (gandalf@localhost [127.0.0.1]) by tux.rsn.bth.se (8.12.1/8.12.1/Debian -5) with ESMTP id g1GGiYqA001010 for ; Sat, 16 Feb 2002 17:44:34 +0100 Date: Sat, 16 Feb 2002 17:44:34 +0100 (CET) From: Martin Josefsson X-Sender: gandalf@tux.rsn.bth.se To: vserver@solucorp.qc.ca Subject: [vserver] [PATCH] per vserver socket-listings in /proc Message-ID: X-message-flag: Get yourself a real mail client! http://www.washington.edu/pine/ MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="801277839-1444118976-1013877874=:985" Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 132 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. --801277839-1444118976-1013877874=:985 Content-Type: TEXT/PLAIN; charset=US-ASCII Hi, I've attached a small patch to enable per vserver /proc socket-listings, for example in /proc/net/tcp ... I've added support for unix, ipv4, ipv6 sockets. It's been stable in my testing here but YMMV. /Martin Never argue with an idiot. They drag you down to their level, then beat you with experience. --801277839-1444118976-1013877874=:985 Content-Type: TEXT/PLAIN; charset=US-ASCII; name=vserver-socket-diff Content-Transfer-Encoding: BASE64 Content-ID: Content-Description: Content-Disposition: attachment; filename=vserver-socket-diff ZGlmZiAtdXJOIGxpbnV4Lm9yaWcvaW5jbHVkZS9uZXQvc29jay5oIGxpbnV4 L2luY2x1ZGUvbmV0L3NvY2suaA0KLS0tIGxpbnV4Lm9yaWcvaW5jbHVkZS9u ZXQvc29jay5oCUZyaSBEZWMgMjEgMTg6NDI6MDQgMjAwMQ0KKysrIGxpbnV4 L2luY2x1ZGUvbmV0L3NvY2suaAlTYXQgRmViIDE2IDE1OjI1OjE2IDIwMDIN CkBAIC02NjgsNyArNjY4LDEwIEBADQogDQogCS8qIFJQQyBsYXllciBwcml2 YXRlIGRhdGEgKi8NCiAJdm9pZAkJCSp1c2VyX2RhdGE7DQotICANCisNCisJ LyogQ29udGV4dCBvZiBwcm9jZXNzIGNyZWF0aW5nIHRoaXMgc29ja2V0ICov DQorCWludAkJCXNfY29udGV4dDsNCisNCiAJLyogQ2FsbGJhY2tzICovDQog CXZvaWQJCQkoKnN0YXRlX2NoYW5nZSkoc3RydWN0IHNvY2sgKnNrKTsNCiAJ dm9pZAkJCSgqZGF0YV9yZWFkeSkoc3RydWN0IHNvY2sgKnNrLGludCBieXRl cyk7DQpkaWZmIC11ck4gbGludXgub3JpZy9pbmNsdWRlL25ldC90Y3AuaCBs aW51eC9pbmNsdWRlL25ldC90Y3AuaA0KLS0tIGxpbnV4Lm9yaWcvaW5jbHVk ZS9uZXQvdGNwLmgJVGh1IE5vdiAyMiAyMDo0NzoyMiAyMDAxDQorKysgbGlu dXgvaW5jbHVkZS9uZXQvdGNwLmgJU2F0IEZlYiAxNiAxNjowMDoxMyAyMDAy DQpAQCAtMTkwLDYgKzE5MCw3IEBADQogCXN0cnVjdCBpbjZfYWRkcgkJdjZf ZGFkZHI7DQogCXN0cnVjdCBpbjZfYWRkcgkJdjZfcmN2X3NhZGRyOw0KICNl bmRpZg0KKwlpbnQJCQlzX2NvbnRleHQ7DQogfTsNCiANCiBleHRlcm4ga21l bV9jYWNoZV90ICp0Y3BfdGltZXdhaXRfY2FjaGVwOw0KZGlmZiAtdXJOIGxp bnV4Lm9yaWcvbmV0L2lwdjQvYWZfaW5ldC5jIGxpbnV4L25ldC9pcHY0L2Fm X2luZXQuYw0KLS0tIGxpbnV4Lm9yaWcvbmV0L2lwdjQvYWZfaW5ldC5jCVNh dCBGZWIgMTYgMTY6MzM6NDMgMjAwMg0KKysrIGxpbnV4L25ldC9pcHY0L2Fm X2luZXQuYwlTYXQgRmViIDE2IDE1OjIxOjMyIDIwMDINCkBAIC0zOTMsNiAr MzkzLDggQEANCiAJc2stPnByb3RpbmZvLmFmX2luZXQubWNfaW5kZXgJPSAw Ow0KIAlzay0+cHJvdGluZm8uYWZfaW5ldC5tY19saXN0CT0gTlVMTDsNCiAN CisJc2stPnNfY29udGV4dCA9IGN1cnJlbnQtPnNfY29udGV4dDsNCisNCiAj aWZkZWYgSU5FVF9SRUZDTlRfREVCVUcNCiAJYXRvbWljX2luYygmaW5ldF9z b2NrX25yKTsNCiAjZW5kaWYNCmRpZmYgLXVyTiBsaW51eC5vcmlnL25ldC9p cHY0L3Jhdy5jIGxpbnV4L25ldC9pcHY0L3Jhdy5jDQotLS0gbGludXgub3Jp Zy9uZXQvaXB2NC9yYXcuYwlXZWQgSnVsIDExIDAxOjExOjQzIDIwMDENCisr KyBsaW51eC9uZXQvaXB2NC9yYXcuYwlTYXQgRmViIDE2IDE1OjU0OjQxIDIw MDINCkBAIC02NTcsNyArNjU3LDcgQEANCiAJCXN0cnVjdCBzb2NrICpzazsN CiANCiAJCWZvciAoc2sgPSByYXdfdjRfaHRhYmxlW2ldOyBzazsgc2sgPSBz ay0+bmV4dCwgbnVtKyspIHsNCi0JCQlpZiAoc2stPmZhbWlseSAhPSBQRl9J TkVUKQ0KKwkJCWlmIChzay0+ZmFtaWx5ICE9IFBGX0lORVQgfHwgKGN1cnJl bnQtPnNfY29udGV4dCAhPSAxICYmIHNrLT5zX2NvbnRleHQgIT0gY3VycmVu dC0+c19jb250ZXh0KSkNCiAJCQkJY29udGludWU7DQogCQkJcG9zICs9IDEy ODsNCiAJCQlpZiAocG9zIDw9IG9mZnNldCkNCmRpZmYgLXVyTiBsaW51eC5v cmlnL25ldC9pcHY0L3RjcF9pcHY0LmMgbGludXgvbmV0L2lwdjQvdGNwX2lw djQuYw0KLS0tIGxpbnV4Lm9yaWcvbmV0L2lwdjQvdGNwX2lwdjQuYwlGcmkg RGVjIDIxIDE4OjQyOjA1IDIwMDENCisrKyBsaW51eC9uZXQvaXB2NC90Y3Bf aXB2NC5jCVNhdCBGZWIgMTYgMTY6MDg6MzAgMjAwMg0KQEAgLTIwNzMsNiAr MjA3Myw5IEBADQogCQkJaW50IHVpZDsNCiAJCQlzdHJ1Y3QgdGNwX29wdCAq dHAgPSAmKHNrLT50cF9waW5mby5hZl90Y3ApOw0KIA0KKwkJCWlmIChjdXJy ZW50LT5zX2NvbnRleHQgIT0gMSAmJiBzay0+c19jb250ZXh0ICE9IGN1cnJl bnQtPnNfY29udGV4dCkNCisJCQkJY29udGludWU7DQorCQkJDQogCQkJaWYg KCFUQ1BfSU5FVF9GQU1JTFkoc2stPmZhbWlseSkpDQogCQkJCWdvdG8gc2tp cF9saXN0ZW47DQogDQpAQCAtMjEyNiw3ICsyMTI5LDcgQEANCiANCiAJCXJl YWRfbG9jaygmaGVhZC0+bG9jayk7DQogCQlmb3Ioc2sgPSBoZWFkLT5jaGFp bjsgc2s7IHNrID0gc2stPm5leHQsIG51bSsrKSB7DQotCQkJaWYgKCFUQ1Bf SU5FVF9GQU1JTFkoc2stPmZhbWlseSkpDQorCQkJaWYgKCFUQ1BfSU5FVF9G QU1JTFkoc2stPmZhbWlseSkgfHwgKGN1cnJlbnQtPnNfY29udGV4dCAhPSAx ICYmIHNrLT5zX2NvbnRleHQgIT0gY3VycmVudC0+c19jb250ZXh0KSkNCiAJ CQkJY29udGludWU7DQogCQkJcG9zICs9IFRNUFNaOw0KIAkJCWlmIChwb3Mg PD0gb2Zmc2V0KQ0KQEAgLTIxNDEsNyArMjE0NCw3IEBADQogCQlmb3IgKHR3 ID0gKHN0cnVjdCB0Y3BfdHdfYnVja2V0ICopdGNwX2VoYXNoW2krdGNwX2Vo YXNoX3NpemVdLmNoYWluOw0KIAkJICAgICB0dyAhPSBOVUxMOw0KIAkJICAg ICB0dyA9IChzdHJ1Y3QgdGNwX3R3X2J1Y2tldCAqKXR3LT5uZXh0LCBudW0r Kykgew0KLQkJCWlmICghVENQX0lORVRfRkFNSUxZKHR3LT5mYW1pbHkpKQ0K KwkJCWlmICghVENQX0lORVRfRkFNSUxZKHR3LT5mYW1pbHkpIHx8IChjdXJy ZW50LT5zX2NvbnRleHQgIT0gMSAmJiB0dy0+c19jb250ZXh0ICE9IGN1cnJl bnQtPnNfY29udGV4dCkpDQogCQkJCWNvbnRpbnVlOw0KIAkJCXBvcyArPSBU TVBTWjsNCiAJCQlpZiAocG9zIDw9IG9mZnNldCkNCmRpZmYgLXVyTiBsaW51 eC5vcmlnL25ldC9pcHY0L3RjcF9taW5pc29ja3MuYyBsaW51eC9uZXQvaXB2 NC90Y3BfbWluaXNvY2tzLmMNCi0tLSBsaW51eC5vcmlnL25ldC9pcHY0L3Rj cF9taW5pc29ja3MuYwlNb24gT2N0ICAxIDE4OjE5OjU3IDIwMDENCisrKyBs aW51eC9uZXQvaXB2NC90Y3BfbWluaXNvY2tzLmMJU2F0IEZlYiAxNiAxNjow NzozOCAyMDAyDQpAQCAtMzgxLDYgKzM4MSw4IEBADQogCQl0dy0+dHNfcmVj ZW50X3N0YW1wPSB0cC0+dHNfcmVjZW50X3N0YW1wOw0KIAkJdHctPnBwcmV2 X2RlYXRoID0gTlVMTDsNCiANCisJCXR3LT5zX2NvbnRleHQJPSBzay0+c19j b250ZXh0Ow0KKw0KICNpZiBkZWZpbmVkKENPTkZJR19JUFY2KSB8fCBkZWZp bmVkKENPTkZJR19JUFY2X01PRFVMRSkNCiAJCWlmKHR3LT5mYW1pbHkgPT0g UEZfSU5FVDYpIHsNCiAJCQltZW1jcHkoJnR3LT52Nl9kYWRkciwNCmRpZmYg LXVyTiBsaW51eC5vcmlnL25ldC9pcHY0L3VkcC5jIGxpbnV4L25ldC9pcHY0 L3VkcC5jDQotLS0gbGludXgub3JpZy9uZXQvaXB2NC91ZHAuYwlXZWQgT2N0 IDE3IDIzOjE2OjM5IDIwMDENCisrKyBsaW51eC9uZXQvaXB2NC91ZHAuYwlT YXQgRmViIDE2IDE1OjU1OjIyIDIwMDINCkBAIC05ODMsNyArOTgzLDcgQEAN CiAJCXN0cnVjdCBzb2NrICpzazsNCiANCiAJCWZvciAoc2sgPSB1ZHBfaGFz aFtpXTsgc2s7IHNrID0gc2stPm5leHQsIG51bSsrKSB7DQotCQkJaWYgKHNr LT5mYW1pbHkgIT0gUEZfSU5FVCkNCisJCQlpZiAoc2stPmZhbWlseSAhPSBQ Rl9JTkVUIHx8IChjdXJyZW50LT5zX2NvbnRleHQgIT0gMSAmJiBzay0+c19j b250ZXh0ICE9IGN1cnJlbnQtPnNfY29udGV4dCkpDQogCQkJCWNvbnRpbnVl Ow0KIAkJCXBvcyArPSAxMjg7DQogCQkJaWYgKHBvcyA8PSBvZmZzZXQpDQpk aWZmIC11ck4gbGludXgub3JpZy9uZXQvaXB2Ni9yYXcuYyBsaW51eC9uZXQv aXB2Ni9yYXcuYw0KLS0tIGxpbnV4Lm9yaWcvbmV0L2lwdjYvcmF3LmMJVGh1 IFNlcCAyMCAyMzoxMjo1NiAyMDAxDQorKysgbGludXgvbmV0L2lwdjYvcmF3 LmMJU2F0IEZlYiAxNiAxNjoyMToxOSAyMDAyDQpAQCAtNzk3LDcgKzc5Nyw3 IEBADQogCQlzdHJ1Y3Qgc29jayAqc2s7DQogDQogCQlmb3IgKHNrID0gcmF3 X3Y2X2h0YWJsZVtpXTsgc2s7IHNrID0gc2stPm5leHQsIG51bSsrKSB7DQot CQkJaWYgKHNrLT5mYW1pbHkgIT0gUEZfSU5FVDYpDQorCQkJaWYgKHNrLT5m YW1pbHkgIT0gUEZfSU5FVDYgfHwgKGN1cnJlbnQtPnNfY29udGV4dCAhPSAx ICYmIHNrLT5zX2NvbnRleHQgIT0gY3VycmVudC0+c19jb250ZXh0KSkNCiAJ CQkJY29udGludWU7DQogCQkJcG9zICs9IExJTkVfTEVOKzE7DQogCQkJaWYg KHBvcyA8PSBvZmZzZXQpDQpkaWZmIC11ck4gbGludXgub3JpZy9uZXQvaXB2 Ni90Y3BfaXB2Ni5jIGxpbnV4L25ldC9pcHY2L3RjcF9pcHY2LmMNCi0tLSBs aW51eC5vcmlnL25ldC9pcHY2L3RjcF9pcHY2LmMJRnJpIERlYyAyMSAxODo0 MjowNSAyMDAxDQorKysgbGludXgvbmV0L2lwdjYvdGNwX2lwdjYuYwlTYXQg RmViIDE2IDE2OjIwOjMxIDIwMDINCkBAIC0yMDA1LDcgKzIwMDUsNyBAQA0K IAkJCWludCB1aWQ7DQogCQkJc3RydWN0IHRjcF9vcHQgKnRwID0gJihzay0+ dHBfcGluZm8uYWZfdGNwKTsNCiANCi0JCQlpZiAoc2stPmZhbWlseSAhPSBQ Rl9JTkVUNikNCisJCQlpZiAoc2stPmZhbWlseSAhPSBQRl9JTkVUNiB8fCAo Y3VycmVudC0+c19jb250ZXh0ICE9IDEgJiYgc2stPnNfY29udGV4dCAhPSBj dXJyZW50LT5zX2NvbnRleHQpKQ0KIAkJCQljb250aW51ZTsNCiAJCQlwb3Mg Kz0gTElORV9MRU4rMTsNCiAJCQlpZiAocG9zID49IG9mZnNldCkgew0KQEAg LTIwNTUsNyArMjA1NSw3IEBADQogDQogCQlyZWFkX2xvY2soJmhlYWQtPmxv Y2spOw0KIAkJZm9yKHNrID0gaGVhZC0+Y2hhaW47IHNrOyBzayA9IHNrLT5u ZXh0LCBudW0rKykgew0KLQkJCWlmIChzay0+ZmFtaWx5ICE9IFBGX0lORVQ2 KQ0KKwkJCWlmIChzay0+ZmFtaWx5ICE9IFBGX0lORVQ2IHx8IChjdXJyZW50 LT5zX2NvbnRleHQgIT0gMSAmJiBzay0+c19jb250ZXh0ICE9IGN1cnJlbnQt PnNfY29udGV4dCkpDQogCQkJCWNvbnRpbnVlOw0KIAkJCXBvcyArPSBMSU5F X0xFTisxOw0KIAkJCWlmIChwb3MgPD0gb2Zmc2V0KQ0KQEAgLTIwNzAsNyAr MjA3MCw3IEBADQogCQlmb3IgKHR3ID0gKHN0cnVjdCB0Y3BfdHdfYnVja2V0 ICopdGNwX2VoYXNoW2krdGNwX2VoYXNoX3NpemVdLmNoYWluOw0KIAkJICAg ICB0dyAhPSBOVUxMOw0KIAkJICAgICB0dyA9IChzdHJ1Y3QgdGNwX3R3X2J1 Y2tldCAqKXR3LT5uZXh0LCBudW0rKykgew0KLQkJCWlmICh0dy0+ZmFtaWx5 ICE9IFBGX0lORVQ2KQ0KKwkJCWlmICh0dy0+ZmFtaWx5ICE9IFBGX0lORVQ2 IHx8IChjdXJyZW50LT5zX2NvbnRleHQgIT0gMSAmJiB0dy0+c19jb250ZXh0 ICE9IGN1cnJlbnQtPnNfY29udGV4dCkpDQogCQkJCWNvbnRpbnVlOw0KIAkJ CXBvcyArPSBMSU5FX0xFTisxOw0KIAkJCWlmIChwb3MgPD0gb2Zmc2V0KQ0K ZGlmZiAtdXJOIGxpbnV4Lm9yaWcvbmV0L2lwdjYvdWRwLmMgbGludXgvbmV0 L2lwdjYvdWRwLmMNCi0tLSBsaW51eC5vcmlnL25ldC9pcHY2L3VkcC5jCUZy aSBTZXAgIDcgMjA6MDE6MjEgMjAwMQ0KKysrIGxpbnV4L25ldC9pcHY2L3Vk cC5jCVNhdCBGZWIgMTYgMTY6MjA6NTYgMjAwMg0KQEAgLTk1Miw3ICs5NTIs NyBAQA0KIAkJc3RydWN0IHNvY2sgKnNrOw0KIA0KIAkJZm9yIChzayA9IHVk cF9oYXNoW2ldOyBzazsgc2sgPSBzay0+bmV4dCwgbnVtKyspIHsNCi0JCQlp ZiAoc2stPmZhbWlseSAhPSBQRl9JTkVUNikNCisJCQlpZiAoc2stPmZhbWls eSAhPSBQRl9JTkVUNiB8fCAoY3VycmVudC0+c19jb250ZXh0ICE9IDEgJiYg c2stPnNfY29udGV4dCAhPSBjdXJyZW50LT5zX2NvbnRleHQpKQ0KIAkJCQlj b250aW51ZTsNCiAJCQlwb3MgKz0gTElORV9MRU4rMTsNCiAJCQlpZiAocG9z IDw9IG9mZnNldCkNCmRpZmYgLXVyTiBsaW51eC5vcmlnL25ldC91bml4L2Fm X3VuaXguYyBsaW51eC9uZXQvdW5peC9hZl91bml4LmMNCi0tLSBsaW51eC5v cmlnL25ldC91bml4L2FmX3VuaXguYwlGcmkgRGVjIDIxIDE4OjQyOjA2IDIw MDENCisrKyBsaW51eC9uZXQvdW5peC9hZl91bml4LmMJU2F0IEZlYiAxNiAx NTo1NzozNCAyMDAyDQpAQCAtNDc4LDYgKzQ3OCw4IEBADQogDQogCXNrLT53 cml0ZV9zcGFjZQkJPQl1bml4X3dyaXRlX3NwYWNlOw0KIA0KKwlzay0+c19j b250ZXh0ID0gY3VycmVudC0+c19jb250ZXh0Ow0KKw0KIAlzay0+bWF4X2Fj a19iYWNrbG9nID0gc3lzY3RsX3VuaXhfbWF4X2RncmFtX3FsZW47DQogCXNr LT5kZXN0cnVjdCA9IHVuaXhfc29ja19kZXN0cnVjdG9yOw0KIAlzay0+cHJv dGluZm8uYWZfdW5peC5kZW50cnk9TlVMTDsNCkBAIC0xNzQwLDYgKzE3NDIs OSBAQA0KIAlyZWFkX2xvY2soJnVuaXhfdGFibGVfbG9jayk7DQogCWZvcmFs bF91bml4X3NvY2tldHMgKGkscykNCiAJew0KKwkJaWYgKGN1cnJlbnQtPnNf Y29udGV4dCAhPSAxICYmIHMtPnNfY29udGV4dCAhPSBjdXJyZW50LT5zX2Nv bnRleHQpDQorCQkJY29udGludWU7DQorDQogCQl1bml4X3N0YXRlX3Jsb2Nr KHMpOw0KIA0KIAkJbGVuKz1zcHJpbnRmKGJ1ZmZlcitsZW4sIiVwOiAlMDhY ICUwOFggJTA4WCAlMDRYICUwMlggJTVsZCIsDQo= --801277839-1444118976-1013877874=:985-- From vserver.error@solucorp.qc.ca Sat Feb 16 13:44:03 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1GIi2Ah004525; Sat, 16 Feb 2002 13:44:03 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1GISTu16050 for vserver.list; Sat, 16 Feb 2002 13:28:29 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from anchor-post-33.mail.demon.net (anchor-post-33.mail.demon.net [194.217.242.91]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1GISTR16046 for ; Sat, 16 Feb 2002 13:28:29 -0500 Received: from axis.demon.co.uk ([158.152.18.3] helo=irishsea.home.craig-wood.com) by anchor-post-33.mail.demon.net with esmtp (Exim 3.34 #1) id 16c9ZU-0004ZV-0X for vserver@solucorp.qc.ca; Sat, 16 Feb 2002 18:28:29 +0000 Received: (from ncw@localhost) by irishsea.home.craig-wood.com (8.11.6/8.11.6) id g1GBGuG31022 for vserver@solucorp.qc.ca; Sat, 16 Feb 2002 11:16:56 GMT Date: Sat, 16 Feb 2002 11:16:56 +0000 From: Nick Craig-Wood To: vserver@solucorp.qc.ca Subject: Re: [vserver] RE: Performance, memory, etc Message-ID: <20020216111656.A30792@axis.demon.co.uk> Mail-Followup-To: Nick Craig-Wood , vserver@solucorp.qc.ca References: <20020215171709.baafe21dfd7c@remtk.solucorp.qc.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020215171709.baafe21dfd7c@remtk.solucorp.qc.ca>; from jack@solucorp.qc.ca on Fri, Feb 15, 2002 at 05:17:09PM -0500 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 133 On Fri, Feb 15, 2002 at 05:17:09PM -0500, Jacques Gelinas wrote: > On Fri, 15 Feb 2002 10:58:55 -0500, Sam Vilain wrote > > Jacques Gelinas wrote: > > > > > This is true. One solution would be to have one private loopback per > > > vserver. (127.0.0.N) and translate dynamically from 127.0.0.1 to the > > > vserver one. > > [...] > > > The current ipv4root of the vserver is mapping a bind(0.0.0.0), to a > > > bind(ip-of-the-vserver). After this little modification in the kernel, > > > the rest of the kernel simply work as usual. > > > > Just a thought, perhaps changing any call to bind(127.0.0.0/8) to > > bind(ip_root) would be a nice quick hack; > > > > +++ net/ipv4/af_inet.c.orig Fri Feb 15 10:31:16 2002 > > @@ -489,7 +489,7 @@ > > s_addr = addr->sin_addr.s_addr; > > if (current->ipv4root != 0){ > > // printk ("ipv4root0 %08lx %08x\n",current->ipv4root,s_addr); > > - if (s_addr == 0 || (s_addr>>24 & 0xFF) == 127 ){ > > + if (s_addr == 0){ > > s_addr = current->ipv4root; > > }else if (s_addr != current->ipv4root){ > > return -EADDRNOTAVAIL; > > > > Is this breaking network sanity too much? :-) > > Maybe. > > If you bind on 127.0.0.1, you do this to tell apart private connection > public connection. Now just by binding to 127.0.0.1, you end up opening > to the world. While not such a big issue, if an application relies/expects this > behavior, their security model is screwed. Indeed. I propose a slight modification to the 127.0.0.N idea proposed earlier - if the ipv4root is a.b.c.d then use 127.b.c.d as the localhost address - this makes the code easier (one less thing to keep track of). if (s_addr == 0){ s_addr = current->ipv4root; }else if ((s_addr>>24 & 0xFF) == 127 ){ s_addr = (current->ipv4root & 0x00FFFFFF) | 0x7F000000; }else if (s_addr != current->ipv4root){ return -EADDRNOTAVAIL; Note that the localhost is usually defined as 127.0.0.1/8 (ie a network and you can ping 127.0.0.2 and get a reply) so you might need to re-ifconfig it as 127.0.0.1/32 and ifconfig seperate 127.b.c.d/32's for each vserver to stop the vservers being able to speak to each others 127.x.y.z addresses - I'm not sure I haven't tried it. -- Nick Craig-Wood From vserver.error@solucorp.qc.ca Sat Feb 16 14:18:10 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1GJI9Ah004722; Sat, 16 Feb 2002 14:18:10 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1GJ2qI16680 for vserver.list; Sat, 16 Feb 2002 14:02:52 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from actmail.com (actmail.com [209.221.151.8]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1GJ2pR16676 for ; Sat, 16 Feb 2002 14:02:51 -0500 Received: from gollum.actmail.com [12.230.128.123] by actmail.com with ESMTP (SMTPD32-6.06) id A3C24BD0450; Sat, 16 Feb 2002 11:32:18 -0800 Message-Id: <5.1.0.14.2.20020216105939.031c89f8@pop.actmail.com> X-Sender: rogerw@actmail.com@pop.actmail.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Sat, 16 Feb 2002 11:03:45 -0800 To: vserver@solucorp.qc.ca From: Roger Weiss Subject: [vserver] Multiple IP per virtual server In-Reply-To: <20020209203314.150a9556.chth@gmx.net> References: <20020208220953.7da211c5c377@remtk.solucorp.qc.ca> <20020208220953.7da211c5c377@remtk.solucorp.qc.ca> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 134 We are looking at running the Plesk control panel on a virtual server. While Plesk uses a single IP (name based virtual hosting) if one wants a domain to have it's own SSL certificate it needs a separate IP address. Any way of doing this with a virtual server? ::Roger From vserver.error@solucorp.qc.ca Sat Feb 16 20:11:41 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1H1BeAh006860; Sat, 16 Feb 2002 20:11:41 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1H0j8522141 for vserver.list; Sat, 16 Feb 2002 19:45:08 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tincan.org ([216.64.180.202]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1H0j7R22136 for ; Sat, 16 Feb 2002 19:45:07 -0500 Received: from localhost (raanders@localhost) by tincan.org (8.9.3/8.8.7) with ESMTP id QAA16497 for ; Sat, 16 Feb 2002 16:44:59 -0800 Date: Sat, 16 Feb 2002 16:44:59 -0800 (PST) From: "Roderick A. Anderson" To: vserver@solucorp.qc.ca Subject: RE: [vserver] newvserver and existing directory In-Reply-To: <002801c1b683$17d9df50$87b601d5@johnnew> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 135 On Sat, 16 Feb 2002, John Lyons wrote: > > > problem is. Maybe unify won't work on separate partitions. > > >From the changelog > "The /usr/lib/vserver/vbuild utility has been enhanced to stay in one file > system only." > > I don't know whether this is the cause of the problem but it's certianly > worth investigating further. I did some further research and found if I don't use unify it installs - semi. I gave anotehr vserver as the template and it put most of the server in a subdirectory by the name of the template server. I think I can sort this out. Rod -- Let Accuracy Triumph Over Victory Zetetic Institute "David's Sling" Marc Stiegler From vserver.error@solucorp.qc.ca Mon Feb 18 11:24:37 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1IGOVAh016894; Mon, 18 Feb 2002 11:24:33 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1IG3gv32333 for vserver.list; Mon, 18 Feb 2002 11:03:42 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from s1.uklinux.net (mail.uklinux.net [80.84.72.21]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1IG3dR32329 for ; Mon, 18 Feb 2002 11:03:40 -0500 Received: from localhost (lance@localhost) by s1.uklinux.net (8.11.6/8.11.6) with ESMTP id g1IG3Ye07066 for ; Mon, 18 Feb 2002 16:03:35 GMT Envelope-To: Date: Mon, 18 Feb 2002 16:03:31 +0000 (GMT) From: lance To: Vserver mailing list Subject: [vserver] vserver questions Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 136 I've just installed the latest version of vserver (0.10 with kernel 2.4.17 ctx-7 ) and have a couple of questions :) Firstly using the default creation method for the vserver - vserver xxx build neither 'w' nor 'last' work unless you touch /var/run/utmp and /var/log/wtmp ??? Is this a design feature or just an ommission ?? 2. If you enter the vserver using vserver xxx enter, then the connection doesnt show up in 'w' ?? 3. running netstat in the verserver shows all of the ports, not just those bound to the vserver ??? even though :- Network device: A vserver can only see the network device associated with its ipv4 root. Regards Lance From vserver.error@solucorp.qc.ca Mon Feb 18 11:36:38 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1IGaWAh017037; Mon, 18 Feb 2002 11:36:34 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1IGN7I32719 for vserver.list; Mon, 18 Feb 2002 11:23:07 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from n010095.nbs.netland.nl (fw-office.netland.nl [217.170.32.40]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1IGN6R32715 for ; Mon, 18 Feb 2002 11:23:06 -0500 Received: from office.netland.nl (ts.office.netland.nl [192.168.170.55]) by n010095.nbs.netland.nl (8.11.0/8.11.0) with ESMTP id g1IGN6907731 for ; Mon, 18 Feb 2002 17:23:06 +0100 Message-ID: <3C712A6A.6040802@office.netland.nl> Date: Mon, 18 Feb 2002 17:23:06 +0100 From: Ron Arts Organization: Netland Internet Services BV User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.6) Gecko/20011120 X-Accept-Language: nl, en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] vserver help References: <001c01c1b677$f4ed2430$87b601d5@johnnew> <005d01c1b6ad$36fc5af0$010510ac@gregg> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 137 Gregg: > > Actually, that is the entire message sendmail is giving me, nothing else. > It's the same message it writes in maillog > sendmail[2458]: rejecting new messages: min free: 100 > That part I haven't figured out yet. > Off topic, but: this message means you don't have enough diskspace in /var/spool/mqueue (100 means 100 blocks, and a block will probably be 1K on your system) Sendmail will not accept email if it can't store them in the mailqueue. Either give it more space or (not advisable) lower the option: # minimum number of free blocks on filesystem O MinFreeBlocks=100 in /etc/sendmail.cf Ron -- Netland Internet Services bedrijfsmatige internetoplossingen http://www.netland.nl Kruislaan 419 1098 VA Amsterdam info: 020-5628282 servicedesk: 020-5628280 fax: 020-5628281 From vserver.error@solucorp.qc.ca Mon Feb 18 21:14:37 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1J2EZAh020940; Mon, 18 Feb 2002 21:14:36 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1J1tmj11462 for vserver.list; Mon, 18 Feb 2002 20:55:48 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtp-send.myrealbox.com (smtp-send.myrealbox.com [192.108.102.143]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1J1tmR11458 for ; Mon, 18 Feb 2002 20:55:48 -0500 Received: from dad kgehring@smtp-send.myrealbox.com [207.34.100.242] by smtp-send.myrealbox.com with Novell NIMS $Revision: 2.88 $ on Novell NetWare; Mon, 18 Feb 2002 18:55:35 -0700 Message-ID: <000b01c1b8e8$9c130460$0100a8c0@dad> From: "Ken Gehring" To: References: <041301c1b278$acd0a8a0$8201a8c0@iris> Subject: [vserver] Vserver and wlan Date: Mon, 18 Feb 2002 18:56:02 -0700 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0008_01C1B8AD.E95B1CC0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 138 This is a multi-part message in MIME format. ------=_NextPart_000_0008_01C1B8AD.E95B1CC0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Has anyone tried to get the vserver working with a wireless lan (wlan)? I keep getting "Can't set ipv4 root" Any ideas or suggestions? Ken ------=_NextPart_000_0008_01C1B8AD.E95B1CC0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Has anyone tried to get the vserver = working with a=20 wireless lan (wlan)?
 
I keep getting "Can't set ipv4 = root"
 
Any ideas or suggestions?
 
Ken
 
------=_NextPart_000_0008_01C1B8AD.E95B1CC0-- From vserver.error@solucorp.qc.ca Tue Feb 19 09:48:17 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1JEmGAh027589; Tue, 19 Feb 2002 09:48:16 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1JEMFW24687 for vserver.list; Tue, 19 Feb 2002 09:22:15 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1JEMDR24683 for ; Tue, 19 Feb 2002 09:22:14 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id 8ECF61000 for ; Tue, 19 Feb 2002 15:22:01 +0100 (CET) Subject: [vserver] man pages From: klavs klavsen To: Vserver Mailinglist Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-TiMyM98DMXeaw4Pinou6" X-Mailer: Evolution/1.0.2 Date: 19 Feb 2002 15:22:00 +0100 Message-Id: <1014128521.1649.34.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 139 --=-TiMyM98DMXeaw4Pinou6 Content-Type: multipart/mixed; boundary="=-wiU1HncxnNq1MtZhALsg" --=-wiU1HncxnNq1MtZhALsg Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi guys, I'm in the process of writing man pages for the vserver programs, as I rather enjoy man pages, and would very much like to have them for my own use. If you'd like, I hope they can get included into the vserver programs package. I've written the first, of chcontext, and I hoped you would look it over and comment, before I continue. --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-wiU1HncxnNq1MtZhALsg Content-Type: application/x-bzip Content-Disposition: attachment; filename=chcontext.8.bz2 Content-Transfer-Encoding: base64 QlpoOTFBWSZTWdnai8MAASVfgANQcefgF/9v3+6////gUAVb0ccHXZCmtLGbrqEkgTRMCTJ6Ceoj TTTEZNGgyGnqAxA1MptMUaU9qaINDQAAAA0AAASmhE00CCnqnptTakzU0xDQANDJk09Q2ocwJiaD CZMmTIwmCaaZGJgCGASJTCCGmqejFDR6IMgDQBo0HqAepIE/nqez4U7pDJJmXht3T+004K3scbtR 6pIf3rYU0YjBhaNLz0YggSzpDCuc6AbBum9mnLD1zQ22vu3d+J5UobknE19Dk8J6jiOiKRpt3QUV BzqtBD+60zMLQFN5tBOke07u17y4hXxRbFO6XveqF/qndMFTCsY/B3qWrJK1eyVEPh460PQqeknc YK2xo1NTCqBCrDQUEC0QrGqE17rHDXBR+2rMKc1zmYyaq8FBVWQtIOk3qSFrtMjYDSVioCckIoFK KOuBUSEnfEbtOUrDlKdwMhGayoKZQMvnq976F2vKpChCJwmFzXX40U0q9hPlLffjwfkQoEXudmkU bKX2SHKpnDPV0cPSkLKBYUZ8uP/Erywy0+EK8qon09zuXn7Hud70D4U2Y+O9IIx6dUiGwlxrk7i7 dlLSgc7s5HybcczQ3HfIeBUVfdx13Qsrc4mxo4NaDvgwN1f0oyf/I92FRR2xs0BnQMh2mjM+0wcg 1Qeb2OlptboArdaTbCLZ/jWQgoFBmh6ov1SW9JjOoF0WiPt+/T7BuX4O5h5151LpLQzMg5pi66oH g3Qot80fabZw8aEoxdmr5k1KIEyZHrzgkYwmCdeGtCY73sQyMYxfPLEJhgA17xasIL3PS2cPqqc0 phyWsgPgVCV3HrkKm0Hv57sZF6rfeWeKYqMxBjabA6Yg4taQ2DbZOMQgv+ruySEBycHTJCF59bkY dd+RhlTZUyzx06jcoOuDnrH6UmnBMW4uQmjHthmuhdDJ8tJK52KqiNCxMEv5BGmMMpNNBjtbGt5j N3PI45trp5yj5eW+mFcEWxXqLyS7mb23jnHekqrcOxhjIzNXhbzWUimpGDtVAkI1q5AqbS0j6ANw rIjwosg2fokmSVZ6bsudePQ2OXHhA8pmdmPuTITJD5u4iEkhdJN8emt+wlqkniOvPmN0wmth1VJG ijjGnxTrMcVhWREO8r6LEzMzAypp2vckLfn33zKM4DiQmdccTUeeRWTs7IhCY+Q6g4BuNZ5biwwg vNpJK8bR2XmCrK1noJWSpNRyu2Bv5DJwwbAKXdCII58dKtLNj7sc2oIo46f0LJAl+Ly0CCjwJyM+ eiQlSStEwkM6IJ3VsgRdRFGEv5MikpwWCE5BbMmXHy90GRlqBwmdbUQ3a+F6knYgWaWFPFx4PUXs kdrCVO26SMWjVPC2FZHzhjnbYPtnbXNaDfpai9wEtRoVrydGqqM3yC/y4M8EvQXCu5709kuhsEyH RIWWDOdYVEW8W9zCdxX57M2MghMHJrZTtW8HWZajUW2BR4Z0hPasi+NKSncHRuhy+mErhxNcDSy+ hpZnITlaaAkyTM0B1WxxsKLMllE+W/kmGjTd0hsaJbsC8UN0kM0zF0cUSx2IIqp16dTFAAlsflMR JmmUISjskSKIFQxSRrYQmqTyB1cGm4KBsrWyRfFJa9xhxWll8QVhWa86ftsJ1hTthI1OvikZnzm5 SWfddxRcrKmMFBZKLLvazAOBGxydUtzUWtss0bC+QJXZgelb3ONLJ9Rs/4u5IpwoSGztReGA --=-wiU1HncxnNq1MtZhALsg-- --=-TiMyM98DMXeaw4Pinou6 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8cl+I4c1kHlhtW8oRAkKbAJ9hf1+bjIQP6j4zmtrglPgbQ4Ha4gCePDwu eJ/DzbaZlq6X5t2Zu7WMHfY= =wMiN -----END PGP SIGNATURE----- --=-TiMyM98DMXeaw4Pinou6-- From vserver.error@solucorp.qc.ca Tue Feb 19 12:15:12 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1JHFBAh028817; Tue, 19 Feb 2002 12:15:12 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1JGv2Z27744 for vserver.list; Tue, 19 Feb 2002 11:57:02 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1JGv0R27740 for ; Tue, 19 Feb 2002 11:57:01 -0500 Received: from tpx20.vsen.dk (unknown [192.168.1.50]) by www.vsen.dk (Postfix) with ESMTP id C69B91000 for ; Tue, 19 Feb 2002 17:56:57 +0100 (CET) Subject: [vserver] precompiled vserver kernels From: Klavs Klavsen To: vserver@solucorp.qc.ca Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-EDIsMImqgl88HKEuAJ34" X-Mailer: Evolution/1.0.2 Date: 19 Feb 2002 18:56:46 +0100 Message-Id: <1014141417.1299.13.camel@tpx20.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 140 --=-EDIsMImqgl88HKEuAJ34 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi guys, I just downloaded one of your precompiled kernels. The one I got a hold of, was missing the /boot/System.map-2.4.17ctx-7 file, which is what makes programs like lsof work. Is it just a mishap, or is there an idea behind it? --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-EDIsMImqgl88HKEuAJ34 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8cpHe4c1kHlhtW8oRAgBsAJ9OGxLcW5wHPaio9TgTuvpuAaRFzACePAI0 UWj6dNdu4Xrf65bRPgKpngI= =2qIt -----END PGP SIGNATURE----- --=-EDIsMImqgl88HKEuAJ34-- From vserver.error@solucorp.qc.ca Tue Feb 19 14:48:12 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1JJmBAh030317; Tue, 19 Feb 2002 14:48:12 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1JJXpk31080 for vserver.list; Tue, 19 Feb 2002 14:33:51 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from lakemtao02.cox.net (mtao2.east.cox.net [68.1.17.243]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1JJXpR31076 for ; Tue, 19 Feb 2002 14:33:51 -0500 Received: from gregg ([68.3.68.74]) by lakemtao02.cox.net (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with SMTP id <20020219193351.OQTF6405.lakemtao02.cox.net@gregg> for ; Tue, 19 Feb 2002 14:33:51 -0500 Message-ID: <028501c1b97c$5decd550$010510ac@gregg> From: "Gregg" To: References: <001c01c1b677$f4ed2430$87b601d5@johnnew> <005d01c1b6ad$36fc5af0$010510ac@gregg> <3C712A6A.6040802@office.netland.nl> Subject: Re: [vserver] vserver help Date: Tue, 19 Feb 2002 12:33:54 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 141 > Off topic, but: > > this message means you don't have enough diskspace in /var/spool/mqueue > (100 means 100 blocks, and a block will probably be 1K on your system) > Sendmail will not accept email if it can't store them in the mailqueue. > > Either give it more space or (not advisable) lower the option: > > # minimum number of free blocks on filesystem > O MinFreeBlocks=100 > > in /etc/sendmail.cf I think that was it, it's accepting email now! I don't know why I didn't think of that. Thanks. From vserver.error@solucorp.qc.ca Wed Feb 20 01:00:52 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1K60oAh021309; Wed, 20 Feb 2002 01:00:51 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1K5baC09788 for vserver.list; Wed, 20 Feb 2002 00:37:36 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1K5baR09784 for ; Wed, 20 Feb 2002 00:37:36 -0500 Received: from remtk.solucorp.qc.ca (g39-185.citenet.net [206.123.39.185]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g1K5eW683080 for ; Wed, 20 Feb 2002 00:40:32 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g1K5Z7k04834 for vserver@solucorp.qc.ca; Wed, 20 Feb 2002 00:35:07 -0500 From: Jacques Gelinas Date: Wed, 20 Feb 2002 00:35:07 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] man pages X-mailer: tlmpmail 0.1 Message-ID: <20020220003507.ee2fea109780@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 142 On Tue, 19 Feb 2002 15:22:00 -0500, klavs klavsen wrote > Hi guys, > > I'm in the process of writing man pages for the vserver programs, as I > rather enjoy man pages, and would very much like to have them for my own > use. > > If you'd like, I hope they can get included into the vserver programs > package. > > I've written the first, of chcontext, and I hoped you would look it over > and comment, before I continue. Yes go ahead. The first page sounds ok to me. It will go in the package. Thanks a lot! --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Wed Feb 20 01:00:58 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1K60vAh021313; Wed, 20 Feb 2002 01:00:58 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1K5bYI09782 for vserver.list; Wed, 20 Feb 2002 00:37:34 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1K5bYR09778 for ; Wed, 20 Feb 2002 00:37:34 -0500 Received: from remtk.solucorp.qc.ca (g39-185.citenet.net [206.123.39.185]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g1K5eU683077 for ; Wed, 20 Feb 2002 00:40:30 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g1K5ank04836 for vserver@solucorp.qc.ca; Wed, 20 Feb 2002 00:36:49 -0500 From: Jacques Gelinas Date: Wed, 20 Feb 2002 00:36:49 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] precompiled vserver kernels X-mailer: tlmpmail 0.1 Message-ID: <20020220003649.d89ed9bf9b6a@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 143 On Tue, 19 Feb 2002 18:56:46 -0500, Klavs Klavsen wrote > Hi guys, > > I just downloaded one of your precompiled kernels. > > The one I got a hold of, was missing the /boot/System.map-2.4.17ctx-7 > file, which is what makes programs like lsof work. > > Is it just a mishap, or is there an idea behind it? I must admit I never use lsof or utility relying on the map. I will include it in the next release. I tought utility like lsof were relying on /proc/*/fd --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Wed Feb 20 01:18:39 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1K6IXAh021413; Wed, 20 Feb 2002 01:18:35 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1K5ukl10451 for vserver.list; Wed, 20 Feb 2002 00:56:46 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from sokol.paradigm4.com.au ([202.45.126.119]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g1K5ujR10447 for ; Wed, 20 Feb 2002 00:56:45 -0500 Received: (qmail 2147 invoked from network); 20 Feb 2002 06:00:20 -0000 Received: from d2.paradigm4.com.au (HELO mail.DigitalAngel.com.au) (202.45.126.111) by mx1.paradigm4.com.au with SMTP; 20 Feb 2002 06:00:20 -0000 Received: (qmail 27775 invoked from network); 20 Feb 2002 05:59:40 -0000 Received: from charley.home (HELO charlie) (10.0.0.4) by stanley.home with SMTP; 20 Feb 2002 05:59:40 -0000 From: edward@paradigm4.com.au Organization: Paradigm4 To: vserver@solucorp.qc.ca Date: Wed, 20 Feb 2002 17:13:04 +1100 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: re: [vserver] precompiled vserver kernels Message-ID: <3C73D920.13245.C2CC86@localhost> Priority: normal In-reply-to: <20020220003649.d89ed9bf9b6a@remtk.solucorp.qc.ca> X-mailer: Pegasus Mail for Win32 (v3.12c) Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 144 /boot/System.map ( or whatever you specify on the command line ) is used by klogd as well, when it starts up. On Wednesday, 20 February 2002 at 0:36, Jacques Gelinas wrote: > On Tue, 19 Feb 2002 18:56:46 -0500, Klavs Klavsen wrote > > Hi guys, > > > > I just downloaded one of your precompiled kernels. > > > > The one I got a hold of, was missing the /boot/System.map-2.4.17ctx-7 > > file, which is what makes programs like lsof work. > > > > Is it just a mishap, or is there an idea behind it? > > I must admit I never use lsof or utility relying on the map. I will include > it in the next release. I tought utility like lsof were relying on /proc/*/fd > > > --------------------------------------------------------- > Jacques Gelinas > vserver: run general purpose virtual servers on one box, full speed! > http://www.solucorp.qc.ca/miscprj/s_context.hc > From vserver.error@solucorp.qc.ca Wed Feb 20 12:55:54 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1KHtsAh028085; Wed, 20 Feb 2002 12:55:54 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1KHZ6f24282 for vserver.list; Wed, 20 Feb 2002 12:35:06 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1KHZ5R24278 for ; Wed, 20 Feb 2002 12:35:05 -0500 Received: from remtk.solucorp.qc.ca (g36-87.citenet.net [206.123.36.87]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g1KHc8616413 for ; Wed, 20 Feb 2002 12:38:08 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g1KH7ke05737 for vserver@solucorp.qc.ca; Wed, 20 Feb 2002 12:07:46 -0500 From: Jacques Gelinas Date: Wed, 20 Feb 2002 12:07:46 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] Kill script X-mailer: tlmpmail 0.1 Message-ID: <20020220120746.e5f05d1661aa@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 145 On Wed, 6 Feb 2002 19:39:58 -0500, Philip Snyder wrote > Here's something I hacked together. By no means does it encompass the > entire wealth of the kill command... but it makes killing a process in > context much more straight forward. Hope someone else finds this of use > as well. Will add multiple process & signal support soon. This is nice. I have included it in the package and update the documentation on the web. Now, it is possible to add the following features without argument, it reports its usage. Currently, it fails with some perl errors. Support multiple processes in a loop so we can kill several processes at once. Support an optional signal. Thanks! --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Wed Feb 20 15:19:57 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1KKJvAh029305; Wed, 20 Feb 2002 15:19:57 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1KK6IE27375 for vserver.list; Wed, 20 Feb 2002 15:06:18 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1KK6IR27371 for ; Wed, 20 Feb 2002 15:06:18 -0500 Received: from remtk.solucorp.qc.ca (g39-8.citenet.net [206.123.39.8]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g1KK9J629096 for ; Wed, 20 Feb 2002 15:09:20 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g1KJiA306721 for vserver@solucorp.qc.ca; Wed, 20 Feb 2002 14:44:10 -0500 From: Jacques Gelinas Date: Wed, 20 Feb 2002 14:44:10 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] Vserver and wlan X-mailer: tlmpmail 0.1 Message-ID: <20020220144410.2b9128ee6919@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 146 On Mon, 18 Feb 2002 18:56:02 -0500, Ken Gehring wrote > Has anyone tried to get the vserver working with a wireless lan (wlan)? > > I keep getting "Can't set ipv4 root" Have you installed/reboot the proper kernel. The set_ipv4root always succeed. I mean you can do /usr/sbin/chbind --ip 1.2.3.4 /bin/sh and it will work. It is unrelated to the network device. The system call simply copy the address whatever it is. It does not check if this address correspond to a valid network interface at all (but if it does not match, the process and childing bound to this address won't be able to use IP networking at all). --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Wed Feb 20 15:19:58 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1KKJvAh029304; Wed, 20 Feb 2002 15:19:57 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1KK68r27358 for vserver.list; Wed, 20 Feb 2002 15:06:08 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1KK68R27354 for ; Wed, 20 Feb 2002 15:06:08 -0500 Received: from remtk.solucorp.qc.ca (g39-8.citenet.net [206.123.39.8]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g1KK9B629072 for ; Wed, 20 Feb 2002 15:09:11 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g1KK2kx06741 for vserver@solucorp.qc.ca; Wed, 20 Feb 2002 15:02:46 -0500 From: Jacques Gelinas Date: Wed, 20 Feb 2002 15:02:46 -0500 To: vserver@solucorp.qc.ca Subject: Re: [vserver] Vserver and /var/run X-mailer: tlmpmail 0.1 Message-ID: <20020220150246.8e34ba6ff1c3@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 147 On Tue, 12 Feb 2002 12:32:39 -0500, Ron Arts wrote > By the way, I replaced both instances with > > find /var/run/ -name \*.pid -exec rm -f {} \; I changed this to rm -f `find var/run -type f` touch var/run/utmp > Also changed `sleep 2` into `sleep 5` when stopping > vservers. 2 seconds weas not enough for my MySQL setup. I have changed that to sleep 5. Are you using fakeinit ? (per vserver init process) --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Wed Feb 20 15:20:01 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1KKK0Ah029312; Wed, 20 Feb 2002 15:20:00 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1KK6Om27381 for vserver.list; Wed, 20 Feb 2002 15:06:24 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1KK6OR27377 for ; Wed, 20 Feb 2002 15:06:24 -0500 Received: from remtk.solucorp.qc.ca (g39-8.citenet.net [206.123.39.8]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g1KK9R629122 for ; Wed, 20 Feb 2002 15:09:27 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g1KK57H06743 for vserver@solucorp.qc.ca; Wed, 20 Feb 2002 15:05:07 -0500 From: Jacques Gelinas Date: Wed, 20 Feb 2002 15:05:07 -0500 To: vserver@solucorp.qc.ca Subject: RE: [vserver] shrink wrap it X-mailer: tlmpmail 0.1 Message-ID: <20020220150507.c894b0db052f@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 148 On Sun, 10 Feb 2002 16:52:14 -0500, klavs klavsen wrote > btw. can or will vserver be implemented in the standard kernel source > tree? that would expand it's knowledge and usage to a much broader > user-base and just like it did for ReiserFS help the project gain > developers and bug-hunters. Are there any reasons why vserver should not > be a part of the standard kernel source? I don't know so much about > this, only know what I can read from LWN and such. This is the goal, but we are still find new stuff to add/enhance. More milage is needed imho. But for sure, I see this technology as almost mandatory in any linux installation :-) --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Wed Feb 20 15:20:56 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1KKKtAh029336; Wed, 20 Feb 2002 15:20:55 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1KK6U727405 for vserver.list; Wed, 20 Feb 2002 15:06:30 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1KK6UR27401 for ; Wed, 20 Feb 2002 15:06:30 -0500 Received: from remtk.solucorp.qc.ca (g39-8.citenet.net [206.123.39.8]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g1KK9X629141 for ; Wed, 20 Feb 2002 15:09:33 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g1KIXl806676 for vserver@solucorp.qc.ca; Wed, 20 Feb 2002 13:33:47 -0500 From: Jacques Gelinas Date: Wed, 20 Feb 2002 13:33:47 -0500 To: vserver@solucorp.qc.ca Subject: [vserver] vservers inside vservers, multiple IP X-mailer: tlmpmail 0.1 Message-ID: <20020220133347.efe1321e47f4@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 149 On Sat, 9 Feb 2002 20:33:14 -0500, Christian wrote > binding more than one ip is often needed for Proxy-Servers, > Backside-Databases, Maintainance-Networks, Intranets which usually reside > on another nic and dummy devices are just a workaround like using > iptables/NAT currently. I dont think that the 'single-device' is a > flexible idea. My idea was that there are two (or maybe more.. but a small > static amount) of ip/mask pairs, the first ip is the default ip whcih is > used for bind(0.0.0.0) but all other ips which are match the masked ip are > bindable too. additionally a nested chbind within a vserver can be used to > constrain the ip/ranges further (i didnt tested recently if recursive > vservers work .. would be fine either). Nest vserver do not work for now because of the lock flag in the new_s_context system call. The idea is that many resources will be constrained on a per vserver (per security context in fact) basis. The lock flag prevent a process in a given security context to "hide" itself in another security context. But if you remove the lock flag (in the configuration file), a vserver inside a vserver is possible and will provide the same level of performance. The chbind system call has also its limitation. Once you have chbind to one IP, you are not allowed to select another, except for root in security context 0. Now, this idea of a vserver inside a vserver is introducing a nice solution. I have already talked about the concept of vserver instance. As a recap, the concept is to have several copies of a vserver running side by side. One is the production server, the other is a backup vserver (old version of the service), and few others are test vservers. With unification, one can easily create a new copy of a vserver for test purpose. For example, you have this internet project running on a vserver. You have many many cgi/php/perl stuff running there. It works for several months. Lately have reworked the whole project and did many changes here and there. New SQL schema, new scripts, new apache version and so on. Rollout time. Using vservere, you can clone the production server in one minute, then install your new version and test it out. Once you have iron out all the installation and automated it, you clone stop the production server, rename it to backup, clone it and apply your updates. you start this new vserver as the new production server. All this is fine and I suspect many will start using vservers like this to apply large updates in a controlled way. But there is a flaw. You must be root in the root server to do this. Now if we apply your idea, we could end up with a virtual root server, having the ability to create new vservers and assign some IPs, out of a fixed list. Now there are some problems with unification since a vserver is not allowed to operate on immutable bit (by default, configurable). The solution here would be to grant the first vserver (the virtual root vserver) the right to play with immutable bit, but the this vserver would not use unification. Anyone interest in this concept of multiple-vserver-instances or vservers managed by vservers ? It sounds way cool --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Wed Feb 20 15:21:02 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1KKL2Ah029340; Wed, 20 Feb 2002 15:21:02 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1KK6Rd27393 for vserver.list; Wed, 20 Feb 2002 15:06:27 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1KK6QR27389 for ; Wed, 20 Feb 2002 15:06:26 -0500 Received: from remtk.solucorp.qc.ca (g39-8.citenet.net [206.123.39.8]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g1KK9U629135 for ; Wed, 20 Feb 2002 15:09:30 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g1KJZcM06716 for vserver@solucorp.qc.ca; Wed, 20 Feb 2002 14:35:38 -0500 From: Jacques Gelinas Date: Wed, 20 Feb 2002 14:35:38 -0500 To: vserver@solucorp.qc.ca Subject: [vserver] many services - 1 IP. X-mailer: tlmpmail 0.1 Message-ID: <20020220143538.8a7dfaf8db68@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 150 On Fri, 15 Feb 2002 15:05:45 -0500, klavs klavsen wrote > > And yeah, thats correct. You can use chroot within the virtual server, and > > you can do it securely. There was a bug where you could use chroot > > within vserver to escape out of the vserver and back into the root server. > > That has been fixed for a while. ;) > but chroot is still buggy (even if it's running under a vserver) so that > one could break out of a chroot jail and get to other services on the > same vserver? chroot is generally used like that if (fork()==0){ chroot ("/somedir"); setuid (some_user); do the task } chroot is only usable by root. Just using chroot to isolate a root process is indeed not powerful enough. Forget about the chroot. If the intruder is root, he can do a lot to the machine (reboot it, halt it) without breaking the chroot. bind in newer distribution runs as user named. So combining the special user ID + chroot is very robust. the issue of chroot and vserver was important because a vserver has to allow root process inside the vserver and as such has to allow chroot system call in many cases. But in general, to jail a process using chroot, you switch to another user ID. then chroot is reliable and robust. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Wed Feb 20 15:22:02 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1KKM1Ah029344; Wed, 20 Feb 2002 15:22:01 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1KK6P627387 for vserver.list; Wed, 20 Feb 2002 15:06:25 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1KK6PR27383 for ; Wed, 20 Feb 2002 15:06:25 -0500 Received: from remtk.solucorp.qc.ca (g39-8.citenet.net [206.123.39.8]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g1KK9T629126 for ; Wed, 20 Feb 2002 15:09:29 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g1KJqUq06730 for vserver@solucorp.qc.ca; Wed, 20 Feb 2002 14:52:30 -0500 From: Jacques Gelinas Date: Wed, 20 Feb 2002 14:52:30 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] vserver questions X-mailer: tlmpmail 0.1 Message-ID: <20020220145230.114f7623c475@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 151 On Mon, 18 Feb 2002 16:03:31 -0500, lance wrote > > I've just installed the latest version of vserver (0.10 with kernel > 2.4.17 ctx-7 ) and have a couple of questions :) > > Firstly using the default creation method for the vserver - vserver xxx > build > > neither 'w' nor 'last' work unless you touch /var/run/utmp and > /var/log/wtmp ??? Is this a design feature or just an ommission ?? Ommission, feature. I can add this. /var/run/utmp will be re-created empty when you start the vserver. > 2. If you enter the vserver using vserver xxx enter, then the connection > doesnt show up in 'w' ?? Yes this is right. This is not really a login. It is a way to enter a vserver without relying on any service. > 3. running netstat in the verserver shows all of the ports, not just those > bound to the vserver ??? Yes. This will be solved by a replacement to /proc using a less verbose version of /proc, called vproc. > even though :- Network device: A vserver can only see the network device > associated with its ipv4 root. Yes, this is work in progress :-) --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Wed Feb 20 15:23:53 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1KKNrAh029349; Wed, 20 Feb 2002 15:23:53 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1KK6FY27369 for vserver.list; Wed, 20 Feb 2002 15:06:15 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1KK6ER27365 for ; Wed, 20 Feb 2002 15:06:14 -0500 Received: from remtk.solucorp.qc.ca (g39-8.citenet.net [206.123.39.8]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g1KK9F629088 for ; Wed, 20 Feb 2002 15:09:16 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g1KJt8P06732 for vserver@solucorp.qc.ca; Wed, 20 Feb 2002 14:55:08 -0500 From: Jacques Gelinas Date: Wed, 20 Feb 2002 14:55:08 -0500 To: vserver@solucorp.qc.ca Subject: [vserver] vserver and schedular X-mailer: tlmpmail 0.1 Message-ID: <20020220145508.3d257361901e@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 152 On Sat, 16 Feb 2002 13:37:36 -0500, edward@DigitalAngel.com.au wrote > Excellent. > > I already dug out some message from a while ago > to do with the scheduler changes and I have a question. > > Did the scheduling code of vserver get changed since then? > The latest CTX-7 patch still appears to be messing with goodness() Yes nothing was changed in this area. Someone told me he was working on a different solution. Can't remember who. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Wed Feb 20 15:25:49 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1KKPmAh029365; Wed, 20 Feb 2002 15:25:49 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1KK66827352 for vserver.list; Wed, 20 Feb 2002 15:06:06 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1KK66R27348 for ; Wed, 20 Feb 2002 15:06:06 -0500 Received: from remtk.solucorp.qc.ca (g39-8.citenet.net [206.123.39.8]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g1KK9A629066 for ; Wed, 20 Feb 2002 15:09:10 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g1KJwAk06734 for vserver@solucorp.qc.ca; Wed, 20 Feb 2002 14:58:11 -0500 From: Jacques Gelinas Date: Wed, 20 Feb 2002 14:58:10 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] Re: Vserver and /var/run X-mailer: tlmpmail 0.1 Message-ID: <20020220145810.937f817c40f2@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 153 On Sun, 10 Feb 2002 13:23:14 -0500, Andy Kwong wrote > And on line 208 as well. > On line 80 in /usr/sbin/vserver it is - > > rm -fr var/run/* > > Shouldn't it be - > > rm -f var/run/*.pid > > This is because it is removing /var/run/named/ and other directories that some programs > need to write their pid files to. I have changed this to remove files only --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Wed Feb 20 16:16:08 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1KLG7Ah029735; Wed, 20 Feb 2002 16:16:08 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1KKvmu28800 for vserver.list; Wed, 20 Feb 2002 15:57:48 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1KKvmR28796 for ; Wed, 20 Feb 2002 15:57:48 -0500 Received: from remtk.solucorp.qc.ca (g36-94.citenet.net [206.123.36.94]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g1KL0q633897 for ; Wed, 20 Feb 2002 16:00:52 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g1KKnE207865 for vserver@dns.solucorp.qc.ca; Wed, 20 Feb 2002 15:49:14 -0500 From: Jacques Gelinas Date: Wed, 20 Feb 2002 15:49:14 -0500 To: Vserver mailing list Subject: [vserver] bind and vserver, more info X-mailer: tlmpmail 0.1 Message-ID: <20020220154914.63e5c4796d11@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 154 I have looked at bind. I found out why it is failing. When named starts, it tries to reduce its own capabilities. Good. Unfortunatly, it selects a very tiny set of capability, but one too many. named tries to get CAP_SYS_RESOURCE and by default, vservers do not have this capability. If you put the following line in the vserver configuration file (/etc/vservers/xx.conf) S_CAPS="CAP_SYS_RESOURCE" then named start up fine. But this is annoying. CAP_SYS_RESOURCE allows a process to raise its "ulimit" resources. Normally, a process can only reduce its limits. On most linux distro, root has unlimited resource. Ideally, a vserver should have some rather high resources (but not unlimited) (number of file handle, memory, etc...) and each process is allowed to reduce it further. Given that named is normally run as root, as as such has plenty of resource, I can only see the process reducing its resources. Anyone has experience with named and its way of handling resources ? --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Wed Feb 20 19:22:51 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1L0MoAh024755; Wed, 20 Feb 2002 19:22:50 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1KNx2a32218 for vserver.list; Wed, 20 Feb 2002 18:59:02 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from s1.uklinux.net (mail.uklinux.net [80.84.72.21]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1KNx0R32214 for ; Wed, 20 Feb 2002 18:59:01 -0500 Received: from localhost (lance@localhost) by s1.uklinux.net (8.11.6/8.11.6) with ESMTP id g1KNx0125577 for ; Wed, 20 Feb 2002 23:59:00 GMT Envelope-To: Date: Wed, 20 Feb 2002 23:58:59 +0000 (GMT) From: lance To: Subject: re: [vserver] vserver questions In-Reply-To: <20020220145230.114f7623c475@remtk.solucorp.qc.ca> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 155 On Wed, 20 Feb 2002, Jacques Gelinas wrote: > On Mon, 18 Feb 2002 16:03:31 -0500, lance wrote > > > > I've just installed the latest version of vserver (0.10 with kernel > > 2.4.17 ctx-7 ) and have a couple of questions :) > > > > Firstly using the default creation method for the vserver - vserver xxx > > build > > > > neither 'w' nor 'last' work unless you touch /var/run/utmp and > > /var/log/wtmp ??? Is this a design feature or just an ommission ?? > > Ommission, feature. I can add this. > > /var/run/utmp will be re-created empty when you start the vserver. Thanks. > > 3. running netstat in the verserver shows all of the ports, not just those > > bound to the vserver ??? > > Yes. This will be solved by a replacement to /proc using a less verbose version > of /proc, called vproc. > > > even though :- Network device: A vserver can only see the network device > > associated with its ipv4 root. > > Yes, this is work in progress :-) Aha thanks for clearing that up - have you thoughts on how to segregate firewalling between the different vservers ?? Could it be done with a per instance chain (or table) that the vserver can modify ?? Lance From vserver.error@solucorp.qc.ca Wed Feb 20 19:22:51 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1L0MoAh024756; Wed, 20 Feb 2002 19:22:51 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1L01tf32275 for vserver.list; Wed, 20 Feb 2002 19:01:55 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from s1.uklinux.net (mail.uklinux.net [80.84.72.21]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1L01sR32271 for ; Wed, 20 Feb 2002 19:01:54 -0500 Received: from localhost (lance@localhost) by s1.uklinux.net (8.11.6/8.11.6) with ESMTP id g1L01rB25942 for ; Thu, 21 Feb 2002 00:01:53 GMT Envelope-To: Date: Thu, 21 Feb 2002 00:01:52 +0000 (GMT) From: lance To: Subject: [vserver] vps question Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 156 Is there any way of showing, using vps or similar, in the root shell, what vservers processes are owned by ?? Or would it be possible to give each vserver a range of process ids to use ?? If not this would be very useful, especially for installations with large numbers of vservers running ... Lance From vserver.error@solucorp.qc.ca Wed Feb 20 20:11:17 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1L1BFAh025273; Wed, 20 Feb 2002 20:11:16 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1L0ngX00654 for vserver.list; Wed, 20 Feb 2002 19:49:42 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from sokol.paradigm4.com.au ([202.45.126.119]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g1L0nfR00649 for ; Wed, 20 Feb 2002 19:49:42 -0500 Received: (qmail 28214 invoked from network); 21 Feb 2002 00:53:20 -0000 Received: from d2.paradigm4.com.au (HELO mail.DigitalAngel.com.au) (202.45.126.111) by mx1.paradigm4.com.au with SMTP; 21 Feb 2002 00:53:20 -0000 Received: (qmail 29350 invoked from network); 21 Feb 2002 00:52:36 -0000 Received: from charley.home (HELO charlie) (10.0.0.4) by stanley.home with SMTP; 21 Feb 2002 00:52:36 -0000 From: B612@DigitalAngel.com.au To: vserver@solucorp.qc.ca Date: Thu, 21 Feb 2002 12:06:03 +1100 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: [vserver] vps question Message-ID: <3C74E2AB.17086.23E356@localhost> Priority: normal In-reply-to: X-mailer: Pegasus Mail for Win32 (v3.12c) Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 157 > Is there any way of showing, using vps or similar, in the root shell, > what vservers processes are owned by ?? Have you tried vtop? From vserver.error@solucorp.qc.ca Wed Feb 20 20:11:23 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1L1BNAh025277; Wed, 20 Feb 2002 20:11:23 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1L0nhp00658 for vserver.list; Wed, 20 Feb 2002 19:49:43 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from sokol.paradigm4.com.au ([202.45.126.119]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g1L0nfR00650 for ; Wed, 20 Feb 2002 19:49:42 -0500 Received: (qmail 28216 invoked from network); 21 Feb 2002 00:53:21 -0000 Received: from d2.paradigm4.com.au (HELO mail.DigitalAngel.com.au) (202.45.126.111) by mx1.paradigm4.com.au with SMTP; 21 Feb 2002 00:53:21 -0000 Received: (qmail 29351 invoked from network); 21 Feb 2002 00:52:37 -0000 Received: from charley.home (HELO charlie) (10.0.0.4) by stanley.home with SMTP; 21 Feb 2002 00:52:36 -0000 From: B612@DigitalAngel.com.au To: vserver@solucorp.qc.ca Date: Thu, 21 Feb 2002 12:06:03 +1100 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: [vserver] vserver and schedular Message-ID: <3C74E2AB.9246.23E34C@localhost> Priority: normal In-reply-to: <20020220145508.3d257361901e@remtk.solucorp.qc.ca> X-mailer: Pegasus Mail for Win32 (v3.12c) Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 158 How would you feel if I took Rik van Riel's patches http://surriel.com/patches/2.3/2.3.99-3-schedpatch3 http://surriel.com/patches/2.2.15-fairsched and adapted them for the latest kernel + vserver? Would you be interested? I am going to include this as an option in the next 2.2.20 ctx patch that I'm maintaining as I'm still not happy with the current scheduler. I'm also going to try adapting the 'large-nice' patch: http://surriel.com/patches/2.4/2.4.3ac4-largenice as yet another kernel compile-time option. Ed > On Sat, 16 Feb 2002 13:37:36 -0500, edward@DigitalAngel.com.au wrote > > Excellent. > > > > I already dug out some message from a while ago > > to do with the scheduler changes and I have a question. > > > > Did the scheduling code of vserver get changed since then? > > The latest CTX-7 patch still appears to be messing with goodness() > > Yes nothing was changed in this area. Someone told me he was working > on a different solution. Can't remember who. > > --------------------------------------------------------- > Jacques Gelinas > vserver: run general purpose virtual servers on one box, full speed! > http://www.solucorp.qc.ca/miscprj/s_context.hc > From vserver.error@solucorp.qc.ca Wed Feb 20 22:49:54 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1L3nrAh007109; Wed, 20 Feb 2002 22:49:54 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1L3TAX03476 for vserver.list; Wed, 20 Feb 2002 22:29:10 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtp-send.myrealbox.com (smtp-send.myrealbox.com [192.108.102.143]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1L3T9R03468 for ; Wed, 20 Feb 2002 22:29:09 -0500 Received: from dad kgehring@smtp-send.myrealbox.com [207.34.98.240] by smtp-send.myrealbox.com with Novell NIMS $Revision: 2.88 $ on Novell NetWare; Wed, 20 Feb 2002 20:29:02 -0700 Message-ID: <000b01c1ba88$011a3d60$0100a8c0@dad> From: "Ken Gehring" To: References: <3C74E2AB.9246.23E34C@localhost> Subject: [vserver] Having a small problem Date: Wed, 20 Feb 2002 20:29:42 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 159 Well it almost works. I've done the following Starting with a 2.4.17 kernel tree I've applied the patch patch-2.4.17ctx-7 with the command patch -p1 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1L9YBAh011507; Thu, 21 Feb 2002 04:34:13 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1L9Ia308643 for vserver.list; Thu, 21 Feb 2002 04:18:36 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1L9IZR08639 for ; Thu, 21 Feb 2002 04:18:35 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id 174D61000 for ; Thu, 21 Feb 2002 10:18:34 +0100 (CET) Subject: Re: [vserver] many services - 1 IP. From: klavs klavsen To: Vserver Mailinglist In-Reply-To: <20020220143538.8a7dfaf8db68@remtk.solucorp.qc.ca> References: <20020220143538.8a7dfaf8db68@remtk.solucorp.qc.ca> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-Oop66tT0uROQ0TXpnfRi" X-Mailer: Evolution/1.0.2 Date: 21 Feb 2002 10:18:33 +0100 Message-Id: <1014283114.1660.38.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 160 --=-Oop66tT0uROQ0TXpnfRi Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed, 2002-02-20 at 20:35, Jacques Gelinas wrote: > bind in newer distribution runs as user named. So combining the special > user ID + chroot is very robust. >=20 > the issue of chroot and vserver was important because a vserver has to > allow root process inside the vserver and as such has to allow chroot sys= tem call > in many cases. But in general, to jail a process using chroot, you switch= to > another user ID. then chroot is reliable and robust. Thankyou for that tip :-)=20 This is something for the FAQ I think. I'll put together some points, as soon as I've finished the Man-pages :-) --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-Oop66tT0uROQ0TXpnfRi Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8dLtp4c1kHlhtW8oRAu6SAKCW/suaI3odhSAg9F4lgFxsOidvPgCeJwIV UtE1gh9UHjKu4dEK0HFYZ0k= =DXsw -----END PGP SIGNATURE----- --=-Oop66tT0uROQ0TXpnfRi-- From vserver.error@solucorp.qc.ca Thu Feb 21 04:40:47 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1L9ekAh011553; Thu, 21 Feb 2002 04:40:47 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1L9PCS08772 for vserver.list; Thu, 21 Feb 2002 04:25:12 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1L9PBR08768 for ; Thu, 21 Feb 2002 04:25:11 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id 932AF1000 for ; Thu, 21 Feb 2002 10:25:11 +0100 (CET) Subject: Re: [vserver] Having a small problem From: klavs klavsen To: Vserver Mailinglist In-Reply-To: <000b01c1ba88$011a3d60$0100a8c0@dad> References: <3C74E2AB.9246.23E34C@localhost> <000b01c1ba88$011a3d60$0100a8c0@dad> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-YFVVIcVNo1zJ75guLktE" X-Mailer: Evolution/1.0.2 Date: 21 Feb 2002 10:25:11 +0100 Message-Id: <1014283511.1664.42.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 161 --=-YFVVIcVNo1zJ75guLktE Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Thu, 2002-02-21 at 04:29, Ken Gehring wrote: > Made a new vserver (v00) and still all OK >=20 > When I go to start the vserver I get the following >=20 > Can't set the ipv4 root > : Function not implemented >=20 >=20 > Everything seems to be OK in the config files, I just seem to be missing > something small. >=20 > Any ideas???? >=20 try checking with uname -a - that you've actually booted on the right kernel. if it doesn't say "2.4.17ctx-7" somewhere in the line, then it's not a ctx enabled kernel (unless you changed the kernel-version at compile time). --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-YFVVIcVNo1zJ75guLktE Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8dLz34c1kHlhtW8oRAonVAJ9bX5ODfy4QXkaW0NYrMm6AlWvOQQCggWvy 05eUjtNT3IvLNaRndNHg+1E= =7ZCL -----END PGP SIGNATURE----- --=-YFVVIcVNo1zJ75guLktE-- From vserver.error@solucorp.qc.ca Thu Feb 21 10:58:43 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1LFwgAh014327; Thu, 21 Feb 2002 10:58:42 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1LFhFj15018 for vserver.list; Thu, 21 Feb 2002 10:43:15 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.SerNet.DE (mail.SerNet.DE [193.159.217.66]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1LFhDR15014 for ; Thu, 21 Feb 2002 10:43:14 -0500 Received: from intern.SerNet.DE by mail.SerNet.DE with esmtp (Exim 2.12 #1) for vserver@solucorp.qc.ca id 16dvNH-0007hQ-00; Thu, 21 Feb 2002 16:43:11 +0100 Received: by intern.SerNet.DE id 16dvNH-00057h-00; Thu, 21 Feb 2002 16:43:11 +0100 Content-Type: text/plain; charset="iso-8859-1" From: Krischan Jodies To: vserver@solucorp.qc.ca Subject: Re: [vserver] vps question Date: Thu, 21 Feb 2002 16:39:05 +0100 References: In-Reply-To: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: Organization: Service Network GmbH, Goettingen, Germany Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 162 Am Donnerstag, 21. Februar 2002 01:01 schrieben Sie: > Is there any way of showing, using vps or similar, in the root shell, > what vservers processes are owned by ?? Have a look at my little wrapper :-) ftp://ftp.sernet.de/pub/vserver/vps2 Krischan -- Service Network GmbH, mailto:kjodies@SerNet.DE, http://www.SerNet.DE phone: +49-551-370000-0, fax: +49-551-370000-9 From vserver.error@solucorp.qc.ca Thu Feb 21 11:44:55 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1LGisAh014803; Thu, 21 Feb 2002 11:44:54 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1LGNU415790 for vserver.list; Thu, 21 Feb 2002 11:23:30 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtp-send.myrealbox.com (smtp-send.myrealbox.com [192.108.102.143]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1LGNTR15786 for ; Thu, 21 Feb 2002 11:23:29 -0500 Received: from dad kgehring@smtp-send.myrealbox.com [207.34.100.84] by smtp-send.myrealbox.com with Novell NIMS $Revision: 2.88 $ on Novell NetWare; Thu, 21 Feb 2002 09:23:28 -0700 Message-ID: <000201c1baf4$3370c6a0$0100a8c0@dad> From: "Ken Gehring" To: References: <3C74E2AB.9246.23E34C@localhost> <000b01c1ba88$011a3d60$0100a8c0@dad> <1014283511.1664.42.camel@amd.vsen.dk> Subject: Re: [vserver] Having a small problem Date: Thu, 21 Feb 2002 09:23:29 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 163 Yes it is using the ctx kernel. I double checked, recompiled and made sure that lilo was booting from the correct kernel. If someone has a kernel with the IDE SCSI emulation compiled in (not as a module) I'd like to try it out to make sure it is not a kernel problem. Ken ----- Original Message ----- From: klavs klavsen To: Vserver Mailinglist Sent: Thursday, February 21, 2002 2:25 AM Subject: Re: [vserver] Having a small problem On Thu, 2002-02-21 at 04:29, Ken Gehring wrote: > Made a new vserver (v00) and still all OK > > When I go to start the vserver I get the following > > Can't set the ipv4 root > : Function not implemented > > > Everything seems to be OK in the config files, I just seem to be missing > something small. > > Any ideas???? > try checking with uname -a - that you've actually booted on the right kernel. if it doesn't say "2.4.17ctx-7" somewhere in the line, then it's not a ctx enabled kernel (unless you changed the kernel-version at compile time). -- Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA Fingerprint = A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter From vserver.error@solucorp.qc.ca Fri Feb 22 01:42:34 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1M6gXAh022376; Fri, 22 Feb 2002 01:42:34 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1M6M2m29889 for vserver.list; Fri, 22 Feb 2002 01:22:02 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1M6M2R29885 for ; Fri, 22 Feb 2002 01:22:02 -0500 Received: from remtk.solucorp.qc.ca (g36-124.citenet.net [206.123.36.124]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g1M6PK647435 for ; Fri, 22 Feb 2002 01:25:20 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g1LJiNa02497 for vserver@solucorp.qc.ca; Thu, 21 Feb 2002 14:44:23 -0500 From: Jacques Gelinas Date: Thu, 21 Feb 2002 14:44:23 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] [PATCH] per vserver socket-listings in /proc X-mailer: tlmpmail 0.1 Message-ID: <20020221144423.7eb8e75c6934@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 164 On Sat, 16 Feb 2002 17:44:34 -0500, Martin Josefsson wrote > Hi, > > I've attached a small patch to enable per vserver /proc socket-listings, > for example in /proc/net/tcp ... > > I've added support for unix, ipv4, ipv6 sockets. > > It's been stable in my testing here but YMMV. Cool, I have added it. This will be in kernel ctx-8 tomorrow. Thanks! --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Fri Feb 22 03:12:36 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1M8CZAh023068; Fri, 22 Feb 2002 03:12:35 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1M7wnt31364 for vserver.list; Fri, 22 Feb 2002 02:58:49 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1M7wmR31360 for ; Fri, 22 Feb 2002 02:58:49 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id 0AE681000 for ; Fri, 22 Feb 2002 08:58:43 +0100 (CET) Subject: Re: [vserver] Having a small problem From: klavs klavsen To: Vserver Mailinglist In-Reply-To: <000201c1baf4$3370c6a0$0100a8c0@dad> References: <3C74E2AB.9246.23E34C@localhost> <000b01c1ba88$011a3d60$0100a8c0@dad> <1014283511.1664.42.camel@amd.vsen.dk> <000201c1baf4$3370c6a0$0100a8c0@dad> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-EMO/AA9bRvZtXeEa/aIg" X-Mailer: Evolution/1.0.2 Date: 22 Feb 2002 08:58:41 +0100 Message-Id: <1014364723.1648.0.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 165 --=-EMO/AA9bRvZtXeEa/aIg Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Have you tried the Stock kernel from the vserver site? On Thu, 2002-02-21 at 17:23, Ken Gehring wrote: > Yes it is using the ctx kernel. I double checked, recompiled > and made sure that lilo was booting from the correct kernel. >=20 > If someone has a kernel with the IDE SCSI emulation compiled > in (not as a module) I'd like to try it out to make sure it is > not a kernel problem. >=20 > Ken >=20 > ----- Original Message -----=20 > From: klavs klavsen > To: Vserver Mailinglist > Sent: Thursday, February 21, 2002 2:25 AM > Subject: Re: [vserver] Having a small problem >=20 > On Thu, 2002-02-21 at 04:29, Ken Gehring wrote: > > Made a new vserver (v00) and still all OK > >=20 > > When I go to start the vserver I get the following > >=20 > > Can't set the ipv4 root > > : Function not implemented > >=20 > >=20 > > Everything seems to be OK in the config files, I just seem to be missin= g > > something small. > >=20 > > Any ideas???? > >=20 > try checking with uname -a - that you've actually booted on the right > kernel. >=20 > if it doesn't say "2.4.17ctx-7" somewhere in the line, then it's not a > ctx enabled kernel (unless you changed the kernel-version at compile > time). >=20 > --=20 > Regards, > Klavs Klavsen >=20 > -------------| This mail has been sent to you by: |------------ > Klavs Klavsen - OpenSource Consultant=20 > kl@vsen.dk - http://www.vsen.dk >=20 > Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 > Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA > --------------------[ I believe that... ]----------------------- > It is a myth that people resist change. People resist what other > people make them do, not what they themselves choose to do... > That's why companies that innovate successfully year after year > seek their peopl's ideas, let them initiate new projects and > encourage more experiments. -- Rosabeth Moss Kanter >=20 >=20 >=20 --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-EMO/AA9bRvZtXeEa/aIg Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8dfox4c1kHlhtW8oRAkK3AJsHp/MFrMdSXLW6zXrShnJC68gOVwCfS3AE Ht8xw/MJodUVC6Vh+UBAn24= =x3ea -----END PGP SIGNATURE----- --=-EMO/AA9bRvZtXeEa/aIg-- From vserver.error@solucorp.qc.ca Fri Feb 22 04:20:34 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1M9KSAh024738; Fri, 22 Feb 2002 04:20:28 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1M8hsw32034 for vserver.list; Fri, 22 Feb 2002 03:43:54 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from web4.internetx.de (web4.internetx.de [195.127.139.92]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1M8hqR32030 for ; Fri, 22 Feb 2002 03:43:52 -0500 Received: from thomasp.internetx.de ([195.127.139.8]) by web4.internetx.de (8.12.2/8.12.2) with ESMTP id g1M8hkeG014087 for ; Fri, 22 Feb 2002 09:43:46 +0100 Received: (from tomtom@localhost) by thomasp.internetx.de (8.11.3/8.11.3/SuSE Linux 8.11.1-0.5) id g1M8guv15658 for vserver@solucorp.qc.ca; Fri, 22 Feb 2002 09:42:56 +0100 Date: Fri, 22 Feb 2002 09:42:55 +0100 From: Thomas Preissler To: vserver@solucorp.qc.ca Subject: Re: [vserver] vservers inside vservers, multiple IP Message-ID: <20020222094255.S936@thomasp.internetx.de> References: <20020220133347.efe1321e47f4@remtk.solucorp.qc.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: <20020220133347.efe1321e47f4@remtk.solucorp.qc.ca>; from jack@solucorp.qc.ca on Wed, Feb 20, 2002 at 01:33:47PM -0500 Organization: InterNetX, Regensburg, Germany X-Uptime: 10:36pm up 1:48, 6 users, load average: 0.01, 0.02, 0.00 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 166 * Jacques Gelinas wrote on 20 Feb 2002: > On Sat, 9 Feb 2002 20:33:14 -0500, Christian wrote > > > binding more than one ip is often needed for Proxy-Servers, > > Backside-Databases, Maintainance-Networks, Intranets which usually reside > > on another nic and dummy devices are just a workaround like using > > iptables/NAT currently. I dont think that the 'single-device' is a > > flexible idea. My idea was that there are two (or maybe more.. but a small > > static amount) of ip/mask pairs, the first ip is the default ip whcih is > > used for bind(0.0.0.0) but all other ips which are match the masked ip are > > bindable too. additionally a nested chbind within a vserver can be used to > > constrain the ip/ranges further (i didnt tested recently if recursive > > vservers work .. would be fine either). > > Nest vserver do not work for now because of the lock flag in the new_s_context > system call. The idea is that many resources will be constrained on a per > vserver (per security context in fact) basis. The lock flag prevent a process > in a given security context to "hide" itself in another security context. > > But if you remove the lock flag (in the configuration file), a vserver inside a vserver > is possible and will provide the same level of performance. The chbind > system call has also its limitation. Once you have chbind to one IP, you are not > allowed to select another, except for root in security context 0. > > Now, this idea of a vserver inside a vserver is introducing a nice solution. I have > already talked about the concept of vserver instance. As a recap, the concept > is to have several copies of a vserver running side by side. One is the production > server, the other is a backup vserver (old version of the service), and few others > are test vservers. With unification, one can easily create a new copy of a vserver > for test purpose. > > For example, you have this internet project running on a vserver. You have many > many cgi/php/perl stuff running there. It works for several months. Lately > have reworked the whole project and did many changes here and there. New > SQL schema, new scripts, new apache version and so on. Rollout time. > > Using vservere, you can clone the production server in one minute, then install > your new version and test it out. Once you have iron out all the installation > and automated it, you clone stop the production server, rename it to backup, clone > it and apply your updates. you start this new vserver as the new production server. > > All this is fine and I suspect many will start using vservers like this to apply > large updates in a controlled way. But there is a flaw. You must be root > in the root server to do this. > > Now if we apply your idea, we could end up with a virtual root server, having > the ability to create new vservers and assign some IPs, out of a fixed list. > > Now there are some problems with unification since a vserver is not allowed > to operate on immutable bit (by default, configurable). The solution here would > be to grant the first vserver (the virtual root vserver) the right to play with immutable > bit, but the this vserver would not use unification. > > Anyone interest in this concept of multiple-vserver-instances or vservers > managed by vservers ? It sounds way cool Yes, we are *interested*. We are a big provider and this feature would be very useful. We have many customers, who work as reseller, so it would be great, that we can set up multiple vserver an one machine, one vserver for one reseller, and the reseller himself can set up vserver to give his customers a virtual machine, too. So everyone can work as root on his machine. That is the main advantage. Give me this feature, I'll test it! Bei Fragen und Problemen können Sie sich gerne an mich wenden. Mit freundlichen Grüssen/Regards, TEAM INTERNETX / UnixSysAdmin ________________________________________ InterNetX GmbH, DNS Service Center Maxstrasse 6, D-93047 Regensburg Thomas Preissler, Preissler@internetx.de Tel. +49 941 5955916 Fax. 5955968 From vserver.error@solucorp.qc.ca Fri Feb 22 05:24:02 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1MAO1Ah025072; Fri, 22 Feb 2002 05:24:01 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1MA87a01238 for vserver.list; Fri, 22 Feb 2002 05:08:07 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1MA86R01234 for ; Fri, 22 Feb 2002 05:08:06 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id 40CA61000 for ; Fri, 22 Feb 2002 11:08:04 +0100 (CET) Subject: [vserver] rebootmgr function? From: klavs klavsen To: Vserver Mailinglist Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-NlhPY2oEOKAwy0MMZ2A1" X-Mailer: Evolution/1.0.2 Date: 22 Feb 2002 11:08:03 +0100 Message-Id: <1014372484.1649.4.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 167 --=-NlhPY2oEOKAwy0MMZ2A1 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi guys, I'm writing the man pages for the different vserver binaries, and I'm at rebootmgr. If I run it from my box, with a valid vserver name it just freezes.. (how long am I suppose to wait? vserver stop;vserver start - finished quickly). if i run it with a invalid vserver name is says: bind: No such file or directory. What's the purpose of this program? --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-NlhPY2oEOKAwy0MMZ2A1 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8dhiD4c1kHlhtW8oRAnMWAKClfm0eq6FpGaZgFdk6W1DpuIKZzQCfVkLb 3nRL9P55jm+eGWtvgjcv31U= =kqeN -----END PGP SIGNATURE----- --=-NlhPY2oEOKAwy0MMZ2A1-- From vserver.error@solucorp.qc.ca Fri Feb 22 05:42:50 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1MAgnAh025183; Fri, 22 Feb 2002 05:42:49 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1MAPC101746 for vserver.list; Fri, 22 Feb 2002 05:25:12 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1MAPBR01741 for ; Fri, 22 Feb 2002 05:25:11 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id 790251000 for ; Fri, 22 Feb 2002 11:25:06 +0100 (CET) Subject: [vserver] man pages - reducecap questions From: klavs klavsen To: Vserver Mailinglist Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-cFykInqOiKnCqdPWyKcU" X-Mailer: Evolution/1.0.2 Date: 22 Feb 2002 11:25:05 +0100 Message-Id: <1014373506.1649.11.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 168 --=-cFykInqOiKnCqdPWyKcU Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi guys, I'm running through reducecap with strings. i can see three options (I've only found one of them mentioned in the docs). --secure (mentioned - removes all unsafe capabilities) --show (shows current capabilities) --flag (gives me a segmentation fault)=20 what's the idea with --flag? what are you suppose to feed it? is it possible to define which capabilities to remove? other than just what secure removes? can you enter --secure (and then add extra capabilities to the --secure standard set?)=20 I'm gonna figure out, which capabilities --secure actually removes and put them in the manual :-) Anything else I need? --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-cFykInqOiKnCqdPWyKcU Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8dhyB4c1kHlhtW8oRApVwAJ0f3yUd7S9AT0qp/0WRl/c2jtKMWwCfVL47 nYWYjM6+8KU5lQmqeRA4Afo= =olIt -----END PGP SIGNATURE----- --=-cFykInqOiKnCqdPWyKcU-- From vserver.error@solucorp.qc.ca Fri Feb 22 07:39:07 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1MCd6Ah025813; Fri, 22 Feb 2002 07:39:07 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1MC7Za03828 for vserver.list; Fri, 22 Feb 2002 07:07:35 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from rhenium.btinternet.com (rhenium.btinternet.com [194.73.73.93]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1MC7ZR03824 for ; Fri, 22 Feb 2002 07:07:35 -0500 Received: from host213-122-197-214.in-addr.btopenworld.com ([213.122.197.214] helo=john-new) by rhenium.btinternet.com with esmtp (Exim 3.22 #8) id 16eEU4-0007X8-00 for vserver@solucorp.qc.ca; Fri, 22 Feb 2002 12:07:29 +0000 Received: from 192.168.0.1 by john-new ([192.168.0.1] running VPOP3) with SMTP for ; Fri, 22 Feb 2002 12:07:10 -0000 From: "John Lyons" To: Subject: RE: [vserver] rebootmgr function? Date: Fri, 22 Feb 2002 12:07:08 -0000 Message-ID: <007e01c1bb99$749ea930$0100a8c0@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <1014372484.1649.4.camel@amd.vsen.dk> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 169 > What's the purpose of this program? It allows each vserver use to reboot the vserver themselves from within their vserver. It should be running on the host server only. It listens for reboot requests from each vs. I don't think it's designed to be called directly. Regards John Lyons DomainCity http://www.domaincity.co.uk support@domaincity.co.uk ICQ 74187012 *********************************************************************** Please quote your account number in the subject line of all emails. Failure to do so may result in your enquiries taking longer to process. *********************************************************************** From vserver.error@solucorp.qc.ca Fri Feb 22 07:46:04 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1MCk3Ah025868; Fri, 22 Feb 2002 07:46:04 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1MCUsx04258 for vserver.list; Fri, 22 Feb 2002 07:30:54 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1MCUpR04254 for ; Fri, 22 Feb 2002 07:30:52 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id B3D341000 for ; Fri, 22 Feb 2002 13:30:48 +0100 (CET) Subject: [vserver] man pages for all vserver programs From: klavs klavsen To: Vserver Mailinglist Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-OCqirz27NpKTZ9WgMsoI" X-Mailer: Evolution/1.0.2 Date: 22 Feb 2002 13:30:47 +0100 Message-Id: <1014381049.1649.30.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 170 --=-OCqirz27NpKTZ9WgMsoI Content-Type: multipart/mixed; boundary="=-PFW12iP9PDiLw6QhETJ9" --=-PFW12iP9PDiLw6QhETJ9 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi guys, I finished the man pages for the vserver binaries. I couldn't find a proper man-editor, and had to use manedit. This means, that the formatting of the man pages could have been a lot better. I've done my best with the program available :-) If you know of a good editor, or have the time/need to improve upon the formatting yourself, please do so :-) I hope they are all correct. I found some extra --options for reducecap, by using strings and looking in the source code. I hope I didn't misunderstand the --flag option? Well here's the Man-pages for all you vserver users. Please take a look, and check for mistakes. If they are all ok, I believe Jacques has already said he'll include them with the next vserver-utilities version. --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-PFW12iP9PDiLw6QhETJ9 Content-Type: application/x-bzip Content-Disposition: attachment; filename=vtop.8.bz2 Content-Transfer-Encoding: base64 QlpoOTFBWSZTWbq71FIAAHFfgAAQUefgV+9v326////gQAI9mV2SVhpGplPEgGmQ0AANAAAAASpk TEwkxT0ap4ptQMgAbRNPSNB4oGmpplMpkwpptTT1AAAADIAaAanqSNGgaNNAA0DCNGgZNPUGgY7E rACokFJaLC6ASSjOECiMQBIBMw4qGRX/2jxpIftlgt/DhNwU48RW7KiSK3WSlBs3uaVMif9iVeVj clEupc2JW0k6LioWM8B+jnvDs79+deuvV5Olgzr2YPpGikmjCx8gDY8OZLbE8/MuAgO08MZFjqz/ UDY9j8mHBmCU5SAnSydTg9g7oVatu5PXju8T4jeoGAJQi4JHI3LQNNXUB3sd73p+aQHdktBVBl77 bOrg3TlihTACaxvWFn46BKguBKG0TK4rtZzOQFivetr1qcVTKYkaoSN8PelktF8BlbdE9LfmgPru 1zXjTQWal1y1GZxDB3aykQnBIFFKDk3S4wx6IqmxfVFxKIoiE3y1nNknmCVrJi6M1+wVCeVYMjbk isYewilP5g6wcKbSSuZzyaOxWCRwEPApFt+D9o/QN+5xmEoX6wtWMYqosjVq2eWJJI8ipECoUqIK T9mEYlQKNSRNVKpkJmuMwIOYCyaIOvbEaKfot1tYF6VktkDPWP0rEny1Wh5ydN2bGiejUqs9Y+Im hG4MZlbPBc5scLyaKJjGGuuBB5wudMZhAMUlTj7Sx4Cuyf9aKaHjFYZawpZ3VLWSQCMGE8kbkKFC YPiRtNs5tJEd3lz23JZjfusLaMVlA/wvwBDfbDpcCDjJ04TAhYkh/i7kinChIXV3qKQ= --=-PFW12iP9PDiLw6QhETJ9 Content-Type: application/x-bzip Content-Disposition: attachment; filename=vserver.8.bz2 Content-Transfer-Encoding: base64 QlpoOTFBWSZTWfOUv4IAAKXfgAAQUefoV/9v326////gUAM9cjrarLbbQNCaJlNqmM0p6npqnk9T ap5NI9TJoZqNN5RHqPQJJCnjUyJoptPUNTTQNAAGmQAB6g0BEZTyjUeiGjQAAAAANADTRUaBoABo 0AAAAAAAcwCYCZGAEYmJhMJghpiaYHIrACKoKmaYjndkYsEClAbiBGKOCsASAfC+H480xF+O8hP7 ZCR6joEJUFFzw3yNJHZ++LnJgYwlH/LgojnF+EKggjxVa1N5oynZjdhtwKkIpiRtUJM5ssQMLhGm 04wYOryY5YIXGxMdRBJCVpg6FvKSsGWAonQGPEDx8uGrm+Uey3DYCK22jjoZDoRZPjeYAfCBunAg Gs2GzfNp6deencACZUIU8rqrl45Xv/Kd1lXfMbJ1+pAe0VLPbL/hlYb1a58V2kW1AuzFcR5tcRqA Hh+CD7uDjHVv0A+al6Jt+b0JdeOtYpMjOb9M0vtHdxbWL7ALQzRuX1kEImlGSHClg4GNOuYAGnfc zVt39sxwIm7g8X93gQhOGEyzWvEyFF/kBKXPX8UMpifAAjct2PnFnz+xCivD41lzzhQONlOG8tNV bgwasXK6JQbO0qFzuRjOmmKh5lwMh6aoAquoLNF4vALXIOkm1xNhw602pxngMRkRYzImPM6VqQBN YgVEdDIDE2NmRhS121QsbAZGvQx4AAPQMErjBZRdZSp6Z0BC8G0kJc915E5wsFrxeoFnUVNOMyCU nqWXlmAna56ajz/FIWgxSOdah057CStgEBWOQFu7QKYKHoEN4yIqaGFUoCnGyjeeVhJEwoCIoUGM +gTkTcJkVQcy+skmkLDzWo4Bkcut25MclINTNK8tsCKPYxPdgoNwkUuaxPhnJ2gaiISuDpVtjygV wWc7+ciKAPrMZTAR1UAhqLUZRsXCRhi3YLSshaSmV5CA33AImgHtXK+T9QONWNbI6pxYx5CFdg83 atwyZMDAmWTLirB2NzVHsvo7Rdjpna3NQnb1rmByy8LFdRNJgeSEPoYUSmmyG2tw5jAyFOY9DK8z jwWFYGAP0DWPLBGMSwOje/N4Oe2C1uO0NNlYkmxoCUEtocDRdUkzHTG0V3mTQo/iYVzIy2uLl/4u 5IpwoSHnKX8E --=-PFW12iP9PDiLw6QhETJ9 Content-Type: application/x-bzip Content-Disposition: attachment; filename=vserver-stat.8.bz2 Content-Transfer-Encoding: base64 QlpoOTFBWSZTWcf9FYEAAJp/gEzwBABZ5+BX72//dL////BAAly0qzWlDSNEyapsp5TTwU0ekyPU Yj1ANPUDRmp6jIAaQAp+o0FNpGyJo0AABoekAGjT1Ac0yMhkwQ0YTBGmjRiBpkyMAAQSmk1BoIaD Snog9RoBoaNBkPSAGg8pRWzCZFQndDihdPx+dGlVULr3rdHXLBmrqKZbZ60yQJMNReOc0xMzgBKD oQXGPT7ILjzAkyT1wx4+e5Yl2FXRUuRaUzaqIbVvEf0Z5Hy2oa3sMTzmIgDqRCD4JY58Un4BTTMB 4kVhK3ywZ5eY8OrlAJ/EMTZtOBSNRW5JAQDNJExC2vw4iIrowu9+d12uDQ2zN0ZuM0GdhAQYCEUt /YDqC8NLrlY0Diz2PVWrtGlYMicMupN3pAxA8ad4itJVLbc8ThbNQRU1MtHDFaqJlSy4IoE9JFFa tEia25pY6HTrEs0azniRGFZKUEHV9OJ6b2qPkHkEupSHKf6m61kUIQ/nMCCRHzf06W3XNyOcJ2Jq D6kPuSHSWPhfBjMEIUJojEo6cDgjVuMDfmdoX3rqievsYQTkeevPFtNkh0Xy4jI0JjftkBm5csrG bNobH5GnBd19hhVabFaxyTV/92PFDCJAhTlFJXOrbY+lLW30LMTi8IxRS2wGYwAZToYmZCUz3VlI R3pZcm79Ge6dQ7PO5NIlIVqaP4qKE7M6qsqVQqWS6kIvKnS1FhcqAHWUjKt75R8uOydhmwVqv3pP xo1yvbiHItSGeKRF/LoHpc00xYsSkB5Etf+omtNlvZK4JTDnTNlvJozLTLtDfbjuycGyNXoUtFlB VEKWzIzLY5hLoYRRIMQNZLSWo6IPdAONgskCRB468mOvGDzTtn4rdXcj0RlzAQGIcB+jnZ7X2yJv HGzTuxKua//i7kinChIY/6KwIA== --=-PFW12iP9PDiLw6QhETJ9 Content-Type: application/x-bzip Content-Disposition: attachment; filename=vrpm.8.bz2 Content-Transfer-Encoding: base64 QlpoOTFBWSZTWcx7E1IAAJvfgAAQWefwV/9v326////kQALbGLp27dztglEIExNTZE9NJ6T1NDNQ aaBoBpkaaANEyaTCaE2oapoekABkNA2iNPUaYmglNESJ5RkA9TTEAZGQGhoZAAAlNQImNUyPRGg0 MgAAAaAAyLr6Izyfueg9kNbmJ1tK1Qwk6abkcnmhiwcIJAM/9pvYV9B8izh1lwVuIwdp+9KNERst te7pW6pjo/sgnZy9V4arQPLzILxYJqFUh1mMU4G8L5Fky7gYQyTDC46MFbOFXuoYvgSI9xJKZP73 6xBmmcxPZpzgc/449+PJjnstQS0L9VG7C1aWNvuh55UB0pEzHsES5VcyPyubJmmnvIgNkoJJ5j97 Me6f1i7pNGl9FaxG96BLQm9NP9jco9tXi449ji3M7LsbzGt6BdDwERF2sNMBApEeNeoxICo9ogXb fALvrMC8yGTR9TcEts1OFMgBN2Jsv8zDqZ81zpZoNjIb4TsipOp3TWpBtcG6D8b8hBGWxSHbFg9k c1UTf5T7Hj5m+oEcOj4x7X0Du7phrh1DPQJMCYh3Oa+UBoYMzLSg8b7ntnMVWSIYftRCJnLZwS6y 2r3hhN5n7JJObi/nKtKKRTrdmajdTMStTiy0iJLOEnExXoQ8CGVVtNejgTwaXK78ttuqRRAk14gG Im+DZ536GFLDS6Gxkd1KmFhMF4wP4mVq0yGD+C2mGTgSy4OrxgxUIRCYNUrIt3dbxkUVM9I7uqRE EOIdQDoh3a5FcVwuHFXwGe0SmZ4G4zQnjKLxYsmuoX6bBJRUjknSYaygYL7qizNVtE55MD0JITYk XUA7ZJRpHESF4sVsiiqsZeUAeIVwjpjmGeOwps04jxWSanYMVY18ehjCVVFAVIVmUpz6647q+T9A 3LNeZLUNfBjC47VYNqxA5jIokwreozm1BM5j11DijAaceO6/DdxwINcqrBta3VfLKm52btnqBnIs 0UY0wo1sX71pa8o6F/i7kinChIZj2JqQ --=-PFW12iP9PDiLw6QhETJ9 Content-Type: application/x-bzip Content-Disposition: attachment; filename=vpstree.8.bz2 Content-Transfer-Encoding: base64 QlpoOTFBWSZTWUuSBdMAAHFfgAAQUefgV+9v326////gQAI9sVZrUhKmgQaKeQT9QTQwQMQyGmI0 MmgaIaJhASeieiPUADQGgeoZB6QOaYmAjTAjCMAAAATCMBKaST01Mp6mno0mmJoaANAADQZMRZng BQ4nV1W4sJAsoxaMYJAloPHOZM+zS33aHAMB04YQYBHHEKXdIHASnSEHLi1iwTFWCH2wSaUSUpBK YUyjZXoUIIpNpDm5ag069UaMsMlzAoVlvcS2tLdnnbJBQNg43KeyLYU4hQb6yWqPfer4Wpr/pDN2 9mgWvOoKqFTxtcRmMd14Z9rcjMexmw1uGASEfdZtZO9DzvRAPUmaWnrk4M1QpE5gqmvTl9l27lhi VYAiqapTk+MgUg+0tJrLFYnb+nROg8wZHYdTp1Xc7DNM4zTfbeD1PTKEvM7rfim3ANualaZRi40S LV2yN5wGdrUpiojN6iUZGDEE7I1PfUyVd29JwWJwOSeYokOJFMaMJraiJWqqqGe5gf1CoKbKp2lb sTsx0EltaK5rRMOYyh5m12QG2VyJLYENxArjffpOQY7Dy6SrjcK2Na1jCptFurXO0mjIUE0B1AeC WlPNMoBPdkltUwa8lbhUnQt4Cl/deGOl8h9y6p4I4ZrglqnCO3K8DhAMjIzlK/MSxZd13bnIyEzF xQrZrLdNb4KWmH1QZy7KfDVWRifG2yIKtwFhwljrmnziikiD/6oRc1jFqtoCzRrVlUhTAEgQPyMr c2YApnjRGKxATX72bRQaWVXoHyJWkjGpyqA2D2lPkcFHE1FwqFEzX/8XckU4UJBLkgXT --=-PFW12iP9PDiLw6QhETJ9 Content-Type: application/x-bzip Content-Disposition: attachment; filename=vps.8.bz2 Content-Transfer-Encoding: base64 QlpoOTFBWSZTWd0oBmAAAHFfgAAQUefgV+9v326////gQAI9mFjpgSoGknoSeU3pNTIaYEDygaDN Q0NAGpoZAQhHonoTQNA0B6gaDQfqjQin6mlMnqbSA0YRpoBo0AAaA0AShFPTQmp6elPTKYgaAAAa DQDIXoZwFDCstizwQVQXOIYDMCqCr9nfpNzT/fifFocxTQuzXri0CVKBbLogoidRxi5kkawNBAl4 hH7aJoJuqKRVSqeGwQhATAL1DK/68Dv878c9MOTJnUFabqFTF1RwukmUEyIeqnurdNfzig3Ul6iv qx074w4/Gazo5+wYy1QUTqlxR+xugTLmludpbo2t2nog0CQr2MLmyvWd+OsDYp1j1+88g7XLQX1i qXwTVc3DVgWT8IEzL1LJE9ojEHxYuGBqs6brSCxDk05c2tJVYrWlkELIfLt71PXqB9Z9UKH+6wly HhPGKOIzkjLZlAojKiHZILgtSyUGEmp2N5KzZiy5W4YvKIjCqUwoyGtKIElqqoRq720BUFNtUyRn tVkQ5SK4fuT8A8YzFDPTXa4fY0yxkKexSYrssO41hwSgbRFrrzE573ucVvw216KEikIiuVHCAZIM CcISkGRNV6IC2zYsAKNwIBB8iqK1XSS0vwU+R2KqjBMX5DBjaYp1XThvoqKiqYcO7ejhc9zMnIQi LWrpIls9MmvpR40E1PGFcMlizKZKpEIHrsPpElMBiKU6fD6sorshtwCTka1i7awwjRGKwGp4CjBi G43C5Hh8BmlJgiH6M+TNWR4sGgxCatSmC9yxWBtCzJ2+sAkyqjYKgSDVb/i7kinChIbpQDMA --=-PFW12iP9PDiLw6QhETJ9 Content-Type: application/x-bzip Content-Disposition: attachment; filename=reducecap.8.bz2 Content-Transfer-Encoding: base64 QlpoOTFBWSZTWVwdf/8AANLfgAAQWefgV//v3+6////gUASOt2FrNbQYpZUEogRomI2hGp6mTUMa TEaaZMhppk09IBKI0E9U2k9SaeqHomT1AMIGmQaAPUHqBKBEA1TxBNNJpp6TRpiMjQADINNCJok0 PUyMgxMIMRpoNqaDTRoANA5oyYmACYjAjTAgxGCZMAjFWVPj6Az+EG75xVEfpiNa1a1m6ZpOwIwR Pv4erZ1FDhoIBFQyAAiACNFQnf8JizlvBdi8oKeXejTInuMWEZTJHdFvYrQ1ltie4muUYG65ib08 xsxxqN2OPOlctt+UEzK6r4aRME2uMwal8lCr/vKbVYiylpQ0zsmjwRlgNSfbKcDAx34GFaylZ3DP iKq5KPIvZnqp0XkJDDVFFT3WFDHpozNbOYFYOrrtuXPVF7vA2KbPHZLsz8HDzoJ0Ih2Yzk2nIdbp ubUgW3vxjP5iHIyKoQrtzoBOoemgn0VdUnkuLa5HG+kgUo7WjvzN38p7+v7PRWsb9UDUScFWrt1e o9/QdUOrYbt5ujx83kgiOFlEpmn/KmSSMngKqIFJ8JYy1m8vThlNVqScx3pk5JWxu7vdfeyo+EQt qnyixWcUkEcdRdo3L66gLkqmu1W3fDLcdssdZu0fWRIrwzXeiyM1LLaT1aGVeRA2bYbYSdXvuylt Wm1oJwetzP2+cXgvljU+9b4ZrPGopc3FmqpDFFBjaSepjGuuQRMLxqReYwYWaNFkaVkspmEYyUtX UBKEIPRDNEHCjZ6bF8tFIwfYMiwjwKGgOEjsfu3xq2vCRFGDHVWAlD0vVTxDnrD037dxu6uvTXWK rGZMDkVDJYUFVhiSsvAQgjFuZzZURH3HM8+z8TPnosOO6JB7qxGEDHfMM3/EZp7cExVIE7hX31RU S4dlI0l/V39wT6ImIoKqJuSvWiOlQjNCkrOvSQW9LV0uutJC/IMi9nBZNKhzw5CJpNNNeqFdGVKK DrNd/YvlqWkh1KrX7LGylXEbamJ9bQieOh4KYLXNEYXgsK0tkFKuquB8WGcydXjEUqfHdUNLYC2X iWzNRXqd+K43zLMwGT7gmFZAvUNqT0wmxyBUt4tgrrE81mWuzyzmUw3WruZFRBRzGjYJh00X7Zwi cZQ8iufhMi5MkShKGCcBrUhg+Cd0Wg7VtaVxBlrEFDlLjF2hdC395d3BMX87CcKmAlAuthi5M0H4 NxV0zxdluER+RddoaJIWmDbXT0SwdgZiaDIKcsIyDrV3qJE0erHqjBpsxqTJU7bUzqIsX0lzzGLB cK4YMk5GKFswarLtKVzUVuLAevy8imyBBJLxRS5iYCUxsaCUYTy23yTHv4UcDkL7+XxFFTY3CO6S wqhZo7LYc5cx8Wrjc2O8uRg0KiHKVCjXsQ5WTD5wkkZknlqJqQ3tSZBS1nKVX8wgV7+plDDDpLEL lZppB1PiSasB1N9bStEtzKu2xN1cqZ7I4Yzmlya3Wj0xmzTqibdFUmu4KjKk6UWOclVHLIJQJk6G UMZiZvSQ8ngOQ24tekIVXItu5E4/I/Fp495mVISyDfNHmJwSlQ6skgxI11DB4DOskNysiKCio1mk NedFxQV1wvtOX/i7kinChILg6//4 --=-PFW12iP9PDiLw6QhETJ9 Content-Type: application/x-bzip Content-Disposition: attachment; filename=rebootmgr.8.bz2 Content-Transfer-Encoding: base64 QlpoOTFBWSZTWVZzzTkAAIvfgAAQUefgV/9v326////gQAL9a1KaUqmGiNTTVP001J6nimTJkbJB 6mmmg9Qep6h6mQDUxBqYjVMGmkbU0aAAAAaANDmEwCYATCYTTAAAJk00DCU0QQEGUxEbSNHqZGgG gDQZDRK2DtQz+SREZq6r9fCGbNNMtBrDmBIEnys7DRfP5pbh/bi+p5JWXeio/fGoQOBwNqnUIlzs qGzWxWH3ON8bgllS3WXqDtdcQro6cm2it1aqsXZEGnGcoHjqCKbjdA0MjQ2k06FRNOma0eRi3P7Y rHcnLUQKx40Bip+GalJGCJo7BjGfgnOWHPjp6AYjy3Ko+r/dOV+I++23uly+rtIdm0KV3EBXNiKX jp3heQRVc0l6ahm1UMXXfFeLmBYAcHFx94IPbf4IoKxHs0cjB9Wl6aL9aKkvjca2NIgcmZK3TI7I 27M0YawL31KkvzmOYFM0rcob8HWcBKrSwOxNI7a5fBUYqyALq9XaxnaC8SftkRYNcN2xIicGvAR2 00axj+TX9st9dc7PeGVtDdeJUhxrP69VjSi4m1C2KHccQYiRvsqqzps1Yl6bXR2lH2rXiRNy2jEt FWsoSeM0Uureg1nBAdLbKZleRgmGAWhQxMCkI9EmTOrCv1BqhSMn4nOWNTG6l5nobkUepDWRB3Rr 0cezInZLdsvma9wcJzzxKkBwH77h6Y7YZWuapb3OBmZa79xe8Z9YDb7+QljCjWmUIYEmkMLIQY1w O1g2MrmPKRi5oRDliZ1A+4UhkJlLCbwCKfxSKIUznKDqZ5sLfk7Ym42vOJcjriOtYXpbHHhIOZiw g2ypGjB9NJ9TcNcWhxiuk5wypVP+iyekT300CJ3BCImUJjlJ+FU6i73zenG9oR05sdF2mmULbDNI dzVWNl3+Fj5VWERVQIgWTAKbuI8hA5Aw332otKb8+HEcX2Ahzm1IemsHsnWsp6knCSKF7NG/lsbB ibVWV1zWuTvwRb0tEXWbceOV1zaNEuWcbs/FWVcdDNvkaw7x+BJzmTCfjJ+mk6Ixs/xdyRThQkFZ zzTk --=-PFW12iP9PDiLw6QhETJ9 Content-Type: application/x-bzip Content-Disposition: attachment; filename=chcontext.8.bz2 Content-Transfer-Encoding: base64 QlpoOTFBWSZTWZPG/J0AAZLfgANQeefgV/9v3+6////kYAau+jg4dQO5qbtpSzNDTCSgEE0wjRo0 UzKZBoDTQaM0Q0yADU9IMRATVP1Q/VNNND1DQABoGgAB6hxkyaaYTIyBgRiaMEYQaNMAAgkKChoR lPITTNQNBoNDTQAGgNNNBxkyaaYTIyBgRiaMEYQaNMAAgkSBGkZCTYpqek8TUMTTRgmg2iHqNHqa eo8DtO9hQ10vnafXvh4PCKNAxNfHunsIZGibtmg/g+G68OeCznPw4X8NzloUm09Q62Yi7CZSJcrv CNANAZbEqsJBhsPODYN5Y4G4ghHz3tZ9lKmjHsza9HVgd9u4VpmcN92GrZmRre5JpOw0Xu6ZFBnE y1NOrooWdiN8OOhSfjGVrVqk0lWSYFcZTYy2mv2LdHHUrlkGPKjBhkwcI3+Zdj6XXTWhcLR5HVEo GpwhMTOSPHijFZPESTfKcgR2ikV3RtpYGlis20Jfn02nvpVhI36XIYOCDyCLPFqF9arLovBRwbNr gyXMNndC0cxqEh0yuqakVkmdwSlh18kGNNVCaZTWFaW3FAwFlY4AuZkwNJf1J5IuNzVjCVapBWW1 dktSuCUVKUw3BCJCeKOMA78eBBaed7vqNyv1h2d3J25McvFvoQvOkmQgRWYw0M0Ztkp+hXME6EWb HGnWN17XUx8AQMJoNbTVOU8VzrJDQwytcMen5o6LwS3PKybRu80dpJK0ym/WH8elJcdrCmJWLs+L lzevpck1rXfJBTXhx3yCEOfVEfiR5Vm4Ff3zRL0DW9O92iUdp9rp2ntqSAyMuT+JHr2001xBizDP mEfvNg/T3FvE78wOFtBLqgFWdFyBiGuvlS/KWtQYPcZNOe9s721+ADPMkzFsIxp8t5CCoVGtGlyR HMZR164D+hoaGM7EB5LiO3u/D2D8ntjzEj0+BVXoMxLzWF6cZn+vzqj/JHxwe4PnYqNFZ3SsfYyj TowaaZ+ca9cFBGFJEym3OxUpPviZJMxliw8s9YZKoNA17hbksoLuhsbO/sFXrnRLnwZAdA/FgFL7 +E0sbWWCIj5S8jmaMyRhlkS81BVYGiBjZ6mQONJyGvbtRYloFliAoww9sibYwNxwGwCQQeXCoiu1 dQtp4mdrnv6QyMRtEdTCPNOU+PROAIFdUEjCKTtZ97tCEiDyQWIEkvSd7DGjCjq6iok8GaGROROO oZplJYkUM9EB1q9spy1xBr0kSLSv5RMBDYdmt6zUgM58YrISRBcjZhIDoZkuinIc2GlLiKmpqAx8 crRbkFqeC7JWCgjirgInzGJC+IC5KzGuZmDDbAdDbBt1n0bcpLnry9Bq0G9OtQlWhRI5mmNNpRZI uGhFVptjO1YudzRp8Q/FhIgOMatgqrRTLWc9CSzsklyFTY6ihnS75nHit2BQRHfusZobaYwbavje RDYzdq68MxZRJQbGo9fM2PA2yWFumIqPZslGmmM4nKEjvDpOB6MSRkQFyPCTQZDGMaOZ3CjLWpmb 6bkUdWYOyl1SksSOAnAWVgplDGSKcGvauqpZOLJmVphCheKOcbqwboQag0VpRpwSSy01NjdJlaND aIbZIimBacCMKIK1CODVcAt3OznjWZBJAhzCtChcPf7oMo2o06giTlcCv13+zRXU3gM+4xY96HTR Wo0ke9oCcxsijBkKJrcr8hDcGm5jGazqfXPXUTq806lS2a5oEoF6rcTS1UQmdELf7tDM8DoYcpYK z0WpzAPSy5A0RQnnPMj1TloZFn9PJdSMabi3lxErzDUIghC4LEvPZbIkc5UNVxeiLFHtbxJKKhDY 4vqWLquSXvVOREYaaQz4sVXuZzdAeIz43yKolCjgVqrMJsmzVAe/CODCqDUA9zlT6rh01DPZb2En sGC4s8LWynXmrE4u6VN44Zspyzd8qE60tOQ536J4uzRRhGGV362TYVx1NKs+GIihQsAixokLJm9g STWFdoPBwWuFRcLWlMvBiUuaWb8pUFgoJBUshquTtlRNkCfF8SkMHWREGoJY4wqoOrDxl+VxdRgb IKi3KJX6mag7yOLm7JdTUJYMbJabEYriRYQioh6UCYln+sG/YOLHZnA1/xdyRThQkJPG/J0= --=-PFW12iP9PDiLw6QhETJ9 Content-Type: application/x-bzip Content-Disposition: attachment; filename=chbind.8.bz2 Content-Transfer-Encoding: base64 QlpoOTFBWSZTWTDs16EAAJBfgAAQUefgV/9v326////gQAL9a1LaW2gwlEImg9I1MnqMxTQ9T0mm TRoZDT1GTQ9QaBAE0mmmjRNqmmnlBoAADQNMhzCYBMAJhMJpgAAEyaaBhKamiJ6p+oMKnoyCYm0A AAAAmJTc+ENC6I7vKafq0OwXKRoqTMYD+gkCV3LpVmWvFtdsOFnFN80l5+5Id9Zjal++yG+q2xo3 4naru+BnD75B2wcFrKOdR0zlE2ygMzuM2rVeJSc/OS7NcxoDnBGEVpYGSPVwqKrhhEGGKC2uLabF N3R6x6H45qUE0ZCYwQVluWNGB6I9AbFLPEemPfBjRWpEMf/4LCVuMc15/jZtXEz6dYxnigUyRhel zS6B2Mhp671bqieqBlVbqzdCOBMmT8nHbmi1NWKWBF+tnYPBo8dS9sdZHsw2sZBBJnuhNzIjzfTy 3ow2gUhYqo+t5Aw1JXpTucMnoq+yHZEnAr7vOnwKpBzB4U5BG0+8dHpEIt3XccNVr+OpxSEaARQh Z5FHtcY/0ZeqGkfcCwk8syoOrrVREOCaIKfcNJWV1rrGvEZk8IQZBYJH+wVqslVmvxNRN/DJfu9+ 4yY5QSwn3m+geOM16LnqO9IBQl++wvHGLzQA0Bc4kmETKfChOG+sPsAUAT1GtNiFourdCFBjYizp +UQ03HNx7Z5jLcSwEdQylCRbqAb0iV+IrSGhmRhZcGEL5WottiYHFDDBmMIySjpi2E9gOooM6kZw vYMgOEMFqsNYhAgxjbq3MVHiZKZKgmZIahAdmTJFHi7CJfSiVJlI22VQhRk26UJ9sAwjaWQRytmh 4lWZnigVTA0gqujb+M6IbCkmJyCguyrDJZU7pgdQpytkBoYF5o6u85BcgjwVzc8AXKtnpsiAwRBY JIdwr0ve8SFI3hmvNqAr+QcE1mSUJG/O+Yq/hvxSb7GOtGVUD8CSLoQZ2ozQExh4sRKOjhEquAgD 1yKMw6gMxHmVyicdt2bTmQtwvNkLdjo9hE+MNLiQLBjVoVBbsqXcuJVw2tP+LuSKcKEgYdmvQg== --=-PFW12iP9PDiLw6QhETJ9-- --=-OCqirz27NpKTZ9WgMsoI Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8djn34c1kHlhtW8oRAo3FAKCHDoY500hnhUwGbk8xn8x0qW75yACff2YJ ClYXznfYubJL22EZXdRVVP0= =kI6e -----END PGP SIGNATURE----- --=-OCqirz27NpKTZ9WgMsoI-- From vserver.error@solucorp.qc.ca Fri Feb 22 14:47:30 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1MJlTAh029188; Fri, 22 Feb 2002 14:47:30 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1MJToM13187 for vserver.list; Fri, 22 Feb 2002 14:29:50 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtp-send.myrealbox.com (smtp-send.myrealbox.com [192.108.102.143]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1MJTnR13183 for ; Fri, 22 Feb 2002 14:29:50 -0500 Received: from dad kgehring@smtp-send.myrealbox.com [207.34.91.144] by smtp-send.myrealbox.com with Novell NIMS $Revision: 2.88 $ on Novell NetWare; Fri, 22 Feb 2002 12:29:56 -0700 Message-ID: <000201c1bbd7$6cdefb80$0100a8c0@dad> From: "Ken Gehring" To: References: <3C74E2AB.9246.23E34C@localhost><000b01c1ba88$011a3d60$0100a8c0@dad> <1014283511.1664.42.camel@amd.vsen.dk> <000201c1baf4$3370c6a0$0100a8c0@dad> <1014364723.1648.0.camel@amd.vsen.dk> Subject: Re: [vserver] Having a small problem Date: Fri, 22 Feb 2002 12:18:33 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 171 Well now I seem to be having another problem With the stock kernel and a compiled kernel the system will not complete a boot. It gets to the point of mounting the file systems and can't do an fsck on the file systems. The / and /boot partitions are ext3 partitions. Does vserver support ext3? Ken ----- Original Message ----- From: klavs klavsen To: Vserver Mailinglist Sent: Friday, February 22, 2002 12:58 AM Subject: Re: [vserver] Having a small problem Have you tried the Stock kernel from the vserver site? On Thu, 2002-02-21 at 17:23, Ken Gehring wrote: > Yes it is using the ctx kernel. I double checked, recompiled > and made sure that lilo was booting from the correct kernel. > > If someone has a kernel with the IDE SCSI emulation compiled > in (not as a module) I'd like to try it out to make sure it is > not a kernel problem. > > Ken > > ----- Original Message ----- > From: klavs klavsen > To: Vserver Mailinglist > Sent: Thursday, February 21, 2002 2:25 AM > Subject: Re: [vserver] Having a small problem > > On Thu, 2002-02-21 at 04:29, Ken Gehring wrote: > > Made a new vserver (v00) and still all OK > > > > When I go to start the vserver I get the following > > > > Can't set the ipv4 root > > : Function not implemented > > > > > > Everything seems to be OK in the config files, I just seem to be missing > > something small. > > > > Any ideas???? > > > try checking with uname -a - that you've actually booted on the right > kernel. > > if it doesn't say "2.4.17ctx-7" somewhere in the line, then it's not a > ctx enabled kernel (unless you changed the kernel-version at compile > time). > > -- > Regards, > Klavs Klavsen > > -------------| This mail has been sent to you by: |------------ > Klavs Klavsen - OpenSource Consultant > kl@vsen.dk - http://www.vsen.dk > > Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA > Fingerprint = A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA > --------------------[ I believe that... ]----------------------- > It is a myth that people resist change. People resist what other > people make them do, not what they themselves choose to do... > That's why companies that innovate successfully year after year > seek their peopl's ideas, let them initiate new projects and > encourage more experiments. -- Rosabeth Moss Kanter > > > -- Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA Fingerprint = A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter From vserver.error@solucorp.qc.ca Fri Feb 22 15:17:45 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1MKHiAh029428; Fri, 22 Feb 2002 15:17:44 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1MK23M13932 for vserver.list; Fri, 22 Feb 2002 15:02:03 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tincan.org ([216.64.180.202]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1MK22R13928 for ; Fri, 22 Feb 2002 15:02:03 -0500 Received: from localhost (raanders@localhost) by tincan.org (8.9.3/8.8.7) with ESMTP id MAA12626 for ; Fri, 22 Feb 2002 12:02:00 -0800 Date: Fri, 22 Feb 2002 12:02:00 -0800 (PST) From: "Roderick A. Anderson" To: vserver@solucorp.qc.ca Subject: [vserver] Really base(ic) RHL 7.2 system Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 172 I've come to this list kind of late in my experience so I have a server running vserver kernel-2.4.16ctx-4 (I think). I installed vmlinuz-2.4.17ctx-7 but can't remeber if I restarted the server using it (not the default setting). While setting the system up I made some less than optimal - for a unified vserver - configurations choices. I think I can recover from these without taking the system down. But before doing that I want get my stuff in order. My plan is to create a very basic server setup that I can use to build other vservers. I'm trying to figure out what is the minimum list of packages I need to install to have a barely working vserver. Has anyone already done this or can you point me at sources of information on the topic? TIA, Rod -- Let Accuracy Triumph Over Victory Zetetic Institute "David's Sling" Marc Stiegler From vserver.error@solucorp.qc.ca Fri Feb 22 15:51:28 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1MKpOAh029763; Fri, 22 Feb 2002 15:51:26 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1MKVN714744 for vserver.list; Fri, 22 Feb 2002 15:31:23 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ahriman.bucharest.roedu.net (ahriman.bucharest.roedu.net [141.85.128.71]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g1MKVMR14740 for ; Fri, 22 Feb 2002 15:31:23 -0500 Received: (qmail 19077 invoked by uid 1000); 22 Feb 2002 20:37:46 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 22 Feb 2002 20:37:46 -0000 Date: Fri, 22 Feb 2002 22:37:46 +0200 (EET) From: Mihai RUSU X-X-Sender: To: Subject: [vserver] My first post Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 173 Hi I'm new to vserver and this is my first post. First I want to congratulate the people behind this project. I am very interested about a virtual server solution implemented in the kernel and vserver with its kernel patches seems the right thing for me. I will need to deploy a vserver based solution for a scalable (not too big for some while at least) virtual web site hosting (with cgi/perl/php/sql access). In this situation the stability of the kernel is one of the key components (as for a production server). Are there known issues with the patched vserver kernels? Can someone on this list confirm me a success story (with a production server) ? Thanks ---------------------------- Mihai RUSU Disclaimer: Any views or opinions presented within this e-mail are solely those of the author and do not necessarily represent those of any company, unless otherwise specifically stated. From vserver.error@solucorp.qc.ca Fri Feb 22 17:06:33 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1MM6WAh030338; Fri, 22 Feb 2002 17:06:32 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1MLX5g16066 for vserver.list; Fri, 22 Feb 2002 16:33:05 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from gadolinium.btinternet.com (gadolinium.btinternet.com [194.73.73.111]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1MLX4R16062 for ; Fri, 22 Feb 2002 16:33:05 -0500 Received: from host213-122-152-164.in-addr.btopenworld.com ([213.122.152.164] helo=john-new) by gadolinium.btinternet.com with esmtp (Exim 3.22 #8) id 16eNJP-0003Ca-00 for vserver@solucorp.qc.ca; Fri, 22 Feb 2002 21:33:03 +0000 Received: from 213.122.152.164 by john-new ([213.122.152.164] running VPOP3) with SMTP for ; Fri, 22 Feb 2002 21:32:44 -0000 From: "John Lyons" To: Subject: RE: [vserver] Having a small problem Date: Fri, 22 Feb 2002 21:32:43 -0000 Message-ID: <001c01c1bbe8$76ffb1c0$a4987ad5@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <000201c1bbd7$6cdefb80$0100a8c0@dad> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 174 > The / and /boot partitions are ext3 partitions. > > Does vserver support ext3? Yes, I've got our systems running on ext3 Regards John Lyons DomainCity http://www.domaincity.co.uk support@domaincity.co.uk ICQ 74187012 *********************************************************************** Please quote your account number in the subject line of all emails. Failure to do so may result in your enquiries taking longer to process. *********************************************************************** From vserver.error@solucorp.qc.ca Fri Feb 22 17:09:43 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1MM9gAh030359; Fri, 22 Feb 2002 17:09:43 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1MLecC16232 for vserver.list; Fri, 22 Feb 2002 16:40:38 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from gadolinium.btinternet.com (gadolinium.btinternet.com [194.73.73.111]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1MLebR16228 for ; Fri, 22 Feb 2002 16:40:37 -0500 Received: from host213-122-152-164.in-addr.btopenworld.com ([213.122.152.164] helo=john-new) by gadolinium.btinternet.com with esmtp (Exim 3.22 #8) id 16eNQh-00045V-00 for vserver@solucorp.qc.ca; Fri, 22 Feb 2002 21:40:36 +0000 Received: from 213.122.152.164 by john-new ([213.122.152.164] running VPOP3) with SMTP for ; Fri, 22 Feb 2002 21:40:12 -0000 From: "John Lyons" To: Subject: RE: [vserver] Really base(ic) RHL 7.2 system Date: Fri, 22 Feb 2002 21:40:10 -0000 Message-ID: <001d01c1bbe9$81a2f8c0$a4987ad5@johnnew> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_001E_01C1BBE9.81A2F8C0" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) In-Reply-To: Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 175 This is a multi-part message in MIME format. ------=_NextPart_000_001E_01C1BBE9.81A2F8C0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit > build other vservers. I'm trying to figure out what is the > minimum list > of packages I need to install to have a barely working vserver. Has > anyone already done this or can you point me at sources of information > on the topic? LOL, I've been here before. I've attached a list of packages that I've REMOVED from a RH7.2 default installation. I'm not saying that the list is perfect, there may be packages that you need to keep but it's not a bad starting point. To be fair if you're unifying the vservers later anyway there's not too much of an issue if you leave packages there that you don't need as they won't be taking up space. Regards John Lyons DomainCity http://www.domaincity.co.uk support@domaincity.co.uk ICQ 74187012 *********************************************************************** Please quote your account number in the subject line of all emails. Failure to do so may result in your enquiries taking longer to process. *********************************************************************** ------=_NextPart_000_001E_01C1BBE9.81A2F8C0 Content-Type: text/plain; name="rpm-e.txt" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="rpm-e.txt" dosfstools mkbootdisk setserial netconfig ed raidtools ghostscript-fonts mpage dhcpcd newt-devel slang-devel zlib-devel libpng-devel db1-devel gmp-devel krb5-devel libjpeg-devel libtermcap-devel lockdev-devel openssl-devel kudzu-devel audiofile-devel bzip2-devel rp-pppoe cdrecord-devel curl-devel cyrus-sasl-devel db3-devel e2fsprogs-devel expat-devel gd-devel gdbm-devel gpm-devel krbafs-devel libao-devel libogg-devel libtiff-devel libvorbis-devel mm-devel ncurses-devel openldap-devel pam-devel pciutils-devel pcre-devel python-devel readline-devel rpm-devel VFlib2-devel esound-devel gsm-devel mpg321 cdrecord swig rusers-server rusers telnet telnet-server mouseconfig sndconfig minicom rwho docbook-dtd40-sgml docbook-style-dsssl docbook-dtd41-sgml docbook-dtd31-sgml docbook-utils docbook-dtd30-sgml vorbis nkf cdp finger-server talk-server ttfonts-ja wvdial cipe tamago printconf vim-minimal vim-common foomatic up2date rhn_register texinfo urw-fonts a2ps alchemist XFree86-xfs XFree86-libs VFlib2 XFree86-libs lclint cvs statserial sox cdparanoia-alpha9.8-2 pnm2ppa wu-ftpd sendmail sendmail-cf radvd libvorbis libogg LPRng finger kudzu mt-st quota gsm reiserfs-utils mpg321 libao ppp esound arts audiofile awesfx cdda2wav lv micq lrzsz watanabe-vf playmidi cdlabelgen aumix efax hotplug units rsh-server rwall-server mailcap metamail openldap-clients nss_ldap anacron talk mkisofs flex isdn4k-utils sgml-tools perl-SGMLSpm openjade sgml-common ------=_NextPart_000_001E_01C1BBE9.81A2F8C0-- From vserver.error@solucorp.qc.ca Fri Feb 22 17:28:19 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1MMSIAh030505; Fri, 22 Feb 2002 17:28:18 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1MLpU116548 for vserver.list; Fri, 22 Feb 2002 16:51:30 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from protactinium.btinternet.com (protactinium.btinternet.com [194.73.73.176]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1MLpTR16544 for ; Fri, 22 Feb 2002 16:51:29 -0500 Received: from host213-122-152-164.in-addr.btopenworld.com ([213.122.152.164] helo=john-new) by protactinium.btinternet.com with esmtp (Exim 3.22 #8) id 16eNbD-0006xJ-00 for vserver@solucorp.qc.ca; Fri, 22 Feb 2002 21:51:27 +0000 Received: from 213.122.152.164 by john-new ([213.122.152.164] running VPOP3) with SMTP for ; Fri, 22 Feb 2002 21:51:08 -0000 From: "John Lyons" To: Subject: RE: [vserver] My first post Date: Fri, 22 Feb 2002 21:51:07 -0000 Message-ID: <002101c1bbeb$09363260$a4987ad5@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) In-Reply-To: Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 176 > a production server). Are there known issues with the patched vserver > kernels? Can someone on this list confirm me a success story (with a > production server) ? We're not quite up to production servers yet, we've been running ctx-5 since Dec 2001, they've had light usage from 6 different clients, including all of the usual building/compiling installing packages etc. So far both host servers have been up 70+ days each without problems. As I say only light usage but so far so good. Regards John Lyons DomainCity http://www.domaincity.co.uk support@domaincity.co.uk ICQ 74187012 *********************************************************************** Please quote your account number in the subject line of all emails. Failure to do so may result in your enquiries taking longer to process. *********************************************************************** From vserver.error@solucorp.qc.ca Fri Feb 22 17:50:30 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1MMoTAh030646; Fri, 22 Feb 2002 17:50:30 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1MMRjP17625 for vserver.list; Fri, 22 Feb 2002 17:27:45 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tincan.org ([216.64.180.202]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1MMRiR17621 for ; Fri, 22 Feb 2002 17:27:45 -0500 Received: from localhost (raanders@localhost) by tincan.org (8.9.3/8.8.7) with ESMTP id OAA15524 for ; Fri, 22 Feb 2002 14:27:42 -0800 Date: Fri, 22 Feb 2002 14:27:42 -0800 (PST) From: "Roderick A. Anderson" To: vserver@solucorp.qc.ca Subject: Re: [vserver] Having a small problem In-Reply-To: <000201c1bbd7$6cdefb80$0100a8c0@dad> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 177 On Fri, 22 Feb 2002, Ken Gehring wrote: > Does vserver support ext3? It must I have a system with ext3 files systems. I used a prebuilt kernel but seem to remember seeing mention of a patch to make ext3 work. Rod -- Let Accuracy Triumph Over Victory Zetetic Institute "David's Sling" Marc Stiegler From vserver.error@solucorp.qc.ca Fri Feb 22 18:19:49 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1MNJmAh030868; Fri, 22 Feb 2002 18:19:48 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1MMs9O18054 for vserver.list; Fri, 22 Feb 2002 17:54:09 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from protactinium.btinternet.com (protactinium.btinternet.com [194.73.73.176]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1MMs7R18050 for ; Fri, 22 Feb 2002 17:54:08 -0500 Received: from host213-122-76-91.in-addr.btopenworld.com ([213.122.76.91] helo=john-new) by protactinium.btinternet.com with esmtp (Exim 3.22 #8) id 16eOZq-0004tg-00 for vserver@solucorp.qc.ca; Fri, 22 Feb 2002 22:54:07 +0000 Received: from 213.122.76.91 by john-new ([213.122.76.91] running VPOP3) with SMTP for ; Fri, 22 Feb 2002 22:53:48 -0000 From: "John Lyons" To: Subject: RE: [vserver] Having a small problem Date: Fri, 22 Feb 2002 22:53:47 -0000 Message-ID: <002f01c1bbf3$ca029b20$a4987ad5@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) In-Reply-To: Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 178 > It must I have a system with ext3 files systems. I used a prebuilt > kernel but seem to remember seeing mention of a patch to make > ext3 work. >From memory there was a bug in the software that caused probs with ext3 file systems but that was fixed quite a few weeks ago. Regards John Lyons DomainCity http://www.domaincity.co.uk support@domaincity.co.uk ICQ 74187012 *********************************************************************** Please quote your account number in the subject line of all emails. Failure to do so may result in your enquiries taking longer to process. *********************************************************************** From vserver.error@solucorp.qc.ca Fri Feb 22 18:58:20 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1MNwJAh031256; Fri, 22 Feb 2002 18:58:20 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1MNbF618783 for vserver.list; Fri, 22 Feb 2002 18:37:15 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtp-send.myrealbox.com (smtp-send.myrealbox.com [192.108.102.143]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1MNbER18779 for ; Fri, 22 Feb 2002 18:37:14 -0500 Received: from dad kgehring@smtp-send.myrealbox.com [207.34.91.150] by smtp-send.myrealbox.com with Novell NIMS $Revision: 2.88 $ on Novell NetWare; Fri, 22 Feb 2002 16:37:12 -0700 Message-ID: <000b01c1bbf9$fe51a960$0100a8c0@dad> From: "Ken Gehring" To: References: <002f01c1bbf3$ca029b20$a4987ad5@johnnew> Subject: Re: [vserver] Having a small problem Date: Fri, 22 Feb 2002 16:38:10 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 179 OK, Lets backtrack a bit here. I'm going to start over with this from the begining Can someone check this procedure for getting vserver up and running. I have a system with a Highpoint raid array controller a wireless lan card (Linksys wpc11 in a pic controller) and an internal modem. 1) Install Redhat 7.1, install kernel 2.4.17 compile the kernel with support for the raid controller, ppp and ext3 file system. Wireless lan is set up as modules from the wlan-ng project. (all this works so far). 2) Convert /boot and / to ext3 with tune2fs tune2fs -j /dev/hda1 tune2fs -j /dev/hda6 Edit fstab to reflect the change froom ext2 to ext3 file systems. Reboot and all is still ok 3) Apply the patch-2.4.17ctx to the 2.4.14 kernel tree while in the /usr/src directory patch -p0 To: Sent: Friday, February 22, 2002 3:53 PM Subject: RE: [vserver] Having a small problem > > > It must I have a system with ext3 files systems. I used a prebuilt > > kernel but seem to remember seeing mention of a patch to make > > ext3 work. > > From memory there was a bug in the software that caused probs with ext3 file > systems but that was fixed quite a few weeks ago. > > Regards > > John Lyons > DomainCity > http://www.domaincity.co.uk > support@domaincity.co.uk > ICQ 74187012 > > *********************************************************************** > Please quote your account number in the subject line of all emails. > Failure to do so may result in your enquiries taking longer to process. > *********************************************************************** > > From vserver.error@solucorp.qc.ca Fri Feb 22 20:14:14 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1N1EDAh031827; Fri, 22 Feb 2002 20:14:14 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1N0rmS19962 for vserver.list; Fri, 22 Feb 2002 19:53:48 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tungsten.btinternet.com (tungsten.btinternet.com [194.73.73.81]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1N0rmR19958 for ; Fri, 22 Feb 2002 19:53:48 -0500 Received: from host213-122-138-217.in-addr.btopenworld.com ([213.122.138.217] helo=john-new) by tungsten.btinternet.com with esmtp (Exim 3.22 #8) id 16eQRe-00018V-00 for vserver@solucorp.qc.ca; Sat, 23 Feb 2002 00:53:47 +0000 Received: from 213.122.138.217 by john-new ([213.122.138.217] running VPOP3) with SMTP for ; Sat, 23 Feb 2002 00:53:29 -0000 From: "John Lyons" To: Subject: RE: [vserver] Having a small problem Date: Sat, 23 Feb 2002 00:53:28 -0000 Message-ID: <003801c1bc04$8209b590$a4987ad5@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <000b01c1bbf9$fe51a960$0100a8c0@dad> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 180 > 1) Install Redhat 7.1, install kernel 2.4.17 compile the > kernel with support for the raid controller, ppp and ext3 > file system. Wireless lan is set up as modules from the > wlan-ng project. (all this works so far). > 3) Apply the patch-2.4.17ctx to the 2.4.14 kernel tree while > in the /usr/src directory > patch -p0 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1N1N9Ah031905; Fri, 22 Feb 2002 20:23:09 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1N12QJ20137 for vserver.list; Fri, 22 Feb 2002 20:02:26 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtp-send.myrealbox.com (smtp-send.myrealbox.com [192.108.102.143]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1N12QR20133 for ; Fri, 22 Feb 2002 20:02:26 -0500 Received: from dad kgehring@smtp-send.myrealbox.com [207.34.91.150] by smtp-send.myrealbox.com with Novell NIMS $Revision: 2.88 $ on Novell NetWare; Fri, 22 Feb 2002 18:02:24 -0700 Message-ID: <000701c1bc05$e56bf340$0100a8c0@dad> From: "Ken Gehring" To: References: <003801c1bc04$8209b590$a4987ad5@johnnew> Subject: Re: [vserver] Having a small problem Date: Fri, 22 Feb 2002 18:03:23 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 181 Oops, a typo (thanks for pointing it out). Yes, the 2.4.17 kernel tree is used throughout. Sorry about that. After applying the patch, I've checked the config file to insure that everything is still where it is supposed to be. I also ran "make menuconfig" and checked the stuff (raid ext3 .....) that is important to me. It is all there. The point that I'm at right now is that the new kernel just doesn't seem to like the ext3 file system. It keeps thinking that it is an ext3 file system and the system boot fsck can't get past it. It seems that I'm missing something here. Ken ----- Original Message ----- From: John Lyons To: Sent: Friday, February 22, 2002 5:53 PM Subject: RE: [vserver] Having a small problem > > > 1) Install Redhat 7.1, install kernel 2.4.17 compile the > > kernel with support for the raid controller, ppp and ext3 > > file system. Wireless lan is set up as modules from the > > wlan-ng project. (all this works so far). > > > 3) Apply the patch-2.4.17ctx to the 2.4.14 kernel tree while > > in the /usr/src directory > > patch -p0 > Are you applying the patch to 2.4.14 or 2.4.17 (You say .14 above) > > Also you suggest that you've compiled .17 in 1) with support for raid. Have > you checked your config after applying that patch that you've still got raid > support selected in your conf file. ie applying the patch hasn't taken you > back to a kernel setup without raid support? > > Seems like a daft question, but you've added raid support in 1) but then > taken a new kernel source and patched it without stating that you've then > added raid, ppp and ext3 to the new kernel > > Regards > > John Lyons > DomainCity > http://www.domaincity.co.uk > support@domaincity.co.uk > ICQ 74187012 > > *********************************************************************** > Please quote your account number in the subject line of all emails. > Failure to do so may result in your enquiries taking longer to process. > *********************************************************************** > > > From vserver.error@solucorp.qc.ca Fri Feb 22 21:42:26 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1N2gPAh032588; Fri, 22 Feb 2002 21:42:25 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1N2MJf21499 for vserver.list; Fri, 22 Feb 2002 21:22:19 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from main.cyber-office.net (main.cyber-office.net [216.64.180.226]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1N2MJR21495 for ; Fri, 22 Feb 2002 21:22:19 -0500 Received: from localhost (raanders@localhost) by main.cyber-office.net (8.11.6/linuxconf) with ESMTP id g1N2Sqo19003 for ; Fri, 22 Feb 2002 18:28:52 -0800 X-Authentication-Warning: main.cyber-office.net: raanders owned process doing -bs Date: Fri, 22 Feb 2002 18:28:52 -0800 (PST) From: "Roderick A. Anderson" X-X-Sender: To: Subject: RE: [vserver] Really base(ic) RHL 7.2 system In-Reply-To: <001d01c1bbe9$81a2f8c0$a4987ad5@johnnew> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 182 On Fri, 22 Feb 2002, John Lyons wrote: > LOL, I've been here before. > > I've attached a list of packages that I've REMOVED from a RH7.2 default > installation. > I'm not saying that the list is perfect, there may be packages that you need > to keep but it's not a bad starting point. Took a quick look and it looks like the stuff I was thinking of 'not' installing with one exception, sendmail? A reason for no sendmail in a virtual server? Rod -- Why is it so easy to throw caution to the wind. Shouldn't it be heavier and shaped like an anvil? Jon Anderson From vserver.error@solucorp.qc.ca Sat Feb 23 07:17:48 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1NCHkAh010903; Sat, 23 Feb 2002 07:17:47 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1NBoYW29363 for vserver.list; Sat, 23 Feb 2002 06:50:34 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from gadolinium.btinternet.com (gadolinium.btinternet.com [194.73.73.111]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1NBoXR29359 for ; Sat, 23 Feb 2002 06:50:33 -0500 Received: from host213-122-77-166.in-addr.btopenworld.com ([213.122.77.166] helo=john-new) by gadolinium.btinternet.com with esmtp (Exim 3.22 #8) id 16eahE-00065k-00 for vserver@solucorp.qc.ca; Sat, 23 Feb 2002 11:50:33 +0000 Received: from 213.122.77.166 by john-new ([213.122.77.166] running VPOP3) with SMTP for ; Sat, 23 Feb 2002 11:50:14 -0000 From: "John Lyons" To: Subject: RE: [vserver] Really base(ic) RHL 7.2 system Date: Sat, 23 Feb 2002 11:50:13 -0000 Message-ID: <000501c1bc60$4160cdb0$a64d7ad5@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) In-Reply-To: Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 183 > Took a quick look and it looks like the stuff I was thinking of 'not' > installing with one exception, sendmail? A reason for no > sendmail in a > virtual server? We're trying out exim as it seems to be a better package for us. Regards John Lyons DomainCity http://www.domaincity.co.uk support@domaincity.co.uk ICQ 74187012 *********************************************************************** Please quote your account number in the subject line of all emails. Failure to do so may result in your enquiries taking longer to process. *********************************************************************** From vserver.error@solucorp.qc.ca Sat Feb 23 09:01:11 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1NE0tAh011706; Sat, 23 Feb 2002 09:00:56 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1NDbDA30670 for vserver.list; Sat, 23 Feb 2002 08:37:13 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from Tempo.Update.UU.SE (Tempo.Update.UU.SE [130.238.19.17]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1NDbCR30665 for ; Sat, 23 Feb 2002 08:37:13 -0500 Received: from Tempo.Update.UU.SE (jerker@localhost [127.0.0.1]) by Tempo.Update.UU.SE (8.12.1/8.12.1/Update-Iltempogigante) with ESMTP id g1NDbCgp029459 for ; Sat, 23 Feb 2002 14:37:12 +0100 Received: from localhost (jerker@localhost) by Tempo.Update.UU.SE (8.12.1/8.12.1/Update-Iltempogigante-submit) with ESMTP id g1NDbBnF029455 for ; Sat, 23 Feb 2002 14:37:11 +0100 X-Authentication-Warning: Tempo.Update.UU.SE: jerker owned process doing -bs Date: Sat, 23 Feb 2002 14:37:11 +0100 (CET) From: Jerker Nyberg To: vserver@solucorp.qc.ca Subject: Re: [vserver] Really base(ic) RHL 7.2 system In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 184 Hello Roderick, I have only been experimenting with vserver a little, but I did something like that, built an small system from the Red Hat 7.2 installation from scratch a few months ago. I include the installation-script in the end of this mail. It is ugly, I know, but it seemed to get the job done for me anyway. :-) What really would like to do is to run the Red Hat kickstart-installation in a virtual server some way, but I guess this will do until then. Or at least have a tool that will take a name of a package and then install all the packages it is depending on first. As you can see below I just experimented my way through the dependencies. The script would like all the Red Hat 7.2 RPMs (or symlinks to them) in "/disk1/rh72allrpms/". The reference-server (that the others get unified to) is called "experiment". You can change those in the script. You may need to change the script to use it with the latest vserver, I used vserver-0.7-1 and kernel-2.4.16ctx-4. I used the script like this (it will take some time to run it). ./create.rpm.sh experiment 10 127.0.0.10 ./create.rpm.sh vserver1 11 127.0.0.11 ./create.rpm.sh vserver2 12 127.0.0.12 ./create.rpm.sh vserver3 13 127.0.0.13 ./create.rpm.sh vserver4 14 127.0.0.14 ./create.rpm.sh vserver5 15 127.0.0.15 /etc/init.d/vserver start And after I created a correct /etc/hosts on the host system I could do "ssh vserver1 -l root" and using "vserver1" as password. If you add any new RPMs in the script you can just run it again with the same arguments. Regards, Jerker Nyberg. Uppsala Sweden. On Fri, 22 Feb 2002, Roderick A. Anderson wrote: > I've come to this list kind of late in my experience so I have a server > running vserver kernel-2.4.16ctx-4 (I think). I installed > vmlinuz-2.4.17ctx-7 but can't remeber if I restarted the server using it > (not the default setting). > While setting the system up I made some less than optimal - for a > unified vserver - configurations choices. I think I can recover from > these without taking the system down. But before doing that I want get > my stuff in order. > My plan is to create a very basic server setup that I can use to > build other vservers. I'm trying to figure out what is the minimum list > of packages I need to install to have a barely working vserver. Has > anyone already done this or can you point me at sources of information > on the topic? - - - #!/bin/bash if test "$#" != "3" ; then echo Usage: $0 name_of_server_root number IP-address exit fi VSNAME=$1 S_CONTEXT=$2 IPROOT=$3 REFERENCE=experiment VSROOT=/vservers/$1 RPMDIR=/disk1/rh72allrpms/ INSTALLEDRPMS=/root/installed.rpms.txt if test ! -e /etc/vservers/${1}.conf ; then echo Createing /etc/vservers/${1}.conf cat >/etc/vservers/${1}.conf </dev/null for i in $* ; do if rpm -q --root=$VSROOT $i &>/dev/null; then #echo "redan installerat $i" echo -n "" else if test "$RPMTOINSTALL" != "" ; then RPMTOINSTALL=$RPMTOINSTALL" "$i else RPMTOINSTALL=$i fi fi done if test "$RPMTOINSTALL" != "" ; then if echo $RPMTOINSTALL | grep ' ' &>/dev/null; then RPMLISTA='{'`echo $RPMTOINSTALL | sed 's/ /,/g'`'}' else RPMLISTA=$RPMTOINSTALL fi eval rpm -ivh $ARGUMENT --root=$VSROOT $RPMDIR/${RPMLISTA}-{0,1,2,3,4,5,6,7,8,9}*.rpm #echo rpm -ivh $ARGUMENT --root=$VSROOT $RPMDIR/${RPMLISTA}-{0,1,2,3,4,5,6,7,8,9}*.rpm echo $RPMTOINSTALL >>$VSROOT/$INSTALLEDRPMS fi popd &>/dev/null c} function create_device () { if test ! -e $VSROOT/$1 ; then mknod $VSROOT/$1 $2 $3 $4 chmod $5 $VSROOT/$1 fi } if test ! -d $VSROOT ; then mkdir $VSROOT fi if test ! -d $VSROOT/var/lib/rpm ; then mkdir -p $VSROOT/var/lib/rpm fi install_rpm glibc basesystem glibc-common setup filesystem install_rpm bash mktemp libtermcap termcap install_rpm info ncurses install_rpm shadow-utils install_rpm fileutils install_rpm textutils install_rpm grep sed gawk install_rpm iputils install_rpm iproute install_rpm which install_rpm zlib db1 db2 db3 popt glib bzip2-libs install_rpm cracklib cracklib-dicts words install_rpm chkconfig install_rpm diffutils install_rpm mount install_rpm procps install_rpm pwdb install_rpm mingetty install_rpm e2fsprogs install_rpm logrotate install_rpm sysklogd install_rpm psmisc install_rpm modutils install_rpm SysVinit pam initscripts util-linux sh-utils ## install_rpm rpm install_rpm perl gdbm # install_rpm openssl install_rpm openssh openssh-server openssh-clients ## install_rpm readline install_rpm gmp install_rpm python # install_rpm file install_rpm findutils install_rpm mm install_rpm apache mailcap ## install_rpm mod_php mod_perl ## install_rpm less install_rpm libstdc++ install_rpm groff install_rpm man ## install_rpm telnet ## install_rpm indexhtml install_rpm lynx ## install_rpm emacs emacs-nox ## install_rpm net-tools ## install_rpm gzip tar install_rpm binutils cpp install_rpm losetup install_rpm mkinitrd install_rpm kernel install_rpm glibc-devel kernel-headers install_rpm libstdc++ libstdc++-devel install_rpm gcc gcc-c++ ## install_rpm ftp ncftp ## install_rpm xinetd # install_rpm telnet-server ## install_rpm wu-ftpd ## install_rpm cyrus-sasl-plain cyrus-sasl-md5 cyrus-sasl install_rpm procmail install_rpm krb5-libs install_rpm openldap install_rpm sendmail ## install_rpm passwd ## install_rpm newt newt-devel install_rpm slang slang-devel install_rpm authconfig ## install_rpm slocate ## chroot $VSROOT &>/dev/null <$VSROOT/etc/hosts <$VSROOT/etc/sysconfig/network <$VSROOT/etc/fstab <$VSROOT/etc/mtab < Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1NGXrAh012614; Sat, 23 Feb 2002 11:33:54 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1NFr3r00735 for vserver.list; Sat, 23 Feb 2002 10:53:03 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from main.cyber-office.net (main.cyber-office.net [216.64.180.226]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1NFr3R00731 for ; Sat, 23 Feb 2002 10:53:03 -0500 Received: from localhost (raanders@localhost) by main.cyber-office.net (8.11.6/linuxconf) with ESMTP id g1NFxdv21448 for ; Sat, 23 Feb 2002 07:59:39 -0800 X-Authentication-Warning: main.cyber-office.net: raanders owned process doing -bs Date: Sat, 23 Feb 2002 07:59:39 -0800 (PST) From: "Roderick A. Anderson" X-X-Sender: To: Subject: Re: [vserver] Really base(ic) RHL 7.2 system In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 185 On Sat, 23 Feb 2002, Jerker Nyberg wrote: > I have only been experimenting with vserver a little, but I did something > like that, built an small system from the Red Hat 7.2 installation from > scratch a few months ago. > > I include the installation-script in the end of this mail. It is ugly, I > know, but it seemed to get the job done for me anyway. :-) Looks pretty nice with a quick glance. I really appreciate you sharing this. One of the 'problems' with being cutting edge is sometimes you have to make the knife and wetstone. :-) Cheers, Rod -- Why is it so easy to throw caution to the wind. Shouldn't it be heavier and shaped like an anvil? Jon Anderson From vserver.error@solucorp.qc.ca Sun Feb 24 04:27:45 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1O9RiAh015199; Sun, 24 Feb 2002 04:27:45 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1O8wjb17167 for vserver.list; Sun, 24 Feb 2002 03:58:45 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from n010080.nbs.netland.nl (n010123.nbs.netland.nl [217.170.46.123] (may be forged)) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1O8whR17163 for ; Sun, 24 Feb 2002 03:58:44 -0500 Received: from office.netland.nl (shocks [192.168.11.25]) by n010080.nbs.netland.nl (8.11.0/8.11.0) with ESMTP id g1O8wgw01629 for ; Sun, 24 Feb 2002 09:58:43 +0100 Message-ID: <3C78AB3B.2000402@office.netland.nl> Date: Sun, 24 Feb 2002 09:58:35 +0100 From: Ron Arts Organization: Netland Internet Services User-Agent: Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:0.9.8) Gecko/20020204 X-Accept-Language: nl, en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] Vserver and wlan References: <041301c1b278$acd0a8a0$8201a8c0@iris> <000b01c1b8e8$9c130460$0100a8c0@dad> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms040202020205030405080802" Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 186 This is a cryptographically signed message in MIME format. --------------ms040202020205030405080802 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Ken Gehring wrote: > Has anyone tried to get the vserver working with a wireless lan (wlan)? > > > > I keep getting "Can't set ipv4 root" > > > > Any ideas or suggestions? > > > > Ken > > > Ken, I'm running it on a wlan. No problems at all. Ron --------------ms040202020205030405080802 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJZzCC AxkwggKCoAMCAQICAwbOTzANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCWkExFTATBgNV BAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMQ8wDQYDVQQKEwZUaGF3dGUx HTAbBgNVBAsTFENlcnRpZmljYXRlIFNlcnZpY2VzMSgwJgYDVQQDEx9QZXJzb25hbCBGcmVl bWFpbCBSU0EgMjAwMC44LjMwMB4XDTAyMDIyMDIxMDE1MFoXDTAzMDIyMDIxMDE1MFowXDEN MAsGA1UEBBMEQXJ0czERMA8GA1UEKhMIUm9uIFIuQS4xFjAUBgNVBAMTDVJvbiBSLkEuIEFy dHMxIDAeBgkqhkiG9w0BCQEWEXJhYXJ0c0BuZXRsYW5kLm5sMIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEA7vEsfUlWImQyVwQzmllJxPF1C39glLXkQrBwHvjrAmE3TgDVJXYN 7JCSTn8T2NUU4LTv8kzv7BC7+UrMKwYil3pAEhExGadcHSQ9zQSk7nhy1ElUzup0CtAgmCKC 48j2Mj9xwcb5hzXBLv+HoGDxhPjGpU2IHl7e++XY5x+B4ilgiv4br7mZQuZ/uoEIXcHd3ewO uKaj61L3U7+dxp35jS6tbc3M7drrJZ3i9CFvIowRk0AMWI+9GfAjdqFzYdt0meojqngTUgqf 1yB7KvXhXsFUWt/HHurRs5dQanAPkmOmq4y/0xqEoBg+zWi1y/rYvFVsCUiBD4kaG3PCbRY6 UQIDAQABoy4wLDAcBgNVHREEFTATgRFyYWFydHNAbmV0bGFuZC5ubDAMBgNVHRMBAf8EAjAA MA0GCSqGSIb3DQEBBAUAA4GBAKXLn6h6nxmhVK5MNaMuZRPFpSV3AO3kjXLOIQ/yZy/RhURJ 5FasQJRaWTMxAoxLpySWpKjBKtW7YprkLQUvZhuttqPrFXugfi3Up0tbZxjfyuIFxoa/RiGn t1o9uSHyEikJQuFVq7JIK+fGnzqie9vMnwzIM1tUeP1VKLRbLp5RMIIDGTCCAoKgAwIBAgID Bs5PMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBD YXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xDzANBgNVBAoTBlRoYXd0ZTEdMBsGA1UECxMUQ2Vy dGlmaWNhdGUgU2VydmljZXMxKDAmBgNVBAMTH1BlcnNvbmFsIEZyZWVtYWlsIFJTQSAyMDAw LjguMzAwHhcNMDIwMjIwMjEwMTUwWhcNMDMwMjIwMjEwMTUwWjBcMQ0wCwYDVQQEEwRBcnRz MREwDwYDVQQqEwhSb24gUi5BLjEWMBQGA1UEAxMNUm9uIFIuQS4gQXJ0czEgMB4GCSqGSIb3 DQEJARYRcmFhcnRzQG5ldGxhbmQubmwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQDu8Sx9SVYiZDJXBDOaWUnE8XULf2CUteRCsHAe+OsCYTdOANUldg3skJJOfxPY1RTgtO/y TO/sELv5SswrBiKXekASETEZp1wdJD3NBKTueHLUSVTO6nQK0CCYIoLjyPYyP3HBxvmHNcEu /4egYPGE+MalTYgeXt775djnH4HiKWCK/huvuZlC5n+6gQhdwd3d7A64pqPrUvdTv53GnfmN Lq1tzczt2uslneL0IW8ijBGTQAxYj70Z8CN2oXNh23SZ6iOqeBNSCp/XIHsq9eFewVRa38ce 6tGzl1BqcA+SY6arjL/TGoSgGD7NaLXL+ti8VWwJSIEPiRobc8JtFjpRAgMBAAGjLjAsMBwG A1UdEQQVMBOBEXJhYXJ0c0BuZXRsYW5kLm5sMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEE BQADgYEApcufqHqfGaFUrkw1oy5lE8WlJXcA7eSNcs4hD/JnL9GFREnkVqxAlFpZMzECjEun JJakqMEq1btimuQtBS9mG622o+sVe6B+LdSnS1tnGN/K4gXGhr9GIae3Wj25IfISKQlC4VWr skgr58afOqJ728yfDMgzW1R4/VUotFsunlEwggMpMIICkqADAgECAgEMMA0GCSqGSIb3DQEB BAUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlD YXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZp Y2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtUaGF3dGUgUGVyc29uYWwgRnJl ZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZyZWVtYWlsQHRoYXd0ZS5jb20w HhcNMDAwODMwMDAwMDAwWhcNMDIwODI5MjM1OTU5WjCBkjELMAkGA1UEBhMCWkExFTATBgNV BAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMQ8wDQYDVQQKEwZUaGF3dGUx HTAbBgNVBAsTFENlcnRpZmljYXRlIFNlcnZpY2VzMSgwJgYDVQQDEx9QZXJzb25hbCBGcmVl bWFpbCBSU0EgMjAwMC44LjMwMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeMzKmY8cJ JUU+0m54J2eBxdqIGYKXDuNEKYpjNSptcDz63K737nRvMLwzkH/5NHGgo22Y8cNPomXbDfpL 8dbdYaX5hc1VmjUanZJ1qCeu2HL5ugL217CR3hzpq+AYA6h8Q0JQUYeDPPA5tJtUihOH/7Ob nUlmAC0JieyUa+mhaQIDAQABo04wTDApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0 ZUxhYmVsMS0yOTcwEgYDVR0TAQH/BAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJKoZIhvcN AQEEBQADgYEAcxtvJmWL/xU0S1liiu1EvknH6A27j7kNaiYqYoQfuIdjdBxtt88aU5FL4c3m ONntUPQ6bDSSrOaSnG7BIwHCCafvS65y3QZn9VBvLli4tgvBUFe17BzX7xe21Yibt6KIGu05 Wzl9NPy2lhglTWr0ncXDkS+plrgFPFL83eliA0gxggMnMIIDIwIBATCBmjCBkjELMAkGA1UE BhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMQ8wDQYD VQQKEwZUaGF3dGUxHTAbBgNVBAsTFENlcnRpZmljYXRlIFNlcnZpY2VzMSgwJgYDVQQDEx9Q ZXJzb25hbCBGcmVlbWFpbCBSU0EgMjAwMC44LjMwAgMGzk8wCQYFKw4DAhoFAKCCAWEwGAYJ KoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDIwMjI0MDg1ODM3WjAj BgkqhkiG9w0BCQQxFgQUk2+n9qMHSsFB/R6CtJ9OfDYGgGEwUgYJKoZIhvcNAQkPMUUwQzAK BggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYI KoZIhvcNAwICASgwga0GCyqGSIb3DQEJEAILMYGdoIGaMIGSMQswCQYDVQQGEwJaQTEVMBMG A1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xDzANBgNVBAoTBlRoYXd0 ZTEdMBsGA1UECxMUQ2VydGlmaWNhdGUgU2VydmljZXMxKDAmBgNVBAMTH1BlcnNvbmFsIEZy ZWVtYWlsIFJTQSAyMDAwLjguMzACAwbOTzANBgkqhkiG9w0BAQEFAASCAQCI8v2EIlVSiwec ZjrWX/ctdnkafTxxu6tvDcRLJnOW8/v9oqthpzwDAgXKcSs8+5MWmOBVePqACWIPEeRgVdMK L7e9o1sIB+3cy/yeNCsIukBUyuWYH9rZ1GPoQg7NnGZac7PibiE4WXDFRNB0wfansNUMVJXH kENKV4fH4PRFvBCSUFpAO4aBGJZBvhlz7sVx1JWIxrEjP/DLFxSyppSs4SFGqr7Tws8jGi6i qlpBEx1/GKRLmTfq+ce/IE80ixvpv1eSMq2SrUwZLYjKXUGSyy49MmGBzB5Ss+CfkF8wQQpW g6IM01EaAeolpjqA5GfOjbyYzfQRULXs1hMV1031AAAAAAAA --------------ms040202020205030405080802-- From vserver.error@solucorp.qc.ca Mon Feb 25 06:04:45 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1PB4iAh027077; Mon, 25 Feb 2002 06:04:44 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1PAWZX14200 for vserver.list; Mon, 25 Feb 2002 05:32:35 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1PAWXR14196 for ; Mon, 25 Feb 2002 05:32:34 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id B44611000 for ; Mon, 25 Feb 2002 11:32:27 +0100 (CET) Subject: [vserver] unify check/ disk usage From: klavs klavsen To: Vserver Mailinglist Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-GqLzuve3rQ7B5m1YWt4i" X-Mailer: Evolution/1.0.2 Date: 25 Feb 2002 11:32:27 +0100 Message-Id: <1014633148.1664.14.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 187 --=-GqLzuve3rQ7B5m1YWt4i Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi guys, Here comes a long list of questions, sorry for the inconvenience but I hope you can find the time to answer. I'll try to gather all the information from this and earlier emailings into some additions to the FAQ, to help all new vserver users - and possible add some clever tips/usage to old users :-) I was wondering, if any of you know way I could: 1) get the disk usage of a vserver (the real one - discounting unified files). 2) get a list of files, that is not unified (or a list of files that are?) - this way I could easily check for changes in a vserver - such as evidence of hackers and such. 3) I have several vservers running now, and if I add some files to my root server, how can I easily hardlink them to the vservers I want to be able to access it? ln ? (this is to save disk space). btw. I'm looking into how to get Samba running under a vserver, as I consider it one of the rather dangerous services to run and I would therefore like it to be run under a vserver.. any tips or experiences with this? I've heard there were some problems with the smb broadcasts? why is this? Can I do anything about it (add a capability, like what fixes the Bind issue?). Thank you in advance. --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-GqLzuve3rQ7B5m1YWt4i Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8ehK64c1kHlhtW8oRArH9AJ0VHZQRpCQEZq2i79BfSngxUhNhgQCfZZhg zazjSpO0QZ/KiSjGqDTsAuY= =x3g2 -----END PGP SIGNATURE----- --=-GqLzuve3rQ7B5m1YWt4i-- From vserver.error@solucorp.qc.ca Mon Feb 25 06:26:35 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1PBQYAh027157; Mon, 25 Feb 2002 06:26:34 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1PB09w14766 for vserver.list; Mon, 25 Feb 2002 06:00:09 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1PB09R14762 for ; Mon, 25 Feb 2002 06:00:09 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id BCD391000 for ; Mon, 25 Feb 2002 12:00:08 +0100 (CET) Subject: [vserver] X under a vserver? From: klavs klavsen To: Vserver Mailinglist Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-+6fRiCNVaGEJRxPNiPgf" X-Mailer: Evolution/1.0.2 Date: 25 Feb 2002 12:00:08 +0100 Message-Id: <1014634808.1664.21.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 188 --=-+6fRiCNVaGEJRxPNiPgf Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi guys, I have a portable machine, which I also use as a server (a presentation server). I wanted to run X on it, cause I do like to surf from it once in a while, but I don't want this "nasty" habit, to put my server at risk. This made me think of running the X under a vserver - and I've created an vserver called xsrv. I've set the inittab to 5 in it, but that didn't start up the X on F7 as it usually does. I then tried to enter the vserver, and su - klavs and then run startx.. it complained about me not owning the console (which is probably right, as I enter the vserver when I was root. when I run startx as root, it says failed to open /dev/mem (it's a Warning from xf86ReadBIOS), and fails on xf86OpenConsole: Cannot open /dev/tty0 (no such file or directory). Do you have any tips, as how I could get this up and running, as myself - or can it only be done as root in the vserver? or can't it be done at all? --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-+6fRiCNVaGEJRxPNiPgf Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8ehk44c1kHlhtW8oRAlPwAKChH/KzC6GYygz+XuWuXwLFlsOJFACglh0G E99zP62MrAg5WhE2VB6UmCA= =uYQp -----END PGP SIGNATURE----- --=-+6fRiCNVaGEJRxPNiPgf-- From vserver.error@solucorp.qc.ca Mon Feb 25 09:30:10 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1PEU9Ah028347; Mon, 25 Feb 2002 09:30:09 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1PE6NE18114 for vserver.list; Mon, 25 Feb 2002 09:06:23 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from hotmail.com (oe68.pav1.hotmail.com [64.4.30.203]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1PE6MR18110 for ; Mon, 25 Feb 2002 09:06:22 -0500 Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 25 Feb 2002 06:06:22 -0800 X-Originating-IP: [207.253.4.2] From: "Patrick LeBoutillier" To: Subject: [vserver] Unification bug? Date: Mon, 25 Feb 2002 09:06:24 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Message-ID: X-OriginalArrivalTime: 25 Feb 2002 14:06:22.0345 (UTC) FILETIME=[9ABFA790:01C1BE05] Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 189 Hi, I have a few vservers that are unified. When installing a Perl module in one of the vservers, I get an error which I can reproduce with the following simpler command. [root@devweb DateManip-5.40]# echo toto >> /usr/lib/perl5/5.6.0/i386-linux/perllocal.pod bash: /usr/lib/perl5/5.6.0/i386-linux/perllocal.pod: Permission denied The file is as follows: [root@devweb DateManip-5.40]# ls -l /usr/lib/perl5/5.6.0/i386-linux/perllocal.pod -rw-r--r-- 8 root root 218 Mar 23 2001 /usr/lib/perl5/5.6.0/i386-linux/perllocal.pod I am logged on as root but can't seem to append to the specified file. But if I open the file and save it with vi, then the problem goes away. Anyone have a clue? Thanks a lot, ------------------------- Patrick LeBoutillier Laval, Quebec, Canada From vserver.error@solucorp.qc.ca Mon Feb 25 12:33:45 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1PHXhAh029934; Mon, 25 Feb 2002 12:33:44 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1PH43V22576 for vserver.list; Mon, 25 Feb 2002 12:04:03 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from localhost.localdomain (pia153-99.pioneernet.net [66.114.153.99]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1PH43R22572 for ; Mon, 25 Feb 2002 12:04:03 -0500 Received: from openwebmail (casonmaster [127.0.0.1]) by localhost.localdomain (8.11.6/8.11.6) with ESMTP id g1PH6DX29277 for ; Mon, 25 Feb 2002 09:06:14 -0800 From: "Wray Cason" To: "VServer Mailing List" Subject: [vserver] Date: Mon, 25 Feb 2002 09:06:13 -0800 Message-Id: <20020225090613.A63640@auxiliumcomputing.com> X-Mailer: Open WebMail 1.53 20020112 X-OriginatingIP: 192.168.0.2 (auxiliumcomputing) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 190 I have servers with multiple ethernet interfaces. I have found that without a NAT workaround, I can't get proper default routing for all vservers as some are bound to the interface with the actual default gateway and other aren't and therefore can't reach the default gateway. Is this a question that is being addressed? Alternatively, am I missing something? Thanks. -- Wray Cason "Wrayman" Auxilium Computing www.auxiliumcomputing.com wrayman@auxiliumcomputing.com main: 206-595-2080 fax: 425-895-9825 From vserver.error@solucorp.qc.ca Mon Feb 25 13:11:05 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1PIB4Ah030386; Mon, 25 Feb 2002 13:11:05 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1PHtEm23698 for vserver.list; Mon, 25 Feb 2002 12:55:14 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from protactinium.btinternet.com (protactinium.btinternet.com [194.73.73.176]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1PHtDR23693 for ; Mon, 25 Feb 2002 12:55:13 -0500 Received: from host213-1-130-224.btinternet.com ([213.1.130.224] helo=john-new) by protactinium.btinternet.com with esmtp (Exim 3.22 #8) id 16fPLD-0006Gm-00 for vserver@solucorp.qc.ca; Mon, 25 Feb 2002 17:55:11 +0000 Received: from 192.168.0.1 by john-new ([192.168.0.1] running VPOP3) with SMTP for ; Mon, 25 Feb 2002 17:54:54 -0000 From: "John Lyons" To: Subject: RE: [vserver] Date: Mon, 25 Feb 2002 17:54:53 -0000 Message-ID: <006801c1be25$8795e6a0$0100a8c0@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <20020225090613.A63640@auxiliumcomputing.com> Importance: Normal X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 191 > I have servers with multiple ethernet interfaces. I have > found that without > a NAT workaround, I can't get proper default routing for all > vservers as > some are bound to the interface with the actual default > gateway and other > aren't and therefore can't reach the default gateway. Is > this a question > that is being addressed? Alternatively, am I missing > something? Thanks. Sorry, I'm not an expert on this area but you can select which ethernet interface a vs binds to via the /etc/vservers/ conf file. I'd have thought that you can set the default gateway within each vs or it would be picked up from the eth settings? J From vserver.error@solucorp.qc.ca Mon Feb 25 13:39:37 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1PIdZAh030657; Mon, 25 Feb 2002 13:39:36 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1PIJnT24287 for vserver.list; Mon, 25 Feb 2002 13:19:49 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from localhost.localdomain (pia153-99.pioneernet.net [66.114.153.99]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1PIJmR24283 for ; Mon, 25 Feb 2002 13:19:48 -0500 Received: from openwebmail (casonmaster [127.0.0.1]) by localhost.localdomain (8.11.6/8.11.6) with ESMTP id g1PIM4X02245 for ; Mon, 25 Feb 2002 10:22:04 -0800 From: "Wray Cason" To: vserver@solucorp.qc.ca Subject: RE: [vserver] Date: Mon, 25 Feb 2002 10:22:04 -0800 Message-Id: <20020225102204.A43602@auxiliumcomputing.com> In-Reply-To: <006801c1be25$8795e6a0$0100a8c0@johnnew> References: <20020225090613.A63640@auxiliumcomputing.com> X-Mailer: Open WebMail 1.53 20020112 X-OriginatingIP: 192.168.0.2 (auxiliumcomputing) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 192 > > I have servers with multiple ethernet interfaces. I have > > found that without > > a NAT workaround, I can't get proper default routing for all > > vservers as > > some are bound to the interface with the actual default > > gateway and other > > aren't and therefore can't reach the default gateway. Is > > this a question > > that is being addressed? Alternatively, am I missing > > something? Thanks. > > Sorry, I'm not an expert on this area but you can select which > ethernet interface a vs binds to via the /etc/vservers/ conf > file. I'd have thought that you can set the default gateway > within each vs or it would be picked up from the eth settings? > > J Can default routes be set within each vserver? That would be exactly what I need. That can't be done as far as I know. The base server routing is useless since the vserver is made unaware of all networks except the one it is bound to. -- Wray Cason "Wrayman" Auxilium Computing www.auxiliumcomputing.com wrayman@auxiliumcomputing.com main: 206-595-2080 fax: 425-895-9825 From vserver.error@solucorp.qc.ca Mon Feb 25 14:05:44 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1PJ5hAh030916; Mon, 25 Feb 2002 14:05:44 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1PInHf24955 for vserver.list; Mon, 25 Feb 2002 13:49:17 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tux.rsn.bth.se (tux.rsn.bth.se [194.47.143.135]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1PInHR24951 for ; Mon, 25 Feb 2002 13:49:17 -0500 Received: from localhost (gandalf@localhost [127.0.0.1]) by tux.rsn.bth.se (8.12.1/8.12.1/Debian -5) with ESMTP id g1PIn9Eu029853 for ; Mon, 25 Feb 2002 19:49:09 +0100 Date: Mon, 25 Feb 2002 19:49:09 +0100 (CET) From: Martin Josefsson X-Sender: gandalf@tux.rsn.bth.se To: vserver@solucorp.qc.ca Subject: RE: [vserver] In-Reply-To: <20020225102204.A43602@auxiliumcomputing.com> Message-ID: X-message-flag: Get yourself a real mail client! http://www.washington.edu/pine/ MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 193 On Mon, 25 Feb 2002, Wray Cason wrote: > > > I have servers with multiple ethernet interfaces. I have > > > found that without > > > a NAT workaround, I can't get proper default routing for all > > > vservers as > > > some are bound to the interface with the actual default > > > gateway and other > > > aren't and therefore can't reach the default gateway. Is > > > this a question > > > that is being addressed? Alternatively, am I missing > > > something? Thanks. > > > > Sorry, I'm not an expert on this area but you can select which > > ethernet interface a vs binds to via the /etc/vservers/ conf > > file. I'd have thought that you can set the default gateway > > within each vs or it would be picked up from the eth settings? > > > > J > Can default routes be set within each vserver? That would be exactly what I > need. That can't be done as far as I know. The base server routing is > useless since the vserver is made unaware of all networks except the one it > is bound to. No you can't set default routes in vserver what you need is somewhat more advanced routing in the real server. say that you have eth0 which is the default interface for which you have a default gateway configured and now you want a vserver to use eth1 instead, then maybe somethine like this can help. ip rule add from table 200 ip route add dev eth1 table 200 ip route add default via dev eth1 table 200 replace with the ipaddress the vserver is using. is something like 192.168.1.0/24 is maybe 192.168.1.1 ? replace with actual default gateway. if you have several vserver that should use eth1 but diffrent ipaddresses and those addresses are located in the same subnet you can add more 'ip rule' rows, one for each ip. and if you have vserver that use an ipaddress on eth1 that's part of another subnet you have to add all these 3 rules but change the table number from 200 to something diffrent, say 201. I hope this helps. /Martin Never argue with an idiot. They drag you down to their level, then beat you with experience. From vserver.error@solucorp.qc.ca Mon Feb 25 20:49:35 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1Q1nYAh002184; Mon, 25 Feb 2002 20:49:34 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1Q1Vvp00770 for vserver.list; Mon, 25 Feb 2002 20:31:57 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtp-send.myrealbox.com (smtp-send.myrealbox.com [192.108.102.143]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1Q1VuR00766 for ; Mon, 25 Feb 2002 20:31:56 -0500 Received: from dad kgehring@smtp-send.myrealbox.com [209.115.205.151] by smtp-send.myrealbox.com with Novell NIMS $Revision: 2.88 $ on Novell NetWare; Mon, 25 Feb 2002 18:31:55 -0700 Message-ID: <000901c1be65$8de5b360$0100a8c0@dad> From: "Ken Gehring" To: References: <003801c1bc04$8209b590$a4987ad5@johnnew> <000701c1bc05$e56bf340$0100a8c0@dad> Subject: Re: [vserver] Having a small problem Solved Date: Mon, 25 Feb 2002 18:33:10 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 194 Well, I managed to get the vserver up and running. Thanks to all of you that to the time to help me out. I decided to start from square -1 on this. Back to repartitioning the HD. A clean (squeaky clean in fact) install of RH7.1, upgrading the kernel ........................... worked. I now have a vserver server working and am having fun playing with it. As to why it worked, I have only 1 theory. The original installation had an extended partition on it with the swap and / file systems in it. This appears to be the only change that I can think of that I made to the system. Maybe this might be my first contribution back to the vserver community. I certainly hope it won't be my last. Congrats to you folk that have worked on this. It looks like a very viable and valuable contribution to the Linux community. Ken From vserver.error@solucorp.qc.ca Mon Feb 25 21:05:40 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1Q25dAh002305; Mon, 25 Feb 2002 21:05:39 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1Q1cWX00924 for vserver.list; Mon, 25 Feb 2002 20:38:32 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ith.nbwrpg.com (cpe-24-221-148-187.az.sprintbbd.net [24.221.148.187]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1Q1cUR00920 for ; Mon, 25 Feb 2002 20:38:31 -0500 Received: from ith.nbwrpg.com (ith.nbwrpg.com [10.0.0.254]) by ith.nbwrpg.com (Postfix) with ESMTP id 6EC0BB4B2 for ; Mon, 25 Feb 2002 18:26:24 -0700 (MST) Date: Mon, 25 Feb 2002 18:26:24 -0700 (MST) From: To: Vserver Mailinglist Subject: Re: [vserver] X under a vserver? In-Reply-To: <1014634808.1664.21.camel@amd.vsen.dk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 195 On 25 Feb 2002, klavs klavsen wrote: > Hi guys, > > I have a portable machine, which I also use as a server (a presentation > server). I wanted to run X on it, cause I do like to surf from it once > in a while, but I don't want this "nasty" habit, to put my server at > risk. This made me think of running the X under a vserver - and I've > created an vserver called xsrv. Ah yes. X is the reason I started using vservers :-). > I've set the inittab to 5 in it, but that didn't start up the X on F7 as > it usually does. I then tried to enter the vserver, and su - klavs and > then run startx.. it complained about me not owning the console (which > is probably right, as I enter the vserver when I was root. I don't have much experience there. I hate having X launch on startup, so I run it from command line. But it shouldn't be an issue at all once you have the vserver running. > when I run startx as root, it says failed to open /dev/mem (it's a > Warning from xf86ReadBIOS), and fails on xf86OpenConsole: Cannot open > /dev/tty0 (no such file or directory). When I set my X vserver up, I got similar problems. What I did was copy over /dev/tty, /dev/tty0, /dev/tty7, and /dev/mem. After that, X died due to lack of a mouse, so it needs /dev/psaux (or whatever the device your mouse is connected to). If you want sound, you'll also want to copy over /dev/dsp. X should run now. At least mine did. Here's my /dev: dsp full mem null psaux ptmx pts random reboot tty tty0 tty4 tty5 tty7 tty8 tty9 urandom xconsole zero Other than the tty devices, psaux, dsp, gpmdata, and mem, I think that's all default. I just copied the extra stuff over from my root server's /dev directory (use cp -a, it seems to work better for device files). One thing that might make some differences is that I am logging into a console devoted to my X vserver (tty4 and tty5, as you can see by their presence above), and I don't know how X runs otherwise. I seem to remember it crashing on me even after having all the device files, but I don't remember if that's cause I was doing a "vserver workstation exec" or for some other reason. > Do you have any tips, as how I could get this up and running, as myself > - or can it only be done as root in the vserver? or can't it be done at > all? The above should work, except for the possible troubles with the lack of a tty to start X from. If you want to set that up, I can show you how I did it. - Yan PS. I'm new to the list, so I'll just take this opportunity to say hi to everyone (or everyone who's still reading). From vserver.error@solucorp.qc.ca Mon Feb 25 21:08:28 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1Q28RAh002401; Mon, 25 Feb 2002 21:08:27 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1Q1fii00996 for vserver.list; Mon, 25 Feb 2002 20:41:44 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ith.nbwrpg.com (cpe-24-221-148-187.az.sprintbbd.net [24.221.148.187]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1Q1fhR00992 for ; Mon, 25 Feb 2002 20:41:44 -0500 Received: from ith.nbwrpg.com (ith.nbwrpg.com [10.0.0.254]) by ith.nbwrpg.com (Postfix) with ESMTP id 816B2B4B2 for ; Mon, 25 Feb 2002 18:29:43 -0700 (MST) Date: Mon, 25 Feb 2002 18:29:43 -0700 (MST) From: To: Subject: Re: [vserver] Unification bug? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 196 On Mon, 25 Feb 2002, Patrick LeBoutillier wrote: > Hi, > > I have a few vservers that are unified. When installing a Perl module in one > of the vservers, I get an error which I can reproduce with the following > simpler command. > > [root@devweb DateManip-5.40]# echo toto >> > /usr/lib/perl5/5.6.0/i386-linux/perllocal.pod > bash: /usr/lib/perl5/5.6.0/i386-linux/perllocal.pod: Permission denied > > The file is as follows: > [root@devweb DateManip-5.40]# ls -l > /usr/lib/perl5/5.6.0/i386-linux/perllocal.pod > -rw-r--r-- 8 root root 218 Mar 23 2001 > /usr/lib/perl5/5.6.0/i386-linux/perllocal.pod > > I am logged on as root but can't seem to append to the specified file. But > if I open the file and save it with vi, then the problem goes away. > > Anyone have a clue? I think that when you unify a vserver, it sets the immutable tag on the hard links, which prevent them being used to modify the file, but allows for that hard link to be unlinked so that you could replace the file. If I understand correctly, when you're trying to append to the file, the immutable tag is rearing up and preventing you from editing, but when you save the file with vi, vi unlinks the file and writes another file (now a real file without the immutable tag) in its place, taking the problem away. If I understand the unification proccess correctly, the above should be accurate. - Yan From vserver.error@solucorp.qc.ca Mon Feb 25 21:47:25 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1Q2lPAh003228; Mon, 25 Feb 2002 21:47:25 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1Q2Q9N01739 for vserver.list; Mon, 25 Feb 2002 21:26:09 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1Q2Q9R01735 for ; Mon, 25 Feb 2002 21:26:09 -0500 Received: from remtk.solucorp.qc.ca (g39-140.citenet.net [206.123.39.140]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g1Q2U6689346 for ; Mon, 25 Feb 2002 21:30:06 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g1PMJKE02325 for vserver@solucorp.qc.ca; Mon, 25 Feb 2002 17:19:20 -0500 From: Jacques Gelinas Date: Mon, 25 Feb 2002 17:19:20 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] vserver questions X-mailer: tlmpmail 0.1 Message-ID: <20020225171920.dbe6aceb563b@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 197 On Wed, 20 Feb 2002 23:58:59 -0500, lance wrote > On Wed, 20 Feb 2002, Jacques Gelinas wrote: > Aha thanks for clearing that up - have you thoughts on how to segregate > firewalling between the different vservers ?? > > Could it be done with a per instance chain (or table) that the vserver can > modify ?? This is tricky, but something may be done using an extension to the rebootmgr service (maybe). The idea would be for the vserver to supply to the root server some partial rules (what it accepts, what it denies and so on). The rules would be completed (using the vserver IP number) and the firewall would be regenerated. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Mon Feb 25 21:49:58 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1Q2nvAh003247; Mon, 25 Feb 2002 21:49:57 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1Q2Q7Z01733 for vserver.list; Mon, 25 Feb 2002 21:26:07 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1Q2Q6R01729 for ; Mon, 25 Feb 2002 21:26:07 -0500 Received: from remtk.solucorp.qc.ca (g39-140.citenet.net [206.123.39.140]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g1Q2U4689336 for ; Mon, 25 Feb 2002 21:30:04 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g1PMGvh02323 for vserver@solucorp.qc.ca; Mon, 25 Feb 2002 17:16:57 -0500 From: Jacques Gelinas Date: Mon, 25 Feb 2002 17:16:57 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] vps question X-mailer: tlmpmail 0.1 Message-ID: <20020225171657.c8d206948a58@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 198 On Thu, 21 Feb 2002 00:01:52 -0500, lance wrote > > Is there any way of showing, using vps or similar, in the root shell, > what vservers processes are owned by ?? It should be possible to do a wrapper an add at the end of the line, the vserver owning the process. For vpstree and vtop, this is more difficult and ultimatly we will have to hack those tools make them vserver aware. On the todo list --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Tue Feb 26 01:27:51 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1Q6RnAh012084; Tue, 26 Feb 2002 01:27:50 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1Q64gr05169 for vserver.list; Tue, 26 Feb 2002 01:04:42 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from sokol.paradigm4.com.au (server.paradigm4.com.au [202.45.126.119] (may be forged)) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g1Q64eR05165 for ; Tue, 26 Feb 2002 01:04:41 -0500 Received: (qmail 22452 invoked from network); 26 Feb 2002 06:08:45 -0000 Received: from rucc1.paradigm4.com.au (203.30.104.9) by mx1.paradigm4.com.au with SMTP; 26 Feb 2002 06:08:45 -0000 Received: (qmail 32014 invoked from network); 26 Feb 2002 06:16:10 -0000 Received: from p47.paradigm4.com.au (HELO mail.DigitalAngel.com.au) (bofh@203.30.104.47) by server.paradigm4.com.au with SMTP; 26 Feb 2002 06:16:10 -0000 Received: (qmail 9725 invoked from network); 26 Feb 2002 06:08:13 -0000 Received: from charley.home (HELO charlie) (10.0.0.4) by stanley.home with SMTP; 26 Feb 2002 06:08:12 -0000 From: edward@paradigm4.com.au Organization: Paradigm4 To: vserver@solucorp.qc.ca Date: Tue, 26 Feb 2002 17:21:18 +1100 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: [vserver] X under a vserver? Message-ID: <3C7BC40E.17296.A88186@localhost> Priority: normal References: <1014634808.1664.21.camel@amd.vsen.dk> In-reply-to: X-mailer: Pegasus Mail for Win32 (v3.12c) Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 199 What's the security implication of having /dev/mem accessible from vserver? On Monday, 25 February 2002 at 18:26, Zardus@nbwrpg.com wrote: > When I set my X vserver up, I got similar problems. What I did was copy > over /dev/tty, /dev/tty0, /dev/tty7, and /dev/mem. After that, X died From vserver.error@solucorp.qc.ca Tue Feb 26 01:29:48 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1Q6TlAh012095; Tue, 26 Feb 2002 01:29:47 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1Q677j05252 for vserver.list; Tue, 26 Feb 2002 01:07:07 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from sokol.paradigm4.com.au (server.paradigm4.com.au [202.45.126.119] (may be forged)) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g1Q675R05248 for ; Tue, 26 Feb 2002 01:07:06 -0500 Received: (qmail 22504 invoked from network); 26 Feb 2002 06:11:16 -0000 Received: from rucc1.paradigm4.com.au (203.30.104.9) by mx1.paradigm4.com.au with SMTP; 26 Feb 2002 06:11:16 -0000 Received: (qmail 32089 invoked from network); 26 Feb 2002 06:18:40 -0000 Received: from p47.paradigm4.com.au (HELO mail.DigitalAngel.com.au) (bofh@203.30.104.47) by server.paradigm4.com.au with SMTP; 26 Feb 2002 06:18:40 -0000 Received: (qmail 9733 invoked from network); 26 Feb 2002 06:10:43 -0000 Received: from charley.home (HELO charlie) (10.0.0.4) by stanley.home with SMTP; 26 Feb 2002 06:10:42 -0000 From: edward@paradigm4.com.au Organization: Paradigm4 To: vserver@solucorp.qc.ca Date: Tue, 26 Feb 2002 17:23:48 +1100 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: [vserver] Unification bug? Message-ID: <3C7BC4A4.4514.AACB76@localhost> Priority: normal References: In-reply-to: X-mailer: Pegasus Mail for Win32 (v3.12c) Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 200 On Monday, 25 February 2002 at 18:29, Zardus@nbwrpg.com wrote: > immutable tag is rearing up and preventing you from editing, but when you > save the file with vi, vi unlinks the file and writes another file (now I wish that _was_ the default vi behaviour. May be there is some config option that makes it do that but I couldn't find it so I had to use a wrapper script which does the unlinking Ed > a real file without the immutable tag) in its place, taking the problem > away. From vserver.error@solucorp.qc.ca Tue Feb 26 03:38:38 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1Q8cbAh013002; Tue, 26 Feb 2002 03:38:38 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1Q88V210526 for vserver.list; Tue, 26 Feb 2002 03:08:31 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1Q88UR10522 for ; Tue, 26 Feb 2002 03:08:30 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id 6D9B11000 for ; Tue, 26 Feb 2002 09:08:29 +0100 (CET) Subject: Re: [vserver] unify check/ disk usage From: klavs klavsen To: Vserver Mailinglist In-Reply-To: <1014633148.1664.14.camel@amd.vsen.dk> References: <1014633148.1664.14.camel@amd.vsen.dk> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-rtBsex8ZZvX3HmnpaPTR" X-Mailer: Evolution/1.0.2 Date: 26 Feb 2002 09:08:27 +0100 Message-Id: <1014710909.1736.2.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 201 --=-rtBsex8ZZvX3HmnpaPTR Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Mon, 2002-02-25 at 11:32, klavs klavsen wrote: > Hi guys, >=20 > Here comes a long list of questions, sorry for the inconvenience but I > hope you can find the time to answer. >=20 > I'll try to gather all the information from this and earlier emailings > into some additions to the FAQ, to help all new vserver users - and > possible add some clever tips/usage to old users :-) >=20 > I was wondering, if any of you know way I could: >=20 > 1) get the disk usage of a vserver (the real one - discounting unified > files). I found vdu (I thought it existed, but couldn't find it in a bin directory - why is it under /usr/lib/vserver/?) However it seems a little off.. my skel server, which has a bare minimum of spaceusage, it says uses 325000K and that sounds like it's not unified at all :-( >=20 > 2) get a list of files, that is not unified (or a list of files that > are?) - this way I could easily check for changes in a vserver - such as > evidence of hackers and such. >=20 > 3) I have several vservers running now, and if I add some files to my > root server, how can I easily hardlink them to the vservers I want to be > able to access it? ln ? (this is to save disk space). can I use the vunify command? >=20 > btw. I'm looking into how to get Samba running under a vserver, as I > consider it one of the rather dangerous services to run and I would > therefore like it to be run under a vserver.. any tips or experiences > with this? I've heard there were some problems with the smb broadcasts? > why is this? Can I do anything about it (add a capability, like what > fixes the Bind issue?). >=20 > Thank you in advance. > --=20 > Regards, > Klavs Klavsen >=20 > -------------| This mail has been sent to you by: |------------ > Klavs Klavsen - OpenSource Consultant=20 > kl@vsen.dk - http://www.vsen.dk >=20 > Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 > Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA > --------------------[ I believe that... ]----------------------- > It is a myth that people resist change. People resist what other > people make them do, not what they themselves choose to do... > That's why companies that innovate successfully year after year > seek their peopl's ideas, let them initiate new projects and > encourage more experiments. -- Rosabeth Moss Kanter >=20 --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-rtBsex8ZZvX3HmnpaPTR Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8e0J74c1kHlhtW8oRAm11AJsHgoS2zl7HO8CLRIJkmlgX6grOHgCfU6mX F/DTc89KI/4e+4v3Z04wisg= =d+pz -----END PGP SIGNATURE----- --=-rtBsex8ZZvX3HmnpaPTR-- From vserver.error@solucorp.qc.ca Tue Feb 26 10:12:46 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1QFCfAh016920; Tue, 26 Feb 2002 10:12:42 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1QEpHk18527 for vserver.list; Tue, 26 Feb 2002 09:51:17 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ahriman.bucharest.roedu.net (ahriman.bucharest.roedu.net [141.85.128.71]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g1QEpFR18523 for ; Tue, 26 Feb 2002 09:51:15 -0500 Received: (qmail 1026 invoked by uid 1000); 26 Feb 2002 14:57:36 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 26 Feb 2002 14:57:36 -0000 Date: Tue, 26 Feb 2002 16:57:36 +0200 (EET) From: Mihai RUSU X-X-Sender: To: Subject: [vserver] netstat like openwall Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 202 Hi Im curently testing 2.4.17ctx-7 with vserver 0.10. While playing this this I have noticed 2 issues: - netstat -an reports all connections no matter the curently selected context - /sbin/ifconfig shows eth0 for the physical eth device (without any ip) and my chipv4 ip as a ip alias (eth0:1) For the first issue I think there can be done a quick hack based on the sources of openwall patch (www.openwall.org) as follows: - openwall kernels show on netstat only the connections which belong to the current userid - I guess they have a check like current->owner == netstat->conn->owner and that could be done for vserver as current->s_context == netstat->conn->s_context :) (well pseudo code that is) The second issue doesnt matter. ---------------------------- Mihai RUSU Disclaimer: Any views or opinions presented within this e-mail are solely those of the author and do not necessarily represent those of any company, unless otherwise specifically stated. From vserver.error@solucorp.qc.ca Tue Feb 26 10:39:09 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1QFd5Ah017145; Tue, 26 Feb 2002 10:39:06 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1QFFaD19056 for vserver.list; Tue, 26 Feb 2002 10:15:36 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from protactinium.btinternet.com (protactinium.btinternet.com [194.73.73.176]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1QFFZR19052 for ; Tue, 26 Feb 2002 10:15:36 -0500 Received: from host213-122-193-122.in-addr.btopenworld.com ([213.122.193.122] helo=john-new) by protactinium.btinternet.com with esmtp (Exim 3.22 #8) id 16fjKH-0007Iv-00 for vserver@solucorp.qc.ca; Tue, 26 Feb 2002 15:15:34 +0000 Received: from 192.168.0.1 by john-new ([192.168.0.1] running VPOP3) with SMTP for ; Tue, 26 Feb 2002 15:15:10 -0000 From: "John Lyons" To: Subject: RE: [vserver] unify check/ disk usage Date: Tue, 26 Feb 2002 15:15:09 -0000 Message-ID: <006b01c1bed8$619df600$0100a8c0@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <1014710909.1736.2.camel@amd.vsen.dk> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 203 > However it seems a little off.. my skel server, which has a > bare minimum > of spaceusage, it says uses 325000K and that sounds like it's not > unified at all :-( > If that's the only vserver on your system then there are no hard links to anything else so the figure is probably correct. Build another unified vs from the sekl and check it again. Regards John Lyons DomainCity http://www.domaincity.co.uk support@domaincity.co.uk ICQ 74187012 *********************************************************************** Please quote your account number in the subject line of all emails. Failure to do so may result in your enquiries taking longer to process. *********************************************************************** From vserver.error@solucorp.qc.ca Tue Feb 26 10:44:27 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1QFiNAh017218; Tue, 26 Feb 2002 10:44:25 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1QFMV819261 for vserver.list; Tue, 26 Feb 2002 10:22:31 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from protactinium.btinternet.com (protactinium.btinternet.com [194.73.73.176]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1QFMVR19257 for ; Tue, 26 Feb 2002 10:22:31 -0500 Received: from host213-122-193-122.in-addr.btopenworld.com ([213.122.193.122] helo=john-new) by protactinium.btinternet.com with esmtp (Exim 3.22 #8) id 16fjR0-0000K0-00 for vserver@solucorp.qc.ca; Tue, 26 Feb 2002 15:22:31 +0000 Received: from 192.168.0.1 by john-new ([192.168.0.1] running VPOP3) with SMTP for ; Tue, 26 Feb 2002 15:22:13 -0000 From: "John Lyons" To: Subject: RE: [vserver] Unification bug? Date: Tue, 26 Feb 2002 15:22:12 -0000 Message-ID: <006c01c1bed9$5dd86d10$0100a8c0@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 204 > but allows > for that hard link to be unlinked so that you could replace > the file. If I understand correctly, Hmm, if this is correct then there are implications here. ie I build 10 unified vservers. That's nice, low disk usage, shared binary files and libs keep the server running well. If each root vs user decides to have a go at removing say apache/php/mysql and installs their own, then on the basis of what you've said above they could easily delete the packages and install their own. I then have 10 servers using a bigger chunk of disk space and using separate binaries/libs so performance suffers. Same would be true if someone subscribed to Up2Date as their vs could very quickly become out of sync with the other vs's. I'm just trying to think of the implications for using this in a commercial environment from the position that we need to maintain a set of almost identical vs's allowing the users to customise conf files for existing packages, add new packages but not to be able to modify the existing packages wrt removing or upgrading. Have I missed something here or am I roughly correct in my concerns? John From vserver.error@solucorp.qc.ca Tue Feb 26 11:07:49 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1QG7mAh017420; Tue, 26 Feb 2002 11:07:48 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1QFko319828 for vserver.list; Tue, 26 Feb 2002 10:46:50 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from remtk.solucorp.qc.ca (dns.unigiciel.com [207.253.4.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1QFkoR19824 for ; Tue, 26 Feb 2002 10:46:50 -0500 Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g1QFmJI02519 for vserver@solucorp.qc.ca; Tue, 26 Feb 2002 10:48:19 -0500 From: Jacques Gelinas Date: Tue, 26 Feb 2002 10:48:19 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] X-mailer: tlmpmail 0.1 Message-ID: <20020226104819.38d3eee21fe3@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 205 On Mon, 25 Feb 2002 09:06:13 -0500, Wray Cason wrote > I have servers with multiple ethernet interfaces. I have found that without > a NAT workaround, I can't get proper default routing for all vservers as > some are bound to the interface with the actual default gateway and other > aren't and therefore can't reach the default gateway. Is this a question > that is being addressed? Alternatively, am I missing something? Thanks. A vserver is forced to use a single IP, including outgoing traffic. Are you using some public IP for the vservers. If this is the case, I would say the problem is routing at your provider site or on the default gateway. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Tue Feb 26 13:09:37 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1QI9ZAh018604; Tue, 26 Feb 2002 13:09:36 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1QHbI022176 for vserver.list; Tue, 26 Feb 2002 12:37:18 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tux.rsn.bth.se (tux.rsn.bth.se [194.47.143.135]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1QHbHR22170 for ; Tue, 26 Feb 2002 12:37:17 -0500 Received: from localhost (gandalf@localhost [127.0.0.1]) by tux.rsn.bth.se (8.12.1/8.12.1/Debian -5) with ESMTP id g1QHb4gg005297 for ; Tue, 26 Feb 2002 18:37:04 +0100 Date: Tue, 26 Feb 2002 18:37:04 +0100 (CET) From: Martin Josefsson X-Sender: gandalf@tux.rsn.bth.se To: vserver@solucorp.qc.ca Subject: Re: [vserver] netstat like openwall In-Reply-To: Message-ID: X-message-flag: Get yourself a real mail client! http://www.washington.edu/pine/ MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 206 On Tue, 26 Feb 2002, Mihai RUSU wrote: > Hi > > Im curently testing 2.4.17ctx-7 with vserver 0.10. While playing this this > I have noticed 2 issues: > - netstat -an reports all connections no matter the curently selected > context > - /sbin/ifconfig shows eth0 for the physical eth device (without any ip) > and my chipv4 ip as a ip alias (eth0:1) > > For the first issue I think there can be done a quick hack based on the > sources of openwall patch (www.openwall.org) as follows: > - openwall kernels show on netstat only the connections which belong to > the current userid > - I guess they have a check like current->owner == netstat->conn->owner > and that could be done for vserver as current->s_context == > netstat->conn->s_context :) (well pseudo code that is) > > The second issue doesnt matter. Checkout the new ctx8 patch, my patch for this socket stuff is included there. It's implemented so you can only see sockets that belongs to the same context as the context you are executing netstat in. /Martin Never argue with an idiot. They drag you down to their level, then beat you with experience. From vserver.error@solucorp.qc.ca Tue Feb 26 14:50:32 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1QJoSAh019567; Tue, 26 Feb 2002 14:50:28 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1QJW9624537 for vserver.list; Tue, 26 Feb 2002 14:32:09 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ith.nbwrpg.com (cpe-24-221-148-187.az.sprintbbd.net [24.221.148.187]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1QJW8R24533 for ; Tue, 26 Feb 2002 14:32:09 -0500 Received: from ith.nbwrpg.com (ith.nbwrpg.com [10.0.0.254]) by ith.nbwrpg.com (Postfix) with ESMTP id C6639B471 for ; Tue, 26 Feb 2002 12:20:04 -0700 (MST) Date: Tue, 26 Feb 2002 12:20:04 -0700 (MST) From: To: Subject: Re: [vserver] X under a vserver? In-Reply-To: <3C7BC40E.17296.A88186@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 207 On Tue, 26 Feb 2002 edward@paradigm4.com.au wrote: > What's the security implication of having /dev/mem accessible from vserver? Good question. I didn't investigate it, since my X vserver has no outside access, so I don't know. - Yan From vserver.error@solucorp.qc.ca Tue Feb 26 14:53:13 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1QJrDAh019587; Tue, 26 Feb 2002 14:53:13 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1QJUF124495 for vserver.list; Tue, 26 Feb 2002 14:30:15 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ith.nbwrpg.com (cpe-24-221-148-187.az.sprintbbd.net [24.221.148.187]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1QJUER24490 for ; Tue, 26 Feb 2002 14:30:14 -0500 Received: from ith.nbwrpg.com (ith.nbwrpg.com [10.0.0.254]) by ith.nbwrpg.com (Postfix) with ESMTP id 7F2EAB471 for ; Tue, 26 Feb 2002 12:18:05 -0700 (MST) Date: Tue, 26 Feb 2002 12:18:05 -0700 (MST) From: To: Subject: RE: [vserver] Unification bug? In-Reply-To: <006c01c1bed9$5dd86d10$0100a8c0@johnnew> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 208 On Tue, 26 Feb 2002, John Lyons wrote: > Hmm, if this is correct then there are implications here. > > ie I build 10 unified vservers. That's nice, low disk usage, shared binary > files and libs keep the server running well. > > If each root vs user decides to have a go at removing say apache/php/mysql > and installs their own, then on the basis of what you've said above they > could easily delete the packages and install their own. I then have 10 > servers using a bigger chunk of disk space and using separate binaries/libs > so performance suffers. > > Same would be true if someone subscribed to Up2Date as their vs could very > quickly become out of sync with the other vs's. > > I'm just trying to think of the implications for using this in a commercial > environment from the position that we need to maintain a set of almost > identical vs's allowing the users to customise conf files for existing > packages, add new packages but not to be able to modify the existing > packages wrt removing or upgrading. > > Have I missed something here or am I roughly correct in my concerns? As I understand it, the immutable tag itself prevents unlinking as well. However, there's an immutable-mayunlink tag (or maybe its now part of the immutable tag), that enables it. If you don't want them to be able to modify packages, you could try setting the immutable-mayunlink only on the conf files, leave the rest totally locked down. Of course, this is as I understand it. If I have this wrong, someone tell me :-). - Yan From vserver.error@solucorp.qc.ca Tue Feb 26 14:57:57 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1QJvvAh019642; Tue, 26 Feb 2002 14:57:57 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1QJc3F24650 for vserver.list; Tue, 26 Feb 2002 14:38:03 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from remtk.solucorp.qc.ca (dns.unigiciel.com [207.253.4.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1QJc2R24646 for ; Tue, 26 Feb 2002 14:38:03 -0500 Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g1QJdUE04266 for vserver@dns.solucorp.qc.ca; Tue, 26 Feb 2002 14:39:30 -0500 From: Jacques Gelinas Date: Tue, 26 Feb 2002 14:39:30 -0500 To: Vserver mailing list Subject: [vserver] vserver 0.11 and kernel ctx-8 released X-mailer: tlmpmail 0.1 Message-ID: <20020226143930.23f7bd1e280a@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 209 Here is the change log vserver 0.11 Change log 1. Enhancements 1.1. /usr/sbin/vkill: new< This is a simple script. You do /usr/sbin/vkill PID and it will locate the vserver owning that process, enter its security context and issue the kill. 1.2. /usr/sbin/vserver Various enhancements: + /var/run Only files are erased from /var/run at vserver build and start-up time. Sub-directories are left. Also, /var/run/utmp is created empty at start-up time. + /var/log/wtmp It is created empty at vserver build time. It is ignored after that. + 5 seconds sleep after stopping a vserver, before killing the remaining processes. 5 instead of 2. + S_CAPS not processed when entering a vserver When entering a running vserver, the S_CAPS setting was not enabled for the shell. So if you had given the vserver some capabilities, they were not available when using "enter". 1.3. Dynamic system call number The 2 system calls used by the vserver project are not yet reserved in the kernel. To help people using the vserver patch with other patches, having conflicting system call number, the ctx-8 publish in /proc/self/status the system call numbers. The various utilities (chbind, reducecap and chcontext) are using this information on the fly. So you can move the system call around and the utilities keep working without recompile. 1.4. kernel ctx-8 Here is a small change log: + Dynamic system calls numbering + Per user/per context resources. The ulimit resources for a user used to be shared across vserver. This was plain wrong since user ID N in a vserver is unrelated to user ID N in another vserver. Contributed by Patrick Schaaf + Using 127.0.0.1 in a vserver. Note, this is unrelated to the multi-IP-per-vserver concept. A vserver normally use a single IP to listen and talk. In general, this is not a problem. But it breaks a little semantic. Most services out there simply do a bind on IP 0.0.0.0. This way, they expect to grab any incoming traffic. They also expect that talking to 127.0.0.1 is a good way (configuration less) to talk to themselves. Some services are using localhost (which is redirect to the ipv4root of the vserver) and some are using 127.0.0.1 directly. The ctx-8 kernel now maps 127.0.0.1 to the ipv4root of the vserver on the fly. This solves some issues with samba and should also (not tested) solve the issue with PostgreSQL. + Per vserver network activity. The output of netstat is now filtered by vserver. This includes /proc/net/tcp. This is not done per ipv4root but using the security context. This was contributed (oops sorry, lost the contributor name). 1.5. Man pages for most utilities Thanks to klavs klavsen , we have now a man page for all utilities. Now, we need a man page for the 2 system calls. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Tue Feb 26 16:15:51 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1QLFoAh020476; Tue, 26 Feb 2002 16:15:51 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1QKoPs26316 for vserver.list; Tue, 26 Feb 2002 15:50:25 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from aquarius.diginode.net (aquarius.diginode.net [216.13.250.50]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g1QKoOR26312 for ; Tue, 26 Feb 2002 15:50:24 -0500 Received: (qmail 18830 invoked from network); 26 Feb 2002 20:49:52 -0000 Received: from zerowing.pop-star.net (208.181.22.52) by aquarius.diginode.net with SMTP; 26 Feb 2002 20:49:52 -0000 Subject: Re: [vserver] vserver 0.11 and kernel ctx-8 released From: Andy Kwong To: vserver@solucorp.qc.ca In-Reply-To: <20020226143930.23f7bd1e280a@remtk.solucorp.qc.ca> References: <20020226143930.23f7bd1e280a@remtk.solucorp.qc.ca> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Evolution/1.0.2 Date: 26 Feb 2002 12:52:41 -0800 Message-Id: <1014756761.20198.32.camel@zerowing.pop-star.net> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 210 How about including the excellent vps2 utility in the next release of the utilities. It's great having the ctx number next to the pid in the list. On Tue, 2002-02-26 at 11:39, Jacques Gelinas wrote: > Here is the change log > > vserver 0.11 > Change log > > > 1. Enhancements > > > 1.1. /usr/sbin/vkill: new< > > This is a simple script. You do > > > > /usr/sbin/vkill PID > > > > > and it will locate the vserver owning that process, enter its security > context and issue the kill. > > > 1.2. /usr/sbin/vserver > > Various enhancements: > > > + /var/run > > Only files are erased from /var/run at vserver build and start-up > time. Sub-directories are left. Also, /var/run/utmp is created > empty at start-up time. > > > + /var/log/wtmp > > It is created empty at vserver build time. It is ignored after > that. > > > + 5 seconds sleep after stopping a vserver, before killing the > remaining processes. 5 instead of 2. > > > + S_CAPS not processed when entering a vserver > > When entering a running vserver, the S_CAPS setting was not enabled > for the shell. So if you had given the vserver some capabilities, > they were not available when using "enter". > > > > 1.3. Dynamic system call number > > The 2 system calls used by the vserver project are not yet reserved in > the kernel. To help people using the vserver patch with other patches, > having conflicting system call number, the ctx-8 publish in > /proc/self/status the system call numbers. The various utilities > (chbind, reducecap and chcontext) are using this information on the > fly. So you can move the system call around and the utilities keep > working without recompile. > > > > > > 1.4. kernel ctx-8 > > Here is a small change log: > > > + Dynamic system calls numbering > > > + Per user/per context resources. > > The ulimit resources for a user used to be shared across vserver. > This was plain wrong since user ID N in a vserver is unrelated to > user ID N in another vserver. > > Contributed by Patrick Schaaf > > > + Using 127.0.0.1 in a vserver. > > Note, this is unrelated to the multi-IP-per-vserver concept. A > vserver normally use a single IP to listen and talk. In general, > this is not a problem. But it breaks a little semantic. Most > services out there simply do a bind on IP 0.0.0.0. This way, they > expect to grab any incoming traffic. They also expect that talking > to 127.0.0.1 is a good way (configuration less) to talk to > themselves. Some services are using localhost (which is redirect to > the ipv4root of the vserver) and some are using 127.0.0.1 directly. > > The ctx-8 kernel now maps 127.0.0.1 to the ipv4root of the vserver > on the fly. This solves some issues with samba and should also (not > tested) solve the issue with PostgreSQL. > > > + Per vserver network activity. > > The output of netstat is now filtered by vserver. This includes > /proc/net/tcp. This is not done per ipv4root but using the security > context. This was contributed (oops sorry, lost the contributor > name). > > > > 1.5. Man pages for most utilities > > Thanks to klavs klavsen , we have now a man page for all > utilities. Now, we need a man page for the 2 system calls. > > --------------------------------------------------------- > Jacques Gelinas > vserver: run general purpose virtual servers on one box, full speed! > http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Tue Feb 26 16:27:55 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1QLRsAh020635; Tue, 26 Feb 2002 16:27:54 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1QKwoO26452 for vserver.list; Tue, 26 Feb 2002 15:58:50 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from maximus.dmz.ebrady.net (dhcp065-024-081-034.columbus.rr.com [65.24.81.34]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1QKwnR26448 for ; Tue, 26 Feb 2002 15:58:49 -0500 Received: from rdebrady (node187121.liebert.com [65.209.187.121]) (authenticated (0 bits)) by maximus.dmz.ebrady.net (8.11.3/8.11.0) with ESMTP id g1QKx3e10243 (using TLSv1/SSLv3 with cipher RC4-MD5 (128 bits) verified NO) for ; Tue, 26 Feb 2002 15:59:06 -0500 Message-ID: <00f601c1bf08$5d4fa9b0$64d4047e@research.liebert.com> From: "Ed Brady" To: Subject: [vserver] Test drive a vserver. Date: Tue, 26 Feb 2002 15:58:34 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_00F3_01C1BEDE.71F60410" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 211 This is a multi-part message in MIME format. ------=_NextPart_000_00F3_01C1BEDE.71F60410 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I have been following this list for a little while, and am thinking = about setting up my own vserver to experiment with, however I would like = to "testdrive" a running server to get a feel for vserver's capabilities = before I take the time to set up my own. A couple of questions: 1. Are there very many ISP's using vserver yet? If so, would they give = me full access to my vserver to experiment with? =20 2. Are there any "Open" vservers that I could log into to allow me to = do a preliminary testdrive of the functionality? Ed Brady ------=_NextPart_000_00F3_01C1BEDE.71F60410 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
 
I have been following this list for a = little while,=20 and am thinking about setting up my own vserver to experiment with,=20 however I would like to "testdrive" a running server to get a = feel=20 for vserver's capabilities before I take the time to set up my = own.   A couple of questions:
 
1.  Are there very many ISP's = using vserver=20 yet?  If so, would they give me full access to my vserver to=20 experiment with? 
 
2.  Are there any "Open" vservers = that I could=20 log into to allow me to do a preliminary testdrive of the=20 functionality?
 
 
Ed Brady
 
 
------=_NextPart_000_00F3_01C1BEDE.71F60410-- From vserver.error@solucorp.qc.ca Tue Feb 26 17:34:48 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1QMYlAh021295; Tue, 26 Feb 2002 17:34:47 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1QM9GW28050 for vserver.list; Tue, 26 Feb 2002 17:09:16 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from remtk.solucorp.qc.ca (dns.unigiciel.com [207.253.4.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1QM9FR28046 for ; Tue, 26 Feb 2002 17:09:15 -0500 Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g1QMAhm06124 for vserver@solucorp.qc.ca; Tue, 26 Feb 2002 17:10:43 -0500 From: Jacques Gelinas Date: Tue, 26 Feb 2002 17:10:43 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] netstat like openwall X-mailer: tlmpmail 0.1 Message-ID: <20020226171043.9b19f7933cd5@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 212 On Tue, 26 Feb 2002 16:57:36 -0500, Mihai RUSU wrote > Hi > > Im curently testing 2.4.17ctx-7 with vserver 0.10. While playing this this > I have noticed 2 issues: > - netstat -an reports all connections no matter the curently selected > context Fixed in ctx-8 > - /sbin/ifconfig shows eth0 for the physical eth device (without any ip) > and my chipv4 ip as a ip alias (eth0:1) This is fixable by modifying /proc/net/dev. I want to create a new proc (called vproc) to filter other information. > For the first issue I think there can be done a quick hack based on the > sources of openwall patch (www.openwall.org) as follows: > - openwall kernels show on netstat only the connections which belong to > the current userid The patch on ctx-8 uses the security context. The solution in openwall, should work on top of that and would be a per-vserver feature. openwall is part of the LSM I think. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Tue Feb 26 19:02:15 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1R02EAh022109; Tue, 26 Feb 2002 19:02:15 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1QNZrB29590 for vserver.list; Tue, 26 Feb 2002 18:35:53 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.thedeacon.org (thedeacon.org [64.71.202.149]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1QNZrR29586 for ; Tue, 26 Feb 2002 18:35:53 -0500 Received: from thedeacon.org (cyrix-m3.thedeacon.org [172.23.172.133]) by mail.thedeacon.org (Postfix) with SMTP id 6B7B6241CD for ; Tue, 26 Feb 2002 16:35:47 -0700 (MST) Received: from 204.118.209.253 (SquirrelMail authenticated user deacon) by webmail.thedeacon.org with HTTP; Tue, 26 Feb 2002 16:39:19 -0700 (MST) Message-ID: <4984.204.118.209.253.1014766759.squirrel@webmail.thedeacon.org> Date: Tue, 26 Feb 2002 16:39:19 -0700 (MST) Subject: [vserver] ctx-8 kernel patches against -ac available From: "Paul Kreiner" To: X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal X-Mailer: SquirrelMail (version 1.2.4) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 213 New vserver (ctx-8) kernel patches against 2.4.19-pre1-ac1 are now available in the usual place: http://www.thedeacon.org/patches/ Also available are (ctx-7) patches against 2.4.18-pre9-ac2 and 2.4.18-rc2- ac1, and patches against -ac trees to add XFS support. Try 'em out, give me feedback... they're working in my environment. _Paul K. From vserver.error@solucorp.qc.ca Tue Feb 26 20:22:05 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1R1M3Ah023001; Tue, 26 Feb 2002 20:22:03 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1R11Jh31258 for vserver.list; Tue, 26 Feb 2002 20:01:19 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from figure1.int.wirex.com (cerebus.wirex.com [65.102.14.138]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1R11IR31254 for ; Tue, 26 Feb 2002 20:01:18 -0500 Received: (from chris@localhost) by figure1.int.wirex.com (8.11.6/8.11.6) id g1R18Yu08376; Tue, 26 Feb 2002 17:08:34 -0800 Date: Tue, 26 Feb 2002 17:08:34 -0800 From: Chris Wright To: vserver@solucorp.qc.ca Cc: Mihai RUSU Subject: Re: [vserver] netstat like openwall Message-ID: <20020226170834.E6959@figure1.int.wirex.com> References: <20020226171043.9b19f7933cd5@remtk.solucorp.qc.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020226171043.9b19f7933cd5@remtk.solucorp.qc.ca>; from jack@solucorp.qc.ca on Tue, Feb 26, 2002 at 05:10:43PM -0500 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 214 On Tue, 26 Feb 2002 16:57:36 -0500, Mihai RUSU wrote > > For the first issue I think there can be done a quick hack based on the > > sources of openwall patch (www.openwall.org) as follows: > > - openwall kernels show on netstat only the connections which belong to > > the current userid I thought viewing /proc/net/* was limited by group id (you have to have the special group id set with gid= mount option). * Jacques Gelinas (jack@solucorp.qc.ca) wrote: > The patch on ctx-8 uses the security context. The solution in openwall, > should work on top of that and would be a per-vserver feature. openwall > is part of the LSM I think. Bits and pieces of Openwall are ported to LSM. The SECURE_PROC bit has been waiting for an interface change in the VFS that should be available soon (viro mentioned something like the next week or two for the VFS change). cheers, -chris From vserver.error@solucorp.qc.ca Tue Feb 26 23:52:12 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1R4qAAh024781; Tue, 26 Feb 2002 23:52:11 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1R4Q1Z02703 for vserver.list; Tue, 26 Feb 2002 23:26:01 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1R4Q1R02699 for ; Tue, 26 Feb 2002 23:26:01 -0500 Received: from remtk.solucorp.qc.ca (g36-72.citenet.net [206.123.36.72]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g1R4U9680836 for ; Tue, 26 Feb 2002 23:30:09 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g1R42fL02579 for vserver@solucorp.qc.ca; Tue, 26 Feb 2002 23:02:41 -0500 From: Jacques Gelinas Date: Tue, 26 Feb 2002 23:02:41 -0500 To: vserver@solucorp.qc.ca Subject: Re: [vserver] unify check/ disk usage X-mailer: tlmpmail 0.1 Message-ID: <20020226230241.23540e711f3f@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 215 On Tue, 26 Feb 2002 09:08:27 -0500, klavs klavsen wrote > On Mon, 2002-02-25 at 11:32, klavs klavsen wrote: > > I'll try to gather all the information from this and earlier emailings > > into some additions to the FAQ, to help all new vserver users - and > > possible add some clever tips/usage to old users :-) > > > > I was wondering, if any of you know way I could: > > > > 1) get the disk usage of a vserver (the real one - discounting unified > > files). > I found vdu (I thought it existed, but couldn't find it in a bin > directory - why is it under /usr/lib/vserver/?) Because it is experimental and I was unsure if it was useful. > However it seems a little off.. my skel server, which has a bare minimum > of spaceusage, it says uses 325000K and that sounds like it's not > unified at all :-( vdu simply counts the space used by all file with a single link. It assumes that any file with more than one link is probably unified, which is almost true (very few files in a linux distribution are hard linked together) > > 2) get a list of files, that is not unified (or a list of files that > > are?) - this way I could easily check for changes in a vserver - such as > > evidence of hackers and such. vdu could use this instead. If the file has the immutable bit on, and has more than one link, it must be unified. I am thinking about a new utility called vfiles. This utility will produced a list of file not unified by comparing a vserver with either a reference vserver or a package list (a package list + versions in a text file). Tonight I wanted to bring a vserver home (how cool :-) ). So I tar it and compress it. Got 500megs. Not so bad. It fits on my notebook. But wait, 90% of the files in there are already available on my workstation at home. No need to bring them. So using vfiles, I would be able to select all the file no unified (including added packages not found in the reference), bring that home, and then use vunify to bring back the vserver to life :-) Using vfiles, we could do various things, such as vbackup, backuping only what it needed. Using vfiles, it becomes very easy to backup a vserver in the root server and then compare that to prove the vserver has not been hacked. But I would like to see something else in this area. For example, a per vserver flag could change the meaning immutable-unlink fiag. It would be possible to turn the vserver flag on and off from the root server. When the per server flag (called it "frozen") is turned on, the ummutable-unlink flag is disregarded. This means, instantly, all unified files turned to immutable only: A vserver is not allowed to changed them anymore. By using immutable flag on other files as well (config, the rpm database), you can lock a vserver completly in few seconds. This way, you know an intruder can't do anything. Now, you can play game with that. Another per vserver flag, called "alarm" may be used. When on, anytime an immutable file is modified (well, anytime a modification is attempted), the process doing that is locked and some external process is triggered paging the admin. You can trap intrusion in real time. All those funny feature could be implement using the Linux Security Module I think. > > 3) I have several vservers running now, and if I add some files to my > > root server, how can I easily hardlink them to the vservers I want to be > > able to access it? ln ? (this is to save disk space). > can I use the vunify command? vunify operates on packages, so it won't unify anything. You can use hard link at any time to share a file. The best solution is often to use the mount --bind option. It allows you to share a directory. For example, at the office, when we create a vserver for a developper, we give him his home directory. So in the per vserver startup script, we do mount --bind /home/jacques /vserver/jack/home/jacques This way, jacques feels at home. He has access to his personal files and he has "root access". Ye! > > btw. I'm looking into how to get Samba running under a vserver, as I > > consider it one of the rather dangerous services to run and I would > > therefore like it to be run under a vserver.. any tips or experiences > > with this? I've heard there were some problems with the smb broadcasts? > > why is this? Can I do anything about it (add a capability, like what > > fixes the Bind issue?). Using kernel ctx-8, samba should work fine in a vserver. The only issue is that the vserver must be either in the DNS or you must use a WINS to reach it (which you probably do anyway). --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Tue Feb 26 23:52:18 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1R4qGAh024785; Tue, 26 Feb 2002 23:52:17 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1R4Q0D02696 for vserver.list; Tue, 26 Feb 2002 23:26:00 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1R4PxR02692 for ; Tue, 26 Feb 2002 23:25:59 -0500 Received: from remtk.solucorp.qc.ca (g36-72.citenet.net [206.123.36.72]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g1R4U8680833 for ; Tue, 26 Feb 2002 23:30:08 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g1R4D5I02586 for vserver@solucorp.qc.ca; Tue, 26 Feb 2002 23:13:05 -0500 From: Jacques Gelinas Date: Tue, 26 Feb 2002 23:13:05 -0500 To: vserver@solucorp.qc.ca Subject: RE: [vserver] Unification bug? X-mailer: tlmpmail 0.1 Message-ID: <20020226231305.a7dfd215282d@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 216 On Tue, 26 Feb 2002 15:22:12 -0500, John Lyons wrote > > but allows > > for that hard link to be unlinked so that you could replace > > the file. If I understand correctly, > > Hmm, if this is correct then there are implications here. > > ie I build 10 unified vservers. That's nice, low disk usage, shared binary > files and libs keep the server running well. > > If each root vs user decides to have a go at removing say apache/php/mysql > and installs their own, then on the basis of what you've said above they > could easily delete the packages and install their own. I then have 10 > servers using a bigger chunk of disk space and using separate binaries/libs > so performance suffers. Yes this is true. But you can run vunify at any time to re-unify them. > Same would be true if someone subscribed to Up2Date as their vs could very > quickly become out of sync with the other vs's. There is still a little flaw in vunify. It does a unlink/link operation to unify a file. I have to change this to "link to a temp file/rename it over the original". Using this strategy, you will be able to run vunify without stoping the vservers. Note there is still a little drawback. If I update apache, and restart it and then you vunify it while it is running, the non-unified binary will still be in use. So the vunify effect won't be immediate. Nevertheless, by running vunify once in a while, you should be able to keep your vserver under control (sort of). Note that package manager (rpm for one) always operate like this: unlink/replace. This explains why you can pretty much update any package on linux, even if it is in use. For example, update glibc simply works, even if glibc is always in use on a linux box. > I'm just trying to think of the implications for using this in a commercial > environment from the position that we need to maintain a set of almost > identical vs's allowing the users to customise conf files for existing > packages, add new packages but not to be able to modify the existing > packages wrt removing or upgrading. vunify and vbuild allows you to select the immutability. The default is immutable-file + immutable-unlink. You can select immutable-file only. If you do so, there is no way a vserver admin can change those file. Trying to upgrade the package will fail badly. So using this, you have some control > Have I missed something here or am I roughly correct in my concerns? Yes you understand the issue. I have outlined solutions above, but there may still be some practical issues. Many ASPs are working on vservers setup so the next few months will teach us few new tricks :-) --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Wed Feb 27 04:13:44 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1R9DgAh028142; Wed, 27 Feb 2002 04:13:43 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1R8saL06808 for vserver.list; Wed, 27 Feb 2002 03:54:36 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ahriman.bucharest.roedu.net (ahriman.bucharest.roedu.net [141.85.128.71]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g1R8sZR06804 for ; Wed, 27 Feb 2002 03:54:36 -0500 Received: (qmail 22141 invoked by uid 1000); 27 Feb 2002 09:01:13 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 27 Feb 2002 09:01:13 -0000 Date: Wed, 27 Feb 2002 11:01:13 +0200 (EET) From: Mihai RUSU X-X-Sender: To: Subject: Re: [vserver] ctx-8 kernel patches against -ac available In-Reply-To: <4984.204.118.209.253.1014766759.squirrel@webmail.thedeacon.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 217 On Tue, 26 Feb 2002, Paul Kreiner wrote: > New vserver (ctx-8) kernel patches against 2.4.19-pre1-ac1 are now > available in the usual place: > http://www.thedeacon.org/patches/ > cool! > Also available are (ctx-7) patches against 2.4.18-pre9-ac2 and 2.4.18-rc2- > ac1, and patches against -ac trees to add XFS support. > > Try 'em out, give me feedback... they're working in my environment. > Well, would be so kind and try to patch ctx8 into 2.4.9-21SGI_XFS_1.0.2 ? Its the last redhat errata kernel with the XFS release 1.0.2 bits. You can find it in ftp://oss.sgi.com/projectx/xfs/download/Release-1.0.2/kernel_rpms/ i386/contributed-RH-updates/2.4.9-21-RH7.2/ kernel-source-2.4.9-21SGI_XFS_1.0.2.i386.rpm PS: I found it to be the most stable release in production ---------------------------- Mihai RUSU Disclaimer: Any views or opinions presented within this e-mail are solely those of the author and do not necessarily represent those of any company, unless otherwise specifically stated. From vserver.error@solucorp.qc.ca Wed Feb 27 04:21:35 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1R9LRAh028251; Wed, 27 Feb 2002 04:21:28 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1R96iI07204 for vserver.list; Wed, 27 Feb 2002 04:06:44 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ahriman.bucharest.roedu.net (ahriman.bucharest.roedu.net [141.85.128.71]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g1R96hR07200 for ; Wed, 27 Feb 2002 04:06:43 -0500 Received: (qmail 23022 invoked by uid 1000); 27 Feb 2002 09:13:20 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 27 Feb 2002 09:13:20 -0000 Date: Wed, 27 Feb 2002 11:13:20 +0200 (EET) From: Mihai RUSU X-X-Sender: To: Subject: [vserver] ext2/ext3 question Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 218 Hi While patching ctx8 against 2.4.17 I have noticed that it does patch some files in the fs/ext2 and fs/ext3 directories: patching file linux-2.4.17/fs/ext2/ialloc.c patching file linux-2.4.17/fs/ext2/inode.c patching file linux-2.4.17/fs/ext2/ioctl.c patching file linux-2.4.17/fs/ext3/ialloc.c patching file linux-2.4.17/fs/ext3/inode.c patching file linux-2.4.17/fs/ext3/ioctl.c What is this for? If I use some other fs I miss some vserver features? Thanks ---------------------------- Mihai RUSU Disclaimer: Any views or opinions presented within this e-mail are solely those of the author and do not necessarily represent those of any company, unless otherwise specifically stated. From vserver.error@solucorp.qc.ca Wed Feb 27 10:58:30 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1RFwSAh030944; Wed, 27 Feb 2002 10:58:29 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1RFUua14724 for vserver.list; Wed, 27 Feb 2002 10:30:56 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from gadolinium.btinternet.com (gadolinium.btinternet.com [194.73.73.111]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1RFUoR14720 for ; Wed, 27 Feb 2002 10:30:55 -0500 Received: from host213-1-137-176.btinternet.com ([213.1.137.176] helo=john-new) by gadolinium.btinternet.com with esmtp (Exim 3.22 #8) id 16g62a-0001c2-00 for vserver@solucorp.qc.ca; Wed, 27 Feb 2002 15:30:49 +0000 Received: from 192.168.0.1 by john-new ([192.168.0.1] running VPOP3) with SMTP for ; Wed, 27 Feb 2002 15:30:14 -0000 From: "John Lyons" To: Subject: [vserver] New features vfiles Date: Wed, 27 Feb 2002 15:30:12 -0000 Message-ID: <005301c1bfa3$a71266a0$0100a8c0@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <20020226230241.23540e711f3f@remtk.solucorp.qc.ca> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 219 > So using vfiles, I would be able to select all the file no > unified (including > added packages not found in the reference), bring that home, and then > use vunify to bring back the vserver to life :-) > > Using vfiles, we could do various things, such as vbackup, backuping > only what it needed. > > Using vfiles, it becomes very easy to backup a vserver in the > root server > and then compare that to prove the vserver has not been hacked. All of the features that you've described are quite fantastic. We're into budget web hosting but we're still paranoid about reliability and uptimes. As we don't have much money to spend on hardware solutions much of what we do is with opensource software and 'seat of the pants' hacks. The host server is always going to be a single point of failure for us. (No Raid or dual PSU's for us) so my hosting infrastructure is based around 2 or 3 live host servers with 1 hot standby server mirroring each live hosts' vservers. Anyone that's been here before knows that backing up every 24 hours is ok, but if we loose a drive on a host 23 hours after the last backup then we're loosing 23 hours of emails in pop accounts and mysql data which can't be recovered. I've looked at network Raid and a few backup packages but they're all more complex that vserver itself! Being able to sync a hot standby server (say using rsync) or some other package and only backing up the live changing data every hour or so would be a fantastic step forward. (I know rsync already will do this but over 10 or 20 vservers file systems the memory usage would be too high to run it very frequently) Regards John Lyons DomainCity http://www.domaincity.co.uk support@domaincity.co.uk ICQ 74187012 *********************************************************************** Please quote your account number in the subject line of all emails. Failure to do so may result in your enquiries taking longer to process. *********************************************************************** From vserver.error@solucorp.qc.ca Wed Feb 27 11:05:55 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1RG5sAh031025; Wed, 27 Feb 2002 11:05:55 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1RFmVg15119 for vserver.list; Wed, 27 Feb 2002 10:48:31 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from main.cyber-office.net (main.cyber-office.net [216.64.180.226]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1RFmUR15115 for ; Wed, 27 Feb 2002 10:48:31 -0500 Received: from localhost (raanders@localhost) by main.cyber-office.net (8.11.6/linuxconf) with ESMTP id g1RFtPk13645 for ; Wed, 27 Feb 2002 07:55:25 -0800 X-Authentication-Warning: main.cyber-office.net: raanders owned process doing -bs Date: Wed, 27 Feb 2002 07:55:24 -0800 (PST) From: X-X-Sender: To: Subject: [vserver] Unification for DUMBIES Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 220 I've tried to created a unified vserver with less than satisfactory results. I'm sure it is because of a design decision I made when building the server. I created a partition for each planned vserver. It's my understanding that unification uses hard links and that hard links can't be done across file-systems/partitions. Are these two thoughts correct? If so my plan to to merge the several partitions into one using partd (fortunately they are all contiguous on the hard-drive.) Mount that big partition as /vservers and let it rip. I do see one problem and that is I have other vservers running that were not unified on a different partition and hard-drive. Is there anyway let/force the vserver exist outside the /vservers directory? As always any and all help is appreciated. Best, Rod -- Why is it so easy to throw caution to the wind. Shouldn't it be heavier and shaped like an anvil? Jon Anderson From vserver.error@solucorp.qc.ca Wed Feb 27 12:26:30 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1RHQTAh031962; Wed, 27 Feb 2002 12:26:29 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1RH8i216866 for vserver.list; Wed, 27 Feb 2002 12:08:44 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from localhost.localdomain (pia153-99.pioneernet.net [66.114.153.99]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1RH8hR16862 for ; Wed, 27 Feb 2002 12:08:43 -0500 Received: from openwebmail (casonmaster [127.0.0.1]) by localhost.localdomain (8.11.6/8.11.6) with ESMTP id g1RHAsX28767 for ; Wed, 27 Feb 2002 09:10:54 -0800 From: "Wray Cason" To: vserver@solucorp.qc.ca Subject: Re: [vserver] New features vfiles Date: Wed, 27 Feb 2002 09:10:54 -0800 Message-Id: <20020227091054.A43167@auxiliumcomputing.com> In-Reply-To: <005301c1bfa3$a71266a0$0100a8c0@johnnew> References: <20020226230241.23540e711f3f@remtk.solucorp.qc.ca> X-Mailer: Open WebMail 1.53 20020112 X-OriginatingIP: 192.168.0.2 (auxiliumcomputing) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 221 > > Being able to sync a hot standby server (say using rsync) > or some other package and only backing up the live changing > data every hour or so would be a fantastic step forward. (I > know rsync already will do this but over 10 or 20 vservers > file systems the memory usage would be too high to run it very > frequently) This is very similar to a problem I have been wrestling with. My best solution so far is to use mirrordir http://mirrordir.sourceforge.net/mirrordir.php on top of nfs. By running the mirrordir process on the standby system, I can save the production system the stress. Of course, the nfs daemon on the production system is quite busy. This is not an adequate solution in my opinion. Ideally, I want to mirror the production file system in real time. I just don't know if that is possible without investing in some hardware solution. -- Wray Cason "Wrayman" Auxilium Computing www.auxiliumcomputing.com wrayman@auxiliumcomputing.com main: 206-595-2080 fax: 425-895-9825 From vserver.error@solucorp.qc.ca Wed Feb 27 14:01:58 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1RJ1vAh000417; Wed, 27 Feb 2002 14:01:57 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1RIZDr18823 for vserver.list; Wed, 27 Feb 2002 13:35:13 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from localhost.localdomain (pia153-99.pioneernet.net [66.114.153.99]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1RIZCR18819 for ; Wed, 27 Feb 2002 13:35:12 -0500 Received: from openwebmail (casonmaster [127.0.0.1]) by localhost.localdomain (8.11.6/8.11.6) with ESMTP id g1RIbSX02094 for ; Wed, 27 Feb 2002 10:37:28 -0800 From: "Wray Cason" To: vserver@solucorp.qc.ca Subject: RE: [vserver] routing Date: Wed, 27 Feb 2002 10:37:28 -0800 Message-Id: <20020227103728.A81445@auxiliumcomputing.com> In-Reply-To: References: <20020225102204.A43602@auxiliumcomputing.com> X-Mailer: Open WebMail 1.53 20020112 X-OriginatingIP: 192.168.0.2 (auxiliumcomputing) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 222 > > No you can't set default routes in vserver > what you need is somewhat more advanced routing in the real > server. > > say that you have eth0 which is the default interface for > which you have a default gateway configured and now you want > a vserver to use eth1 instead, then maybe somethine like this > can help. > > ip rule add from table 200 > > ip route add dev eth1 table 200 > ip route add default via > dev eth1 table 200 > > replace with the ipaddress the vserver > is using. is something like 192.168.1.0/24 > is maybe 192.168.1.1 ? > replace with actual default gateway. > > if you have several vserver that should use eth1 but diffrent > ipaddresses and those addresses are located in the same subnet > you can add more 'ip rule' rows, one for each ip. > > and if you have vserver that use an ipaddress on eth1 that's > part of another subnet you have to add all these 3 rules but > change the table number from 200 to something diffrent, say > 201. > > I hope this helps. > > /Martin > > Never argue with an idiot. They drag you down to their level, Thank you very much. This was very helpful to me. I have a related question. Please confirm or refute that this is true: A vserver can never, under any circumstances be aware of networks and interfaces in the base computer other than the one it is bound to. As such, if all base interfaces are addressed with private unroutable addresses, and only the vserver has the public address, it is impossible to route all server traffic out through the public address. Thanks. I have found this mailing list to be incredibly helpful and educational. -- Wray Cason "Wrayman" Auxilium Computing www.auxiliumcomputing.com wrayman@auxiliumcomputing.com main: 206-595-2080 fax: 425-895-9825 From vserver.error@solucorp.qc.ca Wed Feb 27 14:53:39 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1RJraAh001009; Wed, 27 Feb 2002 14:53:38 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1RJU2R19924 for vserver.list; Wed, 27 Feb 2002 14:30:02 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tux.rsn.bth.se (tux.rsn.bth.se [194.47.143.135]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1RJU1R19919 for ; Wed, 27 Feb 2002 14:30:01 -0500 Received: from localhost (gandalf@localhost [127.0.0.1]) by tux.rsn.bth.se (8.12.1/8.12.1/Debian -5) with ESMTP id g1RJTkgg014340 for ; Wed, 27 Feb 2002 20:29:49 +0100 Date: Wed, 27 Feb 2002 20:29:46 +0100 (CET) From: Martin Josefsson X-Sender: gandalf@tux.rsn.bth.se To: vserver@solucorp.qc.ca Subject: RE: [vserver] routing In-Reply-To: <20020227103728.A81445@auxiliumcomputing.com> Message-ID: X-message-flag: Get yourself a real mail client! http://www.washington.edu/pine/ MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 223 On Wed, 27 Feb 2002, Wray Cason wrote: [snip] > Thank you very much. This was very helpful to me. I have a related > question. Please confirm or refute that this is true: > > A vserver can never, under any circumstances be aware of networks and > interfaces in the base computer other than the one it is bound to. As such, > if all base interfaces are addressed with private unroutable addresses, and > only the vserver has the public address, it is impossible to route all > server traffic out through the public address. hmm not entirely sure what you mean... the base server has private addresses and only the vserver has a public ip. that part I think I got but the "impossible to route all server traffic out through the public address" part I don't really get, do you mean all traffic from this vserver? from the base server? or everything (base + all vservers)? /Martin Never argue with an idiot. They drag you down to their level, then beat you with experience. From vserver.error@solucorp.qc.ca Wed Feb 27 17:00:58 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1RM0vAh003315; Wed, 27 Feb 2002 17:00:57 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1RLfCu22692 for vserver.list; Wed, 27 Feb 2002 16:41:12 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1RLfAR22688 for ; Wed, 27 Feb 2002 16:41:11 -0500 Received: from tpx20.vsen.dk (unknown [192.168.1.50]) by www.vsen.dk (Postfix) with ESMTP id 34EA31000 for ; Wed, 27 Feb 2002 22:41:08 +0100 (CET) Subject: Re: [vserver] unify check/ disk usage From: Klavs Klavsen To: vserver@solucorp.qc.ca In-Reply-To: <20020226230241.23540e711f3f@remtk.solucorp.qc.ca> References: <20020226230241.23540e711f3f@remtk.solucorp.qc.ca> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-qnwWFkL/F9iWCFaBLzy9" X-Mailer: Evolution/1.0.2 Date: 27 Feb 2002 22:41:07 +0100 Message-Id: <1014846069.1167.28.camel@tpx20.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 224 --=-qnwWFkL/F9iWCFaBLzy9 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed, 2002-02-27 at 05:02, Jacques Gelinas wrote: > On Tue, 26 Feb 2002 09:08:27 -0500, klavs klavsen wrote > > On Mon, 2002-02-25 at 11:32, klavs klavsen wrote: >=20 > > > I'll try to gather all the information from this and earlier emailing= s > > > into some additions to the FAQ, to help all new vserver users - and > > > possible add some clever tips/usage to old users :-) > > > > > > I was wondering, if any of you know way I could: > > > > > > 1) get the disk usage of a vserver (the real one - discounting unifie= d > > > files). > > I found vdu (I thought it existed, but couldn't find it in a bin > > directory - why is it under /usr/lib/vserver/?) >=20 > Because it is experimental and I was unsure if it was useful. I believe it is. :-) =20 > > However it seems a little off.. my skel server, which has a bare minimu= m > > of spaceusage, it says uses 325000K and that sounds like it's not > > unified at all :-( >=20 > vdu simply counts the space used by all file with a single link. It assum= es that > any file with more than one link is probably unified, which is almost tru= e > (very few files in a linux distribution are hard linked together) which would mean, that my skel-server is not unified against the base syste= m? 325mb is a lot for config files only, However a du -csh /vserver/skel says 403mb - which means that there are some unified files. Can this have anything to do, with the fact that I've rpm -e a lot of packages within the skel server? (didn't use vrpm). =20 >=20 > > > 2) get a list of files, that is not unified (or a list of files that > > > are?) - this way I could easily check for changes in a vserver - such= as > > > evidence of hackers and such. >=20 > vdu could use this instead. If the file has the immutable bit on, and has > more than one link, it must be unified. the immutable-unlink flag, could be checked with lsattr (if so, what's the = letter for it?)? =20 > I am thinking about a new utility called vfiles. This utility will produc= ed > a list of file not unified by comparing a vserver with either a reference > vserver or a package list (a package list + versions in a text file). sounds interesting, and definetely useful. Would be a good thing to make some switches, just like DU so one can choose how and what the user exactly wants. As I see, it there are a few uses for different kind of output, which basically belongs to the unified / not-unified question.(f.ex. the ability to find files, that are outside, the "not-unified" dirs only, and have been un-unified etc.).I'm sure you can think of many more. >=20 > Tonight I wanted to bring a vserver home (how cool :-) ). So I tar it and= compress > it. Got 500megs. Not so bad. It fits on my notebook. But wait, 90% of the= files > in there are already available on my workstation at home. No need to brin= g them. But are they the exact version? would require, that you the same version of RH, and have applied the same updates. > So using vfiles, I would be able to select all the file no unified (inclu= ding > added packages not found in the reference), bring that home, and then > use vunify to bring back the vserver to life :-) fair enough, but one would have to be able to check against the reference of the home-server. =20 > Using vfiles, we could do various things, such as vbackup, backuping > only what it needed. kinda like rsync. sounds very useful. =20 > Using vfiles, it becomes very easy to backup a vserver in the root server > and then compare that to prove the vserver has not been hacked. One of the very interesting features. However, it should be possible to che= ck this without comparing against a backup - f.ex. by having a list of files that "should be" unified - and then checking if they still are. If they have been unlinked - something weird is up.. and if you know you updated the vserver only, then you could just update the list of unified-files. The list of should-be unified files, are also good to apply a tripwire-like checksum check root against vserver, if one does not have a checksum database installed. =20 > But I would like to see something else in this area. For example, a per > vserver flag could change the meaning immutable-unlink fiag. It would > be possible to turn the vserver flag on and off from the root server. Whe= n > the per server flag (called it "frozen") is turned on, the ummutable-unli= nk > flag is disregarded. This means, instantly, all unified files turned to i= mmutable > only: A vserver is not allowed to changed them anymore. is this not possible now, by removing the immutable-unlink flag, from the necessary vservers only? sorry if I'm a but dumb here, but what's the extra features with the per vserver flag? >=20 > By using immutable flag on other files as well (config, the rpm database)= , you can > lock a vserver completly in few seconds. This way, you know an intruder c= an't > do anything. that's cool. > Now, you can play game with that. Another per vserver flag, called "alarm= " may > be used. When on, anytime an immutable file is modified (well, anytime a > modification is attempted), the process doing that is locked and some > external process is triggered paging the admin. You can trap intrusion in= real > time. sounds like a cool and inexpensive way of doing Instant IDS. > All those funny feature could be implement using the Linux Security Modul= e > I think. I would love to hear what your plans are with the LSM and vserver. I visite= d Openwall but couldn't find any texts about what LSM is, and what it enabl= es. =20 > > > 3) I have several vservers running now, and if I add some files to my > > > root server, how can I easily hardlink them to the vservers I want to= be > > > able to access it? ln ? (this is to save disk space). > > can I use the vunify command? >=20 > vunify operates on packages, so it won't unify anything. You can use > hard link at any time to share a file. The best solution is often to use = the > mount --bind option. It allows you to share a directory. For example, at = the > office, when we create a vserver for a developper, we give him his home > directory. So in the per vserver startup script, we do > mount --bind /home/jacques /vserver/jack/home/jacques >=20 > This way, jacques feels at home. He has access to his personal files and > he has "root access". Ye! >=20 > > > btw. I'm looking into how to get Samba running under a vserver, as I > > > consider it one of the rather dangerous services to run and I would > > > therefore like it to be run under a vserver.. any tips or experiences > > > with this? I've heard there were some problems with the smb broadcast= s? > > > why is this? Can I do anything about it (add a capability, like what > > > fixes the Bind issue?). >=20 > Using kernel ctx-8, samba should work fine in a vserver. The only issue i= s > that the vserver must be either in the DNS or you must use a WINS to reac= h > it (which you probably do anyway). Great. what change enabled this? (i'm curious by nature :-)=20 --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-qnwWFkL/F9iWCFaBLzy9 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8fVJz4c1kHlhtW8oRAkIpAJ9OudLeAqzY4DhFi0Mkye7bSoTd3wCePado bAqmEyoCLVsIeis2Ocqsf7A= =x0f8 -----END PGP SIGNATURE----- --=-qnwWFkL/F9iWCFaBLzy9-- From vserver.error@solucorp.qc.ca Wed Feb 27 17:05:44 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1RM5iAh003370; Wed, 27 Feb 2002 17:05:44 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1RLkQ422819 for vserver.list; Wed, 27 Feb 2002 16:46:26 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1RLkPR22815 for ; Wed, 27 Feb 2002 16:46:25 -0500 Received: from tpx20.vsen.dk (unknown [192.168.1.50]) by www.vsen.dk (Postfix) with ESMTP id 34CB21000 for ; Wed, 27 Feb 2002 22:46:22 +0100 (CET) Subject: Re: [vserver] ext2/ext3 question From: Klavs Klavsen To: vserver@solucorp.qc.ca In-Reply-To: References: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-lwE9UQ18ETc7X88Ax+VJ" X-Mailer: Evolution/1.0.2 Date: 27 Feb 2002 22:46:22 +0100 Message-Id: <1014846382.1167.35.camel@tpx20.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 225 --=-lwE9UQ18ETc7X88Ax+VJ Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed, 2002-02-27 at 10:13, Mihai RUSU wrote: > Hi >=20 > While patching ctx8 against 2.4.17 I have noticed that it does patch some > files in the fs/ext2 and fs/ext3 directories: > patching file linux-2.4.17/fs/ext2/ialloc.c > patching file linux-2.4.17/fs/ext2/inode.c > patching file linux-2.4.17/fs/ext2/ioctl.c > patching file linux-2.4.17/fs/ext3/ialloc.c > patching file linux-2.4.17/fs/ext3/inode.c > patching file linux-2.4.17/fs/ext3/ioctl.c >=20 > What is this for? If I use some other fs I miss some vserver features? My guess, would be the adding of the immutable-unlink flag? and the features that this enables (allowing vserver users to alter the unified files - which then get un-unified). =20 --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-lwE9UQ18ETc7X88Ax+VJ Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8fVOt4c1kHlhtW8oRAoaoAKC13GEGlczXLXugdg8WAaTv4EqbBgCgkOzI 2WKoFc4RzCPsduPj/MxErLc= =ob0I -----END PGP SIGNATURE----- --=-lwE9UQ18ETc7X88Ax+VJ-- From vserver.error@solucorp.qc.ca Wed Feb 27 17:16:19 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1RMGIAh003458; Wed, 27 Feb 2002 17:16:18 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1RLpkW22969 for vserver.list; Wed, 27 Feb 2002 16:51:46 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1RLpjR22965 for ; Wed, 27 Feb 2002 16:51:45 -0500 Received: from tpx20.vsen.dk (unknown [192.168.1.50]) by www.vsen.dk (Postfix) with ESMTP id B46F01000 for ; Wed, 27 Feb 2002 22:51:45 +0100 (CET) Subject: RE: [vserver] unify check/ disk usage From: Klavs Klavsen To: vserver@solucorp.qc.ca In-Reply-To: <006b01c1bed8$619df600$0100a8c0@johnnew> References: <006b01c1bed8$619df600$0100a8c0@johnnew> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-goxUrrWvBcZvszd4PAGP" X-Mailer: Evolution/1.0.2 Date: 27 Feb 2002 22:51:45 +0100 Message-Id: <1014846705.1167.42.camel@tpx20.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 226 --=-goxUrrWvBcZvszd4PAGP Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 2002-02-26 at 16:15, John Lyons wrote: >=20 > > However it seems a little off.. my skel server, which has a > > bare minimum > > of spaceusage, it says uses 325000K and that sounds like it's not > > unified at all :-( > > >=20 > If that's the only vserver on your system then there are no hard links to > anything else so the figure is probably correct. Build another unified vs > from the sekl and check it again. it did changes something. The vdu output for the test server (share'ed) and build from the skel is 178000K - about half of what the skel server is, and the du -csh gives the same output (as it should :-) As I read this, it means my skel server is not very much unified (only about 70000K is unified), and this appearently went better when building from the skel. Why is this? How can I ensure that for instance all files except files under /etc and /usr/local and /home are unified - and kept this way? --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-goxUrrWvBcZvszd4PAGP Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8fVTx4c1kHlhtW8oRAph1AKCr1O3DWV3ob3QTGTp9TfqlKdkzwgCgjv3C qnwl14W8E9n1rPsolj8PRHc= =qIQO -----END PGP SIGNATURE----- --=-goxUrrWvBcZvszd4PAGP-- From vserver.error@solucorp.qc.ca Wed Feb 27 19:51:06 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1S0p5Ah004893; Wed, 27 Feb 2002 19:51:05 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1S0RCj25820 for vserver.list; Wed, 27 Feb 2002 19:27:12 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from localhost.localdomain (pia153-99.pioneernet.net [66.114.153.99]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1S0RBR25816 for ; Wed, 27 Feb 2002 19:27:12 -0500 Received: from openwebmail (casonmaster [127.0.0.1]) by localhost.localdomain (8.11.6/8.11.6) with ESMTP id g1S0TPX25672 for ; Wed, 27 Feb 2002 16:29:25 -0800 From: "Wray Cason" To: vserver@solucorp.qc.ca Subject: RE: [vserver] routing Date: Wed, 27 Feb 2002 16:29:25 -0800 Message-Id: <20020227162925.A76746@auxiliumcomputing.com> In-Reply-To: References: <20020227103728.A81445@auxiliumcomputing.com> X-Mailer: Open WebMail 1.53 20020112 X-OriginatingIP: 192.168.0.2 (auxiliumcomputing) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 227 > On Wed, 27 Feb 2002, Wray Cason wrote: > > [snip] > > > Thank you very much. This was very helpful to me. I have a related > > question. Please confirm or refute that this is true: > > > > A vserver can never, under any circumstances be aware of networks and > > interfaces in the base computer other than the one it is bound to. As such, > > if all base interfaces are addressed with private unroutable addresses, and > > only the vserver has the public address, it is impossible to route all > > server traffic out through the public address. > > hmm not entirely sure what you mean... > the base server has private addresses and only the vserver > has a public ip. that part I think I got but the "impossible > to route all server traffic out through the public address" > part I don't really get, do you mean all traffic from this > vserver? from the base server? or everything (base + all vservers)? > > /Martin > > Never argue with an idiot. They drag you down to their level, That latter is exactly what I meant, base + all vservers. I was looking into the possibility of isolating the base system that much more by not putting a public address on it. I would still want to make use of the public network on the vserver for routing purposes. A little more detail might help to clarify. I have 2 servers connected to the my private network as well as the public network. The interfaces on the public network were assigned private addresses. This way they could communicate freely between the two of them without using bandwidth on the private network. Also, they could not be touched from the internet. I then put the public address on a vserver bound to the outside interface and tried to create default routes for everything through that vserver. At this point, I am inclined to believe that this arrangement won't work. -- Wray Cason "Wrayman" Auxilium Computing www.auxiliumcomputing.com wrayman@auxiliumcomputing.com main: 206-595-2080 fax: 425-895-9825 From vserver.error@solucorp.qc.ca Wed Feb 27 21:04:07 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1S246Ah005464; Wed, 27 Feb 2002 21:04:06 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1S1c1m27087 for vserver.list; Wed, 27 Feb 2002 20:38:01 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1S1c0R27083 for ; Wed, 27 Feb 2002 20:38:00 -0500 Received: from remtk.solucorp.qc.ca (g39-244.citenet.net [206.123.39.244]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g1S1gI659668 for ; Wed, 27 Feb 2002 20:42:19 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g1RJ0kW02885 for vserver@solucorp.qc.ca; Wed, 27 Feb 2002 14:00:46 -0500 From: Jacques Gelinas Date: Wed, 27 Feb 2002 14:00:46 -0500 To: vserver@solucorp.qc.ca Subject: Re: [vserver] vps question X-mailer: tlmpmail 0.1 Message-ID: <20020227140046.d6c685c8e53b@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 228 On Thu, 21 Feb 2002 16:39:05 -0500, Krischan Jodies wrote > Am Donnerstag, 21. Februar 2002 01:01 schrieben Sie: > > > Is there any way of showing, using vps or similar, in the root shell, > > what vservers processes are owned by ?? > > Have a look at my little wrapper :-) > ftp://ftp.sernet.de/pub/vserver/vps2 Sounds interesting. I tried it on rh7.2. Works fine. On rh7, it does not print anything. Is it dependant on some perl version ? Once this is fixed, I will include it in the distribution. Thanks! --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Wed Feb 27 22:04:41 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1S34dAh005877; Wed, 27 Feb 2002 22:04:39 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1S2dC328133 for vserver.list; Wed, 27 Feb 2002 21:39:12 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.thedeacon.org (thedeacon.org [64.71.202.149]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1S2dBR28129 for ; Wed, 27 Feb 2002 21:39:11 -0500 Received: from thedeacon.org (cyrix-m3.thedeacon.org [172.23.172.133]) by mail.thedeacon.org (Postfix) with SMTP id 0182A241CD; Wed, 27 Feb 2002 19:39:07 -0700 (MST) Received: from 172.23.172.156 (SquirrelMail authenticated user deacon) by webmail.thedeacon.org with HTTP; Wed, 27 Feb 2002 19:42:44 -0700 (MST) Message-ID: <2407.172.23.172.156.1014864164.squirrel@webmail.thedeacon.org> Date: Wed, 27 Feb 2002 19:42:44 -0700 (MST) Subject: Re: [vserver] ctx-8 kernel patches against -ac available From: "Paul Kreiner" To: In-Reply-To: References: X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal Cc: X-Mailer: SquirrelMail (version 1.2.4) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 229 Mihai, I've got a full RedHat 2.4.9-21-XFS-ctx8 kernel tarball up on my site. Go ahead and give it a shot and let me know how it works for you -- it boots & runs on my system, but I haven't put it through it's paces yet. _Paul K. --- Mihai RUSU said: > On Tue, 26 Feb 2002, Paul Kreiner wrote: > >> New vserver (ctx-8) kernel patches against 2.4.19-pre1-ac1 are now >> available in the usual place: >> http://www.thedeacon.org/patches/ >> > cool! > > Well, would be so kind and try to patch ctx8 into 2.4.9-21SGI_XFS_1.0.2 > ? Its the last redhat errata kernel with the XFS release 1.0.2 bits. > You can find it in > ftp://oss.sgi.com/projectx/xfs/download/Release-1.0.2/kernel_rpms/ > i386/contributed-RH-updates/2.4.9-21-RH7.2/ > kernel-source-2.4.9-21SGI_XFS_1.0.2.i386.rpm > > PS: I found it to be the most stable release in production > > ---------------------------- > Mihai RUSU From vserver.error@solucorp.qc.ca Thu Feb 28 03:54:29 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1S8sSAh008664; Thu, 28 Feb 2002 03:54:28 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1S8bsP01267 for vserver.list; Thu, 28 Feb 2002 03:37:54 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ahriman.bucharest.roedu.net (ahriman.bucharest.roedu.net [141.85.128.71]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g1S8brR01263 for ; Thu, 28 Feb 2002 03:37:54 -0500 Received: (qmail 15635 invoked by uid 1000); 28 Feb 2002 08:44:34 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 28 Feb 2002 08:44:34 -0000 Date: Thu, 28 Feb 2002 10:44:34 +0200 (EET) From: Mihai RUSU X-X-Sender: To: Paul Kreiner cc: Subject: Re: [vserver] ctx-8 kernel patches against -ac available In-Reply-To: <2407.172.23.172.156.1014864164.squirrel@webmail.thedeacon.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 230 On Wed, 27 Feb 2002, Paul Kreiner wrote: > Mihai, > > I've got a full RedHat 2.4.9-21-XFS-ctx8 kernel tarball up on my site. Go > ahead and give it a shot and let me know how it works for you -- it boots & > runs on my system, but I haven't put it through it's paces yet. > > _Paul K. > Wow, you are fast. I said that a little bit in a hurry. The fact is that I have to wait for a hardware aquisition before using an vserver XFS enabled version. Did you also patched the immuatable unlink feature in XFS? Anyway I will give it a try but not right now. ---------------------------- Mihai RUSU Disclaimer: Any views or opinions presented within this e-mail are solely those of the author and do not necessarily represent those of any company, unless otherwise specifically stated. From vserver.error@solucorp.qc.ca Thu Feb 28 03:54:40 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1S8sdAh008669; Thu, 28 Feb 2002 03:54:39 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1S8aBP01240 for vserver.list; Thu, 28 Feb 2002 03:36:11 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ahriman.bucharest.roedu.net (ahriman.bucharest.roedu.net [141.85.128.71]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g1S8aAR01236 for ; Thu, 28 Feb 2002 03:36:10 -0500 Received: (qmail 15424 invoked by uid 1000); 28 Feb 2002 08:42:50 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 28 Feb 2002 08:42:50 -0000 Date: Thu, 28 Feb 2002 10:42:50 +0200 (EET) From: Mihai RUSU X-X-Sender: To: Subject: Re: [vserver] ext2/ext3 question In-Reply-To: <1014846382.1167.35.camel@tpx20.vsen.dk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 231 On 27 Feb 2002, Klavs Klavsen wrote: > My guess, would be the adding of the immutable-unlink flag? > and the features that this enables (allowing vserver users to alter the > unified files - which then get un-unified). > Hi Klavs Looking in the patch it seems that you are right. Having said that I dont think I really need that special feature. I dont use RedHat and thus I dont use its package management (rpm). Also any upgrade on that system I would prefer doing it manually. Without that special fs support the user still cannot alter the i flag on files (even as root) , right ? Thanks ---------------------------- Mihai RUSU Disclaimer: Any views or opinions presented within this e-mail are solely those of the author and do not necessarily represent those of any company, unless otherwise specifically stated. From vserver.error@solucorp.qc.ca Thu Feb 28 07:49:40 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1SCndAh011096; Thu, 28 Feb 2002 07:49:40 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1SCMd805035 for vserver.list; Thu, 28 Feb 2002 07:22:39 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from rhenium.btinternet.com (rhenium.btinternet.com [194.73.73.93]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1SCMcR05031 for ; Thu, 28 Feb 2002 07:22:38 -0500 Received: from host213-1-136-209.btinternet.com ([213.1.136.209] helo=john-new) by rhenium.btinternet.com with esmtp (Exim 3.22 #8) id 16gPa1-0000tz-00 for vserver@solucorp.qc.ca; Thu, 28 Feb 2002 12:22:37 +0000 Received: from 192.168.0.1 by john-new ([192.168.0.1] running VPOP3) with SMTP for ; Thu, 28 Feb 2002 12:22:20 -0000 From: "John Lyons" To: Subject: RE: [vserver] unify check/ disk usage Date: Thu, 28 Feb 2002 12:22:20 -0000 Message-ID: <003001c1c052$916485e0$0100a8c0@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <1014846705.1167.42.camel@tpx20.vsen.dk> Importance: Normal X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 232 > As I read this, it means my skel server is not very much unified (only > about 70000K is unified), and this appearently went better > when building > from the skel. Why is this? Can't say. I've been using a vserver to install and remove rpm's and build new rpm's from src files so that I could get the 'perfect' hosting vserver. After spending a week or so on and off playing with packages I discovered that building vservers based on it resulted in each vs being something like 300mb. What I'd missed was that /root and /home/admin had raw rpm files in with src files, also /usr/src/redhat had binary files and rpm's in it. Building a new vs was just copying all of those files over and as they weren't part of an rpm they weren't getting unified. They shouldn't have been there in the first place but I'd missed them and expected the unify process to only copy RPM packages over to the new vs not the entire file system. Luckily I'd not 2 unified vs's on the backup server that were still fresh and taking 12mb of space after unification to start again with. My guess is that you've got source installed binaries or log files etc that are being copied from the base server. If your base server has a /var/logs and or /home dir with a lot of data in it every vserver you build will have the same files copied over. Regards John Lyons DomainCity http://www.domaincity.co.uk support@domaincity.co.uk ICQ 74187012 *********************************************************************** Please quote your account number in the subject line of all emails. Failure to do so may result in your enquiries taking longer to process. *********************************************************************** From vserver.error@solucorp.qc.ca Thu Feb 28 10:55:36 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1SFtVAh012554; Thu, 28 Feb 2002 10:55:35 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1SFTqX08581 for vserver.list; Thu, 28 Feb 2002 10:29:52 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.thedeacon.org (thedeacon.org [64.71.202.149]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1SFTpR08577 for ; Thu, 28 Feb 2002 10:29:51 -0500 Received: from thedeacon.org (cyrix-m3.thedeacon.org [172.23.172.133]) by mail.thedeacon.org (Postfix) with SMTP id 24A51241CD; Thu, 28 Feb 2002 08:29:51 -0700 (MST) Received: from 204.118.209.253 (SquirrelMail authenticated user deacon) by webmail.thedeacon.org with HTTP; Thu, 28 Feb 2002 08:33:30 -0700 (MST) Message-ID: <3393.204.118.209.253.1014910410.squirrel@webmail.thedeacon.org> Date: Thu, 28 Feb 2002 08:33:30 -0700 (MST) Subject: [vserver] RH 2.4.9-21XFS kernel w/ctx-8 (was: ctx-8 kernel patches against -ac available) From: "Paul Kreiner" To: In-Reply-To: References: X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal Cc: X-Mailer: SquirrelMail (version 1.2.4) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 233 Mihai RUSU said: > On Wed, 27 Feb 2002, Paul Kreiner wrote: > >> Mihai, >> >> I've got a full RedHat 2.4.9-21-XFS-ctx8 kernel tarball up on my site. >> Go ahead and give it a shot and let me know how it works for you -- >> it boots & runs on my system, but I haven't put it through it's paces >> yet. >> >> _Paul K. >> > > Wow, you are fast. I said that a little bit in a hurry. The fact is > that I have to wait for a hardware aquisition before using an vserver > XFS enabled version. Did you also patched the immuatable unlink feature > in XFS? > I haven't tried moving the immutable-link stuff into XFS just yet... although I took a first look at it yesterday. Probably over the next few days I might try it, if people are interested. I have no real need for the unlink stuff in my environment though, so it's not been a priority. _Paul K. From vserver.error@solucorp.qc.ca Thu Feb 28 12:27:50 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1SHRnAh013327; Thu, 28 Feb 2002 12:27:49 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1SH0m810559 for vserver.list; Thu, 28 Feb 2002 12:00:48 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from remtk.solucorp.qc.ca (dns.unigiciel.com [207.253.4.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1SH0lR10555 for ; Thu, 28 Feb 2002 12:00:47 -0500 Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g1SH2IH08874 for vserver@dns.solucorp.qc.ca; Thu, 28 Feb 2002 12:02:18 -0500 From: Jacques Gelinas Date: Thu, 28 Feb 2002 12:02:17 -0500 To: Vserver mailing list Subject: [vserver] vserver 0.12 changelog X-mailer: tlmpmail 0.1 Message-ID: <20020228120217.c9930e3c4c67@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 234 vserver 0.12 Change log 1. Enhancements 1.1. kernel 2.4.18ctx-8 Nothing new vserver wise. The patch-2.4.17ctx-8 was adapted to the new kernel 2.4.18. There were minor adjustment needed in kernel/exit.c and kernel/fork.c. No new features. 2.4.18 introduces new system calls (reserved at least), so we had to move our own at the end. If you have vserver-0.12, it does not matter, as it adapts to the kernel on the fly. You can use the same binary to run a 2.4.17ctx-any kernel or the new 2.4.18ctx-8. 2. Bug fixes 2.1. dynamic system call There was a bug. It was not working for the new_s_context. To move to the new 2.4.18ctx-8 kernel, you need vserver-0.12. vserver-stat was changed to use the new dynamic system call feature --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Thu Feb 28 14:00:46 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1SJ0cAh014047; Thu, 28 Feb 2002 14:00:40 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1SIiDx12608 for vserver.list; Thu, 28 Feb 2002 13:44:13 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from zeus.bragatel.pt (zeus.bragatel.pt [217.70.64.253] (may be forged)) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g1SIi9R12604 for ; Thu, 28 Feb 2002 13:44:13 -0500 Received: (qmail 17753 invoked by uid 507); 28 Feb 2002 18:43:58 -0000 Received: from cliente-bgt-217-70-64-194.bragatel.pt (HELO localhost.localdomain) (217.70.64.194) by zeus.local.bragatel.pt with SMTP; 28 Feb 2002 18:43:58 -0000 Subject: [vserver] Kernel panic From: Luis Santos To: Vserver mailing list In-Reply-To: <20020228120217.c9930e3c4c67@remtk.solucorp.qc.ca> References: <20020228120217.c9930e3c4c67@remtk.solucorp.qc.ca> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Evolution/1.0.2 Date: 28 Feb 2002 18:43:16 +0000 Message-Id: <1014921796.794.55.camel@localhost.localdomain> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 235 I'm running RH7.1, Kernel 2.4.17 with virtual server patch, virtual server utilities 0.12 in this hardware: Ethernet card: via-rhine Memory: 131060k CPU: Intel Pentium III (Katmai) stepping 03 Disk controller: Adaptec AIC7XXX EISA/VLB/PCI SCSI HBA DRIVER, Rev 6.2.4 Adaptec aic7890/91 Ultra2 SCSI Disk: QUANTUM Model: ATLAS IV 9 WLS Rev: 0B0B When my computer boots, everything is OK. I start a virtual server, enter it, ... , without problems. Then, when kernel starts using swap space, it gives me errors and more errors and stops after some time. I must say that this problem only gets when kernel uses swap space. Tkanks and sorry my poor english. -------------------------------------------------------------------------------------- Feb 28 15:38:24 plutao kernel: Code: Bad EIP value. Feb 28 15:38:27 plutao kernel: <1>Unable to handle kernel paging request at virtual address 00002e00 Feb 28 15:38:27 plutao kernel: printing eip: Feb 28 15:38:27 plutao kernel: 00002e00 Feb 28 15:38:27 plutao kernel: *pde = 00000000 Feb 28 15:38:27 plutao kernel: Oops: 0000 Feb 28 15:38:27 plutao kernel: CPU: 0 Feb 28 15:38:27 plutao kernel: EIP: 0010:[<00002e00>] Not tainted Feb 28 15:38:27 plutao kernel: EFLAGS: 00010202 Feb 28 15:38:27 plutao kernel: eax: 00000002 ebx: c0331e60 ecx: 0000002e edx: c8821000 Feb 28 15:38:27 plutao kernel: esi: 0000002e edi: 00000020 ebp: 000009de esp: c081dc1c Feb 28 15:38:27 plutao kernel: ds: 0018 es: 0018 ss: 0018 Feb 28 15:38:27 plutao kernel: Process vserver (pid: 959, stackpage=c081d000) Feb 28 15:38:27 plutao kernel: Stack: c11c6900 c01265b3 c0331e60 00000000 c081c000 000000fc 000000f0 c02d71c8 Feb 28 15:38:27 plutao kernel: c7ffcd50 c4015020 c7ffcc70 00000001 00000020 000000f0 00000006 0000766a Feb 28 15:38:27 plutao kernel: c0126728 00000006 0000000f c02d71c8 00000006 000000f0 c02d71c8 00000000 Feb 28 15:38:27 plutao kernel: Call Trace: [] [] [] [] [] Feb 28 15:38:27 plutao kernel: [] [] [] [] [] [] Feb 28 15:38:27 plutao kernel: [] [] [] [] [] [] Feb 28 15:38:27 plutao kernel: [] [] [] [] [] [] Feb 28 15:38:27 plutao kernel: [] [] [] [] [] [] Feb 28 15:38:27 plutao kernel: Feb 28 15:38:27 plutao kernel: Code: Bad EIP value. Feb 28 15:38:27 plutao kernel: <1>Unable to handle kernel paging request at virtual address 00003600 Feb 28 15:38:27 plutao kernel: printing eip: Feb 28 15:38:27 plutao kernel: 00003600 Feb 28 15:38:27 plutao kernel: *pde = 00000000 Feb 28 15:38:27 plutao kernel: Oops: 0000 Feb 28 15:38:28 plutao kernel: CPU: 0 Feb 28 15:38:28 plutao kernel: EIP: 0010:[<00003600>] Not tainted Feb 28 15:38:28 plutao kernel: EFLAGS: 00010202 Feb 28 15:38:28 plutao kernel: eax: 00000001 ebx: c0331e60 ecx: 00000036 edx: c8821000 Feb 28 15:38:28 plutao kernel: esi: 00000036 edi: 00000020 ebp: 000009e0 esp: c208fe58 Feb 28 15:38:28 plutao kernel: ds: 0018 es: 0018 ss: 0018 Feb 28 15:38:28 plutao kernel: Process ucc-bin (pid: 786, stackpage=c208f000) Feb 28 15:38:28 plutao kernel: Stack: c11c6840 c01265b3 c0331e60 c02d7338 c208e000 000000fc 000001d2 c02d71c8 Feb 28 15:38:28 plutao kernel: c1020680 c1000000 c7ffc810 00000000 00000020 000001d2 00000006 00007688 Feb 28 15:38:28 plutao kernel: c0126728 00000006 0000000f c02d71c8 00000006 000001d2 c02d71c8 00000000 Feb 28 15:38:28 plutao kernel: Call Trace: [] [] [] [] [] Feb 28 15:38:28 plutao kernel: [] [] [] [] [] [] Feb 28 15:38:28 plutao kernel: Feb 28 15:38:28 plutao kernel: Code: Bad EIP value. From vserver.error@solucorp.qc.ca Thu Feb 28 17:56:07 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g1SMu6Ah016577; Thu, 28 Feb 2002 17:56:06 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g1SMduN17174 for vserver.list; Thu, 28 Feb 2002 17:39:56 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g1SMduR17170 for ; Thu, 28 Feb 2002 17:39:56 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id 706B11000 for ; Thu, 28 Feb 2002 23:39:50 +0100 (CET) Subject: Re: [vserver] Kernel panic From: klavs klavsen To: Vserver Mailinglist In-Reply-To: <1014921796.794.55.camel@localhost.localdomain> References: <20020228120217.c9930e3c4c67@remtk.solucorp.qc.ca> <1014921796.794.55.camel@localhost.localdomain> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-w5/iyF2F55ykkNpaWH48" X-Mailer: Evolution/1.0.2 Date: 28 Feb 2002 23:39:39 +0100 Message-Id: <1014935990.1707.0.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 236 --=-w5/iyF2F55ykkNpaWH48 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Try compiling a kernel with the same .config - and without the vserver patch applied. Do you see the same problem? On Thu, 2002-02-28 at 19:43, Luis Santos wrote: > I'm running RH7.1, Kernel 2.4.17 with virtual server patch, virtual > server utilities 0.12 in this hardware: > Ethernet card: via-rhine > Memory: 131060k > CPU: Intel Pentium III (Katmai) stepping 03 > Disk controller: Adaptec AIC7XXX EISA/VLB/PCI SCSI HBA DRIVER, Rev > 6.2.4 > Adaptec aic7890/91 Ultra2 SCSI > Disk: QUANTUM Model: ATLAS IV 9 WLS Rev: 0B0B >=20 > When my computer boots, everything is OK. I start a virtual server, > enter it, ... , without problems. >=20 > Then, when kernel starts using swap space, it gives me errors and more > errors and stops after some time. >=20 > I must say that this problem only gets when kernel uses swap space.=20 > Tkanks and sorry my poor english. >=20 >=20 > -------------------------------------------------------------------------= ------------- >=20 > Feb 28 15:38:24 plutao kernel: Code: Bad EIP value. > Feb 28 15:38:27 plutao kernel: <1>Unable to handle kernel paging > request at virtual address 00002e00 > Feb 28 15:38:27 plutao kernel: printing eip: > Feb 28 15:38:27 plutao kernel: 00002e00 > Feb 28 15:38:27 plutao kernel: *pde =3D 00000000 > Feb 28 15:38:27 plutao kernel: Oops: 0000 > Feb 28 15:38:27 plutao kernel: CPU: 0 > Feb 28 15:38:27 plutao kernel: EIP: 0010:[<00002e00>] Not tainted > Feb 28 15:38:27 plutao kernel: EFLAGS: 00010202 > Feb 28 15:38:27 plutao kernel: eax: 00000002 ebx: c0331e60 ecx: > 0000002e edx: c8821000 > Feb 28 15:38:27 plutao kernel: esi: 0000002e edi: 00000020 ebp: > 000009de esp: c081dc1c > Feb 28 15:38:27 plutao kernel: ds: 0018 es: 0018 ss: 0018 > Feb 28 15:38:27 plutao kernel: Process vserver (pid: 959, > stackpage=3Dc081d000) > Feb 28 15:38:27 plutao kernel: Stack: c11c6900 c01265b3 c0331e60 > 00000000 c081c000 000000fc 000000f0 c02d71c8 > Feb 28 15:38:27 plutao kernel: c7ffcd50 c4015020 c7ffcc70 > 00000001 00000020 000000f0 00000006 0000766a > Feb 28 15:38:27 plutao kernel: c0126728 00000006 0000000f > c02d71c8 00000006 000000f0 c02d71c8 00000000 > Feb 28 15:38:27 plutao kernel: Call Trace: [] [] > [] [] [] > Feb 28 15:38:27 plutao kernel: [] [] [] > [] [] [] > Feb 28 15:38:27 plutao kernel: [] [] [] > [] [] [] > Feb 28 15:38:27 plutao kernel: [] [] [] > [] [] [] > Feb 28 15:38:27 plutao kernel: [] [] [] > [] [] [] > Feb 28 15:38:27 plutao kernel:=20 > Feb 28 15:38:27 plutao kernel: Code: Bad EIP value. > Feb 28 15:38:27 plutao kernel: <1>Unable to handle kernel paging > request at virtual address 00003600 > Feb 28 15:38:27 plutao kernel: printing eip: > Feb 28 15:38:27 plutao kernel: 00003600 > Feb 28 15:38:27 plutao kernel: *pde =3D 00000000=20 > Feb 28 15:38:27 plutao kernel: Oops: 0000 > Feb 28 15:38:28 plutao kernel: CPU: 0 > Feb 28 15:38:28 plutao kernel: EIP: 0010:[<00003600>] Not tainted > Feb 28 15:38:28 plutao kernel: EFLAGS: 00010202 > Feb 28 15:38:28 plutao kernel: eax: 00000001 ebx: c0331e60 ecx: > 00000036 edx: c8821000 > Feb 28 15:38:28 plutao kernel: esi: 00000036 edi: 00000020 ebp: > 000009e0 esp: c208fe58 > Feb 28 15:38:28 plutao kernel: ds: 0018 es: 0018 ss: 0018 > Feb 28 15:38:28 plutao kernel: Process ucc-bin (pid: 786, > stackpage=3Dc208f000) > Feb 28 15:38:28 plutao kernel: Stack: c11c6840 c01265b3 c0331e60 > c02d7338 c208e000 000000fc 000001d2 c02d71c8 > Feb 28 15:38:28 plutao kernel: c1020680 c1000000 c7ffc810 > 00000000 00000020 000001d2 00000006 00007688 > Feb 28 15:38:28 plutao kernel: c0126728 00000006 0000000f > c02d71c8 00000006 000001d2 c02d71c8 00000000 > Feb 28 15:38:28 plutao kernel: Call Trace: [] [] > [] [] [] > Feb 28 15:38:28 plutao kernel: [] [] [] > [] [] [] > Feb 28 15:38:28 plutao kernel:=20 > Feb 28 15:38:28 plutao kernel: Code: Bad EIP value. >=20 >=20 >=20 --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-w5/iyF2F55ykkNpaWH48 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8frGr4c1kHlhtW8oRArFzAKC6bpMQTvs3T+To6xJSbW/mdm5IPgCeMfQT h1D3XT9wTbUSahk2V0OD6yM= =Z0y8 -----END PGP SIGNATURE----- --=-w5/iyF2F55ykkNpaWH48-- From vserver.error@solucorp.qc.ca Thu Feb 28 21:57:30 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g212vRrw019583; Thu, 28 Feb 2002 21:57:29 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g212IgC20836 for vserver.list; Thu, 28 Feb 2002 21:18:42 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g212IgR20832 for ; Thu, 28 Feb 2002 21:18:42 -0500 Received: from remtk.solucorp.qc.ca (g39-141.citenet.net [206.123.39.141]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g212NA642856 for ; Thu, 28 Feb 2002 21:23:10 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g212JxT02877 for vserver@dns.solucorp.qc.ca; Thu, 28 Feb 2002 21:19:59 -0500 From: Jacques Gelinas Date: Thu, 28 Feb 2002 21:19:59 -0500 To: Vserver mailing list Subject: [vserver] vserver 0.13 change log X-mailer: tlmpmail 0.1 Message-ID: <20020228211959.aa50a9de7619@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 237 vserver 0.13 Change log 1. Bug fixes 1.1. Dynamic system call number, a glitch Since vserver 0.11, the vserver utility are able to probe the kernel to find the number of the system calls new_s_context and set_ipv4root. The same binaries may be used with different kernels (where the new system calls have different numbers). This was done because the two system calls are not official( reserved in the official kernel) and probably won't be until we have covered more grounds... vserver-0.12 uncovered a flaw where the file /proc/self/status was not properly parsed. But there was another gotcha. When used with an older kernel (older than 2.4.17ctx-8), the utility were using the values in /usr/include/asm/unistd.h. Unfortunately, those values are dependent on the kernel currently installed on your computer. If it is a 2.4.18 kernel, the system calls have different number than on older 2.4.17 kernel. To make the story short, the vserver-0.13 utilities are not relying on kernel headers for their default, so work with older kernel as well as the new 2.4.17ctx-8 or 2.4.18ctx-8. They have been tested on 2.4.17ctx-6. Please upgrade. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Thu Feb 28 23:14:48 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g214Eirw020389; Thu, 28 Feb 2002 23:14:45 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2141hw22567 for vserver.list; Thu, 28 Feb 2002 23:01:43 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.thedeacon.org (thedeacon.org [64.71.202.149]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2141fR22563 for ; Thu, 28 Feb 2002 23:01:41 -0500 Received: from thedeacon.org (cyrix-m3.thedeacon.org [172.23.172.133]) by mail.thedeacon.org (Postfix) with SMTP id 29D12241CD; Thu, 28 Feb 2002 21:01:36 -0700 (MST) Received: from 172.23.172.143 (SquirrelMail authenticated user deacon) by webmail.thedeacon.org with HTTP; Thu, 28 Feb 2002 21:05:18 -0700 (MST) Message-ID: <33128.172.23.172.143.1014955518.squirrel@webmail.thedeacon.org> Date: Thu, 28 Feb 2002 21:05:18 -0700 (MST) Subject: Re: [vserver] RH 2.4.9-21XFS kernel w/ctx-8 (was: ctx-8 kernel patches against -ac available) From: "Paul Kreiner" To: In-Reply-To: <3393.204.118.209.253.1014910410.squirrel@webmail.thedeacon.org> References: <3393.204.118.209.253.1014910410.squirrel@webmail.thedeacon.org> X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal Cc: X-Mailer: SquirrelMail (version 1.2.4) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 238 Paul Kreiner said: > Mihai RUSU said: [snip] >> Wow, you are fast. I said that a little bit in a hurry. The fact is >> that I have to wait for a hardware aquisition before using an vserver >> XFS enabled version. Did you also patched the immuatable unlink >> feature in XFS? >> > > I haven't tried moving the immutable-link stuff into XFS just yet... > although I took a first look at it yesterday. Probably over the next > few days I might try it, if people are interested. I have no real need > for the unlink stuff in my environment though, so it's not been a > priority. > OK, so after some more digging, it would seem that XFS doesn't support the IMMUTABLE flag, or really anything like it. Refer to: http://oss.sgi.com/projects/xfs/mail_archive/0012/msg00073.html. The source is a bit weird, quite unlike most the source of the other filesystems I've seen in linux ... so vserver unification in XFS probably isn't going to happen anytime soon. :-( _Paul K. From vserver.error@solucorp.qc.ca Thu Feb 28 23:19:51 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g214Jnrw020417; Thu, 28 Feb 2002 23:19:50 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2144ZF22603 for vserver.list; Thu, 28 Feb 2002 23:04:35 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtp014.mail.yahoo.com (smtp014.mail.yahoo.com [216.136.173.58]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g2144YR22599 for ; Thu, 28 Feb 2002 23:04:35 -0500 Received: from peterkwanchan (AUTH poptime) at 47.chicago-28-29rs.il.dial-access.att.net (HELO petercomputer) (12.84.11.47) by smtp.mail.vip.sc5.yahoo.com with SMTP; 1 Mar 2002 03:54:01 -0000 From: "Peter Kwan Chan" To: Subject: [vserver] 0.13 RPM install problem Date: Thu, 28 Feb 2002 21:54:45 -0600 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <20020227091054.A43167@auxiliumcomputing.com> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 239 Hello, I was trying to install vserver on my server. I ran into a problem installing the vserver-admin rpm. It gives the following error: [root@localhost /root]# rpm -Uvh v* Preparing... ########################################### [100%] 1:vserver-admin ########################################### [100%] Can't load dictionnary file /usr/lib/linuxconf/help.eng/shellmod-msg-1.27.eng (No such file or directory) error: execution of %post scriptlet from vserver-admin-0.13-1 failed, exit status 255 [root@localhost /root]# rpm -ql vserver-admin /usr/sbin/newvserver [root@localhost /root]# newvserver Can't load dictionnary file /usr/lib/linuxconf/help.eng/shellmod-msg-1.27.eng (No such file or directory) [root@localhost /root]# Also, will installing the vserver-0.13-1.i386.rpm file also install the kernel? Or do I still need to get the gzip file? Thanks, Peter _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com From vserver.error@solucorp.qc.ca Fri Mar 1 05:22:23 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g21AMMrw023747; Fri, 1 Mar 2002 05:22:22 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g219sud28393 for vserver.list; Fri, 1 Mar 2002 04:54:56 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g219stR28389 for ; Fri, 1 Mar 2002 04:54:55 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id 55D531000 for ; Fri, 1 Mar 2002 10:54:55 +0100 (CET) Subject: Re: [vserver] 0.13 RPM install problem From: klavs klavsen To: Vserver Mailinglist In-Reply-To: References: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-aldS8gldeZFmBOgusWr1" X-Mailer: Evolution/1.0.2 Date: 01 Mar 2002 10:54:54 +0100 Message-Id: <1014976495.1664.6.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 240 --=-aldS8gldeZFmBOgusWr1 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Fri, 2002-03-01 at 04:54, Peter Kwan Chan wrote: > Hello, > I was trying to install vserver on my server. I ran into a problem > installing the vserver-admin rpm. It gives the following error: >=20 > [root@localhost /root]# rpm -Uvh v* > Preparing... ########################################### > [100%] > 1:vserver-admin ########################################### > [100%] > Can't load dictionnary file > /usr/lib/linuxconf/help.eng/shellmod-msg-1.27.eng (No such file or > directory) > error: execution of %post scriptlet from vserver-admin-0.13-1 failed, exi= t > status 255 > [root@localhost /root]# rpm -ql vserver-admin > /usr/sbin/newvserver > [root@localhost /root]# newvserver > Can't load dictionnary file > /usr/lib/linuxconf/help.eng/shellmod-msg-1.27.eng (No such file or > directory) > [root@localhost /root]# you need that file from the linuxconf rpm. If you don't want linuxconf you can extact it with "rpm2cpio linuxconf.rpm | cpio -t" (list names) and then "cpio -ivd filename-to-extract" (including full path listed by -t). >=20 > Also, will installing the vserver-0.13-1.i386.rpm file also install the > kernel? Or do I still need to get the gzip file? Nope.download it yourself, and edit your /etc/lilo.conf manually. =20 --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-aldS8gldeZFmBOgusWr1 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8f0/u4c1kHlhtW8oRAhEtAJ9XNZVH06x5+JxY7NPugqHVOVMTXgCfSymi 1WmeiscZHAhniaCCpVnETOY= =LxMQ -----END PGP SIGNATURE----- --=-aldS8gldeZFmBOgusWr1-- From vserver.error@solucorp.qc.ca Fri Mar 1 06:11:24 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g21BBNrw024039; Fri, 1 Mar 2002 06:11:23 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g21Abt029063 for vserver.list; Fri, 1 Mar 2002 05:37:55 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from zeus.bragatel.pt (vs1.bragatel.pt [217.70.64.251]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g21AbsR29059 for ; Fri, 1 Mar 2002 05:37:55 -0500 Received: (qmail 6237 invoked by uid 507); 1 Mar 2002 10:37:53 -0000 Received: from cliente-bgt-217-70-64-194.bragatel.pt (HELO localhost.localdomain) (217.70.64.194) by jupiter.local.bragatel.pt with SMTP; 1 Mar 2002 10:37:53 -0000 Subject: Re: [vserver] Kernel panic From: Luis Santos To: vserver@solucorp.qc.ca In-Reply-To: <1014935990.1707.0.camel@amd.vsen.dk> References: <20020228120217.c9930e3c4c67@remtk.solucorp.qc.ca> <1014921796.794.55.camel@localhost.localdomain> <1014935990.1707.0.camel@amd.vsen.dk> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Evolution/1.0.2 Date: 01 Mar 2002 10:37:13 +0000 Message-Id: <1014979033.5186.7.camel@localhost.localdomain> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 241 I compiled kernel 2.4.17 with same ".config" but without vserver patch applied. Then i tested kernel with intensive use of swap and kernel did not fail. Note: I also tried kernel 2.4.19-pre1-ac1 with virtual server patch from deacon@thedeacon.org (http://thedeacon.org/patches) and the same problem has ocurred. This kernel also failed when starting using swap. Then i try the same kernel (2.4.19-pre1-ac1) but did not applied virtual server patch. This time, there was no problem and kernel run normally. Thanks, Luis Santos On Qui, 2002-02-28 at 22:39, klavs klavsen wrote: > Try compiling a kernel with the same .config - and without the vserver > patch applied. Do you see the same problem? > > On Thu, 2002-02-28 at 19:43, Luis Santos wrote: > > I'm running RH7.1, Kernel 2.4.17 with virtual server patch, virtual > > server utilities 0.12 in this hardware: > > Ethernet card: via-rhine > > Memory: 131060k > > CPU: Intel Pentium III (Katmai) stepping 03 > > Disk controller: Adaptec AIC7XXX EISA/VLB/PCI SCSI HBA DRIVER, Rev > > 6.2.4 > > Adaptec aic7890/91 Ultra2 SCSI > > Disk: QUANTUM Model: ATLAS IV 9 WLS Rev: 0B0B > > > > When my computer boots, everything is OK. I start a virtual server, > > enter it, ... , without problems. > > > > Then, when kernel starts using swap space, it gives me errors and more > > errors and stops after some time. > > > > I must say that this problem only gets when kernel uses swap space. > > Tkanks and sorry my poor english. > > > > > > -------------------------------------------------------------------------------------- > > > > Feb 28 15:38:24 plutao kernel: Code: Bad EIP value. > > Feb 28 15:38:27 plutao kernel: <1>Unable to handle kernel paging > > request at virtual address 00002e00 > > Feb 28 15:38:27 plutao kernel: printing eip: > > Feb 28 15:38:27 plutao kernel: 00002e00 > > Feb 28 15:38:27 plutao kernel: *pde = 00000000 > > Feb 28 15:38:27 plutao kernel: Oops: 0000 > > Feb 28 15:38:27 plutao kernel: CPU: 0 > > Feb 28 15:38:27 plutao kernel: EIP: 0010:[<00002e00>] Not tainted > > Feb 28 15:38:27 plutao kernel: EFLAGS: 00010202 > > Feb 28 15:38:27 plutao kernel: eax: 00000002 ebx: c0331e60 ecx: > > 0000002e edx: c8821000 > > Feb 28 15:38:27 plutao kernel: esi: 0000002e edi: 00000020 ebp: > > 000009de esp: c081dc1c > > Feb 28 15:38:27 plutao kernel: ds: 0018 es: 0018 ss: 0018 > > Feb 28 15:38:27 plutao kernel: Process vserver (pid: 959, > > stackpage=c081d000) > > Feb 28 15:38:27 plutao kernel: Stack: c11c6900 c01265b3 c0331e60 > > 00000000 c081c000 000000fc 000000f0 c02d71c8 > > Feb 28 15:38:27 plutao kernel: c7ffcd50 c4015020 c7ffcc70 > > 00000001 00000020 000000f0 00000006 0000766a > > Feb 28 15:38:27 plutao kernel: c0126728 00000006 0000000f > > c02d71c8 00000006 000000f0 c02d71c8 00000000 > > Feb 28 15:38:27 plutao kernel: Call Trace: [] [] > > [] [] [] > > Feb 28 15:38:27 plutao kernel: [] [] [] > > [] [] [] > > Feb 28 15:38:27 plutao kernel: [] [] [] > > [] [] [] > > Feb 28 15:38:27 plutao kernel: [] [] [] > > [] [] [] > > Feb 28 15:38:27 plutao kernel: [] [] [] > > [] [] [] > > Feb 28 15:38:27 plutao kernel: > > Feb 28 15:38:27 plutao kernel: Code: Bad EIP value. > > Feb 28 15:38:27 plutao kernel: <1>Unable to handle kernel paging > > request at virtual address 00003600 > > Feb 28 15:38:27 plutao kernel: printing eip: > > Feb 28 15:38:27 plutao kernel: 00003600 > > Feb 28 15:38:27 plutao kernel: *pde = 00000000 > > Feb 28 15:38:27 plutao kernel: Oops: 0000 > > Feb 28 15:38:28 plutao kernel: CPU: 0 > > Feb 28 15:38:28 plutao kernel: EIP: 0010:[<00003600>] Not tainted > > Feb 28 15:38:28 plutao kernel: EFLAGS: 00010202 > > Feb 28 15:38:28 plutao kernel: eax: 00000001 ebx: c0331e60 ecx: > > 00000036 edx: c8821000 > > Feb 28 15:38:28 plutao kernel: esi: 00000036 edi: 00000020 ebp: > > 000009e0 esp: c208fe58 > > Feb 28 15:38:28 plutao kernel: ds: 0018 es: 0018 ss: 0018 > > Feb 28 15:38:28 plutao kernel: Process ucc-bin (pid: 786, > > stackpage=c208f000) > > Feb 28 15:38:28 plutao kernel: Stack: c11c6840 c01265b3 c0331e60 > > c02d7338 c208e000 000000fc 000001d2 c02d71c8 > > Feb 28 15:38:28 plutao kernel: c1020680 c1000000 c7ffc810 > > 00000000 00000020 000001d2 00000006 00007688 > > Feb 28 15:38:28 plutao kernel: c0126728 00000006 0000000f > > c02d71c8 00000006 000001d2 c02d71c8 00000000 > > Feb 28 15:38:28 plutao kernel: Call Trace: [] [] > > [] [] [] > > Feb 28 15:38:28 plutao kernel: [] [] [] > > [] [] [] > > Feb 28 15:38:28 plutao kernel: > > Feb 28 15:38:28 plutao kernel: Code: Bad EIP value. > > > > > > > -- > Regards, > Klavs Klavsen > > -------------| This mail has been sent to you by: |------------ > Klavs Klavsen - OpenSource Consultant > kl@vsen.dk - http://www.vsen.dk > > Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA > Fingerprint = A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA > --------------------[ I believe that... ]----------------------- > It is a myth that people resist change. People resist what other > people make them do, not what they themselves choose to do... > That's why companies that innovate successfully year after year > seek their peopl's ideas, let them initiate new projects and > encourage more experiments. -- Rosabeth Moss Kanter > From vserver.error@solucorp.qc.ca Fri Mar 1 12:45:34 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g21HjXrw027978; Fri, 1 Mar 2002 12:45:34 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g21HJk505259 for vserver.list; Fri, 1 Mar 2002 12:19:46 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g21HJkR05255 for ; Fri, 1 Mar 2002 12:19:46 -0500 Received: from remtk.solucorp.qc.ca (g39-51.citenet.net [206.123.39.51]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g21HOL688948 for ; Fri, 1 Mar 2002 12:24:21 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g21FX6p05507 for vserver@solucorp.qc.ca; Fri, 1 Mar 2002 10:33:06 -0500 From: Jacques Gelinas Date: Fri, 1 Mar 2002 10:33:05 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] 0.13 RPM install problem X-mailer: tlmpmail 0.1 Message-ID: <20020301103305.d744deca4206@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 242 On Thu, 28 Feb 2002 21:54:45 -0500, Peter Kwan Chan wrote > Hello, > I was trying to install vserver on my server. I ran into a problem > installing the vserver-admin rpm. It gives the following error: > > [root@localhost /root]# rpm -Uvh v* > Preparing... ########################################### > [100%] > 1:vserver-admin ########################################### > [100%] > Can't load dictionnary file > /usr/lib/linuxconf/help.eng/shellmod-msg-1.27.eng (No such file or > directory) > error: execution of %post scriptlet from vserver-admin-0.13-1 failed, exit > status 255 > [root@localhost /root]# rpm -ql vserver-admin > /usr/sbin/newvserver > [root@localhost /root]# newvserver > Can't load dictionnary file > /usr/lib/linuxconf/help.eng/shellmod-msg-1.27.eng (No such file or > directory) > [root@localhost /root]# Ok found the problem. To operate the vserver-admin package, you need linuxconf-util and linuxconf-lib. Those package are independant from linuxconf itself. Unfortunatly, there is a packaging problem and one file is missing in linuxconf-util. I am fixing that. It can be extracted from the linuxconf rpm like was suggested on another post. I will release new linuxconf packages today to make linuxconf-util truely indepedant from linuxconf. Sorry! This also means the newvserver command won't work for you. But the rest of the vserver functionality is not affected. > Also, will installing the vserver-0.13-1.i386.rpm file also install the > kernel? Or do I still need to get the gzip file? Yes they are packaged independantly. A kernel is always a sensitive issue... --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Fri Mar 1 13:53:41 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g21Irerw028693; Fri, 1 Mar 2002 13:53:40 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g21IWh906772 for vserver.list; Fri, 1 Mar 2002 13:32:43 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from figure1.int.wirex.com (cerebus.wirex.com [65.102.14.138]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g21IWfR06768 for ; Fri, 1 Mar 2002 13:32:42 -0500 Received: (from chris@localhost) by figure1.int.wirex.com (8.11.6/8.11.6) id g21IdcS19913; Fri, 1 Mar 2002 10:39:38 -0800 Date: Fri, 1 Mar 2002 10:39:37 -0800 From: Chris Wright To: Luis Santos Cc: vserver@solucorp.qc.ca Subject: Re: [vserver] Kernel panic Message-ID: <20020301103937.A18102@figure1.int.wirex.com> References: <20020228120217.c9930e3c4c67@remtk.solucorp.qc.ca> <1014921796.794.55.camel@localhost.localdomain> <1014935990.1707.0.camel@amd.vsen.dk> <1014979033.5186.7.camel@localhost.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <1014979033.5186.7.camel@localhost.localdomain>; from santos@bragatel.pt on Fri, Mar 01, 2002 at 10:37:13AM +0000 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 243 * Luis Santos (santos@bragatel.pt) wrote: > I compiled kernel 2.4.17 with same ".config" but without vserver patch > applied. > > Then i tested kernel with intensive use of swap and kernel did not fail. > > Note: I also tried kernel 2.4.19-pre1-ac1 with virtual server patch from > deacon@thedeacon.org (http://thedeacon.org/patches) and the same problem > has ocurred. This kernel also failed when starting using swap. Then i > try the same kernel (2.4.19-pre1-ac1) but did not applied virtual server > patch. This time, there was no problem and kernel run normally. Try decoding the oops with ksymoops and posting the output. thanks, -chris From vserver.error@solucorp.qc.ca Fri Mar 1 14:31:17 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g21JVHrw029076; Fri, 1 Mar 2002 14:31:17 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g21J6ML07585 for vserver.list; Fri, 1 Mar 2002 14:06:22 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g21J6MR07581 for ; Fri, 1 Mar 2002 14:06:22 -0500 Received: from remtk.solucorp.qc.ca (g39-131.citenet.net [206.123.39.131]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g21JAw600314 for ; Fri, 1 Mar 2002 14:10:58 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g21J1gK24429 for vserver@solucorp.qc.ca; Fri, 1 Mar 2002 14:01:42 -0500 From: Jacques Gelinas Date: Fri, 1 Mar 2002 14:01:42 -0500 To: vserver@solucorp.qc.ca Subject: Re: [vserver] ext2/ext3 question X-mailer: tlmpmail 0.1 Message-ID: <20020301140142.942349603f4b@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 244 On Thu, 28 Feb 2002 10:42:50 -0500, Mihai RUSU wrote > On 27 Feb 2002, Klavs Klavsen wrote: > Looking in the patch it seems that you are right. Having said that I dont > think I really need that special feature. I dont use RedHat and thus I > dont use its package management (rpm). Also any upgrade on that system I > would prefer doing it manually. Without that special fs support the user > still cannot alter the i flag on files (even as root) , right ? Only root in the root server can do it (change the immutable flags). More precisely only a user with CAP_SYS_ADMIN capability can do it and vservers do not have this capability (by default). --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Fri Mar 1 17:30:33 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g21MUWrw031579; Fri, 1 Mar 2002 17:30:33 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g21M15711241 for vserver.list; Fri, 1 Mar 2002 17:01:05 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g21M15R11237 for ; Fri, 1 Mar 2002 17:01:05 -0500 Received: from remtk.solucorp.qc.ca (g39-131.citenet.net [206.123.39.131]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g21M5g616485 for ; Fri, 1 Mar 2002 17:05:42 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g21JWaY24490 for vserver@solucorp.qc.ca; Fri, 1 Mar 2002 14:32:36 -0500 From: Jacques Gelinas Date: Fri, 1 Mar 2002 14:32:36 -0500 To: vserver@solucorp.qc.ca Subject: Re: [vserver] ext2/ext3 question X-mailer: tlmpmail 0.1 Message-ID: <20020301143236.3a217bc8d6eb@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 245 On Wed, 27 Feb 2002 22:46:22 -0500, Klavs Klavsen wrote > On Wed, 2002-02-27 at 10:13, Mihai RUSU wrote: > > Hi > > > > While patching ctx8 against 2.4.17 I have noticed that it does patch some > > files in the fs/ext2 and fs/ext3 directories: > > patching file linux-2.4.17/fs/ext2/ialloc.c > > patching file linux-2.4.17/fs/ext2/inode.c > > patching file linux-2.4.17/fs/ext2/ioctl.c > > patching file linux-2.4.17/fs/ext3/ialloc.c > > patching file linux-2.4.17/fs/ext3/inode.c > > patching file linux-2.4.17/fs/ext3/ioctl.c > > > > What is this for? If I use some other fs I miss some vserver features? > My guess, would be the adding of the immutable-unlink flag? > and the features that this enables (allowing vserver users to alter the > unified files - which then get un-unified). yes and the patch is pretty limited. It simply maps the immutable-unlink bit to an unused bit in ext2/ext3. It does not affect how the filesystem works. Almost cosmetic --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Fri Mar 1 17:32:27 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g21MWQrw031598; Fri, 1 Mar 2002 17:32:27 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g21M19611247 for vserver.list; Fri, 1 Mar 2002 17:01:09 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g21M19R11243 for ; Fri, 1 Mar 2002 17:01:09 -0500 Received: from remtk.solucorp.qc.ca (g39-131.citenet.net [206.123.39.131]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g21M5j616492 for ; Fri, 1 Mar 2002 17:05:45 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g21Jnbl24495 for vserver@solucorp.qc.ca; Fri, 1 Mar 2002 14:49:37 -0500 From: Jacques Gelinas Date: Fri, 1 Mar 2002 14:49:37 -0500 To: vserver@solucorp.qc.ca Subject: Re: [vserver] unify check/ disk usage X-mailer: tlmpmail 0.1 Message-ID: <20020301144937.e9762568c057@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 246 On Wed, 27 Feb 2002 22:41:07 -0500, Klavs Klavsen wrote > > > However it seems a little off.. my skel server, which has a bare minimum > > > of spaceusage, it says uses 325000K and that sounds like it's not > > > unified at all :-( > > > > vdu simply counts the space used by all file with a single link. It assumes that > > any file with more than one link is probably unified, which is almost true > > (very few files in a linux distribution are hard linked together) > which would mean, that my skel-server is not unified against the base system? > 325mb is a lot for config files only, However a du -csh /vserver/skel > says 403mb - which means that there are some unified files. Can this > have anything to do, with the fact that I've rpm -e a lot of packages > within the skel server? (didn't use vrpm). vrpm is need to apply the same rpm commands to multiple vserver. It is just a helper. No magic If you remove some rpms from the reference server, then there is no way another vserver may be unified on it. The unification work with packages. it finds common package (same version) and then find out which files are not config file and then unified them. So if the base server has less package than a vserver, they can't be unified. > > > > > > 2) get a list of files, that is not unified (or a list of files that > > > > are?) - this way I could easily check for changes in a vserver - such as > > > > evidence of hackers and such. > > > > vdu could use this instead. If the file has the immutable bit on, and has > > more than one link, it must be unified. > the immutable-unlink flag, could be checked with lsattr (if so, what's the letter > for it?)? > > > > I am thinking about a new utility called vfiles. This utility will produced > > a list of file not unified by comparing a vserver with either a reference > > vserver or a package list (a package list + versions in a text file). > sounds interesting, and definetely useful. Would be a good thing to make > some switches, just like DU so one can choose how and what the user > exactly wants. As I see, it there are a few uses for different kind of > output, which basically belongs to the unified / not-unified > question.(f.ex. the ability to find files, that are outside, the > "not-unified" dirs only, and have been un-unified etc.).I'm sure you can > think of many more. > > > > Tonight I wanted to bring a vserver home (how cool :-) ). So I tar it and compress > > it. Got 500megs. Not so bad. It fits on my notebook. But wait, 90% of the files > > in there are already available on my workstation at home. No need to bring them. > But are they the exact version? would require, that you the same version > of RH, and have applied the same updates. Yes. vfiles will be able to compute either by comparing a reference vserver or by comparing a text file with package/version. This file would contain the list of all package in a distribution. All original package in fact. Using this, you would be sure that you can unify the vserver at home, because the tarball will contain all the extra packages. > > Using vfiles, it becomes very easy to backup a vserver in the root server > > and then compare that to prove the vserver has not been hacked. > One of the very interesting features. However, it should be possible to check this > without > comparing against a backup - f.ex. by having a list of files that > "should be" unified - and then checking if they still are. If they have > been unlinked - something weird is up.. and if you know you updated the > vserver only, then you could just update the list of unified-files. > The list of should-be unified files, are also good to apply a > tripwire-like checksum check root against vserver, if one does not have > a checksum database installed. :-) > > But I would like to see something else in this area. For example, a per > > vserver flag could change the meaning immutable-unlink fiag. It would > > be possible to turn the vserver flag on and off from the root server. When > > the per server flag (called it "frozen") is turned on, the ummutable-unlink > > flag is disregarded. This means, instantly, all unified files turned to immutable > > only: A vserver is not allowed to changed them anymore. > is this not possible now, by removing the immutable-unlink flag, from > the necessary vservers only? sorry if I'm a but dumb here, but what's > the extra features with the per vserver flag? No. The immutable flag is stored in the inode. So if you remove the flag, all vserver are loosing the immutable flag. Further, it is a long process. you have to walk the vserver and touch every file. Having a way to turn a global attribute on and off on one vserver only seems the way to go. > > All those funny feature could be implement using the Linux Security Module > > I think. > I would love to hear what your plans are with the LSM and vserver. I visited Openwall > but couldn't find any texts about what LSM is, and what it enables. Ideally, the vserver project should be done on top of LSM. LSM (linux security module) is really a framework where anyone will be able to introduce all kind of weirdness (I mean creativity) to enhance security or even make the system more usable. So instead of having everyone hacking in the kernel and ending with a kernel looking like foo(....){ if (joe's feature is on) return some_error if (jack's feature is on) return some error . ] all those idea will be done as LSM pluggin. The core kernel would only talk to the LSM. Some ideas of the vserver are readily doable with the LSM. Some can't be implemented. Since both LSM and vserver are kind of evolving, it is too soon to try to tie both project. The major problem with vserver is that it is not only introducing new access rules, but also virtualisation. LSM is currently more about introducing new access rules and less about changing the behavior of a system call. It seems like most security enhancement project are moving to LSM these days. This is cool because it will allow more people to try those system. Because of the modular nature, it should be possible to try the NSA secure offering on your box without even rebooting :-) > > Using kernel ctx-8, samba should work fine in a vserver. The only issue is > > that the vserver must be either in the DNS or you must use a WINS to reach > > it (which you probably do anyway). > Great. what change enabled this? (i'm curious by nature :-) vserver can use their ipv4root (their assigned IP) or 127.0.0.1. The kernel remap 127.0.0.1 to the ipv4root in connect and bind system call. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Fri Mar 1 22:17:58 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g223Hu7t001547; Fri, 1 Mar 2002 22:17:57 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g222pml16248 for vserver.list; Fri, 1 Mar 2002 21:51:48 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mx1.paradigm4.com.au (server.paradigm4.com.au [202.45.126.119]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g222pkR16244 for ; Fri, 1 Mar 2002 21:51:47 -0500 Received: (qmail 20230 invoked from network); 2 Mar 2002 02:56:04 -0000 Received: from d2.paradigm4.com.au (HELO mail.DigitalAngel.com.au) (202.45.126.111) by mx1.paradigm4.com.au with SMTP; 2 Mar 2002 02:56:04 -0000 Received: (qmail 25356 invoked from network); 2 Mar 2002 02:55:35 -0000 Received: from charley.home (HELO charlie) (10.0.0.4) by stanley.home with SMTP; 2 Mar 2002 02:55:35 -0000 From: edward@paradigm4.com.au Organization: Paradigm4 To: vserver@solucorp.qc.ca Date: Sat, 2 Mar 2002 14:08:31 +1100 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: [vserver] ext2/ext3 question Message-ID: <3C80DCDF.1433.48311A@localhost> Priority: normal In-reply-to: <20020301140142.942349603f4b@remtk.solucorp.qc.ca> X-mailer: Pegasus Mail for Win32 (v3.12c) Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 247 Isn't it CAP_LINUX_IMMUTABLE capability? On Friday, 1 March 2002 at 14:01, Jacques Gelinas wrote: > Only root in the root server can do it (change the immutable flags). More precisely > only a user with CAP_SYS_ADMIN capability can do it and vservers do not have > this capability (by default). > From vserver.error@solucorp.qc.ca Sun Mar 3 11:43:39 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g23Ghc7t029987; Sun, 3 Mar 2002 11:43:38 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g23GAx624266 for vserver.list; Sun, 3 Mar 2002 11:10:59 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from skessa.this.is (this.is [194.144.127.120]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g23GAwR24262; Sun, 3 Mar 2002 11:10:59 -0500 Received: from skessa.this.is (www-data@localhost [127.0.0.1]) by skessa.this.is (8.12.1/8.12.1/Debian -5) with ESMTP id g23GAwM7018157; Sun, 3 Mar 2002 16:10:58 GMT Received: (from www-data@localhost) by skessa.this.is (8.12.1/8.12.1/Debian -5) id g23GAvOV018155; Sun, 3 Mar 2002 16:10:57 GMT X-Authentication-Warning: skessa.this.is: www-data set sender to ragnar@this.is using -f To: vserver@solucorp.qc.ca, Jacques Gelinas Subject: [vserver] kernel install, rpm, Debian Message-ID: <1015171857.3c824b11bd234@this.is> Date: Sun, 03 Mar 2002 16:10:57 +0000 (GMT) From: ragnar@this.is References: <20020301103305.d744deca4206@remtk.solucorp.qc.ca> In-Reply-To: <20020301103305.d744deca4206@remtk.solucorp.qc.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: IMP/PHP IMAP webmail program 2.2.6 X-Originating-IP: 194.144.127.83 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 248 Hi, I am from the land of Debian so I do not know about the way things are done in RedHat. > > Also, will installing the vserver-0.13-1.i386.rpm file also > > install the kernel? > > Yes they are packaged independantly. But not as kernel.xx.rpm ? Also, I would like to run Debian on the vservers. Any info on the initial install and unification? Best ragnar@this.is From vserver.error@solucorp.qc.ca Sun Mar 3 13:14:54 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g23IEr7t030453; Sun, 3 Mar 2002 13:14:54 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g23Hi4w25774 for vserver.list; Sun, 3 Mar 2002 12:44:04 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.trekia.se (stratos.trekia.se [212.105.83.242]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g23HhwR25768 for ; Sun, 3 Mar 2002 12:44:04 -0500 Received: from localhost (jonas@localhost) by mail.trekia.se (8.11.1/8.11.1) with ESMTP id g23HhqA02973 for ; Sun, 3 Mar 2002 18:43:52 +0100 X-Authentication-Warning: stratos.trekia.se: jonas owned process doing -bs Date: Sun, 3 Mar 2002 18:43:52 +0100 (CET) From: =?ISO-8859-1?Q?Jonas_Bj=F6rklund?= X-X-Sender: jonas@stratos To: vserver@solucorp.qc.ca Subject: Re: [vserver] kernel install, rpm, Debian In-Reply-To: <1015171857.3c824b11bd234@this.is> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 249 Hi, > Also, I would like to run Debian on the vservers. > Any info on the initial install and unification? Yes. I changed: STARTCMD="/etc/rc.d/rc 3" to: STARTCMD="/etc/init.d/rc 2" In /usr/sbin/vserver. Maybe there is more to change but this was enough for me. From vserver.error@solucorp.qc.ca Sun Mar 3 23:44:25 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g244iGo1003983; Sun, 3 Mar 2002 23:44:17 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g244CiS03341 for vserver.list; Sun, 3 Mar 2002 23:12:44 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ith.nbwrpg.com (cpe-24-221-148-187.az.sprintbbd.net [24.221.148.187]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g244ChR03337 for ; Sun, 3 Mar 2002 23:12:43 -0500 Received: from ith.nbwrpg.com (ith.nbwrpg.com [10.0.0.254]) by ith.nbwrpg.com (Postfix) with ESMTP id A59D5B738 for ; Sun, 3 Mar 2002 21:00:11 -0700 (MST) Date: Sun, 3 Mar 2002 21:00:11 -0700 (MST) From: To: Subject: Re: [vserver] kernel install, rpm, Debian In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 250 On Sun, 3 Mar 2002, Jonas Björklund wrote: > Hi, > > > Also, I would like to run Debian on the vservers. > > Any info on the initial install and unification? > > Yes. I changed: > > STARTCMD="/etc/rc.d/rc 3" > > to: > > > STARTCMD="/etc/init.d/rc 2" > > In /usr/sbin/vserver. > > Maybe there is more to change but this was enough for me. > There are a few occurances of that. One is also the stop command, and then there's something while building the vserver. You'll probably wanna search through the whole script for "/etc/rc.d" and fix any line that contains it. Are you also planning to run Debian on the root server? If so, you'll need to fix the sysvinit scripts. - Yan From vserver.error@solucorp.qc.ca Mon Mar 4 10:28:37 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g24FSa7Y007419; Mon, 4 Mar 2002 10:28:37 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g24EoaS14390 for vserver.list; Mon, 4 Mar 2002 09:50:36 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g24EoZR14386 for ; Mon, 4 Mar 2002 09:50:35 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id F35881000 for ; Mon, 4 Mar 2002 15:50:33 +0100 (CET) Subject: [vserver] several vservers on 1 IP - possible? From: klavs klavsen To: Vserver Mailinglist Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-EfZQ8ClBIsjzATEBt2S2" X-Mailer: Evolution/1.0.2 Date: 04 Mar 2002 15:50:23 +0100 Message-Id: <1015253434.2005.44.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 251 --=-EfZQ8ClBIsjzATEBt2S2 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi guys, I run approx. 10 different services on my own computer. Some of these services are things like a XFrisk server, and other stuff, that I don't really trust as much :-( I would like to be able to seperate each service within a vserver of it's own, however that would mean that I would have to handle portforwarding from my root-server (which holds the IP, that packages for my public IP, gets forwarded to by a router in front), to each vserver IP, depending on which service is running where. Also I need to keep state and forward the packages correctly. This sounds like a pretty elaborate and complex setup :-( I wanted to "chroot" my services by putting 1 in each vserver and let them safely share different files via mount --bind (and then mount the shared stuff readonly for 1 vserver and read-write for another). But my problem is that they can't all have the same IP. I wanted to run an idea by you guys. Would it be possible to perhaps enable this IP-sharing, by assigning port-ranges (within <1024) to vserver's - and one would also have to handle that when a service listens for the answer on a port 1023> - could that be done, by allowing all services to grap unused ports above 1023>? would this give security problems? Also, I got introduced to the HP Secure OS this weekend, and it enables this and uses something that seems like the Contexts concept. HP has released the source code, so I figured some of you hackers wanted to take a look and see if they have any good ideas, that vserver could use? --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - Open Source Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-EfZQ8ClBIsjzATEBt2S2 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8g4mv4c1kHlhtW8oRAl8XAJ0WwGx4eQ5il+Yj4Yya/5LolDejWwCfdVyn yHkhKX9TWL4yl3IUUpQlU7k= =L0yg -----END PGP SIGNATURE----- --=-EfZQ8ClBIsjzATEBt2S2-- From vserver.error@solucorp.qc.ca Mon Mar 4 13:00:23 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g24I0I7Y008413; Mon, 4 Mar 2002 13:00:19 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g24HRcp17731 for vserver.list; Mon, 4 Mar 2002 12:27:38 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from zeus.bragatel.pt (vs1.bragatel.pt [217.70.64.251]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g24HRbR17727 for ; Mon, 4 Mar 2002 12:27:37 -0500 Received: (qmail 19785 invoked by uid 507); 4 Mar 2002 17:27:23 -0000 Received: from cliente-bgt-217-70-64-194.bragatel.pt (HELO localhost.localdomain) (217.70.64.194) by jupiter.local.bragatel.pt with SMTP; 4 Mar 2002 17:27:23 -0000 Subject: Re: [vserver] Kernel panic: Finally it's working From: Luis Santos To: vserver@solucorp.qc.ca In-Reply-To: <20020301103937.A18102@figure1.int.wirex.com> References: <20020228120217.c9930e3c4c67@remtk.solucorp.qc.ca> <1014921796.794.55.camel@localhost.localdomain> <1014935990.1707.0.camel@amd.vsen.dk> <1014979033.5186.7.camel@localhost.localdomain> <20020301103937.A18102@figure1.int.wirex.com> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Evolution/1.0.2 Date: 04 Mar 2002 17:26:19 +0000 Message-Id: <1015262779.699.8.camel@localhost.localdomain> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Status: RO X-Status: X-Keywords: X-UID: 252 I compiled kernel 2.4.18 with patch ctx8-2.4.18 and no more problems. Tkanks all for help. Luis Santos ------------------------------ On Thu, 2002-02-28 at 19:43, Luis Santos wrote: > > I'm running RH7.1, Kernel 2.4.17 with virtual server patch, virtual > > server utilities 0.12 in this hardware: > > Ethernet card: via-rhine > > Memory: 131060k > > CPU: Intel Pentium III (Katmai) stepping 03 > > Disk controller: Adaptec AIC7XXX EISA/VLB/PCI SCSI HBA DRIVER, Rev > > 6.2.4 > > Adaptec aic7890/91 Ultra2 SCSI > > Disk: QUANTUM Model: ATLAS IV 9 WLS Rev: 0B0B > > > > When my computer boots, everything is OK. I start a virtual server, > > enter it, ... , without problems. > > > > Then, when kernel starts using swap space, it gives me errors and more > > errors and stops after some time. > > > > I must say that this problem only gets when kernel uses swap space. > > Tkanks and sorry my poor english. > > > > > > -------------------------------------------------------------------------------------- > > > > Feb 28 15:38:24 plutao kernel: Code: Bad EIP value. > > Feb 28 15:38:27 plutao kernel: <1>Unable to handle kernel paging > > request at virtual address 00002e00 > > Feb 28 15:38:27 plutao kernel: printing eip: > > Feb 28 15:38:27 plutao kernel: 00002e00 > > Feb 28 15:38:27 plutao kernel: *pde = 00000000 > > Feb 28 15:38:27 plutao kernel: Oops: 0000 > > Feb 28 15:38:27 plutao kernel: CPU: 0 > > Feb 28 15:38:27 plutao kernel: EIP: 0010:[<00002e00>] Not tainted > > Feb 28 15:38:27 plutao kernel: EFLAGS: 00010202 > > Feb 28 15:38:27 plutao kernel: eax: 00000002 ebx: c0331e60 ecx: > > 0000002e edx: c8821000 > > Feb 28 15:38:27 plutao kernel: esi: 0000002e edi: 00000020 ebp: > > 000009de esp: c081dc1c > > Feb 28 15:38:27 plutao kernel: ds: 0018 es: 0018 ss: 0018 > > Feb 28 15:38:27 plutao kernel: Process vserver (pid: 959, > > stackpage=c081d000) > > Feb 28 15:38:27 plutao kernel: Stack: c11c6900 c01265b3 c0331e60 > > 00000000 c081c000 000000fc 000000f0 c02d71c8 > > Feb 28 15:38:27 plutao kernel: c7ffcd50 c4015020 c7ffcc70 > > 00000001 00000020 000000f0 00000006 0000766a > > Feb 28 15:38:27 plutao kernel: c0126728 00000006 0000000f > > c02d71c8 00000006 000000f0 c02d71c8 00000000 > > Feb 28 15:38:27 plutao kernel: Call Trace: [] [] > > [] [] [] > > Feb 28 15:38:27 plutao kernel: [] [] [] > > [] [] [] > > Feb 28 15:38:27 plutao kernel: [] [] [] > > [] [] [] > > Feb 28 15:38:27 plutao kernel: [] [] [] > > [] [] [] > > Feb 28 15:38:27 plutao kernel: [] [] [] > > [] [] [] > > Feb 28 15:38:27 plutao kernel: > > Feb 28 15:38:27 plutao kernel: Code: Bad EIP value. > > Feb 28 15:38:27 plutao kernel: <1>Unable to handle kernel paging > > request at virtual address 00003600 > > Feb 28 15:38:27 plutao kernel: printing eip: > > Feb 28 15:38:27 plutao kernel: 00003600 > > Feb 28 15:38:27 plutao kernel: *pde = 00000000 > > Feb 28 15:38:27 plutao kernel: Oops: 0000 > > Feb 28 15:38:28 plutao kernel: CPU: 0 > > Feb 28 15:38:28 plutao kernel: EIP: 0010:[<00003600>] Not tainted > > Feb 28 15:38:28 plutao kernel: EFLAGS: 00010202 > > Feb 28 15:38:28 plutao kernel: eax: 00000001 ebx: c0331e60 ecx: > > 00000036 edx: c8821000 > > Feb 28 15:38:28 plutao kernel: esi: 00000036 edi: 00000020 ebp: > > 000009e0 esp: c208fe58 > > Feb 28 15:38:28 plutao kernel: ds: 0018 es: 0018 ss: 0018 > > Feb 28 15:38:28 plutao kernel: Process ucc-bin (pid: 786, > > stackpage=c208f000) > > Feb 28 15:38:28 plutao kernel: Stack: c11c6840 c01265b3 c0331e60 > > c02d7338 c208e000 000000fc 000001d2 c02d71c8 > > Feb 28 15:38:28 plutao kernel: c1020680 c1000000 c7ffc810 > > 00000000 00000020 000001d2 00000006 00007688 > > Feb 28 15:38:28 plutao kernel: c0126728 00000006 0000000f > > c02d71c8 00000006 000001d2 c02d71c8 00000000 > > Feb 28 15:38:28 plutao kernel: Call Trace: [] [] > > [] [] [] > > Feb 28 15:38:28 plutao kernel: [] [] [] > > [] [] [] > > Feb 28 15:38:28 plutao kernel: > > Feb 28 15:38:28 plutao kernel: Code: Bad EIP value. > > From vserver.error@solucorp.qc.ca Mon Mar 4 16:42:21 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g24LgK7Y010428; Mon, 4 Mar 2002 16:42:20 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g24L7k322292 for vserver.list; Mon, 4 Mar 2002 16:07:46 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from gadolinium.btinternet.com (gadolinium.btinternet.com [194.73.73.111]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g24L7iR22285 for ; Mon, 4 Mar 2002 16:07:45 -0500 Received: from host213-122-11-75.in-addr.btopenworld.com ([213.122.11.75] helo=john-new) by gadolinium.btinternet.com with esmtp (Exim 3.22 #8) id 16hzgK-0007Q4-00 for vserver@solucorp.qc.ca; Mon, 04 Mar 2002 21:07:41 +0000 Received: from 192.168.0.1 by john-new ([192.168.0.1] running VPOP3) with SMTP for ; Mon, 4 Mar 2002 21:07:26 -0000 From: "John Lyons" To: Subject: [vserver] Which Kernel Date: Mon, 4 Mar 2002 21:07:23 -0000 Message-ID: <007b01c1c3c0$9600b350$0100a8c0@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <1015262779.699.8.camel@localhost.localdomain> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 253 Whats the recommended kernel ctx patch to be using at the moment? Which is most stable? I'm on ctx 5 at the moment but will upgrade to the latest tomorrow assuming I'm not going backwards in terms of stability. Regards John Lyons DomainCity http://www.domaincity.co.uk support@domaincity.co.uk ICQ 74187012 *********************************************************************** Please quote your account number in the subject line of all emails. Failure to do so may result in your enquiries taking longer to process. *********************************************************************** From vserver.error@solucorp.qc.ca Mon Mar 4 17:48:49 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g24Mmm7Y010889; Mon, 4 Mar 2002 17:48:48 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g24MLYj23844 for vserver.list; Mon, 4 Mar 2002 17:21:34 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g24MLYR23840 for ; Mon, 4 Mar 2002 17:21:34 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id DD3D41000 for ; Mon, 4 Mar 2002 23:21:32 +0100 (CET) Subject: Re: [vserver] Which Kernel From: klavs klavsen To: Vserver Mailinglist In-Reply-To: <007b01c1c3c0$9600b350$0100a8c0@johnnew> References: <007b01c1c3c0$9600b350$0100a8c0@johnnew> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-JuxixLAVcnOCy4pK7mzp" X-Mailer: Evolution/1.0.2 Date: 04 Mar 2002 23:21:20 +0100 Message-Id: <1015280493.2003.0.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 254 --=-JuxixLAVcnOCy4pK7mzp Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Mon, 2002-03-04 at 22:07, John Lyons wrote: >=20 > Whats the recommended kernel ctx patch to be using at the moment? Which i= s > most stable? ctx-8 for 2.4.18. a guy named Luis Santos, had trouble with 2.4.17 and ctx-7 but no probs with the above mentioned. --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - Open Source Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-JuxixLAVcnOCy4pK7mzp Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8g/Ng4c1kHlhtW8oRAn6IAKCk2EKmMQOb3/fcS7Xl8uAu66qYUwCfTulU yiWgDW0aNmgkGLRwbVecEl0= =vubu -----END PGP SIGNATURE----- --=-JuxixLAVcnOCy4pK7mzp-- From vserver.error@solucorp.qc.ca Tue Mar 5 07:39:23 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g25CdL7Y015780; Tue, 5 Mar 2002 07:39:22 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g25BxuP05868 for vserver.list; Tue, 5 Mar 2002 06:59:56 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g25BxtR05864 for ; Tue, 5 Mar 2002 06:59:55 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id 7CFF1108C for ; Tue, 5 Mar 2002 12:59:54 +0100 (CET) Subject: [vserver] mount -o ro --bind .. don't work From: klavs klavsen To: Vserver Mailinglist Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-96rBV30EgiAHuFM6kJcd" X-Mailer: Evolution/1.0.2 Date: 05 Mar 2002 12:59:43 +0100 Message-Id: <1015329594.2004.1.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 255 --=-96rBV30EgiAHuFM6kJcd Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi guys, when I try to mount a directory under a vserver read-only it mounts fine, and the mount command tells me it's read-only. However as root in the vserver, I can edit and add files and directores just fine :-) Do any of you have experience with this? Or should I just forget about the mount --bind - and keep duplicate directories?=20 --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - Open Source Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-96rBV30EgiAHuFM6kJcd Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8hLMv4c1kHlhtW8oRAs4ZAJ9v6oHJePK4Pr8Oricp695WUrohmACgk/e8 HBHaG3koiapXrFuNH4jfmbg= =kgST -----END PGP SIGNATURE----- --=-96rBV30EgiAHuFM6kJcd-- From vserver.error@solucorp.qc.ca Tue Mar 5 07:56:25 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g25CuO7Y015880; Tue, 5 Mar 2002 07:56:24 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g25CRAX06452 for vserver.list; Tue, 5 Mar 2002 07:27:10 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from skessa.this.is (this.is [194.144.127.120]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g25CRAR06448 for ; Tue, 5 Mar 2002 07:27:10 -0500 Received: from skessa.this.is (www-data@localhost [127.0.0.1]) by skessa.this.is (8.12.1/8.12.1/Debian -5) with ESMTP id g25CR9M7011460 for ; Tue, 5 Mar 2002 12:27:09 GMT Received: (from www-data@localhost) by skessa.this.is (8.12.1/8.12.1/Debian -5) id g25CR9gt011458 for vserver@solucorp.qc.ca; Tue, 5 Mar 2002 12:27:09 GMT X-Authentication-Warning: skessa.this.is: www-data set sender to ragnar@this.is using -f To: vserver@solucorp.qc.ca Subject: [vserver] Re: Debian Message-ID: <1015331229.3c84b99d313b7@this.is> Date: Tue, 05 Mar 2002 12:27:09 +0000 (GMT) From: ragnar@this.is References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: IMP/PHP IMAP webmail program 2.2.6 X-Originating-IP: 194.144.127.80 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-0.8 required=5.0 tests=IN_REP_TO,NO_REAL_NAME version=2.01 Status: RO X-Status: X-Keywords: X-UID: 256 Hi, Sorry to ask the same question again... > > I would like to run Debian on the vservers. > Are you also planning to run Debian on the root server? That is not so important and hardly practical with the fast development progress now. What I would like to do is to run debian as a virtual server with no modification to it's environment, if possible. At least with documented modifications that would not break by an apt-get upgrade. The way debian works we will probably end um with a "port" named vserver-i386. But for now my problem is simpler... I do not know how to install the first "template" server. Best Gudmundur Ragnar ragnar@this.is From vserver.error@solucorp.qc.ca Tue Mar 5 08:41:37 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g25Dfa7Y016000; Tue, 5 Mar 2002 08:41:36 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g25DC7R07262 for vserver.list; Tue, 5 Mar 2002 08:12:07 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.SerNet.DE (mail.SerNet.DE [193.159.217.66]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g25DC6R07258 for ; Tue, 5 Mar 2002 08:12:06 -0500 Received: from intern.SerNet.DE by mail.SerNet.DE with esmtp (Exim 2.12 #1) for vserver@solucorp.qc.ca id 16iEjb-0000wU-00; Tue, 5 Mar 2002 14:12:03 +0100 Received: by intern.SerNet.DE id 16iEja-00030E-00; Tue, 05 Mar 2002 14:12:02 +0100 Content-Type: text/plain; charset="iso-8859-1" From: Krischan Jodies To: vserver@solucorp.qc.ca Subject: Re: [vserver] mount -o ro --bind .. don't work Date: Tue, 5 Mar 2002 14:07:30 +0100 References: <1015329594.2004.1.camel@amd.vsen.dk> In-Reply-To: <1015329594.2004.1.camel@amd.vsen.dk> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: Organization: Service Network GmbH, Goettingen, Germany Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 257 Am Dienstag, 5. März 2002 12:59 schrieb klavs klavsen: > Hi guys, > > when I try to mount a directory under a vserver read-only it mounts > fine, and the mount command tells me it's read-only. However as root in > the vserver, I can edit and add files and directores just fine :-) > > Do any of you have experience with this? Or should I just forget about > the mount --bind - and keep duplicate directories? We are using only mount --bind, no vunify at all. Whether you have write access or not depends only on the first "real" mount, the second does not matter. Our system looks like this: /dev/hda2 on /map type ext2 (ro) /map/usr on /vservers/mysql/usr type none (ro,bind) /map/sbin on /vservers/mysql/sbin type none (ro,bind) /map/bin on /vservers/mysql/bin type none (ro,bind) /map/lib on /vservers/mysql/lib type none (ro,bind) proc on /vservers/mysql/proc type proc (rw) none on /vservers/mysql/dev/pts type devpts (rw) /map/usr on /vservers/foertsch/usr type none (ro,bind) /map/sbin on /vservers/foertsch/sbin type none (ro,bind) /map/bin on /vservers/foertsch/bin type none (ro,bind) /map/lib on /vservers/foertsch/lib type none (ro,bind) proc on /vservers/foertsch/proc type proc (rw) none on /vservers/foertsch/dev/pts type devpts (rw) [and so on] Another interesting thing is: You can remount -o rw,ro /map any time you want, and read/write access to the mount --binded directories changes accordingly. (Note: All vservers have write access when /map is r/w! Consider shutting down them, when maintaining /map) But switch /map to r/w, switch any /vserver/blah to r/w too and you can't switch /map back to r/o. Krischan -- Service Network GmbH, mailto:kjodies@SerNet.DE, http://www.SerNet.DE phone: +49-551-370000-0, fax: +49-551-370000-9 From vserver.error@solucorp.qc.ca Tue Mar 5 08:45:07 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g25Dj67Y016021; Tue, 5 Mar 2002 08:45:07 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g25DG5K07349 for vserver.list; Tue, 5 Mar 2002 08:16:05 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tranq.dorms.spbu.ru (tranq.dorms.spbu.ru [195.19.254.35]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g25DG4R07345 for ; Tue, 5 Mar 2002 08:16:05 -0500 Received: from localhost ([127.0.0.1] helo=tranq) by tranq.dorms.spbu.ru with smtp (Exim 3.33 #1 (Debian)) id 16iEnR-0001WG-00 for ; Tue, 05 Mar 2002 16:16:01 +0300 Date: Tue, 5 Mar 2002 16:16:01 +0300 From: Konstantin Starodubtsev To: vserver@solucorp.qc.ca Subject: Re: [vserver] Re: Debian Message-Id: <20020305161601.0151c2f9.klists@rbcmail.ru> In-Reply-To: <1015331229.3c84b99d313b7@this.is> References: <1015331229.3c84b99d313b7@this.is> X-Mailer: Sylpheed version 0.7.2claws2 (GTK+ 1.2.10; i386-debian-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 258 > But for now my problem is simpler... I do not know how to > install the first "template" server. The shortest way is to get and unpack base.tgz from potato distribution. After it enter vserver and do apt-get dist-upgrade in it. Another way is to do like the new woody installer does. It forces installation of all packages under binary-all/base directory in the first pass, and in the second one it configures all packages (dpkg-reconfigure --all). May be you will need to do it several times. From vserver.error@solucorp.qc.ca Tue Mar 5 08:49:58 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g25Dnv7Y016035; Tue, 5 Mar 2002 08:49:57 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g25DIA607380 for vserver.list; Tue, 5 Mar 2002 08:18:10 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tux.rsn.bth.se (tux.rsn.bth.se [194.47.143.135]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g25DIAR07376 for ; Tue, 5 Mar 2002 08:18:10 -0500 Received: from localhost (gandalf@localhost [127.0.0.1]) by tux.rsn.bth.se (8.12.1/8.12.1/Debian -5) with ESMTP id g25DHxH0012919 for ; Tue, 5 Mar 2002 14:17:59 +0100 Date: Tue, 5 Mar 2002 14:17:59 +0100 (CET) From: Martin Josefsson X-Sender: gandalf@tux.rsn.bth.se To: Vserver Mailinglist Subject: Re: [vserver] mount -o ro --bind .. don't work In-Reply-To: <1015329594.2004.1.camel@amd.vsen.dk> Message-ID: X-message-flag: Get yourself a real mail client! http://www.washington.edu/pine/ MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 259 On 5 Mar 2002, klavs klavsen wrote: > Hi guys, > > when I try to mount a directory under a vserver read-only it mounts > fine, and the mount command tells me it's read-only. However as root in > the vserver, I can edit and add files and directores just fine :-) > > Do any of you have experience with this? Or should I just forget about > the mount --bind - and keep duplicate directories? This is currently a limitation of the VFS in Linux. I began to start fixing it but then I ran into some more serious problems that need a smaller redesign of the VFS and I need to contact Al Viro for advice on how he wants it done (I know he wants this fixed). Maybe I'll get around to mail him soon. I hope so. /Martin Never argue with an idiot. They drag you down to their level, then beat you with experience. From vserver.error@solucorp.qc.ca Tue Mar 5 09:05:00 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g25E4x7Y016096; Tue, 5 Mar 2002 09:04:59 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g25DYrS07731 for vserver.list; Tue, 5 Mar 2002 08:34:53 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g25DYqR07727 for ; Tue, 5 Mar 2002 08:34:53 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id DC73B108C for ; Tue, 5 Mar 2002 14:34:52 +0100 (CET) Subject: Re: [vserver] Re: Debian From: klavs klavsen To: Vserver Mailinglist In-Reply-To: <1015331229.3c84b99d313b7@this.is> References: <1015331229.3c84b99d313b7@this.is> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-HJX1Hpfur14E06BFXSeI" X-Mailer: Evolution/1.0.2 Date: 05 Mar 2002 14:34:42 +0100 Message-Id: <1015335293.2005.79.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 260 --=-HJX1Hpfur14E06BFXSeI Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 2002-03-05 at 13:27, ragnar@this.is wrote: > But for now my problem is simpler... I do not know how to > install the first "template" server. A simple approach, that I think would work, would be to cp all the files from another machine, and put them under the vserver directory. then you "just" need to adjust the vserver startup scripts and such. that should do it? --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - Open Source Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-HJX1Hpfur14E06BFXSeI Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8hMly4c1kHlhtW8oRAiowAKC2+H8zXG9OSeyG63q8u88miI8aaQCfeMEp SGNIIDGoNjoMSoou9chbvQ0= =Yk4N -----END PGP SIGNATURE----- --=-HJX1Hpfur14E06BFXSeI-- From vserver.error@solucorp.qc.ca Tue Mar 5 10:04:45 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g25F4h7Y016367; Tue, 5 Mar 2002 10:04:44 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g25EWSe08926 for vserver.list; Tue, 5 Mar 2002 09:32:28 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g25EWRR08922 for ; Tue, 5 Mar 2002 09:32:27 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id BF496108C for ; Tue, 5 Mar 2002 15:32:27 +0100 (CET) Subject: Re: [vserver] mount -o ro --bind .. don't work From: klavs klavsen To: Vserver Mailinglist In-Reply-To: References: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-ngm0tH/UNCufQCisKhb4" X-Mailer: Evolution/1.0.2 Date: 05 Mar 2002 15:32:17 +0100 Message-Id: <1015338747.2005.83.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 261 --=-ngm0tH/UNCufQCisKhb4 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 2002-03-05 at 14:17, Martin Josefsson wrote: > On 5 Mar 2002, klavs klavsen wrote: >=20 > > Hi guys, > >=20 > > when I try to mount a directory under a vserver read-only it mounts > > fine, and the mount command tells me it's read-only. However as root in > > the vserver, I can edit and add files and directores just fine :-) > >=20 > > Do any of you have experience with this? Or should I just forget about > > the mount --bind - and keep duplicate directories?=20 >=20 > This is currently a limitation of the VFS in Linux. I began to start > fixing it but then I ran into some more serious problems that need a > smaller redesign of the VFS and I need to contact Al Viro for advice on > how he wants it done (I know he wants this fixed). Maybe I'll get around > to mail him soon. I hope so. I hope so too.. Until then it seems I have to repartition my disk (which for now has one big / and only a /var seperate partition - 3gb disk only), or have duplicates and check for with diff once in a while.. I found this link (with some pointing from friends): http://groups.google.com/groups?hl=3Den&selm=3Dlinux.kernel.Pine.LNX.4.33L.= 0110291504380.22127-100000%40duckman.distro.conectiva it dates 29. oct 2001. according to it, something called a namespace patch has to be integrated more into the kernel.=20 Do you know if this has been done? --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - Open Source Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-ngm0tH/UNCufQCisKhb4 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8hNbx4c1kHlhtW8oRAtglAJ9i3kOETQYeveDZdf8xsBjYPvv07wCfazII GfVZB2jtsLNjw37E2Cc/RqA= =pfjp -----END PGP SIGNATURE----- --=-ngm0tH/UNCufQCisKhb4-- From vserver.error@solucorp.qc.ca Tue Mar 5 10:27:12 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g25FRA7Y016597; Tue, 5 Mar 2002 10:27:11 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g25ErI309471 for vserver.list; Tue, 5 Mar 2002 09:53:18 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g25ErHR09467 for ; Tue, 5 Mar 2002 09:53:17 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id 1300D108C for ; Tue, 5 Mar 2002 15:53:16 +0100 (CET) Subject: Re: [vserver] mount -o ro --bind .. don't work From: klavs klavsen To: Vserver Mailinglist In-Reply-To: References: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-fBrEOdIuVN9QPgQ5OuF2" X-Mailer: Evolution/1.0.2 Date: 05 Mar 2002 15:53:06 +0100 Message-Id: <1015339997.2005.87.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 262 --=-fBrEOdIuVN9QPgQ5OuF2 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Am I right in assuming that I could circumvent the problem by hardlinking from /www/$file to /vservers/test/www/$file for all files and directories, and them making the /vservers/test/www immutable and NOT immutable-unlink - so that even Root in the test-vserver can't change them. only the Real root can? btw. can I use chattr to set/unset the immutable-unlink bit? just like I can use it to set the immutable? I hope so :-) --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - Open Source Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-fBrEOdIuVN9QPgQ5OuF2 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8hNvS4c1kHlhtW8oRArCYAKCnefWznjFffdrL/dpgYvJctfKnkwCfd6c+ UbHCOIKHw5xhVuXiO4d1htY= =AjPr -----END PGP SIGNATURE----- --=-fBrEOdIuVN9QPgQ5OuF2-- From vserver.error@solucorp.qc.ca Tue Mar 5 10:29:43 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g25FTg7Y016623; Tue, 5 Mar 2002 10:29:43 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g25F1DK09711 for vserver.list; Tue, 5 Mar 2002 10:01:13 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.trekia.se (stratos.trekia.se [212.105.83.242]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g25F1CR09707 for ; Tue, 5 Mar 2002 10:01:12 -0500 Received: from localhost (jonas@localhost) by mail.trekia.se (8.11.1/8.11.1) with ESMTP id g25F15d13983 for ; Tue, 5 Mar 2002 16:01:05 +0100 X-Authentication-Warning: stratos.trekia.se: jonas owned process doing -bs Date: Tue, 5 Mar 2002 16:01:05 +0100 (CET) From: =?ISO-8859-1?Q?Jonas_Bj=F6rklund?= X-X-Sender: jonas@stratos To: Vserver Mailinglist Subject: Re: [vserver] Re: Debian In-Reply-To: <1015335293.2005.79.camel@amd.vsen.dk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 263 Hi, > > But for now my problem is simpler... I do not know how to > > install the first "template" server. > > A simple approach, that I think would work, would be to cp all the files > from another machine, and put them under the vserver directory. then you > "just" need to adjust the vserver startup scripts and such. that should > do it? If the sulotion with base.tgz works it sounds like the best solution. (I haven't test that. But will do!) A copy from another server will take more time. From vserver.error@solucorp.qc.ca Tue Mar 5 10:41:51 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g25Ffo7Y016743; Tue, 5 Mar 2002 10:41:50 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g25FB1909972 for vserver.list; Tue, 5 Mar 2002 10:11:01 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from remtk.solucorp.qc.ca (dns.unigiciel.com [207.253.4.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g25FB1R09968 for ; Tue, 5 Mar 2002 10:11:01 -0500 Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g25FCai03307 for vserver@solucorp.qc.ca; Tue, 5 Mar 2002 10:12:36 -0500 From: Jacques Gelinas Date: Tue, 5 Mar 2002 10:12:36 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] Which Kernel X-mailer: tlmpmail 0.1 Message-ID: <20020305101236.9caf8f1ea73e@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 264 On Mon, 4 Mar 2002 21:07:23 -0500, John Lyons wrote > > Whats the recommended kernel ctx patch to be using at the moment? Which is > most stable? > > I'm on ctx 5 at the moment but will upgrade to the latest tomorrow assuming > I'm not going backwards in terms of stability. So far, I received a single message of non-stability (well, you have seen it on the list). I am running 2.4.18ctx-8 on my workstation and 2.4.17ctx-7 on prod servers. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Tue Mar 5 11:40:52 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g25Geo7Y017236; Tue, 5 Mar 2002 11:40:51 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g25G0mv11112 for vserver.list; Tue, 5 Mar 2002 11:00:48 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g25G0lR11108 for ; Tue, 5 Mar 2002 11:00:48 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id 385DB108C for ; Tue, 5 Mar 2002 17:00:46 +0100 (CET) Subject: Re: [vserver] mount -o ro --bind .. don't work From: klavs klavsen To: Vserver Mailinglist In-Reply-To: <1015339997.2005.87.camel@amd.vsen.dk> References: <1015339997.2005.87.camel@amd.vsen.dk> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-Pu3Bp+nLNfbzqSvkfTId" X-Mailer: Evolution/1.0.2 Date: 05 Mar 2002 17:00:36 +0100 Message-Id: <1015344047.2004.91.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 265 --=-Pu3Bp+nLNfbzqSvkfTId Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 2002-03-05 at 15:53, klavs klavsen wrote: > Am I right in assuming that I could circumvent the problem by > hardlinking from /www/$file to /vservers/test/www/$file for all files > and directories, and them making the /vservers/test/www immutable and > NOT immutable-unlink - so that even Root in the test-vserver can't > change them. only the Real root can? I found that the vserver's root can't remove the immutable flag, but when editing from the root-server - you would have to remove the immutable flag to update it.. bad thing.=20 Instead I made a script that cp's all files from /www to /vservers/test/www and then chattr +i -R's the copy.=20 this way it's easy to sync the dir, when you change the original. =20 --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - Open Source Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-Pu3Bp+nLNfbzqSvkfTId Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8hOuj4c1kHlhtW8oRAjssAKCjA2TP5LLIGYVQ9Ib4ZhFGN2DOcgCfYGSz KeclJDRLxrtp1MiqHJtwdAs= =QMiW -----END PGP SIGNATURE----- --=-Pu3Bp+nLNfbzqSvkfTId-- From vserver.error@solucorp.qc.ca Tue Mar 5 14:23:05 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g25JN37Y018168; Tue, 5 Mar 2002 14:23:04 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g25IjBe02719 for vserver.list; Tue, 5 Mar 2002 13:45:11 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from figure1.int.wirex.com (cerebus.wirex.com [65.102.14.138]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g25IjAh02715 for ; Tue, 5 Mar 2002 13:45:10 -0500 Received: (from chris@localhost) by figure1.int.wirex.com (8.11.6/8.11.6) id g25Iph318694; Tue, 5 Mar 2002 10:51:43 -0800 Date: Tue, 5 Mar 2002 10:51:42 -0800 From: Chris Wright To: Martin Josefsson Cc: Vserver Mailinglist Subject: Re: [vserver] mount -o ro --bind .. don't work Message-ID: <20020305105142.A18656@figure1.int.wirex.com> References: <1015338747.2005.83.camel@amd.vsen.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from gandalf@wlug.westbo.se on Tue, Mar 05, 2002 at 07:03:09PM +0100 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 266 * Martin Josefsson (gandalf@wlug.westbo.se) wrote: > On 5 Mar 2002, klavs klavsen wrote: > > [snip] > > I hope so too.. Until then it seems I have to repartition my disk (which > > for now has one big / and only a /var seperate partition - 3gb disk > > only), or have duplicates and check for with diff once in a while.. > > > > I found this link (with some pointing from friends): > > http://groups.google.com/groups?hl=en&selm=linux.kernel.Pine.LNX.4.33L.0110291504380.22127-100000%40duckman.distro.conectiva > > > > it dates 29. oct 2001. according to it, something called a namespace > > patch has to be integrated more into the kernel. > > > > Do you know if this has been done? > > Don't really know as I havn't seen the namespace patch but I have had to > modify namespace.c a lot in order to have per mount ro/rw settings, the > problem I have now is that permissions is decided by only looking at the > inode and not which vfsmount the request was made to... that part has to > change, and my patch is extremely ugly right now... The namespace changes are in 2.5, and the permission() changes (to pass essentially dentry/vfsmount pair instead of just inode) is pending for 2.5. I'm not sure how much of this will make it back into 2.4 mainline, but a backport is always possible ;-) cheers, -chris From vserver.error@solucorp.qc.ca Tue Mar 5 14:48:55 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g25Jms7Y018348; Tue, 5 Mar 2002 14:48:55 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g25JE0Z03382 for vserver.list; Tue, 5 Mar 2002 14:14:00 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tux.rsn.bth.se (tux.rsn.bth.se [194.47.143.135]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g25JDxh03378 for ; Tue, 5 Mar 2002 14:13:59 -0500 Received: from localhost (gandalf@localhost [127.0.0.1]) by tux.rsn.bth.se (8.12.1/8.12.1/Debian -5) with ESMTP id g25JDoH0014592; Tue, 5 Mar 2002 20:13:50 +0100 Date: Tue, 5 Mar 2002 20:13:50 +0100 (CET) From: Martin Josefsson X-Sender: gandalf@tux.rsn.bth.se To: Chris Wright cc: Vserver Mailinglist Subject: Re: [vserver] mount -o ro --bind .. don't work In-Reply-To: <20020305105142.A18656@figure1.int.wirex.com> Message-ID: X-message-flag: Get yourself a real mail client! http://www.washington.edu/pine/ MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 267 On Tue, 5 Mar 2002, Chris Wright wrote: > * Martin Josefsson (gandalf@wlug.westbo.se) wrote: > > On 5 Mar 2002, klavs klavsen wrote: > > > > [snip] > > > I hope so too.. Until then it seems I have to repartition my disk (which > > > for now has one big / and only a /var seperate partition - 3gb disk > > > only), or have duplicates and check for with diff once in a while.. > > > > > > I found this link (with some pointing from friends): > > > http://groups.google.com/groups?hl=en&selm=linux.kernel.Pine.LNX.4.33L.0110291504380.22127-100000%40duckman.distro.conectiva > > > > > > it dates 29. oct 2001. according to it, something called a namespace > > > patch has to be integrated more into the kernel. > > > > > > Do you know if this has been done? > > > > Don't really know as I havn't seen the namespace patch but I have had to > > modify namespace.c a lot in order to have per mount ro/rw settings, the > > problem I have now is that permissions is decided by only looking at the > > inode and not which vfsmount the request was made to... that part has to > > change, and my patch is extremely ugly right now... > > The namespace changes are in 2.5, and the permission() changes (to pass > essentially dentry/vfsmount pair instead of just inode) is pending for > 2.5. I'm not sure how much of this will make it back into 2.4 mainline, > but a backport is always possible ;-) That sounds wonderful, I hope it will happen soon. /Martin Never argue with an idiot. They drag you down to their level, then beat you with experience. From vserver.error@solucorp.qc.ca Tue Mar 5 18:20:30 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g25NKT7Y019932; Tue, 5 Mar 2002 18:20:30 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g25MlH908125 for vserver.list; Tue, 5 Mar 2002 17:47:17 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from carbon.btinternet.com (carbon.btinternet.com [194.73.73.92]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g25MlHh08121 for ; Tue, 5 Mar 2002 17:47:17 -0500 Received: from host213-122-81-106.in-addr.btopenworld.com ([213.122.81.106] helo=home4v9eek8u3l) by carbon.btinternet.com with smtp (Exim 3.22 #8) id 16iNiA-0001eK-00 for vserver@solucorp.qc.ca; Tue, 05 Mar 2002 22:47:11 +0000 Message-ID: <039d01c1c497$bebeddd0$6a517ad5@home4v9eek8u3l> From: "John Lyons" To: References: <20020305101236.9caf8f1ea73e@remtk.solucorp.qc.ca> Subject: Re: [vserver] Which Kernel Date: Tue, 5 Mar 2002 22:47:28 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 268 > So far, I received a single message of non-stability (well, you have seen it on > the list). I am running 2.4.18ctx-8 on my workstation and 2.4.17ctx-7 on prod > servers. got 18ctx-8 running, and added support for my SIS ide, and SIS nic in. Got that working fine. (BTW very sexy fixes to ifconfig and netstat and the extra utilities :-)) >From memory the last time I built kernels for the servers I didn't change any fs/Ext3 settings but now I've discovered that the new kernels that have been built haven't got ext3 support. I've recompiled selecting Ext3 support from the fs menu (4 times now!) but on each occasion the servers have restarted without ext3 support. Is this something that I've missed or what? :-( Help please ! J From vserver.error@solucorp.qc.ca Tue Mar 5 19:57:41 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g260ve7Y020796; Tue, 5 Mar 2002 19:57:40 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g260Lb810351 for vserver.list; Tue, 5 Mar 2002 19:21:37 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.thedeacon.org (thedeacon.org [64.71.202.149]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g260Lbh10347 for ; Tue, 5 Mar 2002 19:21:37 -0500 Received: from thedeacon.org (cyrix-m3.thedeacon.org [172.23.172.133]) by mail.thedeacon.org (Postfix) with SMTP id 64A6A241CD; Tue, 5 Mar 2002 17:21:30 -0700 (MST) Received: from 172.23.172.143 (SquirrelMail authenticated user deacon) by webmail.thedeacon.org with HTTP; Tue, 5 Mar 2002 17:25:35 -0700 (MST) Message-ID: <37474.172.23.172.143.1015374335.squirrel@webmail.thedeacon.org> Date: Tue, 5 Mar 2002 17:25:35 -0700 (MST) Subject: Re: [vserver] Which Kernel From: "Paul Kreiner" To: In-Reply-To: <039d01c1c497$bebeddd0$6a517ad5@home4v9eek8u3l> References: <039d01c1c497$bebeddd0$6a517ad5@home4v9eek8u3l> X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal Cc: X-Mailer: SquirrelMail (version 1.2.5) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 269 John Lyons said: >>From memory the last time I built kernels for the servers I didn't >>change > any fs/Ext3 settings but now I've discovered that the new kernels that > have been built haven't got ext3 support. > > I've recompiled selecting Ext3 support from the fs menu (4 times now!) > but on each occasion the servers have restarted without ext3 support. > > Is this something that I've missed or what? :-( Help please ! I assume you're building ext3 into the kernel directly (not a module)? If it's a module, be sure to insmod it first, of course. Try "cat /proc/filesystems" and see if ext3 is in the list. If it is, then your kernel supports ext3, so that's not the problem. Also, if you don't force '-t ext3' on the mount, it may be mounted as ext2. I've seen this happen if the filesystem was last unmounted as an ext2 fs. If you *still* can't get ext3 working at that point, and ext3 doesn't show up in /proc/filesystems, then something else is going on that needs a deeper look. Perhaps sending a snippet of your kernel .config just before you compile would help. Hope this helps, _Paul K. From vserver.error@solucorp.qc.ca Tue Mar 5 20:51:53 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g261pq7Y021280; Tue, 5 Mar 2002 20:51:52 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g261Qvb11502 for vserver.list; Tue, 5 Mar 2002 20:26:57 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tungsten.btinternet.com (tungsten.btinternet.com [194.73.73.81]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g261Qvh11498 for ; Tue, 5 Mar 2002 20:26:57 -0500 Received: from host213-122-31-8.in-addr.btopenworld.com ([213.122.31.8] helo=home4v9eek8u3l) by tungsten.btinternet.com with smtp (Exim 3.22 #8) id 16iQCm-0007YS-00 for vserver@solucorp.qc.ca; Wed, 06 Mar 2002 01:26:57 +0000 Message-ID: <048b01c1c4ae$110a3600$6a517ad5@home4v9eek8u3l> From: "John Lyons" To: References: <039d01c1c497$bebeddd0$6a517ad5@home4v9eek8u3l> <37474.172.23.172.143.1015374335.squirrel@webmail.thedeacon.org> Subject: Re: [vserver] Which Kernel Date: Wed, 6 Mar 2002 01:27:21 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 270 > I assume you're building ext3 into the kernel directly (not a module) Correct. > Try "cat /proc/filesystems" and see if ext3 is in the list. If it is, > then your kernel supports ext3, so that's not the problem. Not in the list, nodev rootfs nodev bdev nodev proc nodev sockfs nodev tmpfs nodev shm nodev pipefs nodev binfmt_misc ext2 iso9660 nodev nfs nodev autofs nodev devpts >From the boot.log Mar 6 16:28:00 svr9 rc.sysinit: Checking filesystems succeeded Mar 6 16:28:00 svr9 rc.sysinit: Mounting local filesystems: failed Mar 6 16:28:00 svr9 mount: mount: fs type ext3 not supported by kernel > If you *still* can't get ext3 working at that point, and ext3 doesn't show > up in /proc/filesystems, then something else is going on that needs a > deeper look. Perhaps sending a snippet of your kernel .config just before > you compile would help. Chunks from dmesg, confirming that the SIS support that I added is there but that the file system is mounted as ext2 SIS5513: IDE controller on PCI bus 00 dev 01 sis900.c: v1.08.01 9/25/2001 eth0: SiS 900 PCI Fast Ethernet at 0xd400, IRQ 10, 00:e0:18:46:05:41. VFS: Mounted root (ext2 filesystem) readonly. >From my .config # CONFIG_BFS_FS is not set CONFIG_EXT3_FS=y CONFIG_JBD=y # CONFIG_JBD_DEBUG is not set The same machine was used to compile ctx-5 and I can't remember needing to enable Ext3 file system support in that. Just get the feeling that I'm either editing the wrong defconfig file or the file with the new config isn't being used. (I recall having to look for the .config file the last time, just wondering if there's something amiss there?) Only other thing I can think of is that I need to load something? to freshen the modules? I've just untared the kernel source, patched, configured and built and installed. Sould I have done something else before hand to get back to a fresher system? (Sorry just wild stabs in the dark now :-( ) J From vserver.error@solucorp.qc.ca Tue Mar 5 22:24:38 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g263Ob7Y021983; Tue, 5 Mar 2002 22:24:38 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g262tbk13114 for vserver.list; Tue, 5 Mar 2002 21:55:37 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g262tbh13110 for ; Tue, 5 Mar 2002 21:55:37 -0500 Received: from remtk.solucorp.qc.ca (g36-87.citenet.net [206.123.36.87]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g2630v636259 for ; Tue, 5 Mar 2002 22:00:57 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g262qk102726 for vserver@solucorp.qc.ca; Tue, 5 Mar 2002 21:52:46 -0500 From: Jacques Gelinas Date: Tue, 5 Mar 2002 21:52:46 -0500 To: vserver@solucorp.qc.ca Subject: Re: [vserver] Which Kernel X-mailer: tlmpmail 0.1 Message-ID: <20020305215246.baa3f340d080@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 271 On Tue, 5 Mar 2002 22:47:28 -0500, John Lyons wrote > > So far, I received a single message of non-stability (well, you have seen > it on > > the list). I am running 2.4.18ctx-8 on my workstation and 2.4.17ctx-7 on > prod > > servers. > > got 18ctx-8 running, and added support for my SIS ide, and SIS nic in. Got Can you tell me what is missing. I will add it in my configuration. Is this standard stuff found in 2.4.18 ? > that working fine. (BTW very sexy fixes to ifconfig and netstat and the > extra utilities :-)) Yes this is getting real cool. I like when I do a pstree, an ifconfig and then a netstat on a vserver is it shows so little. It gives a good feeling. > >From memory the last time I built kernels for the servers I didn't change > any fs/Ext3 settings but now I've discovered that the new kernels that have > been built haven't got ext3 support. > > I've recompiled selecting Ext3 support from the fs menu (4 times now!) but > on each occasion the servers have restarted without ext3 support. > > Is this something that I've missed or what? :-( Help please ! You must select it as a builtin driver (not a module) unless you are using a initial ramdisk to preload it. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Tue Mar 5 23:11:11 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g264BA7Y022754; Tue, 5 Mar 2002 23:11:11 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g263tSt14128 for vserver.list; Tue, 5 Mar 2002 22:55:28 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g263tSh14124 for ; Tue, 5 Mar 2002 22:55:28 -0500 Received: from remtk.solucorp.qc.ca (g36-81.citenet.net [206.123.36.81]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g2640n641326 for ; Tue, 5 Mar 2002 23:00:49 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g263VVs02749 for vserver@solucorp.qc.ca; Tue, 5 Mar 2002 22:31:31 -0500 From: Jacques Gelinas Date: Tue, 5 Mar 2002 22:31:31 -0500 To: vserver@solucorp.qc.ca Subject: Re: [vserver] ext2/ext3 question X-mailer: tlmpmail 0.1 Message-ID: <20020305223131.b745e2a568a3@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 272 On Sat, 2 Mar 2002 14:08:31 -0500, edward@paradigm4.com.au wrote > Isn't it CAP_LINUX_IMMUTABLE capability? Yes you are right. This capability is not available to vserver administrator. > On Friday, 1 March 2002 at 14:01, Jacques Gelinas wrote: > > > Only root in the root server can do it (change the immutable flags). More precisely > > only a user with CAP_SYS_ADMIN capability can do it and vservers do not have > > this capability (by default). > > > --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Tue Mar 5 23:14:13 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g264EC7Y022802; Tue, 5 Mar 2002 23:14:12 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g263tUi14134 for vserver.list; Tue, 5 Mar 2002 22:55:30 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g263tTh14130 for ; Tue, 5 Mar 2002 22:55:29 -0500 Received: from remtk.solucorp.qc.ca (g36-81.citenet.net [206.123.36.81]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g2640o641330 for ; Tue, 5 Mar 2002 23:00:50 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g263kcq02766 for vserver@solucorp.qc.ca; Tue, 5 Mar 2002 22:46:38 -0500 From: Jacques Gelinas Date: Tue, 5 Mar 2002 22:46:38 -0500 To: vserver@solucorp.qc.ca Subject: Re: [vserver] Re: Debian X-mailer: tlmpmail 0.1 Message-ID: <20020305224638.38acdbde8fd4@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 273 On Tue, 5 Mar 2002 14:34:42 -0500, klavs klavsen wrote > On Tue, 2002-03-05 at 13:27, ragnar@this.is wrote: > > But for now my problem is simpler... I do not know how to > > install the first "template" server. > A simple approach, that I think would work, would be to cp all the files > from another machine, and put them under the vserver directory. then you > "just" need to adjust the vserver startup scripts and such. that should > do it? Probably. Fix the /dev directory so it only contain the following files full null ptmx pts random tty urandom zero If you leave too much stuff in /dev, an admin in the vserver can break out. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Tue Mar 5 23:22:14 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g264ME7Y022861; Tue, 5 Mar 2002 23:22:14 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2642ll14327 for vserver.list; Tue, 5 Mar 2002 23:02:47 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ith.nbwrpg.com (cpe-24-221-148-187.az.sprintbbd.net [24.221.148.187]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2642kh14323 for ; Tue, 5 Mar 2002 23:02:47 -0500 Received: from ith.nbwrpg.com (ith.nbwrpg.com [10.0.0.254]) by ith.nbwrpg.com (Postfix) with ESMTP id B9E20B738 for ; Tue, 5 Mar 2002 20:50:00 -0700 (MST) Date: Tue, 5 Mar 2002 20:50:00 -0700 (MST) From: To: Subject: Re: [vserver] Re: Debian In-Reply-To: <20020305224638.38acdbde8fd4@remtk.solucorp.qc.ca> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-0.8 required=5.0 tests=IN_REP_TO,NO_REAL_NAME version=2.01 Status: RO X-Status: X-Keywords: X-UID: 274 On Tue, 5 Mar 2002, Jacques Gelinas wrote: > Probably. Fix the /dev directory so it only contain the following files > > full null ptmx pts random tty urandom zero > > If you leave too much stuff in /dev, an admin in the vserver can break out. > Hey, speaking of breaking out. Can't a vserver admin create the hd* device and mount the root parition to screw around with? I tried this on my vserver and it worked. I have the vserver on a different partition from the root server, but I don't see how having them on one parition would make a difference. Is this a feasable way of breaking out? - Yan From vserver.error@solucorp.qc.ca Wed Mar 6 01:06:17 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2666G7Y023482; Wed, 6 Mar 2002 01:06:17 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g265lra16303 for vserver.list; Wed, 6 Mar 2002 00:47:53 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.thedeacon.org (thedeacon.org [64.71.202.149]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g265lqh16299 for ; Wed, 6 Mar 2002 00:47:53 -0500 Received: from thedeacon.org (cyrix-m3.thedeacon.org [172.23.172.133]) by mail.thedeacon.org (Postfix) with SMTP id A511C241CD; Tue, 5 Mar 2002 22:47:52 -0700 (MST) Received: from 172.23.172.150 (SquirrelMail authenticated user deacon) by webmail.thedeacon.org with HTTP; Tue, 5 Mar 2002 22:51:58 -0700 (MST) Message-ID: <1101.172.23.172.150.1015393918.squirrel@webmail.thedeacon.org> Date: Tue, 5 Mar 2002 22:51:58 -0700 (MST) Subject: Re: [vserver] Which Kernel From: "Paul Kreiner" To: In-Reply-To: <048b01c1c4ae$110a3600$6a517ad5@home4v9eek8u3l> References: <048b01c1c4ae$110a3600$6a517ad5@home4v9eek8u3l> X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal Cc: X-Mailer: SquirrelMail (version 1.2.5) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 275 John Lyons said: > Not in the list, > > nodev rootfs > nodev bdev > nodev proc > nodev sockfs > nodev tmpfs > nodev shm > nodev pipefs > nodev binfmt_misc > ext2 > iso9660 > nodev nfs > nodev autofs > nodev devpts > >>From the boot.log > Mar 6 16:28:00 svr9 rc.sysinit: Checking filesystems succeeded > Mar 6 16:28:00 svr9 rc.sysinit: Mounting local filesystems: failed > Mar 6 16:28:00 svr9 mount: mount: fs type ext3 not supported by kernel > Yep, so it's not getting compiled in. At least we know that much. > SIS5513: IDE controller on PCI bus 00 dev 01 > sis900.c: v1.08.01 9/25/2001 > eth0: SiS 900 PCI Fast Ethernet at 0xd400, IRQ 10, 00:e0:18:46:05:41. Is the SIS support on your system something you have to add in (patch) the kernel to get, or just a config parameter you turn on? I see you say "patch" elsewhere in your mail, so that's my assumption. Question: can you get the IDE controller to work w/the unpatched 2.4.18? Or do you have to patch to even recognize it? > > VFS: Mounted root (ext2 filesystem) readonly. > >>From my .config > > # CONFIG_BFS_FS is not set > CONFIG_EXT3_FS=y > CONFIG_JBD=y > # CONFIG_JBD_DEBUG is not set So it looks like it should be compiling in. Just a thought, do you do a full "make dep && make clean && make bzImage" after saving your new .config? I've seen skipping the mkdep cause some problems. Also, some silly stuff ... you're remembering to edit lilo.conf and invoke "lilo", right? And you doublechecked you're booting the kernel you've built? > The same machine was used to compile ctx-5 and I can't remember needing > to enable Ext3 file system support in that. Just get the feeling that > I'm either editing the wrong defconfig file or the file with the new > config isn't being used. (I recall having to look for the .config file > the last time, just wondering if there's something amiss there?) So, maybe a little step-by-step here would help pinpoint the trouble... (1) unpack the original 2.4.18 tarball, make config, build it, and boot (if possible). Do you have ext3 support? If not, then it sounds like a prob with your build environment or with 2.4.18 (which I doubt, 'cause there would have been screaming already). (2) If the previous works, then patch ctx8 in, make clean, and build again. Do you get ext3 working now? If not, then perhaps ctx8 broke something. (3) If so, then patch in your network card and hard disk patches, make clean, and build yet again. If it works now, you should be good to go. If not, then the SiS patches are probably at fault. > Only other thing I can think of is that I need to load something? to > freshen the modules? > I've just untared the kernel source, patched, configured and built and > installed. Sould I have done something else before hand to get back to > a fresher system? (Sorry just wild stabs in the dark now :-( ) My first guess is something in your build environment is wacky and/or the .config file you're editing isn't the one being used to build. To test that, try *removing* ext2 support and building/booting the resulting kernel. It should be rather unhappy - if not, and ext2 is still built in, then your .config changes are not being used. The NIC and HDC patches shouldn't touch FS code, so that shouldn't be a problem. The ctx8 patch does touch FS code, but I think if it broke ext3 we'd have heard about it by now. From vserver.error@solucorp.qc.ca Wed Mar 6 07:07:56 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g26C7t7Y025638; Wed, 6 Mar 2002 07:07:56 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g26BlVD24221 for vserver.list; Wed, 6 Mar 2002 06:47:31 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from noc.easyspace.net (noc.easyspace.net [62.254.202.67]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g26BlTh24217 for ; Wed, 6 Mar 2002 06:47:30 -0500 Received: from hoffman.vilain.net (gw1.noc.easyspace.net [62.254.202.66]) by noc.easyspace.net (8.11.0/8.11.0) with ESMTP id g26BkBQ02297 for ; Wed, 6 Mar 2002 11:46:11 GMT Received: from hoffman.vilain.net ([127.0.0.1] helo=hoffman ident=sam) by hoffman.vilain.net with smtp (Exim 3.33 #1 (Debian)) id 16iZtC-0001qz-00 for ; Wed, 06 Mar 2002 11:47:22 +0000 Date: Wed, 6 Mar 2002 11:47:21 +0000 From: Sam Vilain To: vserver@solucorp.qc.ca Subject: Re: [vserver] Re: Debian In-Reply-To: <1015331229.3c84b99d313b7@this.is> References: <1015331229.3c84b99d313b7@this.is> X-Mailer: Sylpheed version 0.7.0 (GTK+ 1.2.10; i386-debian-linux-gnu) X-Face: NErb*2NY4\th?$s.!!]_9le_WtWE'b4;dk<5ot)OW2hErS|tE6~D3errlO^fVil?{qe4Lp_m\&Ja!;>%JqlMPd27X|;b!GH'O.,NhF*)e\ln4W}kFL5c`5t'9,(~Bm_&on,0Ze"D>rFJ$Y[U""nR Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 276 On Tue, 05 Mar 2002 12:27:09 +0000 (GMT) ragnar@this.is wrote: > The way debian works we will probably end um with a "port" > named vserver-i386. I don't think that is necessary. All you really need is something like a task-vserver, that conflicts with packages that don't make sense installing in a vserver, and requires other necessary ones. No point in forking unnecessarily. Sam. From vserver.error@solucorp.qc.ca Wed Mar 6 11:38:44 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g26Gch7Y027299; Wed, 6 Mar 2002 11:38:43 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g26GKkN30129 for vserver.list; Wed, 6 Mar 2002 11:20:46 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g26GKjh30125 for ; Wed, 6 Mar 2002 11:20:45 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id A5FDA108C for ; Wed, 6 Mar 2002 17:20:38 +0100 (CET) Subject: [vserver] clarification of chcontext usage. From: klavs klavsen To: Vserver Mailinglist Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-+CDUe9/dHHLxaK/3M6Cj" X-Mailer: Evolution/1.0.2 Date: 06 Mar 2002 17:20:27 +0100 Message-Id: <1015431639.2050.19.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 277 --=-+CDUe9/dHHLxaK/3M6Cj Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi guys, just studied jail a little.. found missing info on chcontext functionality. The answers to the questions below I think would be great additions to the chcontext Man-page. quote from the FAQ (jail vs. vserver)>> The new_s_context is not privileged, so a normal user can use this to, for example, setup a personal security box before executing a not-so-trusted game.<< If I start my services (on main vserver) with chcontext, does this mean that if one of the services (started from the same vserver as the others) got hacked, the hacker wouldn't be able to access any other services?=20 it only seperates processes, so wouldn't the hacker just be able to "screw up" all the files.. And if he local exploit in a program he could achieve vserver "root", and then just stop the processes?=20 if so, are there any security context where using chcontext within a vserver would help any? --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - Open Source Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-+CDUe9/dHHLxaK/3M6Cj Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8hkHL4c1kHlhtW8oRAgvYAJ9zIjmw/sftvflYiH5jgqlEIvxc8ACgsmF+ IDlIoG0kwdbsJ4x2P8HbOms= =DXoi -----END PGP SIGNATURE----- --=-+CDUe9/dHHLxaK/3M6Cj-- From vserver.error@solucorp.qc.ca Wed Mar 6 12:40:02 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g26He17Y027675; Wed, 6 Mar 2002 12:40:01 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g26HO8c31398 for vserver.list; Wed, 6 Mar 2002 12:24:08 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tranq.dorms.spbu.ru (tranq.dorms.spbu.ru [195.19.254.35]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g26HO7h31387 for ; Wed, 6 Mar 2002 12:24:07 -0500 Received: from localhost ([127.0.0.1] helo=tranq) by tranq.dorms.spbu.ru with smtp (Exim 3.33 #1 (Debian)) id 16if91-0006fW-00 for ; Wed, 06 Mar 2002 20:24:03 +0300 Date: Wed, 6 Mar 2002 20:24:03 +0300 From: Konstantin Starodubtsev To: vserver@solucorp.qc.ca Subject: [vserver] modular vunify Message-Id: <20020306202403.1a03b5a2.klists@rbcmail.ru> In-Reply-To: <20020305224638.38acdbde8fd4@remtk.solucorp.qc.ca> References: <20020305224638.38acdbde8fd4@remtk.solucorp.qc.ca> X-Mailer: Sylpheed version 0.7.2claws2 (GTK+ 1.2.10; i386-debian-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-1.3 required=5.0 tests=IN_REP_TO,SUPERLONG_LINE version=2.01 Status: RO X-Status: X-Keywords: X-UID: 278 I'm porting vserver utilities to Debian. As a part of this job vunify utility was rewritten on perl. The package-manager dependent part was moved to external object module. For example dpkg module is 1582 bytes long and was written in 30-40 minutes. I don't think that modules for other package managers will take much more time to write. The main part of utility is about 5.5Kb and it is not package-manager dependent. You can get it with necessary modules at http://tranq.dorms.spbu.ru/data/vunify.tar.gz It is not 100% compatible with current vunify now as I'm thinking about placing some defaults (hard-coded in current vunify.cc) now in /etc/vservers.conf so it's behaviour sometimes a bit different comparing to old vunify. So, if anyone thinks anything about it then comments, questions and patches are welcome :) The other question appeared during vunify development. We still doesn't have global config file (i.e. /etc/vservers.conf). It can be useful to share system-wide settings between parts of vserver utilities. The most important variable is VSERVERS_HOME - the directory, where vservers are located. I don't want to say, that current standart (/vservers) is bad, though it can violate FHS on some systems. Also deb package is available for Debian linux. It should violate FHS a bit, and doesn't provide correct set of dependancies though it can be better than nothing :) The main changes are: ported vunify, fixed vserver script wrong behaivor during shutdown (btw, why don't we write current runlevel in the /var/run/utmp after vserver startup?), some fixes to fit better into Debian FHS. It is available at http://tranq.dorms.spbu.ru/data/vserver-bin_0.13-1_i386.deb MBR, Konstantin Starodubtsev. From vserver.error@solucorp.qc.ca Wed Mar 6 14:00:21 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g26J0K7Y028200; Wed, 6 Mar 2002 14:00:20 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g26IhFL00622 for vserver.list; Wed, 6 Mar 2002 13:43:15 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from aquarius.diginode.net (aquarius.diginode.net [216.13.250.50]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g26IhEh00618 for ; Wed, 6 Mar 2002 13:43:15 -0500 Received: (qmail 22549 invoked from network); 6 Mar 2002 18:42:10 -0000 Received: from zerowing.pop-star.net (208.181.22.52) by aquarius.diginode.net with SMTP; 6 Mar 2002 18:42:10 -0000 Subject: Re: [vserver] Re: Debian From: Andy Kwong To: vserver@solucorp.qc.ca In-Reply-To: References: Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Evolution/1.0.2 Date: 06 Mar 2002 10:45:18 -0800 Message-Id: <1015440318.4373.0.camel@zerowing.pop-star.net> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 279 The vserver root cannot create special files and devices. On Tue, 2002-03-05 at 19:50, Zardus@nbwrpg.com wrote: > On Tue, 5 Mar 2002, Jacques Gelinas wrote: > > > Probably. Fix the /dev directory so it only contain the following files > > > > full null ptmx pts random tty urandom zero > > > > If you leave too much stuff in /dev, an admin in the vserver can break out. > > > > Hey, speaking of breaking out. Can't a vserver admin create the hd* device > and mount the root parition to screw around with? I tried this on my > vserver and it worked. I have the vserver on a different partition from > the root server, but I don't see how having them on one parition would > make a difference. > > Is this a feasable way of breaking out? > > > - Yan > From vserver.error@solucorp.qc.ca Wed Mar 6 19:45:06 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g270j57Y031084; Wed, 6 Mar 2002 19:45:05 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g270MY508917 for vserver.list; Wed, 6 Mar 2002 19:22:34 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ith.nbwrpg.com (cpe-24-221-148-187.az.sprintbbd.net [24.221.148.187]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g270MXh08913 for ; Wed, 6 Mar 2002 19:22:34 -0500 Received: from ith.nbwrpg.com (ith.nbwrpg.com [10.0.0.254]) by ith.nbwrpg.com (Postfix) with ESMTP id 25B83B7C8 for ; Wed, 6 Mar 2002 17:09:48 -0700 (MST) Date: Wed, 6 Mar 2002 17:09:48 -0700 (MST) From: To: Subject: Re: [vserver] Re: Debian In-Reply-To: <1015440318.4373.0.camel@zerowing.pop-star.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-0.8 required=5.0 tests=IN_REP_TO,NO_REAL_NAME version=2.01 Status: RO X-Status: X-Keywords: X-UID: 280 On 6 Mar 2002, Andy Kwong wrote: > The vserver root cannot create special files and devices. I just did it. I have a regular vserver setup, running on Debian. Now is this a problem only with Debian, or do I have to enable some other security setting? Thanx - Yan From vserver.error@solucorp.qc.ca Thu Mar 7 05:48:31 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g27AmU7Y003716; Thu, 7 Mar 2002 05:48:30 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g279r5Q20506 for vserver.list; Thu, 7 Mar 2002 04:53:05 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from priv-edtnes12-hme0.telusplanet.net (fepout4.telus.net [199.185.220.239]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g279r4h20502 for ; Thu, 7 Mar 2002 04:53:04 -0500 Received: from iris ([66.183.61.187]) by priv-edtnes12-hme0.telusplanet.net (InterMail vM.5.01.04.01 201-253-122-122-101-20011014) with SMTP id <20020307095259.LTIB567.priv-edtnes12-hme0.telusplanet.net@iris> for ; Thu, 7 Mar 2002 02:52:59 -0700 Message-ID: <000b01c1c5bd$fcb66ff0$8a01a8c0@iris> From: "Andy Kwong" To: References: Subject: Re: [vserver] Re: Debian Date: Thu, 7 Mar 2002 01:53:50 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 281 Hum.. Better check you are dropping privileges correctly with your scripts, since you aren't using the default RH based utils. The vserver script handles dropping privileges as well as changing the context and setting the ipv4 root. I just double checked it for -ctx7 and it works ok. Could be an issue introduced in -ctx8, but that's not something I'd put money on. ----- Original Message ----- From: To: Sent: Wednesday, March 06, 2002 4:09 PM Subject: Re: [vserver] Re: Debian > On 6 Mar 2002, Andy Kwong wrote: > > > The vserver root cannot create special files and devices. > > I just did it. I have a regular vserver setup, running on Debian. Now is > this a problem only with Debian, or do I have to enable some other > security setting? > > Thanx > > - Yan > > From vserver.error@solucorp.qc.ca Thu Mar 7 11:28:59 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g27GSu7Y005622; Thu, 7 Mar 2002 11:28:57 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g27FnC228159 for vserver.list; Thu, 7 Mar 2002 10:49:12 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tux.rsn.bth.se (tux.rsn.bth.se [194.47.143.135]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g27FnBh28155 for ; Thu, 7 Mar 2002 10:49:12 -0500 Received: from localhost (gandalf@localhost [127.0.0.1]) by tux.rsn.bth.se (8.12.1/8.12.1/Debian -5) with ESMTP id g27FmsH0026460 for ; Thu, 7 Mar 2002 16:48:54 +0100 Date: Thu, 7 Mar 2002 16:48:54 +0100 (CET) From: Martin Josefsson X-Sender: gandalf@tux.rsn.bth.se To: vserver@solucorp.qc.ca Subject: Re: [vserver] Re: Debian In-Reply-To: Message-ID: X-message-flag: Get yourself a real mail client! http://www.washington.edu/pine/ MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 282 On Wed, 6 Mar 2002 Zardus@nbwrpg.com wrote: > On 6 Mar 2002, Andy Kwong wrote: > > > The vserver root cannot create special files and devices. > > I just did it. I have a regular vserver setup, running on Debian. Now is > this a problem only with Debian, or do I have to enable some other > security setting? chcontext --ctx 2 --secure bash run that and then try to create a blockdevice with mknod It won't work, just as it's supposed to, tested here on 2.4.19-pre1-ac2-ctx8 /Martin Never argue with an idiot. They drag you down to their level, then beat you with experience. From vserver.error@solucorp.qc.ca Thu Mar 7 12:29:56 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g27HTt7Y006043; Thu, 7 Mar 2002 12:29:55 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g27H6m129980 for vserver.list; Thu, 7 Mar 2002 12:06:48 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from foo.uberninja.com (mvincent.lon.rackspace.com [212.100.225.50]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g27H6lh29976 for ; Thu, 7 Mar 2002 12:06:47 -0500 Received: from office-44.lon.rackspace.com ([212.100.225.44] helo=mvincent) by foo.uberninja.com with smtp (Exim 3.22 #1) id 16j1MU-000B6q-00 for vserver@solucorp.qc.ca; Thu, 07 Mar 2002 17:07:26 +0000 Message-ID: <000a01c1c5fa$cd55e960$2ce164d4@mvincent> From: "Marius Vincent" To: Subject: [vserver] Network card problems Date: Thu, 7 Mar 2002 17:09:09 -0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01C1C5FA.CBBC5DA0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 283 This is a multi-part message in MIME format. ------=_NextPart_000_0007_01C1C5FA.CBBC5DA0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi I am trying to install the vserver for the first time. I am running: RH 7.2 hardware: 1.6AMD 512Meg DDR Nvidia onboard crush chipset (this includes onboard NIC and onboard = video, both Nvidia chipsets) Now the problem is that for the life of me I cannot get the onboard NIC = to work with the ctx kernel. The nic was working fine, i just installed the rpm and that installed = the modules. When I install the new kernel and try to reinstall teh rpm, or source = rpm, or even straigth from the source i get problems. This is what i get: depmod: *** Unresolved symbols in = /lib/modules/2.4.17ctx-8/kernel/drivers/net/nvnet.o Then if i try to probe deeper, with depmod, i get: [root@predator nvnet]# more .depend nvnet.o: nvnet.c basetype.h os.h phy.h adapter.h nvnet.h \ /usr/include/linux/module.h /usr/include/linux/config.h \ /usr/include/linux/autoconf.h /usr/include/linux/rhconfig.h \ /boot/kernel.h /usr/include/linux/spinlock.h /usr/include/linux/list.h = \ /usr/include/asm/atomic.h /usr/include/linux/kernel.h \ /usr/include/linux/sched.h /usr/include/asm/param.h \ /usr/include/linux/binfmts.h /usr/include/linux/ptrace.h \ /usr/include/asm/ptrace.h /usr/include/linux/capability.h \ ----------------------snip--------------------------snip-----------------= ----------------- And so on, so I am only showing the first 30% so I dont flood the email = list. Now why does this not work? Anyone I am despirate! -Regards -MV ------=_NextPart_000_0007_01C1C5FA.CBBC5DA0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi
 
I am trying to install the vserver for = the first=20 time.
I am running:
RH 7.2
hardware:
1.6AMD
512Meg DDR
Nvidia onboard crush chipset (this = includes onboard=20 NIC and onboard video, both Nvidia chipsets)
 
Now the problem is that for the life of = me I cannot=20 get the onboard NIC to work with the ctx kernel.
The nic was working fine, i just = installed the rpm=20 and that installed the modules.
When I install the new kernel and try = to reinstall=20 teh rpm, or source rpm, or even straigth from the source i get=20 problems.
This is what i get:
depmod: *** Unresolved symbols in=20 /lib/modules/2.4.17ctx-8/kernel/drivers/net/nvnet.o
 
Then if i try to probe deeper, with = depmod, i=20 get:
[root@predator nvnet]# more = .depend
nvnet.o:=20 nvnet.c basetype.h os.h phy.h adapter.h nvnet.h \
 =20 /usr/include/linux/module.h /usr/include/linux/config.h \
 =20 /usr/include/linux/autoconf.h /usr/include/linux/rhconfig.h \
 =20 /boot/kernel.h /usr/include/linux/spinlock.h /usr/include/linux/list.h=20 \
  /usr/include/asm/atomic.h /usr/include/linux/kernel.h = \
 =20 /usr/include/linux/sched.h /usr/include/asm/param.h \
 =20 /usr/include/linux/binfmts.h /usr/include/linux/ptrace.h \
 =20 /usr/include/asm/ptrace.h /usr/include/linux/capability.h=20 \
----------------------snip--------------------------snip------------= ----------------------
And so on, so I am=20 only showing the first 30% so I dont flood the email = list.
 
Now why does this not = work?
Anyone I am despirate!
 
-Regards
-MV
 
 
------=_NextPart_000_0007_01C1C5FA.CBBC5DA0-- From vserver.error@solucorp.qc.ca Thu Mar 7 13:28:21 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g27ISK7Y006542; Thu, 7 Mar 2002 13:28:21 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g27HvAJ31064 for vserver.list; Thu, 7 Mar 2002 12:57:10 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from gadolinium.btinternet.com (gadolinium.btinternet.com [194.73.73.111]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g27Hv9h31060 for ; Thu, 7 Mar 2002 12:57:09 -0500 Received: from host213-122-51-117.in-addr.btopenworld.com ([213.122.51.117] helo=john-new) by gadolinium.btinternet.com with esmtp (Exim 3.22 #8) id 16j28Z-0004SP-00 for vserver@solucorp.qc.ca; Thu, 07 Mar 2002 17:57:08 +0000 Received: from 192.168.0.1 by john-new ([192.168.0.1] running VPOP3) with SMTP for ; Thu, 7 Mar 2002 17:56:50 -0000 From: "John Lyons" To: Subject: RE: [vserver] Network card problems Date: Thu, 7 Mar 2002 17:56:49 -0000 Message-ID: <00d301c1c601$75272090$0100a8c0@johnnew> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_00D4_01C1C601.75272090" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) Importance: Normal In-Reply-To: <000a01c1c5fa$cd55e960$2ce164d4@mvincent> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 284 This is a multi-part message in MIME format. ------=_NextPart_000_00D4_01C1C601.75272090 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Now the problem is that for the life of me I cannot get the onboard NIC to work with the ctx kernel. The nic was working fine, i just installed the rpm and that installed the modules. When I install the new kernel and try to reinstall teh rpm, or source rpm, or even straigth from the source i get problems. Now why does this not work? Anyone I am despirate! I'm not a kernel expert but I've been in your situation before. I had the same problem with SIS network cards. The pre compiled kernel doen't have very many nic drivers either compiled in or set to load as modules, hence you're problem. The fix is to get the kernel source, patch it, create your .config with your own nic drivers included, and recompile. It's worked for me several times in the past but I still can't get ext3 working on my own system despite the fact that I didn't mess with those settings in any of the kernel builds in the past. (That's my own personal unresolved bug btw :-)) i ------=_NextPart_000_00D4_01C1C601.75272090 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
 
Now the problem is that for the life = of me I=20 cannot get the onboard NIC to work with the ctx kernel.
The nic was working fine, i just = installed the=20 rpm and that installed the modules.
When I install the new kernel and try = to=20 reinstall teh rpm, or source rpm, or even straigth from the source i = get=20 problems.
Now why does this not = work?
Anyone I am despirate!
 
I'm = not a kernel=20 expert but I've been in your situation before.
I = had the same=20 problem with SIS network cards.
 
The = pre compiled=20 kernel doen't have very many nic drivers either compiled in or set to = load as=20 modules, hence you're problem.
 
The = fix is to get=20 the kernel source, patch it, create your .config with your own nic = drivers=20 included, and recompile.
 
It's = worked for me=20 several times in the past but I still can't get ext3 working on my own = system=20 despite the fact that I didn't mess with those settings in any of the = kernel=20 builds in the past. (That's my own personal unresolved bug btw=20 :-))
 
i
 
------=_NextPart_000_00D4_01C1C601.75272090-- From vserver.error@solucorp.qc.ca Thu Mar 7 13:42:59 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g27Igx7Y006690; Thu, 7 Mar 2002 13:42:59 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g27IEGk31424 for vserver.list; Thu, 7 Mar 2002 13:14:16 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from foo.uberninja.com (mvincent.lon.rackspace.com [212.100.225.50]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g27IEFh31420 for ; Thu, 7 Mar 2002 13:14:16 -0500 Received: from office-44.lon.rackspace.com ([212.100.225.44] helo=mvincent) by foo.uberninja.com with smtp (Exim 3.22 #1) id 16j2Q3-000B8D-00 for vserver@solucorp.qc.ca; Thu, 07 Mar 2002 18:15:11 +0000 Message-ID: <002201c1c604$452695d0$2ce164d4@mvincent> From: "Marius Vincent" To: References: <00d301c1c601$75272090$0100a8c0@johnnew> Subject: Re: [vserver] Network card problems Date: Thu, 7 Mar 2002 18:16:56 -0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_001F_01C1C604.43B02270" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=0.8 required=5.0 tests=MAILTO_LINK version=2.01 Status: RO X-Status: X-Keywords: X-UID: 285 This is a multi-part message in MIME format. ------=_NextPart_000_001F_01C1C604.43B02270 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hmmmm.... Alright, then how do I include the network card modules when i do a = kernel recompile? I have the source for for the nvidia NIC, do i just dump the .o into = some directory and "make menuconfig" will pick it up? ----- Original Message -----=20 From: John Lyons=20 To: vserver@solucorp.qc.ca=20 Sent: Thursday, March 07, 2002 5:56 PM Subject: RE: [vserver] Network card problems Now the problem is that for the life of me I cannot get the onboard = NIC to work with the ctx kernel. The nic was working fine, i just installed the rpm and that = installed the modules. When I install the new kernel and try to reinstall teh rpm, or = source rpm, or even straigth from the source i get problems. Now why does this not work? Anyone I am despirate! I'm not a kernel expert but I've been in your situation before. I had the same problem with SIS network cards. The pre compiled kernel doen't have very many nic drivers either = compiled in or set to load as modules, hence you're problem. The fix is to get the kernel source, patch it, create your .config = with your own nic drivers included, and recompile. It's worked for me several times in the past but I still can't get = ext3 working on my own system despite the fact that I didn't mess with = those settings in any of the kernel builds in the past. (That's my own = personal unresolved bug btw :-)) i ------=_NextPart_000_001F_01C1C604.43B02270 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hmmmm....
 
Alright, then how do I include the = network card=20 modules when i do a kernel recompile?
I have the source for for the nvidia = NIC, do i just=20 dump the .o into some directory and "make menuconfig" will pick it=20 up?
 
----- Original Message -----
From:=20 John = Lyons=20
Sent: Thursday, March 07, 2002 = 5:56=20 PM
Subject: RE: [vserver] Network = card=20 problems

 
Now the problem is that for the = life of me I=20 cannot get the onboard NIC to work with the ctx kernel.
The nic was working fine, i just = installed the=20 rpm and that installed the modules.
When I install the new kernel and = try to=20 reinstall teh rpm, or source rpm, or even straigth from the source i = get=20 problems.
Now why does this not = work?
Anyone I am despirate!
 
I'm not a kernel=20 expert but I've been in your situation before.
I = had the same=20 problem with SIS network cards.
 
The pre compiled=20 kernel doen't have very many nic drivers either compiled in or set = to load=20 as modules, hence you're problem.
 
The fix is to=20 get the kernel source, patch it, create your .config with your own = nic=20 drivers included, and recompile.
 
It's worked for=20 me several times in the past but I still can't get ext3 working on = my own=20 system despite the fact that I didn't mess with those settings in = any of the=20 kernel builds in the past. (That's my own personal unresolved bug = btw=20 :-))
 
i
 
------=_NextPart_000_001F_01C1C604.43B02270-- From vserver.error@solucorp.qc.ca Thu Mar 7 15:44:13 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g27KiC7Y007701; Thu, 7 Mar 2002 15:44:13 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g27KL3e01662 for vserver.list; Thu, 7 Mar 2002 15:21:03 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from gadolinium.btinternet.com (gadolinium.btinternet.com [194.73.73.111]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g27KL2h01658 for ; Thu, 7 Mar 2002 15:21:03 -0500 Received: from host213-1-174-97.btinternet.com ([213.1.174.97] helo=john-new) by gadolinium.btinternet.com with esmtp (Exim 3.22 #8) id 16j4No-0004Vo-00 for vserver@solucorp.qc.ca; Thu, 07 Mar 2002 20:21:00 +0000 Received: from 213.1.174.97 by john-new ([213.1.174.97] running VPOP3) with SMTP for ; Thu, 7 Mar 2002 20:20:40 -0000 From: "John Lyons" To: Subject: RE: [vserver] Network card problems Date: Thu, 7 Mar 2002 20:20:36 -0000 Message-ID: <001801c1c615$8cc3ce60$61ae01d5@johnnew> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0019_01C1C615.8CC3CE60" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <002201c1c604$452695d0$2ce164d4@mvincent> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-101.2 required=5.0 tests=IN_REP_TO,MAILTO_LINK,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 286 This is a multi-part message in MIME format. ------=_NextPart_000_0019_01C1C615.8CC3CE60 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Ooerr. I can setup stuff that's already available but not add new. google.com is your best bet :-) J -----Original Message----- From: Marius Vincent [mailto:mvincent@uberninja.com] Sent: 07 March 2002 18:17 To: vserver@solucorp.qc.ca Subject: Re: [vserver] Network card problems Hmmmm.... Alright, then how do I include the network card modules when i do a kernel recompile? I have the source for for the nvidia NIC, do i just dump the .o into some directory and "make menuconfig" will pick it up? ----- Original Message ----- From: John Lyons To: vserver@solucorp.qc.ca Sent: Thursday, March 07, 2002 5:56 PM Subject: RE: [vserver] Network card problems Now the problem is that for the life of me I cannot get the onboard NIC to work with the ctx kernel. The nic was working fine, i just installed the rpm and that installed the modules. When I install the new kernel and try to reinstall teh rpm, or source rpm, or even straigth from the source i get problems. Now why does this not work? Anyone I am despirate! I'm not a kernel expert but I've been in your situation before. I had the same problem with SIS network cards. The pre compiled kernel doen't have very many nic drivers either compiled in or set to load as modules, hence you're problem. The fix is to get the kernel source, patch it, create your .config with your own nic drivers included, and recompile. It's worked for me several times in the past but I still can't get ext3 working on my own system despite the fact that I didn't mess with those settings in any of the kernel builds in the past. (That's my own personal unresolved bug btw :-)) i ------=_NextPart_000_0019_01C1C615.8CC3CE60 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Ooerr.=20 I can setup stuff that's already available but not add new.  = google.com is=20 your best bet :-)
 
J
-----Original Message-----
From: Marius Vincent=20 [mailto:mvincent@uberninja.com]
Sent: 07 March 2002=20 18:17
To: vserver@solucorp.qc.ca
Subject: Re: = [vserver]=20 Network card problems

Hmmmm....
 
Alright, then how do I include the = network card=20 modules when i do a kernel recompile?
I have the source for for the nvidia = NIC, do i=20 just dump the .o into some directory and "make menuconfig" will pick = it=20 up?
 
----- Original Message -----
From:=20 John = Lyons=20
Sent: Thursday, March 07, = 2002 5:56=20 PM
Subject: RE: [vserver] = Network card=20 problems

 
Now the problem is that for the = life of me I=20 cannot get the onboard NIC to work with the ctx = kernel.
The nic was working fine, i just = installed=20 the rpm and that installed the modules.
When I install the new kernel and = try to=20 reinstall teh rpm, or source rpm, or even straigth from the source = i get=20 problems.
Now why does this not = work?
Anyone I am = despirate!
 
I'm not a=20 kernel expert but I've been in your situation = before.
I had the same=20 problem with SIS network cards.
 
The pre=20 compiled kernel doen't have very many nic drivers either compiled = in or=20 set to load as modules, hence you're problem.
 
The fix is to=20 get the kernel source, patch it, create your .config with your own = nic=20 drivers included, and recompile.
 
It's worked=20 for me several times in the past but I still can't get ext3 = working on my=20 own system despite the fact that I didn't mess with those settings = in any=20 of the kernel builds in the past. (That's my own personal = unresolved bug=20 btw :-))
 
i
 
------=_NextPart_000_0019_01C1C615.8CC3CE60-- From vserver.error@solucorp.qc.ca Thu Mar 7 16:36:01 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g27La07Y008237; Thu, 7 Mar 2002 16:36:01 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g27LD5B02666 for vserver.list; Thu, 7 Mar 2002 16:13:05 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from foo.uberninja.com (mvincent.lon.rackspace.com [212.100.225.50]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g27LD4h02662 for ; Thu, 7 Mar 2002 16:13:04 -0500 Received: from schizoid.gotadsl.co.uk ([213.208.117.83] helo=mvincent1) by foo.uberninja.com with smtp (Exim 3.22 #1) id 16j5D4-000BBM-00 for vserver@solucorp.qc.ca; Thu, 07 Mar 2002 21:13:58 +0000 Message-ID: <001101c1c61d$466a3000$0400000a@mvincent1> From: "Marius Vincent" To: References: <001801c1c615$8cc3ce60$61ae01d5@johnnew> Subject: Re: [vserver] Network card problems Date: Thu, 7 Mar 2002 21:15:57 -0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_000E_01C1C61D.45FC2BF0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=0.8 required=5.0 tests=MAILTO_LINK version=2.01 Status: RO X-Status: X-Keywords: X-UID: 287 This is a multi-part message in MIME format. ------=_NextPart_000_000E_01C1C61D.45FC2BF0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Yeah well I did a source recompile and no go. Just no luck, stupid = RedHat keeps breaking. Prefer BSD systems. They just never die. Anyhow, Can anyone tell me if I stick a Intel e100 NIC in there if it = will work with the current modules? I see there is a eepro100.o module built in to the precompiled kernel, = although I would need the e100.o for it to work correctly. Or can I do a install from source and it will work after I have the crx = kernel installed? Anyone? P.S. As for your ext3 fs problems afer you compile the kernel. I had the = same thing, untill I saw I had to select ext3 journaling fs under the fs = section under "menuconfig" It all worked fine then. :) Except the = modules kept breking when i tried to do a install. *sigh* ----- Original Message -----=20 From: John Lyons=20 To: vserver@solucorp.qc.ca=20 Sent: Thursday, March 07, 2002 8:20 PM Subject: RE: [vserver] Network card problems Ooerr. I can setup stuff that's already available but not add new. = google.com is your best bet :-) J -----Original Message----- From: Marius Vincent [mailto:mvincent@uberninja.com] Sent: 07 March 2002 18:17 To: vserver@solucorp.qc.ca Subject: Re: [vserver] Network card problems Hmmmm.... Alright, then how do I include the network card modules when i do a = kernel recompile? I have the source for for the nvidia NIC, do i just dump the .o into = some directory and "make menuconfig" will pick it up? ----- Original Message -----=20 From: John Lyons=20 To: vserver@solucorp.qc.ca=20 Sent: Thursday, March 07, 2002 5:56 PM Subject: RE: [vserver] Network card problems Now the problem is that for the life of me I cannot get the = onboard NIC to work with the ctx kernel. The nic was working fine, i just installed the rpm and that = installed the modules. When I install the new kernel and try to reinstall teh rpm, or = source rpm, or even straigth from the source i get problems. Now why does this not work? Anyone I am despirate! I'm not a kernel expert but I've been in your situation before. I had the same problem with SIS network cards. The pre compiled kernel doen't have very many nic drivers either = compiled in or set to load as modules, hence you're problem. The fix is to get the kernel source, patch it, create your = .config with your own nic drivers included, and recompile. It's worked for me several times in the past but I still can't = get ext3 working on my own system despite the fact that I didn't mess = with those settings in any of the kernel builds in the past. (That's my = own personal unresolved bug btw :-)) i ------=_NextPart_000_000E_01C1C61D.45FC2BF0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Yeah well I did a source recompile and = no go. Just=20 no luck, stupid RedHat keeps breaking.
Prefer BSD systems. They just never=20 die.
 
Anyhow, Can anyone tell me if I stick a = Intel e100=20 NIC in there if it will work with the current modules?
I see there is a eepro100.o module = built in to the=20 precompiled kernel, although I would need the e100.o for it to work=20 correctly.
Or can I do a install from source and = it will work=20 after I have the crx kernel installed?
 
Anyone?
 
P.S. As for your ext3 fs problems afer = you compile=20 the kernel. I had the same thing, untill I saw I had to select ext3 = journaling=20 fs under the fs section under "menuconfig" It all worked fine then. :) = Except=20 the modules kept breking when i tried to do a install. = *sigh*
 
----- Original Message -----
From:=20 John = Lyons=20
Sent: Thursday, March 07, 2002 = 8:20=20 PM
Subject: RE: [vserver] Network = card=20 problems

Ooerr. I can setup stuff that's already available but not add = new.  google.com is your best bet :-)
 
J
-----Original Message-----
From: Marius Vincent=20 [mailto:mvincent@uberninja.com]
Sent: 07 March 2002=20 18:17
To: vserver@solucorp.qc.ca
S= ubject:=20 Re: [vserver] Network card problems

Hmmmm....
 
Alright, then how do I include the = network card=20 modules when i do a kernel recompile?
I have the source for for the = nvidia NIC, do i=20 just dump the .o into some directory and "make menuconfig" will pick = it=20 up?
 
----- Original Message ----- =
From:=20 John Lyons=20
Sent: Thursday, March 07, = 2002 5:56=20 PM
Subject: RE: [vserver] = Network card=20 problems

 
Now the problem is that for the = life of me=20 I cannot get the onboard NIC to work with the ctx = kernel.
The nic was working fine, i = just installed=20 the rpm and that installed the modules.
When I install the new kernel = and try to=20 reinstall teh rpm, or source rpm, or even straigth from the = source i get=20 problems.
Now why does this not = work?
Anyone I am = despirate!
 
I'm not a=20 kernel expert but I've been in your situation=20 before.
I had the=20 same problem with SIS network cards.
 
The pre=20 compiled kernel doen't have very many nic drivers either = compiled in or=20 set to load as modules, hence you're = problem.
 
The fix is=20 to get the kernel source, patch it, create your .config with = your own=20 nic drivers included, and recompile.
 
It's worked=20 for me several times in the past but I still can't get ext3 = working on=20 my own system despite the fact that I didn't mess with those = settings in=20 any of the kernel builds in the past. (That's my own personal = unresolved=20 bug btw :-))
 
i
 
------=_NextPart_000_000E_01C1C61D.45FC2BF0-- From vserver.error@solucorp.qc.ca Thu Mar 7 20:10:08 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g281A77Y010138; Thu, 7 Mar 2002 20:10:08 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g280kiN06237 for vserver.list; Thu, 7 Mar 2002 19:46:44 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ith.nbwrpg.com (cpe-24-221-148-187.az.sprintbbd.net [24.221.148.187]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g280khh06231 for ; Thu, 7 Mar 2002 19:46:43 -0500 Received: from ith.nbwrpg.com (ith.nbwrpg.com [10.0.0.254]) by ith.nbwrpg.com (Postfix) with ESMTP id CDC33B738 for ; Thu, 7 Mar 2002 17:33:46 -0700 (MST) Date: Thu, 7 Mar 2002 17:33:46 -0700 (MST) From: To: Subject: Re: [vserver] Re: Debian In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-0.8 required=5.0 tests=IN_REP_TO,NO_REAL_NAME version=2.01 Status: RO X-Status: X-Keywords: X-UID: 288 On Thu, 7 Mar 2002, Martin Josefsson wrote: > On Wed, 6 Mar 2002 Zardus@nbwrpg.com wrote: > > chcontext --ctx 2 --secure bash > > run that and then try to create a blockdevice with mknod > It won't work, just as it's supposed to, tested here on > 2.4.19-pre1-ac2-ctx8 Ok, that doesn't work (mknod: operation not permitted), so I guess its good. However, when I start it using /usr/sbin/vserver, even though --secure is default, it doesn't work. I'm using vserver .11, but I didn't see anything like this in the changelogs for future versions. And iirc, this worked for me with ctx7 as well. - Yan From vserver.error@solucorp.qc.ca Thu Mar 7 21:07:32 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2827U7Y010564; Thu, 7 Mar 2002 21:07:31 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g281RnP06860 for vserver.list; Thu, 7 Mar 2002 20:27:49 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from carbon.btinternet.com (carbon.btinternet.com [194.73.73.92]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g281Rmh06856 for ; Thu, 7 Mar 2002 20:27:48 -0500 Received: from host213-122-85-87.in-addr.btopenworld.com ([213.122.85.87] helo=john-new) by carbon.btinternet.com with esmtp (Exim 3.22 #8) id 16j9Ac-0003Nz-00 for vserver@solucorp.qc.ca; Fri, 08 Mar 2002 01:27:42 +0000 Received: from 213.122.85.87 by john-new ([213.122.85.87] running VPOP3) with SMTP for ; Fri, 8 Mar 2002 01:27:27 -0000 From: "John Lyons" To: Subject: RE: [vserver] Network card problems Date: Fri, 8 Mar 2002 01:27:26 -0000 Message-ID: <006401c1c640$688667d0$61ae01d5@johnnew> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0065_01C1C640.688667D0" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <001101c1c61d$466a3000$0400000a@mvincent1> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 289 This is a multi-part message in MIME format. ------=_NextPart_000_0065_01C1C640.688667D0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit P.S. As for your ext3 fs problems afer you compile the kernel. I had the same thing, untill I saw I had to select ext3 journaling fs under the fs section under "menuconfig" It all worked fine then. :) Except the modules kept breking when i tried to do a install. *sigh* I've only made three changes, SIS ide, SIS nic and Ext3 support. Both SIS additions worked but no support for Ext3 :-( I've got to be missing something obvious, but I can't recall having had to add the Ext3 fs support last time. J ------=_NextPart_000_0065_01C1C640.688667D0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
 
P.S. As for your ext3 fs problems = afer you=20 compile the kernel. I had the same thing, untill I saw I had to select = ext3=20 journaling fs under the fs section under "menuconfig" It all worked = fine then.=20 :) Except the modules kept breking when i tried to do a install.=20 *sigh*
 
I've = only made=20 three changes, SIS ide, SIS nic and Ext3 support. Both SIS additions = worked=20 but no support for Ext3 :-(
I've=20 got to be missing something obvious, but I can't recall having had to = add the=20 Ext3 fs support last time.
 
J
------=_NextPart_000_0065_01C1C640.688667D0-- From vserver.error@solucorp.qc.ca Fri Mar 8 07:29:41 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g28CTe7Y014827; Fri, 8 Mar 2002 07:29:40 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g28C1j719263 for vserver.list; Fri, 8 Mar 2002 07:01:45 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from noc.easyspace.net (noc.easyspace.net [62.254.202.67]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g28C1hh19259 for ; Fri, 8 Mar 2002 07:01:44 -0500 Received: from hoffman.vilain.net (gw1.noc.easyspace.net [62.254.202.66]) by noc.easyspace.net (8.11.0/8.11.0) with ESMTP id g28C0EQ13156 for ; Fri, 8 Mar 2002 12:00:14 GMT Received: from hoffman.vilain.net ([127.0.0.1] helo=hoffman ident=sam) by hoffman.vilain.net with smtp (Exim 3.33 #1 (Debian)) id 16jJ3x-0001EI-00; Fri, 08 Mar 2002 12:01:29 +0000 Date: Fri, 8 Mar 2002 12:01:29 +0000 From: Sam Vilain To: vserver@solucorp.qc.ca Cc: Konstantin Starodubtsev Subject: Re: [vserver] modular vunify In-Reply-To: <20020306202403.1a03b5a2.klists@rbcmail.ru> References: <20020305224638.38acdbde8fd4@remtk.solucorp.qc.ca> <20020306202403.1a03b5a2.klists@rbcmail.ru> X-Mailer: Sylpheed version 0.7.0 (GTK+ 1.2.10; i386-debian-linux-gnu) X-Face: NErb*2NY4\th?$s.!!]_9le_WtWE'b4;dk<5ot)OW2hErS|tE6~D3errlO^fVil?{qe4Lp_m\&Ja!;>%JqlMPd27X|;b!GH'O.,NhF*)e\ln4W}kFL5c`5t'9,(~Bm_&on,0Ze"D>rFJ$Y[U""nR Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 290 I also have a Perl solution. My script[1] is not tied to a distribution at all; it merely scans X (where X >= 2) directory structures, and where files are identical in the two structures, it hard links them (and optionally sets immutable and immutable linkage invert inode attributes, btw thanks for the chattr() routine). For this script to work, you'll need to install Pod::Constants and ReadDir, from my modules collection (http://sam.vilain.net/pm/). The script is at http://sam.vilain.net/vserver/unify-dirs You could use it like this: unify-dirs -vil /vservers/*/usr unify-dirs -vil /vservers/*/lib unify-dirs -vil /vservers/*/sbin unify-dirs -vil /vservers/*/bin Sam. On Wed, 6 Mar 2002 20:24:03 +0300 Konstantin Starodubtsev wrote: > I'm porting vserver utilities to Debian. > As a part of this job vunify utility was rewritten on perl. > The package-manager dependent part was moved to external object module. > For example dpkg module is 1582 bytes long and was written in 30-40 minutes. I don't think that modules for other package managers will take much more time to write. The main part of utility is about 5.5Kb and it is not package-manager dependent. You can get it with necessary modules at http://tranq.dorms.spbu.ru/data/vunify.tar.gz> It is not 100% compatible with current vunify now as I'm thinking about placing some defaults (hard-coded in current vunify.cc) now in /etc/vservers.conf so it's behaviour sometimes a bit different comparing to old vunify. So, if anyone thinks anything about it then comments, questions and patches are welcome :)> > The other question appeared during vunify development. We still doesn't have global config file (i.e. /etc/vservers.conf). It can be useful to share system-wide settings between parts of vserver utilities. The most important variable is VSERVERS_HOME - the directory, where vservers are located. I don't want to say, that current standart (/vservers) is bad, though it can violate FHS on some systems.> > Also deb package is available for Debian linux. It should violate FHS a bit, and doesn't provide correct set of dependancies though it can be better than nothing :) The main changes are: > ported vunify, > fixed vserver script wrong behaivor during shutdown (btw, why don't we write current runlevel in the /var/run/utmp after vserver startup?), > some fixes to fit better into Debian FHS.> It is available at http://tranq.dorms.spbu.ru/data/vserver-bin_0.13-1_i386.deb> > MBR, > Konstantin Starodubtsev. > > > -- Sam Vilain, sam@vilain.net WWW: http://sam.vilain.net/ 7D74 2A09 B2D3 C30F F78E GPG: http://sam.vilain.net/sam.asc 278A A425 30A9 05B5 2F13 From vserver.error@solucorp.qc.ca Fri Mar 8 13:33:46 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g28IXj7Y018059; Fri, 8 Mar 2002 13:33:46 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g28HuhT26766 for vserver.list; Fri, 8 Mar 2002 12:56:43 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from foo.uberninja.com (mvincent.lon.rackspace.com [212.100.225.50]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g28Hugh26762 for ; Fri, 8 Mar 2002 12:56:42 -0500 Received: from office-44.lon.rackspace.com ([212.100.225.44] helo=mvincent) by foo.uberninja.com with smtp (Exim 3.22 #1) id 16jOcZ-000Be6-00 for vserver@solucorp.qc.ca; Fri, 08 Mar 2002 17:57:35 +0000 Message-ID: <001101c1c6ca$e8810eb0$2ce164d4@mvincent> From: "Marius Vincent" To: Subject: [vserver] v_httpd, v_sshd Date: Fri, 8 Mar 2002 17:58:49 -0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_000E_01C1C6CA.E66A3CA0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 291 This is a multi-part message in MIME format. ------=_NextPart_000_000E_01C1C6CA.E66A3CA0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable What does v_sshd and v_httpd and v_xinetd do exactly? These services is also listed in my virtual servers that i setup. Do I = have to enable say v_sshd in my virtual servers in order to use sshd = properly? I just enable the sshd service and then bind it to the virtual server ip = and it seems to work fine. Except I have not figured out why apache = won't work, although it does start up properly.=20 Any ideas? ------=_NextPart_000_000E_01C1C6CA.E66A3CA0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
What does v_sshd and v_httpd and = v_xinetd do=20 exactly?
 
These services is also listed in my = virtual servers=20 that i setup. Do I have to enable say v_sshd in my virtual servers = in order=20 to use sshd properly?
 
I just enable the sshd service and then = bind it to=20 the virtual server ip and it seems to work fine. Except I have not = figured out=20 why apache won't work, although it does start up properly.
 
Any ideas?
 
 
 
------=_NextPart_000_000E_01C1C6CA.E66A3CA0-- From vserver.error@solucorp.qc.ca Fri Mar 8 14:52:50 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g28Jql7Y018667; Fri, 8 Mar 2002 14:52:48 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g28JRvY28624 for vserver.list; Fri, 8 Mar 2002 14:27:57 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tungsten.btinternet.com (tungsten.btinternet.com [194.73.73.81]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g28JRvh28620 for ; Fri, 8 Mar 2002 14:27:57 -0500 Received: from host213-122-179-153.in-addr.btopenworld.com ([213.122.179.153] helo=john-new) by tungsten.btinternet.com with esmtp (Exim 3.22 #8) id 16jQ1p-0005Xq-00 for vserver@solucorp.qc.ca; Fri, 08 Mar 2002 19:27:45 +0000 Received: from 192.168.0.1 by john-new ([192.168.0.1] running VPOP3) with SMTP for ; Fri, 8 Mar 2002 19:27:15 -0000 From: "John Lyons" To: Subject: RE: [vserver] v_httpd, v_sshd Date: Fri, 8 Mar 2002 19:27:13 -0000 Message-ID: <00c101c1c6d7$40ee4570$0100a8c0@johnnew> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_00C2_01C1C6D7.40EE4570" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <001101c1c6ca$e8810eb0$2ce164d4@mvincent> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-100.4 required=5.0 tests=IN_REP_TO,FREQ_SPAM_PHRASE,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 292 This is a multi-part message in MIME format. ------=_NextPart_000_00C2_01C1C6D7.40EE4570 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit What does v_sshd and v_httpd and v_xinetd do exactly? These services is also listed in my virtual servers that i setup. Do I have to enable say v_sshd in my virtual servers in order to use sshd properly? They shouldn't be installed in your virtual servers. Check that you've not got the vserver rpms installed within your reference server (assuming the ref server is a vs and not your host) The v_ scripts are used to start services on the parent host server and bind them to the host servers IP address automatically otherwise they start up and listen on all IP's thereby breaking those services on the vs's Regards John Lyons DomainCity http://www.domaincity.co.uk support@domaincity.co.uk ICQ 74187012 *********************************************************************** Please quote your account number in the subject line of all emails. Failure to do so may result in your enquiries taking longer to process. *********************************************************************** ------=_NextPart_000_00C2_01C1C6D7.40EE4570 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
 
What does v_sshd and v_httpd and = v_xinetd do=20 exactly?
These services is also listed in my = virtual=20 servers that i setup. Do I have to enable say v_sshd in my = virtual=20 servers in order to use sshd properly?
 
They = shouldn't be=20 installed in your virtual servers. Check that you've not got the = vserver rpms=20 installed within your reference server (assuming the ref server = is a=20  vs and not your host)
 
The = v_ scripts are=20 used to start services on the parent host server and bind them to the = host=20 servers IP address automatically otherwise they start up and listen on = all=20 IP's thereby breaking those services on the vs's
 

Regards

John Lyons
DomainCity
http://www.domaincity.co.uk
support@domaincity.co.= uk
ICQ=20 = 74187012

*********************************************************= **************
Please=20 quote your account number in the subject line of all = emails. 
Failure=20 to do so may result in your enquiries taking longer to=20 = process.
*************************************************************= **********

------=_NextPart_000_00C2_01C1C6D7.40EE4570-- From vserver.error@solucorp.qc.ca Fri Mar 8 15:26:15 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g28KQC7Y018873; Fri, 8 Mar 2002 15:26:13 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g28JrY629060 for vserver.list; Fri, 8 Mar 2002 14:53:34 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from aquarius.diginode.net (aquarius.diginode.net [216.13.250.50]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g28JrYh29056 for ; Fri, 8 Mar 2002 14:53:34 -0500 Received: (qmail 32290 invoked from network); 8 Mar 2002 19:51:40 -0000 Received: from zerowing.pop-star.net (208.181.22.52) by aquarius.diginode.net with SMTP; 8 Mar 2002 19:51:40 -0000 Subject: Re: [vserver] Network card problems From: Andy Kwong To: vserver@solucorp.qc.ca In-Reply-To: <001101c1c61d$466a3000$0400000a@mvincent1> References: <001801c1c615$8cc3ce60$61ae01d5@johnnew> <001101c1c61d$466a3000$0400000a@mvincent1> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Evolution/1.0.2 Date: 08 Mar 2002 11:55:40 -0800 Message-Id: <1015617341.7417.9.camel@zerowing.pop-star.net> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-1.3 required=5.0 tests=IN_REP_TO,SUPERLONG_LINE version=2.01 Status: RO X-Status: X-Keywords: X-UID: 293 Just out of curiosity, did you do a "make clean" and "make dep" before you recompile your new kernel? Does the NV patches work with a stock 2.4.18 kernel? On Thu, 2002-03-07 at 13:15, Marius Vincent wrote: > Yeah well I did a source recompile and no go. Just no luck, stupid RedHat keeps breaking. > Prefer BSD systems. They just never die. > > Anyhow, Can anyone tell me if I stick a Intel e100 NIC in there if it will work with the current modules? > I see there is a eepro100.o module built in to the precompiled kernel, although I would need the e100.o for it to work correctly. > Or can I do a install from source and it will work after I have the crx kernel installed? > > Anyone? > > P.S. As for your ext3 fs problems afer you compile the kernel. I had the same thing, untill I saw I had to select ext3 journaling fs under the fs section under "menuconfig" It all worked fine then. :) Except the modules kept breking when i tried to do a install. *sigh* > > ----- Original Message ----- > From: John Lyons > To: vserver@solucorp.qc.ca > Sent: Thursday, March 07, 2002 8:20 PM > Subject: RE: [vserver] Network card problems > > > Ooerr. I can setup stuff that's already available but not add new. google.com is your best bet :-) > > J > -----Original Message----- > From: Marius Vincent [mailto:mvincent@uberninja.com] > Sent: 07 March 2002 18:17 > To: vserver@solucorp.qc.ca > Subject: Re: [vserver] Network card problems > > > Hmmmm.... > > Alright, then how do I include the network card modules when i do a kernel recompile? > I have the source for for the nvidia NIC, do i just dump the .o into some directory and "make menuconfig" will pick it up? > > ----- Original Message ----- > From: John Lyons > To: vserver@solucorp.qc.ca > Sent: Thursday, March 07, 2002 5:56 PM > Subject: RE: [vserver] Network card problems > > > > Now the problem is that for the life of me I cannot get the onboard NIC to work with the ctx kernel. > The nic was working fine, i just installed the rpm and that installed the modules. > When I install the new kernel and try to reinstall teh rpm, or source rpm, or even straigth from the source i get problems. > Now why does this not work? > Anyone I am despirate! > > I'm not a kernel expert but I've been in your situation before. > I had the same problem with SIS network cards. > > The pre compiled kernel doen't have very many nic drivers either compiled in or set to load as modules, hence you're problem. > > The fix is to get the kernel source, patch it, create your .config with your own nic drivers included, and recompile. > > It's worked for me several times in the past but I still can't get ext3 working on my own system despite the fact that I didn't mess with those settings in any of the kernel builds in the past. (That's my own personal unresolved bug btw :-)) > > i > From vserver.error@solucorp.qc.ca Fri Mar 8 19:12:29 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g290CS7Y020945; Fri, 8 Mar 2002 19:12:29 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g28Nghg01051 for vserver.list; Fri, 8 Mar 2002 18:42:43 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from foo.uberninja.com (mvincent.lon.rackspace.com [212.100.225.50]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g28Nggh01047 for ; Fri, 8 Mar 2002 18:42:42 -0500 Received: from schizoid.gotadsl.co.uk ([213.208.117.83] helo=mvincent1) by foo.uberninja.com with smtp (Exim 3.22 #1) id 16jU1Q-000BjN-00 for vserver@solucorp.qc.ca; Fri, 08 Mar 2002 23:43:36 +0000 Message-ID: <001801c1c6fb$59864ff0$0400000a@mvincent1> From: "Marius Vincent" To: References: <001801c1c615$8cc3ce60$61ae01d5@johnnew> <001101c1c61d$466a3000$0400000a@mvincent1> <1015617341.7417.9.camel@zerowing.pop-star.net> Subject: Re: [vserver] Network card problems Date: Fri, 8 Mar 2002 23:45:37 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 294 Not at all, I ended up grabbing my intel pro s 10/100 NIC and dumped that in system. I ended up loading the eepro100 module that comes with the precompiled kernel and that worked perfectly! ----- Original Message ----- From: "Andy Kwong" To: Sent: Friday, March 08, 2002 7:55 PM Subject: Re: [vserver] Network card problems > Just out of curiosity, did you do a "make clean" and "make dep" > before you recompile your new kernel? Does the NV patches work with a > stock 2.4.18 kernel? > > On Thu, 2002-03-07 at 13:15, Marius Vincent wrote: > > Yeah well I did a source recompile and no go. Just no luck, stupid RedHat keeps breaking. > > Prefer BSD systems. They just never die. > > > > Anyhow, Can anyone tell me if I stick a Intel e100 NIC in there if it will work with the current modules? > > I see there is a eepro100.o module built in to the precompiled kernel, although I would need the e100.o for it to work correctly. > > Or can I do a install from source and it will work after I have the crx kernel installed? > > > > Anyone? > > > > P.S. As for your ext3 fs problems afer you compile the kernel. I had the same thing, untill I saw I had to select ext3 journaling fs under the fs section under "menuconfig" It all worked fine then. :) Except the modules kept breking when i tried to do a install. *sigh* > > > > ----- Original Message ----- > > From: John Lyons > > To: vserver@solucorp.qc.ca > > Sent: Thursday, March 07, 2002 8:20 PM > > Subject: RE: [vserver] Network card problems > > > > > > Ooerr. I can setup stuff that's already available but not add new. google.com is your best bet :-) > > > > J > > -----Original Message----- > > From: Marius Vincent [mailto:mvincent@uberninja.com] > > Sent: 07 March 2002 18:17 > > To: vserver@solucorp.qc.ca > > Subject: Re: [vserver] Network card problems > > > > > > Hmmmm.... > > > > Alright, then how do I include the network card modules when i do a kernel recompile? > > I have the source for for the nvidia NIC, do i just dump the .o into some directory and "make menuconfig" will pick it up? > > > > ----- Original Message ----- > > From: John Lyons > > To: vserver@solucorp.qc.ca > > Sent: Thursday, March 07, 2002 5:56 PM > > Subject: RE: [vserver] Network card problems > > > > > > > > Now the problem is that for the life of me I cannot get the onboard NIC to work with the ctx kernel. > > The nic was working fine, i just installed the rpm and that installed the modules. > > When I install the new kernel and try to reinstall teh rpm, or source rpm, or even straigth from the source i get problems. > > Now why does this not work? > > Anyone I am despirate! > > > > I'm not a kernel expert but I've been in your situation before. > > I had the same problem with SIS network cards. > > > > The pre compiled kernel doen't have very many nic drivers either compiled in or set to load as modules, hence you're problem. > > > > The fix is to get the kernel source, patch it, create your .config with your own nic drivers included, and recompile. > > > > It's worked for me several times in the past but I still can't get ext3 working on my own system despite the fact that I didn't mess with those settings in any of the kernel builds in the past. (That's my own personal unresolved bug btw :-)) > > > > i > > > > > From vserver.error@solucorp.qc.ca Fri Mar 8 19:19:53 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g290Jq7Y020998; Fri, 8 Mar 2002 19:19:52 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g28Nf1V01019 for vserver.list; Fri, 8 Mar 2002 18:41:01 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from foo.uberninja.com (mvincent.lon.rackspace.com [212.100.225.50]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g28Nf0h01015 for ; Fri, 8 Mar 2002 18:41:00 -0500 Received: from schizoid.gotadsl.co.uk ([213.208.117.83] helo=mvincent1) by foo.uberninja.com with smtp (Exim 3.22 #1) id 16jTzl-000BjJ-00 for vserver@solucorp.qc.ca; Fri, 08 Mar 2002 23:41:54 +0000 Message-ID: <001101c1c6fb$1c653410$0400000a@mvincent1> From: "Marius Vincent" To: References: <00c101c1c6d7$40ee4570$0100a8c0@johnnew> Subject: Re: [vserver] v_httpd, v_sshd Date: Fri, 8 Mar 2002 23:43:54 -0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_000E_01C1C6FB.1BB0FF40" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-99.2 required=5.0 tests=MAILTO_LINK,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 295 This is a multi-part message in MIME format. ------=_NextPart_000_000E_01C1C6FB.1BB0FF40 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hmmmm then that only works for v_xinetd Cause I make all my host services binf to the primary host ip only and = that works fine. Thanks for that! ----- Original Message -----=20 From: John Lyons=20 To: vserver@solucorp.qc.ca=20 Sent: Friday, March 08, 2002 7:27 PM Subject: RE: [vserver] v_httpd, v_sshd What does v_sshd and v_httpd and v_xinetd do exactly? These services is also listed in my virtual servers that i setup. Do = I have to enable say v_sshd in my virtual servers in order to use sshd = properly? They shouldn't be installed in your virtual servers. Check that = you've not got the vserver rpms installed within your reference server = (assuming the ref server is a vs and not your host) The v_ scripts are used to start services on the parent host server = and bind them to the host servers IP address automatically otherwise = they start up and listen on all IP's thereby breaking those services on = the vs's Regards John Lyons DomainCity http://www.domaincity.co.uk support@domaincity.co.uk ICQ 74187012 = *********************************************************************** Please quote your account number in the subject line of all emails.=20 Failure to do so may result in your enquiries taking longer to = process. = *********************************************************************** ------=_NextPart_000_000E_01C1C6FB.1BB0FF40 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hmmmm then that only works for=20 v_xinetd
Cause I make all my host services binf = to the=20 primary host ip only and that works fine.
 
Thanks for that!
 
----- Original Message -----
From:=20 John = Lyons=20
Sent: Friday, March 08, 2002 = 7:27=20 PM
Subject: RE: [vserver] v_httpd, = v_sshd

 
What does v_sshd and v_httpd = and v_xinetd=20 do exactly?
These services is also listed in my = virtual=20 servers that i setup. Do I have to enable say v_sshd in my = virtual=20 servers in order to use sshd properly?
 
They shouldn't=20 be installed in your virtual servers. Check that you've not got the = vserver=20 rpms installed within your reference server (assuming the ref = server is=20 a  vs and not your host)
 
The v_ scripts=20 are used to start services on the parent host server and bind them = to the=20 host servers IP address automatically otherwise they start up and = listen on=20 all IP's thereby breaking those services on the = vs's
 

Regards

John Lyons
DomainCity
http://www.domaincity.co.uk
support@domaincity.co.= uk
ICQ=20 = 74187012

*********************************************************= **************
Please=20 quote your account number in the subject line of all=20 emails. 
Failure to do so may result in your enquiries = taking longer=20 to=20 = process.
*************************************************************= **********

------=_NextPart_000_000E_01C1C6FB.1BB0FF40-- From vserver.error@solucorp.qc.ca Sat Mar 9 05:41:58 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g29Afv7Y025314; Sat, 9 Mar 2002 05:41:57 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g29AFib11251 for vserver.list; Sat, 9 Mar 2002 05:15:44 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g29AFhh11247 for ; Sat, 9 Mar 2002 05:15:43 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id 8E237108C for ; Sat, 9 Mar 2002 11:15:35 +0100 (CET) Subject: Re: [vserver] modular vunify From: klavs klavsen To: Vserver Mailinglist In-Reply-To: References: <20020305224638.38acdbde8fd4@remtk.solucorp.qc.ca> <20020306202403.1a03b5a2.klists@rbcmail.ru> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-eTJzFB+tFAkys3VkVctk" X-Mailer: Evolution/1.0.2 Date: 09 Mar 2002 11:15:24 +0100 Message-Id: <1015668935.2037.3.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 296 --=-eTJzFB+tFAkys3VkVctk Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Fri, 2002-03-08 at 13:01, Sam Vilain wrote: > I also have a Perl solution. >=20 > My script[1] is not tied to a distribution at all; it merely scans X > (where X >=3D 2) directory structures, and where files are identical in t= he > two structures, it hard links them (and optionally sets immutable and > immutable linkage invert inode attributes, btw thanks for the chattr() > routine). Watch out for the comparison. A file can look exactly alike, according to ls -l, and still not be the same. I would definetely do a sha1 or md5sum check to ensure that they are truely identical.=20 >=20 > For this script to work, you'll need to install Pod::Constants and > ReadDir, from my modules collection (http://sam.vilain.net/pm/). >=20 > The script is at http://sam.vilain.net/vserver/unify-dirs >=20 > You could use it like this: >=20 > unify-dirs -vil /vservers/*/usr > unify-dirs -vil /vservers/*/lib > unify-dirs -vil /vservers/*/sbin > unify-dirs -vil /vservers/*/bin sounds very cool.. perhaps i'll have a look at making it log, which files it vunified - and then the next day, you could run it against the log, and it would tell you if anything changed - a very simple but effective IDS. :-) --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - Open Source Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-eTJzFB+tFAkys3VkVctk Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8ieC84c1kHlhtW8oRAti9AJ9GichgkZH5Zl5Da+xwtCvsKrCraQCdF7Gm dpvlLZ0nV2aCsk0YmOhIzhg= =cTyM -----END PGP SIGNATURE----- --=-eTJzFB+tFAkys3VkVctk-- From vserver.error@solucorp.qc.ca Sat Mar 9 06:56:08 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g29Bu77Y025665; Sat, 9 Mar 2002 06:56:08 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g29BSXH12216 for vserver.list; Sat, 9 Mar 2002 06:28:33 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from skessa.this.is (this.is [194.144.127.120]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g29BSWh12212 for ; Sat, 9 Mar 2002 06:28:32 -0500 Received: from skessa.this.is (www-data@localhost [127.0.0.1]) by skessa.this.is (8.12.1/8.12.1/Debian -5) with ESMTP id g29BSWM7031032 for ; Sat, 9 Mar 2002 11:28:32 GMT Received: (from www-data@localhost) by skessa.this.is (8.12.1/8.12.1/Debian -5) id g29BSWrw031030 for vserver@solucorp.qc.ca; Sat, 9 Mar 2002 11:28:32 GMT X-Authentication-Warning: skessa.this.is: www-data set sender to ragnar@this.is using -f To: vserver@solucorp.qc.ca Subject: [vserver] modular vunify pool Message-ID: <1015673312.3c89f1e076fae@this.is> Date: Sat, 09 Mar 2002 11:28:32 +0000 (GMT) From: ragnar@this.is References: <20020305224638.38acdbde8fd4@remtk.solucorp.qc.ca> <20020306202403.1a03b5a2.klists@rbcmail.ru> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: IMP/PHP IMAP webmail program 2.2.6 X-Originating-IP: 194.144.127.84 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-0.8 required=5.0 tests=IN_REP_TO,NO_REAL_NAME version=2.01 Status: RO X-Status: X-Keywords: X-UID: 297 Hi, On Fri, 2002-03-08 at 13:01, Sam Vilain wrote: > My script[1] is not tied to a distribution at all; it merely scans X > (where X >= 2) directory structures, and where files are identical in > the two structures, it hard links them This sound great. But hard link them to where? I think there should be a structure outside of the vservers. If 25 ververs are running 2 or more distributions we will have 2 or more "versions" of the bin "ftp" To explain. if the servers are in /opt/vservers/servers/"ServerDirs" and a unify "cache" :-) in /opt/vservers/unify-pool/usr/bin/ftp/md5sum-filename-1 /opt/vservers/unify-pool/usr/bin/ftp/md5sum-filename-2 That way we could have a cron job do a massive diff test of all files. > and optionally sets immutable and immutable linkage > invert inode attributes, Could this be in a config file for each vserver? Best ragnar From vserver.error@solucorp.qc.ca Sat Mar 9 08:21:40 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g29DLd7Y026189; Sat, 9 Mar 2002 08:21:39 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g29CpFi13611 for vserver.list; Sat, 9 Mar 2002 07:51:15 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from correo2.acens.net (correo2.acens.net [217.116.0.34]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g29CpEh13607 for ; Sat, 9 Mar 2002 07:51:14 -0500 Received: (qmail 5294 invoked from network); 9 Mar 2002 12:51:13 -0000 Received: from unknown (HELO localhost.localdomain) (@[217.116.1.3]) (envelope-sender ) by correo2.acens.net (qmail-ldap-1.03) with SMTP for ; 9 Mar 2002 12:51:13 -0000 Subject: [vserver] Problems From: Joaquin Urrutia To: vserver Content-Type: multipart/alternative; boundary="=-wnPvyTdGCALwqqWdtM3t" X-Mailer: Evolution/1.0.2 Date: 09 Mar 2002 13:51:12 +0100 Message-Id: <1015678273.2452.34.camel@titan> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=1.4 required=5.0 tests=PORN_3,SUPERLONG_LINE version=2.01 Status: RO X-Status: X-Keywords: X-UID: 298 --=-wnPvyTdGCALwqqWdtM3t Content-Type: text/plain Content-Transfer-Encoding: 7bit Hi, We have some problems with vservers. Our machine manage 2 network interfaces, 1 private interface ( 10.3.0.0 ) and 1 public interface ( 217.X.X.X ). The routing table we have is: vserver01:~# ip route 217.X.X.X/27 dev eth0 scope link 10.3.0.0/24 dev eth1 scope link 10.0.0.0/12 via 10.3.0.1 dev eth1 127.0.0.0/8 dev lo scope link default via 217.116.2.129 dev eth0 vserver01:~# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 217.XXX.XXX.X * 255.255.255.224 U 0 0 0 eth0 10.3.0.0 * 255.255.255.0 U 0 0 0 eth1 10.0.0.0 10.0.0.1 255.240.0.0 UG 0 0 0 eth1 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default 217.XXX.XXX.X 0.0.0.0 UG 0 0 0 eth0 Working in local mode (monitor and keyboard directly conected to the machine), we dont have any problem to ping a vserver from root system: vserver01:~# ping 217.XXX.XXX.135 PING 217.XXX.XXX.135 (217.XXX.XXX.135) from 217.XXX.XXX.135 : 56(84) bytes of data. 64 bytes from 217.XXX.XXX.135: icmp_seq=0 ttl=255 time=45 usec 64 bytes from 217.XXX.XXX.135: icmp_seq=1 ttl=255 time=30 usec 64 bytes from 217.XXX.XXX.135: icmp_seq=2 ttl=255 time=31 usec --- 217.XXX.XXX.135 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/mdev = 0.030/0.035/0.045/0.008 ms But, when we work conected through ssh or telnet (conected to 10.3.0.2), we have some problems: vserver01:~# ping 217.XXX.XXX.135 PING 217.XXX.XXX.135 (217.XXX.XXX.135) from 10.3.0.2 : 56(84) bytes of data. 64 bytes from 217.XXX.XXX.135: icmp_seq=0 ttl=255 time=45 usec 64 bytes from 217.XXX.XXX.135: icmp_seq=1 ttl=255 time=30 usec 64 bytes from 217.XXX.XXX.135: icmp_seq=2 ttl=255 time=31 usec --- 217.XXX.XXX.135 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/mdev = 0.030/0.035/0.045/0.008 ms Our Network Interfaces: eth0 Link encap:Ethernet HWaddr 00:B0:D0:F0:31:60 inet addr:217.X.X.X Bcast:217.X.X.X Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1306289 errors:0 dropped:0 overruns:0 frame:0 TX packets:1582986 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:411650461 (392.5 Mb) TX bytes:1111851624 (1060.3 Mb) Interrupt:16 eth0:base Link encap:Ethernet HWaddr 00:B0:D0:F0:31:60 inet addr:217.X.X.X Bcast:217.X.X.X Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:16 eth0:bt03 Link encap:Ethernet HWaddr 00:B0:D0:F0:31:60 inet addr:217.X.X.X Bcast:217.X.X.X Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:16 eth1 Link encap:Ethernet HWaddr 00:B0:D0:F0:31:61 inet addr:10.3.0.2 Bcast:10.3.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:168177 errors:0 dropped:0 overruns:0 frame:0 TX packets:195368 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:16153875 (15.4 Mb) TX bytes:23079955 (22.0 Mb) Interrupt:17 Base address:0x2000 Sorry for my english ;) Regards -- ------------------------------- Joaquin Urrutia Gonzalez acens (http://www.acens.com) Equipo de Operacion Tlf: +34 91 1418561 ------------------------------- --=-wnPvyTdGCALwqqWdtM3t Content-Type: text/html; charset=utf-8 Hi,

We have some problems with vservers.

Our machine manage 2 network interfaces, 1 private interface ( 10.3.0.0 ) and 1 public interface ( 217.X.X.X ).

The routing table we have is: 
vserver01:~# ip route
217.X.X.X/27 dev eth0  scope link 
10.3.0.0/24 dev eth1  scope link 
10.0.0.0/12 via 10.3.0.1 dev eth1 
127.0.0.0/8 dev lo  scope link 
default via 217.116.2.129 dev eth0 

vserver01:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
217.XXX.XXX.X   *               255.255.255.224 U     0      0        0 eth0
10.3.0.0        *               255.255.255.0   U     0      0        0 eth1
10.0.0.0        10.0.0.1        255.240.0.0     UG    0      0        0 eth1
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         217.XXX.XXX.X   0.0.0.0         UG    0      0        0 eth0

Working in local mode (monitor and keyboard directly conected to the machine), we dont have any problem to ping a vserver from root system: 
vserver01:~# ping 217.XXX.XXX.135
PING 217.XXX.XXX.135 (217.XXX.XXX.135) from 217.XXX.XXX.135 : 56(84) bytes of data.
64 bytes from 217.XXX.XXX.135: icmp_seq=0 ttl=255 time=45 usec
64 bytes from 217.XXX.XXX.135: icmp_seq=1 ttl=255 time=30 usec
64 bytes from 217.XXX.XXX.135: icmp_seq=2 ttl=255 time=31 usec

--- 217.XXX.XXX.135 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/mdev = 0.030/0.035/0.045/0.008 ms

But, when we work conected through ssh or telnet (conected to 10.3.0.2), we have some problems: 

vserver01:~# ping 217.XXX.XXX.135
PING 217.XXX.XXX.135 (217.XXX.XXX.135)  from 10.3.0.2 : 56(84) bytes of data.
64 bytes from 217.XXX.XXX.135: icmp_seq=0 ttl=255 time=45 usec
64 bytes from 217.XXX.XXX.135: icmp_seq=1 ttl=255 time=30 usec
64 bytes from 217.XXX.XXX.135: icmp_seq=2 ttl=255 time=31 usec

--- 217.XXX.XXX.135 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/mdev = 0.030/0.035/0.045/0.008 ms
Our Network Interfaces: 
eth0      Link encap:Ethernet  HWaddr 00:B0:D0:F0:31:60  
          inet addr:217.X.X.X  Bcast:217.X.X.X  Mask:255.255.255.224
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1306289 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1582986 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:411650461 (392.5 Mb)  TX bytes:1111851624 (1060.3 Mb)
          Interrupt:16 

eth0:base Link encap:Ethernet  HWaddr 00:B0:D0:F0:31:60  
          inet addr:217.X.X.X  Bcast:217.X.X.X  Mask:255.255.255.224
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:16 

eth0:bt03 Link encap:Ethernet  HWaddr 00:B0:D0:F0:31:60  
          inet addr:217.X.X.X  Bcast:217.X.X.X  Mask:255.255.255.224
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:16 

eth1      Link encap:Ethernet  HWaddr 00:B0:D0:F0:31:61  
          inet addr:10.3.0.2  Bcast:10.3.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:168177 errors:0 dropped:0 overruns:0 frame:0
          TX packets:195368 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:16153875 (15.4 Mb)  TX bytes:23079955 (22.0 Mb)
          Interrupt:17 Base address:0x2000
Sorry for my english ;)

Regards 
-- 
-------------------------------
Joaquin Urrutia Gonzalez	

acens (http://www.acens.com)

Equipo de Operacion
Tlf: +34 91 1418561
-------------------------------
--=-wnPvyTdGCALwqqWdtM3t-- From vserver.error@solucorp.qc.ca Sat Mar 9 23:34:37 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2A4YZ7Y030822; Sat, 9 Mar 2002 23:34:35 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2A46dS29291 for vserver.list; Sat, 9 Mar 2002 23:06:39 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mx1.paradigm4.com.au (server.paradigm4.com.au [202.45.126.119]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g2A46bh29287 for ; Sat, 9 Mar 2002 23:06:38 -0500 Received: (qmail 13105 invoked from network); 10 Mar 2002 04:11:05 -0000 Received: from d2.paradigm4.com.au (HELO mail.DigitalAngel.com.au) (202.45.126.111) by mx1.paradigm4.com.au with SMTP; 10 Mar 2002 04:11:05 -0000 Received: (qmail 13725 invoked from network); 10 Mar 2002 04:10:49 -0000 Received: from charley.home (HELO charlie) (10.0.0.4) by stanley.home with SMTP; 10 Mar 2002 04:10:49 -0000 From: edward@paradigm4.com.au Organization: Paradigm4 To: vserver@solucorp.qc.ca Date: Sun, 10 Mar 2002 15:15:16 +1100 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: [vserver] vserver 0.11 and kernel ctx-8 released Message-ID: <3C8B7884.6890.251D80@localhost> Priority: normal In-reply-to: <20020226143930.23f7bd1e280a@remtk.solucorp.qc.ca> X-mailer: Pegasus Mail for Win32 (v3.12c) Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=1.2 required=5.0 tests=NO_REAL_NAME version=2.01 Status: RO X-Status: X-Keywords: X-UID: 299 This change is causing problems. Situation 1: You have some common services used by vservers, e.g. dns cache/resolver, database backend etc.., listening on 127.0.0.1 on the same machine. Starting from ctx-8, vservers are unable to connect and use such services, because when they try to connect to 127.0.0.1 it is remapped to their pubic IP addresses. Situation 2: Usually when application needs to create a "private" service it binds to localhost. With previous kernels, it would fail. With ctx-8, it succeeds but instead of listening on localhost, it opens up a port on public interface, which is not what application expects. This could have dire security consequences. I'd rather it failed than succeeded with unexpected result. Could you make this particular bits, i.e. remapping bind and route of 127.0.0.1 optional? Either at kernel build time or at runtime? I understand that it solved some problems for people running samba, but at what expense? hth Ed On Tuesday, 26 February 2002 at 14:39, Jacques Gelinas wrote: > 1.4. kernel ctx-8 > > + Using 127.0.0.1 in a vserver. > > Note, this is unrelated to the multi-IP-per-vserver concept. A > vserver normally use a single IP to listen and talk. In general, > this is not a problem. But it breaks a little semantic. Most > services out there simply do a bind on IP 0.0.0.0. This way, they > expect to grab any incoming traffic. They also expect that talking > to 127.0.0.1 is a good way (configuration less) to talk to > themselves. Some services are using localhost (which is redirect to > the ipv4root of the vserver) and some are using 127.0.0.1 directly. > > The ctx-8 kernel now maps 127.0.0.1 to the ipv4root of the vserver > on the fly. This solves some issues with samba and should also (not > tested) solve the issue with PostgreSQL. From vserver.error@solucorp.qc.ca Sun Mar 10 09:01:43 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2AE1f7Y014569; Sun, 10 Mar 2002 09:01:41 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2ADfsu17526 for vserver.list; Sun, 10 Mar 2002 08:41:54 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from april.netcraft.com.au (april.netcraft.com.au [203.16.231.73]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2ADfqh17522 for ; Sun, 10 Mar 2002 08:41:53 -0500 Received: (from g@localhost) by april.netcraft.com.au (8.11.6/8.11.6) id g2ADfpa30373 for vserver@solucorp.qc.ca; Mon, 11 Mar 2002 00:11:51 +1030 Date: Mon, 11 Mar 2002 00:11:51 +1030 From: "Geoffrey D. Bennett" To: vserver@solucorp.qc.ca Subject: Re: [vserver] vserver 0.11 and kernel ctx-8 released Message-ID: <20020311001151.F14847@april.netcraft.com.au> References: <20020226143930.23f7bd1e280a@remtk.solucorp.qc.ca> <3C8B7884.6890.251D80@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3C8B7884.6890.251D80@localhost>; from edward@paradigm4.com.au on Sun, Mar 10, 2002 at 03:15:16PM +1100 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 300 On Sun, Mar 10, 2002 at 03:15:16PM +1100, edward@paradigm4.com.au wrote: > This change is causing problems. > Situation 1: > > You have some common services used by vservers, e.g. dns > cache/resolver, database backend etc.., listening on 127.0.0.1 on > the same machine. > > Starting from ctx-8, vservers are unable to connect and use such > services, because when they try to connect to 127.0.0.1 it is > remapped to their pubic IP addresses. > Situation 2: > > Usually when application needs to create a "private" service it > binds to localhost. With previous kernels, it would fail. With > ctx-8, it succeeds but instead of listening on localhost, it opens > up a port on public interface, which is not what application > expects. This could have dire security consequences. I'd rather it > failed than succeeded with unexpected result. > > Could you make this particular bits, i.e. remapping bind and route > of 127.0.0.1 optional? Either at kernel build time or at runtime? If anyone's interested in my two cents :), this is how I see it: Old behavour: 127.0.0.1 is shared by all vservers. This is good for sharing local services as pointed out above, but allowing communications between vservers may be bad from a security POV. Current behaviour: 127.0.0.1 gets mapped to the public address. This is really bad, as also pointed out above. Geoffrey's Suggested behaviour #1: Map 127.0.0.1 to something like 127.1.y.z for bind() and connect() -- y.z could just be the context number (since MAX_S_CONTEXT is only 65535). Firewalling rules could then disallow communication between 127.1.a.b and 127.1.c.d where a.b != c.d. This would fix the security problems with both the old behaviour and the current behaviour, but would prevent the implementation of shared local services. Geoffrey's Suggested behaviour #2: As for #1, but: change connect() so that if the address being connected to is 127.0.0.1, then: - attempt to connect to 127.1.y.z instead - if the connection succeeds, good - if the connection fails, attempt to connect to 127.0.0.1 as usual This suggestion is obviously a bit more complicated, but would allow some nice things; for example: - named running in root vserver - most vservers not running named, hence connections to 127.0.0.1:53 going to the root vserver named - some vservers running their own copy of named, "overriding" the root vserver named with their own Have fun, -- Geoffrey D. Bennett, RHCE, RHCX geoffrey@netcraft.com.au Senior Systems Engineer http://www.netcraft.com.au/geoffrey/ NetCraft Australia Pty Ltd http://www.netcraft.com.au/linux/ From vserver.error@solucorp.qc.ca Sun Mar 10 09:54:28 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2AEsR7Y014850; Sun, 10 Mar 2002 09:54:28 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2AEen718550 for vserver.list; Sun, 10 Mar 2002 09:40:49 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from foo.uberninja.com (mvincent.lon.rackspace.com [212.100.225.50]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2AEemh18546 for ; Sun, 10 Mar 2002 09:40:48 -0500 Received: from schizoid.gotadsl.co.uk ([213.208.117.83] helo=mvincent1) by foo.uberninja.com with smtp (Exim 3.22 #1) id 16k4Vz-000D9P-00 for vserver@solucorp.qc.ca; Sun, 10 Mar 2002 14:41:35 +0000 Message-ID: <001701c1c841$fb00d610$0400000a@mvincent1> From: "Marius Vincent" To: References: <20020226143930.23f7bd1e280a@remtk.solucorp.qc.ca> <3C8B7884.6890.251D80@localhost> <20020311001151.F14847@april.netcraft.com.au> Subject: [vserver] Quota's Date: Sun, 10 Mar 2002 14:43:42 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 301 Due to the fact that the virtual servers think they are mounted on a /dev/hdv partition, I cannot get quota support working. How do I get around this? I need to enable quota's for my users on the virtual server. Regards. -Marius Vincent The UberGeek From vserver.error@solucorp.qc.ca Mon Mar 11 05:06:48 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2BA6l7Y023628; Mon, 11 Mar 2002 05:06:47 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2B9gQL07455 for vserver.list; Mon, 11 Mar 2002 04:42:26 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from irishsea.home.craig-wood.com (userbb201.dsl.pipex.com [62.190.241.201]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2B9gOh07451 for ; Mon, 11 Mar 2002 04:42:25 -0500 Received: (from ncw@localhost) by irishsea.home.craig-wood.com (8.11.6/8.11.6) id g2B9gFZ00522 for vserver@solucorp.qc.ca; Mon, 11 Mar 2002 09:42:15 GMT Date: Mon, 11 Mar 2002 09:42:15 +0000 From: Nick Craig-Wood To: vserver@solucorp.qc.ca Subject: Re: [vserver] vserver 0.11 and kernel ctx-8 released Message-ID: <20020311094215.A32575@axis.demon.co.uk> Mail-Followup-To: Nick Craig-Wood , vserver@solucorp.qc.ca References: <20020226143930.23f7bd1e280a@remtk.solucorp.qc.ca> <3C8B7884.6890.251D80@localhost> <20020311001151.F14847@april.netcraft.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020311001151.F14847@april.netcraft.com.au>; from g@netcraft.com.au on Mon, Mar 11, 2002 at 12:11:51AM +1030 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 302 On Mon, Mar 11, 2002 at 12:11:51AM +1030, Geoffrey D. Bennett wrote: > Old behavour: > > 127.0.0.1 is shared by all vservers. This is good for sharing local > services as pointed out above, but allowing communications between > vservers may be bad from a security POV. ...and binding to 127.0.0.1 fails > Current behaviour: > > 127.0.0.1 gets mapped to the public address. This is really bad, as > also pointed out above. ...and binding to 127.0.0.1 succeeds, but it doesn't actually bind to 127.0.0.1. I agree that this is bad. Anyone using 127.0.0.1 or localhost explicitly expects it not to be a public service. > Geoffrey's Suggested behaviour #1: > > Map 127.0.0.1 to something like 127.1.y.z for bind() and connect() -- > y.z could just be the context number (since MAX_S_CONTEXT is only > 65535). Firewalling rules could then disallow communication between > 127.1.a.b and 127.1.c.d where a.b != c.d. This would fix the security > problems with both the old behaviour and the current behaviour, but > would prevent the implementation of shared local services. I prefer the slight modification that a bind to 127.0.0.1 is remapped to 127.b.c.d where b.c.d is the low 24 bits of the ipv4 address. This means that all vservers who can bind to a.b.c.d can bind to 127.b.c.d also which is a more logical grouping than security context. It also means that you can ifconfig the interfaces in advance. If you re-ifconfig lo to have a /32 rather than a /8 you can bring up the new lo interfaces. I have a nameserver bound to 127.0.0.1 on this machine. # lo configured as 127.0.0.1/8 as default ping 127.0.0.2 # works ping 127.1.1.1 # works ifconfig lo 127.0.0.1 netmask 255.255.255.255 up ping 127.0.0.2 # fails ping 127.1.1.1 # fails ifconfig lo:1 127.1.1.1 netmask 255.255.255.255 up ping 127.1.1.1 # works dig something @127.0.0.1 # works dig something @127.1.1.1 # fails > Geoffrey's Suggested behaviour #2: > > As for #1, but: change connect() so that if the address being > connected to is 127.0.0.1, then: > - attempt to connect to 127.1.y.z instead > - if the connection succeeds, good > - if the connection fails, attempt to connect to 127.0.0.1 as usual > > This suggestion is obviously a bit more complicated, but would allow > some nice things; for example: > - named running in root vserver > - most vservers not running named, hence connections to 127.0.0.1:53 > going to the root vserver named > - some vservers running their own copy of named, "overriding" the root > vserver named with their own This would cause big trouble I think - what happens if named dies unexpectedly on your vserver? Now all of a sudden requests are going to the main named but no-one knows! -- Nick Craig-Wood ncw@axis.demon.co.uk From vserver.error@solucorp.qc.ca Mon Mar 11 11:31:12 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2BGVB7Y026029; Mon, 11 Mar 2002 11:31:12 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2BGA4q16496 for vserver.list; Mon, 11 Mar 2002 11:10:04 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from main.cyber-office.net (main.cyber-office.net [216.64.180.226]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2BGA3h16492 for ; Mon, 11 Mar 2002 11:10:03 -0500 Received: from localhost (raanders@localhost) by main.cyber-office.net (8.11.6/linuxconf) with ESMTP id g2BGAJ015566; Mon, 11 Mar 2002 08:10:19 -0800 X-Authentication-Warning: main.cyber-office.net: raanders owned process doing -bs Date: Mon, 11 Mar 2002 08:10:19 -0800 (PST) From: X-X-Sender: To: , Linuxconf Mailing List Subject: [vserver] vmail and vserver conflict? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=1.3 required=5.0 tests=NO_REAL_NAME,SUBJ_ENDS_IN_Q_MARK version=2.01 Status: RO X-Status: X-Keywords: X-UID: 303 After a little nameserver snafu I'm trying to send this again. Hopefully it is the only copy you'll get!! ---------- Forwarded message ---------- Date: Sun, 10 Mar 2002 13:15:11 -0800 (PST) From: raanders@acm.org To: vserver@solucorp.qc.ca, Linuxconf Mailing List Subject: vmail and vserver conflict? I've run into a problem with using vmail (IP-based) in the main server on a vserver machine. (Those on the LC list that this makes no sense to just ignore.) It is poor setup using the main server instead of a vserver but I'm having problems getting more vservers setup and need to get some vmail accounts set up. This appears to be tied to the chbind command and the vserver setup. When I created the new IP alias in the main server is shows up as eth0:vs3 instead the typical eth0:0 etc. My vservers showup the same but those I can explain. Is there anyway to get chbind to use more than one IP in the main server? Is there anyway to back out the chbind stuff short of rebooting and not running the ctx kernel? TIA, Rod -- Why is it so easy to throw caution to the wind. Shouldn't it be heavier and shaped like an anvil? Jon Anderson From vserver.error@solucorp.qc.ca Tue Mar 12 08:02:04 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2CD237Y004313; Tue, 12 Mar 2002 08:02:03 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2CCKmx08527 for vserver.list; Tue, 12 Mar 2002 07:20:48 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from noc.easyspace.net (noc.easyspace.net [62.254.202.67]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2CCKlh08523 for ; Tue, 12 Mar 2002 07:20:47 -0500 Received: from hoffman.vilain.net (gw1.noc.easyspace.net [62.254.202.66]) by noc.easyspace.net (8.11.0/8.11.0) with ESMTP id g2CCJ4Q19542 for ; Tue, 12 Mar 2002 12:19:04 GMT Received: from hoffman.vilain.net ([127.0.0.1] helo=hoffman ident=sam) by hoffman.vilain.net with smtp (Exim 3.33 #1 (Debian)) id 16klGp-0004Qe-00; Tue, 12 Mar 2002 12:20:47 +0000 Date: Tue, 12 Mar 2002 12:20:47 +0000 From: Sam Vilain To: vserver@solucorp.qc.ca Cc: klavs klavsen Subject: Re: [vserver] modular vunify In-Reply-To: <1015668935.2037.3.camel@amd.vsen.dk> References: <20020305224638.38acdbde8fd4@remtk.solucorp.qc.ca> <20020306202403.1a03b5a2.klists@rbcmail.ru> <1015668935.2037.3.camel@amd.vsen.dk> X-Mailer: Sylpheed version 0.7.0 (GTK+ 1.2.10; i386-debian-linux-gnu) X-Face: NErb*2NY4\th?$s.!!]_9le_WtWE'b4;dk<5ot)OW2hErS|tE6~D3errlO^fVil?{qe4Lp_m\&Ja!;>%JqlMPd27X|;b!GH'O.,NhF*)e\ln4W}kFL5c`5t'9,(~Bm_&on,0Ze"D>rFJ$Y[U""nR Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 304 klavs klavsen wrote: > > My script[1] is not tied to a distribution at all; it merely scans X > > (where X >= 2) directory structures, and where files are identical in > > the two structures, it hard links them (and optionally sets immutable > > and immutable linkage invert inode attributes, btw thanks for the > > chattr() routine). > Watch out for the comparison. A file can look exactly alike, according > to ls -l, and still not be the same. I would definetely do a sha1 or > md5sum check to ensure that they are truely identical. So would I. Read the source ;-). I'm still not checking for race conditions (last minute updates), but I think I might be able to do this by checking that the ctime hasn't changed since the last checksum started. > sounds very cool.. perhaps i'll have a look at making it log, which > files it vunified - and then the next day, you could run it against the > log, and it would tell you if anything changed - a very simple but > effective IDS. Check out the -v flag, which will only print out the new unifications that are made. It won't print anything when a file that was hard linked and indentical is now a different file, however. Patches are welcome. Even horrid hacks are welcome, but you get more style points for writing good code. Sam. From vserver.error@solucorp.qc.ca Tue Mar 12 08:43:44 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2CDhh7Y004601; Tue, 12 Mar 2002 08:43:43 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2CCCdY08297 for vserver.list; Tue, 12 Mar 2002 07:12:39 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from noc.easyspace.net (noc.easyspace.net [62.254.202.67]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2CCCdh08293 for ; Tue, 12 Mar 2002 07:12:39 -0500 Received: from hoffman.vilain.net (gw1.noc.easyspace.net [62.254.202.66]) by noc.easyspace.net (8.11.0/8.11.0) with ESMTP id g2CCAoQ19140 for ; Tue, 12 Mar 2002 12:10:50 GMT Received: from hoffman.vilain.net ([127.0.0.1] helo=hoffman ident=sam) by hoffman.vilain.net with smtp (Exim 3.33 #1 (Debian)) id 16kl8r-0004Pa-00 for ; Tue, 12 Mar 2002 12:12:33 +0000 Date: Tue, 12 Mar 2002 12:12:33 +0000 From: Sam Vilain To: vserver@solucorp.qc.ca Subject: Re: [vserver] modular vunify pool In-Reply-To: <1015673312.3c89f1e076fae@this.is> References: <20020305224638.38acdbde8fd4@remtk.solucorp.qc.ca> <20020306202403.1a03b5a2.klists@rbcmail.ru> <1015673312.3c89f1e076fae@this.is> X-Mailer: Sylpheed version 0.7.0 (GTK+ 1.2.10; i386-debian-linux-gnu) X-Face: NErb*2NY4\th?$s.!!]_9le_WtWE'b4;dk<5ot)OW2hErS|tE6~D3errlO^fVil?{qe4Lp_m\&Ja!;>%JqlMPd27X|;b!GH'O.,NhF*)e\ln4W}kFL5c`5t'9,(~Bm_&on,0Ze"D>rFJ$Y[U""nR Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 305 ragnar@this.is wrote: > > My script[1] is not tied to a distribution at all; it merely scans X > > (where X >= 2) directory structures, and where files are identical in > > the two structures, it hard links them > This sound great. But hard link them to where? To each other. > I think there should be a structure outside of the vservers. Feel free to do so. It will be treated as an equal. > If 25 ververs are running 2 or more distributions > we will have 2 or more "versions" of the bin "ftp" That's the intention. > and a unify "cache" :-) in > /opt/vservers/unify-pool/usr/bin/ftp/md5sum-filename-1 > /opt/vservers/unify-pool/usr/bin/ftp/md5sum-filename-2 I do like the idea of a cache, however it might be just as easy to just use a perl module like DB_File & Storable and store this: inode # -> { [ stat $filename ], SHA1sum } structure in it. > > and optionally sets immutable and immutable linkage > > invert inode attributes, > Could this be in a config file for each vserver? I'm not sure this makes any sense :-) If you want different attributes, run them with a seperate unify command. Sam. From vserver.error@solucorp.qc.ca Tue Mar 12 12:37:43 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2CHbh7Y006304; Tue, 12 Mar 2002 12:37:43 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2CGohn14613 for vserver.list; Tue, 12 Mar 2002 11:50:43 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from noc.easyspace.net (noc.easyspace.net [62.254.202.67]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2CGogh14609 for ; Tue, 12 Mar 2002 11:50:43 -0500 Received: from hoffman.vilain.net (gw1.noc.easyspace.net [62.254.202.66]) by noc.easyspace.net (8.11.0/8.11.0) with ESMTP id g2CGmwQ02548 for ; Tue, 12 Mar 2002 16:48:58 GMT Received: from hoffman.vilain.net ([127.0.0.1] helo=hoffman ident=sam) by hoffman.vilain.net with smtp (Exim 3.33 #1 (Debian)) id 16kpU2-0005Qv-00 for ; Tue, 12 Mar 2002 16:50:42 +0000 Date: Tue, 12 Mar 2002 16:50:42 +0000 From: Sam Vilain To: vserver@solucorp.qc.ca Subject: [vserver] Reiserfs + inode attributes X-Mailer: Sylpheed version 0.7.0 (GTK+ 1.2.10; i386-debian-linux-gnu) X-Face: NErb*2NY4\th?$s.!!]_9le_WtWE'b4;dk<5ot)OW2hErS|tE6~D3errlO^fVil?{qe4Lp_m\&Ja!;>%JqlMPd27X|;b!GH'O.,NhF*)e\ln4W}kFL5c`5t'9,(~Bm_&on,0Ze"D>rFJ$Y[U""nR Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 306 Excellent, it looks like inode attributes on reiserfs are in the latest stable kernel pre-release. I feel another patch coming on... Sam. Begin forwarded message: Date: Tue, 12 Mar 2002 14:40:16 +0300 From: Oleg Drokin To: Sam Vilain Subject: inode attributes Hello! On Tue, Mar 12, 2002 at 11:20:00AM +0000, Sam Vilain wrote: > btw, nice to see inode attributes back in the "pending" patches. Any idea> when this patch will make it into the mainstream kernel? It is already. Download 2.4.19-pre3 and enjoy. Bye, Oleg From vserver.error@solucorp.qc.ca Thu Mar 14 08:04:10 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2ED497Y012013; Thu, 14 Mar 2002 08:04:09 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2EBPCf05817 for vserver.list; Thu, 14 Mar 2002 06:25:12 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from saarland.sz-sb.de (saarland.sz-sb.de [212.88.192.10]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2EBPBh05813 for ; Thu, 14 Mar 2002 06:25:11 -0500 Received: from camelot.sz-sb.de (dmz1-camelot.sz-sb.de [212.88.192.2]) by saarland.sz-sb.de (8.9.3+Sun/8.9.3) with SMTP id MAA17142 for ; Thu, 14 Mar 2002 12:25:05 +0100 (MET) Message-Id: <200203141125.MAA17142@saarland.sz-sb.de> Received: from ([172.16.151.102]) by camelot.sz-sb.de; Thu, 14 Mar 2002 12:25:04 +0100 (MET) Received: from there (172.16.113.72 [172.16.113.72]) by trierx0.triervf.de with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id G8DHQS01; Thu, 14 Mar 2002 12:25:04 +0100 Content-Type: text/plain; charset="iso-8859-15" From: Daniel Menzel To: vserver@solucorp.qc.ca Subject: [vserver] Samba (nmbd) Problem Date: Thu, 14 Mar 2002 12:24:32 +0100 X-Mailer: KMail [version 1.3.2] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=1.0 required=5.0 tests=MSG_ID_ADDED_BY_MTA_2 version=2.01 Status: RO X-Status: X-Keywords: X-UID: 307 Hi, I've got some problems intergrating nmbd (smbd) into the vserver using 2.4.18-ctx8 and vserver 0.13. smbd works fine, but nmbd tells me: [2002/03/14 12:02:20, 0] nmbd/nmbd_subnetdb.c:create_subnets(240) create_subnets: No local interfaces ! [2002/03/14 12:02:20, 0] nmbd/nmbd.c:main(861) ERROR: Failed when creating subnet lists. Exiting. which is related to the 255.255.255.255 netmask (according to: http://www.turbolinux.com/products/s390/howto/ctc_samba.html / same problem, other env. ) How can I change the given netmask vserver brings up ? Is it possible at all, or is there another solution ? regards, Daniel From vserver.error@solucorp.qc.ca Thu Mar 14 17:27:33 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2EMRV7Y017295; Thu, 14 Mar 2002 17:27:32 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2EM4bV18473 for vserver.list; Thu, 14 Mar 2002 17:04:37 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2EM4bh18469 for ; Thu, 14 Mar 2002 17:04:37 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id 1FD55108C; Thu, 14 Mar 2002 23:04:29 +0100 (CET) Subject: Re: [vserver] modular vunify From: klavs klavsen To: Sam Vilain Cc: Vserver Mailinglist In-Reply-To: References: <20020305224638.38acdbde8fd4@remtk.solucorp.qc.ca> <20020306202403.1a03b5a2.klists@rbcmail.ru> <1015668935.2037.3.camel@amd.vsen.dk> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-okmyca0zagS2ORv0FTdI" X-Mailer: Evolution/1.0.2 Date: 14 Mar 2002 23:04:28 +0100 Message-Id: <1016143470.2018.10.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 308 --=-okmyca0zagS2ORv0FTdI Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 2002-03-12 at 13:20, Sam Vilain wrote: > klavs klavsen wrote: >=20 > > Watch out for the comparison. A file can look exactly alike, according > > to ls -l, and still not be the same. I would definetely do a sha1 or > > md5sum check to ensure that they are truely identical.=20 >=20 > So would I. Read the source ;-). sorry :-) =20 [SNIP] > > sounds very cool.. perhaps i'll have a look at making it log, which > > files it vunified - and then the next day, you could run it against the > > log, and it would tell you if anything changed - a very simple but > > effective IDS. >=20 > Check out the -v flag, which will only print out the new unifications tha= t > are made. >=20 > It won't print anything when a file that was hard linked and indentical i= s > now a different file, however. >=20 > Patches are welcome. Even horrid hacks are welcome, but you get more > style points for writing good code. I just took a little time to think my idea through. 1 comment to your program (without having scrambled through the entire source - sorry). it takes dir1 and 2 as input. You don't state which is the source and which is the target - where the target is the file that actually gets deleted and hardlinked.. and if indeed dir2 is the target, it ought to verify that the filepath contains /vserver in the start.. (or perhaps checks the vserver conf file, for the vservers dir).=20 perhaps you should think of making it so one could just state the vservers one wanted unified.. like unify-dirs root skel (root being the real / server and skel being a server under /vservers/skel).=20 I came up with these extra options for unify-dirs: -s --save =20 save list of files in /etc/vserver/unified.vservername if no is given. -c --compare compare compare current link status with saved list (see -s :-) -t --test don't actually do any linking. just print out list of files that could be unified. together with -s option one could merely create an initial list, without doing anything else.. What do you think? --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - Open Source Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-okmyca0zagS2ORv0FTdI Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8kR5s4c1kHlhtW8oRAs0xAJsHbiUks+CPohyC/Kget5KXLSCcqwCfUmZk zfw7Qt+0SXx38RSaAzLSot0= =K18v -----END PGP SIGNATURE----- --=-okmyca0zagS2ORv0FTdI-- From vserver.error@solucorp.qc.ca Thu Mar 14 17:58:28 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2EMwR7Y017469; Thu, 14 Mar 2002 17:58:28 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2ELt2f18339 for vserver.list; Thu, 14 Mar 2002 16:55:02 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from main.cyber-office.net (main.cyber-office.net [216.64.180.226]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2ELt1h18335 for ; Thu, 14 Mar 2002 16:55:01 -0500 Received: from localhost (raanders@localhost) by main.cyber-office.net (8.11.6/linuxconf) with ESMTP id g2ELten01719; Thu, 14 Mar 2002 13:55:40 -0800 X-Authentication-Warning: main.cyber-office.net: raanders owned process doing -bs Date: Thu, 14 Mar 2002 13:55:40 -0800 (PST) From: X-X-Sender: To: , Linuxconf Mailing List Subject: [vserver] vmail and vserver conflict? (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=1.3 required=5.0 tests=SUBJ_HAS_Q_MARK,NO_REAL_NAME version=2.01 Status: RO X-Status: X-Keywords: X-UID: 309 I still hadn't got confirmation as to whether this ever got through. Initially a DNS snafu so I'm sorry if this is a duplicate or triplicate. If it is some please just let me know and I'll stop trying. Rod ---------- Forwarded message ---------- Date: Sun, 10 Mar 2002 13:15:11 -0800 (PST) From: raanders@acm.org To: vserver@solucorp.qc.ca, Linuxconf Mailing List Subject: vmail and vserver conflict? I've run into a problem with using vmail (IP-based) in the main server on a vserver machine. (Those on the LC list that this makes no sense to just ignore.) It is poor setup using the main server instead of a vserver but I'm having problems getting more vservers setup and need to get some vmail accounts set up. This appears to be tied to the chbind command and the vserver setup. When I created the new IP alias in the main server is shows up as eth0:vs3 instead the typical eth0:0 etc. My vservers showup the same but those I can explain. Is there anyway to get chbind to use more than one IP in the main server? Is there anyway to back out the chbind stuff short of rebooting and not running the ctx kernel? TIA, Rod -- Why is it so easy to throw caution to the wind. Shouldn't it be heavier and shaped like an anvil? Jon Anderson From vserver.error@solucorp.qc.ca Thu Mar 14 21:12:28 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2F2CR7Y019985; Thu, 14 Mar 2002 21:12:27 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2F0j5c21464 for vserver.list; Thu, 14 Mar 2002 19:45:05 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from correo1.acens.net (correo1.acens.net [217.116.0.33]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g2F0j4h21460 for ; Thu, 14 Mar 2002 19:45:05 -0500 Received: (qmail 6578 invoked from network); 15 Mar 2002 00:45:02 -0000 Received: from unknown (HELO localhost.localdomain) (@[217.125.22.103]) (envelope-sender ) by correo1.acens.net (qmail-ldap-1.03) with SMTP for ; 15 Mar 2002 00:45:02 -0000 Subject: Re: [vserver] Samba (nmbd) Problem From: Joaquin Urrutia To: vserver@solucorp.qc.ca In-Reply-To: <200203141125.MAA17142@saarland.sz-sb.de> References: <200203141125.MAA17142@saarland.sz-sb.de> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-hW2CAiKtXNyWHHVbV7AP" X-Mailer: Evolution/1.0.2 Date: 15 Mar 2002 02:01:48 +0100 Message-Id: <1016154109.25610.85.camel@tango> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-1.3 required=5.0 tests=IN_REP_TO,PORN_3 version=2.01 Status: RO X-Status: X-Keywords: X-UID: 310 --=-hW2CAiKtXNyWHHVbV7AP Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable El jue, 14-03-2002 a las 12:24, Daniel Menzel escribi=F3: > Hi, >=20 > I've got some problems intergrating nmbd (smbd) into the vserver using=20 > 2.4.18-ctx8 and vserver 0.13. >=20 > smbd works fine, but nmbd tells me:=20 >=20 > [2002/03/14 12:02:20, 0] nmbd/nmbd_subnetdb.c:create_subnets(240) > create_subnets: No local interfaces ! > [2002/03/14 12:02:20, 0] nmbd/nmbd.c:main(861) > ERROR: Failed when creating subnet lists. Exiting. >=20 > which is related to the 255.255.255.255 netmask (according to: =20 > http://www.turbolinux.com/products/s390/howto/ctc_samba.html / same prob= lem,=20 > other env. ) >=20 > How can I change the given netmask vserver brings up ? Is it possible at = all,=20 > or is there another solution ? We do it changing the "ifconfig" lines in "vserver" script and adding two new parameters to the configuration file like: IPMASK=3D255.255.255.0 IPBROAD=3DXXX.XXX.XXX.255 In vserver script, you can change: /sbin/ifconfig $IPROOTDEV:$1 $IPROOT netmask 255.255.255.255 to: /sbin/ifconfig $IPROOTDEV:$1 $IPROOT netmask $IPMASK broadcast $IPBROAD Doing this, you have to add the new parameters to all the configuration files of all the vservers. One more time, sorry for my english ;) >=20 >=20 > regards, >=20 > Daniel >=20 --=20 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Joaquin Urrutia Powered by GNU/LiNUX Debian Unstable "SID" Kernel 2.4.17-k7 Linux user registered # 175074 PGP publickey -> http://www.j0aco.com/download/joacopublica.gpg joaquin.urrutia@acens.net jooaco@wanadoo.es joaco@j0aco.com =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --=-hW2CAiKtXNyWHHVbV7AP Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8kUf8g8X/33nMtuwRAqr6AJ0erHLwvD8pG6viYmMZ/tVXpQkeNACg4+YY zY/j7lD9nMzKzsfL8mWItYE= =EPvt -----END PGP SIGNATURE----- --=-hW2CAiKtXNyWHHVbV7AP-- From vserver.error@solucorp.qc.ca Fri Mar 15 05:23:49 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2FANl7Y023697; Fri, 15 Mar 2002 05:23:48 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2F8mLJ30007 for vserver.list; Fri, 15 Mar 2002 03:48:21 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from saarland.sz-sb.de (saarland.sz-sb.de [212.88.192.10]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2F8mGh30003 for ; Fri, 15 Mar 2002 03:48:16 -0500 Received: from camelot.sz-sb.de (dmz1-camelot.sz-sb.de [212.88.192.2]) by saarland.sz-sb.de (8.9.3+Sun/8.9.3) with SMTP id JAA08353 for ; Fri, 15 Mar 2002 09:48:15 +0100 (MET) Message-Id: <200203150848.JAA08353@saarland.sz-sb.de> Received: from ([172.16.151.102]) by camelot.sz-sb.de; Fri, 15 Mar 2002 09:48:14 +0100 (MET) Received: from there (172.16.113.72 [172.16.113.72]) by trierx0.triervf.de with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id G0F9YP5K; Fri, 15 Mar 2002 09:48:15 +0100 Content-Type: text/plain; charset="iso-8859-1" From: DMM To: vserver@solucorp.qc.ca Subject: Re: [vserver] Samba (nmbd) Problem Date: Fri, 15 Mar 2002 09:48:06 +0100 X-Mailer: KMail [version 1.3.2] References: <200203141125.MAA17142@saarland.sz-sb.de> <1016154109.25610.85.camel@tango> In-Reply-To: <1016154109.25610.85.camel@tango> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-0.3 required=5.0 tests=IN_REP_TO,MSG_ID_ADDED_BY_MTA_2,PORN_3 version=2.01 Status: RO X-Status: X-Keywords: X-UID: 311 Hi, worked. Thanks a lot... regards, Daniel Am Freitag, 15. März 2002 02:01 schrieben Sie: > El jue, 14-03-2002 a las 12:24, Daniel Menzel escribió: > > Hi, > > > > I've got some problems intergrating nmbd (smbd) into the vserver using > > 2.4.18-ctx8 and vserver 0.13. > > > > smbd works fine, but nmbd tells me: > > > > [2002/03/14 12:02:20, 0] nmbd/nmbd_subnetdb.c:create_subnets(240) > > create_subnets: No local interfaces ! > > [2002/03/14 12:02:20, 0] nmbd/nmbd.c:main(861) > > ERROR: Failed when creating subnet lists. Exiting. > > > > which is related to the 255.255.255.255 netmask (according to: > > http://www.turbolinux.com/products/s390/howto/ctc_samba.html / same > > problem, other env. ) > > > > How can I change the given netmask vserver brings up ? Is it possible at > > all, or is there another solution ? > > We do it changing the "ifconfig" lines in "vserver" script and adding > two new parameters to the configuration file like: > > IPMASK=255.255.255.0 > IPBROAD=XXX.XXX.XXX.255 > > In vserver script, you can change: > > /sbin/ifconfig $IPROOTDEV:$1 $IPROOT netmask 255.255.255.255 > > to: > > /sbin/ifconfig $IPROOTDEV:$1 $IPROOT netmask $IPMASK broadcast $IPBROAD > > Doing this, you have to add the new parameters to all the configuration > files of all the vservers. > > One more time, sorry for my english ;) > > > regards, > > > > Daniel From vserver.error@solucorp.qc.ca Fri Mar 15 17:30:11 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2FMU97Y032016; Fri, 15 Mar 2002 17:30:10 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2FLtAl14120 for vserver.list; Fri, 15 Mar 2002 16:55:10 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2FLt9h14116 for ; Fri, 15 Mar 2002 16:55:10 -0500 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16lzfD-0008Cd-00 for ; Fri, 15 Mar 2002 22:55:03 +0100 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16lzfC-0008CO-00 for ; Fri, 15 Mar 2002 22:55:02 +0100 Sender: jon@silicide.dk Message-ID: <3C926DB6.C91981E9@silicide.dk> Date: Fri, 15 Mar 2002 22:55:02 +0100 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: [vserver] NFS: mount: nfs:/home failed, reason given by server: Permission denied Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: vserver@solucorp.qc.ca Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 312 but showmount -e works fine. The server i copied the setup from nfs works fine in /var/log/daemon.log i get Mar 15 22:39:00 nfs nfsd[1902]: nfssvc: Operation not permitted on the vserver root 1905 0.0 0.4 1452 604 ? S 22:39 0:00 /usr/sbin/rpc.mou but no process 1902 my /etc/vserver/nfs.conf IPROOT=nfs.silicide.dk IPROOTDEV=eth0 ONBOOT=no S_HOSTNAME=nfs S_FLAGS=fakeinit I havent found any other asking about nfs on the mailing list ? JonB ps: has anyone tried/succeded in getting X to run inside a vserver? From vserver.error@solucorp.qc.ca Fri Mar 15 18:08:16 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2FN8F7Y032339; Fri, 15 Mar 2002 18:08:16 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2FMVvU14714 for vserver.list; Fri, 15 Mar 2002 17:31:57 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2FMVvh14710 for ; Fri, 15 Mar 2002 17:31:57 -0500 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16m0Eu-0008Dl-00 for ; Fri, 15 Mar 2002 23:31:56 +0100 Received: from localhost ([127.0.0.1]) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16m0Eu-0008Db-00 for ; Fri, 15 Mar 2002 23:31:56 +0100 Delivered-To: silicide_dk-jon+vserver@silicide.dk Received: from mail.dht.dk [194.239.148.46] by localhost with POP3 (fetchmail-5.9.0) for jon+vserver@silicide.dk (multi-drop); Fri, 15 Mar 2002 23:31:56 +0100 (CET) Received: (qmail 83608 invoked from network); 15 Mar 2002 22:30:41 -0000 Received: from dns.solucorp.qc.ca (207.253.4.241) by ns.dht.dk with SMTP; 15 Mar 2002 22:30:41 -0000 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2FLtAl14120 for vserver.list; Fri, 15 Mar 2002 16:55:10 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2FLt9h14116 for ; Fri, 15 Mar 2002 16:55:10 -0500 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16lzfD-0008Cd-00 for ; Fri, 15 Mar 2002 22:55:03 +0100 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16lzfC-0008CO-00 for ; Fri, 15 Mar 2002 22:55:02 +0100 Sender: jon@silicide.dk Message-ID: <3C926DB6.C91981E9@silicide.dk> Date: Fri, 15 Mar 2002 22:55:02 +0100 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: [vserver] NFS: mount: nfs:/home failed, reason given by server: Permission denied Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: jon+vserver@silicide.dk Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 313 but showmount -e works fine. The server i copied the setup from nfs works fine in /var/log/daemon.log i get Mar 15 22:39:00 nfs nfsd[1902]: nfssvc: Operation not permitted on the vserver root 1905 0.0 0.4 1452 604 ? S 22:39 0:00 /usr/sbin/rpc.mou but no process 1902 my /etc/vserver/nfs.conf IPROOT=nfs.silicide.dk IPROOTDEV=eth0 ONBOOT=no S_HOSTNAME=nfs S_FLAGS=fakeinit I havent found any other asking about nfs on the mailing list ? JonB ps: has anyone tried/succeded in getting X to run inside a vserver? From vserver.error@solucorp.qc.ca Sun Mar 17 16:50:01 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2HLo07Y004894; Sun, 17 Mar 2002 16:50:00 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2HKBSM04374 for vserver.list; Sun, 17 Mar 2002 15:11:28 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from priv-edtnes03-hme0.telusplanet.net (fepout1.telus.net [199.185.220.236]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2HKBSh04369 for ; Sun, 17 Mar 2002 15:11:28 -0500 Received: from iris ([66.183.61.187]) by priv-edtnes03-hme0.telusplanet.net (InterMail vM.5.01.04.01 201-253-122-122-101-20011014) with SMTP id <20020317201128.HLKM25425.priv-edtnes03-hme0.telusplanet.net@iris> for ; Sun, 17 Mar 2002 13:11:28 -0700 Message-ID: <00e501c1cdef$afd22ff0$8a01a8c0@iris> From: "Andy Kwong" To: Subject: [vserver] Rebootmgr and sockets Date: Sun, 17 Mar 2002 12:09:46 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 314 Rebootmgr has a problem when it reinitalizes the vserver by calling - /usr/sbin/vserver vservername restart >>/var/log/boot.log 2>&1 In that is the vserver using "fakeinit", the subsequent init process would need the /vservers/vservername/dev/reboot sockets. Normally this is a not a problem when everything is on the same partition, but when individual vservsers are under separate partitions, umount would not be able to unmount partitions when any server has rebooted through the rebootmgr, unless the the offending vserver (the one with the init that has the sockets open) has been restarted on the command line. Any clues on how to fix this? From vserver.error@solucorp.qc.ca Mon Mar 18 21:54:48 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2J2sl7Y020409; Mon, 18 Mar 2002 21:54:47 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2J1JIx03768 for vserver.list; Mon, 18 Mar 2002 20:19:18 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2J1JIh03764 for ; Mon, 18 Mar 2002 20:19:18 -0500 Received: from remtk.solucorp.qc.ca (g39-209.citenet.net [206.123.39.209]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g2J1Qp619892 for ; Mon, 18 Mar 2002 20:26:51 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g2IFM8T09330 for vserver@solucorp.qc.ca; Mon, 18 Mar 2002 10:22:08 -0500 From: Jacques Gelinas Date: Mon, 18 Mar 2002 10:22:08 -0500 To: vserver@solucorp.qc.ca Subject: RE: [vserver] v_httpd, v_sshd X-mailer: tlmpmail 0.1 Message-ID: <20020318102208.b9b6a7d256c5@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 315 On Fri, 8 Mar 2002 19:27:13 -0500, John Lyons wrote > > What does v_sshd and v_httpd and v_xinetd do exactly? > These services is also listed in my virtual servers that i setup. Do I > have to enable say v_sshd in my virtual servers in order to use sshd > properly? > > They shouldn't be installed in your virtual servers. Check that you've not > got the vserver rpms installed within your reference server (assuming the > ref server is a vs and not your host) He created his first vserver after he install the vserver package, so they got copied there. They should not be enabled in vserver, only in the root server. > The v_ scripts are used to start services on the parent host server and > bind them to the host servers IP address automatically otherwise they start > up and listen on all IP's thereby breaking those services on the vs's --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Mon Mar 18 21:56:57 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2J2uv7Y020425; Mon, 18 Mar 2002 21:56:57 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2J1JFG03745 for vserver.list; Mon, 18 Mar 2002 20:19:15 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2J1JEh03741 for ; Mon, 18 Mar 2002 20:19:14 -0500 Received: from remtk.solucorp.qc.ca (g39-209.citenet.net [206.123.39.209]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g2J1Ql619880 for ; Mon, 18 Mar 2002 20:26:47 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g2IG6LR09537 for vserver@solucorp.qc.ca; Mon, 18 Mar 2002 11:06:21 -0500 From: Jacques Gelinas Date: Mon, 18 Mar 2002 11:06:21 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] rebootmgr function? X-mailer: tlmpmail 0.1 Message-ID: <20020318110621.d1beffed727e@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-99.9 required=5.0 tests=SUBJ_ENDS_IN_Q_MARK,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 316 On Fri, 22 Feb 2002 11:08:03 -0500, klavs klavsen wrote > Hi guys, > > I'm writing the man pages for the different vserver binaries, and I'm at > rebootmgr. > > If I run it from my box, with a valid vserver name it just freezes.. > (how long am I suppose to wait? vserver stop;vserver start > - finished quickly). > > if i run it with a invalid vserver name is says: bind: No such file or > directory. > > What's the purpose of this program? This program is used with the rebootmgr service (/etc/init.d/rebootmgr). This service scan all the available vserver and starts the rebootmgr server with the list. /usr/sbin/rebootmgr creates a unix domain socket in each vserver as /dev/reboot. Each vserver has the /sbin/vreboot and /sbin/vhalt utility. Those utilities open the /dev/reboot socket and send a little messages. rebootmgr interpret the message (halt or reboot) and perform the proper operation on the vserver vserver xx stop vserver xx restart the service should be restarted whenever you add or remove a vserver so it places its socket properly. This rebootmgr may be expanded at some point to allow the vserver some access to specific commands in the root server. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Mon Mar 18 22:05:25 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2J35O7Y020467; Mon, 18 Mar 2002 22:05:24 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2J1JGQ03751 for vserver.list; Mon, 18 Mar 2002 20:19:16 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2J1JFh03747 for ; Mon, 18 Mar 2002 20:19:15 -0500 Received: from remtk.solucorp.qc.ca (g39-209.citenet.net [206.123.39.209]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g2J1Qm619886 for ; Mon, 18 Mar 2002 20:26:48 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g2IFv6409518 for vserver@solucorp.qc.ca; Mon, 18 Mar 2002 10:57:06 -0500 From: Jacques Gelinas Date: Mon, 18 Mar 2002 10:57:06 -0500 To: vserver@solucorp.qc.ca Subject: Re: [vserver] Re: Debian X-mailer: tlmpmail 0.1 Message-ID: <20020318105706.2d549b62eb77@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 317 On Thu, 7 Mar 2002 17:33:46 -0500, wrote > On Thu, 7 Mar 2002, Martin Josefsson wrote: > > > On Wed, 6 Mar 2002 Zardus@nbwrpg.com wrote: > > > > chcontext --ctx 2 --secure bash > > > > run that and then try to create a blockdevice with mknod > > It won't work, just as it's supposed to, tested here on > > 2.4.19-pre1-ac2-ctx8 > > Ok, that doesn't work (mknod: operation not permitted), so I guess its > good. However, when I start it using /usr/sbin/vserver, even though > --secure is default, it doesn't work. I'm using vserver .11, but I didn't > see anything like this in the changelogs for future versions. And iirc, > this worked for me with ctx7 as well. Not sure if it is related. When doing "vserver xx enter", if the vserver is already running, the privileged are not dropped for the newly created shell. This was fixed in 0.13 --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Mon Mar 18 22:07:51 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2J37o7Y020477; Mon, 18 Mar 2002 22:07:50 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2J1JHu03762 for vserver.list; Mon, 18 Mar 2002 20:19:17 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2J1JHh03758 for ; Mon, 18 Mar 2002 20:19:17 -0500 Received: from remtk.solucorp.qc.ca (g39-209.citenet.net [206.123.39.209]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g2J1Qo619889 for ; Mon, 18 Mar 2002 20:26:50 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g2IFPSj09338 for vserver@solucorp.qc.ca; Mon, 18 Mar 2002 10:25:28 -0500 From: Jacques Gelinas Date: Mon, 18 Mar 2002 10:25:28 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] ext2/ext3 question X-mailer: tlmpmail 0.1 Message-ID: <20020318102528.a3ca73f547e8@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 318 On Wed, 27 Feb 2002 11:13:20 -0500, Mihai RUSU wrote > Hi > > While patching ctx8 against 2.4.17 I have noticed that it does patch some > files in the fs/ext2 and fs/ext3 directories: > patching file linux-2.4.17/fs/ext2/ialloc.c > patching file linux-2.4.17/fs/ext2/inode.c > patching file linux-2.4.17/fs/ext2/ioctl.c > patching file linux-2.4.17/fs/ext3/ialloc.c > patching file linux-2.4.17/fs/ext3/inode.c > patching file linux-2.4.17/fs/ext3/ioctl.c > > What is this for? If I use some other fs I miss some vserver features? This is used for unification. The patch in ext2 and ext3 are used to map the generic immutable-unlink bit to the file system extended attribute. Each file system may encode those generic attribute in a different way. So using vserver on another fs is no problem, unless you are trying to unify (share common binaries between vserver to save disk space) --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Tue Mar 19 10:57:54 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2JFvr7Y025848; Tue, 19 Mar 2002 10:57:53 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2JEP1d18860 for vserver.list; Tue, 19 Mar 2002 09:25:01 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from VL-MS-MR002.sc1.videotron.ca (relais.videotron.ca [24.201.245.36]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2JEP1h18856 for ; Tue, 19 Mar 2002 09:25:01 -0500 Received: from canyon.logisoftech.com ([24.203.49.36]) by VL-MS-MR002.sc1.videotron.ca (Netscape Messaging Server 4.15) with ESMTP id GT85DQ02.K43 for ; Tue, 19 Mar 2002 09:25:02 -0500 Date: Tue, 19 Mar 2002 10:08:49 -0500 (EST) From: "Bourque, Guillaume" To: vserver@solucorp.qc.ca Subject: [vserver] Vserver creation with newvserver In-Reply-To: <20020318102208.b9b6a7d256c5@remtk.solucorp.qc.ca> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by dns.solucorp.qc.ca id g2JEP1h18856 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 319 Hi all, As anyone notice that when you run the newvserver utility to build a vserver under Mandrake 8.1 that their is a lot of defunct process during the creation of a vserver. Those processe goes away when the buid is done but I wonder wy the get created ? [root@llubet vservers]# ps -ef | grep defunct | wc -l 701 [root@llubet vservers]# ps -ef ... root 6057 5843 13 11:02 pts/0 00:00:00 [rpmq ] root 6059 5843 4 11:02 pts/0 00:00:00 [rpmq ] root 6060 5843 4 11:02 pts/0 00:00:00 [rpmq ] root 6061 5843 4 11:02 pts/0 00:00:00 [rpmq ] root 6062 5843 9 11:02 pts/0 00:00:00 [rpmq ] root 6063 5843 5 11:02 pts/0 00:00:00 [rpmq ] root 6064 5843 5 11:02 pts/0 00:00:00 [rpmq ] root 6065 5843 8 11:02 pts/0 00:00:00 [rpmq ] root 6066 5843 8 11:02 pts/0 00:00:00 [rpmq ] root 6067 5843 8 11:02 pts/0 00:00:00 [rpmq ] root 6068 5843 8 11:02 pts/0 00:00:00 [rpmq ] root 6069 5843 7 11:02 pts/0 00:00:00 [rpmq ] root 6070 5843 8 11:02 pts/0 00:00:00 [rpmq ] root 6071 5843 8 11:02 pts/0 00:00:00 [rpmq ] root 6072 5843 16 11:02 pts/0 00:00:00 [rpmq ] root 6073 5843 18 11:02 pts/0 00:00:00 [rpmq ] root 6074 5843 16 11:02 pts/0 00:00:00 [rpmq ] root 6075 5843 17 11:02 pts/0 00:00:00 [rpmq ] root 6076 5843 16 11:02 pts/0 00:00:00 [rpmq ] root 6077 5843 16 11:02 pts/0 00:00:00 [rpmq ] root 6078 5843 0 11:02 pts/0 00:00:00 [rpmq ] root 6079 5887 0 11:02 pts/2 00:00:00 ps -ef root 6080 5843 0 11:02 pts/0 00:00:00 /usr/lib/rpm/rpmq -q--list --du ... -- --------------------- La qualité avant tout ! ---------------------- Guillaume Bourque Conseiller technologique LogiSoft Technologies inc. Tél. (514) 576-7638 Fax: (450) 649-6134 -------------------- http://www.logisoftech.com -------------------- From vserver.error@solucorp.qc.ca Wed Mar 20 10:24:13 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2KFOC7Y011839; Wed, 20 Mar 2002 10:24:12 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2KExUR17313 for vserver.list; Wed, 20 Mar 2002 09:59:30 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2KExTh17309 for ; Wed, 20 Mar 2002 09:59:30 -0500 Received: from remtk.solucorp.qc.ca (g39-98.citenet.net [206.123.39.98]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g2KF7I643328 for ; Wed, 20 Mar 2002 10:07:18 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g2K4hJQ09178 for vserver@solucorp.qc.ca; Tue, 19 Mar 2002 23:43:19 -0500 From: Jacques Gelinas Date: Tue, 19 Mar 2002 23:43:19 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] Vserver creation with newvserver X-mailer: tlmpmail 0.1 Message-ID: <20020319234319.bc0137f0ccd4@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 320 On Tue, 19 Mar 2002 10:08:49 -0500, Bourque, Guillaume wrote > Hi all, > > As anyone notice that when you run the newvserver utility to build a > vserver under Mandrake 8.1 that their is a lot of defunct process during > the creation of a vserver. Those processe goes away when the buid is done > but I wonder wy the get created ? rpm is called several time to extract data about package. The defunct process means the utility (vbuild) is not "waiting" to pick the process return code. When vbuild ends, all process are reparent to init and then they go away. I will investigate things. vbuild is using a ipfstream object. I am probably "miss using" this object. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Wed Mar 20 11:55:53 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2KGto7Y012481; Wed, 20 Mar 2002 11:55:52 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2KGWCf19668 for vserver.list; Wed, 20 Mar 2002 11:32:12 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from main.cyber-office.net (main.cyber-office.net [216.64.180.226]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2KGWCh19664 for ; Wed, 20 Mar 2002 11:32:12 -0500 Received: from localhost (raanders@localhost) by main.cyber-office.net (8.11.6/linuxconf) with ESMTP id g2KGXIp13386 for ; Wed, 20 Mar 2002 08:33:18 -0800 X-Authentication-Warning: main.cyber-office.net: raanders owned process doing -bs Date: Wed, 20 Mar 2002 08:33:18 -0800 (PST) From: X-X-Sender: To: Subject: [vserver] Sendmail on vserver Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=1.2 required=5.0 tests=NO_REAL_NAME version=2.01 Status: RO X-Status: X-Keywords: X-UID: 321 I'm having a problem with sendmail on a vserver. When I send mail to the domain I keep getting refused connections. It looks to me like I have an ipchain issue in the main server but I'm not up enough on ipchains and how vserver handles the IP aliases for vservers. Could some one that has sendmail accepting e-mail in a vserver send me a copy of their /etc/sysconfig/ipchains file? I hesitate to just disable ipchains to see if that is the problem because I've been hit a lot lately. Or an good slap up along the side of the virtual head if I'm missing something really obvious. TIA, Rod -- Why is it so easy to throw caution to the wind. Shouldn't it be heavier and shaped like an anvil? Jon Anderson From vserver.error@solucorp.qc.ca Wed Mar 20 13:15:14 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2KIFC7Y013227; Wed, 20 Mar 2002 13:15:13 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2KHQNm20838 for vserver.list; Wed, 20 Mar 2002 12:26:23 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2KHQNh20834 for ; Wed, 20 Mar 2002 12:26:23 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id F2BB3108C for ; Wed, 20 Mar 2002 18:26:16 +0100 (CET) Subject: Re: [vserver] Sendmail on vserver From: klavs klavsen To: Vserver Mailinglist In-Reply-To: References: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-bdrx9yiSVS8RbLEXC/ZQ" X-Mailer: Evolution/1.0.2 Date: 20 Mar 2002 18:26:16 +0100 Message-Id: <1016645176.2022.7.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 322 --=-bdrx9yiSVS8RbLEXC/ZQ Content-Type: text/plain Content-Transfer-Encoding: quoted-printable This is not really an appropriate discussion for the vserver list, but here goes :-) On Wed, 2002-03-20 at 17:33, raanders@acm.org wrote: > I'm having a problem with sendmail on a vserver. When I send mail to the= =20 > domain I keep getting refused connections. It looks to me like I have an= =20 > ipchain issue in the main server but I'm not up enough on ipchains and ho= w=20 > vserver handles the IP aliases for vservers. if so, and you have set --log I believe it is on all your -j DENY lines and end the chains with a DENY policy with a log all rule, you should see the packets where your /etc/syslogd.conf logs kern.* (usually /var/log/messages..) you can do "grep -irl kernel /var/log/*" to see which file kernel logs to. =20 > Could some one that has sendmail accepting e-mail in a vserver send me a > copy of their /etc/sysconfig/ipchains file? I hesitate to just disable=20 > ipchains to see if that is the problem because I've been hit a lot lately= .=20 ipchains should not be your only defence - it shouldn't matter wether or not you disable ipchains shortly.. clean up your netstat -nta and netstat -nua output so no process listens, that you can't actually trust. you should consider running portsentry also. If someone portscans you, it will DENY them access to everything including otherwise allowed services on the server. =20 > Or an good slap up along the side of the virtual head if I'm missing=20 > something really obvious. most likely your sendmail is configured wrong.. try doing telnet to your mailserver and see if you can send mail that way.. if you the banner from the mailserver it's probably not an ipchains problem. btw. you should consider changing to something like postfix - it's more secure and it's a lot easier to setup as it uses a human readable configuration file (i know sendmail has it's m4 assimilite config - but's it not really that great if you ask me :-) =20 --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - Open Source Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-bdrx9yiSVS8RbLEXC/ZQ Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8mMY44c1kHlhtW8oRAte0AKCuwfYJ+UhK7kk5XKw5r0Vf0jkatgCfb7wp PuwEYV9cekK+fmqDK5e6Zf0= =tn9c -----END PGP SIGNATURE----- --=-bdrx9yiSVS8RbLEXC/ZQ-- From vserver.error@solucorp.qc.ca Wed Mar 20 16:43:40 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2KLhd7Y015162; Wed, 20 Mar 2002 16:43:40 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2KLIZc25908 for vserver.list; Wed, 20 Mar 2002 16:18:35 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2KLIZh25904 for ; Wed, 20 Mar 2002 16:18:35 -0500 Received: from remtk.solucorp.qc.ca (g39-184.citenet.net [206.123.39.184]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g2KLQQ679206 for ; Wed, 20 Mar 2002 16:26:26 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g2KKn0401710 for vserver@dns.solucorp.qc.ca; Wed, 20 Mar 2002 15:49:00 -0500 From: Jacques Gelinas Date: Wed, 20 Mar 2002 15:49:00 -0500 To: Vserver mailing list Subject: [vserver] vserver 0.14 and kernel 2.4.18ctx-9 changelog X-mailer: tlmpmail 0.1 Message-ID: <20020320154900.9bb8079b775a@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 323 vserver 0.14 Change log 1. Enhancements 1.1. chbind: broadcast address chbind accepts the --bcast option. It is supporting the new set_ipv4root which requires an IP number and a broadcast address. If you only specify the --ip option with a device, the broadcast address of the device is used. This is used namely in the /etc/init.d/v_xxxx services. /usr/sbin/chbind --ip eth0 /bin/sh the new chbind works on older kernel. The broadcast address is simply ignored. 1.2. kernel 2.4.18ctx-9: set_ipv4root changed This new kernel enhances set_ipv4root a bit. This is not the multi-ip support yet though. This kernel allows application relying on broadcast to work in vservers. The trick is to assigned both an IP number and a broadcast address to a vserver. The socket handling for UDP was modified a little (one line in net/ipv4/udp.c) so an incoming packet is processed if it matched the vserver IP or the vserver broadcast address. There is no configuration changed to take advantage of that. You need the new kernel and vserver-0.14. Stuff like samba (which was already working in most cases) are now working completely. Even dhcpd works inside a vserver (see the FAQ though). So the set_ipv4root was changed, but the kernel sports a syscall versioning system and vserver-0.14 supports it. So vserver-0.14 works with any "ctx" kernel. The new kernel works also with older vserver utilities except the vserver broadcast address will be improperly assigned. 1.3. vfiles: new utility The vfiles utility is used to extract the list of non-unifiable files in a vserver. The utility works like this /usr/sbin/vfiles reference-server server Using the output of this command, one may archive only the relevant part of a vserver. You can use this to move a vserver from one server to another. Only move few megs. On the target server, use vunify to fill the missing files. You must have a identical reference server on the target server though. Anyway, this is general purpose. Life may tell us if this is really useful :-) 1.4. vps reworked vps was reworked a little. The previous version was not working on some distro. Test it out. 1.5. vserver configuration file There are two new optional entries in /etc/vservers/*.conf: + IPROOTMASK: This is the netmask used to configure the IP alias. By default, it uses the netmask of the IPROOTDEV device. + IPROOTBCAST: This is the broadcast address used to configure the IP alias. Again, it uses the IPROOTDEV device settings by default. You generally do not need to assign those fields. Just upgrading to vserver 0.14 and restarting your vserver and the IP alias will be configure. This was an issue for some service (as seen on the mailing list). Prior version were always setting the netmask to 255.255.255.255. 1.6. vserver-stat and dynamic system calls The utility was using fixed system call numbers unlike the other vserver utilities. Fixed! 1.7. v_xxxx services enhancements /etc/init.d/v_sendmail was added to the list. By default each v_xxxx service perform a chbind on the main eth0 address. For each service, you can setup a file called /etc/vservices/service.conf (one per service). In that file, you can specify a different IP or device. IP=x.y.z.w The extra configuration file is optional. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Wed Mar 20 17:22:10 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2KMM97Y015514; Wed, 20 Mar 2002 17:22:10 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2KM0Nk27177 for vserver.list; Wed, 20 Mar 2002 17:00:23 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.catv.telemach.ro ([212.146.66.245]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2KM0Mh27173 for ; Wed, 20 Mar 2002 17:00:22 -0500 Received: from 127.0.0.1 (localhost.localdomain [127.0.0.1]) by dummy.domain.name (Postfix) with SMTP id 2519917D1D for ; Thu, 21 Mar 2002 00:00:22 +0200 (EET) Received: from catv.telemach.ro (mach2 [212.146.66.245]) by mail.catv.telemach.ro (Postfix) with ESMTP id 8A0DC17D17 for ; Thu, 21 Mar 2002 00:00:21 +0200 (EET) Message-ID: <3C990675.2000206@catv.telemach.ro> Date: Thu, 21 Mar 2002 00:00:21 +0200 From: Razvan Cosma User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.6) Gecko/20011210 X-Accept-Language: en-us MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: [vserver] sample config file Content-Type: text/plain; charset=ISO-8859-2; format=flowed Content-Transfer-Encoding: 7bit Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 324 Hello, I have searched the archive and read the docs, but I can't seem to find something very important: what is a vserver.conf file structure? I can not use linuxconf since it does't have support for suse 7.3 an even more, I do not want newserver to create it for me since I have a lot of files spread around my system and I only need a few libs and three files in /etc to get eg. proftpd working. Any hints please? Thank you. From vserver.error@solucorp.qc.ca Wed Mar 20 18:51:05 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2KNp47Y016368; Wed, 20 Mar 2002 18:51:04 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2KNYhh28992 for vserver.list; Wed, 20 Mar 2002 18:34:43 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from gadolinium.btinternet.com (gadolinium.btinternet.com [194.73.73.111]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2KNYhh28988 for ; Wed, 20 Mar 2002 18:34:43 -0500 Received: from host213-122-2-221.in-addr.btopenworld.com ([213.122.2.221] helo=john-new) by gadolinium.btinternet.com with esmtp (Exim 3.22 #8) id 16npbJ-000179-00 for vserver@solucorp.qc.ca; Wed, 20 Mar 2002 23:34:37 +0000 Received: from 213.122.2.221 by john-new ([213.122.2.221] running VPOP3) with SMTP for ; Wed, 20 Mar 2002 23:34:23 -0000 From: "John Lyons" To: Subject: RE: [vserver] sample config file Date: Wed, 20 Mar 2002 23:34:18 -0000 Message-ID: <009601c1d067$c3e554c0$cf167ad5@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-2" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal In-Reply-To: <3C990675.2000206@catv.telemach.ro> X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 325 > I have searched the archive and read the docs, but I can't > seem to find > something very important: what is a vserver.conf file > structure? They'll be created when you build a new vserver. This doesn't include the two new settings for the current version. S_CONTEXT=5 IPROOT=123.123.123.123 IPROOTDEV=eth0 ONBOOT=yes S_HOSTNAME=svr5 S_DOMAINNAME=svr5.domain.com S_NICE= S_FLAGS="lock nproc" ULIMIT="-H -u 100" S_CAPS="CAP_NET_RAW CAP_SYS_RESOURCE" Regards John Lyons DomainCity http://www.domaincity.co.uk support@domaincity.co.uk ICQ 74187012 *********************************************************************** Please quote your account number in the subject line of all emails. Failure to do so may result in your enquiries taking longer to process. *********************************************************************** From vserver.error@solucorp.qc.ca Thu Mar 21 04:59:27 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2L9xQ7Y021139; Thu, 21 Mar 2002 04:59:26 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2L837O08189 for vserver.list; Thu, 21 Mar 2002 03:03:07 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2L835h08185 for ; Thu, 21 Mar 2002 03:03:05 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id C007F108C for ; Thu, 21 Mar 2002 09:03:04 +0100 (CET) Subject: [vserver] Updated Manual Pages From: klavs klavsen To: Vserver Mailinglist Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-0AkUrZQCWVfwokKhMogY" X-Mailer: Evolution/1.0.2 Date: 21 Mar 2002 09:03:04 +0100 Message-Id: <1016697784.2028.16.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 326 --=-0AkUrZQCWVfwokKhMogY Content-Type: multipart/mixed; boundary="=-fLDTFGDgGtn2vlmDRwOk" --=-fLDTFGDgGtn2vlmDRwOk Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi guys, I updated the new manual pages. ChangeLog: - Added manual page for the new vfiles utility. Please add some good examples to show it's usage if you can think of some :-) I took a look at the sourcecode and added a few comments as to what I could see it actually did, under "Description". - Updated all the other manual pages to say version 0.14, so they follow the vserver utilities version numbers, and added the vfiles(8) under "See Also". If version 0.15 is released and there are no new changes to the utilities, please upgrade the version numbers so the man pages seems current :-) Are we missing (8) manpages for anything now? --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - Open Source Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-fLDTFGDgGtn2vlmDRwOk Content-Type: application/x-bzip Content-Disposition: attachment; filename=chbind.8.bz2 Content-Transfer-Encoding: base64 QlpoOTFBWSZTWfwcGo8AAKXfgAAQUefkV/9v326////gUANdZDU1tWRUJRNJoU8TCKek3o1Go8ak afqmJpibR6k8oNoJRDUwTUyZU9PQU9R6jIAAGQaDQ0HMAmAmRgBGJiYTCYIaYmmAlNEECJtT1T2q D0T9UD1A9QZNNDQA9QHMAmAmRgBGJiYTCYIaYmmCVsH6Qz5SIiJ2w51V3wMZKhvqkmYtNASBLZ1z YmrHN41ReBw4/1N+iyjIeZIrR78RqLYkqqdJUvBzlkIFYddIK3rZ0uzM/kpXH6VtTT3ajlOTqvmr aSNy6lWE738Qm11MqQ2Z1TvC1i6BOOTrh92RgowoKrDiM0M3JCS3kbP+jxU9Ojyjwpw59qCYXGS2 tlc1nLFMINMp+0QKItDxjV9UEL4K8dP7dVJFXQMXS/5ruz5GH4MOZu0Q22UhRn+nLgP5iGzXPi+9 Li+J1+L8TzgMBKSkvowwdrwm0PVZFMum1A3I/CC78kY/wnrQpRQiBrHSslKt9Yz25IwxAvfYqS++ Q7YUSySt5YY5Ps7p3XuA32BwTHq7uzYqba0UeqUIa7RLwZ+zd7VdHfGItHdO8brc/ZxoNOjWlmAW 5ihmxqzXcZi/jo/t1+VmlvbbYl7xtt9gLc2o8fCIa4oPog1YvcuWtV1sYLMRuUnd2QZC4oOOek1k ZxJbtmJsUwVDmUIdcY7lSC1i7WV/ypeUNLo59VINB6kM+Oes5DFrKJwTjeSxnxsscuUXTMkDRCPc ARiQYsnYzMlrFXxkkyUJDKyJarz7ioDNAgL0QyntMdM0ukNA2DrxjXoB4y4bOxFVGQ1g5DjMOIUZ 2RZcrJXEXDivnMw6y7VJ3mniD7uJ5VSU6SwYZwspZPk+OZGKJBTTHbBK3FEeoPcURChDjhDMmSa+ JQwifFSKJlM8LKghSnvTIva3rdjDMEg2jziXddZNhclk7RCDv1g0lTmpj2NGiZtasBGcWMNLR0fS vbRDwlr+h2gKp31DBXNfwWY/RHXCWhy1m0FQ22wi7ZMIDnGA6h2vWxynFiI8fWWIzYrCpeoY85cO zVHVQkI9vxvqWjw34trjCK4I9DziJQKqZ7J1rKexJxpInQ1sxI5t1pZbXCTFyqk7xrxVJcU1PKS5 tW2FKImHDBYOTTXvugWLUa2dcHMQ/w8LnTMr82v07SWVeH/F3JFOFCQ/BwajwA== --=-fLDTFGDgGtn2vlmDRwOk Content-Type: application/x-bzip Content-Disposition: attachment; filename=chcontext.8.bz2 Content-Transfer-Encoding: base64 QlpoOTFBWSZTWamS8DMAAZPfgANQeefkV/9v3+6////kYAau+uoOHV0Lmpu2lNDQ0hJTQQmJPI00 1PRNJtNQNAAHpDNQ0yADU9CGRCNNU/VD1DTQ9Q0AAAAAA0OaZGQyYIaMJgjTRoxA0yZGAAIJCiaU 2mkZTZEG1A0HpBoxAGg0AGg5pkZDJghowmCNNGjEDTJkYAAgkSBMkZCU8yJpPTQhoxDTQ0NNA0aN NPUgBwO1xkZ83TafXtj3QCSLxyaEuyiwjUwm2Txh1QjvPDogsx0cGFtljloUm290dbmIswmUiXK7 QjQDQGe5KrCQZbjzA2Ded8jgQQj4dDWnspUz7WvHTn6cDwN2CtMXDrO4auxZGt/jmg67RazpkSAj gRNc9P0omZhCek6hU+zhmYyVMwxCJYM4XWy7RX6F362VK5ZBjyowYZMHCN/eWY/466K0LCtIY6ol A9OWUxM7Uheiq1aFDJwabAjrlFruW+lwaXNZvoTHv03z4Us4Y46YIZQCDxhXhXoY1tVubEqjlfN8 A6YON8QhdcxqElzzXVNSLMmeASlx1NqDZTWoTTbOsrUvuKBwL1c5AwZkyNG/qT2pXZg9lk1rJKr1 vbel6WySlUpTdsIQhhPYkDIRHFkQXnnjEanMtGIdfZu4Vasvs58iF0JJ0Yklddhe5n59c1HtWZyT 4ydreacRseR9Mu4EDieLNTloKeXM+2YYMMrPHQUM+7QCW15xE1+3xy2EyVpWc+IfyCUy5rHFMjiF 1/B69G9kmZvNh8RFVmHevnCMfXjIhqJeBXdRZ97pF6Bm37X6bR7TyuntPuqSAzM+b+JHp3012xBd mWneEfvNg/R7y3I/8xOq3ITfOIV3IzIHIZ+iamGUtZBhB5Vpu0NRBtfiA00JMu2EXp7ughBUKjWr S5ojqM48e2A/oaGhjPggNmAj6/vz8w/D6JxFDk0qy4zbEuK8XJeZ/r8qo/Uj9cnwD4WKjRWeErHy so06MGmmfhG3bBQRlSRMpv0sVKT7omSTLyuw8k9oZqoNA16hcEs4MOhubO78xV8U6JdeTIDsH38g pjo4zSvayyREe6XzOZqzNGWeZL56CqwNUDGz0Mg40nIady6ivWcWWICjDD1yJtjA1OAyASCDyZWC 1321Fbz2Gd8Ix5w2lRvUdDJfRNp8WicoIFtUDGSpO944Q8pMQeOVVAZMUni42UcUisVFiTyZqZk5 E47RmuclcihpqgPEsWznLbEG3WRIXbHkEwENx1rY1nUgPB8AswZEGCPmEkOZmTCVO4c2GtMCKmxq Av4ZWjPLmFDyXslYKCOSwAifUXIX6ALmrM2Qupl2G+A7G2DbtPs37JLrrq7Rp0G/N2hKtCiRzNMa bSiyRcFCKrTbGcsTM/olTsIanExEeX1y1irtFQsT1UpK50yW4oaXSYfgeNDlyXDIoIju4WNENtMY NtYviRDYzqY8OGJcokoNjUenmbHgbhLhbxeVHr1yjTTGcjnCR3B4Diee5JZkBgjpJoMxjGNHU8BR lrU0OinBFHVmTspdspK5HETgLKwUzhjKFOxp27KqWThyYq6YQoWijmx1YN0INQaJyk04JJZ67Gxu kytGhtENskRTItOBGVEFahHFquQW97s53rMgkgQ5hWhQwHr++ClrUW5wZJzQyEOHHsepJtIFehwp 9LH7eovckje0Bc726qOTpjLfpPYU7Q48G31HrnrfXaXXOcelPPLhIC1DnWsjK3TimUqhv/7vhzTA 9LPkNwt3l3qTA8z4IGiKE9J6EeictTMs/j5sKRenAt5LiWJhsEQQhcVcxPdbMkdZUNmBeeLFHvbu SUVCGxzDFX9NiS1qpyIjDRSGaX3x6sxvAO8zbT8qqJQScCtVaBNk2bID15RxYVQbAHwcqePAeCoa brekk9wwXJnS1up4tFYnGHSp0Dhm6nPN4zoTrS05Dnjsnd2aKMIyzw/sZNhW+xpVnxuIoULAIsap CzZ0MCSayrvB5OC2AqLja0pmRigpexZtylYWCikFaqOPMn66yeoKNUJFIYPsqINgSveFVB25eExz uMKMjdBUXBRib7WbA7iOTm7JdrUJZMbJa7kXXIiwhFRD1oExLTpYvsHMp4uNTl/xdyRThQkKmS8D MA== --=-fLDTFGDgGtn2vlmDRwOk Content-Type: application/x-bzip Content-Disposition: attachment; filename=rebootmgr.8.bz2 Content-Transfer-Encoding: base64 QlpoOTFBWSZTWTc5LjUAAIzfgAAQUefkV/9v326////gQAL9a1KaaaqhojSZU/U09RiaENqZNog9 TQ0Mg9T0j1MjQajIT1PUwqYNNIyaNNAAAAAGQ5gEwEyMAIxMTCYTBDTE0wEpoggSY0CBpGj0mjTI MmgNBhBK2DvQz+mREaVdV+zmhm0pploNYeYEgSfGzuMtk3qm23jvL7muXYq/ZTfnEoQOBwNyn4ES t/MhxaolW/kw4NeDnWl08yArX3NEqPjY60SfJERX4jGjCVlRYawaE8nwNDI0NwDjwKY455No2GNt HxeqfVRSQKqMQytXMtJJ53jEUR3DGSfDOcsPR5+cGH3Wqg+9/fXnuwH5LbfCW3q7x3axf5V+IIaJ b5Qw4eAXjDKc1yxNIyaZ4l6LGWCuILADxcXH4gg+F/FFBWI9+9wsH2aXTRfveqS7bjOxlEDkzFW5 ZHdGvVoRhnAvfMqS/WgcwKaErcYb8nYcwlVktOpOkd9N3yU0Z8YC8/u/UKHAvMo9dxFg1w3+CMJ4 dGBJ2y0axjxmvKy3qros6wxtobLxKkONZ5PVZKUWlswtSh3HEGQSNtlVWdNWbIXps9HaUfetdKJu W0YlOvW2qyAyKd0oGNZVGCpbOmRININYQDc6Bh3kQgvPe1DopX6g1QpGOEaYOOMzGyuBoytwKOlD WRB4Rjl382JOyWzU98zPsDdSejIVIDcP/rx6ZNcMrXM0trm4mEslGZ2wZOICUUdphz23kRRtbIuN bZSa0kYFYSF/EwqK9y5oRDliZ1A+wUhkJlLCbwCKeKkUQpnKUHUzmwt7XbIbDW84lwOtJ1rC9LU4 8JByMWBi10Fowfbmwrvvkrg8hKkY1YzWOpWR0COk84UrgbWpsqZyk+JU6C74zem+9oRz6GPVdlpj C1wzSHczVjVdqDZbyJUoOugc4JYwCm7gLE0EoIO+NpXNjDLfwEsJhHS8oh6ZweydaynmScJIoXs0 beOxsGJtVY3XNaQfZFor4WGapbK5yqyc3ZXnjwZ6nVSmGG3MQvAawWkSc5EwsNjYcupaanV/xdyR ThQkDc5LjUA= --=-fLDTFGDgGtn2vlmDRwOk Content-Type: application/x-bzip Content-Disposition: attachment; filename=reducecap.8.bz2 Content-Transfer-Encoding: base64 QlpoOTFBWSZTWangDvkAANRfgAAQWefkV//v3+6////gUAS3bdhbBtJhpjW3hKE0QATCGiZNKbRl G1NP1TPUQNPKep6nqAJRMgIJ6VPRNoJo0aAAAyMmg9TTIEpohANVPZTU/UQ0HqBo0AyDIA9QaBE0 U0HpNA0ZDAgNBpiaaAyaaYgDmBMTQYTJkyZGEwTTTIxMAQwKu5h1bQh2Em66CqJHZUZmXNZ+uet9 4rJE6On+tRRQ4OkAiQaQARABGRAnn8Ji9S4Av6qICnh5Qbn6vExc4wmqHeiHRYBwMLk9hNkowd2T J6p5kJjtUhxc86l38s98krWyryTYqngsO4aLy3oVw69U3q4zqZxheWaY99o1Hsp+J0kODnVkZWqc 7t48ZiS0REzF3iyvLiSaTjWFNkXuKWimquEJzAtQe23DJb7KIv9Tipx8eOPS/pw96CeCIdNJy/Zv HpfZk9ghhnHSmfzEPc1CoS7L0AmUPS8mur54xMOXY6OetRIqR+KP5Tfn3Hx/V0Xwbg/6CG0yiFu3 56f2Rj4HOXPid/qd9Hb9v8IIji40FU0/kp1JidUQEmYK04y51adZefLOiVjUoRFc4Jp9mG/3Y4um jKTrlQ6GcpJkiDY6F3a5fXQBc1U15Ufbz57T7Rx1npj9YkSezBbnofBSim2WeLKvsQNu522kYLCu rVHctu5nJwiuTf1GcXdnjpZHNc5V3eNhU8NG22IaIoNConsZoPkgia8yCURNJMXatV1FS4rjMxRR ipgu0DGUpRRDNEKQmfO6wvtqmg1Og6K0MFCoMiGlOy+ud8aIkEYZ7LgSmKZqp4h77Q9PXl3Hdz+O y20VWbewe1UN6kgSccmnXYJMM5focmdWaNxyRTn+1Dp4Lju4SmH0ow4gY9sg3bfppJ8apiqQJXCn NRFRLh85tOPYv93hTllQZAkzbmt1ZoawZ3kid3q2ki/zPbXDC8mLpDMxeAU3nU8soJM2021168lD OmqghUXDxLwTXOIyk7N8Kw0jR34JwJe2DomrM/ymS0kiQF2VKJaIZz9lHGvAgxoys9xSbX5JkI72 SpC2QmEzQruNDqrNZXgWDJ+4JZOOL8Bs0v8Ip2uRFSrhtFgryxWRU+rLUb5iHBX70VEFHaBCSbPC nXynCg7SmJQt/UayGSb0SlKWE3HBSbXGSfSmAPt5QLaAbBkFD3GRo+C6lz/Iy+gTGf3Mk4WMCUi8 GNHSuUdcNFeaIvHDW4nmYYcDymxeZP2YbyTyhwdyjDsI8MmdiFZ1IR5JFWiqMQOOlib1Tpgl6iLR GoyiaUMLrtlrbF0ZQwmDbdlsS2am1y4Irz8iq6RJMV66EyZNaa1Sum+AJhR+DF0v2cKMB4TDDl4j JU2Q4RmSOU3WSNBannMIHNCjXN+1o95wwVEOMoE3vkQ43SvRCKNIjaOhJSHa85EFMo5WIUXqhApx aOoVr6TIhcpJNQWU5yMrXL0cKvLWa/Qs+9zbrZ104pdqWlGwbWFWK7KO9LJUf0TjDDfoOqSnNW3Y qqWMkEmEiUzOGMhN204lo2gUjcq2rR0JqkWnsROvlDhl13Myo6UObDH2knIxtPhqaRPYT1gcP8PC mxuTsyBCZ7toa6VWxhQssSNC+Yu5IpwoSFTwB3yA --=-fLDTFGDgGtn2vlmDRwOk Content-Type: application/x-bzip Content-Disposition: attachment; filename=vfiles.8.bz2 Content-Transfer-Encoding: base64 QlpoOTFBWSZTWUzMN1IAAK/fgAAQcefkV/9v326////gUAOe7q5tk5q2061wlCCGhTZNGhT0n6ps Immn6kxD1Gg0B6agamJNqYJGFGjTQAA9QANGh6gNA1U/0RqntJPVPKPKDQ0AAAAGmJoAOaYmTJow mCYmmATAIYIwIwCU0gE0p6JpP1TeijR6nqGgDQNAA0DRLDqi/VMB85kIQV1WSRzuzoaJzkUwUN4J AJerr8cw3s38wFYj7pqyQRcygL5ON7UzhR9ZGP3p97YI47DTQcnmxvu36WoKS07ivZERsTB7xpqN 75Ja1WWwxVUm+gR1ScLaIznAExJSavDRUNJHuRGnZScb0WrVJxKCoiUTaHASEwRBTQUih4TOPIhn 0bM7335uBgZfmzcblc09l75ykSKhPFVd+REn/k8YXwbWrd3YiBsuKLNnf98ONRL7SPh28DHW74iG TWGX0d+fEf2EerfT2v6YdZ13TXtr42yhGCgCoPkQeC3qMRbsYQB7KRDpaxVzrRw3ldSHSrAxAgDs xwm0KQ9nthdSQnYAJGpKtGFoMOkS3KzSyuQyexV8QwTfvkn7PLGG35i2j60Tdx6p1mj9YwdNg9jg py8HuRiXhd58EglTGIUvorIe+FAWxF5eU3Q+EcqMJlzcpDFJQj9JrU5wlAyIERE7MJGBMbqo6ueR krES02TKtpmTMjaUCDXegBbAjFykyMM7EeEEYCuUTyoL4vNFTGAkQCV8iaBkmqE2OCGMgNSKuPlY pc1346I1nyBpawUDUOJISQcxDHRVNKXDPLaZW5EpM+hXIJijDxyDlRy7M1dzzKTwU423E4jEwUs0 dxtDZRi9TQ/1iyZUKYwtvfCQTMRoFLL1tHNBtOnQrS5zkF26oQnNdlzhkegw+phnEhmVcKKEqLJb 3orjEiiHoDahAXtRGhAZgIIKByziXZDRov3LeKrTVpiXEG5dOo2WbTOjstuMs6jTMD0ml4wLoTwH p3c3C8XCo1C5o2yenpHapn83m24q3h2sXTNuTGgiUFk1dBQR0IqUCZLs8qJLwM/FN8KgDj8JDkRE P7AfRx4j0Vlkjva9TlKZsbKAMQeIgoUQCXcouMhVNDLLGyFail+ophVdq7APtph1vF7YGBFTwpDZ ImAXN9YMRjUKjxY5MS0UqpKJGFbBSE+31bUfzld9lihqOi9KHhR0rovGLLQIoDoL16XkRiVDrHYg mjwcwQ9ItiVfkvm6BXImsIBer/F3JFOFCQTMw3Ug --=-fLDTFGDgGtn2vlmDRwOk Content-Type: application/x-bzip Content-Disposition: attachment; filename=vps.8.bz2 Content-Transfer-Encoding: base64 QlpoOTFBWSZTWZ1W2p4AAHJfgAAQUefkV+9v326////gQAI7MItgEqGhASeI0nlPSDTCB6g00Maj IZAJQgBCNJtFP0ieoDQaAyB6gGnkQanopB6gBoGhoAAAAGgaAcwmATACYTCaYAABMmmgY5kUASEB QulsVgJAN0MEQWACQCfQ2wCzB+hZ3yJOR42jhwq8LceIzs6i1Lr4VrJ1ovcPFFbUV7Xl0S6V62W+ 18x9IqXVFBfuOw7uwOv69my7pp07ehBOnN3ClFspwYXQyCiFzj3U9vG3ryCg3UEF6rtsm334sXpJ bn8Ds5E7xRPeVJXTwEyjsfTHc3MmXYmw1OEAgKtbC5I3rNFlQGtTbXr2ywDdMcxeWKnfE7PcmGm+ sloAkZDOyB3xgGOH4GLivorI7daRLHGLN0Y9Lo1V2oWxOLYvpu96nrzBPCHtpxhy4Ec4wxhsOMlh C0XZXLRam6MYaLDUZGVBypydk8x1c02Xc3mm8rMYVS0a5nclYmK3l9UbRtb6BfVUtrvmlK61ZEPS TW/txfriQHHOWZ6d2Th+tpLTmFlxKUVWP0H6GSiyAWQsqrJ0a1qITNlpm1RqhU+EWpYoQqEUmEo4 4VAjUI5MqSrHSWrLKEF4Ca3S8Hyu/hTPS++sJG3Mhk0y3LZQN6Kioql12/ajhfJsZk9BGYuhXYom ulsW22R40U5PGFcMmpXSYzvxJSOGD7CYyDUtruP6nfuMNFO/SWlF73NlgOWEYuTTBJgkCBTmfjKM ydDntZxUnv6NvPgsNWnfApcjdSKdcmMA7xoLLwsCx3JXQXixOrL/i7kinChITqttTwA= --=-fLDTFGDgGtn2vlmDRwOk Content-Type: application/x-bzip Content-Disposition: attachment; filename=vpstree.8.bz2 Content-Transfer-Encoding: base64 QlpoOTFBWSZTWTHLR0QAAHJfgAAQUefkV+9v326////gQAI9mEUGEqGggibIyaT1GjTCB6Q00Gah oaNA00gAU0yaNU/RJ6gPUABoaeoBp+kg5hMAmAEwmE0wAACZNNAwlT1KGhoAAAAAAADQA0WZsAB1 omqcorjBIFdGEIrgkCXo2vFl5/2zvtEAGg3c+c2gU00CszqDMVs6c4Mo9rAjVwE+1oq8VhY0NqWi GxeRUEFD9hTV3dYHx7OvdXlTll1IE5Z3aYotlDaXQlFDZXHsp6YW9WUUG6chdq7K72+/HyeUtmju OvjTSKJrqpcNH4JmHZOiS1udM21Np6uEAgVbGFqSPWaq6gNim2PX8XIDdcl4urFTPjdotSmi+suT gSsimZB3vgGOH4GLjvorK7dj0yLHnLndk1ukVisQsjcWR/Td71PXnCLid7JaO6cw/N7r3bhpAudR 7NtTIzG973XUVCZKilCCGFUI6LtLSb8NkVAO9QB5INE4hQSKPnmO5JvF5sLTRbsl+gFplKY2ikp4 lUQecRNu29uLw4MHAUVquFKDaGQXHgFlpcJ6q36jgGWeuAsiZViJka1qIXm1xu7JpFHxBYUYFLAr Cf6Va0sAhhEmtGJsJkyxUg5gXS92YbCv7Es9bbTdAZZh21YinTdIDiAUKE1rxyRgPi3KqeYPiCiC 4svRMZUvXKiNC9GIowWMM7XiEBz1NoEvgBgZ10/MbbxquRBL/axSD2tYu3UGFz3sTW5IgI4OEtjb 4PiAkZDhSjBMR49WXDUXYa+LhKqKPUxGyG2SD42EodhoJyqx2USBOGWh/F3JFOFCQMctHRA= --=-fLDTFGDgGtn2vlmDRwOk Content-Type: application/x-bzip Content-Disposition: attachment; filename=vrpm.8.bz2 Content-Transfer-Encoding: base64 QlpoOTFBWSZTWdYRFGEAAJzfgAAQWef0V/9v326////kQALbGLS7sy7cNEET0TKflTxT00NT1PUH lNA/VAxBoeoNAGppo0hplNG1DUDQBoGRoDCDRpppoJTRCmp4ptU0w9QaAAAAAAAASiBJtJ6p5R+o j1BiaAADIA0ADIubjjwk/U9D1Q10xOs5YaMJOmm5G75IYwGwCQCL+szII85YmPdqVpYm6QKT+06U nE8mSu4NDJokM/5QD14/iASKOK3yGICQO4Im7UQqPSTQziZQjMAIGSjtWpipQMSt0WrpIQcozatR veSm7W3Q5EeTw+9ZlAy+3DmqxN6bLyBXgT1N25EnRSlS14tEgIKkDEV4AiiqitgkUnHc9xEAiOcR ulH72b+13mzufpWRyoLKrvBCWYnNm+wm4L+Tt4o8FDlvVdgnQPZcJvWAGBnagaYRCYYNdfoMxAGS 3wnqg4MzReBAlC2k+FNJyvXFim2AHrqJGfdYXTXkmXRWYzGQ3qn11Ucr8lioGnubARqxrEkd9qoP itIZHFXM6MZa2jwJsQJ7Wfvn/W0hezQ6674FdgN4Dw7YtIUOFhAiJVlI4GzNSt4iygzINvmalItk lg5pMlHaED2kXTQdk3F+uWY8Vine7M1NNMxLDNRU0iUl3hJzA7F+M5jRRFjOmjTvq0EhzM/JzrWB Q4bBLB4YCTXJoleoIHBkpVisRjlKpAsDQHCiDKjOaRaKP4C+nMyRBWRBWesHTEIhMH/LyLtDJ7pF LGesd3VYiCHEOoB0Q/08Sdqioz8OcleV2JXJ0oaZkY0zKbIpVa3lS5saXIcsrhbUUCBeZEu544iU ty+1RVUVMClagMwkH3Bg8dYXVnAojUIvi4Gii0j9UYgjRlqpnk8gVqt8JZefiIwE6rAx0hAJqlci /g88VmFddMkjZutrhuA2uQgyq+xAlyoDISlTqQRgwVvSkPJ4wxC1TuLcVmGVteNw5KY1AmxPXbA8 lToROyWsGgeiPUxqgr4yE7ZhMkQvP/F3JFOFCQ1hEUYQ --=-fLDTFGDgGtn2vlmDRwOk Content-Type: application/x-bzip Content-Disposition: attachment; filename=vserver-stat.8.bz2 Content-Transfer-Encoding: base64 QlpoOTFBWSZTWTxn7vQAAJt/gEzwBABZ5+RX72//dL////BAAny0qYo3DSAhpMp5I8UxHknqZqGh 5QPUeoAzU/VGQA1NNJhNTaaKb1EYgAAGgaHpNAGjT1AcNNMjEYTTAQwCaYRgmJkNMjQ0AlNIRlNq aNTap+o9QJk0A00ADQ0AGhkSmzCZFondDiiuf4fOWKtkunrXRHphgzTtLIcdNtMkCTDS0jnloJmc AIRPagqZc/qiVOYEmSW0U087VCXYVeLOqRRzzasUN6lkj6QjjeJ+GtdES2OGgDJw5zXJmY2CX5ga 53kA0XD1EWeV7LRjfjv7YCG8g1Vw0XjKrbSqSAEFaSJwynaKSIm4Ql/8tbrwejt3LozHNZMm4EIc hCOXc2BFQVlnY1PCYZu25dV6rxpUEETBo1Hb5wOGHhRkIryVWuzLB7rKakIrlNYOOCjqpOii9AhG tCIKPPcTgXkohnZFQlmjUjdiNGE8k5iDK7OBc3tnRUPEHZOcMS90u61EUIM9agByRDzb1aF22r12 MEZkyDZE21IZcwtddDxkBEYpgMRvXUP4hLwFQ/YpQovdrFOv6dSg4xytrU9c5hJCg8AghSY6+KAG vVy643M0djZfExrg/G+ZhOpmqsclFf/c3jnYw5kKV0W1c2cdduh3nPFSgZmk2jd4Z+whA3w8G7FW vuJ3zrMsCPahqv6P0bVaWjs9KpoEICuTR/ilJOzOTJ2FISUhUiKc4pWWJHMQDMNYxKa2gfLH4YzP fMMB3Z69Vhwk+LIORdhDPGwRp5dg9jmNkdCyLAHgQ2+qVFitF2+TkQoHnTNq0lEa1jDgG+29W//N e09ihs0SLYxUM72aMrZNHCTNexJG49jRhdhSdtC26RvVHKTPT2eDHvh+2IsON+ShNadqIAJISgfw P3dRHfPlQHjpyET2CUOWDfxdyRThQkDxn7vQ --=-fLDTFGDgGtn2vlmDRwOk Content-Type: application/x-bzip Content-Disposition: attachment; filename=vserver.8.bz2 Content-Transfer-Encoding: base64 QlpoOTFBWSZTWb/ZE6UAAKbfgAAQUefsV/9v326////gUAM+uRmIAoGiBU/0qfooep+qGT9SDE00 NPUAMjTeVB6hoc0xMmTRhMExNMAmAQwRgRgGgRqTaCamm0RmkA0BpoAAAGhzTEyZNGEwTE0wCYBD BGBGASJE0aBGgTEmp+qPKe1TQeo0B6gNMQ9I/KJAXwOHudae6Sk5CIaH4oUmqHQGwfvj089SqDmp aQhr2SUjBeD42FU5A3Saonf97nOVMxONX4yah/oa9YVBFIOq1VHCSMpzYYMN2JUxdL6NkCSOTK4F cAjSaTxYQWE7HPRGw2JjqEUnE9M6A0LOpKwZbxZBQMZwM+nRx15qs0p5ARSlt3cK3xvLa5KsZkA9 Hm6ADw1eQ127HFyYrekAErfCWf2GOFl1aJ6q7t3wcd+Em94Ia62lZLe/QvgDcWOFGZSLKoM56MoN TXEbAAgSah5ODjPz9XED+FPyo/fjaT88tSySaNdK9aJe2W/dsZjoBhGtOk/dtISsWO2HXZI82erv tAcezpLu6/X5WuqVnrLjv+3tIRlGsyuvQcyFK6kBKWmr9UMpiXCAjaLMOkTfP84UTavGZroo4Fpl FMglEpj1GBCm8JsREh35M4oGZVi+K/Sdy0Mh41QBVgoK54PCIWq0dBNmEmHFlk1PIdBi2ZJmskZc 6pYWwCeBBcI6NAZGj1qUW4YuyMHMOE90M8wCzImZSz3i5mlc9T4vMRuHO+FL4bMkqUOJz0qd9gcf lW3b7bYN266a1emsMLKXR3PTwivMZtOE958mvko7JBU4HoHb9HIjZWC6CHcXxOOUlumE3jx08bL7 lFrJBESJDPhsViU/W0sx4L/OF87y591YsAzOWqr45ZqYWNzxnsgkj2MpvvUP4zLcTUKt+udXVzMS OFabeFmPpVdCeD8N6SqPqzNhFN1SHM5xLTpoXsmvCkss7yqk1uRQ62AlOhZWXOzh6QWHbbndbZST WXEi7QrSruxDNpgwTWbW66Ks3u4rIvO9AbXtllCFdiaM7Vg8FXdjaNj4FExIQ5jDDA7znC2JkwaF ShW0zxocL1fdBeFeg8D6YRlIwCqO2vPw7sL1qqVcdml0ibytQiGk0tgfE7F+U02eMsJL5mnFterF iZmeyouX/i7kinChIX+yJ0o= --=-fLDTFGDgGtn2vlmDRwOk Content-Type: application/x-bzip Content-Disposition: attachment; filename=vtop.8.bz2 Content-Transfer-Encoding: base64 QlpoOTFBWSZTWe581BwAAHJfgAAQUefkV+9v326////gQAI9mV2tdyhKiehNNJHplPUfqT1A09NQ HpDQNNqGhoA0QCZPUCNT1NqNAHqABkNNGgYgaaIRpqammm0hkAYmAgxGmmINDCU0pMNCmmQbU9TH qjQA00GgZNADRZXkApcTrbUJmEkm4hiUxAkCX0Z9RHVr+297Q/7JoVVp0yYBPr1hS70BxCUNjF65 OYsIMYl+wCOCQoOc6J6FwCTCLIMCEGl7h1O3OBm0Z7kwTDdykCwvpdWi6q0buvnFCOYeqnTbzOi0 UGukllj1WUbKpuDxnv5uw6d9M4ox7Sp41/YmYbl5YYMuTNqTUaWiASkfSQwSDlmiy4AaCZ2OPVO8 MzRpCGCqdM3n0rtx2GJ6wBJUKlPb8YhI0duSLmqRVrdfHngsccN2V3g2Csl6F8zS+b5Zscpy7gfx Pyx3v/fcQtwfYfyjfMXvlBrVYxNAuQg+vILFUUoxQbF2sFdmKCjvVywYIwCgZiTo5BtKLhWaBIkq m5XoAlBSVVM6RoqKogwCc0/dh1UA8MOgSVyf1pg6pZjGyCYGIpjY7QfoW02Six8kchjRjGIhQzFX Rpgp6nPWixSwYsFYn8KucWAm5Jya0mSyTFqSpBtgV4og8bS5PX8ELZGC8til5Zyy0m3XoKv3BAIl VcbGkFkwO7YB0AdJrrIsc0q1XSJgVsWFA7Dg/IlYe8e1DJAq3gWHGfXqgl4opm/qhJ7mMWq2gLNr nLKppQAJoaJsTKyNkyU81BRAw1VSFJRHFZhuqXavRlIVs4VhrHygjPM/KwA13lGkIDcOu3/F3JFO FCQ7nzUHAA== --=-fLDTFGDgGtn2vlmDRwOk-- --=-0AkUrZQCWVfwokKhMogY Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD4DBQA8mZO44c1kHlhtW8oRAuEkAJ9g+nikCkl8WC4EL2niDSnbM1bQuwCUCYdz FJOz4FuzptpA13h50LY1Yg== =sZdF -----END PGP SIGNATURE----- --=-0AkUrZQCWVfwokKhMogY-- From vserver.error@solucorp.qc.ca Thu Mar 21 04:59:28 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2L9xR7Y021142; Thu, 21 Mar 2002 04:59:27 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2L8ABQ08307 for vserver.list; Thu, 21 Mar 2002 03:10:11 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2L8AAh08303 for ; Thu, 21 Mar 2002 03:10:11 -0500 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id 98F55108C for ; Thu, 21 Mar 2002 09:10:10 +0100 (CET) Subject: [vserver] Multiple vservers - 1 IP. From: klavs klavsen To: Vserver Mailinglist Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-nc5fdAcqM1UCIl9xDuPv" X-Mailer: Evolution/1.0.2 Date: 21 Mar 2002 09:10:10 +0100 Message-Id: <1016698210.2020.24.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 327 --=-nc5fdAcqM1UCIl9xDuPv Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi guys, I have a question to you clever coding techies out there :-) quote from Changelog 0.14 >> This new kernel enhances set_ipv4root a bit. This is not the multi-ip support yet though. This kernel allows application relying on broadcast to work in vservers. The trick is to assigned both an IP number and a broadcast address to a vserver. The socket handling for UDP was modified a little (one line in net/ipv4/udp.c) so an incoming packet is processed if it matched the vserver IP or the vserver broadcast address. << How much would have to be added to add a recognition of a certain port on the "root" servers ip-address - so I f.ex. could run my proftpd under a vserver (with a 10.x.x.x IP) and then assign port 21 on the root server(which would be the only one with a RFC1918 -valid IP) to this vserver (so that packages were forwarded)? I guess we also need affiliated connections - but wouldn't an iptables that kept state handle that? Would this be a good way of doing it, at all?=20 --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - Open Source Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-nc5fdAcqM1UCIl9xDuPv Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8mZVi4c1kHlhtW8oRAhHmAKCjLSKK64GSitwCCCcqjKlf6F35AACcDxAN 8QbKEuQnMzFPy97TMAN/1Ps= =PoC0 -----END PGP SIGNATURE----- --=-nc5fdAcqM1UCIl9xDuPv-- From vserver.error@solucorp.qc.ca Thu Mar 21 12:41:27 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2LHfQ7Y024860; Thu, 21 Mar 2002 12:41:26 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2LHCqD18863 for vserver.list; Thu, 21 Mar 2002 12:12:52 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from gandalf.dungeon.de ([212.36.231.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2LHCph18859 for ; Thu, 21 Mar 2002 12:12:52 -0500 Received: from dragon (dragon.dungeon.de [212.36.227.2]) by gandalf.dungeon.de (Postfix) with ESMTP id E3196B4A1 for ; Thu, 21 Mar 2002 18:12:45 +0100 (MET) Date: Thu, 21 Mar 2002 18:12:45 +0100 From: Sebastian Schaefer To: vserver@solucorp.qc.ca Subject: [vserver] problem (freeze) with netstat Message-ID: <6890000.1016730765@dragon> X-Mailer: Mulberry/2.1.2 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 328 Hi, i'm running kernel 2.4.18ctx9 with vserver-0.14 and i have the following problem: sometimes when i run "netstat -an" on the root server or on a virtual one the system freeze completly... no kernel panic entry nothing... and then i can only reboot... is there anyone who have the same problem ? it's very difficult to find a bug if the system freeze... bye sebastian From vserver.error@solucorp.qc.ca Thu Mar 21 13:05:15 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2LI5E7Y025130; Thu, 21 Mar 2002 13:05:14 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2LHdOl19406 for vserver.list; Thu, 21 Mar 2002 12:39:24 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from Trademart-1.ednet.ns.ca (Trademart-1.EDnet.NS.CA [142.227.51.1]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2LHdOh19402 for ; Thu, 21 Mar 2002 12:39:24 -0500 Received: from macleajb (helo=localhost) by Trademart-1.ednet.ns.ca with local-esmtp (Exim 3.35 #1) id 16o6X6-0006hh-00 for vserver@solucorp.qc.ca; Thu, 21 Mar 2002 13:39:24 -0400 Date: Thu, 21 Mar 2002 13:39:24 -0400 (AST) From: James MacLean To: Subject: [vserver] netstat in vserver kills machine Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 329 Hi folks, First post. Running 0.14 we can repeatedly take down the server by running: netstat -nap --inet in a virtual server. It may not blow up the first time you run it, but try it enough times over a short while and bang :(. Death in the kernel at c02055cb which I believe equates to: c0205220 T tcp_get_info Which I think I followed back to: c012d870 T __alloc_pages Had to copy from the screen :(. JES -- James B. MacLean macleajb@ednet.ns.ca Department of Education http://www.ednet.ns.ca/~macleajb Nova Scotia, Canada B3M 4B2 From vserver.error@solucorp.qc.ca Thu Mar 21 13:22:35 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2LIMX7Y025353; Thu, 21 Mar 2002 13:22:34 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2LHpvc19732 for vserver.list; Thu, 21 Mar 2002 12:51:57 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tux.rsn.bth.se (tux.rsn.bth.se [194.47.143.135]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2LHpuh19728 for ; Thu, 21 Mar 2002 12:51:57 -0500 Received: from localhost (gandalf@localhost [127.0.0.1]) by tux.rsn.bth.se (8.12.1/8.12.1/Debian -5) with ESMTP id g2LHphWa028073; Thu, 21 Mar 2002 18:51:43 +0100 Date: Thu, 21 Mar 2002 18:51:43 +0100 (CET) From: Martin Josefsson X-Sender: gandalf@tux.rsn.bth.se To: Sebastian Schaefer cc: vserver@solucorp.qc.ca Subject: Re: [vserver] problem (freeze) with netstat In-Reply-To: <6890000.1016730765@dragon> Message-ID: X-message-flag: Get yourself a real mail client! http://www.washington.edu/pine/ MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 330 On Thu, 21 Mar 2002, Sebastian Schaefer wrote: > Hi, > > i'm running kernel 2.4.18ctx9 with vserver-0.14 and i have the following > problem: > > sometimes when i run "netstat -an" on the root server or on a virtual one > the system freeze completly... no kernel panic entry nothing... and then i > can only reboot... > > is there anyone who have the same problem ? > it's very difficult to find a bug if the system freeze... Hmm, It was I who wrote that part... It's been stable here since I coded it so I assumed it was stable. I havn't tested ctx9 yet, I'm still running ctx8 (the first version with this new socket stuff) here. Did you have this problem with ctx8? or is it a ctx9 specific problem? /Martin Never argue with an idiot. They drag you down to their level, then beat you with experience. From vserver.error@solucorp.qc.ca Thu Mar 21 13:32:17 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2LIWH7Y025446; Thu, 21 Mar 2002 13:32:17 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2LI3fL19984 for vserver.list; Thu, 21 Mar 2002 13:03:41 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from gandalf.dungeon.de ([212.36.231.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2LI3fh19980 for ; Thu, 21 Mar 2002 13:03:41 -0500 Received: from dragon (dragon.dungeon.de [212.36.227.2]) by gandalf.dungeon.de (Postfix) with ESMTP id A0A77B4A1; Thu, 21 Mar 2002 19:03:41 +0100 (MET) Date: Thu, 21 Mar 2002 19:03:41 +0100 From: Sebastian Schaefer To: Martin Josefsson Cc: vserver@solucorp.qc.ca Subject: Re: [vserver] problem (freeze) with netstat Message-ID: <7160000.1016733821@dragon> In-Reply-To: References: X-Mailer: Mulberry/2.1.2 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1; format=flowed Content-Disposition: inline Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by dns.solucorp.qc.ca id g2LI3fh19980 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 331 --On Donnerstag, März 21, 2002 18:51:43 +0100 Martin Josefsson wrote: > Hmm, It was I who wrote that part... It's been stable here since I coded > it so I assumed it was stable. > I havn't tested ctx9 yet, I'm still running ctx8 (the first version with > this new socket stuff) here. > > Did you have this problem with ctx8? or is it a ctx9 specific problem? i didn't test ctx8... but i will now... bye sebastian From vserver.error@solucorp.qc.ca Fri Mar 22 07:41:53 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2MCfa7Y001752; Fri, 22 Mar 2002 07:41:37 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2MCNCl07711 for vserver.list; Fri, 22 Mar 2002 07:23:12 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from Tempo.Update.UU.SE (Tempo.Update.UU.SE [130.238.19.17]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2MCNBh07707 for ; Fri, 22 Mar 2002 07:23:11 -0500 Received: from Tempo.Update.UU.SE (localhost [127.0.0.1]) by Tempo.Update.UU.SE (8.12.1/8.12.1/Update-Iltempogigante) with ESMTP id g2MCNAfM012154 for ; Fri, 22 Mar 2002 13:23:10 +0100 Received: from localhost (jerker@localhost) by Tempo.Update.UU.SE (8.12.1/8.12.1/Update-Iltempogigante-submit) with ESMTP id g2MCN8Fe012150 for ; Fri, 22 Mar 2002 13:23:09 +0100 X-Authentication-Warning: Tempo.Update.UU.SE: jerker owned process doing -bs Date: Fri, 22 Mar 2002 13:23:08 +0100 (CET) From: Jerker Nyberg To: vserver@solucorp.qc.ca Subject: [vserver] tree-quotas Message-ID: Approved: tree-quota MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 332 I read about tree-quotas in LWN a few months ago. Maybe it can be of use or inspiration for vserver users. I havn't tried it. http://lwn.net/2001/1025/a/tree-quotas.php3 http://cgi.cse.unsw.edu.au/~neilb/wiki/?TreeQuotas Regards, Jerker Nyberg. Uppsala, Sweden. From vserver.error@solucorp.qc.ca Fri Mar 22 08:31:12 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2MDVB7Y002152; Fri, 22 Mar 2002 08:31:11 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2MDHqx08760 for vserver.list; Fri, 22 Mar 2002 08:17:52 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.mtl.toxik.net (modemcable200.184-201-24.mtl.mc.videotron.ca [24.201.184.200]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g2MDHqh08756 for ; Fri, 22 Mar 2002 08:17:52 -0500 Received: (qmail 1681 invoked by alias); 22 Mar 2002 13:17:52 -0000 Received: from koala.mtl.toxik.net (HELO toxik.com) (192.168.1.112) by ns1.mtl.toxik.net with SMTP; 22 Mar 2002 13:17:52 -0000 Message-ID: <3C9B2E46.8000902@toxik.com> Date: Fri, 22 Mar 2002 08:14:46 -0500 From: Toxik - Martial Rioux Organization: Toxik Technologies Inc. User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020310 X-Accept-Language: en-us, en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] tree-quotas References: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 333 Hi, In my point of view, to implement quota in vserver context you can use a mix of quota and LVM partition. With this solution you can have two quota level (once for vserver users(quota system) and other for each vserver(LVM partition)). I'm actually testing this solution. I come back with more details soon... Any ideas or comments are welcome. Jerker Nyberg wrote: > I read about tree-quotas in LWN a few months ago. Maybe it can be of use > or inspiration for vserver users. I havn't tried it. > > http://lwn.net/2001/1025/a/tree-quotas.php3 > > http://cgi.cse.unsw.edu.au/~neilb/wiki/?TreeQuotas > > Regards, > Jerker Nyberg. > Uppsala, Sweden. > > -- Martial Rioux Infrastructures and Technologies Toxik Technologies Inc. From vserver.error@solucorp.qc.ca Fri Mar 22 09:04:52 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2ME4p7Y002305; Fri, 22 Mar 2002 09:04:51 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2MDnMa09416 for vserver.list; Fri, 22 Mar 2002 08:49:22 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2MDnMh09408 for ; Fri, 22 Mar 2002 08:49:22 -0500 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16oPPw-00069z-00 for ; Fri, 22 Mar 2002 14:49:16 +0100 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16oPPw-00069o-00 for ; Fri, 22 Mar 2002 14:49:16 +0100 Sender: jon@silicide.dk Message-ID: <3C9B365B.E9C2CFBA@silicide.dk> Date: Fri, 22 Mar 2002 14:49:15 +0100 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: NFS-kernelspace still doesnt work, userspace does, was (Re: [vserver] vserver 0.14 and kernel 2.4.18ctx-9 changelog) References: <20020320154900.9bb8079b775a@remtk.solucorp.qc.ca> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: vserver@solucorp.qc.ca Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 334 I've just testet vserver-0.14, after applying the patch to 2.4.18 I still cant get kernel-space nfs to work, but userspace works fine. They perform about the same. (user space in vserver, kernel space outside vserver, but else same kernel/machine/...) Mar 22 12:49:52 nfs rpc.statd[402]: Version 1.0 Starting Mar 22 12:49:52 nfs nfsd[412]: nfssvc: Operation not permitted Mar 22 12:49:53 nfs update: This kernel does not need update(8). Exiting. Mar 22 12:50:16 nfs nfsd[460]: nfssvc: Operation not permitted I'm running debian woody on an smp p3. JonB From vserver.error@solucorp.qc.ca Fri Mar 22 09:22:15 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2MEME7Y002382; Fri, 22 Mar 2002 09:22:15 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2ME7El09829 for vserver.list; Fri, 22 Mar 2002 09:07:14 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2ME7Dh09825 for ; Fri, 22 Mar 2002 09:07:13 -0500 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16oPhI-0006Bc-00 for ; Fri, 22 Mar 2002 15:07:12 +0100 Received: from localhost ([127.0.0.1]) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16oPhI-0006BS-00 for ; Fri, 22 Mar 2002 15:07:12 +0100 Delivered-To: silicide_dk-jon+vserver@silicide.dk Received: from mail.dht.dk [194.239.148.46] by localhost with POP3 (fetchmail-5.9.0) for jon+vserver@silicide.dk (multi-drop); Fri, 22 Mar 2002 15:07:12 +0100 (CET) Received: (qmail 56686 invoked from network); 22 Mar 2002 14:05:21 -0000 Received: from dns.solucorp.qc.ca (207.253.4.241) by ns.dht.dk with SMTP; 22 Mar 2002 14:05:21 -0000 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2MDnMa09416 for vserver.list; Fri, 22 Mar 2002 08:49:22 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2MDnMh09408 for ; Fri, 22 Mar 2002 08:49:22 -0500 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16oPPw-00069z-00 for ; Fri, 22 Mar 2002 14:49:16 +0100 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16oPPw-00069o-00 for ; Fri, 22 Mar 2002 14:49:16 +0100 Sender: jon@silicide.dk Message-ID: <3C9B365B.E9C2CFBA@silicide.dk> Date: Fri, 22 Mar 2002 14:49:15 +0100 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: NFS-kernelspace still doesnt work, userspace does, was (Re: [vserver] vserver 0.14 and kernel 2.4.18ctx-9 changelog) References: <20020320154900.9bb8079b775a@remtk.solucorp.qc.ca> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: jon+vserver@silicide.dk Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 335 I've just testet vserver-0.14, after applying the patch to 2.4.18 I still cant get kernel-space nfs to work, but userspace works fine. They perform about the same. (user space in vserver, kernel space outside vserver, but else same kernel/machine/...) Mar 22 12:49:52 nfs rpc.statd[402]: Version 1.0 Starting Mar 22 12:49:52 nfs nfsd[412]: nfssvc: Operation not permitted Mar 22 12:49:53 nfs update: This kernel does not need update(8). Exiting. Mar 22 12:50:16 nfs nfsd[460]: nfssvc: Operation not permitted I'm running debian woody on an smp p3. JonB From vserver.error@solucorp.qc.ca Fri Mar 22 19:21:21 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2N0LE7Y008192; Fri, 22 Mar 2002 19:21:21 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2N05tD21739 for vserver.list; Fri, 22 Mar 2002 19:05:55 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from main.cyber-office.net (main.cyber-office.net [216.64.180.226]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2N05th21735 for ; Fri, 22 Mar 2002 19:05:55 -0500 Received: from localhost (raanders@localhost) by main.cyber-office.net (8.11.6/linuxconf) with ESMTP id g2N07B102851 for ; Fri, 22 Mar 2002 16:07:11 -0800 X-Authentication-Warning: main.cyber-office.net: raanders owned process doing -bs Date: Fri, 22 Mar 2002 16:07:11 -0800 (PST) From: X-X-Sender: To: Subject: [vserver] 2.4.18ctx-9 Kernel Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-98.8 required=5.0 tests=NO_REAL_NAME,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 336 I believe there were other messages reference this kernel locking up. It happened to me some time after 5 PM yesterday. The system had been up about 1.5 hours. No further messages after then. Took my mail out so I may have missed further messages on this topic. I just started logging kernel messages to a file and I have a cron job running every minute to figure out a closer time when/if it freezes. IS there anything else I could/should be running to log the system status? I have backed off to 2.4.17ctx-7 since I have to drive 30+ miles to get to this machine. (I really need to get a test machine a bit closer.) As soon as I get upto date on what has happened today I probably try a later kernel. Thanks for reading my ramblings. Rod -- Without geometry what's the point in life. From vserver.error@solucorp.qc.ca Sat Mar 23 04:24:48 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2N9Ol7Y012721; Sat, 23 Mar 2002 04:24:48 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2N99Lv29964 for vserver.list; Sat, 23 Mar 2002 04:09:21 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.catv.telemach.ro ([212.146.66.245]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2N99Ih29960 for ; Sat, 23 Mar 2002 04:09:19 -0500 Received: from 127.0.0.1 (localhost.localdomain [127.0.0.1]) by dummy.domain.name (Postfix) with SMTP id E5A4917D1D for ; Sat, 23 Mar 2002 11:09:17 +0200 (EET) Received: from catv.telemach.ro (mach2 [212.146.66.245]) by mail.catv.telemach.ro (Postfix) with ESMTP id 467D317D17 for ; Sat, 23 Mar 2002 11:09:17 +0200 (EET) Message-ID: <3C9C463D.4050208@catv.telemach.ro> Date: Sat, 23 Mar 2002 11:09:17 +0200 From: Razvan Cosma User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.6) Gecko/20011210 X-Accept-Language: en-us MIME-Version: 1.0 To: vserver Subject: [vserver] syntax error in vserver script Content-Type: text/plain; charset=ISO-8859-2; format=flowed Content-Transfer-Encoding: 7bit Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 337 Hello, Something in this line /usr/sbin/chbind --silent --ip $IPROOT \ /usr/sbin/chcontext --secure --silent --ctx $S_CONTEXT \ /usr/lib/vserver/vserverkillall is causing the following error: vserver ftp stop Stopping the virtual server ftp Server ftp is running ipv4root is now 10.0.0.1 New security context is 0 Shutting down proftpd: sleep 2 Killing all processes expr: syntax error ^^^^^^^^^^^ I am using vserver-0.13-1, kernel 2.4.17ctx-8 (compiled by me) and only proftpd-1.2.4.tar.bz2 runs in the vserver. Any hints? 10x. From vserver.error@solucorp.qc.ca Sat Mar 23 07:47:09 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2NCl77Y013766; Sat, 23 Mar 2002 07:47:08 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2NCYoS32651 for vserver.list; Sat, 23 Mar 2002 07:34:50 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mx1.paradigm4.com.au (server.paradigm4.com.au [202.45.126.119]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g2NCYnh32646 for ; Sat, 23 Mar 2002 07:34:49 -0500 Received: (qmail 12453 invoked from network); 23 Mar 2002 12:37:44 -0000 Received: from d2.paradigm4.com.au (HELO mail.DigitalAngel.com.au) (202.45.126.111) by mx1.paradigm4.com.au with SMTP; 23 Mar 2002 12:37:44 -0000 Received: (qmail 13043 invoked from network); 23 Mar 2002 12:39:55 -0000 Received: from charley.home (HELO charlie) (10.0.0.4) by stanley.home with SMTP; 23 Mar 2002 12:39:55 -0000 From: edward@paradigm4.com.au Organization: Paradigm4 To: vserver@solucorp.qc.ca Date: Sat, 23 Mar 2002 23:43:34 +1100 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: [vserver] syntax error in vserver script Message-ID: <3C9D1326.20230.21220B7@localhost> Priority: normal In-reply-to: <3C9C463D.4050208@catv.telemach.ro> X-mailer: Pegasus Mail for Win32 (v3.12c) Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=1.2 required=5.0 tests=NO_REAL_NAME version=2.01 Status: RO X-Status: X-Keywords: X-UID: 338 On Saturday, 23 March 2002 at 11:09, Razvan Cosma wrote: > Hello, > Something in this line > > /usr/sbin/chbind --silent --ip $IPROOT \ > /usr/sbin/chcontext --secure --silent --ctx $S_CONTEXT \ > /usr/lib/vserver/vserverkillall > > is causing the following error: > > vserver ftp stop > Stopping the virtual server ftp > Server ftp is running > ipv4root is now 10.0.0.1 > New security context is 0 > Shutting down proftpd: > sleep 2 > Killing all processes > expr: syntax error > ^^^^^^^^^^^ > > I am using vserver-0.13-1, kernel 2.4.17ctx-8 (compiled by me) > and only proftpd-1.2.4.tar.bz2 runs in the vserver. Any hints? 10x. > It is this line: CTX=`eval expr $CTX + 0` in /usr/lib/vserver/vserverkillall The following worked for me: Replace the line CTX=`cat /proc/self/status | grep s_context | sed s/s_context://` with CTX=`awk '/^s_context:/{print $2}' /proc/self/status` hth Ed From vserver.error@solucorp.qc.ca Sat Mar 23 08:37:48 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2NDbk7Y013923; Sat, 23 Mar 2002 08:37:47 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2NDQhV00995 for vserver.list; Sat, 23 Mar 2002 08:26:43 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from gandalf.dungeon.de ([212.36.231.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2NDQgh00991 for ; Sat, 23 Mar 2002 08:26:42 -0500 Received: from dragon (dragon.dungeon.de [212.36.227.2]) by gandalf.dungeon.de (Postfix) with ESMTP id A1CA8B4A3; Sat, 23 Mar 2002 14:26:41 +0100 (MET) Date: Sat, 23 Mar 2002 14:26:41 +0100 From: Sebastian Schaefer To: Martin Josefsson Cc: vserver@solucorp.qc.ca Subject: Re: [vserver] problem (freeze) with netstat Message-ID: <6690000.1016890001@dragon> In-Reply-To: References: X-Mailer: Mulberry/2.1.2 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1; format=flowed Content-Disposition: inline Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by dns.solucorp.qc.ca id g2NDQgh00991 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 339 --On Donnerstag, März 21, 2002 18:51:43 +0100 Martin Josefsson wrote: > Hmm, It was I who wrote that part... It's been stable here since I coded > it so I assumed it was stable. > I havn't tested ctx9 yet, I'm still running ctx8 (the first version with > this new socket stuff) here. > > Did you have this problem with ctx8? or is it a ctx9 specific problem? ctx8 works... no problem with netstat ... mmm bye sebastian From vserver.error@solucorp.qc.ca Sat Mar 23 08:45:32 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2NDjV7Y013963; Sat, 23 Mar 2002 08:45:31 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2NDYgm01159 for vserver.list; Sat, 23 Mar 2002 08:34:42 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.catv.telemach.ro ([212.146.66.245]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2NDYgh01155 for ; Sat, 23 Mar 2002 08:34:42 -0500 Received: from 127.0.0.1 (localhost.localdomain [127.0.0.1]) by dummy.domain.name (Postfix) with SMTP id AF61E17D1D for ; Sat, 23 Mar 2002 15:34:41 +0200 (EET) Received: from catv.telemach.ro (mach2 [212.146.66.245]) by mail.catv.telemach.ro (Postfix) with ESMTP id 5A0C517D17 for ; Sat, 23 Mar 2002 15:34:41 +0200 (EET) Message-ID: <3C9C8471.5070209@catv.telemach.ro> Date: Sat, 23 Mar 2002 15:34:41 +0200 From: Razvan Cosma User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.6) Gecko/20011210 X-Accept-Language: en-us MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] syntax error in vserver script References: <3C9D1326.20230.21220B7@localhost> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 340 It works. Thank you. edward@paradigm4.com.au wrote: > On Saturday, 23 March 2002 at 11:09, Razvan Cosma wrote: > > >> Hello, >>Something in this line >> >>/usr/sbin/chbind --silent --ip $IPROOT \ >> /usr/sbin/chcontext --secure --silent --ctx $S_CONTEXT \ >> /usr/lib/vserver/vserverkillall >> >>is causing the following error: >> >>vserver ftp stop >>Stopping the virtual server ftp >>Server ftp is running >>ipv4root is now 10.0.0.1 >>New security context is 0 >>Shutting down proftpd: >>sleep 2 >>Killing all processes >>expr: syntax error >>^^^^^^^^^^^ >> >>I am using vserver-0.13-1, kernel 2.4.17ctx-8 (compiled by me) >>and only proftpd-1.2.4.tar.bz2 runs in the vserver. Any hints? 10x. >> >> > > It is this line: > > CTX=`eval expr $CTX + 0` > > in /usr/lib/vserver/vserverkillall > > The following worked for me: > > Replace the line > > CTX=`cat /proc/self/status | grep s_context | sed s/s_context://` > > with > > CTX=`awk '/^s_context:/{print $2}' /proc/self/status` > > hth > Ed From vserver.error@solucorp.qc.ca Sat Mar 23 10:32:24 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2NFWN7Y014537; Sat, 23 Mar 2002 10:32:24 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2NFKsH02933 for vserver.list; Sat, 23 Mar 2002 10:20:54 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tux.rsn.bth.se (tux.rsn.bth.se [194.47.143.135]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2NFKrh02929 for ; Sat, 23 Mar 2002 10:20:53 -0500 Received: from localhost (gandalf@localhost [127.0.0.1]) by tux.rsn.bth.se (8.12.2/8.12.2/Debian -5) with ESMTP id g2NFKaSe027188; Sat, 23 Mar 2002 16:20:37 +0100 Date: Sat, 23 Mar 2002 16:20:36 +0100 (CET) From: Martin Josefsson X-Sender: gandalf@tux.rsn.bth.se To: James MacLean cc: vserver@solucorp.qc.ca Subject: Re: [vserver] netstat in vserver kills machine In-Reply-To: Message-ID: X-message-flag: Get yourself a real mail client! http://www.washington.edu/pine/ MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 341 On Thu, 21 Mar 2002, James MacLean wrote: > Hi folks, > > First post. Running 0.14 we can repeatedly take down the server by > running: > > netstat -nap --inet > > in a virtual server. It may not blow up the first time you run it, but try > it enough times over a short while and bang :(. > > Death in the kernel at c02055cb which I believe equates to: > c0205220 T tcp_get_info > > Which I think I followed back to: > c012d870 T __alloc_pages > > Had to copy from the screen :(. Hi James, Did you get an Oops or did you use sysrq to get the trace? /Martin Never argue with an idiot. They drag you down to their level, then beat you with experience. From vserver.error@solucorp.qc.ca Sat Mar 23 10:33:08 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2NFX77Y014545; Sat, 23 Mar 2002 10:33:07 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2NFL4J02943 for vserver.list; Sat, 23 Mar 2002 10:21:04 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tux.rsn.bth.se (tux.rsn.bth.se [194.47.143.135]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2NFL4h02939 for ; Sat, 23 Mar 2002 10:21:04 -0500 Received: from localhost (gandalf@localhost [127.0.0.1]) by tux.rsn.bth.se (8.12.2/8.12.2/Debian -5) with ESMTP id g2NFKuSe027193; Sat, 23 Mar 2002 16:20:56 +0100 Date: Sat, 23 Mar 2002 16:20:56 +0100 (CET) From: Martin Josefsson X-Sender: gandalf@tux.rsn.bth.se To: Sebastian Schaefer cc: vserver@solucorp.qc.ca Subject: Re: [vserver] problem (freeze) with netstat In-Reply-To: <6690000.1016890001@dragon> Message-ID: X-message-flag: Get yourself a real mail client! http://www.washington.edu/pine/ MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by dns.solucorp.qc.ca id g2NFL4h02939 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 342 On Sat, 23 Mar 2002, Sebastian Schaefer wrote: > --On Donnerstag, März 21, 2002 18:51:43 +0100 Martin Josefsson > wrote: > > > Hmm, It was I who wrote that part... It's been stable here since I coded > > it so I assumed it was stable. > > I havn't tested ctx9 yet, I'm still running ctx8 (the first version with > > this new socket stuff) here. > > > > Did you have this problem with ctx8? or is it a ctx9 specific problem? > > > ctx8 works... no problem with netstat ... mmm Great! But hmm, I don't see anything that can explain the crashes between ctx8 and ctx9 so it's possible that it's my netstat stuff that's causing it after all. But I fail to see how on earth it can lock up the machine, all it does is to skip some sockets in the creation of the socketlists in /proc Some prople said that it just locked up and at least one person provided information that sait it hung in tcp_get_info which is one of the functions I've modified. Jacques, do you have any ideas? /Martin Never argue with an idiot. They drag you down to their level, then beat you with experience. From vserver.error@solucorp.qc.ca Sat Mar 23 11:00:22 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2NG0L7Y014789; Sat, 23 Mar 2002 11:00:21 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2NFjtR03385 for vserver.list; Sat, 23 Mar 2002 10:45:55 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from Trademart-1.ednet.ns.ca (Trademart-1.EDnet.NS.CA [142.227.51.1]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2NFjth03381 for ; Sat, 23 Mar 2002 10:45:55 -0500 Received: from macleajb (helo=localhost) by Trademart-1.ednet.ns.ca with local-esmtp (Exim 3.35 #1) id 16oniL-0001Go-00; Sat, 23 Mar 2002 11:45:53 -0400 Date: Sat, 23 Mar 2002 11:45:53 -0400 (AST) From: James MacLean To: Martin Josefsson cc: Subject: Re: [vserver] netstat in vserver kills machine In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 343 I seem to remember it was an Ieee then the machine completely froze... Except for sysrq combos which confirmed the info reported :). Jim On Sat, 23 Mar 2002, Martin Josefsson wrote: > On Thu, 21 Mar 2002, James MacLean wrote: > > > Hi folks, > > > > First post. Running 0.14 we can repeatedly take down the server by > > running: > > > > netstat -nap --inet > > > > in a virtual server. It may not blow up the first time you run it, but try > > it enough times over a short while and bang :(. > > > > Death in the kernel at c02055cb which I believe equates to: > > c0205220 T tcp_get_info > > > > Which I think I followed back to: > > c012d870 T __alloc_pages > > > > Had to copy from the screen :(. > > Hi James, > > Did you get an Oops or did you use sysrq to get the trace? > > /Martin > > Never argue with an idiot. They drag you down to their level, then beat you with experience. > > -- James B. MacLean macleajb@ednet.ns.ca Department of Education http://www.ednet.ns.ca/~macleajb Nova Scotia, Canada B3M 4B2 From vserver.error@solucorp.qc.ca Sat Mar 23 11:02:00 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2NG207Y014810; Sat, 23 Mar 2002 11:02:00 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2NFomf03470 for vserver.list; Sat, 23 Mar 2002 10:50:48 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tux.rsn.bth.se (tux.rsn.bth.se [194.47.143.135]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2NFolh03466 for ; Sat, 23 Mar 2002 10:50:47 -0500 Received: from localhost (gandalf@localhost [127.0.0.1]) by tux.rsn.bth.se (8.12.2/8.12.2/Debian -5) with ESMTP id g2NFoVSe027624; Sat, 23 Mar 2002 16:50:31 +0100 Date: Sat, 23 Mar 2002 16:50:31 +0100 (CET) From: Martin Josefsson X-Sender: gandalf@tux.rsn.bth.se To: James MacLean cc: vserver@solucorp.qc.ca Subject: Re: [vserver] netstat in vserver kills machine In-Reply-To: Message-ID: X-message-flag: Get yourself a real mail client! http://www.washington.edu/pine/ MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 344 On Sat, 23 Mar 2002, James MacLean wrote: > > I seem to remember it was an Ieee then the machine completely froze... > > Except for sysrq combos which confirmed the info reported :). Ok thanks, one more thing, do you remember if numlock worked? It sounds like an infinite loop in tcp_get_info :( /Martin Never argue with an idiot. They drag you down to their level, then beat you with experience. From vserver.error@solucorp.qc.ca Sat Mar 23 11:17:21 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2NGHK7Y014885; Sat, 23 Mar 2002 11:17:20 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2NG2Ik03666 for vserver.list; Sat, 23 Mar 2002 11:02:18 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from Trademart-1.ednet.ns.ca (Trademart-1.EDnet.NS.CA [142.227.51.1]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2NG2Ih03662 for ; Sat, 23 Mar 2002 11:02:18 -0500 Received: from macleajb (helo=localhost) by Trademart-1.ednet.ns.ca with local-esmtp (Exim 3.35 #1) id 16onyE-0002Po-00; Sat, 23 Mar 2002 12:02:18 -0400 Date: Sat, 23 Mar 2002 12:02:18 -0400 (AST) From: James MacLean To: Martin Josefsson cc: Subject: Re: [vserver] netstat in vserver kills machine In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 345 On Sat, 23 Mar 2002, Martin Josefsson wrote: > On Sat, 23 Mar 2002, James MacLean wrote: > > I seem to remember it was an Ieee then the machine completely froze... > > Except for sysrq combos which confirmed the info reported :). > Ok thanks, one more thing, do you remember if numlock worked? > It sounds like an infinite loop in tcp_get_info :( That I can not remember, but since the first time it happened, another staff member rebooted it, I believe he would have tried numlock. I know I tried ctrl-alt-delete and it didn't do anything :). Also, we blew it up a few more times through the day. Once with netstat at ctx 0 (normal root user) and once we were not sure what caused it although we had started an IceCast server on its own vserver. > /Martin Jim -- James B. MacLean macleajb@ednet.ns.ca Department of Education http://www.ednet.ns.ca/~macleajb Nova Scotia, Canada B3M 4B2 From vserver.error@solucorp.qc.ca Sat Mar 23 11:31:43 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2NGVg7Y014967; Sat, 23 Mar 2002 11:31:43 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2NGK7Q04017 for vserver.list; Sat, 23 Mar 2002 11:20:07 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tux.rsn.bth.se (tux.rsn.bth.se [194.47.143.135]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2NGK6h04008 for ; Sat, 23 Mar 2002 11:20:06 -0500 Received: from localhost (gandalf@localhost [127.0.0.1]) by tux.rsn.bth.se (8.12.2/8.12.2/Debian -5) with ESMTP id g2NGJvSe027888; Sat, 23 Mar 2002 17:19:57 +0100 Date: Sat, 23 Mar 2002 17:19:57 +0100 (CET) From: Martin Josefsson X-Sender: gandalf@tux.rsn.bth.se To: James MacLean cc: vserver@solucorp.qc.ca Subject: Re: [vserver] netstat in vserver kills machine In-Reply-To: Message-ID: X-message-flag: Get yourself a real mail client! http://www.washington.edu/pine/ MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 346 On Sat, 23 Mar 2002, James MacLean wrote: > On Sat, 23 Mar 2002, Martin Josefsson wrote: > > > On Sat, 23 Mar 2002, James MacLean wrote: > > > I seem to remember it was an Ieee then the machine completely froze... > > > Except for sysrq combos which confirmed the info reported :). > > Ok thanks, one more thing, do you remember if numlock worked? > > It sounds like an infinite loop in tcp_get_info :( > > That I can not remember, but since the first time it happened, another > staff member rebooted it, I believe he would have tried numlock. > > I know I tried ctrl-alt-delete and it didn't do anything :). > > Also, we blew it up a few more times through the day. Once with netstat at > ctx 0 (normal root user) and once we were not sure what caused it although > we had started an IceCast server on its own vserver. ctx8 which is the first version to include my netstat stuff has been very stable here on my machine, nothing has crashed or anything, I've tried running netstat in a loop and it's been working fine. and another user said that ctx8 worked fine on his machine but ctx9 doesn't and ctx9 doesn't touch this stuff at all so I'd actually expect ctx9 to work as well as ctx8 does. /Martin Never argue with an idiot. They drag you down to their level, then beat you with experience. From vserver.error@solucorp.qc.ca Sat Mar 23 12:22:04 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2NHM37Y015478; Sat, 23 Mar 2002 12:22:04 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2NHAuQ04957 for vserver.list; Sat, 23 Mar 2002 12:10:56 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2NHAuh04953 for ; Sat, 23 Mar 2002 12:10:56 -0500 Received: from remtk.solucorp.qc.ca (g36-116.citenet.net [206.123.36.116]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g2NHJG602357 for ; Sat, 23 Mar 2002 12:19:16 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g2NHBsU03483 for vserver@solucorp.qc.ca; Sat, 23 Mar 2002 12:11:54 -0500 From: Jacques Gelinas Date: Sat, 23 Mar 2002 12:11:54 -0500 To: vserver@solucorp.qc.ca Subject: Re: [vserver] netstat in vserver kills machine X-mailer: tlmpmail 0.1 Message-ID: <20020323121154.4f0c53ebb18a@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 347 On Sat, 23 Mar 2002 17:19:57 -0500, Martin Josefsson wrote > On Sat, 23 Mar 2002, James MacLean wrote: > > > On Sat, 23 Mar 2002, Martin Josefsson wrote: > > > > > On Sat, 23 Mar 2002, James MacLean wrote: > > > > I seem to remember it was an Ieee then the machine completely froze... > > > > Except for sysrq combos which confirmed the info reported :). > > > Ok thanks, one more thing, do you remember if numlock worked? > > > It sounds like an infinite loop in tcp_get_info :( > > > > That I can not remember, but since the first time it happened, another > > staff member rebooted it, I believe he would have tried numlock. > > > > I know I tried ctrl-alt-delete and it didn't do anything :). > > > > Also, we blew it up a few more times through the day. Once with netstat at > > ctx 0 (normal root user) and once we were not sure what caused it although > > we had started an IceCast server on its own vserver. > > ctx8 which is the first version to include my netstat stuff has been very > stable here on my machine, nothing has crashed or anything, I've tried > running netstat in a loop and it's been working fine. > > and another user said that ctx8 worked fine on his machine but ctx9 > doesn't and ctx9 doesn't touch this stuff at all so I'd actually expect > ctx9 to work as well as ctx8 does. I have replicated this problem with ctx-9 on two machines, using netstat. Very odd. On one machine, I have hammered on netstat for a while without any problems then few hours later (uptime hours later), I crashed the machine twice in a row using netstat. The trace shows that the kernel is dying in __get_free_page(), called from proc_file_read, just before calling tcp_get_info. My idea was that the new stuff introduced in ctx-8 (private vserver netstat) was doing some corruption. But ctx-8 has never crashed on me. I have reviewed and reviewed tcp_get_info() and it seems all fine to me. Very strange. I wonder if for some reason the kernel ctx-9 has been improperly compiled. In ctx-9, I introduced a new field in "struct sock" for the broadcast address. Anyone has withness a crash with ctx-9 with a kernel they compiled themselves (not using my binary) ? --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Sat Mar 23 12:33:30 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2NHXU7Y015560; Sat, 23 Mar 2002 12:33:30 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2NHMY005139 for vserver.list; Sat, 23 Mar 2002 12:22:34 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2NHMXh05135 for ; Sat, 23 Mar 2002 12:22:33 -0500 Received: from remtk.solucorp.qc.ca (g36-117.citenet.net [206.123.36.117]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g2NHUs602790 for ; Sat, 23 Mar 2002 12:30:54 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g2NHE9F03529 for vserver@solucorp.qc.ca; Sat, 23 Mar 2002 12:14:09 -0500 From: Jacques Gelinas Date: Sat, 23 Mar 2002 12:14:09 -0500 To: vserver@solucorp.qc.ca Subject: Re: [vserver] netstat in vserver kills machine X-mailer: tlmpmail 0.1 Message-ID: <20020323121409.468e7b1b4652@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 348 On Sat, 23 Mar 2002 16:50:31 -0500, Martin Josefsson wrote > On Sat, 23 Mar 2002, James MacLean wrote: > > > > > I seem to remember it was an Ieee then the machine completely froze... > > > > Except for sysrq combos which confirmed the info reported :). > > Ok thanks, one more thing, do you remember if numlock worked? > It sounds like an infinite loop in tcp_get_info :( I have seen kernel oops. not an infinite loop in tcp_get_info. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Sat Mar 23 12:33:45 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2NHXi7Y015570; Sat, 23 Mar 2002 12:33:44 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2NHMZj05145 for vserver.list; Sat, 23 Mar 2002 12:22:35 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2NHMZh05141 for ; Sat, 23 Mar 2002 12:22:35 -0500 Received: from remtk.solucorp.qc.ca (g36-117.citenet.net [206.123.36.117]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g2NHUu602793 for ; Sat, 23 Mar 2002 12:30:56 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g2NHIdu03532 for vserver@solucorp.qc.ca; Sat, 23 Mar 2002 12:18:39 -0500 From: Jacques Gelinas Date: Sat, 23 Mar 2002 12:18:39 -0500 To: vserver@solucorp.qc.ca Subject: Re: [vserver] problem (freeze) with netstat X-mailer: tlmpmail 0.1 Message-ID: <20020323121839.a4110603024b@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 349 On Sat, 23 Mar 2002 16:20:56 -0500, Martin Josefsson wrote > On Sat, 23 Mar 2002, Sebastian Schaefer wrote: > > > --On Donnerstag, März 21, 2002 18:51:43 +0100 Martin Josefsson > > wrote: > > > > > Hmm, It was I who wrote that part... It's been stable here since I coded > > > it so I assumed it was stable. > > > I havn't tested ctx9 yet, I'm still running ctx8 (the first version with > > > this new socket stuff) here. > > > > > > Did you have this problem with ctx8? or is it a ctx9 specific problem? > > > > > > ctx8 works... no problem with netstat ... mmm > > Great! > > But hmm, I don't see anything that can explain the crashes between ctx8 > and ctx9 so it's possible that it's my netstat stuff that's causing it > after all. But I fail to see how on earth it can lock up the machine, all > it does is to skip some sockets in the creation of the socketlists in > /proc > > Some prople said that it just locked up and at least one person provided > information that sait it hung in tcp_get_info which is one of the > functions I've modified. > > Jacques, do you have any ideas? The kernel oops does not report it crashes in tcp_get_info, but in __get_free_page called from proc_file_read. Note that I have also seen the bug with cat /proc/net/tcp so we know it is related to tcp_get_info(), but the oops does not occur there. Maybe tcp_get_info is doing something weird (I must admit having read and read the code and I can't see anything weird :-) ) and then some corruption is produced and the kernel crash later. Also the oops is clearly initiated by the netstat process. So it is kind of directly related (or the cat /proc/net/tcp process). --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Sat Mar 23 12:45:08 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2NHj77Y015655; Sat, 23 Mar 2002 12:45:07 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2NHXZm05355 for vserver.list; Sat, 23 Mar 2002 12:33:35 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from gandalf.dungeon.de ([212.36.231.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2NHXYh05351 for ; Sat, 23 Mar 2002 12:33:34 -0500 Received: from dragon (dragon.dungeon.de [212.36.227.2]) by gandalf.dungeon.de (Postfix) with ESMTP id 18F42B49C; Sat, 23 Mar 2002 18:33:34 +0100 (MET) Date: Sat, 23 Mar 2002 18:33:34 +0100 From: Sebastian Schaefer To: vserver@solucorp.qc.ca, Martin Josefsson Subject: Re: [vserver] netstat in vserver kills machine Message-ID: <22260000.1016904813@dragon> In-Reply-To: References: X-Mailer: Mulberry/2.1.2 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1; format=flowed Content-Disposition: inline Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by dns.solucorp.qc.ca id g2NHXYh05351 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 350 --On Samstag, März 23, 2002 16:50:31 +0100 Martin Josefsson wrote: > On Sat, 23 Mar 2002, James MacLean wrote: > >> >> I seem to remember it was an Ieee then the machine completely froze... >> >> Except for sysrq combos which confirmed the info reported :). > > Ok thanks, one more thing, do you remember if numlock worked? > It sounds like an infinite loop in tcp_get_info :( > my NumLock worked... bye sebastian From vserver.error@solucorp.qc.ca Sat Mar 23 12:52:35 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2NHqY7Y015700; Sat, 23 Mar 2002 12:52:34 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2NHfQO05621 for vserver.list; Sat, 23 Mar 2002 12:41:26 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from Trademart-1.ednet.ns.ca (Trademart-1.EDnet.NS.CA [142.227.51.1]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2NHfPh05617 for ; Sat, 23 Mar 2002 12:41:25 -0500 Received: from macleajb (helo=localhost) by Trademart-1.ednet.ns.ca with local-esmtp (Exim 3.35 #1) id 16opW9-0000Ht-00 for vserver@solucorp.qc.ca; Sat, 23 Mar 2002 13:41:25 -0400 Date: Sat, 23 Mar 2002 13:41:25 -0400 (AST) From: James MacLean To: Subject: Re: [vserver] netstat in vserver kills machine In-Reply-To: <20020323121154.4f0c53ebb18a@remtk.solucorp.qc.ca> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 351 On Sat, 23 Mar 2002, Jacques Gelinas wrote: > Anyone has withness a crash with ctx-9 with a kernel they compiled themselves > (not using my binary) ? Hi Jacques, All ours are home grown kernels. So, yes, our crashes were on our own kernels only ;). Have not tried any of the pre-made ones. take care, JES -- James B. MacLean macleajb@ednet.ns.ca Department of Education http://www.ednet.ns.ca/~macleajb Nova Scotia, Canada B3M 4B2 From vserver.error@solucorp.qc.ca Sat Mar 23 12:53:39 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2NHrd7Y015710; Sat, 23 Mar 2002 12:53:39 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2NHfKp05615 for vserver.list; Sat, 23 Mar 2002 12:41:20 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tux.rsn.bth.se (tux.rsn.bth.se [194.47.143.135]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2NHfJh05610 for ; Sat, 23 Mar 2002 12:41:19 -0500 Received: from localhost (gandalf@localhost [127.0.0.1]) by tux.rsn.bth.se (8.12.2/8.12.2/Debian -5) with ESMTP id g2NHfBSe028393; Sat, 23 Mar 2002 18:41:11 +0100 Date: Sat, 23 Mar 2002 18:41:11 +0100 (CET) From: Martin Josefsson X-Sender: gandalf@tux.rsn.bth.se To: Sebastian Schaefer cc: vserver@solucorp.qc.ca Subject: Re: [vserver] netstat in vserver kills machine In-Reply-To: <22260000.1016904813@dragon> Message-ID: X-message-flag: Get yourself a real mail client! http://www.washington.edu/pine/ MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by dns.solucorp.qc.ca id g2NHfJh05610 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 352 On Sat, 23 Mar 2002, Sebastian Schaefer wrote: > > > --On Samstag, März 23, 2002 16:50:31 +0100 Martin Josefsson > wrote: > > > On Sat, 23 Mar 2002, James MacLean wrote: > > > >> > >> I seem to remember it was an Ieee then the machine completely froze... > >> > >> Except for sysrq combos which confirmed the info reported :). > > > > Ok thanks, one more thing, do you remember if numlock worked? > > It sounds like an infinite loop in tcp_get_info :( > > > > my NumLock worked... Ok, then it's probably a livelock of some kind :( /Martin Never argue with an idiot. They drag you down to their level, then beat you with experience. From vserver.error@solucorp.qc.ca Sat Mar 23 13:39:23 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2NIdM7Y015990; Sat, 23 Mar 2002 13:39:23 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2NIJHd06385 for vserver.list; Sat, 23 Mar 2002 13:19:17 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tux.rsn.bth.se (tux.rsn.bth.se [194.47.143.135]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2NIJGh06381 for ; Sat, 23 Mar 2002 13:19:16 -0500 Received: from localhost (gandalf@localhost [127.0.0.1]) by tux.rsn.bth.se (8.12.2/8.12.2/Debian -5) with ESMTP id g2NIJ9Se028677 for ; Sat, 23 Mar 2002 19:19:09 +0100 Date: Sat, 23 Mar 2002 19:19:09 +0100 (CET) From: Martin Josefsson X-Sender: gandalf@tux.rsn.bth.se To: vserver@solucorp.qc.ca Subject: Re: [vserver] netstat in vserver kills machine In-Reply-To: <20020323121409.468e7b1b4652@remtk.solucorp.qc.ca> Message-ID: X-message-flag: Get yourself a real mail client! http://www.washington.edu/pine/ MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 353 On Sat, 23 Mar 2002, Jacques Gelinas wrote: [snip] > I have seen kernel oops. not an infinite loop in tcp_get_info. Ok. I've also been going through tcp_get_info() without seeing anything weird, all it does is skip sockets with wrong s_context. /Martin Never argue with an idiot. They drag you down to their level, then beat you with experience. From vserver.error@solucorp.qc.ca Sat Mar 23 13:43:27 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2NIhR7Y016041; Sat, 23 Mar 2002 13:43:27 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2NIHhw06358 for vserver.list; Sat, 23 Mar 2002 13:17:43 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tux.rsn.bth.se (tux.rsn.bth.se [194.47.143.135]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2NIHgh06354 for ; Sat, 23 Mar 2002 13:17:42 -0500 Received: from localhost (gandalf@localhost [127.0.0.1]) by tux.rsn.bth.se (8.12.2/8.12.2/Debian -5) with ESMTP id g2NIHZSe028672 for ; Sat, 23 Mar 2002 19:17:35 +0100 Date: Sat, 23 Mar 2002 19:17:35 +0100 (CET) From: Martin Josefsson X-Sender: gandalf@tux.rsn.bth.se To: vserver@solucorp.qc.ca Subject: Re: [vserver] netstat in vserver kills machine In-Reply-To: <20020323121154.4f0c53ebb18a@remtk.solucorp.qc.ca> Message-ID: X-message-flag: Get yourself a real mail client! http://www.washington.edu/pine/ MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 354 On Sat, 23 Mar 2002, Jacques Gelinas wrote: > I have replicated this problem with ctx-9 on two machines, using netstat. Very > odd. On one machine, I have hammered on netstat for a while without any problems > then few hours later (uptime hours later), I crashed the machine twice in a row > using netstat. > > The trace shows that the kernel is dying in __get_free_page(), called from > proc_file_read, just before calling tcp_get_info. My idea was that the new > stuff introduced in ctx-8 (private vserver netstat) was doing some corruption. > But ctx-8 has never crashed on me. ctx-8 has never crashed on me either. I havn't compiled ctx-9 yet. > I have reviewed and reviewed tcp_get_info() and it seems all fine to me. it looks fine to me too, I can't see any problems with it. > Very strange. I wonder if for some reason the kernel ctx-9 has been > improperly compiled. In ctx-9, I introduced a new field in "struct sock" for > the broadcast address. I wonder how big struct sock is now. /Martin Never argue with an idiot. They drag you down to their level, then beat you with experience. From vserver.error@solucorp.qc.ca Sun Mar 24 02:40:59 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2O7ex7Y021902; Sun, 24 Mar 2002 02:40:59 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2O7MNN19344 for vserver.list; Sun, 24 Mar 2002 02:22:23 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from blackfish.neopeak.com (modemcable033.68-200-24.mtl.mc.videotron.ca [24.200.68.33]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g2O7MNh19340 for ; Sun, 24 Mar 2002 02:22:23 -0500 Received: (qmail 7012 invoked by uid 1001); 24 Mar 2002 07:22:14 -0000 Content-Type: text/plain; charset="iso-8859-1" From: Cedric Veilleux To: vserver@solucorp.qc.ca Subject: [vserver] vserver on Gentoo linux Date: Sun, 24 Mar 2002 02:22:14 -0500 X-Mailer: KMail [version 1.4] MIME-Version: 1.0 Message-Id: <200203240222.14637.cveilleux@videotron.ca> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by dns.solucorp.qc.ca id g2O7MNh19340 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 355 Hi, I would like to use vsersvers on a Gentoo linux system. Gentoo linux is a remarkably clean and easy to maintain source distro. The Gentoo package system (portage) keeps lists of installed files for each packages. The format is the following: --- $ cat /var/db/pkg/net-mail/qmail-1.03-r7/CONTENTS dir /var dir /var/qmail dir /var/qmail/bin obj /var/qmail/bin/qmail-queue 070C8E96438FFA9F45E04DECF4E6A76B 1015772773 obj /var/qmail/bin/qmail-lspawn BF64FC5258A1C18832B72FC2BD9B9CCB 1015772773 [...] --- As you can see, configuration files are not distinguished from other files. Although, a list of directories containing configuration files is maintained. On my workstation, this list looks like: -- /etc /var/qmail/control /usr/share/config /usr/kde/2/share/config /usr/kde/3/share/config [...] -- I know the "vbuild" program relies on rpm's to get the list of files. I am not familiar with rpm's nor vservers (yet), so forgive me if I am mistaken. So the vbuild program is the one I should modify to make it use gentoo's portage system to get the list of installed packages and their files, right? Any advice on this subject is of course very appreciated. Thank you, Cedric From vserver.error@solucorp.qc.ca Sun Mar 24 05:58:15 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2OAwB7Y011743; Sun, 24 Mar 2002 05:58:11 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2OAgQQ01545 for vserver.list; Sun, 24 Mar 2002 05:42:26 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2OAgPh01541 for ; Sun, 24 Mar 2002 05:42:26 -0500 Received: from tpx20.vsen.dk (unknown [192.168.1.50]) by www.vsen.dk (Postfix) with ESMTP id 70334108D for ; Sun, 24 Mar 2002 11:42:14 +0100 (CET) Subject: [vserver] Re: Vserver on Gentoo Linux From: klavs klavsen To: Vserver Mailinglist Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-Z5kE9FwQZ1XiMI6DiQwM" X-Mailer: Evolution/1.0.2 Date: 24 Mar 2002 11:42:13 +0100 Message-Id: <1016966534.1987.1.camel@tpx20.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: A X-Keywords: X-UID: 356 --=-Z5kE9FwQZ1XiMI6DiQwM Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Sun, 2002-03-24 at 08:22, Cedric Veilleux wrote: > know the "vbuild" program relies on rpm's to get the list of files. I > am not familiar with rpm's nor vservers (yet), so forgive me if I am=20 > mistaken.=20 > So the vbuild program is the one I should modify to make it use > gentoo's portage system to get the list of installed packages and > their files, right? >=20 > Any advice on this subject is of course very appreciated. I remember someone on the list a few weeks earlier, had written a patch (or were about to) - so that vbuild could use any packaging system, as long as someone wrote the package-specific details for it - in other words a modular approach. Check the mailinglist archive Vlad did. (btw. the google search is not working yet - sorry :-) It probably wouldn't be the hardest thing to pull out, all rpm commands and exchange them with funtions, that simply choose actual command based upon 1 extra variable stating the package system it needs to use. Have a blast :-) --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-Z5kE9FwQZ1XiMI6DiQwM Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8na2F4c1kHlhtW8oRArCBAJ0YNak9bPXyFCrdn5sRRAgADylEmwCgpAGa wfi5wlRf3K4VG5lh1acrgQ0= =nk7H -----END PGP SIGNATURE----- --=-Z5kE9FwQZ1XiMI6DiQwM-- From vserver.error@solucorp.qc.ca Sun Mar 24 12:20:39 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2OHKc7Y014086; Sun, 24 Mar 2002 12:20:39 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2OGxx707049 for vserver.list; Sun, 24 Mar 2002 11:59:59 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from alien.vlad.net (alien.vlad.net [208.236.0.236]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2OGxwh07045 for ; Sun, 24 Mar 2002 11:59:58 -0500 Received: from localhost (localhost.localdomain [127.0.0.1]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2OGxx7Z013928 for ; Sun, 24 Mar 2002 11:59:59 -0500 Date: Sun, 24 Mar 2002 11:59:59 -0500 (EST) From: Vlad To: Vserver Mailinglist Subject: [vserver] mailing list search In-Reply-To: <1016966534.1987.1.camel@tpx20.vsen.dk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 357 http://www.google.com/addurl.html I've been adding it on weekly basis to google, they just won't pick the damn thing up. A few days ago I configured the cgi to search google for it every time someone looked at any page on that vserver.. Still nothing. I'll give them another month. If they still don't add it I'll setup htdig or something locally. -Vlad > long as someone wrote the package-specific details for it - in other > words a modular approach. Check the mailinglist archive Vlad did. (btw. > the google search is not working yet - sorry :-) From vserver.error@solucorp.qc.ca Sun Mar 24 13:15:29 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2OIFR7Y015075; Sun, 24 Mar 2002 13:15:28 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2OHq5D07890 for vserver.list; Sun, 24 Mar 2002 12:52:05 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tungsten.btinternet.com (tungsten.btinternet.com [194.73.73.81]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2OHq5h07886 for ; Sun, 24 Mar 2002 12:52:05 -0500 Received: from host213-122-105-240.in-addr.btopenworld.com ([213.122.105.240] helo=john-new) by tungsten.btinternet.com with esmtp (Exim 3.22 #8) id 16pC9v-0006aU-00 for vserver@solucorp.qc.ca; Sun, 24 Mar 2002 17:51:59 +0000 Received: from 213.122.105.240 by john-new ([213.122.105.240] running VPOP3) with SMTP for ; Sun, 24 Mar 2002 17:51:44 -0000 From: "John Lyons" To: Subject: RE: [vserver] mailing list search Date: Sun, 24 Mar 2002 17:51:43 -0000 Message-ID: <003601c1d35c$8fd41f20$f0697ad5@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) In-Reply-To: Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 358 > I've been adding it on weekly basis to google, they just > won't pick the > damn thing up. A few days ago I configured the cgi to search > google for it > every time someone looked at any page on that vserver.. Still > nothing. > > I'll give them another month. If they still don't add it I'll > setup htdig > or something locally. > Have you tried getting it on Dmoz? Google takes the directory feed from Dmoz so that's a good start. Regards John Lyons DomainCity http://www.domaincity.co.uk support@domaincity.co.uk ICQ 74187012 *********************************************************************** Please quote your account number in the subject line of all emails. Failure to do so may result in your enquiries taking longer to process. *********************************************************************** From vserver.error@solucorp.qc.ca Sun Mar 24 14:12:37 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2OJCa7Y016260; Sun, 24 Mar 2002 14:12:36 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2OItTX09199 for vserver.list; Sun, 24 Mar 2002 13:55:29 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from blackfish.neopeak.com (modemcable033.68-200-24.mtl.mc.videotron.ca [24.200.68.33]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g2OItTh09195 for ; Sun, 24 Mar 2002 13:55:29 -0500 Received: (qmail 8613 invoked by uid 1001); 24 Mar 2002 18:55:19 -0000 Content-Type: text/plain; charset="iso-8859-1" From: Cedric Veilleux To: vserver@solucorp.qc.ca Subject: [vserver] Multiple IP's per vserver Date: Sun, 24 Mar 2002 13:55:19 -0500 X-Mailer: KMail [version 1.4] MIME-Version: 1.0 Message-Id: <200203241355.19808.cveilleux@videotron.ca> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by dns.solucorp.qc.ca id g2OItTh09195 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 359 Hi, I have read the whole mailing list archive and did not find much about this subject, although I am sure it has been discussed a lot. I have found in the vserver and s_context intro: << Using port redirection to allow one virtual server to logically bind several IPs. One virtual server could run several web virtual host this way. >> How can this be implemented. Port redirection? A guy named Christian actually made some patches to allow the chbind utility to use a range of ip's instead of just one, which is an excellent approach: << Acually i stoped to maintain the patches, the one above have a small bug (don't unbind ports in a vserver) it was more meant as an example for discussion and inclusion in the main vserver patch. The Idea was to provide tow ip/mask pairs to chbind, so it becomes possible to bind to 2 ip-ranges (the first IP is the default) and masking out which bits in an IP are immutable. Later the vserver-user should be able to constrain the range to a subset of his available IP's. The usage is straightforward (look in chbind.c) chbind got a few more options (--ip1/--mask1/--net2/--mask2) thats all. This days i have no time to work on it(i got married today :) ). In January i will fix the bugs and sync it with te actual vserver release. But i still would like to see it included in the main trunk if there is intrest of it, since i dont want to maintain a 50 lines patch in parallel. >> Thank you, Cedric From vserver.error@solucorp.qc.ca Sun Mar 24 14:54:35 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2OJsY7Y016693; Sun, 24 Mar 2002 14:54:35 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2OJaTo10044 for vserver.list; Sun, 24 Mar 2002 14:36:29 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from home.2interactive.com (NS1.2INTERACTIVE.COM [64.170.22.5]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g2OJaSh10040 for ; Sun, 24 Mar 2002 14:36:29 -0500 Received: (qmail 24245 invoked from network); 24 Mar 2002 19:35:32 -0000 Received: from unknown (HELO subdimension.com) (66.81.41.102) by 0 with SMTP; 24 Mar 2002 19:35:32 -0000 Date: Sun, 24 Mar 2002 09:11:50 -0900 (AKST) From: James Gibson X-X-Sender: james@camero.fantasia.tld To: vserver@solucorp.qc.ca Subject: Re: [vserver] vserver on Gentoo linux In-Reply-To: <200203240222.14637.cveilleux@videotron.ca> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 360 On Sun, 24 Mar 2002, Cedric Veilleux wrote: > Hi, > > I would like to use vsersvers on a Gentoo linux system. Gentoo > linux is a remarkably clean and easy to maintain source distro. Isn't it though? I've been using Gentoo for ~6 months now and I can't go back. =) > > As you can see, configuration files are not distinguished from > other files. Although, a list of directories containing configuration > files is maintained. On my workstation, this list looks like: you are talking about the CONFIG_PROTECT and CONFIG_PROTECT_MASK variables in /etc/make.profile , right? > I know the "vbuild" program relies on rpm's to get the list of > files. I am not familiar with rpm's nor vservers (yet), so forgive me if > I am mistaken. So the vbuild program is the one I should modify to make > it use gentoo's portage system to get the list of installed packages and > their files, right? This sounds about right, and is something I have been meaning to get around to. You should also need to modify the vunify program and I'm not sure what-all else; I will give it a once-through myself tonight. Another good thing would be to create a set of alternate .ebuild files for gentoo ,such as sys-apps/baselayout, in order to make creating the initial vserver easier. Getting a list of all the files installed by packages is rather trivial; something like "cat $GROOT/var/db/pkg/*/*/CONTENTS | awk '/^obj/{print $2;}'" will get you a listing of all the files installed by the gentoo distro under GROOT. You would still need to seperate that list based on your CONFIG_* variables, but that wouldn't be too hard. Klavs' response seems spot-on as well.. I rememeber something a month or so ago about someone patching the vbuild script to handle debian's package manager, and had the forsight to generalize it.. I'll go look around for that, and forward you a copy of the relevant info. James Gibson From vserver.error@solucorp.qc.ca Sun Mar 24 16:01:07 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2OL0p7Y017560; Sun, 24 Mar 2002 16:00:52 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2OKlh311129 for vserver.list; Sun, 24 Mar 2002 15:47:43 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from blackfish.neopeak.com (modemcable033.68-200-24.mtl.mc.videotron.ca [24.200.68.33]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g2OKlhh11125 for ; Sun, 24 Mar 2002 15:47:43 -0500 Received: (qmail 3887 invoked by uid 1001); 24 Mar 2002 20:47:33 -0000 Content-Type: text/plain; charset="iso-8859-1" From: Cedric Veilleux To: vserver@solucorp.qc.ca Subject: Re: [vserver] vserver on Gentoo linux Date: Sun, 24 Mar 2002 15:47:33 -0500 X-Mailer: KMail [version 1.4] References: In-Reply-To: MIME-Version: 1.0 Message-Id: <200203241547.33191.cveilleux@videotron.ca> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by dns.solucorp.qc.ca id g2OKlhh11125 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 361 > > As you can see, configuration files are not distinguished from > > other files. Although, a list of directories containing configuration > > files is maintained. On my workstation, this list looks like: > > you are talking about the CONFIG_PROTECT and CONFIG_PROTECT_MASK > variables in /etc/make.profile , right? > Yes, this is what I was refering to. CONFIG_PROTECT_MASK is not very relevant here since the files under the directories in CONFIG_PROTECT_MASK are config files just as well and should be treated the same way. > > I know the "vbuild" program relies on rpm's to get the list of > > files. I am not familiar with rpm's nor vservers (yet), so forgive me if > > I am mistaken. So the vbuild program is the one I should modify to make > > it use gentoo's portage system to get the list of installed packages and > > their files, right? > > This sounds about right, and is something I have been meaning to get > around to. You should also need to modify the vunify program and I'm not > sure what-all else; I will give it a once-through myself tonight. Another > good thing would be to create a set of alternate .ebuild files for gentoo > ,such as sys-apps/baselayout, in order to make creating the initial > vserver easier. > This sounds like an excellent idea. An ebuild file could be used under gentoo instead of the newvserver script that is used under redhat. How could the new vserver be configured? The newvserver script asks for the vserver name, description, IP address, etc... > > Klavs' response seems spot-on as well.. I rememeber something a month or > so ago about someone patching the vbuild script to handle debian's package > manager, and had the forsight to generalize it.. I'll go look around for > that, and forward you a copy of the relevant info. > Yes, I found a perl version of the vunify tool with a modular system that currently supports debian. There also has been a disucussion about another version of this tool completly independent from the distro, that scans 2 directories to find identical files and hardlink them. The first one has been announced in this message: http://vserver.vlad.net/list/0473.html And the second: http://vserver.vlad.net/list/0485.html Cedric From vserver.error@solucorp.qc.ca Mon Mar 25 10:01:56 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2PF1t7Y025763; Mon, 25 Mar 2002 10:01:55 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2PEkgf30598 for vserver.list; Mon, 25 Mar 2002 09:46:42 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from john-new ([212.69.209.171]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2PEkZh30594 for ; Mon, 25 Mar 2002 09:46:41 -0500 Received: from 192.168.0.1 by john-new ([192.168.0.1] running VPOP3) with SMTP for ; Mon, 25 Mar 2002 14:00:23 -0000 From: "John Lyons" To: Subject: [vserver] Quotas - a starting point? Date: Mon, 25 Mar 2002 14:00:16 -0000 Message-ID: <00c001c1d405$68b28720$0100a8c0@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-reply-to: <200203241547.33191.cveilleux@videotron.ca> Importance: Normal X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-99.9 required=5.0 tests=SUBJ_ENDS_IN_Q_MARK,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 362 Just been having a snoop at the new quota support in FreeVSD http://www.dsvr.co.uk/support/reference/genadmin/quotas.phtml $ df -h Filesystem Size Used Avail Use% Mounted on /dev/loop0 2.0G 829M 1.0G 44% /usr/local If anyone can make sense of what they've done it may get things moving for quota support on vservers? Regards John Lyons DomainCity http://www.domaincity.co.uk support@domaincity.co.uk ICQ 74187012 *********************************************************************** Please quote your account number in the subject line of all emails. Failure to do so may result in your enquiries taking longer to process. *********************************************************************** From vserver.error@solucorp.qc.ca Mon Mar 25 15:42:06 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2PKg67Y029384; Mon, 25 Mar 2002 15:42:06 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2PKUFx06316 for vserver.list; Mon, 25 Mar 2002 15:30:15 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2PKUEh06312 for ; Mon, 25 Mar 2002 15:30:15 -0500 Received: from remtk.solucorp.qc.ca (g39-252.citenet.net [206.123.39.252]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g2PKcv654716 for ; Mon, 25 Mar 2002 15:38:57 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g2NJJZ703096 for vserver@solucorp.qc.ca; Sat, 23 Mar 2002 14:19:35 -0500 From: Jacques Gelinas Date: Sat, 23 Mar 2002 14:19:35 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] syntax error in vserver script X-mailer: tlmpmail 0.1 Message-ID: <20020323141935.8c9a59e82946@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 363 On Sat, 23 Mar 2002 11:09:17 -0500, Razvan Cosma wrote > Hello, > Something in this line > > /usr/sbin/chbind --silent --ip $IPROOT \ > /usr/sbin/chcontext --secure --silent --ctx $S_CONTEXT \ > /usr/lib/vserver/vserverkillall In /usr/lib/vserver/vserverkillall, change the grep line like this CTX=`grep ^s_context /proc/self/status | sed s/s_context://` THis will go in the next vserver release, sunday or monday --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Mon Mar 25 15:42:27 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2PKgQ7Y029392; Mon, 25 Mar 2002 15:42:26 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2PKTUT06253 for vserver.list; Mon, 25 Mar 2002 15:29:30 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from lakemtao02.cox.net (lakemtao02.cox.net [68.1.17.243]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2PKTUh06249 for ; Mon, 25 Mar 2002 15:29:30 -0500 Received: from gregg ([68.3.68.74]) by lakemtao02.cox.net (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with SMTP id <20020325193247.LOWW18443.lakemtao02.cox.net@gregg> for ; Mon, 25 Mar 2002 14:32:47 -0500 Message-ID: <02c001c1d433$dd08da10$010510ac@gregg> From: "Gregg" To: References: Subject: [vserver] Off subject Date: Mon, 25 Mar 2002 12:32:52 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-Mimeole: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 364 Sorry for writing something off the subject, but since a lot of you guys out there are setting up these vservers as web hosting servers, I was wondering if there was any good web based control panel available that would let you manage email, ftp, etc etc. Thanks. From vserver.error@solucorp.qc.ca Mon Mar 25 15:46:54 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2PKks7Y029448; Mon, 25 Mar 2002 15:46:54 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2PKUGu06322 for vserver.list; Mon, 25 Mar 2002 15:30:16 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2PKUGh06318 for ; Mon, 25 Mar 2002 15:30:16 -0500 Received: from remtk.solucorp.qc.ca (g39-252.citenet.net [206.123.39.252]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g2PKcw654723 for ; Mon, 25 Mar 2002 15:38:58 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g2NJRcC04288 for vserver@solucorp.qc.ca; Sat, 23 Mar 2002 14:27:38 -0500 From: Jacques Gelinas Date: Sat, 23 Mar 2002 14:27:38 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] Multiple vservers - 1 IP. X-mailer: tlmpmail 0.1 Message-ID: <20020323142738.a31e7f378254@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 365 On Thu, 21 Mar 2002 09:10:10 -0500, klavs klavsen wrote > quote from Changelog 0.14 > >> > This new kernel enhances set_ipv4root a bit. This is not the multi-ip > support yet though. This kernel allows application relying on broadcast > to work in vservers. The trick is to assigned both an IP number and a > broadcast address to a vserver. The socket handling for UDP was modified > a little (one line in net/ipv4/udp.c) so an incoming packet is processed > if it matched the vserver IP or the vserver broadcast address. > << > > How much would have to be added to add a recognition of a certain port > on the "root" servers ip-address - so I f.ex. could run my proftpd under > a vserver (with a 10.x.x.x IP) and then assign port 21 on the root > server(which would be the only one with a RFC1918 -valid IP) to this > vserver (so that packages were forwarded)? Not sure I understand your question. You want to run proftpd in a vserver but you want incoming ftp connection made to the public IP of the server to be redirect to the vserver running proftpd There are two solution I know to this problem 1-Assign the IPROOT of the vserver to the public IP of the machine. Several vservers may share the same IP. For sure, if one binds a service, the other can't. But I guess your interest here is to use the vserver as a isolution mechanism. 2-Use the redir package at ftp.solucorp.qc.ca/pub/misc. It support ftp redirection, both passive and active sessions. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Mon Mar 25 18:46:42 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2PNkf7Y031100; Mon, 25 Mar 2002 18:46:42 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2PNTM909821 for vserver.list; Mon, 25 Mar 2002 18:29:22 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from john-new (host213-122-158-89.in-addr.btopenworld.com [213.122.158.89]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2PNTIh09817 for ; Mon, 25 Mar 2002 18:29:19 -0500 Received: from 213.122.158.89 by john-new ([213.122.158.89] running VPOP3) with SMTP for ; Mon, 25 Mar 2002 23:26:21 -0000 From: "John Lyons" To: Subject: RE: [vserver] OT Control panels Date: Mon, 25 Mar 2002 22:31:47 -0000 Message-ID: <004f01c1d454$790dbf50$2f61063e@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <02c001c1d433$dd08da10$010510ac@gregg> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-100.4 required=5.0 tests=IN_REP_TO,FREQ_SPAM_PHRASE,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: A X-Keywords: X-UID: 366 Sad to say but all we've found is webmin. Some free ones are. http://www.ispman.org/ http://webcp.can-host.com/ http://www.kandalaya.org/ Beyond that you're looking at some of the commercial packages but things like cpanel will probably cost you more per vs than the customer is paying you. Regards John Lyons DomainCity http://www.domaincity.co.uk support@domaincity.co.uk ICQ 74187012 *********************************************************************** Please quote your account number in the subject line of all emails. Failure to do so may result in your enquiries taking longer to process. *********************************************************************** From vserver.error@solucorp.qc.ca Tue Mar 26 00:38:12 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2Q5cB7Y001512; Tue, 26 Mar 2002 00:38:11 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2Q5KQP15582 for vserver.list; Tue, 26 Mar 2002 00:20:26 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from alien.vlad.net (alien.vlad.net [208.236.0.236]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2Q5KPh15578 for ; Tue, 26 Mar 2002 00:20:26 -0500 Received: from localhost (localhost.localdomain [127.0.0.1]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2Q5KP7Z001418 for ; Tue, 26 Mar 2002 00:20:25 -0500 Date: Tue, 26 Mar 2002 00:20:25 -0500 (EST) From: Vlad To: vserver@solucorp.qc.ca Subject: RE: [vserver] OT Control panels In-Reply-To: <004f01c1d454$790dbf50$2f61063e@johnnew> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 367 I dig webmin personally :) The thing that I have configured for some customers is Plesk. I actually know one of the guys that works for them and they have been very helpful. The single domain version is free and since you're on one ip address with vserver you might as well use it. The only tricky part is that for some parts you need to register with plesk.com (also free)... so as long as its a single domain / single ip address you can configure pretty much everything. http://www.plesk.com -Vlad On Mon, 25 Mar 2002, John Lyons wrote: > > Sad to say but all we've found is webmin. > > Some free ones are. > http://www.ispman.org/ > http://webcp.can-host.com/ > http://www.kandalaya.org/ > > Beyond that you're looking at some of the commercial packages but things > like cpanel will probably cost you more per vs than the customer is paying > you. > > Regards > > John Lyons > DomainCity > http://www.domaincity.co.uk > support@domaincity.co.uk > ICQ 74187012 > > *********************************************************************** > Please quote your account number in the subject line of all emails. > Failure to do so may result in your enquiries taking longer to process. > *********************************************************************** > From vserver.error@solucorp.qc.ca Tue Mar 26 11:07:53 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2QG7q7Y007018; Tue, 26 Mar 2002 11:07:52 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2QFpvR31981 for vserver.list; Tue, 26 Mar 2002 10:51:57 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from lakemtao04.cox.net (lakemtao04.cox.net [68.1.17.241]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2QFpuh31977 for ; Tue, 26 Mar 2002 10:51:56 -0500 Received: from gregg ([68.3.68.74]) by lakemtao04.cox.net (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with SMTP id <20020326155156.JQCH21159.lakemtao04.cox.net@gregg> for ; Tue, 26 Mar 2002 10:51:56 -0500 Message-ID: <03fe01c1d4de$30591fe0$010510ac@gregg> From: "Gregg" To: References: <004f01c1d454$790dbf50$2f61063e@johnnew> Subject: Re: [vserver] OT Control panels Date: Tue, 26 Mar 2002 08:52:09 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-Mimeole: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 368 Thanks for all the info guys. The webcp looks very interesting. I do like webmin also, I've installed it before, but it just has too many options, especially for a vserver! :) ----- Original Message ----- From: "John Lyons" To: Sent: Monday, March 25, 2002 3:31 PM Subject: RE: [vserver] OT Control panels > > Sad to say but all we've found is webmin. > > Some free ones are. > http://www.ispman.org/ > http://webcp.can-host.com/ > http://www.kandalaya.org/ > > Beyond that you're looking at some of the commercial packages but things > like cpanel will probably cost you more per vs than the customer is paying > you. > > Regards > > John Lyons > DomainCity > http://www.domaincity.co.uk > support@domaincity.co.uk > ICQ 74187012 > > *********************************************************************** > Please quote your account number in the subject line of all emails. > Failure to do so may result in your enquiries taking longer to process. > *********************************************************************** > From vserver.error@solucorp.qc.ca Tue Mar 26 12:14:45 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2QHEj7Y007685; Tue, 26 Mar 2002 12:14:45 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2QGv3j02088 for vserver.list; Tue, 26 Mar 2002 11:57:03 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from remtk.solucorp.qc.ca (dns.unigiciel.com [207.253.4.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2QGv3h02084 for ; Tue, 26 Mar 2002 11:57:03 -0500 Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g2Q2bn911072 for vserver@solucorp.qc.ca; Mon, 25 Mar 2002 21:37:49 -0500 From: Jacques Gelinas Date: Mon, 25 Mar 2002 21:37:49 -0500 To: vserver@solucorp.qc.ca Subject: Re: [vserver] netstat in vserver kills machine X-mailer: tlmpmail 0.1 Message-ID: <20020325213749.079579563b14@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 369 On Sat, 23 Mar 2002 19:17:35 -0500, Martin Josefsson wrote > On Sat, 23 Mar 2002, Jacques Gelinas wrote: > > > I have replicated this problem with ctx-9 on two machines, using netstat. Very > > odd. On one machine, I have hammered on netstat for a while without any problems > > then few hours later (uptime hours later), I crashed the machine twice in a row > > using netstat. > > > > The trace shows that the kernel is dying in __get_free_page(), called from > > proc_file_read, just before calling tcp_get_info. My idea was that the new > > stuff introduced in ctx-8 (private vserver netstat) was doing some corruption. > > But ctx-8 has never crashed on me. > > ctx-8 has never crashed on me either. > > I havn't compiled ctx-9 yet. > > > I have reviewed and reviewed tcp_get_info() and it seems all fine to me. > > it looks fine to me too, I can't see any problems with it. > > > Very strange. I wonder if for some reason the kernel ctx-9 has been > > improperly compiled. In ctx-9, I introduced a new field in "struct sock" for > > the broadcast address. > > I wonder how big struct sock is now. I have tought about this a little. I wonder why the kernel crashes while doing netstat (reading /proc/net/tcp in fact) and seems reliable otherwise. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Tue Mar 26 14:03:26 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2QJ3P7Y008912; Tue, 26 Mar 2002 14:03:26 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2QIoAt04734 for vserver.list; Tue, 26 Mar 2002 13:50:10 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from icvglengw.icreditvision.com (bdsl.66.13.76.76.gte.net [66.13.76.76]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2QIo9h04730 for ; Tue, 26 Mar 2002 13:50:09 -0500 Received: from idouglas ([192.168.100.118]) by icvglengw.icreditvision.com (8.11.2/8.8.7) with SMTP id g2QIuLa19492 for ; Tue, 26 Mar 2002 10:56:21 -0800 From: "Ian Douglas" To: Subject: RE: [vserver] Absence jusqu'au 02/04 Date: Tue, 26 Mar 2002 10:51:34 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Importance: Normal In-Reply-To: <03311493790895@irisnet.be> Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 370 Can this guy be removed? If we get copies of our own submissions to the list, this guy is just going to keep sending 'away' messages to the list over and over by responding to his own away messages. -id > -----Original Message----- > From: blete@irisnet.be [mailto:NULL@irisnet.be] > Sent: Tuesday, March 26, 2002 10:31 AM > To: vserver.error@solucorp.qc.ca > Subject: [vserver] Absence jusqu'au 02/04 > > > Je suis en congé jusqu'au 02/04. > From vserver.error@solucorp.qc.ca Tue Mar 26 15:28:22 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2QKSL7Y010254; Tue, 26 Mar 2002 15:28:22 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2QKKPA07045 for vserver.list; Tue, 26 Mar 2002 15:20:25 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.mtl.toxik.net (modemcable200.184-201-24.mtl.mc.videotron.ca [24.201.184.200]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g2QKKPh07041 for ; Tue, 26 Mar 2002 15:20:25 -0500 Received: (qmail 18445 invoked by alias); 26 Mar 2002 20:20:25 -0000 Received: from koala.mtl.toxik.net (HELO toxik.com) (192.168.1.112) by ns1.mtl.toxik.net with SMTP; 26 Mar 2002 20:20:25 -0000 Message-ID: <3CA0D757.9060406@toxik.com> Date: Tue, 26 Mar 2002 15:17:27 -0500 From: Toxik - Martial Rioux Organization: Toxik Technologies Inc. User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020310 X-Accept-Language: en-us, en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Vserver mailinglist administrator (Ref: [vserver] Absence jusqu'au 02/04) References: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Reply-to: vserver@solucorp.qc.ca X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 371 Hi, Please remove this email address from vserver mailing during the vacation. We receive a lots of unsolicited email. Thanks >-----Original Message----- >From: blete@irisnet.be [mailto:NULL@irisnet.be] >Sent: Tuesday, March 26, 2002 10:31 AM >To: vserver.error@solucorp.qc.ca >Subject: [vserver] Absence jusqu'au 02/04 > > >Je suis en congé jusqu'au 02/04. -- Martial Rioux Infrastructures and Technologies Toxik Technologies Inc. From vserver.error@solucorp.qc.ca Tue Mar 26 18:47:29 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2QNlS7Y013314; Tue, 26 Mar 2002 18:47:28 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2QNUVr12207 for vserver.list; Tue, 26 Mar 2002 18:30:31 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtp017.mail.yahoo.com (smtp017.mail.yahoo.com [216.136.174.114]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g2QNUUh12203 for ; Tue, 26 Mar 2002 18:30:30 -0500 Received: from dsl-65-189-35-237.telocity.com (HELO PremiumFood) (peterkwanchan@65.189.35.237 with login) by smtp.mail.vip.sc5.yahoo.com with SMTP; 26 Mar 2002 23:30:29 -0000 From: "Peter Kwan Chan" To: Subject: [vserver] Any known bug that would crash the server? Date: Tue, 26 Mar 2002 17:30:13 -0600 Message-ID: <000001c1d51e$304fdd00$ed23bd41@PremiumFood> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 In-Reply-To: <08061109395236@irisnet.be> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-1.9 required=5.0 tests=IN_REP_TO,SUBJ_ENDS_IN_Q_MARK version=2.01 Status: RO X-Status: X-Keywords: X-UID: 372 Hello, I have only been using vserver for a couple of days. I use it to isolate an FTP server in a dedicated server I got from a datacenter. The server has been going down mysteriously. Whenever I bring it up, after a few hours (7-11 hours), it will go down for no apparent reason. A remote-reboot will usually bring it back up. Is there any known bug that may cause this? I am collaborating with the tech support to determine if this is a kernel issue or a hardware issue. Thanks, Peter _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com From vserver.error@solucorp.qc.ca Tue Mar 26 19:32:01 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2R0W07Y014025; Tue, 26 Mar 2002 19:32:00 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2R0I6F13394 for vserver.list; Tue, 26 Mar 2002 19:18:06 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from remtk.solucorp.qc.ca (dns.unigiciel.com [207.253.4.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2R0I6h13390 for ; Tue, 26 Mar 2002 19:18:06 -0500 Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g2R0K0i03156 for vserver@solucorp.qc.ca; Tue, 26 Mar 2002 19:20:00 -0500 From: Jacques Gelinas Date: Tue, 26 Mar 2002 19:20:00 -0500 To: vserver@solucorp.qc.ca Subject: re: Vserver mailinglist administrator (Ref: [vserver] Absence jusqu'au 02/04) X-mailer: tlmpmail 0.1 Message-ID: <20020326192000.5d6a14d779df@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 373 On Tue, 26 Mar 2002 15:17:27 -0500, Toxik - Martial Rioux wrote > Hi, > > Please remove this email address from vserver mailing during the > vacation. We receive a lots of unsolicited email. I have added "Precedence: bulk" to the mailing list messages. I guess his vacation program will take note. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Tue Mar 26 19:40:24 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2R0eO7Y014146; Tue, 26 Mar 2002 19:40:24 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2R0LTV13472 for vserver.list; Tue, 26 Mar 2002 19:21:29 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from remtk.solucorp.qc.ca (dns.unigiciel.com [207.253.4.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2R0LTh13468 for ; Tue, 26 Mar 2002 19:21:29 -0500 Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g2R0NNm03163 for vserver@solucorp.qc.ca; Tue, 26 Mar 2002 19:23:23 -0500 From: Jacques Gelinas Date: Tue, 26 Mar 2002 19:23:23 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] Any known bug that would crash the server? X-mailer: tlmpmail 0.1 Message-ID: <20020326192323.f86237cf1b7a@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-99.9 required=5.0 tests=SUBJ_ENDS_IN_Q_MARK,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 374 On Tue, 26 Mar 2002 17:30:13 -0500, Peter Kwan Chan wrote > Hello, > I have only been using vserver for a couple of days. I use it to isolate > an FTP server in a dedicated server I got from a datacenter. The server > has been going down mysteriously. Whenever I bring it up, after a few > hours (7-11 hours), it will go down for no apparent reason. A > remote-reboot will usually bring it back up. > Is there any known bug that may cause this? I am collaborating with the > tech support to determine if this is a kernel issue or a hardware issue. There is an issue with kernel 2.4.18ctx-9. It locks the server completly when accessing /proc/net/tcp (or doing netstat) for one. Other kernels are fine such as 2.4.18ctx-8. We do not know yet why ctx-9 is buggy as it differs very little from ctx-8. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Tue Mar 26 19:43:15 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2R0hE7Y014233; Tue, 26 Mar 2002 19:43:15 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2R0S8313623 for vserver.list; Tue, 26 Mar 2002 19:28:08 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from lakemtao03.cox.net (lakemtao03.cox.net [68.1.17.242]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2R0S7h13619 for ; Tue, 26 Mar 2002 19:28:08 -0500 Received: from gregg ([68.3.68.74]) by lakemtao03.cox.net (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with SMTP id <20020327002807.NFMV18064.lakemtao03.cox.net@gregg> for ; Tue, 26 Mar 2002 19:28:07 -0500 Message-ID: <000701c1d526$420b60c0$010510ac@gregg> From: "Gregg" To: References: <08570945395852@irisnet.be> Subject: Re: [vserver] Absence jusqu'au 02/04 Date: Tue, 26 Mar 2002 17:28:03 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 375 This is really getting annoying. ----- Original Message ----- From: "blete@irisnet.be" To: Sent: Tuesday, March 26, 2002 4:57 PM Subject: [vserver] Absence jusqu'au 02/04 > Je suis en congé jusqu'au 02/04. From vserver.error@solucorp.qc.ca Tue Mar 26 19:54:36 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2R0sZ7Y014370; Tue, 26 Mar 2002 19:54:35 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2R0hcs14097 for vserver.list; Tue, 26 Mar 2002 19:43:38 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtp016.mail.yahoo.com (smtp016.mail.yahoo.com [216.136.174.113]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g2R0hbh14093 for ; Tue, 26 Mar 2002 19:43:37 -0500 Received: from dsl-65-189-35-237.telocity.com (HELO PremiumFood) (peterkwanchan@65.189.35.237 with login) by smtp.mail.vip.sc5.yahoo.com with SMTP; 27 Mar 2002 00:43:36 -0000 From: "Peter Kwan Chan" To: Subject: RE: [vserver] Any known bug that would crash the server? Date: Tue, 26 Mar 2002 18:43:23 -0600 Message-ID: <000501c1d528$6723c490$ed23bd41@PremiumFood> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 In-Reply-To: <20020326192323.f86237cf1b7a@remtk.solucorp.qc.ca> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-1.9 required=5.0 tests=IN_REP_TO,SUBJ_ENDS_IN_Q_MARK version=2.01 Status: RO X-Status: X-Keywords: X-UID: 376 I also realize that. I also know that running netstat would lock my particular server. Sorry if this is not vserver-unrelated. I would like to know what could trigger such a reaction in Linux when there is no active user. I don't normally touches netstat, and the server usually goes down only after at least a few hours. Is there any possibility that some processes could be using /proc/net/tcp periodically, thus causing the lock up? The virtual server is an FTP server with only a few connections, and my main server is a standard Redhat 7.1 install. Thanks, Peter -----Original Message----- From: Jacques Gelinas [mailto:jack@solucorp.qc.ca] Sent: Tuesday, March 26, 2002 6:23 PM To: vserver@solucorp.qc.ca Subject: re: [vserver] Any known bug that would crash the server? On Tue, 26 Mar 2002 17:30:13 -0500, Peter Kwan Chan wrote > Hello, > I have only been using vserver for a couple of days. I use it to isolate > an FTP server in a dedicated server I got from a datacenter. The server > has been going down mysteriously. Whenever I bring it up, after a few > hours (7-11 hours), it will go down for no apparent reason. A > remote-reboot will usually bring it back up. > Is there any known bug that may cause this? I am collaborating with the > tech support to determine if this is a kernel issue or a hardware issue. There is an issue with kernel 2.4.18ctx-9. It locks the server completly when accessing /proc/net/tcp (or doing netstat) for one. Other kernels are fine such as 2.4.18ctx-8. We do not know yet why ctx-9 is buggy as it differs very little from ctx-8. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com From vserver.error@solucorp.qc.ca Tue Mar 26 20:39:35 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2R1dX7Y015536; Tue, 26 Mar 2002 20:39:34 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2R1VUR15245 for vserver.list; Tue, 26 Mar 2002 20:31:30 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mx1.paradigm4.com.au (server.paradigm4.com.au [202.45.126.119]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g2R1VSh15241 for ; Tue, 26 Mar 2002 20:31:29 -0500 Received: (qmail 10233 invoked from network); 27 Mar 2002 01:34:31 -0000 Received: from d2.paradigm4.com.au (HELO mail.DigitalAngel.com.au) (202.45.126.111) by mx1.paradigm4.com.au with SMTP; 27 Mar 2002 01:34:31 -0000 Received: (qmail 5789 invoked from network); 27 Mar 2002 01:36:36 -0000 Received: from charley.home (HELO charlie) (10.0.0.4) by stanley.home with SMTP; 27 Mar 2002 01:36:36 -0000 From: edward@paradigm4.com.au Organization: Paradigm4 To: vserver@solucorp.qc.ca Date: Wed, 27 Mar 2002 12:40:15 +1100 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: re: Vserver mailinglist administrator (Ref: [vserver] Absence jusqu'au 02/04) Message-ID: <3CA1BDAF.29021.922DC@localhost> Priority: normal In-reply-to: <20020326192000.5d6a14d779df@remtk.solucorp.qc.ca> X-mailer: Pegasus Mail for Win32 (v3.12c) Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=1.2 required=5.0 tests=NO_REAL_NAME version=2.01 Status: RO X-Status: X-Keywords: X-UID: 377 There is a misconfiguration on your end as well. His replies go to vserver.error@solucorp.qc.ca which shouldn't automatically get distributed to this list. hth Ed On Tuesday, 26 March 2002 at 19:20, Jacques Gelinas wrote: > On Tue, 26 Mar 2002 15:17:27 -0500, Toxik - Martial Rioux wrote > > Hi, > > > > Please remove this email address from vserver mailing during the > > vacation. We receive a lots of unsolicited email. > > I have added "Precedence: bulk" to the mailing list messages. I guess his > vacation program will take note. > > --------------------------------------------------------- > Jacques Gelinas > vserver: run general purpose virtual servers on one box, full speed! > http://www.solucorp.qc.ca/miscprj/s_context.hc > From vserver.error@solucorp.qc.ca Wed Mar 27 01:09:56 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2R69t7Y021537; Wed, 27 Mar 2002 01:09:55 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2R5ulc25072 for vserver.list; Wed, 27 Mar 2002 00:56:47 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cyclone.neutech.fi (cyclone.neutech.fi [194.100.130.66]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g2R5ukh25068 for ; Wed, 27 Mar 2002 00:56:46 -0500 Received: (qmail 3955 invoked by uid 1001); 27 Mar 2002 05:56:44 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 27 Mar 2002 05:56:44 -0000 Date: Wed, 27 Mar 2002 07:56:44 +0200 (EET) From: Toni Mattila To: Subject: Re: [vserver] Absence jusqu'au 02/04 In-Reply-To: <14211956298891@irisnet.be> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by dns.solucorp.qc.ca id g2R5ukh25068 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: A X-Keywords: X-UID: 378 Hi, Ca you guys filter this nonsense? Atleast I haven't gotten back from postmaster any explanation. But it seems that the host is running braindead NT-Mail. Regards, Toni Mattila -- I don't have an attitude problem. You have a perception problem. On Wed, 27 Mar 2002, blete@irisnet.be wrote: > Je suis en congé jusqu'au 02/04. > From vserver.error@solucorp.qc.ca Wed Mar 27 01:16:40 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2R6Gd7Y021765; Wed, 27 Mar 2002 01:16:39 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2R69Xh25541 for vserver.list; Wed, 27 Mar 2002 01:09:33 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from remtk.solucorp.qc.ca (dns.unigiciel.com [207.253.4.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2R69Xh25537 for ; Wed, 27 Mar 2002 01:09:33 -0500 Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g2R6BMi05299 for vserver@solucorp.qc.ca; Wed, 27 Mar 2002 01:11:22 -0500 From: Jacques Gelinas Date: Wed, 27 Mar 2002 01:11:22 -0500 To: vserver@solucorp.qc.ca Subject: re: Vserver mailinglist administrator (Ref: [vserver] Absence jusqu'au 02/04) X-mailer: tlmpmail 0.1 Message-ID: <20020327011122.aefc6d929e5b@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 379 On Tue, 26 Mar 2002 19:20:00 -0500, Jacques Gelinas wrote > On Tue, 26 Mar 2002 15:17:27 -0500, Toxik - Martial Rioux wrote > > Hi, > > > > Please remove this email address from vserver mailing during the > > vacation. We receive a lots of unsolicited email. > > I have added "Precedence: bulk" to the mailing list messages. I guess his > vacation program will take note. Does not seem so. I removed him from the list --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Wed Mar 27 01:25:22 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2R6PL7Y021860; Wed, 27 Mar 2002 01:25:22 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2R6CkR25675 for vserver.list; Wed, 27 Mar 2002 01:12:46 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from remtk.solucorp.qc.ca (dns.unigiciel.com [207.253.4.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2R6Ckh25671 for ; Wed, 27 Mar 2002 01:12:46 -0500 Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g2R6EaS05307 for vserver@solucorp.qc.ca; Wed, 27 Mar 2002 01:14:36 -0500 From: Jacques Gelinas Date: Wed, 27 Mar 2002 01:14:36 -0500 To: vserver@solucorp.qc.ca Subject: RE: [vserver] Any known bug that would crash the server? X-mailer: tlmpmail 0.1 Message-ID: <20020327011436.040249c3f5b1@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-99.9 required=5.0 tests=SUBJ_ENDS_IN_Q_MARK,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 380 On Tue, 26 Mar 2002 18:43:23 -0500, Peter Kwan Chan wrote > I also realize that. I also know that running netstat would lock my > particular server. > Sorry if this is not vserver-unrelated. I would like to know what could > trigger such a reaction in Linux when there is no active user. I don't > normally touches netstat, and the server usually goes down only after at > least a few hours. Is there any possibility that some processes could be > using /proc/net/tcp periodically, thus causing the lock up? The virtual > server is an FTP server with only a few connections, and my main server > is a standard Redhat 7.1 install. Note, I have withness 2.4.18ctx-9 crashing for other reasons as well. Can't tell if this was related to /proc/net/tcp. For example, it locked while starting the KDE desktop. I suggest you try 2.4.18ctx-8. Many people are running it with success. The changes in 2.4.18ctx-9 only involve UDP broadcast, so affect very few services, --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Wed Mar 27 01:28:22 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2R6SL7Y021870; Wed, 27 Mar 2002 01:28:22 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2R6KIC25895 for vserver.list; Wed, 27 Mar 2002 01:20:18 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from alien.vlad.net (alien.vlad.net [208.236.0.236]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2R6KIh25891 for ; Wed, 27 Mar 2002 01:20:18 -0500 Received: from localhost (localhost.localdomain [127.0.0.1]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2R6KI7Z021814 for ; Wed, 27 Mar 2002 01:20:18 -0500 Date: Wed, 27 Mar 2002 01:20:18 -0500 (EST) From: Vlad To: vserver@solucorp.qc.ca Subject: [vserver] come on In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 381 I find it amazing that anybody actually bothered to send a message after the second email they got from someones vacation program. How many of you actually saw more than two messages from that dude before you added a rule to filter him out? :0 * ^TO.vserver.error@solucorp.qc.ca /dev/null -Vlad From vserver.error@solucorp.qc.ca Wed Mar 27 06:45:05 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2RBj47Y024932; Wed, 27 Mar 2002 06:45:05 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2RBOlf32640 for vserver.list; Wed, 27 Mar 2002 06:24:47 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from john-new (host213-122-3-100.in-addr.btopenworld.com [213.122.3.100]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2RBOjh32636 for ; Wed, 27 Mar 2002 06:24:46 -0500 Received: from 213.122.3.100 by john-new ([213.122.3.100] running VPOP3) with SMTP for ; Wed, 27 Mar 2002 11:24:28 -0000 From: "John Lyons" To: Subject: RE: [vserver] come on Date: Wed, 27 Mar 2002 11:24:21 -0000 Message-ID: <007d01c1d581$f51b9e90$6d787ad5@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal In-Reply-To: X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 382 > I find it amazing that anybody actually bothered to send a > message after > the second email they got from someones vacation program. How > many of you > actually saw more than two messages from that dude before you > added a rule > to filter him out? Nice try but I didn't collect my email until this morning. I now have over 180 emails from this plonker. John From vserver.error@solucorp.qc.ca Wed Mar 27 08:19:12 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2RDJB7Y025547; Wed, 27 Mar 2002 08:19:11 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2RD5Am02402 for vserver.list; Wed, 27 Mar 2002 08:05:10 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from nbrmr1002.accenture.com (nbrmr1002.accenture.com [170.252.248.71]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2RD59h02398 for ; Wed, 27 Mar 2002 08:05:10 -0500 Received: from amrhm1104.accenture.com (amrhm1104.accenture.com [10.10.100.248]) by nbrmr1002.accenture.com (Switch-2.0.6/Switch-2.0.6) with ESMTP id g2RD6TK04522 for ; Wed, 27 Mar 2002 07:06:29 -0600 (CST) Received: from nbrxd1000.dir.svc.accenture.com ([10.10.198.92]) by nbrhm1300.accenture.com (Lotus Domino Release 5.0.6a) with ESMTP id 2002032706585252:2361 ; Wed, 27 Mar 2002 06:58:52 -0600 Received: from NBRXM1101.dir.svc.accenture.com ([10.10.198.91]) by nbrxd1000.dir.svc.accenture.com with Microsoft SMTPSVC(5.0.2195.3779); Wed, 27 Mar 2002 07:05:07 -0600 X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3 Subject: [vserver] unsubscribe Date: Wed, 27 Mar 2002 07:05:07 -0600 Message-ID: MIME-Version: 1.0 X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: unsubscribe Thread-Index: AcHVj+pQ1Z6HM5XATpC7vceLOGmBNg== From: To: X-OriginalArrivalTime: 27 Mar 2002 13:05:07.0621 (UTC) FILETIME=[04D5C550:01C1D590] X-MIMETrack: Itemize by SMTP Server on NBRHM1300/Server/Accenture(Release 5.0.6a |January 17, 2001) at 03/27/2002 06:58:52 AM, Serialize by Router on AMRHM1104/Server/Accenture(Release 5.0.9a |January 7, 2002) at 03/27/2002 07:05:10 AM, Serialize complete at 03/27/2002 07:05:10 AM content-class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1D590.04BC7939" X-Archived: msg.XXTkyze_@nbrmr1002 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=1.2 required=5.0 tests=NO_REAL_NAME version=2.01 Status: RO X-Status: X-Keywords: X-UID: 383 This is a multi-part message in MIME format. ------_=_NextPart_001_01C1D590.04BC7939 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="us-ascii" =20 =20 Accenture Data Center Services Email and Collaboration Matthew C. Stoodley Phone - (312)693-3187 Fax - (312)652-3187 Octel - 68/33187 =20 =20 ------_=_NextPart_001_01C1D590.04BC7939 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset="us-ascii" Message
 
 
Accenture
Data Center=20 Services
Email and=20 Collaboration
Matthew C.=20 Stoodley
Phone -=20 (312)693-3187
Fax -=20 (312)652-3187
Octel -=20 68/33187
 
 
------_=_NextPart_001_01C1D590.04BC7939-- From vserver.error@solucorp.qc.ca Wed Mar 27 12:46:39 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2RHkc7Y027992; Wed, 27 Mar 2002 12:46:39 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2RHUKF08790 for vserver.list; Wed, 27 Mar 2002 12:30:20 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.fibertel.com.ar (mta2.fibertel.com.ar [24.232.0.162]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2RHUJh08785 for ; Wed, 27 Mar 2002 12:30:19 -0500 Received: from Guri (24.232.135.73) by mail.fibertel.com.ar (5.5.034) id 3C9B703C000F9E9E for vserver@solucorp.qc.ca; Wed, 27 Mar 2002 14:31:45 -0300 From: boixos_nois@yahoo.com To: vserver@solucorp.qc.ca Date: Wed, 27 Mar 2002 14:21:46 -0300 X-Priority: 3 (Normal) In-Reply-To: <20020326192000.5d6a14d779df@remtk.solucorp.qc.ca> Message-Id: Subject: [vserver] unsubscribe MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1252" X-Mailer: Opera 6.01 build 1041 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=1.1 required=5.0 tests=IN_REP_TO,NO_REAL_NAME,FORGED_YAHOO_RCVD version=2.01 Status: RO X-Status: X-Keywords: X-UID: 384 unsubscribe From vserver.error@solucorp.qc.ca Thu Mar 28 15:24:45 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2SKOi7Y009580; Thu, 28 Mar 2002 15:24:45 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2SKAVf13547 for vserver.list; Thu, 28 Mar 2002 15:10:31 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from john-new (host213-122-35-78.in-addr.btopenworld.com [213.122.35.78]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2SKAOh13537 for ; Thu, 28 Mar 2002 15:10:29 -0500 Received: from 192.168.0.1 by john-new ([192.168.0.1] running VPOP3) with SMTP for ; Thu, 28 Mar 2002 17:56:22 -0000 From: "John Lyons" To: Subject: [vserver] init.d Date: Thu, 28 Mar 2002 17:56:17 -0000 Message-ID: <01e601c1d681$df084170$0100a8c0@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <007d01c1d581$f51b9e90$6d787ad5@johnnew> X-Mimeole: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 385 I'm just going through init.d from our stock RH7.2 and there seem to be quite a few services that could safely be removed Are there any reasons why I shouldn't be removing these packages? ypbind apmd iptables killall network nscd single functions identd kdcrotate ffs ntpd random snmpd autofs halt ipchains keytable netfs nfslock portmap rawdevices Regards John From vserver.error@solucorp.qc.ca Thu Mar 28 16:39:55 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2SLds7Y010255; Thu, 28 Mar 2002 16:39:54 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2SLSlW15234 for vserver.list; Thu, 28 Mar 2002 16:28:47 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from main.cyber-office.net (main.cyber-office.net [216.64.180.226]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2SLSkh15230 for ; Thu, 28 Mar 2002 16:28:46 -0500 Received: from localhost (raanders@localhost) by main.cyber-office.net (8.11.6/linuxconf) with ESMTP id g2SLSpr24202 for ; Thu, 28 Mar 2002 13:28:51 -0800 X-Authentication-Warning: main.cyber-office.net: raanders owned process doing -bs Date: Thu, 28 Mar 2002 13:28:51 -0800 (PST) From: X-X-Sender: To: Subject: Re: [vserver] init.d In-Reply-To: <01e601c1d681$df084170$0100a8c0@johnnew> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.8 required=5.0 tests=IN_REP_TO,NO_REAL_NAME,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 386 On Thu, 28 Mar 2002, John Lyons wrote: > > I'm just going through init.d from our stock RH7.2 and there seem to be > quite a few services that could safely be removed > > Are there any reasons why I shouldn't be removing these packages? >From a vserver right? Well I just got POP3 working from a vserver after I put in an ipchains accept rule for port 110 in the vserver. Doing it from the main server didn't seem to make a difference to the vserver. > ipchains Rod -- Why is it so easy to throw caution to the wind. Shouldn't it be heavier and shaped like an anvil? Jon Anderson From vserver.error@solucorp.qc.ca Thu Mar 28 18:39:58 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2SNdw7Y011225; Thu, 28 Mar 2002 18:39:58 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2SNTpi17485 for vserver.list; Thu, 28 Mar 2002 18:29:51 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from remtk.solucorp.qc.ca (dns.unigiciel.com [207.253.4.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2SNTph17481 for ; Thu, 28 Mar 2002 18:29:51 -0500 Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g2SNViG04156 for vserver@solucorp.qc.ca; Thu, 28 Mar 2002 18:31:44 -0500 From: Jacques Gelinas Date: Thu, 28 Mar 2002 18:31:44 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] init.d X-mailer: tlmpmail 0.1 Message-ID: <20020328183144.dc6b0d0fe7cf@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 387 On Thu, 28 Mar 2002 17:56:17 -0500, John Lyons wrote > > I'm just going through init.d from our stock RH7.2 and there seem to be > quite a few services that could safely be removed > > Are there any reasons why I shouldn't be removing these packages? > > > ypbind Used for NIS. Can be removed. Vservers may use NIS to share password with other server as needed. > apmd Not needed. Advanced power management. Only useful in a root server (useful ? I have never seen it works ...) > iptables Only useful in the root server. Used to configure the firewall. By default vservers are not allowed to handle the firewall. > killall Not a service, but there anyway. A pseudo service used in runlevel 6 to kill the remaining processes. You can keep it there. Anyway, it is part of the initscript package, so you can't get rid of it easily > network Used to configure the network. vserver are not allowed to do that. > nscd Used as a dns client cache by the glibc resolver. A vserver can use it to speed up some network access. > single A pseudo service, part of initscript I think. > functions Not a service a all. Part of initscripts. It contains useful bash function used all over the place in the scripts. > identd Support the auth protocol. You keep it if you want. Not useful for internet server. May be useful for intranet server, when using rsh like services. It allows another server to request the username associated with a socket. > kdcrotate Needed if you use kerberos. > ffs Note sure. rpm -qfi /etc/init.d/ffs is your friend. > ntpd Not useful since a vserver can't set the server time. You can get rid of it. > random Not useful. Need to prime the random generator in the kernel. Only the root vserver can do that. > snmpd snmp daemon, useful to monitor stuff on your box. Can be used in a vserver. If you don't know about snmp, you probably don't need it ? > autofs used to automount stuff. A vserver is not allowed to mount stuff by default. So you can get rid of it. > halt Pseudo service to stop the machine. Part of initscript > ipchains Firewall service, not useful in a vserver (a vserver can't use it by default) > keytable Not useful for vserver. Used to configure the server keyboard. > netfs used to perform NFS mount at boot time. A vserver is not allowed to do so. > nfslock NFS lock daemon. For now, a vserver does not work as an NFS server. Not useful for now. > portmap The NFS server (for one) needs it. RPC services are using portmap to register the port they are using. Few services needs that. NFS for one. > rawdevices Only useful to configure raw devices in the root server. > Regards Don't know this service, probably not useful in linux servers at all. I was told it was a new IETF standards to ease communication between human being, but far too many people think it is optional :-) --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Thu Mar 28 19:34:30 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2T0YT7Y011634; Thu, 28 Mar 2002 19:34:29 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2T0OZY18491 for vserver.list; Thu, 28 Mar 2002 19:24:35 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from john-new (host213-122-23-102.in-addr.btopenworld.com [213.122.23.102]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2T0OXh18487 for ; Thu, 28 Mar 2002 19:24:33 -0500 Received: from 192.168.201.1 by john-new ([192.168.201.1] running VPOP3) with SMTP for ; Fri, 29 Mar 2002 00:24:17 -0000 From: "John Lyons" To: Subject: RE: [vserver] init.d Date: Fri, 29 Mar 2002 00:24:16 -0000 Message-ID: <041c01c1d6b8$10215130$4e237ad5@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <20020328183144.dc6b0d0fe7cf@remtk.solucorp.qc.ca> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 388 > > Regards > > Don't know this service, probably not useful in linux servers > at all. I was told > it was a new IETF standards to ease communication between > human being, but > far too many people think it is optional :-) LOL Many many thanks for that. I'm sure your notes here will be useful for lots of other people in the future. They've certainly sorted things out for me. Regards John Lyons From vserver.error@solucorp.qc.ca Sat Mar 30 13:01:04 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2UI137Y029481; Sat, 30 Mar 2002 13:01:03 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2UHgte06619 for vserver.list; Sat, 30 Mar 2002 12:42:55 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from hoffman.vilain.net (ppp-225-59-229.friaco.access.uk.tiscali.com [80.225.59.229]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2UHgoh06608 for ; Sat, 30 Mar 2002 12:42:52 -0500 Received: from hoffman.vilain.net ([127.0.0.1] helo=hoffman ident=sam) by hoffman.vilain.net with smtp (Exim 3.33 #1 (Debian)) id 16rMs8-00012G-00 for ; Sat, 30 Mar 2002 17:42:36 +0000 Date: Sat, 30 Mar 2002 17:42:35 +0000 From: Sam Vilain To: vserver@solucorp.qc.ca Subject: Re: [vserver] tree-quotas Message-Id: <20020330174235.28ea3101.sv@easyspace.com> In-Reply-To: References: Organization: Easyspace Ltd X-Mailer: Sylpheed version 0.7.0 (GTK+ 1.2.10; i386-debian-linux-gnu) X-Face: PI2{lKxF*i|]%@A&-0AV/%sXN)UJ<+SeG}%8Cn%**KZ[f_OSx{xw&Rstfu?!x^ZJ%LV@4Z% Zr"EZm.GQFy@;"V82_:?cJ`kQ3+ Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 389 Yes, this works by adding an extra inode attribute - a quota ID. However, the author of the Tree Quotas patch has tied this arbitrarily to rules about which directories files are in - which doesn't work well with hard links across the directories. You need to hard link stuff like libc between the vservers to save RAM, if you really want to cram the vservers on your host machines :). But if there was a userland utility to manipulate the quota IDs, and selectable behaviour for the default values, then it might be very useful for vserver users and everyone else. Sam. Jerker Nyberg wrote: > I read about tree-quotas in LWN a few months ago. Maybe it can be of use > or inspiration for vserver users. I havn't tried it. > > http://lwn.net/2001/1025/a/tree-quotas.php3 > > http://cgi.cse.unsw.edu.au/~neilb/wiki/?TreeQuotas > > Regards, > Jerker Nyberg. > Uppsala, Sweden. > > -- Sam Vilain, sv@easyspace.com Easyspace: an accredited ICANN GPG: http://sam.vilain.net/sam.asc registrar & web hosting company 7D74 2A09 B2D3 C30F F78E Have your domain run by techies 278A A425 30A9 05B5 2F13 with a clue. www.easyspace.com From vserver.error@solucorp.qc.ca Sat Mar 30 13:53:57 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2UIrv7Y029674; Sat, 30 Mar 2002 13:53:57 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2UIbox07691 for vserver.list; Sat, 30 Mar 2002 13:37:50 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from lakemtao03.cox.net (lakemtao03.cox.net [68.1.17.242]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2UIbnh07687 for ; Sat, 30 Mar 2002 13:37:50 -0500 Received: from gregg ([68.3.68.74]) by lakemtao03.cox.net (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with SMTP id <20020330183747.XARD18064.lakemtao03.cox.net@gregg> for ; Sat, 30 Mar 2002 13:37:47 -0500 Message-ID: <00c701c1d819$fc66c4a0$010510ac@gregg> From: "Gregg" To: References: <20020330174235.28ea3101.sv@easyspace.com> Subject: [vserver] email list ok? Date: Sat, 30 Mar 2002 11:37:45 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-99.9 required=5.0 tests=SUBJ_ENDS_IN_Q_MARK,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 390 I thought something was wrong when I didn't get any email from the email list in a day or two, and today I just get one email, and it was a reply on a subject I had never received. Has anyone else been experiencing problems with the email list? I think it started with all the emails we were getting from the person that was on vacation, and all the away messages. From vserver.error@solucorp.qc.ca Sat Mar 30 15:11:58 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2UKBv7Y030182; Sat, 30 Mar 2002 15:11:57 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2UJv0F08927 for vserver.list; Sat, 30 Mar 2002 14:57:00 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from dstmmr1.datastream.net ([208.147.204.24]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g2UJuxh08922 for ; Sat, 30 Mar 2002 14:56:59 -0500 Received: from dsmail.dstm.com (unverified) by dstmmr1.datastream.net (Content Technologies SMTPRS 4.2.5) with ESMTP id ; Sat, 30 Mar 2002 14:56:54 -0500 Received: by DSMAIL with Internet Mail Service (5.5.2650.21) id ; Sat, 30 Mar 2002 14:43:15 -0500 Message-ID: <41ADD51AFBA1D311811300508B553F71026A4E8D@DSMAIL2> From: Mike Savage To: "'vserver@solucorp.qc.ca'" Cc: "'raanders@acm.org'" Subject: Re: [vserver] 2.4.18ctx-9 Kernel Date: Sat, 30 Mar 2002 14:56:51 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by dns.solucorp.qc.ca id g2UJuxh08922 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 391 I too have experienced random kernel oops as well as lockups triggered by performing netstat against the 2.4.18-ctx9 kernel. This was using a 2.4.18-ctx9 kernel, running on a Compaq DL360...dual PIII system with 4 GB RAM. I had compiled the kernel myself, which also included a patch from Compaq using the latest stable driver for the Compaq smart2 array. I then backed down to using 2.4.18-ctx8, also including the Compaq smart2 array driver patch and the system is rock-solid so far. I am currently utilizing two vservers, each running a copy of a J2EE application server I have been working on which uses apache/jboss/tomcat pointing to an Oracle backend. During my load-testing, I have been able to throw heavy workloads at both vservers for tests lasting well over 24 hours. I am currently running a lighter load test over this weekend to evaluate stability over a period of several days...a load that would more closely resemble what the system would see in production. I will post again once I have more data regarding my extended loadtests. On a side note, I was wondering if anyone has been working on any vserver patches against kernel trees that are more experimental in nature, ie, http://infolinux.de/jp8/ maintained by Jörg Prante, or http://kernel.org/pub/linux/kernel/people/mjc/linux-2.4/Changelog.mjc maintained by Michael Cohen. Thank you for your time, J. Michael Savage DBA/Sysadmin Datastream Development Datastream ASP Hosting Services From vserver.error@solucorp.qc.ca Sat Mar 30 15:17:35 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2UKHZ7Y030206; Sat, 30 Mar 2002 15:17:35 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2UK2t509082 for vserver.list; Sat, 30 Mar 2002 15:02:55 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from home.2interactive.com (NS1.2INTERACTIVE.COM [64.170.22.5]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g2UK2sh09077 for ; Sat, 30 Mar 2002 15:02:54 -0500 Received: (qmail 25959 invoked by uid 505); 30 Mar 2002 20:01:51 -0000 Received: from twistedhammer@subdimension.com by home.2interactive.com by uid 502 with qmail-scanner-1.10 (. Clear:0. Processed in 0.811506 secs); 30 Mar 2002 20:01:51 -0000 X-Qmail-Scanner-Mail-From: twistedhammer@subdimension.com via home.2interactive.com X-Qmail-Scanner: 1.10 (Clear:0. Processed in 0.811506 secs) Received: from unknown (HELO subdimension.com) (66.81.54.149) by 0 with SMTP; 30 Mar 2002 20:01:49 -0000 Date: Sat, 30 Mar 2002 10:40:09 -0900 (AKST) From: James Gibson X-X-Sender: james@camero.fantasia.tld To: vserver@solucorp.qc.ca Subject: Re: [vserver] email list ok? In-Reply-To: <00c701c1d819$fc66c4a0$010510ac@gregg> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-1.9 required=5.0 tests=IN_REP_TO,SUBJ_ENDS_IN_Q_MARK version=2.01 Status: RO X-Status: X-Keywords: X-UID: 392 I think all is well, just a little subdued from the copius amount of cruft. That subject was from about a week back.. if you keep archives of your lists you can check. it's there. =) James Gibson On Sat, 30 Mar 2002, Gregg wrote: > I thought something was wrong when I didn't get any email from the email > list in a day or two, and today I just get one email, and it was a reply on > a subject I had never received. Has anyone else been experiencing problems > with the email list? I think it started with all the emails we were getting > from the person that was on vacation, and all the away messages. > > > > > From vserver.error@solucorp.qc.ca Sun Mar 31 14:31:09 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2VJV87Y026437; Sun, 31 Mar 2002 14:31:09 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2VJAOP11097 for vserver.list; Sun, 31 Mar 2002 14:10:24 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from himail.edinfo.es (himail.ibcdomains.net [212.49.142.211]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g2VJANh11093 for ; Sun, 31 Mar 2002 14:10:24 -0500 Received: (qmail 12908 invoked from network); 31 Mar 2002 19:03:35 -0000 Received: from unknown (HELO iname.com) (80.81.104.202) by himail.ibcdomains.net with SMTP; 31 Mar 2002 19:03:35 -0000 Message-ID: <3CA75F3F.8000307@iname.com> Date: Sun, 31 Mar 2002 21:10:55 +0200 From: Enric Lafont User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020204 X-Accept-Language: es, en-us MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: [vserver] Kernel locks Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 393 Hi I'm testing vserver now for about three days but without any luck, Maybe I'm doing something wrong ? I've an Athlon 950 Mhz with a Sis530 chipset, a Sis900 100bT ethernet, with a Sis630 Vga, 256 Mb Ram, and a 30 Gb Seagate barracuda harddisk ATA-66, with a Mandrake 8.2 distro installed. I'm doing all my work in various Xterm sessions (so I'm using the X server with Xfce) I've downloaded the kernel-2.4.18ctx-9 from solucorp, installed it, and rebooted. Eventually I get a FULL HANG on the machine, everything gets locked, the only thing I can do is fully restart the machine. The problem is that I can not define a lock pattern that everyone can test. I've recompiled the kernel by miself to tune it to my equipment, but with the same luck, the machine hangs consistentlly. Does anyone knows where is the problem ?, Have anyone have any clue where can be the problem ? The last lock happened this way: 1.- Started the machine, it's main IP is 10.9.8.10 2.- Log in the X session 3.- Opened a Xterm 4.- Stopped VSS0 vservers, it was started automatically by the sysVinit scripts 5.- Started VSS0 vserver, it's binded to 192.168.10.1 (ctx 3), it starts also v_proftpd (standalone), v_httpd and v_ssh 6.- Stopped the Apache server of the main IP (ctx 0) 7.- netstat -nat (ctx 0) just to see that Apache was unbinded from port 80, the netstat did not get executed, the machine was fully locked. This pattern is not fiable, it does not ever happens the same way. I'm going to test other hardware, but while the tests last, I would like to know if someone knows something about why I get the machine locked. I've readed all the mailing list, but no one has a similar problem, and now I'm out of help to look for a solution. Thanks for any help Enric Lafont From vserver.error@solucorp.qc.ca Sun Mar 31 15:05:00 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2VK4x7Y026636; Sun, 31 Mar 2002 15:05:00 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2VJq7O11747 for vserver.list; Sun, 31 Mar 2002 14:52:07 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtp017.mail.yahoo.com (smtp017.mail.yahoo.com [216.136.174.114]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g2VJq7h11743 for ; Sun, 31 Mar 2002 14:52:07 -0500 Received: from dsl-65-189-35-237.telocity.com (HELO PremiumFood) (peterkwanchan@65.189.35.237 with login) by smtp.mail.vip.sc5.yahoo.com with SMTP; 31 Mar 2002 19:52:06 -0000 From: "Peter Kwan Chan" To: Subject: RE: [vserver] Kernel locks Date: Sun, 31 Mar 2002 13:51:48 -0600 Message-ID: <000201c1d8ed$81921d90$ed23bd41@PremiumFood> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 Importance: Normal In-Reply-To: <3CA75F3F.8000307@iname.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 394 2.4.18ctx-9 seems to be the troubling one. I am surprised that you didn't find any information on the mailing list. Lots of people reported problem running 2.4.18ctx-9(including myself). The machine will lock if you execute netstat. I am currently using ctx-8, which is very stable. Peter -----Original Message----- From: Enric Lafont [mailto:rayder@iname.com] Sent: Sunday, March 31, 2002 1:11 PM To: vserver@solucorp.qc.ca Subject: [vserver] Kernel locks Hi I'm testing vserver now for about three days but without any luck, Maybe I'm doing something wrong ? I've an Athlon 950 Mhz with a Sis530 chipset, a Sis900 100bT ethernet, with a Sis630 Vga, 256 Mb Ram, and a 30 Gb Seagate barracuda harddisk ATA-66, with a Mandrake 8.2 distro installed. I'm doing all my work in various Xterm sessions (so I'm using the X server with Xfce) I've downloaded the kernel-2.4.18ctx-9 from solucorp, installed it, and rebooted. Eventually I get a FULL HANG on the machine, everything gets locked, the only thing I can do is fully restart the machine. The problem is that I can not define a lock pattern that everyone can test. I've recompiled the kernel by miself to tune it to my equipment, but with the same luck, the machine hangs consistentlly. Does anyone knows where is the problem ?, Have anyone have any clue where can be the problem ? The last lock happened this way: 1.- Started the machine, it's main IP is 10.9.8.10 2.- Log in the X session 3.- Opened a Xterm 4.- Stopped VSS0 vservers, it was started automatically by the sysVinit scripts 5.- Started VSS0 vserver, it's binded to 192.168.10.1 (ctx 3), it starts also v_proftpd (standalone), v_httpd and v_ssh 6.- Stopped the Apache server of the main IP (ctx 0) 7.- netstat -nat (ctx 0) just to see that Apache was unbinded from port 80, the netstat did not get executed, the machine was fully locked. This pattern is not fiable, it does not ever happens the same way. I'm going to test other hardware, but while the tests last, I would like to know if someone knows something about why I get the machine locked. I've readed all the mailing list, but no one has a similar problem, and now I'm out of help to look for a solution. Thanks for any help Enric Lafont _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com From vserver.error@solucorp.qc.ca Sun Mar 31 15:38:17 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2VKcG7Y026835; Sun, 31 Mar 2002 15:38:16 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2VKMVS12270 for vserver.list; Sun, 31 Mar 2002 15:22:31 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from blackfish.neopeak.com (modemcable033.68-200-24.mtl.mc.videotron.ca [24.200.68.33]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g2VKMUh12266 for ; Sun, 31 Mar 2002 15:22:30 -0500 Received: (qmail 2553 invoked by uid 1001); 31 Mar 2002 20:22:29 -0000 Content-Type: text/plain; charset="iso-8859-1" From: Cedric Veilleux Organization: Neopeak Internet Solutions To: vserver@solucorp.qc.ca, Enric Lafont Subject: Re: [vserver] Kernel locks Date: Sun, 31 Mar 2002 15:22:29 -0500 X-Mailer: KMail [version 1.4] References: <3CA75F3F.8000307@iname.com> In-Reply-To: <3CA75F3F.8000307@iname.com> MIME-Version: 1.0 Message-Id: <200203311522.29840.cedric@neopeak.com> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by dns.solucorp.qc.ca id g2VKMUh12266 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 395 There is a known issue with CTX-9. The system freezes when accessing /proc/net/tcp. Netstats reads /proc/net/tcp. On March 31, 2002 02:10 pm, Enric Lafont wrote: > Hi > > I'm testing vserver now for about three days but without any luck, Maybe > I'm doing something wrong ? > > I've an Athlon 950 Mhz with a Sis530 chipset, a Sis900 100bT ethernet, > with a Sis630 Vga, 256 Mb Ram, and a 30 Gb Seagate barracuda harddisk > ATA-66, with a Mandrake 8.2 distro installed. > > I'm doing all my work in various Xterm sessions (so I'm using the X > server with Xfce) > > I've downloaded the kernel-2.4.18ctx-9 from solucorp, installed it, and > rebooted. Eventually I get a FULL HANG on the machine, everything gets > locked, the only thing I can do is fully restart the machine. The > problem is that I can not define a lock pattern that everyone can test. > > I've recompiled the kernel by miself to tune it to my equipment, but > with the same luck, the machine hangs consistentlly. > > Does anyone knows where is the problem ?, Have anyone have any clue > where can be the problem ? > > The last lock happened this way: > 1.- Started the machine, it's main IP is 10.9.8.10 > 2.- Log in the X session > 3.- Opened a Xterm > 4.- Stopped VSS0 vservers, it was started automatically by the sysVinit > scripts > 5.- Started VSS0 vserver, it's binded to 192.168.10.1 (ctx 3), it starts > also v_proftpd (standalone), v_httpd and v_ssh > 6.- Stopped the Apache server of the main IP (ctx 0) > 7.- netstat -nat (ctx 0) just to see that Apache was unbinded from port > 80, the netstat did not get executed, the machine was fully locked. > > This pattern is not fiable, it does not ever happens the same way. > > I'm going to test other hardware, but while the tests last, I would like > to know if someone knows something about why I get the machine locked. > > I've readed all the mailing list, but no one has a similar problem, and > now I'm out of help to look for a solution. > > Thanks for any help > > Enric Lafont -- Cédric Veilleux Neopeak Internet Solutions From vserver.error@solucorp.qc.ca Sun Mar 31 15:44:40 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2VKid7Y026910; Sun, 31 Mar 2002 15:44:40 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2VKMvj12285 for vserver.list; Sun, 31 Mar 2002 15:22:57 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.tuts.net (deathstar.tuts.net [194.97.52.114]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g2VKMuh12281 for ; Sun, 31 Mar 2002 15:22:57 -0500 Received: (qmail 22154 invoked by uid 668); 31 Mar 2002 20:22:50 -0000 Date: Sun, 31 Mar 2002 22:22:50 +0200 From: Tobias Klausmann To: vserver@solucorp.qc.ca Subject: Re: [vserver] Kernel locks Message-ID: <20020331202250.GA21243@tuts.net> Mail-Followup-To: vserver@solucorp.qc.ca References: <3CA75F3F.8000307@iname.com> <000201c1d8ed$81921d90$ed23bd41@PremiumFood> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <000201c1d8ed$81921d90$ed23bd41@PremiumFood> User-Agent: Mutt/1.3.28i Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 396 Hi! On Sun, 31 Mar 2002, Peter Kwan Chan wrote: > 2.4.18ctx-9 seems to be the troubling one. I am surprised that you > didn't find any information on the mailing list. Lots of people reported > problem running 2.4.18ctx-9(including myself). The machine will lock if > you execute netstat. I have been hammering two machines running vserver with netstat - not a single lockup. A coworker reports ntp consuming all free FDs when using ctx8 - but I have no more data on that (I'll look into it next week). So far ctx9 has been rock solid for me. All installations (including the ntp-lockup ones) are based on RedHat. Interestingly, the ntp lockups happen on the main server (i.e. ntp is not running in a vserver) and there are no "full" vservers running on that machine, only the security contexts are switched for selected server binaries. Greets, Tobias -- The major difference between bonds and bond traders is that the bonds will eventually mature. From vserver.error@solucorp.qc.ca Sun Mar 31 16:32:18 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2VLWH7Y027154; Sun, 31 Mar 2002 16:32:17 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2VLHu713280 for vserver.list; Sun, 31 Mar 2002 16:17:56 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from himail.edinfo.es (himail.ibcdomains.net [212.49.142.211]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g2VLHsh13275 for ; Sun, 31 Mar 2002 16:17:55 -0500 Received: (qmail 18439 invoked from network); 31 Mar 2002 21:11:26 -0000 Received: from unknown (HELO iname.com) (80.81.104.202) by himail.ibcdomains.net with SMTP; 31 Mar 2002 21:11:26 -0000 Message-ID: <3CA77D36.9040507@iname.com> Date: Sun, 31 Mar 2002 23:18:46 +0200 From: Enric Lafont User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020204 X-Accept-Language: es, en-us MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] Kernel locks References: <000201c1d8ed$81921d90$ed23bd41@PremiumFood> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 397 Thanks for the help, I'm going to test now the ctx-8. The problem is that netstat does not hang the machine every time, just some times. And yes, I've read a lot of the mailing list archives, and I've not found any clue of this problem, I've not read them all, but a lot of them. Thanks again to all who helped me. Back to the work again with ctx-8 :-) Enric Peter Kwan Chan wrote: >2.4.18ctx-9 seems to be the troubling one. I am surprised that you >didn't find any information on the mailing list. Lots of people reported >problem running 2.4.18ctx-9(including myself). The machine will lock if >you execute netstat. > >I am currently using ctx-8, which is very stable. > >Peter > From vserver.error@solucorp.qc.ca Sun Mar 31 16:37:11 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g2VLbA7Y027174; Sun, 31 Mar 2002 16:37:10 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g2VLLpE13373 for vserver.list; Sun, 31 Mar 2002 16:21:51 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from himail.edinfo.es (himail.ibcdomains.net [212.49.142.211]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g2VLLoh13369 for ; Sun, 31 Mar 2002 16:21:50 -0500 Received: (qmail 18634 invoked from network); 31 Mar 2002 21:15:22 -0000 Received: from unknown (HELO iname.com) (80.81.104.202) by himail.ibcdomains.net with SMTP; 31 Mar 2002 21:15:22 -0000 Message-ID: <3CA77E21.4090305@iname.com> Date: Sun, 31 Mar 2002 23:22:41 +0200 From: Enric Lafont User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020204 X-Accept-Language: es, en-us MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] Kernel locks References: <3CA75F3F.8000307@iname.com> <000201c1d8ed$81921d90$ed23bd41@PremiumFood> <20020331202250.GA21243@tuts.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 398 For me is very similar, netstat does work right, but it mostly fails after a "vserver v1 stop " and when in "ctx 0" , still have not done any test with ntp, but will do as soon as I get something stable to work with. Enric Tobias Klausmann wrote: >Hi! > >On Sun, 31 Mar 2002, Peter Kwan Chan wrote: > >>2.4.18ctx-9 seems to be the troubling one. I am surprised that you >>didn't find any information on the mailing list. Lots of people reported >>problem running 2.4.18ctx-9(including myself). The machine will lock if >>you execute netstat. >> > >I have been hammering two machines running vserver with netstat - >not a single lockup. A coworker reports ntp consuming all free >FDs when using ctx8 - but I have no more data on that (I'll look >into it next week). So far ctx9 has been rock solid for me. > >All installations (including the ntp-lockup ones) are based on >RedHat. Interestingly, the ntp lockups happen on the main server >(i.e. ntp is not running in a vserver) and there are no "full" >vservers running on that machine, only the security contexts are >switched for selected server binaries. > >Greets, >Tobias > From vserver.error@solucorp.qc.ca Mon Apr 1 10:33:26 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g31FXP7Y001512; Mon, 1 Apr 2002 10:33:26 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g31FHKT32064 for vserver.list; Mon, 1 Apr 2002 10:17:20 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from Trademart-1.ednet.ns.ca (Trademart-1.EDnet.NS.CA [142.227.51.1]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g31FHJh32060 for ; Mon, 1 Apr 2002 10:17:20 -0500 Received: from macleajb (helo=localhost) by Trademart-1.ednet.ns.ca with local-esmtp (Exim 3.35 #1) id 16s3Yd-0000VS-00 for vserver@solucorp.qc.ca; Mon, 01 Apr 2002 11:17:19 -0400 Date: Mon, 1 Apr 2002 11:17:19 -0400 (AST) From: James MacLean To: Subject: [vserver] That ctx-9 bug Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 399 Just curious if there is any use to porting the CTX patches to the User-Mode Linux code and seeing if one could break it in there? Or would it even work under UML? Just curious, JES -- James B. MacLean macleajb@ednet.ns.ca Department of Education http://www.ednet.ns.ca/~macleajb Nova Scotia, Canada B3M 4B2 From vserver.error@solucorp.qc.ca Mon Apr 1 17:43:03 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g31Mh17Y005082; Mon, 1 Apr 2002 17:43:02 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g31MPOB08734 for vserver.list; Mon, 1 Apr 2002 17:25:24 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtpout.telecom.co.nz (smtpout.telecom.co.nz [146.171.14.10]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g31MPMh08730 for ; Mon, 1 Apr 2002 17:25:24 -0500 Received: from aksmtpmdr2.telecom.co.nz (aksmtpmdr2 [146.171.1.21]) by smtpout.telecom.co.nz (Postfix) with SMTP id 2674345EE9 for ; Tue, 2 Apr 2002 10:25:16 +1200 (NZST) Received: from 192.168.192.22 by aksmtpmdr2.telecom.co.nz with ESMTP ( Tumbleweed MMS SMTP Relay (MMS v4.7);); Tue, 02 Apr 2002 10:25:12 +1200 X-Server-Uuid: 9e124d90-33fb-11d3-a293-006008c1e5af Received: from ganymede ([127.0.0.1] helo=localhost.localdomain ident=fran) by ganymede with esmtp (Exim 3.35 #1 (Debian)) id 16sADG-0004wu-00 for ; Tue, 02 Apr 2002 10:23: 42 +1200 Subject: [vserver] vserver shutdown From: "Fran Firman" To: vserver X-Mailer: Evolution/1.0.2 Date: 02 Apr 2002 10:23:41 +1200 Message-ID: <1017699822.17892.2.camel@ganymede> MIME-Version: 1.0 X-WSS-ID: 10B601C298290-01-01 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: O X-Status: X-Keywords: X-UID: 400 I have a vserver running debian linux, with sshd and apache in it, as a testing envioroment. Now when I do a vserver vserver-name stop, it seems to shut down ok. I get a few errors regarding umounting a device. New security context is 0 /etc/rc.d/rc: /etc/rc.d/init.d/functions: No such file or directory Sending all processes the TERM signal... done. Sending all processes the KILL signal... done. Initializing random number generator... done. Unmounting remote filesystems... done. Deactivating swap... done. Unmounting local filesystems... umount2: Invalid argument umount: /dev/ubd/0: not found umount: /: Illegal seek done. mount: permission denied Rebooting... sleep 5 Killing all processes expr: syntax error When I then start it back up again, sometimes the webserver and sshd won't start as they can't bind to their ports. thoughts??? Fran. From vserver.error@solucorp.qc.ca Mon Apr 1 18:13:58 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g31NDv7Y005326; Mon, 1 Apr 2002 18:13:58 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g31Mupg09253 for vserver.list; Mon, 1 Apr 2002 17:56:51 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtpout.telecom.co.nz (smtpout.telecom.co.nz [146.171.14.10]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g31Muoh09249 for ; Mon, 1 Apr 2002 17:56:50 -0500 Received: from aksmtpmdr2.telecom.co.nz (aksmtpmdr2 [146.171.1.21]) by smtpout.telecom.co.nz (Postfix) with SMTP id 1FB8745F2F for ; Tue, 2 Apr 2002 10:56:49 +1200 (NZST) Received: from 192.168.192.22 by aksmtpmdr2.telecom.co.nz with ESMTP ( Tumbleweed MMS SMTP Relay (MMS v4.7);); Tue, 02 Apr 2002 10:56:45 +1200 X-Server-Uuid: 9e124d90-33fb-11d3-a293-006008c1e5af Received: from ganymede ([127.0.0.1] helo=localhost.localdomain ident=fran) by ganymede with esmtp (Exim 3.35 #1 (Debian)) id 16sAhn-00053j-00 for ; Tue, 02 Apr 2002 10:55: 16 +1200 Subject: Re: [vserver] vserver shutdown From: "Fran Firman" To: vserver In-Reply-To: <1017699822.17892.2.camel@ganymede> References: <1017699822.17892.2.camel@ganymede> X-Mailer: Evolution/1.0.2 Date: 02 Apr 2002 10:55:14 +1200 Message-ID: <1017701715.17892.7.camel@ganymede> MIME-Version: 1.0 X-WSS-ID: 10B63A27106121-01-01 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: O X-Status: X-Keywords: X-UID: 401 I have now figured out what the problem is. The shutdown script is using /etc/rc.d/init.d/functions, which doesn't exist under debian. So the processes are not being removed correctly anyway, and that is why the ports are staying allocated. I'm going to have a look for the functions script to find out what it does, and emulate it under debian, so that it should all work right.. Fran On Tue, 2002-04-02 at 10:23, Fran Firman wrote: > I have a vserver running debian linux, with sshd and apache in it, as a > testing envioroment. > > Now when I do a vserver vserver-name stop, it seems to shut down ok. > > I get a few errors regarding umounting a device. > > New security context is 0 > /etc/rc.d/rc: /etc/rc.d/init.d/functions: No such file or directory > Sending all processes the TERM signal... done. > Sending all processes the KILL signal... done. > Initializing random number generator... done. > Unmounting remote filesystems... done. > Deactivating swap... done. > Unmounting local filesystems... umount2: Invalid argument > umount: /dev/ubd/0: not found > umount: /: Illegal seek > done. > mount: permission denied > Rebooting... sleep 5 > Killing all processes > expr: syntax error > > > When I then start it back up again, sometimes the webserver and sshd > won't start as they can't bind to their ports. > > thoughts??? > > > Fran. > > > > > > From vserver.error@solucorp.qc.ca Tue Apr 2 03:16:31 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g328GU7Y008546; Tue, 2 Apr 2002 03:16:31 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g32820F20048 for vserver.list; Tue, 2 Apr 2002 03:02:00 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3281xh20041 for ; Tue, 2 Apr 2002 03:01:59 -0500 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16sJEn-0001IU-00 for ; Tue, 02 Apr 2002 10:01:53 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16sJEn-0001IJ-00 for ; Tue, 02 Apr 2002 10:01:53 +0200 Sender: jon@silicide.dk Message-ID: <3CA96571.F43BA324@silicide.dk> Date: Tue, 02 Apr 2002 10:01:53 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] init.d References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: vserver@solucorp.qc.ca Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: O X-Status: X-Keywords: X-UID: 402 raanders@acm.org wrote: > > On Thu, 28 Mar 2002, John Lyons wrote: > > > > > I'm just going through init.d from our stock RH7.2 and there seem to be > > quite a few services that could safely be removed > > > > Are there any reasons why I shouldn't be removing these packages? > > From a vserver right? Well I just got POP3 working from a vserver after I > put in an ipchains accept rule for port 110 in the vserver. Doing it from > the main server didn't seem to make a difference to the vserver. I would be carefull using ipchains... (and dont you mean iptables ?) I tried setting up ipmasq and thus it used iptables. My server crashed. The HOLE server, bringing down every vserver in it. (see other report for details) JonB From vserver.error@solucorp.qc.ca Tue Apr 2 03:17:55 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g328Ht7Y008554; Tue, 2 Apr 2002 03:17:55 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3288NT20179 for vserver.list; Tue, 2 Apr 2002 03:08:23 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3288Nh20175 for ; Tue, 2 Apr 2002 03:08:23 -0500 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16sJL5-0001JF-00 for ; Tue, 02 Apr 2002 10:08:23 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16sJL5-0001J4-00 for ; Tue, 02 Apr 2002 10:08:23 +0200 Sender: jon@silicide.dk Message-ID: <3CA966F7.DBB4D3D9@silicide.dk> Date: Tue, 02 Apr 2002 10:08:23 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] init.d References: <20020328183144.dc6b0d0fe7cf@remtk.solucorp.qc.ca> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: vserver@solucorp.qc.ca Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: O X-Status: X-Keywords: X-UID: 403 > > nfslock > > NFS lock daemon. For now, a vserver does not work as an NFS server. Not useful > for now. You can circumvent this, and get a working NFS server inside a linux vserver. I'm using it both at work, and at home. The trick is to install a user space NFS server, then it works. Notice that when i ran this user space NFS daemon in a vserver, and ipmasq in the root server, then the machine locked up hard. I had it happen 3 times in a row. It can run for a little while while you are using the NFS share. But within 30 seconds mine locked up, bringing down the HOLE machine with all vservers in it. JonB From vserver.error@solucorp.qc.ca Tue Apr 2 03:24:24 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g328OO7Y008599; Tue, 2 Apr 2002 03:24:24 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g328But20264 for vserver.list; Tue, 2 Apr 2002 03:11:56 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g328Buh20259 for ; Tue, 2 Apr 2002 03:11:56 -0500 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16sJOW-0001Ji-00 for ; Tue, 02 Apr 2002 10:11:56 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16sJOW-0001JX-00 for ; Tue, 02 Apr 2002 10:11:56 +0200 Sender: jon@silicide.dk Message-ID: <3CA967CC.A0F82833@silicide.dk> Date: Tue, 02 Apr 2002 10:11:56 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] Kernel locks References: <3CA75F3F.8000307@iname.com> <200203311522.29840.cedric@neopeak.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: vserver@solucorp.qc.ca Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: O X-Status: X-Keywords: X-UID: 404 Cedric Veilleux wrote: > > There is a known issue with CTX-9. The system freezes when accessing > /proc/net/tcp. Netstats reads /proc/net/tcp. hmm, is that why i cant run ipmasq in the root server while running a user space NFS daemon in a vserver ?? If i run without ipmasq it works fine. JonB From vserver.error@solucorp.qc.ca Tue Apr 2 03:26:32 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g328QV7Y008612; Tue, 2 Apr 2002 03:26:32 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g328H5E20425 for vserver.list; Tue, 2 Apr 2002 03:17:05 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g328H4h20421 for ; Tue, 2 Apr 2002 03:17:04 -0500 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16sJTU-0001KO-00 for ; Tue, 02 Apr 2002 10:17:04 +0200 Received: from localhost ([127.0.0.1]) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16sJTU-0001KE-00 for ; Tue, 02 Apr 2002 10:17:04 +0200 Delivered-To: silicide_dk-jon+vserver@silicide.dk Received: from mail.dht.dk [194.239.148.46] by localhost with POP3 (fetchmail-5.9.0) for jon+vserver@silicide.dk (multi-drop); Tue, 02 Apr 2002 10:17:04 +0200 (CEST) Received: (qmail 73035 invoked from network); 2 Apr 2002 08:16:34 -0000 Received: from dns.solucorp.qc.ca (207.253.4.241) by 194.239.148.46 with SMTP; 2 Apr 2002 08:16:34 -0000 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g32820F20048 for vserver.list; Tue, 2 Apr 2002 03:02:00 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3281xh20041 for ; Tue, 2 Apr 2002 03:01:59 -0500 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16sJEn-0001IU-00 for ; Tue, 02 Apr 2002 10:01:53 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16sJEn-0001IJ-00 for ; Tue, 02 Apr 2002 10:01:53 +0200 Sender: jon@silicide.dk Message-ID: <3CA96571.F43BA324@silicide.dk> Date: Tue, 02 Apr 2002 10:01:53 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] init.d References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: jon+vserver@silicide.dk Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: O X-Status: X-Keywords: X-UID: 405 raanders@acm.org wrote: > > On Thu, 28 Mar 2002, John Lyons wrote: > > > > > I'm just going through init.d from our stock RH7.2 and there seem to be > > quite a few services that could safely be removed > > > > Are there any reasons why I shouldn't be removing these packages? > > From a vserver right? Well I just got POP3 working from a vserver after I > put in an ipchains accept rule for port 110 in the vserver. Doing it from > the main server didn't seem to make a difference to the vserver. I would be carefull using ipchains... (and dont you mean iptables ?) I tried setting up ipmasq and thus it used iptables. My server crashed. The HOLE server, bringing down every vserver in it. (see other report for details) JonB From vserver.error@solucorp.qc.ca Tue Apr 2 03:32:54 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g328Wr7Y008635; Tue, 2 Apr 2002 03:32:53 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g328J2c20483 for vserver.list; Tue, 2 Apr 2002 03:19:02 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g328J2h20479 for ; Tue, 2 Apr 2002 03:19:02 -0500 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16sJVO-0001Kg-00 for ; Tue, 02 Apr 2002 10:19:02 +0200 Received: from localhost ([127.0.0.1]) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16sJVO-0001KW-00 for ; Tue, 02 Apr 2002 10:19:02 +0200 Delivered-To: silicide_dk-jon+vserver@silicide.dk Received: from mail.dht.dk [194.239.148.46] by localhost with POP3 (fetchmail-5.9.0) for jon+vserver@silicide.dk (multi-drop); Tue, 02 Apr 2002 10:19:02 +0200 (CEST) Received: (qmail 74031 invoked from network); 2 Apr 2002 08:17:58 -0000 Received: from dns.solucorp.qc.ca (207.253.4.241) by 194.239.148.46 with SMTP; 2 Apr 2002 08:17:58 -0000 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3288NT20179 for vserver.list; Tue, 2 Apr 2002 03:08:23 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3288Nh20175 for ; Tue, 2 Apr 2002 03:08:23 -0500 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16sJL5-0001JF-00 for ; Tue, 02 Apr 2002 10:08:23 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16sJL5-0001J4-00 for ; Tue, 02 Apr 2002 10:08:23 +0200 Sender: jon@silicide.dk Message-ID: <3CA966F7.DBB4D3D9@silicide.dk> Date: Tue, 02 Apr 2002 10:08:23 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] init.d References: <20020328183144.dc6b0d0fe7cf@remtk.solucorp.qc.ca> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: jon+vserver@silicide.dk Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: O X-Status: X-Keywords: X-UID: 406 > > nfslock > > NFS lock daemon. For now, a vserver does not work as an NFS server. Not useful > for now. You can circumvent this, and get a working NFS server inside a linux vserver. I'm using it both at work, and at home. The trick is to install a user space NFS server, then it works. Notice that when i ran this user space NFS daemon in a vserver, and ipmasq in the root server, then the machine locked up hard. I had it happen 3 times in a row. It can run for a little while while you are using the NFS share. But within 30 seconds mine locked up, bringing down the HOLE machine with all vservers in it. JonB From vserver.error@solucorp.qc.ca Tue Apr 2 03:37:39 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g328bc7Y008652; Tue, 2 Apr 2002 03:37:39 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g328Ee620331 for vserver.list; Tue, 2 Apr 2002 03:14:40 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g328Eeh20327 for ; Tue, 2 Apr 2002 03:14:40 -0500 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16sJRA-0001K4-00 for ; Tue, 02 Apr 2002 10:14:40 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16sJRA-0001Jt-00 for ; Tue, 02 Apr 2002 10:14:40 +0200 Sender: jon@silicide.dk Message-ID: <3CA96870.2D5E8F50@silicide.dk> Date: Tue, 02 Apr 2002 10:14:40 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] vserver shutdown References: <1017699822.17892.2.camel@ganymede> <1017701715.17892.7.camel@ganymede> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: vserver@solucorp.qc.ca Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: O X-Status: X-Keywords: X-UID: 407 Fran Firman wrote: > > I have now figured out what the problem is. > > The shutdown script is using /etc/rc.d/init.d/functions, which doesn't > exist under debian. > > So the processes are not being removed correctly anyway, and that is why > the ports are staying allocated. > > I'm going to have a look for the functions script to find out what it > does, and emulate it under debian, so that it should all work right.. I run it under debian too. I found out that if i did a vserver stop vserver stop I wouldnt have any trouble. JonB From vserver.error@solucorp.qc.ca Tue Apr 2 03:42:59 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g328gw7Y008677; Tue, 2 Apr 2002 03:42:59 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g328P1o20676 for vserver.list; Tue, 2 Apr 2002 03:25:01 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g328P1h20651 for ; Tue, 2 Apr 2002 03:25:01 -0500 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16sJbB-0001Lg-00 for ; Tue, 02 Apr 2002 10:25:01 +0200 Received: from localhost ([127.0.0.1]) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16sJbB-0001LW-00 for ; Tue, 02 Apr 2002 10:25:01 +0200 Delivered-To: silicide_dk-jon+vserver@silicide.dk Received: from mail.dht.dk [194.239.148.46] by localhost with POP3 (fetchmail-5.9.0) for jon+vserver@silicide.dk (multi-drop); Tue, 02 Apr 2002 10:25:01 +0200 (CEST) Received: (qmail 44114 invoked from network); 2 Apr 2002 08:24:53 -0000 Received: from dns.solucorp.qc.ca (207.253.4.241) by ns.dht.dk with SMTP; 2 Apr 2002 08:24:53 -0000 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g328But20264 for vserver.list; Tue, 2 Apr 2002 03:11:56 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g328Buh20259 for ; Tue, 2 Apr 2002 03:11:56 -0500 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16sJOW-0001Ji-00 for ; Tue, 02 Apr 2002 10:11:56 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16sJOW-0001JX-00 for ; Tue, 02 Apr 2002 10:11:56 +0200 Sender: jon@silicide.dk Message-ID: <3CA967CC.A0F82833@silicide.dk> Date: Tue, 02 Apr 2002 10:11:56 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] Kernel locks References: <3CA75F3F.8000307@iname.com> <200203311522.29840.cedric@neopeak.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: jon+vserver@silicide.dk Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: O X-Status: X-Keywords: X-UID: 408 Cedric Veilleux wrote: > > There is a known issue with CTX-9. The system freezes when accessing > /proc/net/tcp. Netstats reads /proc/net/tcp. hmm, is that why i cant run ipmasq in the root server while running a user space NFS daemon in a vserver ?? If i run without ipmasq it works fine. JonB From vserver.error@solucorp.qc.ca Tue Apr 2 03:59:52 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g328xp7Y008724; Tue, 2 Apr 2002 03:59:52 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g328cYh20994 for vserver.list; Tue, 2 Apr 2002 03:38:34 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g328cYh20990 for ; Tue, 2 Apr 2002 03:38:34 -0500 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16sJoI-0001NL-00 for ; Tue, 02 Apr 2002 10:38:34 +0200 Received: from localhost ([127.0.0.1]) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16sJoI-0001NB-00 for ; Tue, 02 Apr 2002 10:38:34 +0200 Delivered-To: silicide_dk-jon+vserver@silicide.dk Received: from mail.dht.dk [194.239.148.46] by localhost with POP3 (fetchmail-5.9.0) for jon+vserver@silicide.dk (multi-drop); Tue, 02 Apr 2002 10:38:34 +0200 (CEST) Received: (qmail 89702 invoked from network); 2 Apr 2002 08:37:41 -0000 Received: from dns.solucorp.qc.ca (207.253.4.241) by 194.239.148.46 with SMTP; 2 Apr 2002 08:37:41 -0000 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g328Ee620331 for vserver.list; Tue, 2 Apr 2002 03:14:40 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g328Eeh20327 for ; Tue, 2 Apr 2002 03:14:40 -0500 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16sJRA-0001K4-00 for ; Tue, 02 Apr 2002 10:14:40 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16sJRA-0001Jt-00 for ; Tue, 02 Apr 2002 10:14:40 +0200 Sender: jon@silicide.dk Message-ID: <3CA96870.2D5E8F50@silicide.dk> Date: Tue, 02 Apr 2002 10:14:40 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] vserver shutdown References: <1017699822.17892.2.camel@ganymede> <1017701715.17892.7.camel@ganymede> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: jon+vserver@silicide.dk Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: O X-Status: X-Keywords: X-UID: 409 Fran Firman wrote: > > I have now figured out what the problem is. > > The shutdown script is using /etc/rc.d/init.d/functions, which doesn't > exist under debian. > > So the processes are not being removed correctly anyway, and that is why > the ports are staying allocated. > > I'm going to have a look for the functions script to find out what it > does, and emulate it under debian, so that it should all work right.. I run it under debian too. I found out that if i did a vserver stop vserver stop I wouldnt have any trouble. JonB From vserver.error@solucorp.qc.ca Tue Apr 2 09:02:35 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g32E2Y7Y011091; Tue, 2 Apr 2002 09:02:35 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g32Dmvc00379 for vserver.list; Tue, 2 Apr 2002 08:48:57 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from dstmmr1.datastream.net ([208.147.204.24]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g32Dmuh00374 for ; Tue, 2 Apr 2002 08:48:56 -0500 Received: from dsmail.dstm.com (unverified) by dstmmr1.datastream.net (Content Technologies SMTPRS 4.2.5) with ESMTP id for ; Tue, 2 Apr 2002 08:48:52 -0500 Received: by DSMAIL with Internet Mail Service (5.5.2650.21) id ; Tue, 2 Apr 2002 08:35:06 -0500 Message-ID: <41ADD51AFBA1D311811300508B553F71026A4EA5@DSMAIL2> From: Mike Savage To: "'vserver@solucorp.qc.ca'" Subject: [vserver] Vserver and multi-IP Date: Tue, 2 Apr 2002 08:48:49 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 410 Does anyone have any info on when multi-IP support will be available? Also, one particular post recently mentioned using port forwarding to achieve multiple IPs...what is meant by this? Network address translation? Turning on IP forwarding in the kernel? Thanks, Mike J. Michael Savage DBA/Sysadmin Datastream Development Datastream ASP Hosting Services (864) 422-7646 From vserver.error@solucorp.qc.ca Tue Apr 2 16:05:05 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g32L527Y014447; Tue, 2 Apr 2002 16:05:03 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g32KrbE10806 for vserver.list; Tue, 2 Apr 2002 15:53:37 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtpout.telecom.co.nz (smtpout.telecom.co.nz [146.171.14.10]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g32KrZh10802 for ; Tue, 2 Apr 2002 15:53:36 -0500 Received: from aksmtpmdr1.telecom.co.nz (aksmtpmdr1 [146.171.1.20]) by smtpout.telecom.co.nz (Postfix) with SMTP id 26B1245EE4 for ; Wed, 3 Apr 2002 08:53:34 +1200 (NZST) Received: from 192.168.192.22 by aksmtpmdr1.telecom.co.nz with ESMTP ( Tumbleweed MMS SMTP Relay (MMS v4.7);); Wed, 03 Apr 2002 08:53:33 +1200 X-Server-Uuid: 9e124d90-33fb-11d3-a293-006008c1e5af Received: from ganymede ([127.0.0.1] helo=localhost.localdomain ident=fran) by ganymede with esmtp (Exim 3.35 #1 (Debian)) id 16sVG2-0000xU-00 for ; Wed, 03 Apr 2002 08:51: 58 +1200 Subject: Re: [vserver] vserver shutdown From: "Fran Firman" To: vserver In-Reply-To: <3CA96870.2D5E8F50@silicide.dk> References: <1017699822.17892.2.camel@ganymede> <1017701715.17892.7.camel@ganymede> <3CA96870.2D5E8F50@silicide.dk> X-Mailer: Evolution/1.0.2 Date: 03 Apr 2002 08:51:58 +1200 Message-ID: <1017780718.3344.1.camel@ganymede> MIME-Version: 1.0 X-WSS-ID: 10B4C5C7227498-01-01 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 411 I have also found that downgrading to the 2.4.18-8 instead of -9 has fixed the problem. Now for the testing. BTW the vserver in my case is on a nfs array, and the server it runns on is part of a cluster style system. Fran. On Tue, 2002-04-02 at 20:14, Jon Bendtsen wrote: > Fran Firman wrote: > > > > I have now figured out what the problem is. > > > > The shutdown script is using /etc/rc.d/init.d/functions, which doesn't > > exist under debian. > > > > So the processes are not being removed correctly anyway, and that is why > > the ports are staying allocated. > > > > I'm going to have a look for the functions script to find out what it > > does, and emulate it under debian, so that it should all work right.. > > I run it under debian too. I found out that if i did a > vserver stop > vserver stop > > I wouldnt have any trouble. > > > > JonB > > > > > > > > From vserver.error@solucorp.qc.ca Wed Apr 3 01:59:05 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g336x27Y020173; Wed, 3 Apr 2002 01:59:03 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g336pTV22452 for vserver.list; Wed, 3 Apr 2002 01:51:29 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tomts23-srv.bellnexxia.net (tomts23.bellnexxia.net [209.226.175.185]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g336pSh22448 for ; Wed, 3 Apr 2002 01:51:28 -0500 Received: from bonano.neopeak.com ([65.92.50.129]) by tomts23-srv.bellnexxia.net (InterMail vM.4.01.03.23 201-229-121-123-20010418) with ESMTP id <20020403065128.DOF20236.tomts23-srv.bellnexxia.net@bonano.neopeak.com> for ; Wed, 3 Apr 2002 01:51:28 -0500 Content-Type: text/plain; charset="iso-8859-1" From: =?iso-8859-1?q?C=E9dric=20Veilleux?= Organization: Neopeak Internet Solutions To: vserver@solucorp.qc.ca Subject: Re: [vserver] Vserver and multi-IP Date: Wed, 3 Apr 2002 01:51:28 -0500 X-Mailer: KMail [version 1.4] References: <41ADD51AFBA1D311811300508B553F71026A4EA5@DSMAIL2> In-Reply-To: <41ADD51AFBA1D311811300508B553F71026A4EA5@DSMAIL2> MIME-Version: 1.0 Message-Id: <200204030151.28553.cedric@neopeak.com> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by dns.solucorp.qc.ca id g336pSh22448 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 412 All I know is that there is currently no support for multi-IP currently. Someone did write a patch that allows the chbind command to bind a range of IP's to a vserver instead of a single ip, but it is no longer maintained as it never made it in the latest releases... It seems like there is not much interest for such feature and I really don't understand why. I read the whole archive and found very few posts about it. On April 2, 2002 08:48 am, Mike Savage wrote: > Does anyone have any info on when multi-IP support will be available? > Also, one particular post recently mentioned using port forwarding to > achieve multiple IPs...what is meant by this? Network address translation? > Turning on IP forwarding in the kernel? > Thanks, > Mike > > J. Michael Savage > DBA/Sysadmin > Datastream Development > Datastream ASP Hosting Services > > > (864) 422-7646 From vserver.error@solucorp.qc.ca Wed Apr 3 04:30:09 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g339U77Y021996; Wed, 3 Apr 2002 04:30:08 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g339F5928347 for vserver.list; Wed, 3 Apr 2002 04:15:05 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g339F4h28343 for ; Wed, 3 Apr 2002 04:15:05 -0500 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16sgr8-00038J-00 for ; Wed, 03 Apr 2002 11:15:02 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16sgr8-000388-00 for ; Wed, 03 Apr 2002 11:15:02 +0200 Sender: jon@silicide.dk Message-ID: <3CAAC816.FF4C3378@silicide.dk> Date: Wed, 03 Apr 2002 11:15:02 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] Vserver and multi-IP References: <41ADD51AFBA1D311811300508B553F71026A4EA5@DSMAIL2> <200204030151.28553.cedric@neopeak.com> Content-Type: text/plain; charset=iso-8859-1 X-Envelope-To: vserver@solucorp.qc.ca Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by dns.solucorp.qc.ca id g339F4h28343 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 413 Cédric Veilleux wrote: > > All I know is that there is currently no support for multi-IP currently. > Someone did write a patch that allows the chbind command to bind a range of > IP's to a vserver instead of a single ip, but it is no longer maintained as > it never made it in the latest releases... I'm not completely sure this is what the original question was about. It might be multiple IP's for the same vserver, or different IP's for the range of vservers. > It seems like there is not much interest for such feature and I really don't > understand why. I read the whole archive and found very few posts about it. Because one can easily circumvent it. Just make more vservers ;-0 Besides, how many IP's are really needed. one has 65k ports to choose from. I've got vservers running on 3 different "net devices". I've tried eth0 and eth1, with different ips. I have one running on lo, for mysql, so only the webserver can access it. Granted, every other vserver can access it too, since i just bound it to 127.0.0.1 I have yet to bind it to cipcb0, or CIPE's net device. JonB From vserver.error@solucorp.qc.ca Wed Apr 3 04:51:15 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g339pE7Y022084; Wed, 3 Apr 2002 04:51:15 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g339W8728901 for vserver.list; Wed, 3 Apr 2002 04:32:08 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g339W7h28897 for ; Wed, 3 Apr 2002 04:32:07 -0500 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16sh7f-0003CI-00 for ; Wed, 03 Apr 2002 11:32:07 +0200 Received: from localhost ([127.0.0.1]) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16sh7f-0003C8-00 for ; Wed, 03 Apr 2002 11:32:07 +0200 Delivered-To: silicide_dk-jon+vserver@silicide.dk Received: from mail.dht.dk [194.239.148.46] by localhost with POP3 (fetchmail-5.9.0) for jon+vserver@silicide.dk (multi-drop); Wed, 03 Apr 2002 11:32:07 +0200 (CEST) Received: (qmail 79036 invoked from network); 3 Apr 2002 09:30:36 -0000 Received: from dns.solucorp.qc.ca (207.253.4.241) by ns.dht.dk with SMTP; 3 Apr 2002 09:30:36 -0000 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g339F5928347 for vserver.list; Wed, 3 Apr 2002 04:15:05 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g339F4h28343 for ; Wed, 3 Apr 2002 04:15:05 -0500 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16sgr8-00038J-00 for ; Wed, 03 Apr 2002 11:15:02 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16sgr8-000388-00 for ; Wed, 03 Apr 2002 11:15:02 +0200 Sender: jon@silicide.dk Message-ID: <3CAAC816.FF4C3378@silicide.dk> Date: Wed, 03 Apr 2002 11:15:02 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] Vserver and multi-IP References: <41ADD51AFBA1D311811300508B553F71026A4EA5@DSMAIL2> <200204030151.28553.cedric@neopeak.com> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by dns.solucorp.qc.ca id g339F4h28343 X-Envelope-To: jon+vserver@silicide.dk Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 414 Cédric Veilleux wrote: > > All I know is that there is currently no support for multi-IP currently. > Someone did write a patch that allows the chbind command to bind a range of > IP's to a vserver instead of a single ip, but it is no longer maintained as > it never made it in the latest releases... I'm not completely sure this is what the original question was about. It might be multiple IP's for the same vserver, or different IP's for the range of vservers. > It seems like there is not much interest for such feature and I really don't > understand why. I read the whole archive and found very few posts about it. Because one can easily circumvent it. Just make more vservers ;-0 Besides, how many IP's are really needed. one has 65k ports to choose from. I've got vservers running on 3 different "net devices". I've tried eth0 and eth1, with different ips. I have one running on lo, for mysql, so only the webserver can access it. Granted, every other vserver can access it too, since i just bound it to 127.0.0.1 I have yet to bind it to cipcb0, or CIPE's net device. JonB From vserver.error@solucorp.qc.ca Wed Apr 3 04:57:00 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g339uu7Y022128; Wed, 3 Apr 2002 04:56:57 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g339bp929119 for vserver.list; Wed, 3 Apr 2002 04:37:51 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cyclone.neutech.fi (cyclone.neutech.fi [194.100.130.66]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g339boh29115 for ; Wed, 3 Apr 2002 04:37:51 -0500 Received: (qmail 9996 invoked by uid 1001); 3 Apr 2002 09:37:44 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 3 Apr 2002 09:37:44 -0000 Date: Wed, 3 Apr 2002 12:37:44 +0300 (EEST) From: Toni Mattila To: Subject: Re: [vserver] Vserver and multi-IP In-Reply-To: <3CAAC816.FF4C3378@silicide.dk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 415 Hi, > > It seems like there is not much interest for such feature and I really don't > > understand why. I read the whole archive and found very few posts about it. > > Because one can easily circumvent it. > Just make more vservers ;-0 > Besides, how many IP's are really needed. one has 65k ports to choose > from. One application is when you offer so called private servers to customers who want to resell their private server for webhosting. And on webhosting side you have this wonderful SSL-compilication. So it's not quite out of this world to have on vserver with multiple IPs. And NATing the thing is really horrible way to do it, plus you have to explain the customer why is he using 172.16/16 addresses. Regards, Toni Mattila From vserver.error@solucorp.qc.ca Wed Apr 3 05:19:48 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g33AJl7Y022246; Wed, 3 Apr 2002 05:19:47 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g33A47G29969 for vserver.list; Wed, 3 Apr 2002 05:04:07 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g33A46h29965 for ; Wed, 3 Apr 2002 05:04:06 -0500 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16shcc-0003Dk-00 for ; Wed, 03 Apr 2002 12:04:06 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16shcc-0003DZ-00 for ; Wed, 03 Apr 2002 12:04:06 +0200 Sender: jon@silicide.dk Message-ID: <3CAAD396.26BEC7D3@silicide.dk> Date: Wed, 03 Apr 2002 12:04:06 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] Vserver and multi-IP References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: vserver@solucorp.qc.ca Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 416 Toni Mattila wrote: > > Hi, > > > > It seems like there is not much interest for such feature and I really don't > > > understand why. I read the whole archive and found very few posts about it. > > > > Because one can easily circumvent it. > > Just make more vservers ;-0 > > Besides, how many IP's are really needed. one has 65k ports to choose > > from. > > One application is when you offer so called private servers to customers > who want to resell their private server for webhosting. And on webhosting > side you have this wonderful SSL-compilication. > > So it's not quite out of this world to have on vserver with multiple IPs. > And NATing the thing is really horrible way to do it, plus you have to > explain the customer why is he using 172.16/16 addresses. Okay, i get it now, i dont use ssl myself, and neither do we at work, so i never tried it beyond the user end, buying stuff at the net. Can you start a vserver inside a vserver using a different ip than the original ?? JonB From vserver.error@solucorp.qc.ca Wed Apr 3 05:38:34 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g33AcY7Y022321; Wed, 3 Apr 2002 05:38:34 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g33ALc230412 for vserver.list; Wed, 3 Apr 2002 05:21:38 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g33ALbh30407 for ; Wed, 3 Apr 2002 05:21:37 -0500 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16shtZ-0003Ef-00 for ; Wed, 03 Apr 2002 12:21:37 +0200 Received: from localhost ([127.0.0.1]) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16shtZ-0003EV-00 for ; Wed, 03 Apr 2002 12:21:37 +0200 Delivered-To: silicide_dk-jon+vserver@silicide.dk Received: from mail.dht.dk [194.239.148.46] by localhost with POP3 (fetchmail-5.9.0) for jon+vserver@silicide.dk (multi-drop); Wed, 03 Apr 2002 12:21:37 +0200 (CEST) Received: (qmail 27461 invoked from network); 3 Apr 2002 10:20:15 -0000 Received: from dns.solucorp.qc.ca (207.253.4.241) by ns.dht.dk with SMTP; 3 Apr 2002 10:20:15 -0000 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g33A47G29969 for vserver.list; Wed, 3 Apr 2002 05:04:07 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g33A46h29965 for ; Wed, 3 Apr 2002 05:04:06 -0500 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16shcc-0003Dk-00 for ; Wed, 03 Apr 2002 12:04:06 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16shcc-0003DZ-00 for ; Wed, 03 Apr 2002 12:04:06 +0200 Sender: jon@silicide.dk Message-ID: <3CAAD396.26BEC7D3@silicide.dk> Date: Wed, 03 Apr 2002 12:04:06 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] Vserver and multi-IP References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: jon+vserver@silicide.dk Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 417 Toni Mattila wrote: > > Hi, > > > > It seems like there is not much interest for such feature and I really don't > > > understand why. I read the whole archive and found very few posts about it. > > > > Because one can easily circumvent it. > > Just make more vservers ;-0 > > Besides, how many IP's are really needed. one has 65k ports to choose > > from. > > One application is when you offer so called private servers to customers > who want to resell their private server for webhosting. And on webhosting > side you have this wonderful SSL-compilication. > > So it's not quite out of this world to have on vserver with multiple IPs. > And NATing the thing is really horrible way to do it, plus you have to > explain the customer why is he using 172.16/16 addresses. Okay, i get it now, i dont use ssl myself, and neither do we at work, so i never tried it beyond the user end, buying stuff at the net. Can you start a vserver inside a vserver using a different ip than the original ?? JonB From vserver.error@solucorp.qc.ca Wed Apr 3 06:46:16 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g33BkF7Y022622; Wed, 3 Apr 2002 06:46:16 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g33BVJ932177 for vserver.list; Wed, 3 Apr 2002 06:31:19 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cyclone.neutech.fi (cyclone.neutech.fi [194.100.130.66]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g33BVIh32172 for ; Wed, 3 Apr 2002 06:31:18 -0500 Received: (qmail 16526 invoked by uid 1001); 3 Apr 2002 11:30:51 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 3 Apr 2002 11:30:51 -0000 Date: Wed, 3 Apr 2002 14:30:51 +0300 (EEST) From: Toni Mattila To: Subject: Re: [vserver] Vserver and multi-IP In-Reply-To: <3CAAD396.26BEC7D3@silicide.dk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by dns.solucorp.qc.ca id g33BVIh32172 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 418 Hi, > Okay, i get it now, i dont use ssl myself, and neither do we at work, so > i > never tried it beyond the user end, buying stuff at the net. > Can you start a vserver inside a vserver using a different ip than the > original ?? Basically you don't want to tell the client anything about any vservers in the first place. They are normally excepting a full virtual machine àla Ensim virtual private servers or what was the other one. The vserver patch can do almost the same things, expect guarenteed scheduling(CPU quotas, ulimit is not enough because it will kill the whole vserver if quota is met). The traffic accounting/shaping you can already do via 2.4 kernel. Regards, Toni Mattila From vserver.error@solucorp.qc.ca Wed Apr 3 13:27:06 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g33IR57Y026435; Wed, 3 Apr 2002 13:27:06 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g33IAD508592 for vserver.list; Wed, 3 Apr 2002 13:10:13 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tomts10-srv.bellnexxia.net (tomts10.bellnexxia.net [209.226.175.54]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g33IADh08588 for ; Wed, 3 Apr 2002 13:10:13 -0500 Received: from bonano.neopeak.com ([65.92.56.170]) by tomts10-srv.bellnexxia.net (InterMail vM.4.01.03.23 201-229-121-123-20010418) with ESMTP id <20020403181013.DWAY25753.tomts10-srv.bellnexxia.net@bonano.neopeak.com> for ; Wed, 3 Apr 2002 13:10:13 -0500 Content-Type: text/plain; charset="iso-8859-1" From: =?iso-8859-1?q?C=E9dric=20Veilleux?= Organization: Neopeak Internet Solutions To: vserver@solucorp.qc.ca Subject: Re: [vserver] Vserver and multi-IP Date: Wed, 3 Apr 2002 13:10:12 -0500 X-Mailer: KMail [version 1.4] References: <3CAAD396.26BEC7D3@silicide.dk> In-Reply-To: <3CAAD396.26BEC7D3@silicide.dk> MIME-Version: 1.0 Message-Id: <200204031310.12596.cedric@neopeak.com> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by dns.solucorp.qc.ca id g33IADh08588 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 419 On April 3, 2002 05:04 am, Jon Bendtsen wrote: > Okay, i get it now, i dont use ssl myself, and neither do we at work, so > i > never tried it beyond the user end, buying stuff at the net. > Can you start a vserver inside a vserver using a different ip than the > original ?? I doubt it is possible. The whole idea of the chbind command is to prevent any process under it to bind to any other IP's. Even if it would be possible, it would not be a scalable solution. For exemple if I want to run apache with IP based virtual hosts (for SSL or whatever else), it might require dozens of IP's. It would be so easy with the multi-IP patch that isn't maintained anymore. I think the author of this patch was named Christian. Cedric From vserver.error@solucorp.qc.ca Wed Apr 3 14:06:39 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g33J6c7Y026854; Wed, 3 Apr 2002 14:06:38 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g33IsgH09562 for vserver.list; Wed, 3 Apr 2002 13:54:42 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from Trademart-1.ednet.ns.ca (Trademart-1.EDnet.NS.CA [142.227.51.1]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g33Isgh09557 for ; Wed, 3 Apr 2002 13:54:42 -0500 Received: from macleajb (helo=localhost) by Trademart-1.ednet.ns.ca with local-esmtp (Exim 3.35 #1) id 16spu5-0000JX-00 for vserver@solucorp.qc.ca; Wed, 03 Apr 2002 14:54:41 -0400 Date: Wed, 3 Apr 2002 14:54:41 -0400 (AST) From: James MacLean To: Subject: [vserver] ctx-9 minus one line of patch runs longer Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 420 Hi folks, I have (just for kicks) been trying ctx-9 without pieces of the patch to see if I can get it to stay up longer. It appears that of all the small changes that were made from 8 -> 9, that removing the : + current->ipv4root_bcast = bcast; from "asmlinkage int sys_set_ipv4root" in net/socket.c has stopped the netstat blowing up my machine problem. Not knowing much about kernel level things anymore :(, is it the chcontext that calls set_ipv4root? Or something else, and whatever it is, how do we know it has set the bcast parameter correctly when it was invoked and is not getting passed with crud? Thanks, JES -- James B. MacLean macleajb@ednet.ns.ca Department of Education http://www.ednet.ns.ca/~macleajb Nova Scotia, Canada B3M 4B2 From vserver.error@solucorp.qc.ca Wed Apr 3 17:48:22 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g33MmL7Y029526; Wed, 3 Apr 2002 17:48:22 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g33MXk614444 for vserver.list; Wed, 3 Apr 2002 17:33:46 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g33MXkh14440 for ; Wed, 3 Apr 2002 17:33:46 -0500 Received: from remtk.solucorp.qc.ca (g39-144.citenet.net [206.123.39.144]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g33MXs692784 for ; Wed, 3 Apr 2002 17:33:54 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g33LtcT06484 for vserver@solucorp.qc.ca; Wed, 3 Apr 2002 16:55:38 -0500 From: Jacques Gelinas Date: Wed, 3 Apr 2002 16:55:38 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] That ctx-9 bug X-mailer: tlmpmail 0.1 Message-ID: <20020403165538.456c94a7d822@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 421 On Mon, 1 Apr 2002 11:17:19 -0500, James MacLean wrote > Just curious if there is any use to porting the CTX patches to the > User-Mode Linux code and seeing if one could break it in there? > > Or would it even work under UML? Possible. Oddly, many have touted UML as a way to create virtual servers. Anyway, someone found the problem and ctx-10 is on it way --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Wed Apr 3 18:03:49 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g33N3m7Y029719; Wed, 3 Apr 2002 18:03:48 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g33MXlr14450 for vserver.list; Wed, 3 Apr 2002 17:33:47 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g33MXlh14446 for ; Wed, 3 Apr 2002 17:33:47 -0500 Received: from remtk.solucorp.qc.ca (g39-144.citenet.net [206.123.39.144]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g33MXu692791 for ; Wed, 3 Apr 2002 17:33:56 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g33LpQY05974 for vserver@solucorp.qc.ca; Wed, 3 Apr 2002 16:51:26 -0500 From: Jacques Gelinas Date: Wed, 3 Apr 2002 16:51:26 -0500 To: vserver@solucorp.qc.ca Subject: RE: [vserver] Kernel locks X-mailer: tlmpmail 0.1 Message-ID: <20020403165126.80b174b069b0@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 422 On Sun, 31 Mar 2002 13:51:48 -0500, Peter Kwan Chan wrote > 2.4.18ctx-9 seems to be the troubling one. I am surprised that you > didn't find any information on the mailing list. Lots of people reported > problem running 2.4.18ctx-9(including myself). The machine will lock if > you execute netstat. > > I am currently using ctx-8, which is very stable. Willy Tarreau found the problem with ctx-9. I will release ctx-10 later today :-) --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Wed Apr 3 23:54:55 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g344sr7Y032675; Wed, 3 Apr 2002 23:54:54 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g344gdl23005 for vserver.list; Wed, 3 Apr 2002 23:42:39 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mx1.paradigm4.com.au (server.paradigm4.com.au [202.45.126.119]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g344gbh23001 for ; Wed, 3 Apr 2002 23:42:37 -0500 Received: (qmail 22720 invoked from network); 4 Apr 2002 04:45:55 -0000 Received: from d2.paradigm4.com.au (HELO mail.DigitalAngel.com.au) (202.45.126.111) by mx1.paradigm4.com.au with SMTP; 4 Apr 2002 04:45:55 -0000 Received: (qmail 25695 invoked from network); 4 Apr 2002 04:43:28 -0000 Received: from charley.home (HELO charlie) (10.0.0.4) by stanley.home with SMTP; 4 Apr 2002 04:43:28 -0000 From: edward@paradigm4.com.au Organization: Paradigm4 To: vserver@solucorp.qc.ca Date: Thu, 4 Apr 2002 14:43:33 +1000 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: re: [vserver] That ctx-9 bug Message-ID: <3CAC6695.1594.EC00D3@localhost> Priority: normal In-reply-to: <20020403165538.456c94a7d822@remtk.solucorp.qc.ca> X-mailer: Pegasus Mail for Win32 (v3.12c) Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-98.8 required=5.0 tests=NO_REAL_NAME,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 423 On Wednesday, 3 April 2002 at 16:55, Jacques Gelinas wrote: > > Just curious if there is any use to porting the CTX patches to the > > User-Mode Linux code and seeing if one could break it in there? > > > > Or would it even work under UML? > > Possible. Oddly, many have touted UML as a way to create virtual servers. Yup, I can see it happening: vserver inside UML inside vserver inside UML inside vserver ... :-) Ed From vserver.error@solucorp.qc.ca Thu Apr 4 04:33:49 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g349Xm7Y003110; Thu, 4 Apr 2002 04:33:49 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g349LA712234 for vserver.list; Thu, 4 Apr 2002 04:21:10 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from hawaii.rr.com (hnlmail3.hawaii.rr.com [24.25.227.37]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g349L9h12230 for ; Thu, 4 Apr 2002 04:21:09 -0500 Received: from RIKU ([24.94.75.57]) by hawaii.rr.com with Microsoft SMTPSVC(5.5.1877.517.51); Wed, 3 Apr 2002 23:20:59 -1000 Message-ID: <002001c1dbba$0abef010$0400a8c0@RIKU> From: "Warren Togami" To: Subject: [vserver] Kernel 2.4.18ctx-9 Netstat Lock Up Date: Wed, 3 Apr 2002 23:21:02 -1000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 424 Confirmed another lock-up by running netstat in v1. Is there any patch to fix this yet? p.s. Aside from this lock-up, I'm very impressed by vserver! From vserver.error@solucorp.qc.ca Thu Apr 4 12:56:44 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g34Huh7Y007048; Thu, 4 Apr 2002 12:56:43 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g34Hfu323399 for vserver.list; Thu, 4 Apr 2002 12:41:56 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g34Hfth23395 for ; Thu, 4 Apr 2002 12:41:55 -0500 Received: from remtk.solucorp.qc.ca (g36-96.citenet.net [206.123.36.96]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g34HgB696843 for ; Thu, 4 Apr 2002 12:42:11 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g34HhcR05212 for vserver@dns.solucorp.qc.ca; Thu, 4 Apr 2002 12:43:38 -0500 From: Jacques Gelinas Date: Thu, 4 Apr 2002 12:43:38 -0500 To: Vserver mailing list Subject: [vserver] vserver 0.16 change log X-mailer: tlmpmail 0.1 Message-ID: <20020404124338.f16bb003160d@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 425 vserver 0.16 Change log 1. Enhancements 1.1. Install vserver from cdrom This is a start and contributions are welcome. I have written a script called /usr/lib/vserver/install-rh7.2. This script expects a single argument (for now), which is the name of the vserver to create. It will install a vserver based on Red Hat 7.2 CD (found in /mnt/cdrom) from scratch. It is not using the root server at all. It installs everything from the first CD. With unification, it creates a not-so- big vserver and contains pretty much anything an admin might want. I would be interested in other script like this to install SuSE, Mandrake and Debian from scratch. At some point, the newvserver front- end will offer those in the pop-up list. So you will be able to install either from the root server, from another vserver or from any distribution CDroms. Contribution welcome :-) 1.2. v services all supporting /etc/vservices/*.conf configuration All the /etc/init.d/v_xxx services are now completed and use the optional /etc/vservices/xxx.conf file. This file provides the IP number to use to bind the service. By default, the service is bound to eth0. Using the optional file, you bind it to whatever you want For example: IP=eth1 IP=192.168.1.1 1.3. Various /usr/sbin/vxxxx utilities Utilities like vtop, vpstree and friends are using /usr/sbin/chcontext to switch to context number 1. They are using the --silent option so you don't see the "New security context is 1" needlessly. 1.4. vserver script enhancement A vserver may operate with 0.0.0.0 as its IPROOT. This means the vserver is allowed to use any IP it wants, like the root server. The vserver script was trying to setup and IP alias with this address. When not using the fakeinit (per vserver private init process) facility the vserver script was starting in runlevel 3. It is now using the default runlevel (initdefault) found in the vserver /etc/inittab file. One step closer to have this script distribution independent. Please test it and send me other fixes as needed. The script uses /etc/init.d or /etc/rc.d/init.d on the fly. When stopping a vserver, the IP alias is removed even if the vserver was not running. When you "enter" a vserver, the IP alias is put in place. If you stop it, it is removed. Especially useful when you fiddle with a two copies of a vserver (on different physical server). When stopping a vserver, the vserver script /etc/vservers/xx.sh is always called with the post-stop argument. So doing a "vserver xx stop" clean everything. When doing "vserver xx exec ..." or "vserver xx enter" and the vserver xx is not running, the /etc/vservers/xx.sh script is called with the pre-start option, making sure the vserver is entered with the proper environment. When doing "vserver xx enter", bash is started with the option --login. This insure proper environment settings. 2. Bug fixes 2.1. chcontext: printing wrong result When switching to a specific security context (generally context number one), chcontext was reporting 0 as the new context. A little miss-leading. Fixed! 2.2. cosmetic bug in save_s_context and vserverkillall Those two utilities were reporting some shell errors. Although arm- less it was annoying. You could see the bug when shutting down a vserver. 2.3. kernel ctx-10 Thanks to Willy Tarreau, the netstat bug in kernel 2.4.18ctx-9 is fixed. 2.4.18ctx-10 is the same thing as ctx-9 with only cosmetic change + a little rework of "struct sock". The added field (in ctx-9) has been moved closer to the end of the structure so the beginning of "struct sock" still look like another kernel structure. (C does not have inheritance...). Now that 2.4.18ctx-10 works (should be as reliable as 2.4.18ctx-8), it is time to test ctx-9 enhancements, notably the ability to support UDP broadcast in vservers. Samba now work completely out of the box in a vserver. Please test it out. 2.4. vbuild and vunify: zombies process The vbuild and vunify are calling the rpm command repeatedly and were not waiting properly for its end status. This was creating many many zombie processes. Fixed! 2.5. vservers sysv init script This script was sourcing the /etc/init.d/functions script uselessly. This script is a RedHat-ism and vservers do not need any of its facility anyway. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Thu Apr 4 13:52:31 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g34IqU7Y007762; Thu, 4 Apr 2002 13:52:30 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g34IiMo24922 for vserver.list; Thu, 4 Apr 2002 13:44:22 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g34IiMh24918 for ; Thu, 4 Apr 2002 13:44:22 -0500 Received: from remtk.solucorp.qc.ca (g39-106.citenet.net [206.123.39.106]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g34Iid601944 for ; Thu, 4 Apr 2002 13:44:39 -0500 (EST) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g34IEkx08156 for vserver@solucorp.qc.ca; Thu, 4 Apr 2002 13:14:46 -0500 From: Jacques Gelinas Date: Thu, 4 Apr 2002 13:14:46 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] Kernel 2.4.18ctx-9 Netstat Lock Up X-mailer: tlmpmail 0.1 Message-ID: <20020404131446.3bd057d6540a@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 426 On Wed, 3 Apr 2002 23:21:02 -0500, Warren Togami wrote > Confirmed another lock-up by running netstat in v1. Is there any patch to > fix this yet? > > p.s. Aside from this lock-up, I'm very impressed by vserver! Try 2.4.18ctx-10 available today. It address explicitly this problem. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Thu Apr 4 14:09:11 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g34J9A7Y007887; Thu, 4 Apr 2002 14:09:11 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g34Irs925202 for vserver.list; Thu, 4 Apr 2002 13:53:54 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from gandalf.dungeon.de ([212.36.231.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g34Irsh25198 for ; Thu, 4 Apr 2002 13:53:54 -0500 Received: from dragon.dungeon.de (dragon.dungeon.de [212.36.227.2]) by gandalf.dungeon.de (Postfix) with ESMTP id 653D1B498 for ; Thu, 4 Apr 2002 20:53:53 +0200 (MEST) Date: Thu, 04 Apr 2002 20:53:55 +0200 From: Sebastian Schaefer To: vserver@solucorp.qc.ca Subject: [vserver] vserver under sparc ? Message-ID: <79600000.1017946435@dragon.dungeon.de> X-Mailer: Mulberry/2.2.0b4 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.1 required=5.0 tests=SUBJ_ENDS_IN_Q_MARK version=2.01 Status: RO X-Status: X-Keywords: X-UID: 427 hi, is it possible to use vserver on sparc/linux (redhat with kernel 2.4.18) ? had no time to test it... greetiings Sebastian From vserver.error@solucorp.qc.ca Fri Apr 5 03:05:08 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g358577Y014516; Fri, 5 Apr 2002 03:05:07 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g357iCB15277 for vserver.list; Fri, 5 Apr 2002 02:44:12 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.SerNet.DE (mail.SerNet.DE [193.159.217.66]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g357iBh15273 for ; Fri, 5 Apr 2002 02:44:11 -0500 Received: from news by mail.SerNet.DE with local (Exim 2.12 #1) for vserver@dns.solucorp.qc.ca id 16tOOI-0006P4-00; Fri, 5 Apr 2002 09:44:10 +0200 To: vserver@dns.solucorp.qc.ca Path: not-for-mail From: "GoeWeb" Newsgroups: lists.linux.vserver Subject: Re: [vserver] vserver under sparc ? Date: Fri, 5 Apr 2002 09:46:03 +0100 Organization: Customer of Service Network GmbH, Goettingen, Germany Lines: 106 Message-ID: References: <79600000.1017946435@dragon.dungeon.de> NNTP-Posting-Host: jedi.sernet.de X-Trace: server1.GoeNet.DE 1017992650 24616 193.159.216.52 (5 Apr 2002 07:44:10 GMT) X-Complaints-To: news@news.SerNet.DE NNTP-Posting-Date: 5 Apr 2002 07:44:10 GMT X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: News system Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.1 required=5.0 tests=SUBJ_ENDS_IN_Q_MARK version=2.01 Status: RO X-Status: X-Keywords: X-UID: 428 "Sebastian Schaefer" schrieb im Newsbeitrag news:79600000.1017946435@dragon.dungeon.de... > hi, > > is it possible to use vserver on sparc/linux (redhat with kernel 2.4.18) ? Yes it's possible. But you have to patch the kernel. I have only a patch for linux-2.4.17-ctx-6, but I think it will be easy to use it with the latest kernel and ctx patch. Greats Oliver begin 666 sparc-ctx6.patch M*BHJ(&QI;G5X+3(N-"XQ-R]I;F-L=61E+V%S;2US<&%R8S8T+W5N:7-T9"YH M(" @("!3=6X@3V-T(#(Q(#$Y.C,V.C4T(#(P,#$*+2TM(&QI;G5X+3(N-"XQ M-RUC='@M-B]I;F-L=61E+V%S;2US<&%R8S8T+W5N:7-T9"YH(" @(%=E9"!* M86X@,S @,38Z,C4Z,C<@,C P,@HJ*BHJ*BHJ*BHJ*BHJ*BH**BHJ(#(W-"PR M-S<@*BHJ*@HM+2T@,C7-C86QL,"AT>7!E+&YA;64I(%P**BHJ(&QI;G5X+3(N M-"XQ-R]A"TR+C0N,32Y3"4UO;B!$96,@(#,@,3,Z-#$Z,S8@,C P,0HJ M*BHJ*BHJ*BHJ*BHJ*BH**BHJ(#(V+#,P("HJ*BH*(" C9&5F:6YE(&-U"TV+V%R8V@O"TV+V%R8V@OPH@( D) M<'1?97)R;W)?PH@( D)<'1?97)R;W)?"TR+C0N,37-T8FQS+E,**BHJ(&QI;G5X M+3(N-"XQ-R]A5]M87@L M('-Y7,S,E]S8VAE9%]R7,S,E]S>7-C=&PL('-Y"!S>7-C86QL M('1A8FQE+B J+PHM+2T@-S$L-S4@+2TM+0H@( DN=V]R9"!S>7-?6EE;&0L('-Y7-?7,S,E]N86YO7-?9V5T7-?9F1A=&%S>6YC+"!S M>7,S,E]N9G-S97)V8W1L"B$@"2YW;W)D('-Y'0L('-Y5]M87@L('-Y7-C=&PL('-Y7-?6EE;&0L('-Y7-?7-?7-?9V5T7-?9F1A=&%S>6YC+"!S>7-?;F9S M7-?87!L:6(L('-Y7-?38T+E,@;&EN=7@M,BXT+C$W+6-T>"TV+V%R8V@O"TR+C0N,3"TR+C0N M,3"TV+V%R8V@O Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g35FSG7Y018040; Fri, 5 Apr 2002 10:28:17 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g35F2sq24889 for vserver.list; Fri, 5 Apr 2002 10:02:54 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from chambertin.convergence.de (chambertin.convergence.de [212.84.236.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g35F2rh24882 for ; Fri, 5 Apr 2002 10:02:53 -0500 Received: from [10.1.1.90] (helo=there ident=ralf) by chambertin.convergence.de with smtp (Exim 3.33 #2 ) id 16tVEr-0007HY-00 for ; Fri, 05 Apr 2002 17:02:53 +0200 From: Ralf Hemmann To: vserver@dns.solucorp.qc.ca Subject: [vserver] vserver does not compile Date: Fri, 5 Apr 2002 17:08:35 +0200 X-Mailer: KMail [version 1.3.2] MIME-Version: 1.0 Content-Type: Multipart/Mixed; boundary="------------Boundary-00=_BQO3QA5DZUNGUDJRWWWE" Message-Id: Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 429 --------------Boundary-00=_BQO3QA5DZUNGUDJRWWWE Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: 8bit Hy together. since two or three releases the vserver Package does not compile completely any more. Latest try was 0.16. Tools that not compile are: chkbind, chcontext,reducecap,syscall,vutil, Attached is an error output . For security reasons I have no compiler my rootserver, I compile everthing on a builsdsystem. The patched kernelsource is available. I have tried gcc-3.04 instead gcc-2.95.3 also Any hints ? Ralf --------------Boundary-00=_BQO3QA5DZUNGUDJRWWWE Content-Type: text/plain; charset="iso-8859-15"; name="compile.out" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="compile.out" Z2NjIC1mdW5zaWduZWQtY2hhciAtV2FsbCAtZyAtRFZFUlNJT049XCIwLjE2XCIgY2hiaW5kLmNj IHN5c2NhbGwubyAtbyBjaGJpbmQKL3RtcC9jY2hYMm9sdy5vOiBJbiBmdW5jdGlvbiBgYmFzaWNf c3RyaW5nPGNoYXIsIHN0cmluZ19jaGFyX3RyYWl0czxjaGFyPiwgX19kZWZhdWx0X2FsbG9jX3Rl bXBsYXRlPHRydWUsIDA+ID46OlJlcDo6b3BlcmF0b3IgZGVsZXRlKHZvaWQgKiknOgovdXNyL2xp Yi9nY2MtbGliL2kzODYtc2xhY2t3YXJlLWxpbnV4LzIuOTUuMy8uLi8uLi8uLi8uLi9pbmNsdWRl L2crKy0zL3N0bF9hbGxvYy5oKC5fX21hbGxvY19hbGxvY190ZW1wbGF0ZTwwPjo6Z251Lmxpbmtv bmNlLnQuX1Nfb29tX21hbGxvYyh1bnNpZ25lZCBpbnQpKzB4MWEpOiB1bmRlZmluZWQgcmVmZXJl bmNlIHRvIGBlbmRsKG9zdHJlYW0gJiknCi91c3IvbGliL2djYy1saWIvaTM4Ni1zbGFja3dhcmUt bGludXgvMi45NS4zLy4uLy4uLy4uLy4uL2luY2x1ZGUvZysrLTMvc3RsX2FsbG9jLmgoLl9fbWFs bG9jX2FsbG9jX3RlbXBsYXRlPDA+OjpnbnUubGlua29uY2UudC5fU19vb21fbWFsbG9jKHVuc2ln bmVkIGludCkrMHgyNyk6IHVuZGVmaW5lZCByZWZlcmVuY2UgdG8gYGNlcnInCi91c3IvbGliL2dj Yy1saWIvaTM4Ni1zbGFja3dhcmUtbGludXgvMi45NS4zLy4uLy4uLy4uLy4uL2luY2x1ZGUvZysr LTMvc3RsX2FsbG9jLmgoLl9fbWFsbG9jX2FsbG9jX3RlbXBsYXRlPDA+OjpnbnUubGlua29uY2Uu dC5fU19vb21fbWFsbG9jKHVuc2lnbmVkIGludCkrMHgyYyk6IHVuZGVmaW5lZCByZWZlcmVuY2Ug dG8gYG9zdHJlYW06Om9wZXJhdG9yPDwoY2hhciBjb25zdCAqKScKL3Vzci9saWIvZ2NjLWxpYi9p Mzg2LXNsYWNrd2FyZS1saW51eC8yLjk1LjMvLi4vLi4vLi4vLi4vaW5jbHVkZS9nKystMy9zdGxf YWxsb2MuaCguX19tYWxsb2NfYWxsb2NfdGVtcGxhdGU8MD46OmdudS5saW5rb25jZS50Ll9TX29v bV9tYWxsb2ModW5zaWduZWQgaW50KSsweDM3KTogdW5kZWZpbmVkIHJlZmVyZW5jZSB0byBgb3N0 cmVhbTo6b3BlcmF0b3I8PChvc3RyZWFtICYoKikob3N0cmVhbSAmKSknCi91c3IvbGliL2djYy1s aWIvaTM4Ni1zbGFja3dhcmUtbGludXgvMi45NS4zLy4uLy4uLy4uLy4uL2luY2x1ZGUvZysrLTMv c3RsX2FsbG9jLmgoLmJhc2ljX3N0cmluZzxjaGFyLCBzdHJpbmdfY2hhcl90cmFpdHM8Y2hhcj4s IF9fZGVmYXVsdF9hbGxvY190ZW1wbGF0ZTx0cnVlLCAwPiA+OjpSZXA6OmdudS5saW5rb25jZS50 LmNvcHkodW5zaWduZWQgaW50LCBjaGFyIGNvbnN0ICosIHVuc2lnbmVkIGludCkrMHgzMyk6IHVu ZGVmaW5lZCByZWZlcmVuY2UgdG8gYHN0cmluZ19jaGFyX3RyYWl0czxjaGFyPjo6Y29weShjaGFy ICosIGNoYXIgY29uc3QgKiwgdW5zaWduZWQgaW50KScKL3Vzci9saWIvZ2NjLWxpYi9pMzg2LXNs YWNrd2FyZS1saW51eC8yLjk1LjMvLi4vLi4vLi4vLi4vaW5jbHVkZS9nKystMy9zdGxfYWxsb2Mu aCguYmFzaWNfc3RyaW5nPGNoYXIsIHN0cmluZ19jaGFyX3RyYWl0czxjaGFyPiwgX19kZWZhdWx0 X2FsbG9jX3RlbXBsYXRlPHRydWUsIDA+ID46OlJlcDo6Z251LmxpbmtvbmNlLnQubW92ZSh1bnNp Z25lZCBpbnQsIGNoYXIgY29uc3QgKiwgdW5zaWduZWQgaW50KSsweDMzKTogdW5kZWZpbmVkIHJl ZmVyZW5jZSB0byBgc3RyaW5nX2NoYXJfdHJhaXRzPGNoYXI+Ojptb3ZlKGNoYXIgKiwgY2hhciBj b25zdCAqLCB1bnNpZ25lZCBpbnQpJwovdXNyL2xpYi9nY2MtbGliL2kzODYtc2xhY2t3YXJlLWxp bnV4LzIuOTUuMy8uLi8uLi8uLi8uLi9pbmNsdWRlL2crKy0zL3N0bF9hbGxvYy5oKC5iYXNpY19z dHJpbmc8Y2hhciwgc3RyaW5nX2NoYXJfdHJhaXRzPGNoYXI+LCBfX2RlZmF1bHRfYWxsb2NfdGVt cGxhdGU8dHJ1ZSwgMD4gPjo6Z251LmxpbmtvbmNlLnQucmVwbGFjZSh1bnNpZ25lZCBpbnQsIHVu c2lnbmVkIGludCwgY2hhciBjb25zdCAqLCB1bnNpZ25lZCBpbnQpKzB4MzEpOiB1bmRlZmluZWQg cmVmZXJlbmNlIHRvIGBfX291dF9vZl9yYW5nZShjaGFyIGNvbnN0ICopJwovdG1wL2NjaFgyb2x3 Lm86IEluIGZ1bmN0aW9uIGBjaGJpbmRfZGV2ZXhpc3QoY2hhciBjb25zdCAqKSc6Ci90bXAvdnNl cnZlci0wLjE2L2NoYmluZC5jYzozOTogdW5kZWZpbmVkIHJlZmVyZW5jZSB0byBgX19sZW5ndGhf ZXJyb3IoY2hhciBjb25zdCAqKScKL3RtcC92c2VydmVyLTAuMTYvY2hiaW5kLmNjOjM1OiB1bmRl ZmluZWQgcmVmZXJlbmNlIHRvIGBfX291dF9vZl9yYW5nZShjaGFyIGNvbnN0ICopJwovdG1wL3Zz ZXJ2ZXItMC4xNi9jaGJpbmQuY2M6NDA6IHVuZGVmaW5lZCByZWZlcmVuY2UgdG8gYF9fbGVuZ3Ro X2Vycm9yKGNoYXIgY29uc3QgKiknCi90bXAvY2NoWDJvbHcubzogSW4gZnVuY3Rpb24gYGlmY29u ZmlnX2dldGFkZHIoY2hhciBjb25zdCAqLCB1bnNpZ25lZCBsb25nICYsIHVuc2lnbmVkIGxvbmcg JiknOgovdG1wL3ZzZXJ2ZXItMC4xNi9jaGJpbmQuY2M6NzU6IHVuZGVmaW5lZCByZWZlcmVuY2Ug dG8gYHN0cmluZ19jaGFyX3RyYWl0czxjaGFyPjo6YXNzaWduKGNoYXIgJiwgY2hhciBjb25zdCAm KScKL3RtcC92c2VydmVyLTAuMTYvY2hiaW5kLmNjOjkwOiB1bmRlZmluZWQgcmVmZXJlbmNlIHRv IGBzdHJpbmdfY2hhcl90cmFpdHM8Y2hhcj46OmFzc2lnbihjaGFyICYsIGNoYXIgY29uc3QgJikn Ci90bXAvY2NoWDJvbHcubzogSW4gZnVuY3Rpb24gYGJhc2ljX3N0cmluZzxjaGFyLCBzdHJpbmdf Y2hhcl90cmFpdHM8Y2hhcj4sIF9fZGVmYXVsdF9hbGxvY190ZW1wbGF0ZTx0cnVlLCAwPiA+OjpS ZXA6Om9wZXJhdG9yIGRlbGV0ZSh2b2lkICopJzoKL3Vzci9saWIvZ2NjLWxpYi9pMzg2LXNsYWNr d2FyZS1saW51eC8yLjk1LjMvLi4vLi4vLi4vLi4vaW5jbHVkZS9nKystMy9zdGxfYWxsb2MuaCgu YmFzaWNfc3RyaW5nPGNoYXIsIHN0cmluZ19jaGFyX3RyYWl0czxjaGFyPiwgX19kZWZhdWx0X2Fs bG9jX3RlbXBsYXRlPHRydWUsIDA+ID46OmdudS5saW5rb25jZS50LmNvbXBhcmUoYmFzaWNfc3Ry aW5nPGNoYXIsIHN0cmluZ19jaGFyX3RyYWl0czxjaGFyPiwgX19kZWZhdWx0X2FsbG9jX3RlbXBs YXRlPHRydWUsIDA+ID4gY29uc3QgJiwgdW5zaWduZWQgaW50LCB1bnNpZ25lZCBpbnQpIGNvbnN0 KzB4MmMpOiB1bmRlZmluZWQgcmVmZXJlbmNlIHRvIGBfX291dF9vZl9yYW5nZShjaGFyIGNvbnN0 ICopJwovdG1wL2NjaFgyb2x3Lm86IEluIGZ1bmN0aW9uIGBjaGJpbmRfZGV2ZXhpc3QoY2hhciBj b25zdCAqKSc6Ci90bXAvdnNlcnZlci0wLjE2L2NoYmluZC5jYzo0MDogdW5kZWZpbmVkIHJlZmVy ZW5jZSB0byBgc3RyaW5nX2NoYXJfdHJhaXRzPGNoYXI+Ojpjb21wYXJlKGNoYXIgY29uc3QgKiwg Y2hhciBjb25zdCAqLCB1bnNpZ25lZCBpbnQpJwovdG1wL2NjaFgyb2x3Lm86IEluIGZ1bmN0aW9u IGBiYXNpY19zdHJpbmc8Y2hhciwgc3RyaW5nX2NoYXJfdHJhaXRzPGNoYXI+LCBfX2RlZmF1bHRf YWxsb2NfdGVtcGxhdGU8dHJ1ZSwgMD4gPjo6UmVwOjpvcGVyYXRvciBkZWxldGUodm9pZCAqKSc6 Ci91c3IvbGliL2djYy1saWIvaTM4Ni1zbGFja3dhcmUtbGludXgvMi45NS4zLy4uLy4uLy4uLy4u L2luY2x1ZGUvZysrLTMvc3RsX2FsbG9jLmgoLmdudS5saW5rb25jZS50Ll9fbHNfX0gzWmNadDE4 c3RyaW5nX2NoYXJfdHJhaXRzMVpjWnQyNF9fZGVmYXVsdF9hbGxvY190ZW1wbGF0ZTJiMWkwX1I3 b3N0cmVhbVJDdDEyYmFzaWNfc3RyaW5nM1pYMDFaWDExWlgyMV9SN29zdHJlYW0rMHgzMik6IHVu ZGVmaW5lZCByZWZlcmVuY2UgdG8gYG9zdHJlYW06OndyaXRlKGNoYXIgY29uc3QgKiwgaW50KScK L3RtcC9jY2hYMm9sdy5vOiBJbiBmdW5jdGlvbiBgY2hiaW5kX2RldmV4aXN0KGNoYXIgY29uc3Qg KiknOgovdG1wL3ZzZXJ2ZXItMC4xNi9jaGJpbmQuY2M6MzY6IHVuZGVmaW5lZCByZWZlcmVuY2Ug dG8gYF9fb3V0X29mX3JhbmdlKGNoYXIgY29uc3QgKiknCmNvbGxlY3QyOiBsZCByZXR1cm5lZCAx IGV4aXQgc3RhdHVzCm1ha2U6ICoqKiBbY2hiaW5kXSBFcnJvciAxCg== --------------Boundary-00=_BQO3QA5DZUNGUDJRWWWE-- From vserver.error@solucorp.qc.ca Fri Apr 5 13:14:40 2002 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g35IEd7Y019300; Fri, 5 Apr 2002 13:14:40 -0500 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g35I1j628659 for vserver.list; Fri, 5 Apr 2002 13:01:45 -0500 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from student6.rug.ac.be (student6.rug.ac.be [157.193.88.74]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g35I1ih28655 for ; Fri, 5 Apr 2002 13:01:45 -0500 Received: (from ivo@localhost) by student6.rug.ac.be (8.9.3/8.9.3/Debian 8.9.3-21) id UAA20656 for vserver@solucorp.qc.ca; Fri, 5 Apr 2002 20:01:44 +0200 Date: Fri, 5 Apr 2002 20:01:44 +0200 From: Ivo De Decker To: vserver@solucorp.qc.ca Subject: Re: [vserver] vserver does not compile Message-ID: <20020405200144.A20448@student.rug.ac.be> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from ralf@convergence.de on Fri, Apr 05, 2002 at 05:08:35PM +0200 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 430 On Fri, Apr 05, 2002 at 05:08:35PM +0200, Ralf Hemmann wrote: > since two or three releases the vserver Package does not compile completely > any more. > Latest try was 0.16. > > Tools that not compile are: > > chkbind, chcontext,reducecap,syscall,vutil, > Attached is an error output . > > For security reasons I have no compiler my rootserver, I compile everthing on > a builsdsystem. The patched kernelsource is available. I have tried gcc-3.04 > instead gcc-2.95.3 also > > Any hints ? Hello, I had the same problem. Try replacing gcc with g++ in the makefile (except the last one, it has to be gcc). BTW I'm using debian stable. Greetings, Ivo De Decker From vserver.error@solucorp.qc.ca Mon Apr 8 08:35:42 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g38CZf3Q018018; Mon, 8 Apr 2002 08:35:42 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g38C7T118400 for vserver.list; Mon, 8 Apr 2002 08:07:29 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from irishsea.home.craig-wood.com (userbb201.dsl.pipex.com [62.190.241.201]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g38C7Rh18396 for ; Mon, 8 Apr 2002 08:07:28 -0400 Received: (from ncw@localhost) by irishsea.home.craig-wood.com (8.11.6/8.11.6) id g38C7MP13890 for vserver@dns.solucorp.qc.ca; Mon, 8 Apr 2002 13:07:22 +0100 Date: Mon, 8 Apr 2002 13:07:22 +0100 From: Nick Craig-Wood To: Vserver mailing list Subject: [vserver] pam_capability module Message-ID: <20020408130722.A13799@axis.demon.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-5.0 required=5.0 tests=UNIFIED_PATCH version=2.01 Status: RO X-Status: X-Keywords: X-UID: 431 I thought you guys might be interested in this in that it playing with similar parts of the kernel to vserver :- http://freshmeat.net/projects/pam_capability/ Which is a module implementing capabilities for users via PAM. Of particular interest it somes with a kernel patch which I include verbatim here - maybe some co-operation between the two projects would be a good idea? ... diff -ruN linux-2.4.18-pure/Documentation/Configure.help linux-2.4.18-capfix/Documentation/Configure.help --- linux-2.4.18-pure/Documentation/Configure.help Mon Feb 25 11:37:51 2002 +++ linux-2.4.18-capfix/Documentation/Configure.help Tue Apr 2 07:24:32 2002 @@ -3690,6 +3690,22 @@ building a kernel for install/rescue disks or your system is very limited in memory. +Inherit Capabilities Across Exec +CONFIG_INHERIT_CAPS_ACROSS_EXEC + Allow non-root users to pass on capabilities when they exec + binaries. When this feature is used in combination with a + user-level capability assignment mechanism (e.g. pam_capability) + it can significantly reduce the amount of time that users need + to run as root. + + Note that this is a temporary solution to the larger + problem of implementing full support for capabilities in + the Linux virtual file system layer. + + You should say N here unless you know what this is and know + that you want to use it. + + # Choice: kcore Kernel core (/proc/kcore) format CONFIG_KCORE_ELF diff -ruN linux-2.4.18-pure/arch/i386/config.in linux-2.4.18-capfix/arch/i386/config.in --- linux-2.4.18-pure/arch/i386/config.in Mon Feb 25 11:37:52 2002 +++ linux-2.4.18-capfix/arch/i386/config.in Tue Apr 2 07:24:32 2002 @@ -258,6 +258,9 @@ bool 'System V IPC' CONFIG_SYSVIPC bool 'BSD Process Accounting' CONFIG_BSD_PROCESS_ACCT bool 'Sysctl support' CONFIG_SYSCTL +if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then + bool 'Inherit Capabilities Across Exec' CONFIG_INHERIT_CAPS_ACROSS_EXEC +fi if [ "$CONFIG_PROC_FS" = "y" ]; then choice 'Kernel core (/proc/kcore) format' \ "ELF CONFIG_KCORE_ELF \ diff -ruN linux-2.4.18-pure/fs/exec.c linux-2.4.18-capfix/fs/exec.c --- linux-2.4.18-pure/fs/exec.c Fri Dec 21 09:41:55 2001 +++ linux-2.4.18-capfix/fs/exec.c Tue Apr 2 07:24:32 2002 @@ -644,6 +644,29 @@ cap_clear(bprm->cap_permitted); cap_clear(bprm->cap_effective); +#ifdef CONFIG_INHERIT_CAPS_ACROSS_EXEC + /* allow non-root users to pass on capabilities + * when they exec binaries. we leave all capabilities + * cleared if cap_setpcap is set in any of the capability + * sets as a marker to indicate that an application did not + * call sys_capset via * cap_set_proc. + * + * NB: this means that non-root users can never be granted + * cap_setpcap. This isn't necessarily * a bad thing. + * + * NB: we use cap_inheritable here so that login can set + * setuid/setgid in eff & perm for purposes of su, which + * can then go away silently. + */ + if ( (current->euid != 0 || issecure(SECURE_NOROOT)) && + !(cap_raised(current->cap_inheritable,CAP_SETPCAP)) && + !(cap_raised(current->cap_effective,CAP_SETPCAP)) && + !(cap_raised(current->cap_permitted,CAP_SETPCAP)) ) { + bprm->cap_permitted = current->cap_inheritable; + bprm->cap_effective = current->cap_inheritable; + } +#endif + /* To support inheritance of root-permissions and suid-root * executables under compatibility mode, we raise all three * capability sets for the file. -- Nick Craig-Wood ncw1@axis.demon.co.uk From vserver.error@solucorp.qc.ca Mon Apr 8 15:27:53 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g38JRr3Q022221; Mon, 8 Apr 2002 15:27:53 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g38JHnS25066 for vserver.list; Mon, 8 Apr 2002 15:17:49 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g38JHnh25062 for ; Mon, 8 Apr 2002 15:17:49 -0400 Received: from remtk.solucorp.qc.ca (g36-88.citenet.net [206.123.36.88]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g38JIm692274 for ; Mon, 8 Apr 2002 15:18:48 -0400 (EDT) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g38J7A804403 for vserver@solucorp.qc.ca; Mon, 8 Apr 2002 15:07:10 -0400 From: Jacques Gelinas Date: Mon, 8 Apr 2002 15:07:10 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] vserver does not compile X-mailer: tlmpmail 0.6 Message-ID: <20020408150710.9a24420463cf@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 432 On Fri, 5 Apr 2002 17:08:35 -0500, Ralf Hemmann wrote > Hy together. > > since two or three releases the vserver Package does not compile completely > any more. > Latest try was 0.16. > > Tools that not compile are: > > chkbind, chcontext,reducecap,syscall,vutil, > Attached is an error output . > > For security reasons I have no compiler my rootserver, I compile everthing on > a builsdsystem. The patched kernelsource is available. I have tried gcc-3.04 > instead gcc-2.95.3 also > > Any hints ? Maybe it is the way glibc is packaged on your distro. Try to add -lstdc++ in the Makefile to see if it helps. It this is the case, I can put this in the standard distribution. It won't hurt --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Mon Apr 8 15:48:56 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g38Jmu3Q022375; Mon, 8 Apr 2002 15:48:56 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g38JcLc25512 for vserver.list; Mon, 8 Apr 2002 15:38:21 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from fnexchange2.corp.fast.net (fnexchange2.corp.fast.net [209.92.29.202]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g38JcLh25508 for ; Mon, 8 Apr 2002 15:38:21 -0400 Received: by fnexchange2.corp.fast.net with Internet Mail Service (5.5.2653.19) id ; Mon, 8 Apr 2002 15:38:22 -0400 Message-ID: <684A8B4FD94E464283C3ABA6AE65214102D9BB36@fnexchange2.corp.fast.net> From: Jerry Wilborn To: "'vserver@solucorp.qc.ca'" Subject: [vserver] running bash with --login Date: Mon, 8 Apr 2002 15:38:20 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 433 older versions of bash dont support --login it's '-login'. newer versions with with '-login' too... just an fyi for ppl getting "-- unknown option" Jerry Wilborn, Operations Engineer FASTNET - Internet Solutions 610-266-6700 www.fast.net From vserver.error@solucorp.qc.ca Mon Apr 8 23:13:16 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g393DF3Q028798; Mon, 8 Apr 2002 23:13:15 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g392uW814262 for vserver.list; Mon, 8 Apr 2002 22:56:32 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g392uWh14258 for ; Mon, 8 Apr 2002 22:56:32 -0400 Received: from remtk.solucorp.qc.ca (g36-106.citenet.net [206.123.36.106]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g392vY627895 for ; Mon, 8 Apr 2002 22:57:34 -0400 (EDT) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g392gKG04601 for vserver@solucorp.qc.ca; Mon, 8 Apr 2002 22:42:20 -0400 From: Jacques Gelinas Date: Mon, 8 Apr 2002 22:42:20 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] pam_capability module X-mailer: tlmpmail 0.6 Message-ID: <20020408224220.6010efc95828@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 434 On Mon, 8 Apr 2002 13:07:22 -0500, Nick Craig-Wood wrote > I thought you guys might be interested in this in that it playing with > similar parts of the kernel to vserver :- > > http://freshmeat.net/projects/pam_capability/ > > Which is a module implementing capabilities for users via PAM. > The capability system is incomplete in linux 2.2 and 2.4. The big missing part is the ability to tag capability to application like we can tag the setuid bit. The flaw with setuid bit is that a buggy setuid root program can give away the control over the system. This patch offers a way around. Giving some capability to users so you need less setuid programs ou capability enhanced programs. At least this is what I understand. The major flaw with capability is this is an all or nothing. You can't qualify the capability. For exemple, it would be nice to grant CAP_DAC_OVERRIDE to a co-administrator, but only on one area of the file system (This allow him to override the normal file access rights). Capabilities are cool for the vserver because this is indeed a all and nothing deal. We do not want vserver administrator to do some operations at all. I suspect that in the long run, stuff like the LSM + selinux will rule. Note that there is nothing incompatible with vservers. LSM + selinux is used to delegate some ability to some users if they are follwoing some access pattern (they logged from some services and then do that and that). One goal of the capability system is to stop giving away root completly whenever someone needs to perform something privileged. Unfortunatly this is difficult to give fine control. For exemple, I would like to have this users in charge of the web server. I don't want him to be root, ever. Yet he must be able to start the service. And the service needs a way to bind to port 80 (only root can do that, or you need a special capability). If you use a capability, then you allow this user to bind any service with a port below 1024, which is not exactly what you want. I suspect this explains why the capability system has been almost complete for so long. plug mode: I have designed a package called aclfsd as part of the virtualfs project. aclfsd provide a very fine grain access to file system and network resources. Using ACL, you can tell who can bind to which port for example. Wonder if this has a future... www.solucorp.qc.ca/virtualfs --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Tue Apr 9 00:45:50 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g394jn3Q029547; Tue, 9 Apr 2002 00:45:49 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g394PZg15891 for vserver.list; Tue, 9 Apr 2002 00:25:35 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtpout.telecom.co.nz (smtpout.telecom.co.nz [146.171.14.10]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g394PXh15887 for ; Tue, 9 Apr 2002 00:25:34 -0400 Received: from aksmtpmdr2.telecom.co.nz (aksmtpmdr2 [146.171.1.21]) by smtpout.telecom.co.nz (Postfix) with SMTP id 542D345EA5 for ; Tue, 9 Apr 2002 16:25:27 +1200 (NZST) Received: from 192.168.192.22 by aksmtpmdr2.telecom.co.nz with ESMTP ( Tumbleweed MMS SMTP Relay (MMS v4.7);); Tue, 09 Apr 2002 16:25:17 +1200 X-Server-Uuid: 9e124d90-33fb-11d3-a293-006008c1e5af Received: from ganymede ([127.0.0.1] helo=localhost.localdomain ident=fran) by ganymede with esmtp (Exim 3.35 #1 (Debian)) id 16unAK-0002ay-00 for ; Tue, 09 Apr 2002 16:23: 32 +1200 Subject: [vserver] /etc/mtab From: "Fran Firman" To: vserver X-Mailer: Evolution/1.0.2 Date: 09 Apr 2002 16:23:31 +1200 Message-ID: <1018326212.24682.30.camel@ganymede> MIME-Version: 1.0 X-WSS-ID: 10ACB2A6791530-01-01 Content-Type: multipart/signed; boundary="=-tbZEC+fxK8F9tAhVKKhd"; micalg=pgp-sha1; protocol="application/pgp-signature" Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 435 --=-tbZEC+fxK8F9tAhVKKhd Content-Type: text/plain Content-Transfer-Encoding: quoted-printable I noticed while inside my vserver, if I remove the /etc/mtab file and then run mount, I get to see all of the mount points for the whole server. I don't think I can do anything with that thou. Any ideas, about this? Fran --=-tbZEC+fxK8F9tAhVKKhd Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEABECAAYFAjyybMMACgkQv1V2oVWAPhbKzwCdGwLq7NflEZFM4HjPwGNw8OG+ 8PUAoJHcW+VgGGcsO+IW5OeIZ7wgT9SQ =hy91 -----END PGP SIGNATURE----- --=-tbZEC+fxK8F9tAhVKKhd-- From vserver.error@solucorp.qc.ca Tue Apr 9 01:20:33 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g395KW3Q029709; Tue, 9 Apr 2002 01:20:32 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3955PL16574 for vserver.list; Tue, 9 Apr 2002 01:05:25 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mx1.paradigm4.com.au (server.paradigm4.com.au [202.45.126.119]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g3955Oh16570 for ; Tue, 9 Apr 2002 01:05:24 -0400 Received: (qmail 29025 invoked from network); 9 Apr 2002 05:08:58 -0000 Received: from d2.paradigm4.com.au (HELO mail.DigitalAngel.com.au) (202.45.126.111) by mx1.paradigm4.com.au with SMTP; 9 Apr 2002 05:08:58 -0000 Received: (qmail 2362 invoked from network); 9 Apr 2002 05:05:52 -0000 Received: from charley.home (HELO charlie) (10.0.0.4) by stanley.home with SMTP; 9 Apr 2002 05:05:52 -0000 From: edward@paradigm4.com.au Organization: Paradigm4 To: vserver@solucorp.qc.ca Date: Tue, 9 Apr 2002 15:06:26 +1000 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: [vserver] /etc/mtab Message-ID: <3CB30372.2224.EE6C41@localhost> Priority: normal In-reply-to: <1018326212.24682.30.camel@ganymede> X-mailer: Pegasus Mail for Win32 (v3.12c) Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-98.8 required=5.0 tests=NO_REAL_NAME,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 436 You could just do cat /proc/mounts inside vserver and you will see all the mounts anyway, regardless of /etc/mtab I think that new vproc fs would address that. Ed On Tuesday, 9 April 2002 at 16:23, Fran Firman wrote: > I noticed while inside my vserver, if I remove the /etc/mtab file and > then run mount, I get to see all of the mount points for the whole > server. > > I don't think I can do anything with that thou. > > > Any ideas, about this? > > Fran > > > From vserver.error@solucorp.qc.ca Tue Apr 9 01:22:18 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g395MH3Q029716; Tue, 9 Apr 2002 01:22:17 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3952sT16515 for vserver.list; Tue, 9 Apr 2002 01:02:54 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mx1.paradigm4.com.au (server.paradigm4.com.au [202.45.126.119]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g3952qh16511 for ; Tue, 9 Apr 2002 01:02:53 -0400 Received: (qmail 28935 invoked from network); 9 Apr 2002 05:06:19 -0000 Received: from d2.paradigm4.com.au (HELO mail.DigitalAngel.com.au) (202.45.126.111) by mx1.paradigm4.com.au with SMTP; 9 Apr 2002 05:06:19 -0000 Received: (qmail 2355 invoked from network); 9 Apr 2002 05:03:13 -0000 Received: from charley.home (HELO charlie) (10.0.0.4) by stanley.home with SMTP; 9 Apr 2002 05:03:13 -0000 From: edward@paradigm4.com.au Organization: Paradigm4 To: vserver@solucorp.qc.ca Date: Tue, 9 Apr 2002 15:03:48 +1000 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: re: [vserver] pam_capability module Message-ID: <3CB302D4.2564.EC006F@localhost> Priority: normal In-reply-to: <20020408224220.6010efc95828@remtk.solucorp.qc.ca> X-mailer: Pegasus Mail for Win32 (v3.12c) Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-98.8 required=5.0 tests=NO_REAL_NAME,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 437 On Monday, 8 April 2002 at 22:42, Jacques Gelinas wrote: > I have designed a package called aclfsd as part of the virtualfs project. aclfsd > provide a very fine grain access to file system and network resources. Using > ACL, you can tell who can bind to which port for example. Wonder if this > has a future... www.solucorp.qc.ca/virtualfs As far as I understand it, it provides the alternative to glibc so it relies on non-modified binaries that are not statically linked, which is ok for some network services. I'd like to see something more universal that that, though. e.g. There is an authorization server ( could be a kernel module with syscall/ioctl interface ) which is tied to a database, listing all restricted objects ( files/directories/ports/protocols/syscalls/etc ), allowed methods (e.g.write/read/open/listen/connect/chmod etc) ,and their corresponding secrets. All applications initially don't have access to any resource. They request permissions for particular object from the auth server, providing their credentials and ( optionally ) stating for how long they need this resource. Auth server checks the credentials, current policies and possibly grants a "ticket" allowing access to a resource. "Credentials" may include md5sum+inode+attrs of the executable and/or some "passwords" or whatever. There may be more than one reference to the same object/method but with different credentials, thus giving longer/shorter lasting tickets to different programs. each task structure would contain a reference to a hashed array of tickets issued for the current task. All tickets would have their expiration dates, after which they are no longer valid and get deleted from the array. There may be a "full access to everything" object in the database, which would grant infinite ticket to access everything, thus simulating the present "power of root". This is sort of getting into LIDS/selinux territory but possibly more generic and I haven't seen the idea of an expiring tickets per task anywhere else. I think having a bucket of tickets tied to each task may speed up things because auth server wouldn't need to be consulted each time a program needs to open a file/create a connection etc. Just my $0.02 Ed From vserver.error@solucorp.qc.ca Tue Apr 9 01:59:59 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g395xw3Q029931; Tue, 9 Apr 2002 01:59:58 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g395lMC17408 for vserver.list; Tue, 9 Apr 2002 01:47:22 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mouse.sectium.com (adsl-b3-74-250.telepac.pt [213.13.74.250]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g395lKh17404 for ; Tue, 9 Apr 2002 01:47:21 -0400 Received: (qmail 11746 invoked from network); 9 Apr 2002 05:47:19 -0000 Received: from localhost (HELO vgertech.com) (nuno@127.0.0.1) by localhost with SMTP; 9 Apr 2002 05:47:19 -0000 Message-ID: <3CB28067.4040401@vgertech.com> Date: Tue, 09 Apr 2002 06:47:19 +0100 From: Nuno Silva User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020402 Debian/2:0.9.9-4 X-Accept-Language: en-us, pt MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] /etc/mtab References: <1018326212.24682.30.camel@ganymede> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 438 Hi! you can see the mounts everytime: cat /proc/mounts if your vserver doesn't need procfs (any proc related utilities like ps, w, etc, but not limited to these..) you can disable it: comment out mountproc /vservers/$1 in /usr/sbin/vserver this could be a configuration option in /etc/vservers/$1 :) Hope this helps. Regards, Nuno Silva Fran Firman wrote: > I noticed while inside my vserver, if I remove the /etc/mtab file and > then run mount, I get to see all of the mount points for the whole > server. > > I don't think I can do anything with that thou. > > > Any ideas, about this? > > Fran > > From vserver.error@solucorp.qc.ca Tue Apr 9 03:09:13 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3979C3Q030316; Tue, 9 Apr 2002 03:09:12 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g396uE218842 for vserver.list; Tue, 9 Apr 2002 02:56:14 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from falcon.prod.itd.earthlink.net (falcon.mail.pas.earthlink.net [207.217.120.74]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g396uDh18838 for ; Tue, 9 Apr 2002 02:56:13 -0400 Received: from pool-63.52.95.203.cmbr.grid.net ([63.52.95.203] helo=cy54255-a.vernalelm.com) by falcon.prod.itd.earthlink.net with esmtp (Exim 3.33 #1) id 16upY5-0001gA-00 for vserver@solucorp.qc.ca; Mon, 08 Apr 2002 23:56:13 -0700 Message-Id: <4.3.2.7.2.20020409024518.00b9ccd0@mail.earthlink.net> X-Sender: philip@vernalelm.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Tue, 09 Apr 2002 02:53:15 -0400 To: vserver@solucorp.qc.ca From: Philip Hill Subject: [vserver] private server hosting Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.8 required=5.0 tests=KNOWN_BAD_DIALUPS version=2.01 Status: RO X-Status: A X-Keywords: X-UID: 439 Please accept my apologies if this is the wrong discussion in which to post this. Just wondering if anyone is attempting to use this method to offer hosting of something similar to a "virtual private server"? Are there any obvious drawbacks I'm missing? Regards, Philip From vserver.error@solucorp.qc.ca Tue Apr 9 03:30:43 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g397Ug3Q030450; Tue, 9 Apr 2002 03:30:42 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g397Hdk19310 for vserver.list; Tue, 9 Apr 2002 03:17:39 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from student6.rug.ac.be (student6.rug.ac.be [157.193.88.74]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g397Hch19306 for ; Tue, 9 Apr 2002 03:17:38 -0400 Received: (from ivo@localhost) by student6.rug.ac.be (8.9.3/8.9.3/Debian 8.9.3-21) id JAA12180 for vserver@solucorp.qc.ca; Tue, 9 Apr 2002 09:17:39 +0200 Date: Tue, 9 Apr 2002 09:17:39 +0200 From: Ivo De Decker To: vserver@solucorp.qc.ca Subject: Re: [vserver] vserver does not compile Message-ID: <20020409091739.A11948@student.rug.ac.be> References: <20020408150710.9a24420463cf@remtk.solucorp.qc.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020408150710.9a24420463cf@remtk.solucorp.qc.ca>; from jack@solucorp.qc.ca on Mon, Apr 08, 2002 at 03:07:10PM -0500 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 440 On Mon, Apr 08, 2002 at 03:07:10PM -0500, Jacques Gelinas wrote: > On Fri, 5 Apr 2002 17:08:35 -0500, Ralf Hemmann wrote > > since two or three releases the vserver Package does not compile completely > > any more. > > Latest try was 0.16. > Maybe it is the way glibc is packaged on your distro. Try to > add -lstdc++ in the Makefile to see if it helps. It this is the case, I can > put this in the standard distribution. It won't hurt This works for me (debian). Greetings, Ivo De Decker From vserver.error@solucorp.qc.ca Tue Apr 9 03:51:39 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g397pc3Q030570; Tue, 9 Apr 2002 03:51:38 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g397fWS19824 for vserver.list; Tue, 9 Apr 2002 03:41:32 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tomts24-srv.bellnexxia.net (tomts24.bellnexxia.net [209.226.175.187]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g397fWh19820 for ; Tue, 9 Apr 2002 03:41:32 -0400 Received: from bonano.neopeak.com ([65.92.52.51]) by tomts24-srv.bellnexxia.net (InterMail vM.4.01.03.23 201-229-121-123-20010418) with ESMTP id <20020409074128.GJWH15833.tomts24-srv.bellnexxia.net@bonano.neopeak.com> for ; Tue, 9 Apr 2002 03:41:28 -0400 Content-Type: text/plain; charset="iso-8859-1" From: =?iso-8859-1?q?C=E9dric=20Veilleux?= Organization: Neopeak Internet Solutions To: vserver@solucorp.qc.ca Subject: Re: [vserver] private server hosting Date: Tue, 9 Apr 2002 03:41:27 -0400 X-Mailer: KMail [version 1.4] References: <4.3.2.7.2.20020409024518.00b9ccd0@mail.earthlink.net> In-Reply-To: <4.3.2.7.2.20020409024518.00b9ccd0@mail.earthlink.net> MIME-Version: 1.0 Message-Id: <200204090341.27294.cedric@neopeak.com> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by dns.solucorp.qc.ca id g397fWh19820 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 441 Hi, I have not a lot of experience with vservers, but simply from reading the documentation, I've found a few important drawbacks: Limiting resources: It is still not possible to tightly control the resources available for a vserver (RAM, CPU, Disk Quota). Read the following page for more info on what can be done and what can't: http://www.solucorp.qc.ca/miscprj/s_context.hc?s1=4&s2=3&s3=0&s4=0&full=0&prjstate=1&nodoc=0 One IP address per vserver: An important drawback that will make a good part of your clients whine. It is only possible to have 1 IP per vserver. So it is not possible to use IP based virtual hosts in apache (required for SSL, etc..) Although there are also very important advantages to the vserver and security context solution. First of all it is open, and it can be used, with some tweakings, with the distribution of your choice, which allow much more flexibility. I am not a redhat fan and all other solutions I came accross are based on redhat only. I am interested in hearing the comments about other people on this subject as well... Thank you, Cedric On April 9, 2002 02:53 am, you wrote: > Please accept my apologies if this is the wrong discussion in which to post > this. > > Just wondering if anyone is attempting to use this method to offer hosting > of something similar to a "virtual private server"? Are there any obvious > drawbacks I'm missing? > > Regards, > > Philip From vserver.error@solucorp.qc.ca Tue Apr 9 04:07:00 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3986w3Q031852; Tue, 9 Apr 2002 04:06:59 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g397wXq20138 for vserver.list; Tue, 9 Apr 2002 03:58:33 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mouse.sectium.com (adsl-b3-74-250.telepac.pt [213.13.74.250]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g397wWh20134 for ; Tue, 9 Apr 2002 03:58:32 -0400 Received: (qmail 14127 invoked from network); 9 Apr 2002 07:58:30 -0000 Received: from localhost (HELO vgertech.com) (nuno@127.0.0.1) by localhost with SMTP; 9 Apr 2002 07:58:30 -0000 Message-ID: <3CB29F26.2000300@vgertech.com> Date: Tue, 09 Apr 2002 08:58:30 +0100 From: Nuno Silva User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020402 Debian/2:0.9.9-4 X-Accept-Language: en-us, pt MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] vserver does not compile References: <20020408150710.9a24420463cf@remtk.solucorp.qc.ca> <20020409091739.A11948@student.rug.ac.be> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 442 [..snip..] >>>Latest try was 0.16. >> >>Maybe it is the way glibc is packaged on your distro. Try to >>add -lstdc++ in the Makefile to see if it helps. It this is the case, I can >>put this in the standard distribution. It won't hurt > > > This works for me (debian). > Same here. Btw, vserver-0.13 compiled just fine in the same system (debian sid). Vserver-0.16 didn't... -lstdc++ did the trick :) Regards, Nuno Silva From vserver.error@solucorp.qc.ca Tue Apr 9 04:40:58 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g398ev3Q032196; Tue, 9 Apr 2002 04:40:58 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g398MLo21270 for vserver.list; Tue, 9 Apr 2002 04:22:21 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from velocity.liquidweb.com (ns.liquidweb.com [64.91.224.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g398MKh21266 for ; Tue, 9 Apr 2002 04:22:20 -0400 Received: from 12-245-222-41.client.attbi.com ([12.245.222.41] helo=liquidweb.com) by velocity.liquidweb.com with asmtp (Exim 3.35 #1) id 16uqtO-0001jb-00 for vserver@solucorp.qc.ca; Tue, 09 Apr 2002 04:22:18 -0400 Message-ID: <3CB2A439.8050907@liquidweb.com> Date: Tue, 09 Apr 2002 04:20:09 -0400 From: Matthew Hill User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020311 X-Accept-Language: en-us, en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] private server hosting References: <4.3.2.7.2.20020409024518.00b9ccd0@mail.earthlink.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-AntiAbuse: Sender Address Domain - liquidweb.com Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 443 Philip, I am actually planning on implementing the vserver product our current gamut of services as to establish a reasonable step between shared hosting and full dedicated. It's usually fairly daunting for a user to step from $24.95 to $250 overnight (that is shared hosting to dedicated product). We will likely place the vserver product in the $80-100 range and monitor bandwidth through ipchains on the main server (this has not yet been finalized, aka, technical staff to later politely tell CEO why he is a moron). I have yet to run into issues as far as performance or stability (less ctx-9 and netstat), even managed to load test with a few counterstrike servers and the scheduler handled things flawlessly for less loaded test accounts. Current main issues involve quotas, and quotas. The virtualized /dev/hdv prevents it from being outwardly apparent as to a solution for userland quotas and is basically the only remaining barrier. Not so much in setting quotas for each vserver's total usage as there are other solutions for this, but rather quotas internal to each vserver's discrete userland. The cpanel product we license and partially develop relies on them heavily for reseller situations (which will be a common application from clients of this product). If anyone has plans for any sort of quota implementation or possible suggestions I would very interested to hear them. Awaiting beer deployment for anything useful. ---- Matthew Hill CEO, Liquid Web Inc. http://www.liquidweb.com "You can make up statistics to prove anything, 83% of people know that." Philip Hill wrote: > Please accept my apologies if this is the wrong discussion in which to > post this. > > Just wondering if anyone is attempting to use this method to offer > hosting of something similar to a "virtual private server"? Are there > any obvious drawbacks I'm missing? > > Regards, > > Philip From vserver.error@solucorp.qc.ca Tue Apr 9 04:54:59 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g398sw3Q032252; Tue, 9 Apr 2002 04:54:58 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g398ihB21745 for vserver.list; Tue, 9 Apr 2002 04:44:43 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g398igh21738 for ; Tue, 9 Apr 2002 04:44:42 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16urEz-0006eE-00 for ; Tue, 09 Apr 2002 10:44:37 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16urEy-0006e3-00 for ; Tue, 09 Apr 2002 10:44:36 +0200 Sender: jon@silicide.dk Message-ID: <3CB2A9F4.3D93E49C@silicide.dk> Date: Tue, 09 Apr 2002 10:44:36 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] private server hosting References: <4.3.2.7.2.20020409024518.00b9ccd0@mail.earthlink.net> <200204090341.27294.cedric@neopeak.com> Content-Type: text/plain; charset=iso-8859-1 X-Envelope-To: vserver@solucorp.qc.ca Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by dns.solucorp.qc.ca id g398igh21738 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 444 Cédric Veilleux wrote: > > Hi, > > I have not a lot of experience with vservers, but simply from reading the > documentation, I've found a few important drawbacks: Experience is good. I've used it for a little month now ?? And i really like it. I've even told my local LUG, that i would tell them about it one day. > One IP address per vserver: > An important drawback that will make a good part of your clients whine. It is > only possible to have 1 IP per vserver. So it is not possible to use IP based > virtual hosts in apache (required for SSL, etc..) http://www.solucorp.qc.ca/changes.hc?projet=vserver&version=0.16#vserver%20script%20enhancement "A vserver may operate with 0.0.0.0 as its IPROOT. This means the vserver is allowed to use any IP it wants..." It's a link from the front page. I havent tried it myself, i have the IP's i need. JonB From vserver.error@solucorp.qc.ca Tue Apr 9 05:07:42 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3997f3Q032429; Tue, 9 Apr 2002 05:07:42 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g398udi22028 for vserver.list; Tue, 9 Apr 2002 04:56:39 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g398uch22024 for ; Tue, 9 Apr 2002 04:56:38 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16urQc-0006f1-00 for ; Tue, 09 Apr 2002 10:56:38 +0200 Received: from localhost ([127.0.0.1]) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16urQc-0006er-00 for ; Tue, 09 Apr 2002 10:56:38 +0200 Delivered-To: silicide_dk-jon+vserver@silicide.dk Received: from mail.dht.dk [194.239.148.46] by localhost with POP3 (fetchmail-5.9.0) for jon+vserver@silicide.dk (multi-drop); Tue, 09 Apr 2002 10:56:38 +0200 (CEST) Received: (qmail 79142 invoked from network); 9 Apr 2002 08:55:27 -0000 Received: from dns.solucorp.qc.ca (207.253.4.241) by ns.dht.dk with SMTP; 9 Apr 2002 08:55:27 -0000 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g398ihB21745 for vserver.list; Tue, 9 Apr 2002 04:44:43 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g398igh21738 for ; Tue, 9 Apr 2002 04:44:42 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16urEz-0006eE-00 for ; Tue, 09 Apr 2002 10:44:37 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16urEy-0006e3-00 for ; Tue, 09 Apr 2002 10:44:36 +0200 Sender: jon@silicide.dk Message-ID: <3CB2A9F4.3D93E49C@silicide.dk> Date: Tue, 09 Apr 2002 10:44:36 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] private server hosting References: <4.3.2.7.2.20020409024518.00b9ccd0@mail.earthlink.net> <200204090341.27294.cedric@neopeak.com> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by dns.solucorp.qc.ca id g398igh21738 X-Envelope-To: jon+vserver@silicide.dk Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 445 Cédric Veilleux wrote: > > Hi, > > I have not a lot of experience with vservers, but simply from reading the > documentation, I've found a few important drawbacks: Experience is good. I've used it for a little month now ?? And i really like it. I've even told my local LUG, that i would tell them about it one day. > One IP address per vserver: > An important drawback that will make a good part of your clients whine. It is > only possible to have 1 IP per vserver. So it is not possible to use IP based > virtual hosts in apache (required for SSL, etc..) http://www.solucorp.qc.ca/changes.hc?projet=vserver&version=0.16#vserver%20script%20enhancement "A vserver may operate with 0.0.0.0 as its IPROOT. This means the vserver is allowed to use any IP it wants..." It's a link from the front page. I havent tried it myself, i have the IP's i need. JonB From vserver.error@solucorp.qc.ca Tue Apr 9 05:08:58 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3998v3Q032436; Tue, 9 Apr 2002 05:08:57 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39924B22154 for vserver.list; Tue, 9 Apr 2002 05:02:04 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39923h22150 for ; Tue, 9 Apr 2002 05:02:03 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16urVr-0006fO-00 for ; Tue, 09 Apr 2002 11:02:03 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16urVr-0006fD-00 for ; Tue, 09 Apr 2002 11:02:03 +0200 Sender: jon@silicide.dk Message-ID: <3CB2AE0B.4C96F5DF@silicide.dk> Date: Tue, 09 Apr 2002 11:02:03 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver mailinglist Subject: [vserver] feature request - suspend a vserver to disk Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: vserver@solucorp.qc.ca Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 446 I would like to be able to supend a running vserver to disk, and then at a later time (or host) resume the vserver from where it was suspended. JonB ps: can anyone tell me why all my mails appear to be double in the mailinglist archives? From vserver.error@solucorp.qc.ca Tue Apr 9 05:23:12 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g399NB3Q032505; Tue, 9 Apr 2002 05:23:12 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g399AKf22311 for vserver.list; Tue, 9 Apr 2002 05:10:20 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g399AKh22307 for ; Tue, 9 Apr 2002 05:10:20 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16urds-0006gL-00 for ; Tue, 09 Apr 2002 11:10:20 +0200 Received: from localhost ([127.0.0.1]) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16urds-0006gB-00 for ; Tue, 09 Apr 2002 11:10:20 +0200 Delivered-To: silicide_dk-jon+vserver@silicide.dk Received: from mail.dht.dk [194.239.148.46] by localhost with POP3 (fetchmail-5.9.0) for jon+vserver@silicide.dk (multi-drop); Tue, 09 Apr 2002 11:10:20 +0200 (CEST) Received: (qmail 96536 invoked from network); 9 Apr 2002 09:09:00 -0000 Received: from dns.solucorp.qc.ca (207.253.4.241) by 194.239.148.46 with SMTP; 9 Apr 2002 09:09:00 -0000 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39924B22154 for vserver.list; Tue, 9 Apr 2002 05:02:04 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39923h22150 for ; Tue, 9 Apr 2002 05:02:03 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16urVr-0006fO-00 for ; Tue, 09 Apr 2002 11:02:03 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16urVr-0006fD-00 for ; Tue, 09 Apr 2002 11:02:03 +0200 Sender: jon@silicide.dk Message-ID: <3CB2AE0B.4C96F5DF@silicide.dk> Date: Tue, 09 Apr 2002 11:02:03 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver mailinglist Subject: [vserver] feature request - suspend a vserver to disk Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: jon+vserver@silicide.dk Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 447 I would like to be able to supend a running vserver to disk, and then at a later time (or host) resume the vserver from where it was suspended. JonB ps: can anyone tell me why all my mails appear to be double in the mailinglist archives? From vserver.error@solucorp.qc.ca Tue Apr 9 05:28:28 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g399SR3Q032529; Tue, 9 Apr 2002 05:28:28 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g399BYa22329 for vserver.list; Tue, 9 Apr 2002 05:11:34 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from saarland.sz-sb.de (saarland.sz-sb.de [212.88.192.10]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g399BWh22325 for ; Tue, 9 Apr 2002 05:11:33 -0400 Received: from camelot.sz-sb.de (dmz1-camelot.sz-sb.de [212.88.192.2]) by saarland.sz-sb.de (8.9.3+Sun/8.9.3) with SMTP id LAA29747 for ; Tue, 9 Apr 2002 11:11:30 +0200 (MEST) Received: from ([172.16.151.102]) by camelot.sz-sb.de; Tue, 09 Apr 2002 11:11:30 +0200 (MEST) Received: from laplinux.triervf.de (172.16.113.72 [172.16.113.72]) by trierx0.triervf.de with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id 226W6F13; Tue, 9 Apr 2002 11:12:33 +0200 Subject: Re: [vserver] private server hosting From: d m To: vserver@solucorp.qc.ca In-Reply-To: <3CB2A439.8050907@liquidweb.com> References: <4.3.2.7.2.20020409024518.00b9ccd0@mail.earthlink.net> <3CB2A439.8050907@liquidweb.com> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.3 Date: 09 Apr 2002 11:11:14 +0200 Message-Id: <1018343479.18013.27.camel@laplinux> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 448 hi, > Not so much in setting quotas for each vserver's total usage as there > are other > solutions for this, but rather quotas internal to each vserver's discrete > userland. why don't you use some LVM ? It would be more work for internal vservers userland (splitting up the external LVM again), but possible... regards, daniel From vserver.error@solucorp.qc.ca Tue Apr 9 06:11:14 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39ABD3Q000375; Tue, 9 Apr 2002 06:11:13 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g399lT723188 for vserver.list; Tue, 9 Apr 2002 05:47:29 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from snafu.defcom.dk ([212.130.10.198]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g399lSh23183 for ; Tue, 9 Apr 2002 05:47:28 -0400 Received: from [10.45.0.109] (bifrost.defcom.dk [212.130.10.193]) by snafu.defcom.dk (Postfix) with ESMTP id 52780FA1A for ; Tue, 9 Apr 2002 11:47:27 +0200 (CEST) Subject: [vserver] double posts - an explanation..? From: klavs klavsen To: Vserver Mailinglist Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-c5gyPomqNXJ+taIoO9Fy" X-Mailer: Ximian Evolution 1.0.3 Date: 09 Apr 2002 11:47:26 +0200 Message-Id: <1018345646.1728.17.camel@tpx20.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-99.9 required=5.0 tests=SUBJ_ENDS_IN_Q_MARK,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 449 --=-c5gyPomqNXJ+taIoO9Fy Content-Type: text/plain Content-Transfer-Encoding: quoted-printable It would seem that the sender (exim gateway at siloicide.dk in this incident) is sending the mail only once.. so it must be the solucorp mail server (sendmail v8.11.0 configured by linuxconf :-) that somehow messes it up.. perhaps the mail set sender to vserver.error@solucorp.qc.ca using -f has something to do with it? This is the email headers from the first post X-Sieve: cmu-sieve 1.3 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by smaug.netropolis.dk (8.10.0/8.10.0) with ESMTP id g399Mum13567 for ; Tue, 9 Apr 2002 11:22:56 +0200 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39924B22154 for vserver.list; Tue, 9 Apr 2002 05:02:04 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39923h22150 for ; Tue, 9 Apr 2002 05:02:03 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16urVr-0006fO-00 for ; Tue, 09 Apr 2002 11:02:03 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=3Dsilicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16urVr-0006fD-00 for ; Tue, 09 Apr 2002 11:02:03 +0200 Sender: jon@silicide.dk Message-ID: <3CB2AE0B.4C96F5DF@silicide.dk> This is the email headers from the second (the double) post: X-Sieve: cmu-sieve 1.3 Return-Path: Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by smaug.netropolis.dk (8.10.0/8.10.0) with ESMTP id g399bKm14432 for ; Tue, 9 Apr 2002 11:37:21 +0200 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g399AKf22311 for vserver.list; Tue, 9 Apr 2002 05:10:20 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g399AKh22307 for ; Tue, 9 Apr 2002 05:10:20 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16urds-0006gL-00 for ; Tue, 09 Apr 2002 11:10:20 +0200 Received: from localhost ([127.0.0.1]) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16urds-0006gB-00 for ; Tue, 09 Apr 2002 11:10:20 +0200 Delivered-To: silicide_dk-jon+vserver@silicide.dk Received: from mail.dht.dk [194.239.148.46] by localhost with POP3 (fetchmail-5.9.0) for jon+vserver@silicide.dk (multi-drop); Tue, 09 Apr 2002 11:10:20 +0200 (CEST) Received: (qmail 96536 invoked from network); 9 Apr 2002 09:09:00 -0000 Received: from dns.solucorp.qc.ca (207.253.4.241) by 194.239.148.46 with SMTP; 9 Apr 2002 09:09:00 -0000 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39924B22154 for vserver.list; Tue, 9 Apr 2002 05:02:04 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39923h22150 for ; Tue, 9 Apr 2002 05:02:03 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16urVr-0006fO-00 for ; Tue, 09 Apr 2002 11:02:03 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=3Dsilicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16urVr-0006fD-00 for ; Tue, 09 Apr 2002 11:02:03 +0200 Sender: jon@silicide.dk Message-ID: <3CB2AE0B.4C96F5DF@silicide.dk>=09 --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-c5gyPomqNXJ+taIoO9Fy Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8sriu4c1kHlhtW8oRAuhqAJ4+Hc4BzHu3Rln0FOcs+QpgPaJj1gCZAaZ+ 5qqYy9or5ct/xFb8vQdtm/4= =87Q1 -----END PGP SIGNATURE----- --=-c5gyPomqNXJ+taIoO9Fy-- From vserver.error@solucorp.qc.ca Tue Apr 9 06:27:59 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39ARw3Q000445; Tue, 9 Apr 2002 06:27:58 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39A9rO23641 for vserver.list; Tue, 9 Apr 2002 06:09:53 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from chambertin.convergence.de (chambertin.convergence.de [212.84.236.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39A9rh23637 for ; Tue, 9 Apr 2002 06:09:53 -0400 Received: from [10.1.1.90] (helo=there ident=ralf) by chambertin.convergence.de with smtp (Exim 3.33 #2 ) id 16usZV-0000tI-00 for ; Tue, 09 Apr 2002 12:09:53 +0200 Content-Type: text/plain; charset="iso-8859-1" From: Ralf Hemmann To: vserver@solucorp.qc.ca Subject: Re: [vserver] vserver does not compile Date: Tue, 9 Apr 2002 12:16:22 +0200 X-Mailer: KMail [version 1.3.2] References: <20020408150710.9a24420463cf@remtk.solucorp.qc.ca> In-Reply-To: <20020408150710.9a24420463cf@remtk.solucorp.qc.ca> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 450 > > since two or three releases the vserver Package does not compile > > completely any more. > > Latest try was 0.16. > Maybe it is the way glibc is packaged on your distro. Try to > add -lstdc++ in the Makefile to see if it helps. It this is the case, I can > put this in the standard distribution. It won't hurt This was the solution. Thank you ! Ralf From vserver.error@solucorp.qc.ca Tue Apr 9 06:40:06 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39Ae53Q000550; Tue, 9 Apr 2002 06:40:05 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39AJEk23845 for vserver.list; Tue, 9 Apr 2002 06:19:14 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from velocity.liquidweb.com (ns.liquidweb.com [64.91.224.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39AJEh23841 for ; Tue, 9 Apr 2002 06:19:14 -0400 Received: from 12-245-222-41.client.attbi.com ([12.245.222.41] helo=liquidweb.com) by velocity.liquidweb.com with asmtp (Exim 3.35 #1) id 16usiU-00032x-00 for vserver@solucorp.qc.ca; Tue, 09 Apr 2002 06:19:10 -0400 Message-ID: <3CB2BF9E.4050306@liquidweb.com> Date: Tue, 09 Apr 2002 06:17:02 -0400 From: Matthew Hill User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020311 X-Accept-Language: en-us, en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] private server hosting References: <4.3.2.7.2.20020409024518.00b9ccd0@mail.earthlink.net> <3CB2A439.8050907@liquidweb.com> <1018343479.18013.27.camel@laplinux> Content-Type: multipart/alternative; boundary="------------050309000406080900030805" X-AntiAbuse: Sender Address Domain - liquidweb.com Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 451 --------------050309000406080900030805 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Daniel, Thank you for the suggestion, as LVM would be an excellent system for controlling total vserver disk consumption. However the largest concern remaining, on which I was admittedly unclear, is that I'm trying to implement per-user quotas in a system where users are perpetually created and destroyed by web-based admin tools given to the owner of the vserver. Any suggestions? I would think it rather tedious from an administrative standpoint to attempt to use LVM per /home/user directories, whereas the best hack attempts I could envision using the current vserver setup would set quotas spanning all vservers and create overlap in chosen user names and disk consumption (lacking virtualized quotas, which I realize to be no small task). I had noticed one other post to this list requesting quotas support on the /dev/hdv a few weeks back. Sincerely, Matthew Hill d m wrote: >hi, > >>Not so much in setting quotas for each vserver's total usage as there >>are other >>solutions for this, but rather quotas internal to each vserver's discrete >>userland. >> > >why don't you use some LVM ? It would be more work for internal vservers >userland (splitting up the external LVM again), but possible... > >regards, >daniel > --------------050309000406080900030805 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Daniel,

Thank you for the suggestion, as LVM would be an excellent
system for controlling total vserver disk consumption.


However the largest concern remaining, on which I was
admittedly unclear, is that I'm trying to implement
per-user quotas in a system where users are perpetually
created and destroyed by web-based admin tools given
to the owner of the vserver.


Any suggestions?  I would think it rather tedious from
an administrative standpoint to attempt to use LVM
per /home/user directories, whereas the best hack attempts


I could envision using the current vserver setup would
set quotas spanning all vservers and create overlap in chosen
user names and disk consumption (lacking virtualized quotas,
which I realize to be no small task).  I had noticed one
other post to this list requesting quotas support on the
/dev/hdv a few weeks back.

Sincerely,

Matthew Hill

d m wrote:
hi,

Not so much in setting quotas for each vserver's total usage as there
are other
solutions for this, but rather quotas internal to each vserver's discrete
userland.

why don't you use some LVM ? It would be more work for internal vservers
userland (splitting up the external LVM again), but possible...

regards,
daniel


--------------050309000406080900030805-- From vserver.error@solucorp.qc.ca Tue Apr 9 07:29:25 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39BTO3Q000873; Tue, 9 Apr 2002 07:29:24 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39B5Xi24842 for vserver.list; Tue, 9 Apr 2002 07:05:33 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39B5Wh24838 for ; Tue, 9 Apr 2002 07:05:32 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16utRM-0006ll-00 for ; Tue, 09 Apr 2002 13:05:32 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16utRM-0006la-00 for ; Tue, 09 Apr 2002 13:05:32 +0200 Sender: jon@silicide.dk Message-ID: <3CB2CAFC.DE098F2D@silicide.dk> Date: Tue, 09 Apr 2002 13:05:32 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] private server hosting References: <4.3.2.7.2.20020409024518.00b9ccd0@mail.earthlink.net> <3CB2A439.8050907@liquidweb.com> <1018343479.18013.27.camel@laplinux> <3CB2BF9E.4050306@liquidweb.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: vserver@solucorp.qc.ca Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 452 Matthew Hill wrote: > > However the largest concern remaining, on which I was > admittedly unclear, is that I'm trying to implement > per-user quotas in a system where users are perpetually > created and destroyed by web-based admin tools given > to the owner of the vserver. Well, since you own the machine, you give the owner of the vserver some disk space. If he/she uses more, or his/hers users does, well, thats not your problem, is it? JonB From vserver.error@solucorp.qc.ca Tue Apr 9 07:51:22 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39BpL3Q001051; Tue, 9 Apr 2002 07:51:22 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39BUeq25319 for vserver.list; Tue, 9 Apr 2002 07:30:40 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39BUdh25315 for ; Tue, 9 Apr 2002 07:30:39 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16utpf-0006mm-00 for ; Tue, 09 Apr 2002 13:30:39 +0200 Received: from localhost ([127.0.0.1]) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16utpf-0006mc-00 for ; Tue, 09 Apr 2002 13:30:39 +0200 Delivered-To: silicide_dk-jon+vserver@silicide.dk Received: from mail.dht.dk [194.239.148.46] by localhost with POP3 (fetchmail-5.9.0) for jon+vserver@silicide.dk (multi-drop); Tue, 09 Apr 2002 13:30:39 +0200 (CEST) Received: (qmail 14225 invoked from network); 9 Apr 2002 11:29:28 -0000 Received: from dns.solucorp.qc.ca (207.253.4.241) by 194.239.148.46 with SMTP; 9 Apr 2002 11:29:28 -0000 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39B5Xi24842 for vserver.list; Tue, 9 Apr 2002 07:05:33 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39B5Wh24838 for ; Tue, 9 Apr 2002 07:05:32 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16utRM-0006ll-00 for ; Tue, 09 Apr 2002 13:05:32 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16utRM-0006la-00 for ; Tue, 09 Apr 2002 13:05:32 +0200 Sender: jon@silicide.dk Message-ID: <3CB2CAFC.DE098F2D@silicide.dk> Date: Tue, 09 Apr 2002 13:05:32 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] private server hosting References: <4.3.2.7.2.20020409024518.00b9ccd0@mail.earthlink.net> <3CB2A439.8050907@liquidweb.com> <1018343479.18013.27.camel@laplinux> <3CB2BF9E.4050306@liquidweb.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: jon+vserver@silicide.dk Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 453 Matthew Hill wrote: > > However the largest concern remaining, on which I was > admittedly unclear, is that I'm trying to implement > per-user quotas in a system where users are perpetually > created and destroyed by web-based admin tools given > to the owner of the vserver. Well, since you own the machine, you give the owner of the vserver some disk space. If he/she uses more, or his/hers users does, well, thats not your problem, is it? JonB From vserver.error@solucorp.qc.ca Tue Apr 9 07:56:01 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39Bu03Q001072; Tue, 9 Apr 2002 07:56:00 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39BTni25253 for vserver.list; Tue, 9 Apr 2002 07:29:49 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from saarland.sz-sb.de (saarland.sz-sb.de [212.88.192.10]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39BTmh25249 for ; Tue, 9 Apr 2002 07:29:49 -0400 Received: from camelot.sz-sb.de (dmz1-camelot.sz-sb.de [212.88.192.2]) by saarland.sz-sb.de (8.9.3+Sun/8.9.3) with SMTP id NAA08299 for ; Tue, 9 Apr 2002 13:29:48 +0200 (MEST) Received: from ([172.16.151.102]) by camelot.sz-sb.de; Tue, 09 Apr 2002 13:29:47 +0200 (MEST) Received: from laplinux.triervf.de (172.16.113.72 [172.16.113.72]) by trierx0.triervf.de with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id 226W6FPD; Tue, 9 Apr 2002 13:28:46 +0200 Subject: Re: [vserver] private server hosting From: d m To: vserver@solucorp.qc.ca In-Reply-To: <3CB2BF9E.4050306@liquidweb.com> References: <4.3.2.7.2.20020409024518.00b9ccd0@mail.earthlink.net> <3CB2A439.8050907@liquidweb.com> <1018343479.18013.27.camel@laplinux> <3CB2BF9E.4050306@liquidweb.com> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.3 Date: 09 Apr 2002 13:29:31 +0200 Message-Id: <1018351775.18099.33.camel@laplinux> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 454 Matthew, ok, I got it now. Indeed, it would be a life-filling task to do this with LVM... I'm not that firm with quota, but isn't it true, that quota uses only the UIDs ? So, as the UID in a vserver are the same UIDs in the main-server, one could use quotas on the main-server configuring the UIDs only (!) used by the users of a vserver (e.g. an isolated area od UIDs). Regards, Daniel Am Die, 2002-04-09 um 12.17 schrieb Matthew Hill: > Daniel, > > Thank you for the suggestion, as LVM would be an excellent > system for controlling total vserver disk consumption. > > > However the largest concern remaining, on which I was > admittedly unclear, is that I'm trying to implement > per-user quotas in a system where users are perpetually > created and destroyed by web-based admin tools given > to the owner of the vserver. > > > Any suggestions? I would think it rather tedious from > an administrative standpoint to attempt to use LVM > per /home/user directories, whereas the best hack attempts > > > I could envision using the current vserver setup would > set quotas spanning all vservers and create overlap in chosen > user names and disk consumption (lacking virtualized quotas, > which I realize to be no small task). I had noticed one > other post to this list requesting quotas support on the > /dev/hdv a few weeks back. > > Sincerely, > > Matthew Hill > From vserver.error@solucorp.qc.ca Tue Apr 9 08:03:50 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39C3n3Q001204; Tue, 9 Apr 2002 08:03:49 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39Bcij25526 for vserver.list; Tue, 9 Apr 2002 07:38:44 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g39Bchh25522 for ; Tue, 9 Apr 2002 07:38:44 -0400 Received: (qmail 7696 invoked by uid 0); 9 Apr 2002 11:38:43 -0000 Received: from tvt-catv-dhcp-47-114.urbanet.ch (HELO laptop) (80.238.47.114) by mail.gmx.net (mp009-rz3) with SMTP; 9 Apr 2002 11:38:43 -0000 Message-ID: <00c701c1dfba$b0efc820$722fee50@vweb.ch.urbanet.ch> From: "Seiler Thomas" To: References: <4.3.2.7.2.20020409024518.00b9ccd0@mail.earthlink.net> <200204090341.27294.cedric@neopeak.com> <3CB2A9F4.3D93E49C@silicide.dk> Subject: Re: [vserver] private server hosting Date: Tue, 9 Apr 2002 13:35:40 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 455 Hi Jon Bendtsen wrote: > Cédric Veilleux wrote: > > > > I have not a lot of experience with vservers, but simply from reading the > > documentation, I've found a few important drawbacks: > >[...] > > One IP address per vserver: > > An important drawback that will make a good part of your clients whine. It is > > only possible to have 1 IP per vserver. So it is not possible to use IP based > > virtual hosts in apache (required for SSL, etc..) > > http://www.solucorp.qc.ca/changes.hc?projet=vserver&version=0.16#vserver%20s cript%20enhancement > "A vserver may operate with 0.0.0.0 as its IPROOT. This means the > vserver is allowed to use any IP it wants..." > [...] Isn't this a little bit contradictory ?You have this very nice vserver package which gives you absolute isolation between vservers, imagine Sandboxes to try untrusted software, absolute isolation for virtual hosting clients, etc... But as soon as a vserver needs more that one IP (common situation in hosting env.), the only solution consists in setting IPROOT to 0.0.0.0 allowing the vserver to mess around and bind to any IP's it isn't supposed to. Security Sandbox gone. Isolation for hosting clients gone, and it's only a question of time before they will get into each other's hair ... So the only real souloution to this consists in some way to allow assignment of multiple IP's per vserver. I saw there was once a patch for mutliple IPs per vserver, which isn't maintanced anymore. Would't that be a great starting point for a new multiple IP patch ? So does anybody know where i can find the old patch ? After all, this would be a very nice feature for hosting environments and I think there *IS* enough demand. Think for example of multiple SSL hosts within a vserver, of different IPs for Webserver and MailServer, etc... Thanks Thomas From vserver.error@solucorp.qc.ca Tue Apr 9 08:37:46 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39Cbj3Q002253; Tue, 9 Apr 2002 08:37:46 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39CDHO26330 for vserver.list; Tue, 9 Apr 2002 08:13:17 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mouse.sectium.com (adsl-b3-74-250.telepac.pt [213.13.74.250]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g39CDGh26326 for ; Tue, 9 Apr 2002 08:13:17 -0400 Received: (qmail 17386 invoked from network); 9 Apr 2002 12:13:13 -0000 Received: from localhost (HELO vgertech.com) (nuno@127.0.0.1) by localhost with SMTP; 9 Apr 2002 12:13:13 -0000 Message-ID: <3CB2DAD9.9090607@vgertech.com> Date: Tue, 09 Apr 2002 13:13:13 +0100 From: Nuno Silva User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020402 Debian/2:0.9.9-4 X-Accept-Language: en-us, pt MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: [vserver] debian tgz for vservers Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 456 Hi, thought i'd share my debian image for vserver. I hope this makes vserver more distribution independent :) http://vserver.vgertech.com/ Keep in mind that this is a slow connection, if someone can mirror this to a faster connection, please email the list with the location. Regards, Nuno Silva From vserver.error@solucorp.qc.ca Tue Apr 9 08:40:43 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39Ceh3Q002283; Tue, 9 Apr 2002 08:40:43 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39CPPF26601 for vserver.list; Tue, 9 Apr 2002 08:25:25 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from fnexchange2.corp.fast.net (fnexchange2.corp.fast.net [209.92.29.202]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39CPPh26597 for ; Tue, 9 Apr 2002 08:25:25 -0400 Received: by fnexchange2.corp.fast.net with Internet Mail Service (5.5.2653.19) id <2SPKCHGC>; Tue, 9 Apr 2002 08:25:26 -0400 Message-ID: <684A8B4FD94E464283C3ABA6AE65214102D9BB37@fnexchange2.corp.fast.net> From: Jerry Wilborn To: "'vserver@solucorp.qc.ca'" Subject: RE: [vserver] private server hosting Date: Tue, 9 Apr 2002 08:25:24 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by dns.solucorp.qc.ca id g39CPPh26597 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 457 The only half ass way I've found around this (but still doesnt accomplish the SSL delima) is by creating two machine configuration files exactly the same but with two different IPs and specfying the S_CONTEXT to the same numeral. Do the mount "binding" to simulate the entire filesystem, or however you want to share them. What this does do is allow you to see all processes together and lets programs in each bind to the other IP (so long as they came in that way). If you try it out, it's probably about 20% of what you're trying to accomplish, but maybe it'll get you what you're looking for. Jerry Wilborn, Operations Engineer FASTNET - Internet Solutions 610-266-6700 www.fast.net -----Original Message----- From: Seiler Thomas [mailto:seiler.thomas@gmx.net] Sent: Tuesday, April 09, 2002 7:36 AM To: vserver@solucorp.qc.ca Subject: Re: [vserver] private server hosting Hi Jon Bendtsen wrote: > Cédric Veilleux wrote: > > > > I have not a lot of experience with vservers, but simply from reading the > > documentation, I've found a few important drawbacks: > >[...] > > One IP address per vserver: > > An important drawback that will make a good part of your clients whine. It is > > only possible to have 1 IP per vserver. So it is not possible to use IP based > > virtual hosts in apache (required for SSL, etc..) > > http://www.solucorp.qc.ca/changes.hc?projet=vserver&version=0.16#vserver%20s cript%20enhancement > "A vserver may operate with 0.0.0.0 as its IPROOT. This means the > vserver is allowed to use any IP it wants..." > [...] Isn't this a little bit contradictory ?You have this very nice vserver package which gives you absolute isolation between vservers, imagine Sandboxes to try untrusted software, absolute isolation for virtual hosting clients, etc... But as soon as a vserver needs more that one IP (common situation in hosting env.), the only solution consists in setting IPROOT to 0.0.0.0 allowing the vserver to mess around and bind to any IP's it isn't supposed to. Security Sandbox gone. Isolation for hosting clients gone, and it's only a question of time before they will get into each other's hair ... So the only real souloution to this consists in some way to allow assignment of multiple IP's per vserver. I saw there was once a patch for mutliple IPs per vserver, which isn't maintanced anymore. Would't that be a great starting point for a new multiple IP patch ? So does anybody know where i can find the old patch ? After all, this would be a very nice feature for hosting environments and I think there *IS* enough demand. Think for example of multiple SSL hosts within a vserver, of different IPs for Webserver and MailServer, etc... Thanks Thomas From vserver.error@solucorp.qc.ca Tue Apr 9 09:17:32 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39DHT3Q002523; Tue, 9 Apr 2002 09:17:31 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39D19p27416 for vserver.list; Tue, 9 Apr 2002 09:01:09 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39D18h27412 for ; Tue, 9 Apr 2002 09:01:09 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16uvFE-0006rq-00 for ; Tue, 09 Apr 2002 15:01:08 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16uvFE-0006rf-00 for ; Tue, 09 Apr 2002 15:01:08 +0200 Sender: jon@silicide.dk Message-ID: <3CB2E614.F2AC75B3@silicide.dk> Date: Tue, 09 Apr 2002 15:01:08 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] debian tgz for vservers References: <3CB2DAD9.9090607@vgertech.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: vserver@solucorp.qc.ca Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 458 Nuno Silva wrote: > > Hi, > > thought i'd share my debian image for vserver. > I hope this makes vserver more distribution independent :) cool, but whats in it ?? > http://vserver.vgertech.com/ no such host > Keep in mind that this is a slow connection, if someone can mirror this > to a faster connection, please email the list with the location. Sorry, i cant do that yet :/ JonB From vserver.error@solucorp.qc.ca Tue Apr 9 09:34:35 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39DYY3Q002758; Tue, 9 Apr 2002 09:34:34 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39DFp927720 for vserver.list; Tue, 9 Apr 2002 09:15:51 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from wobbly.bofh.net.au (bofh.net.au [203.20.99.253]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39DFoh27716 for ; Tue, 9 Apr 2002 09:15:50 -0400 Received: from reverie.bofh.net.au (darius@reverie.bofh.net.au [203.20.99.42]) by wobbly.bofh.net.au (8.9.3/8.8.7) with ESMTP id AAA09626 for ; Wed, 10 Apr 2002 00:49:40 +1000 Subject: Re: [vserver] debian tgz for vservers From: Kevin Littlejohn To: vserver@solucorp.qc.ca In-Reply-To: <3CB2DAD9.9090607@vgertech.com> References: <3CB2DAD9.9090607@vgertech.com> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Evolution/1.0.2 Date: 09 Apr 2002 23:15:49 +1000 Message-Id: <1018358149.868.609.camel@reverie> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 459 I'll put it up at http://www.obsidian.com.au/vserver/ shortly (it claims it'll take 49 minutes to download). Can I ask, though (before looking at it), how you picked what goes in by default? Our servers, we started with debootstrap, and pruned from there. KJL On Tue, 2002-04-09 at 22:13, Nuno Silva wrote: > Hi, > > thought i'd share my debian image for vserver. > I hope this makes vserver more distribution independent :) > > http://vserver.vgertech.com/ > > Keep in mind that this is a slow connection, if someone can mirror this > to a faster connection, please email the list with the location. > > Regards, > Nuno Silva > > > -- Internet techie Obsidian Consulting Group Phone: +613 9653 9364 Fax: +613 9354 2681 http://www.obsidian.com.au/ darius@obsidian.com.au From vserver.error@solucorp.qc.ca Tue Apr 9 09:39:27 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39DdQ3Q002786; Tue, 9 Apr 2002 09:39:27 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39DIpj27777 for vserver.list; Tue, 9 Apr 2002 09:18:51 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39DIph27773 for ; Tue, 9 Apr 2002 09:18:51 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16uvWN-0006sL-00 for ; Tue, 09 Apr 2002 15:18:51 +0200 Received: from localhost ([127.0.0.1]) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16uvWN-0006sB-00 for ; Tue, 09 Apr 2002 15:18:51 +0200 Delivered-To: silicide_dk-jon+vserver@silicide.dk Received: from mail.dht.dk [194.239.148.46] by localhost with POP3 (fetchmail-5.9.0) for jon+vserver@silicide.dk (multi-drop); Tue, 09 Apr 2002 15:18:51 +0200 (CEST) Received: (qmail 17217 invoked from network); 9 Apr 2002 13:18:00 -0000 Received: from dns.solucorp.qc.ca (207.253.4.241) by ns.dht.dk with SMTP; 9 Apr 2002 13:18:00 -0000 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39D19p27416 for vserver.list; Tue, 9 Apr 2002 09:01:09 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39D18h27412 for ; Tue, 9 Apr 2002 09:01:09 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16uvFE-0006rq-00 for ; Tue, 09 Apr 2002 15:01:08 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16uvFE-0006rf-00 for ; Tue, 09 Apr 2002 15:01:08 +0200 Sender: jon@silicide.dk Message-ID: <3CB2E614.F2AC75B3@silicide.dk> Date: Tue, 09 Apr 2002 15:01:08 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] debian tgz for vservers References: <3CB2DAD9.9090607@vgertech.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: jon+vserver@silicide.dk Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 460 Nuno Silva wrote: > > Hi, > > thought i'd share my debian image for vserver. > I hope this makes vserver more distribution independent :) cool, but whats in it ?? > http://vserver.vgertech.com/ no such host > Keep in mind that this is a slow connection, if someone can mirror this > to a faster connection, please email the list with the location. Sorry, i cant do that yet :/ JonB From vserver.error@solucorp.qc.ca Tue Apr 9 10:00:32 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39E0V3Q002981; Tue, 9 Apr 2002 10:00:32 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39DgTH28397 for vserver.list; Tue, 9 Apr 2002 09:42:29 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from remtk.solucorp.qc.ca (dns.unigiciel.com [207.253.4.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39DgTh28393 for ; Tue, 9 Apr 2002 09:42:29 -0400 Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g393DlR05329 for vserver@solucorp.qc.ca; Mon, 8 Apr 2002 23:13:47 -0400 From: Jacques Gelinas Date: Mon, 8 Apr 2002 23:13:47 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] running bash with --login X-mailer: tlmpmail 0.6 Message-ID: <20020408231347.28b1251b9c48@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 461 On Mon, 8 Apr 2002 15:38:20 -0500, Jerry Wilborn wrote > older versions of bash dont support --login it's '-login'. newer versions > with with '-login' too... Ok, I fixed it to use -login. Will be in 0.17 Thanks! --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Tue Apr 9 10:50:20 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39EoJ3Q003325; Tue, 9 Apr 2002 10:50:19 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39EUKi29451 for vserver.list; Tue, 9 Apr 2002 10:30:20 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from remtk.solucorp.qc.ca (dns.unigiciel.com [207.253.4.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39EUKh29445 for ; Tue, 9 Apr 2002 10:30:20 -0400 Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g39EWNl05121 for vserver@solucorp.qc.ca; Tue, 9 Apr 2002 10:32:23 -0400 From: Jacques Gelinas Date: Tue, 9 Apr 2002 10:32:23 -0500 To: vserver@solucorp.qc.ca Subject: Re: [vserver] vserver does not compile X-mailer: tlmpmail 0.6 Message-ID: <20020409103223.89d8da2fa18e@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 462 On Tue, 9 Apr 2002 12:16:22 -0500, Ralf Hemmann wrote > > > > since two or three releases the vserver Package does not compile > > > completely any more. > > > Latest try was 0.16. > > > Maybe it is the way glibc is packaged on your distro. Try to > > add -lstdc++ in the Makefile to see if it helps. It this is the case, I can > > put this in the standard distribution. It won't hurt > > This was the solution. Thank you ! I have published vserver 0.17. Can you check if it builds fine out of the box Thanks! --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Tue Apr 9 10:56:07 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39Eu63Q003349; Tue, 9 Apr 2002 10:56:07 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39EkTQ29810 for vserver.list; Tue, 9 Apr 2002 10:46:29 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from remtk.solucorp.qc.ca (dns.unigiciel.com [207.253.4.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39EkTh29806 for ; Tue, 9 Apr 2002 10:46:29 -0400 Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g39EmWv05146 for vserver@solucorp.qc.ca; Tue, 9 Apr 2002 10:48:32 -0400 From: Jacques Gelinas Date: Tue, 9 Apr 2002 10:48:32 -0500 To: vserver@solucorp.qc.ca Subject: Re: [vserver] /etc/mtab X-mailer: tlmpmail 0.6 Message-ID: <20020409104832.42838678c74e@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 463 On Tue, 9 Apr 2002 06:47:19 -0500, Nuno Silva wrote > Hi! > > you can see the mounts everytime: > cat /proc/mounts > > if your vserver doesn't need procfs (any proc related utilities like ps, > w, etc, but not limited to these..) you can disable it: > > comment out > mountproc /vservers/$1 > in /usr/sbin/vserver > > this could be a configuration option in /etc/vservers/$1 :) Maybe. vproc will cure some of these issues (hiding stuff) Do you see other reason why one would like this (no /proc in a vserver) ? --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Tue Apr 9 11:14:10 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39FE83Q003461; Tue, 9 Apr 2002 11:14:09 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39ExVv30173 for vserver.list; Tue, 9 Apr 2002 10:59:31 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from remtk.solucorp.qc.ca (dns.unigiciel.com [207.253.4.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39ExVh30169 for ; Tue, 9 Apr 2002 10:59:31 -0400 Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g39F1Zb05196 for vserver@solucorp.qc.ca; Tue, 9 Apr 2002 11:01:35 -0400 From: Jacques Gelinas Date: Tue, 9 Apr 2002 11:01:35 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] feature request - suspend a vserver to disk X-mailer: tlmpmail 0.6 Message-ID: <20020409110135.c2115f9fde18@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 464 On Tue, 9 Apr 2002 11:02:03 -0500, Jon Bendtsen wrote > I would like to be able to supend a running vserver to disk, and then at > a later time (or host) resume the vserver from where it was suspended. There is a patch allowing swsusp for a whole linux box. I wonder if this is possible to adapt this to a vserver only. > JonB > ps: can anyone tell me why all my mails appear to be double in the > mailinglist archives? Odd. Can't tell. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Tue Apr 9 11:15:01 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39FEx3Q003469; Tue, 9 Apr 2002 11:15:00 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39F35k30278 for vserver.list; Tue, 9 Apr 2002 11:03:05 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39F34h30274 for ; Tue, 9 Apr 2002 11:03:04 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16ux9E-0006v8-00 for ; Tue, 09 Apr 2002 17:03:04 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16ux9E-0006ut-00 for ; Tue, 09 Apr 2002 17:03:04 +0200 Sender: jon@silicide.dk Message-ID: <3CB302A8.B8865F26@silicide.dk> Date: Tue, 09 Apr 2002 17:03:04 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] debian tgz for vservers References: <3CB2DAD9.9090607@vgertech.com> <1018358149.868.609.camel@reverie> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: vserver@solucorp.qc.ca Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 465 Kevin Littlejohn wrote: > > I'll put it up at http://www.obsidian.com.au/vserver/ shortly (it claims > it'll take 49 minutes to download). Can I ask, though (before looking > at it), how you picked what goes in by default? Our servers, we started > with debootstrap, and pruned from there. I got started by just taking a copy of my /, a minimal potato with 2.4 support. After that i started removing packages, and for satisfying the dependensies, i had to delete some files somewhere. I got down to 100MB?? i dont remember, it's at home, but it's arround there. I'm quote satisfied with the space. I even use different LVM "partitions" for each vserver, because i dont need space THAT much. JonB From vserver.error@solucorp.qc.ca Tue Apr 9 11:24:32 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39FOV3Q003535; Tue, 9 Apr 2002 11:24:32 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39FG4P30611 for vserver.list; Tue, 9 Apr 2002 11:16:04 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39FG3h30607 for ; Tue, 9 Apr 2002 11:16:03 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16uxLn-0006ve-00 for ; Tue, 09 Apr 2002 17:16:03 +0200 Received: from localhost ([127.0.0.1]) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16uxLn-0006vQ-01 for ; Tue, 09 Apr 2002 17:16:03 +0200 Delivered-To: silicide_dk-jon+vserver@silicide.dk Received: from mail.dht.dk [194.239.148.46] by localhost with POP3 (fetchmail-5.9.0) for jon+vserver@silicide.dk (multi-drop); Tue, 09 Apr 2002 17:16:03 +0200 (CEST) Received: (qmail 18041 invoked from network); 9 Apr 2002 15:15:28 -0000 Received: from dns.solucorp.qc.ca (207.253.4.241) by ns.dht.dk with SMTP; 9 Apr 2002 15:15:28 -0000 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39F35k30278 for vserver.list; Tue, 9 Apr 2002 11:03:05 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39F34h30274 for ; Tue, 9 Apr 2002 11:03:04 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16ux9E-0006v8-00 for ; Tue, 09 Apr 2002 17:03:04 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16ux9E-0006ut-00 for ; Tue, 09 Apr 2002 17:03:04 +0200 Sender: jon@silicide.dk Message-ID: <3CB302A8.B8865F26@silicide.dk> Date: Tue, 09 Apr 2002 17:03:04 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] debian tgz for vservers References: <3CB2DAD9.9090607@vgertech.com> <1018358149.868.609.camel@reverie> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: jon+vserver@silicide.dk Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 466 Kevin Littlejohn wrote: > > I'll put it up at http://www.obsidian.com.au/vserver/ shortly (it claims > it'll take 49 minutes to download). Can I ask, though (before looking > at it), how you picked what goes in by default? Our servers, we started > with debootstrap, and pruned from there. I got started by just taking a copy of my /, a minimal potato with 2.4 support. After that i started removing packages, and for satisfying the dependensies, i had to delete some files somewhere. I got down to 100MB?? i dont remember, it's at home, but it's arround there. I'm quote satisfied with the space. I even use different LVM "partitions" for each vserver, because i dont need space THAT much. JonB From vserver.error@solucorp.qc.ca Tue Apr 9 11:32:21 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39FWK3Q003642; Tue, 9 Apr 2002 11:32:20 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39FKCs30729 for vserver.list; Tue, 9 Apr 2002 11:20:12 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39FKBh30725 for ; Tue, 9 Apr 2002 11:20:11 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16uxPo-0006vz-00 for ; Tue, 09 Apr 2002 17:20:12 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16uxPn-0006vo-00 for ; Tue, 09 Apr 2002 17:20:11 +0200 Sender: jon@silicide.dk Message-ID: <3CB306AB.9CE081E6@silicide.dk> Date: Tue, 09 Apr 2002 17:20:11 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] feature request - suspend a vserver to disk References: <20020409110135.c2115f9fde18@remtk.solucorp.qc.ca> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: vserver@solucorp.qc.ca Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 467 Jacques Gelinas wrote: > > On Tue, 9 Apr 2002 11:02:03 -0500, Jon Bendtsen wrote > > I would like to be able to supend a running vserver to disk, and then at > > a later time (or host) resume the vserver from where it was suspended. > > There is a patch allowing swsusp for a whole linux box. I wonder if this is possible > to adapt this to a vserver only. Possibly, but I cant do this myself :/ > > JonB > > ps: can anyone tell me why all my mails appear to be double in the > > mailinglist archives? > > Odd. Can't tell. Do you get it twice ?? JonB From vserver.error@solucorp.qc.ca Tue Apr 9 11:42:08 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39Fg73Q003729; Tue, 9 Apr 2002 11:42:08 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39FXfv31110 for vserver.list; Tue, 9 Apr 2002 11:33:41 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39FXeh31106 for ; Tue, 9 Apr 2002 11:33:40 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16uxcr-0006wT-00 for ; Tue, 09 Apr 2002 17:33:41 +0200 Received: from localhost ([127.0.0.1]) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16uxcr-0006wJ-00 for ; Tue, 09 Apr 2002 17:33:41 +0200 Delivered-To: silicide_dk-jon+vserver@silicide.dk Received: from mail.dht.dk [194.239.148.46] by localhost with POP3 (fetchmail-5.9.0) for jon+vserver@silicide.dk (multi-drop); Tue, 09 Apr 2002 17:33:41 +0200 (CEST) Received: (qmail 31396 invoked from network); 9 Apr 2002 15:32:49 -0000 Received: from dns.solucorp.qc.ca (207.253.4.241) by ns.dht.dk with SMTP; 9 Apr 2002 15:32:49 -0000 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39FKCs30729 for vserver.list; Tue, 9 Apr 2002 11:20:12 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39FKBh30725 for ; Tue, 9 Apr 2002 11:20:11 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16uxPo-0006vz-00 for ; Tue, 09 Apr 2002 17:20:12 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16uxPn-0006vo-00 for ; Tue, 09 Apr 2002 17:20:11 +0200 Sender: jon@silicide.dk Message-ID: <3CB306AB.9CE081E6@silicide.dk> Date: Tue, 09 Apr 2002 17:20:11 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] feature request - suspend a vserver to disk References: <20020409110135.c2115f9fde18@remtk.solucorp.qc.ca> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: jon+vserver@silicide.dk Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 468 Jacques Gelinas wrote: > > On Tue, 9 Apr 2002 11:02:03 -0500, Jon Bendtsen wrote > > I would like to be able to supend a running vserver to disk, and then at > > a later time (or host) resume the vserver from where it was suspended. > > There is a patch allowing swsusp for a whole linux box. I wonder if this is possible > to adapt this to a vserver only. Possibly, but I cant do this myself :/ > > JonB > > ps: can anyone tell me why all my mails appear to be double in the > > mailinglist archives? > > Odd. Can't tell. Do you get it twice ?? JonB From vserver.error@solucorp.qc.ca Tue Apr 9 11:45:49 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39Fjl3Q003754; Tue, 9 Apr 2002 11:45:49 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39FXMB31097 for vserver.list; Tue, 9 Apr 2002 11:33:22 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from remtk.solucorp.qc.ca (dns.unigiciel.com [207.253.4.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39FXLh31093 for ; Tue, 9 Apr 2002 11:33:21 -0400 Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g39FZPB05301 for vserver@solucorp.qc.ca; Tue, 9 Apr 2002 11:35:25 -0400 From: Jacques Gelinas Date: Tue, 9 Apr 2002 11:35:25 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] double posts - an explanation..? X-mailer: tlmpmail 0.6 Message-ID: <20020409113525.5e854818fd33@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-99.9 required=5.0 tests=SUBJ_ENDS_IN_Q_MARK,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 469 On Tue, 9 Apr 2002 11:47:26 -0500, klavs klavsen wrote > It would seem that the sender (exim gateway at siloicide.dk in this > incident) is sending the mail only once.. so it must be the solucorp > mail server (sendmail v8.11.0 configured by linuxconf :-) that somehow > messes it up Sure > .. perhaps the mail set sender to > vserver.error@solucorp.qc.ca using -f has something to do with it? This is the way I make sure the reply goes to the list and the errors go to me. (using -f) ... This is not what I am seeing. The message is sent once, then mailed by dns.solucorp.qc.ca to the list member and the message is sent back to the list. You see in the second header that the message is indeed sent to jon+vserver@silicide.dk. We see the message going through qmail and fetchmail and then sent back to the list. What is jon+vserver ? This sounds like an alias containing someone named jon and the vserver mailing list. Seems to be the only user with such a problem > > This is the email headers from the first post > > X-Sieve: cmu-sieve 1.3 > Return-Path: > Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) > by smaug.netropolis.dk (8.10.0/8.10.0) with ESMTP id g399Mum13567 for > ; Tue, 9 Apr 2002 11:22:56 +0200 > Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) > id g39924B22154 for vserver.list; Tue, 9 Apr 2002 05:02:04 -0400 > X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to > vserver.error@solucorp.qc.ca using -f > Received: from ns1.silicide.dk > (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by > dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39923h22150 for > ; Tue, 9 Apr 2002 05:02:03 -0400 > Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 > (Debian)) id 16urVr-0006fO-00 for ; Tue, 09 Apr > 2002 11:02:03 +0200 > Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by > ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16urVr-0006fD-00 > for ; Tue, 09 Apr 2002 11:02:03 +0200 > Sender: jon@silicide.dk > Message-ID: <3CB2AE0B.4C96F5DF@silicide.dk> > > This is the email headers from the second (the double) post: > > X-Sieve: cmu-sieve 1.3 > Return-Path: > Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) > by smaug.netropolis.dk (8.10.0/8.10.0) with ESMTP id g399bKm14432 for > ; Tue, 9 Apr 2002 11:37:21 +0200 > Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) > id g399AKf22311 for vserver.list; Tue, 9 Apr 2002 05:10:20 -0400 > X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to > vserver.error@solucorp.qc.ca using -f > Received: from ns1.silicide.dk > (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by > dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g399AKh22307 for > ; Tue, 9 Apr 2002 05:10:20 -0400 > Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 > (Debian)) id 16urds-0006gL-00 for ; Tue, 09 Apr > 2002 11:10:20 +0200 > Received: from localhost ([127.0.0.1]) by ns1.silicide.dk with esmtp > (Exim 3.33 #1 (Debian)) id 16urds-0006gB-00 for > ; Tue, 09 Apr 2002 11:10:20 +0200 > Delivered-To: silicide_dk-jon+vserver@silicide.dk > Received: from mail.dht.dk [194.239.148.46] by localhost with POP3 > (fetchmail-5.9.0) for jon+vserver@silicide.dk (multi-drop); Tue, 09 Apr > 2002 11:10:20 +0200 (CEST) > Received: (qmail 96536 invoked from network); 9 Apr 2002 09:09:00 -0000 > Received: from dns.solucorp.qc.ca (207.253.4.241) by 194.239.148.46 with > SMTP; 9 Apr 2002 09:09:00 -0000 > Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) > id g39924B22154 for vserver.list; Tue, 9 Apr 2002 05:02:04 -0400 > X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to > vserver.error@solucorp.qc.ca using -f > Received: from ns1.silicide.dk > (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by > dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39923h22150 for > ; Tue, 9 Apr 2002 05:02:03 -0400 > Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 > (Debian)) id 16urVr-0006fO-00 for ; Tue, 09 Apr > 2002 11:02:03 +0200 > Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by > ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16urVr-0006fD-00 > for ; Tue, 09 Apr 2002 11:02:03 +0200 > Sender: jon@silicide.dk > Message-ID: <3CB2AE0B.4C96F5DF@silicide.dk> > > > -- > Regards, > Klavs Klavsen > > -------------| This mail has been sent to you by: |------------ > Klavs Klavsen - OpenSource Consultant > kl@vsen.dk - http://www.vsen.dk > > Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA > Fingerprint = A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA > --------------------[ I believe that... ]----------------------- > It is a myth that people resist change. People resist what other > people make them do, not what they themselves choose to do... > That's why companies that innovate successfully year after year > seek their peopl's ideas, let them initiate new projects and > encourage more experiments. -- Rosabeth Moss Kanter > > --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Tue Apr 9 11:53:23 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39FrM3Q003804; Tue, 9 Apr 2002 11:53:22 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39FlKQ31500 for vserver.list; Tue, 9 Apr 2002 11:47:20 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mta5.snfc21.pbi.net (mta5.snfc21.pbi.net [206.13.28.241]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39FlJh31496 for ; Tue, 9 Apr 2002 11:47:19 -0400 Received: from dave ([67.115.19.28]) by mta5.snfc21.pbi.net (iPlanet Messaging Server 5.1 (built May 7 2001)) with SMTP id <0GUB00M0756VZ2@mta5.snfc21.pbi.net> for vserver@solucorp.qc.ca; Tue, 09 Apr 2002 08:47:19 -0700 (PDT) Date: Tue, 09 Apr 2002 08:47:28 -0700 From: Dave Miller Subject: RE: [vserver] debian tgz for vservers mirror In-reply-to: <3CB2DAD9.9090607@vgertech.com> To: vserver@solucorp.qc.ca Message-id: MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V5.00.2615.200 X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: 7BIT Importance: Normal X-Priority: 3 (Normal) X-MSMail-priority: Normal Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 470 Hello, I've setup a mirror for the image: http://vserver.allwebsites.com/mini-debian/ Now for my problems :) I've been testing this as a possible web hosting vserver type setup for my company. I am using debian vservers. But I'm having stability issues. I start a vserver, then if I do anything remotely resource intensive, I get a flow of ksymoops, then eventually a panic. kernel 2.4.18 ctx-8, compiled and recompiled 0.14 I inittially thought it to be a hardware problem, but the same kernel runs fine prior to the patch. Are there any known errors that cause stability issues that I've overlooked? I created the vserver by rsync'ing from another server then removing conflicting startup scripts. Dave -----Original Message----- From: Nuno Silva [mailto:nuno.silva@vgertech.com] Sent: Tuesday, April 09, 2002 5:13 AM To: vserver@solucorp.qc.ca Subject: [vserver] debian tgz for vservers Hi, thought i'd share my debian image for vserver. I hope this makes vserver more distribution independent :) http://vserver.vgertech.com/ Keep in mind that this is a slow connection, if someone can mirror this to a faster connection, please email the list with the location. Regards, Nuno Silva From vserver.error@solucorp.qc.ca Tue Apr 9 11:57:56 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39Fvt3Q003824; Tue, 9 Apr 2002 11:57:55 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39FgSG31351 for vserver.list; Tue, 9 Apr 2002 11:42:28 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39FgRh31347 for ; Tue, 9 Apr 2002 11:42:27 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16uxlM-0006wu-00 for ; Tue, 09 Apr 2002 17:42:28 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16uxlM-0006wi-00 for ; Tue, 09 Apr 2002 17:42:28 +0200 Sender: jon@silicide.dk Message-ID: <3CB30BE4.75C17486@silicide.dk> Date: Tue, 09 Apr 2002 17:42:28 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] debian tgz for vservers References: <3CB2DAD9.9090607@vgertech.com> <1018358149.868.609.camel@reverie> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: vserver@solucorp.qc.ca Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 471 Kevin Littlejohn wrote: > > I'll put it up at http://www.obsidian.com.au/vserver/ shortly (it claims > it'll take 49 minutes to download). Can I ask, though (before looking > at it), how you picked what goes in by default? Our servers, we started > with debootstrap, and pruned from there. okay, i got a look at http://www.obsidian.com.au/vserver/mini-debian-vservers-016.txt 1) CHANGE the root password Why not use passwd -l on root, so one has to enter through "vserver enter" aka, locking the rootpassword, thus NOONE will end up with a default root pwd. 2) since this is a debian... why not have it as a .deb as well ? ;-D 3) i know woody comes out soon, but it's still not the official stable :/ 4) note to 1) i can see you do the enter way. Did you lock the password or not ? 5) would you care to comment more on the MAKEDEV thingy ? http://www.obsidian.com.au/vserver/mini-debian-vservers-016.tgz 1) 85M, not bad 2) /bin/mount is installed, but one cant mount filesystems... 3) /boot exists, could be removed 4) /etc/rcS.d - contains scripts that one cant execute anyway. like modutils, checkfs, mountall, mountnfs, ... It's not so much to save space i want stuff to be removed, but to get a better overview of the install. My base is -rw-r--r-- 1 root root 27M Mar 31 19:07 base.tar.bz2 And unpacked it's 87M base Damn, you beat me :/ I'm sorry, but i cant publish it yet, as i havent changed the passwd ;-D I run the getty at tty7, and just one (i'm wonder why starting vservers fsck's up the tty, either tty0, or the one you start a vserver from. Likewise with shutdown :/) My packages are: ------------------------------------------------------------------------------------- ii adduser 3.11.1 Add users and groups to the system. ii alien 6.54 Install Red Hat, Stampede, and Slackware Pac ii apt 0.3.19 Advanced front-end for dpkg ii at 3.1.8-10 Delayed job execution and batch processing ii base-config 0.33.2 Debian base configuration package ii base-files 2.2.0 Debian base system miscellaneous files ii base-passwd 3.1.10 Debian Base System Password/Group Files ii bash 2.03-6 The GNU Bourne Again SHell ii bc 1.05a-11 The GNU bc arbitrary precision calculator la ii binutils 2.9.5.0.37-1 The GNU assembler, linker and binary utiliti ii bsdmainutils 4.7.1 More utilities from 4.4BSD-Lite. ii bsdutils 2.10s-1.potato Basic utilities from 4.4BSD-Lite. ii bzip2 0.9.5d-2 A high-quality block-sorting file compressor ii console-data 1999.08.29-11. Keymaps, fonts, charset maps, fallback table ii console-tools 0.2.3-10.3 Linux console and font utilities. ii console-tools- 0.2.3-10.3 Shared libraries for Linux console and font ii cpio 2.4.2-32 GNU cpio -- a program to manage archives of ii cpp 2.95.2-13 The GNU C preprocessor. ii cron 3.0pl1-57.3 management of regular background processing ii dc 1.05a-11 The GNU dc arbitrary precision reverse-polis ii debconf-tiny 0.2.80.17 Tiny subset of debconf for the base system ii debhelper 2.0.86 helper programs for debian/rules ii debianutils 1.13.3 Miscellaneous utilities specific to Debian. ii diff 2.7-21 File comparison utilities ii dpkg 1.6.15 Package maintenance system for Debian ii dpkg-dev 1.6.15 Package building tools for Debian ii e2fsprogs 1.27-1.bunk The EXT2 file system utilities and libraries ii ed 0.2-18.1 The classic unix line editor ii elvis-tiny 1.4-11 Tiny vi compatible editor for the base syste ii exim 3.12-10.2 Exim Mailer ii file 3.28-1 Determines file type using "magic" numbers ii fileutils 4.0l-8 GNU file management utilities. ii findutils 4.1-40 utilities for finding files--find, xargs, an ii ftp 0.10-3.1 The FTP client. ii gcc 2.95.2-13 The GNU C compiler. ii gettext-base 0.10.35-13 GNU Internationalization utilities for the b ii grep 2.4.2-1 GNU grep, egrep and fgrep. ii groff 1.15.2-3 GNU troff text-formatting system. ii gzip 1.2.4-33 The GNU compression utility. ii hostname 2.07 A utility to set/show the host name or domai ii info 4.0-4 Standalone GNU Info documentation browser ii ldso 1.9.11-9 The Linux dynamic linker, library and utilit ii less 346-7 A file pager program, similar to more(1) ii libbz2 0.9.5d-2 A high-quality block-sorting file compressor ii libc6 2.1.3-19 GNU C Library: Shared libraries and Timezone ii libc6-dev 2.1.3-19 GNU C Library: Development Libraries and Hea ii libdb2 2.4.14-2.7.7.1 The Berkeley database routines (run-time fil ii libgdbmg1 1.7.3-26.2 GNU dbm database routines (runtime version). ii libident 0.22-2 simple RFC1413 client library - runtime ii liblockfile1 1.01 Shared library with NFS-safe locking functio ii libncurses4 4.2-9 Shared libraries for terminal handling ii libncurses5 5.0-6.0potato1 Shared libraries for terminal handling ii libncurses5-de 5.0-6.0potato1 Developer's libraries and docs for ncurses ii libnewt0 0.50-7 Not Erik's Windowing Toolkit - text mode win ii libopenldap-ru 1.2.12-1 OpenLDAP runtime files for libopenldap ii libopenldap1 1.2.12-1 OpenLDAP libraries. ii libpam-modules 0.72-9 Pluggable Authentication Modules for PAM ii libpam-runtime 0.72-9 Runtime support for the PAM library ii libpam0g 0.72-9 Pluggable Authentication Modules library ii libpcre2 2.08-1 Philip Hazel's Perl Compatible Regular Expre ii libpopt0 1.4-1.1 lib for parsing cmdline parameters ii libreadline4 4.1-1 GNU readline and history libraries, run-time ii librpm1 3.0.3-1 RPM shared library ii libssl09 0.9.4-5 SSL shared libraries ii libstdc++2.10 2.95.2-13 The GNU stdc++ library ii libwrap0 7.6-4 Wietse Venema's TCP wrappers library ii locales 2.1.3-19 GNU C Library: National Language (locale) da ii lockfile-progs 0.1.7 Programs for locking and unlocking files and ii login 19990827-20 System login tools ii logrotate 3.2-11 Log rotation utility ii mailx 8.1.1-11 A simple mail user agent. ii make 3.79.1-1.potat The GNU version of the "make" utility. ii makedev 2.3.1-53 Creates special device files in /dev. ii man-db 2.3.16-4 Display the on-line manual. ii manpages 1.29-2 Man pages about using a Linux system. ii mawk 1.3.3-5 a pattern scanning and text processing langu ii mime-support 3.9-1 MIME files 'mime.types' & 'mailcap', and sup ii mount 2.10s-1.potato Tools for mounting and manipulating filesyst ii mutt 1.2.5-5 Text-based mailreader supporting MIME, GPG, ii ncurses-base 5.0-6.0potato1 Descriptions of common terminal types ii ncurses-bin 5.0-6.0potato1 Terminal-related programs and man pages ii netbase 3.18-4 Basic TCP/IP networking binaries ii nvi 1.79-16a.1 4.4BSD re-implementation of vi. ii passwd 19990827-20 Change and administer password and group dat ii patch 2.5-2.2 Apply a diff file to an original ii perl-5.005 5.005.03-7.1 Larry Wall's Practical Extracting and Report ii perl-5.005-bas 5.005.03-7.1 The Pathologically Eclectic Rubbish Lister ii perl-base 5.004.05-1.1 Fake package assuring that one of the -base ii procps 2.0.6-5 The /proc file system utilities. ii psmisc 20.2-2.0.bunk Utilities that use the proc filesystem ii rpm 3.0.3-1 Red Hat Package Manager ii sed 3.02-5 The GNU sed stream editor. ii shellutils 2.0-7 The GNU shell programming utilities. ii slang1 1.3.9-1 The S-Lang programming library - runtime ver ii ssh 1.2.3-9.4 Secure rlogin/rsh/rcp replacement (OpenSSH) ii sysklogd 1.3-33.1 Kernel and system logging daemons ii sysvinit 2.78-4 System-V like init. ii tar 1.13.17-2 GNU tar ii tasksel 1.0-10 New task packages selector ii tcpd 7.6-4 Wietse Venema's TCP wrapper utilities ii telnet 0.16-4potato.3 The telnet client. ii textutils 2.0-2 The GNU text file processing utilities. ii update 2.11-1 daemon to periodically flush filesystem buff ii util-linux 2.10s-1.potato Miscellaneous system utilities. ii wget 1.5.3-3 utility to retrieve files from the WWW via H ii whiptail 0.50-7 Displays user-friendly dialog boxes from she ii zlib1g 1.1.3-5 compression library - runtime -------------------------------------------------------------------------------------- JonB From vserver.error@solucorp.qc.ca Tue Apr 9 12:10:16 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39GAF3Q003938; Tue, 9 Apr 2002 12:10:15 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39Fwuq31764 for vserver.list; Tue, 9 Apr 2002 11:58:56 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39Fwuh31760 for ; Tue, 9 Apr 2002 11:58:56 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16uy1I-0006yE-00 for ; Tue, 09 Apr 2002 17:58:56 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16uy1I-0006y3-00 for ; Tue, 09 Apr 2002 17:58:56 +0200 Sender: jon@silicide.dk Message-ID: <3CB30FC0.12634D87@silicide.dk> Date: Tue, 09 Apr 2002 17:58:56 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] double posts - an explanation..? References: <20020409113525.5e854818fd33@remtk.solucorp.qc.ca> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: vserver@solucorp.qc.ca Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-99.9 required=5.0 tests=SUBJ_ENDS_IN_Q_MARK,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 472 Jacques Gelinas wrote: > This is not what I am seeing. The message is sent once, then mailed by > dns.solucorp.qc.ca to the list member and the message is sent back to the > list. You see in the second header that the message is indeed sent to > jon+vserver@silicide.dk. We see the message going through qmail and fetchmail > and then sent back to the list. So, if it creates a mailloop once, how come it doesnt repeat itself ?? > What is jon+vserver ? This sounds like an alias containing someone named > jon and the vserver mailing list. you guess right. I'm using the +vserver part to sort my email. > Seems to be the only user with such a problem  Damn, so it is my setup :/ JonB From vserver.error@solucorp.qc.ca Tue Apr 9 12:10:16 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39GAF3Q003939; Tue, 9 Apr 2002 12:10:15 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39FukJ31691 for vserver.list; Tue, 9 Apr 2002 11:56:46 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39Fujh31687 for ; Tue, 9 Apr 2002 11:56:45 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16uxzC-0006xv-00 for ; Tue, 09 Apr 2002 17:56:46 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16uxzB-0006xk-00 for ; Tue, 09 Apr 2002 17:56:45 +0200 Sender: jon@silicide.dk Message-ID: <3CB30F3D.1BC25D0B@silicide.dk> Date: Tue, 09 Apr 2002 17:56:45 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] debian tgz for vservers mirror References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: vserver@solucorp.qc.ca Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 473 Dave Miller wrote: > > Hello, > > I've setup a mirror for the image: > http://vserver.allwebsites.com/mini-debian/ > > Now for my problems :) > I've been testing this as a possible web hosting vserver type setup for > my company. I am using debian vservers. But I'm having stability issues. > I start a vserver, then if I do anything remotely resource intensive, > I get a flow of ksymoops, then eventually a panic. > > kernel 2.4.18 ctx-8, compiled and recompiled > 0.14 There is a ctx-10 out. JonB From vserver.error@solucorp.qc.ca Tue Apr 9 12:12:30 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39GCS3Q003957; Tue, 9 Apr 2002 12:12:29 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39FxWH31793 for vserver.list; Tue, 9 Apr 2002 11:59:32 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39FxVh31789 for ; Tue, 9 Apr 2002 11:59:31 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16uy1s-0006yU-00 for ; Tue, 09 Apr 2002 17:59:32 +0200 Received: from localhost ([127.0.0.1]) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16uy1r-0006yK-00 for ; Tue, 09 Apr 2002 17:59:31 +0200 Delivered-To: silicide_dk-jon+vserver@silicide.dk Received: from mail.dht.dk [194.239.148.46] by localhost with POP3 (fetchmail-5.9.0) for jon+vserver@silicide.dk (multi-drop); Tue, 09 Apr 2002 17:59:31 +0200 (CEST) Received: (qmail 39796 invoked from network); 9 Apr 2002 15:57:57 -0000 Received: from dns.solucorp.qc.ca (207.253.4.241) by 194.239.148.46 with SMTP; 9 Apr 2002 15:57:57 -0000 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39FgSG31351 for vserver.list; Tue, 9 Apr 2002 11:42:28 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39FgRh31347 for ; Tue, 9 Apr 2002 11:42:27 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16uxlM-0006wu-00 for ; Tue, 09 Apr 2002 17:42:28 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16uxlM-0006wi-00 for ; Tue, 09 Apr 2002 17:42:28 +0200 Sender: jon@silicide.dk Message-ID: <3CB30BE4.75C17486@silicide.dk> Date: Tue, 09 Apr 2002 17:42:28 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] debian tgz for vservers References: <3CB2DAD9.9090607@vgertech.com> <1018358149.868.609.camel@reverie> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: jon+vserver@silicide.dk Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 474 Kevin Littlejohn wrote: > > I'll put it up at http://www.obsidian.com.au/vserver/ shortly (it claims > it'll take 49 minutes to download). Can I ask, though (before looking > at it), how you picked what goes in by default? Our servers, we started > with debootstrap, and pruned from there. okay, i got a look at http://www.obsidian.com.au/vserver/mini-debian-vservers-016.txt 1) CHANGE the root password Why not use passwd -l on root, so one has to enter through "vserver enter" aka, locking the rootpassword, thus NOONE will end up with a default root pwd. 2) since this is a debian... why not have it as a .deb as well ? ;-D 3) i know woody comes out soon, but it's still not the official stable :/ 4) note to 1) i can see you do the enter way. Did you lock the password or not ? 5) would you care to comment more on the MAKEDEV thingy ? http://www.obsidian.com.au/vserver/mini-debian-vservers-016.tgz 1) 85M, not bad 2) /bin/mount is installed, but one cant mount filesystems... 3) /boot exists, could be removed 4) /etc/rcS.d - contains scripts that one cant execute anyway. like modutils, checkfs, mountall, mountnfs, ... It's not so much to save space i want stuff to be removed, but to get a better overview of the install. My base is -rw-r--r-- 1 root root 27M Mar 31 19:07 base.tar.bz2 And unpacked it's 87M base Damn, you beat me :/ I'm sorry, but i cant publish it yet, as i havent changed the passwd ;-D I run the getty at tty7, and just one (i'm wonder why starting vservers fsck's up the tty, either tty0, or the one you start a vserver from. Likewise with shutdown :/) My packages are: ------------------------------------------------------------------------------------- ii adduser 3.11.1 Add users and groups to the system. ii alien 6.54 Install Red Hat, Stampede, and Slackware Pac ii apt 0.3.19 Advanced front-end for dpkg ii at 3.1.8-10 Delayed job execution and batch processing ii base-config 0.33.2 Debian base configuration package ii base-files 2.2.0 Debian base system miscellaneous files ii base-passwd 3.1.10 Debian Base System Password/Group Files ii bash 2.03-6 The GNU Bourne Again SHell ii bc 1.05a-11 The GNU bc arbitrary precision calculator la ii binutils 2.9.5.0.37-1 The GNU assembler, linker and binary utiliti ii bsdmainutils 4.7.1 More utilities from 4.4BSD-Lite. ii bsdutils 2.10s-1.potato Basic utilities from 4.4BSD-Lite. ii bzip2 0.9.5d-2 A high-quality block-sorting file compressor ii console-data 1999.08.29-11. Keymaps, fonts, charset maps, fallback table ii console-tools 0.2.3-10.3 Linux console and font utilities. ii console-tools- 0.2.3-10.3 Shared libraries for Linux console and font ii cpio 2.4.2-32 GNU cpio -- a program to manage archives of ii cpp 2.95.2-13 The GNU C preprocessor. ii cron 3.0pl1-57.3 management of regular background processing ii dc 1.05a-11 The GNU dc arbitrary precision reverse-polis ii debconf-tiny 0.2.80.17 Tiny subset of debconf for the base system ii debhelper 2.0.86 helper programs for debian/rules ii debianutils 1.13.3 Miscellaneous utilities specific to Debian. ii diff 2.7-21 File comparison utilities ii dpkg 1.6.15 Package maintenance system for Debian ii dpkg-dev 1.6.15 Package building tools for Debian ii e2fsprogs 1.27-1.bunk The EXT2 file system utilities and libraries ii ed 0.2-18.1 The classic unix line editor ii elvis-tiny 1.4-11 Tiny vi compatible editor for the base syste ii exim 3.12-10.2 Exim Mailer ii file 3.28-1 Determines file type using "magic" numbers ii fileutils 4.0l-8 GNU file management utilities. ii findutils 4.1-40 utilities for finding files--find, xargs, an ii ftp 0.10-3.1 The FTP client. ii gcc 2.95.2-13 The GNU C compiler. ii gettext-base 0.10.35-13 GNU Internationalization utilities for the b ii grep 2.4.2-1 GNU grep, egrep and fgrep. ii groff 1.15.2-3 GNU troff text-formatting system. ii gzip 1.2.4-33 The GNU compression utility. ii hostname 2.07 A utility to set/show the host name or domai ii info 4.0-4 Standalone GNU Info documentation browser ii ldso 1.9.11-9 The Linux dynamic linker, library and utilit ii less 346-7 A file pager program, similar to more(1) ii libbz2 0.9.5d-2 A high-quality block-sorting file compressor ii libc6 2.1.3-19 GNU C Library: Shared libraries and Timezone ii libc6-dev 2.1.3-19 GNU C Library: Development Libraries and Hea ii libdb2 2.4.14-2.7.7.1 The Berkeley database routines (run-time fil ii libgdbmg1 1.7.3-26.2 GNU dbm database routines (runtime version). ii libident 0.22-2 simple RFC1413 client library - runtime ii liblockfile1 1.01 Shared library with NFS-safe locking functio ii libncurses4 4.2-9 Shared libraries for terminal handling ii libncurses5 5.0-6.0potato1 Shared libraries for terminal handling ii libncurses5-de 5.0-6.0potato1 Developer's libraries and docs for ncurses ii libnewt0 0.50-7 Not Erik's Windowing Toolkit - text mode win ii libopenldap-ru 1.2.12-1 OpenLDAP runtime files for libopenldap ii libopenldap1 1.2.12-1 OpenLDAP libraries. ii libpam-modules 0.72-9 Pluggable Authentication Modules for PAM ii libpam-runtime 0.72-9 Runtime support for the PAM library ii libpam0g 0.72-9 Pluggable Authentication Modules library ii libpcre2 2.08-1 Philip Hazel's Perl Compatible Regular Expre ii libpopt0 1.4-1.1 lib for parsing cmdline parameters ii libreadline4 4.1-1 GNU readline and history libraries, run-time ii librpm1 3.0.3-1 RPM shared library ii libssl09 0.9.4-5 SSL shared libraries ii libstdc++2.10 2.95.2-13 The GNU stdc++ library ii libwrap0 7.6-4 Wietse Venema's TCP wrappers library ii locales 2.1.3-19 GNU C Library: National Language (locale) da ii lockfile-progs 0.1.7 Programs for locking and unlocking files and ii login 19990827-20 System login tools ii logrotate 3.2-11 Log rotation utility ii mailx 8.1.1-11 A simple mail user agent. ii make 3.79.1-1.potat The GNU version of the "make" utility. ii makedev 2.3.1-53 Creates special device files in /dev. ii man-db 2.3.16-4 Display the on-line manual. ii manpages 1.29-2 Man pages about using a Linux system. ii mawk 1.3.3-5 a pattern scanning and text processing langu ii mime-support 3.9-1 MIME files 'mime.types' & 'mailcap', and sup ii mount 2.10s-1.potato Tools for mounting and manipulating filesyst ii mutt 1.2.5-5 Text-based mailreader supporting MIME, GPG, ii ncurses-base 5.0-6.0potato1 Descriptions of common terminal types ii ncurses-bin 5.0-6.0potato1 Terminal-related programs and man pages ii netbase 3.18-4 Basic TCP/IP networking binaries ii nvi 1.79-16a.1 4.4BSD re-implementation of vi. ii passwd 19990827-20 Change and administer password and group dat ii patch 2.5-2.2 Apply a diff file to an original ii perl-5.005 5.005.03-7.1 Larry Wall's Practical Extracting and Report ii perl-5.005-bas 5.005.03-7.1 The Pathologically Eclectic Rubbish Lister ii perl-base 5.004.05-1.1 Fake package assuring that one of the -base ii procps 2.0.6-5 The /proc file system utilities. ii psmisc 20.2-2.0.bunk Utilities that use the proc filesystem ii rpm 3.0.3-1 Red Hat Package Manager ii sed 3.02-5 The GNU sed stream editor. ii shellutils 2.0-7 The GNU shell programming utilities. ii slang1 1.3.9-1 The S-Lang programming library - runtime ver ii ssh 1.2.3-9.4 Secure rlogin/rsh/rcp replacement (OpenSSH) ii sysklogd 1.3-33.1 Kernel and system logging daemons ii sysvinit 2.78-4 System-V like init. ii tar 1.13.17-2 GNU tar ii tasksel 1.0-10 New task packages selector ii tcpd 7.6-4 Wietse Venema's TCP wrapper utilities ii telnet 0.16-4potato.3 The telnet client. ii textutils 2.0-2 The GNU text file processing utilities. ii update 2.11-1 daemon to periodically flush filesystem buff ii util-linux 2.10s-1.potato Miscellaneous system utilities. ii wget 1.5.3-3 utility to retrieve files from the WWW via H ii whiptail 0.50-7 Displays user-friendly dialog boxes from she ii zlib1g 1.1.3-5 compression library - runtime -------------------------------------------------------------------------------------- JonB From vserver.error@solucorp.qc.ca Tue Apr 9 12:18:49 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39GIm3Q004031; Tue, 9 Apr 2002 12:18:49 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39GBWq32149 for vserver.list; Tue, 9 Apr 2002 12:11:32 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39GBVh32140 for ; Tue, 9 Apr 2002 12:11:31 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16uyDT-0006yw-00 for ; Tue, 09 Apr 2002 18:11:31 +0200 Received: from localhost ([127.0.0.1]) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16uyDT-0006ym-00 for ; Tue, 09 Apr 2002 18:11:31 +0200 Delivered-To: silicide_dk-jon+vserver@silicide.dk Received: from mail.dht.dk [194.239.148.46] by localhost with POP3 (fetchmail-5.9.0) for jon+vserver@silicide.dk (multi-drop); Tue, 09 Apr 2002 18:11:31 +0200 (CEST) Received: (qmail 50031 invoked from network); 9 Apr 2002 16:10:19 -0000 Received: from dns.solucorp.qc.ca (207.253.4.241) by 194.239.148.46 with SMTP; 9 Apr 2002 16:10:19 -0000 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39Fwuq31764 for vserver.list; Tue, 9 Apr 2002 11:58:56 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39Fwuh31760 for ; Tue, 9 Apr 2002 11:58:56 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16uy1I-0006yE-00 for ; Tue, 09 Apr 2002 17:58:56 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16uy1I-0006y3-00 for ; Tue, 09 Apr 2002 17:58:56 +0200 Sender: jon@silicide.dk Message-ID: <3CB30FC0.12634D87@silicide.dk> Date: Tue, 09 Apr 2002 17:58:56 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] double posts - an explanation..? References: <20020409113525.5e854818fd33@remtk.solucorp.qc.ca> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: jon+vserver@silicide.dk Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-99.9 required=5.0 tests=SUBJ_ENDS_IN_Q_MARK,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 475 Jacques Gelinas wrote: > This is not what I am seeing. The message is sent once, then mailed by > dns.solucorp.qc.ca to the list member and the message is sent back to the > list. You see in the second header that the message is indeed sent to > jon+vserver@silicide.dk. We see the message going through qmail and fetchmail > and then sent back to the list. So, if it creates a mailloop once, how come it doesnt repeat itself ?? > What is jon+vserver ? This sounds like an alias containing someone named > jon and the vserver mailing list. you guess right. I'm using the +vserver part to sort my email. > Seems to be the only user with such a problem  Damn, so it is my setup :/ JonB From vserver.error@solucorp.qc.ca Tue Apr 9 12:19:20 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39GJJ3Q004038; Tue, 9 Apr 2002 12:19:20 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39GBWG32145 for vserver.list; Tue, 9 Apr 2002 12:11:32 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39GBVh32141 for ; Tue, 9 Apr 2002 12:11:31 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16uyDT-0006zA-00 for ; Tue, 09 Apr 2002 18:11:31 +0200 Received: from localhost ([127.0.0.1]) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16uyDT-0006ym-01 for ; Tue, 09 Apr 2002 18:11:31 +0200 Delivered-To: silicide_dk-jon+vserver@silicide.dk Received: from mail.dht.dk [194.239.148.46] by localhost with POP3 (fetchmail-5.9.0) for jon+vserver@silicide.dk (multi-drop); Tue, 09 Apr 2002 18:11:31 +0200 (CEST) Received: (qmail 61937 invoked from network); 9 Apr 2002 16:10:45 -0000 Received: from dns.solucorp.qc.ca (207.253.4.241) by ns.dht.dk with SMTP; 9 Apr 2002 16:10:45 -0000 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39FukJ31691 for vserver.list; Tue, 9 Apr 2002 11:56:46 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39Fujh31687 for ; Tue, 9 Apr 2002 11:56:45 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16uxzC-0006xv-00 for ; Tue, 09 Apr 2002 17:56:46 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16uxzB-0006xk-00 for ; Tue, 09 Apr 2002 17:56:45 +0200 Sender: jon@silicide.dk Message-ID: <3CB30F3D.1BC25D0B@silicide.dk> Date: Tue, 09 Apr 2002 17:56:45 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] debian tgz for vservers mirror References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: jon+vserver@silicide.dk Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 476 Dave Miller wrote: > > Hello, > > I've setup a mirror for the image: > http://vserver.allwebsites.com/mini-debian/ > > Now for my problems :) > I've been testing this as a possible web hosting vserver type setup for > my company. I am using debian vservers. But I'm having stability issues. > I start a vserver, then if I do anything remotely resource intensive, > I get a flow of ksymoops, then eventually a panic. > > kernel 2.4.18 ctx-8, compiled and recompiled > 0.14 There is a ctx-10 out. JonB From vserver.error@solucorp.qc.ca Tue Apr 9 12:23:55 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39GNs3Q004079; Tue, 9 Apr 2002 12:23:55 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39GGQH32311 for vserver.list; Tue, 9 Apr 2002 12:16:26 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from saarland.sz-sb.de (saarland.sz-sb.de [212.88.192.10]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39GGPh32307 for ; Tue, 9 Apr 2002 12:16:25 -0400 Received: from camelot.sz-sb.de (dmz1-camelot.sz-sb.de [212.88.192.2]) by saarland.sz-sb.de (8.9.3+Sun/8.9.3) with SMTP id SAA29150 for ; Tue, 9 Apr 2002 18:16:25 +0200 (MEST) Received: from ([172.16.151.102]) by camelot.sz-sb.de; Tue, 09 Apr 2002 18:16:23 +0200 (MEST) Received: from laplinux.triervf.de (172.16.113.72 [172.16.113.72]) by trierx0.triervf.de with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id 226W62B0; Tue, 9 Apr 2002 18:15:23 +0200 Subject: re: [vserver] double posts - an explanation..? From: d m To: vserver@solucorp.qc.ca In-Reply-To: <20020409113525.5e854818fd33@remtk.solucorp.qc.ca> References: <20020409113525.5e854818fd33@remtk.solucorp.qc.ca> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.3 Date: 09 Apr 2002 18:16:05 +0200 Message-Id: <1018368970.18101.36.camel@laplinux> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-101.9 required=5.0 tests=IN_REP_TO,SUBJ_ENDS_IN_Q_MARK,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 477 > What is jon+vserver ? This sounds like an alias containing someone named > jon and the vserver mailing list. > > Seems to be the only user with such a problem nope, i get them double, too. regards, daniel From vserver.error@solucorp.qc.ca Tue Apr 9 12:34:15 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39GYE3Q004192; Tue, 9 Apr 2002 12:34:15 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39GRlj32650 for vserver.list; Tue, 9 Apr 2002 12:27:47 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39GRkh32646 for ; Tue, 9 Apr 2002 12:27:46 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16uyTD-0006zr-00 for ; Tue, 09 Apr 2002 18:27:47 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16uyTD-0006zg-00 for ; Tue, 09 Apr 2002 18:27:47 +0200 Sender: jon@silicide.dk Message-ID: <3CB31682.18593645@silicide.dk> Date: Tue, 09 Apr 2002 18:27:46 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] double posts - an explanation..? References: <20020409113525.5e854818fd33@remtk.solucorp.qc.ca> <1018368970.18101.36.camel@laplinux> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: vserver@solucorp.qc.ca Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-99.9 required=5.0 tests=SUBJ_ENDS_IN_Q_MARK,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 478 d m wrote: > > > What is jon+vserver ? This sounds like an alias containing someone named > > jon and the vserver mailing list. > > > > Seems to be the only user with such a problem > > nope, > > i get them double, too. yes, well i send them double. Do you send them double as well ? JonB From vserver.error@solucorp.qc.ca Tue Apr 9 12:42:40 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39Gge3Q004299; Tue, 9 Apr 2002 12:42:40 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39GYOa32767 for vserver.list; Tue, 9 Apr 2002 12:34:24 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39GYNh32763 for ; Tue, 9 Apr 2002 12:34:23 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16uyZb-00070K-00 for ; Tue, 09 Apr 2002 18:34:23 +0200 Received: from localhost ([127.0.0.1]) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16uyZb-00070A-00 for ; Tue, 09 Apr 2002 18:34:23 +0200 Delivered-To: silicide_dk-jon+vserver@silicide.dk Received: from mail2.dht.dk [194.239.148.46] by localhost with POP3 (fetchmail-5.9.0) for jon+vserver@silicide.dk (multi-drop); Tue, 09 Apr 2002 18:34:23 +0200 (CEST) Received: (qmail 68343 invoked from network); 9 Apr 2002 16:34:18 -0000 Received: from dns.solucorp.qc.ca (207.253.4.241) by 194.239.148.46 with SMTP; 9 Apr 2002 16:34:18 -0000 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39GRlj32650 for vserver.list; Tue, 9 Apr 2002 12:27:47 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39GRkh32646 for ; Tue, 9 Apr 2002 12:27:46 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16uyTD-0006zr-00 for ; Tue, 09 Apr 2002 18:27:47 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16uyTD-0006zg-00 for ; Tue, 09 Apr 2002 18:27:47 +0200 Sender: jon@silicide.dk Message-ID: <3CB31682.18593645@silicide.dk> Date: Tue, 09 Apr 2002 18:27:46 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] double posts - an explanation..? References: <20020409113525.5e854818fd33@remtk.solucorp.qc.ca> <1018368970.18101.36.camel@laplinux> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: jon+vserver@silicide.dk Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-99.9 required=5.0 tests=SUBJ_ENDS_IN_Q_MARK,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 479 d m wrote: > > > What is jon+vserver ? This sounds like an alias containing someone named > > jon and the vserver mailing list. > > > > Seems to be the only user with such a problem > > nope, > > i get them double, too. yes, well i send them double. Do you send them double as well ? JonB From vserver.error@solucorp.qc.ca Tue Apr 9 13:14:07 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39HE63Q004567; Tue, 9 Apr 2002 13:14:06 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39H6dx01155 for vserver.list; Tue, 9 Apr 2002 13:06:39 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from john-new (host213-122-71-46.in-addr.btopenworld.com [213.122.71.46]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39H6bh01151 for ; Tue, 9 Apr 2002 13:06:37 -0400 Received: from 192.168.201.1 by john-new ([192.168.201.1] running VPOP3) with SMTP for ; Tue, 9 Apr 2002 18:06:26 +0100 From: "John Lyons" To: Subject: RE: [vserver] private server hosting Date: Tue, 9 Apr 2002 18:06:25 +0100 Message-ID: <006201c1dfe8$e28b20e0$0a107ad5@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal In-Reply-To: <4.3.2.7.2.20020409024518.00b9ccd0@mail.earthlink.net> X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 480 > Just wondering if anyone is attempting to use this method to > offer hosting > of something similar to a "virtual private server"? Are there > any obvious drawbacks I'm missing? I started my quest looking at FreeVsd but after reading the mailing list decided that it was too complex a system for me to use. There seemed to be too many people having problems installing the software and quite a few 'disaster' posts from quite experienced people along the lines of I've done X and Y and for no apparent reason A, B and C have all stopped working. Vserver is easy to use and manage and above all it's 'simple' in that there are minimal packages/scripts/programs needed to run it. You can't get lost managing a hosting server running Vs. I've spent nearly 4 months running two host servers and 12 trial vservers with customers. So far I've not encountered any real problems. Ok you don't have quotas and you can only run with 1 IP address but to be fair I don't think that you can necessarily ask this much from the package. It's only been publicly developed for a few months but arrived in a fairly complete state. As far as we're concerned the benefits far outweigh the down site of quotas and IP's. If customers want to run multiple SSL certificates then that's another opportunity to sell them another virtual server :-) We haven't offered the servers to the public yet just a few trial customers because I'm still playing with getting a fully featured skel server setup. I've also got to write a decent guide to running them for the customers which is probably going to end up being a 'how to use Linux' Regards John Lyons DomainCity http://www.domaincity.co.uk support@domaincity.co.uk ICQ 74187012 *********************************************************************** Please quote your account number in the subject line of all emails. Failure to do so may result in your enquiries taking longer to process. *********************************************************************** From vserver.error@solucorp.qc.ca Tue Apr 9 16:34:03 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39KY23Q006328; Tue, 9 Apr 2002 16:34:03 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39KQjC05851 for vserver.list; Tue, 9 Apr 2002 16:26:45 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mouse.sectium.com (adsl-b3-74-250.telepac.pt [213.13.74.250]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g39KQih05847 for ; Tue, 9 Apr 2002 16:26:44 -0400 Received: (qmail 21628 invoked from network); 9 Apr 2002 20:26:40 -0000 Received: from localhost (HELO vgertech.com) (nuno@127.0.0.1) by localhost with SMTP; 9 Apr 2002 20:26:40 -0000 Message-ID: <3CB34E80.4020500@vgertech.com> Date: Tue, 09 Apr 2002 21:26:40 +0100 From: Nuno Silva User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020402 Debian/2:0.9.9-4 X-Accept-Language: en-us, pt MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] debian tgz for vservers References: <3CB2DAD9.9090607@vgertech.com> <3CB2E614.F2AC75B3@silicide.dk> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 481 Jon Bendtsen wrote: > Nuno Silva wrote: > >>Hi, >> >>thought i'd share my debian image for vserver. >>I hope this makes vserver more distribution independent :) > > > cool, but whats in it ?? > Sorry if I didn't explain it well. It's a tgz with a small and standard debian distribution. Whether you have suse, rh or debian in the main server you can use this as a vserver "root" to experience the debian joy :) lot's of packages, apt-get, etc. > > >>http://vserver.vgertech.com/ > > > no such host > > This CNAME was created a few hours ago, please be patient with dns. Regards, Nuno Silva From vserver.error@solucorp.qc.ca Tue Apr 9 16:49:26 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39KnO3Q006520; Tue, 9 Apr 2002 16:49:25 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39KY4q06108 for vserver.list; Tue, 9 Apr 2002 16:34:04 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mouse.sectium.com (adsl-b3-74-250.telepac.pt [213.13.74.250]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g39KY3h06103 for ; Tue, 9 Apr 2002 16:34:03 -0400 Received: (qmail 21707 invoked from network); 9 Apr 2002 20:33:59 -0000 Received: from localhost (HELO vgertech.com) (nuno@127.0.0.1) by localhost with SMTP; 9 Apr 2002 20:33:59 -0000 Message-ID: <3CB35037.2000507@vgertech.com> Date: Tue, 09 Apr 2002 21:33:59 +0100 From: Nuno Silva User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020402 Debian/2:0.9.9-4 X-Accept-Language: en-us, pt MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] debian tgz for vservers References: <3CB2DAD9.9090607@vgertech.com> <1018358149.868.609.camel@reverie> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 482 Hi! Kevin Littlejohn wrote: > I'll put it up at http://www.obsidian.com.au/vserver/ shortly (it claims > it'll take 49 minutes to download). Can I ask, though (before looking > at it), how you picked what goes in by default? Our servers, we started > with debootstrap, and pruned from there. Just installed debian woody from network in a clean box. Run through setup as usual, installed ssh, cleaned *.deb and made a tgz of it all without the kernel. Openssh is there because a prefer to manage vservers like independent servers and I use "vserver SERVER enter" only as last resort. Regards, Nuno Silva > > KJL > > On Tue, 2002-04-09 at 22:13, Nuno Silva wrote: > >>Hi, >> >>thought i'd share my debian image for vserver. >>I hope this makes vserver more distribution independent :) >> >>http://vserver.vgertech.com/ >> >>Keep in mind that this is a slow connection, if someone can mirror this >>to a faster connection, please email the list with the location. >> >>Regards, >>Nuno Silva >> >> >> > From vserver.error@solucorp.qc.ca Tue Apr 9 17:10:38 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39LAb3Q006862; Tue, 9 Apr 2002 17:10:37 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39KuK006765 for vserver.list; Tue, 9 Apr 2002 16:56:20 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mouse.sectium.com (adsl-b3-74-250.telepac.pt [213.13.74.250]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g39KuJh06760 for ; Tue, 9 Apr 2002 16:56:19 -0400 Received: (qmail 21929 invoked from network); 9 Apr 2002 20:56:15 -0000 Received: from localhost (HELO vgertech.com) (nuno@127.0.0.1) by localhost with SMTP; 9 Apr 2002 20:56:15 -0000 Message-ID: <3CB3556F.1050705@vgertech.com> Date: Tue, 09 Apr 2002 21:56:15 +0100 From: Nuno Silva User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020402 Debian/2:0.9.9-4 X-Accept-Language: en-us, pt MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] debian tgz for vservers References: <3CB2DAD9.9090607@vgertech.com> <1018358149.868.609.camel@reverie> <3CB30BE4.75C17486@silicide.dk> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 483 Hello, Jon Bendtsen wrote: > > okay, i got a look at > http://www.obsidian.com.au/vserver/mini-debian-vservers-016.txt > > 1) CHANGE the root password > Why not use passwd -l on root, so one has to enter through "vserver > enter" > aka, locking the rootpassword, thus NOONE will end up with a default > root pwd. I prefer to manage vservers like actual independent servers, so I like ssh on everyone of them. Anyway, next time I'll put an * in the root password, thanks for the sugestion :) > 2) since this is a debian... why not have it as a .deb as well ? ;-D It would be nice, but it would make it debian dependent and i'd need a default place to install it. /vservers/default goes against debian packaging policy :) > 3) i know woody comes out soon, but it's still not the official stable > :/ "debian needs to be installed only once". Even if you want to change to debian potato or debian sid just update sources.list; apt-get update ; apt-get dist-upgrade. That's it. > 4) note to 1) i can see you do the enter way. Did you lock the password > or not ? This one has a default password, easily guessable, please change it. Next time I'll follow your sugestion. > 5) would you care to comment more on the MAKEDEV thingy ? > Some scripts check for /dev/.devfsd before they try to use mknod. If it is present (devfs is active) they don't try to create the devices and you get to see less "Operation not permited" errors. > > http://www.obsidian.com.au/vserver/mini-debian-vservers-016.tgz > > 1) 85M, not bad > 2) /bin/mount is installed, but one cant mount filesystems... > 3) /boot exists, could be removed > 4) /etc/rcS.d - contains scripts that one cant execute anyway. > like modutils, checkfs, mountall, mountnfs, ... > This is pretty much a standard debian install. Removing mount would break dependencies. You waste some MB but you can rest sure that "apt-get upgrade" will work flawlessly in the vserver :) > It's not so much to save space i want stuff to be removed, but to get a > better > overview of the install. > > My base is > -rw-r--r-- 1 root root 27M Mar 31 19:07 base.tar.bz2 > And unpacked it's > 87M base > Damn, you beat me :/ > I'm sorry, but i cant publish it yet, as i havent changed the passwd ;-D :) > I run the getty at tty7, and just one > (i'm wonder why starting vservers fsck's up the tty, either tty0, or the > one > you start a vserver from. Likewise with shutdown :/) Try ssh to login to vservers and don't start any getties :) Best regards, Nuno Silva From vserver.error@solucorp.qc.ca Tue Apr 9 17:18:54 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39LIr3Q006971; Tue, 9 Apr 2002 17:18:53 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39L3r806946 for vserver.list; Tue, 9 Apr 2002 17:03:53 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mouse.sectium.com (adsl-b3-74-250.telepac.pt [213.13.74.250]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g39L3qh06942 for ; Tue, 9 Apr 2002 17:03:52 -0400 Received: (qmail 22038 invoked from network); 9 Apr 2002 21:03:48 -0000 Received: from localhost (HELO vgertech.com) (nuno@127.0.0.1) by localhost with SMTP; 9 Apr 2002 21:03:48 -0000 Message-ID: <3CB35734.7050807@vgertech.com> Date: Tue, 09 Apr 2002 22:03:48 +0100 From: Nuno Silva User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020402 Debian/2:0.9.9-4 X-Accept-Language: en-us, pt MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] debian tgz for vservers mirror References: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 484 Hi! Dave Miller wrote: > Hello, > > I've setup a mirror for the image: > http://vserver.allwebsites.com/mini-debian/ > thanks. > > Now for my problems :) > I've been testing this as a possible web hosting vserver type setup for > my company. I am using debian vservers. But I'm having stability issues. > I start a vserver, then if I do anything remotely resource intensive, > I get a flow of ksymoops, then eventually a panic. I'm testing this for weeks now and haven't found any kernel problems (not counting with ctx-9). Do you have any other kernel patches? > > kernel 2.4.18 ctx-8, compiled and recompiled > 0.14 > > I inittially thought it to be a hardware problem, but the same kernel runs > fine prior to the patch. > > Are there any known errors that cause stability issues that I've overlooked? > I created the vserver by rsync'ing from another server then removing > conflicting > startup scripts. > Even with corrupt images the kernel souldn't panic... Wierd. Regards, Nuno Silva From vserver.error@solucorp.qc.ca Tue Apr 9 18:57:02 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g39Mv13Q007701; Tue, 9 Apr 2002 18:57:02 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g39MenA09121 for vserver.list; Tue, 9 Apr 2002 18:40:49 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from velocity.liquidweb.com (ns.liquidweb.com [64.91.224.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g39Memh09117 for ; Tue, 9 Apr 2002 18:40:48 -0400 Received: from ip-64-7-177-54.mercury.net ([64.7.177.54] helo=liquidweb.com) by velocity.liquidweb.com with asmtp (Exim 3.35 #1) id 16v4I1-0006Ek-00; Tue, 09 Apr 2002 18:40:37 -0400 Message-ID: <3CB3705D.4030804@liquidweb.com> Date: Tue, 09 Apr 2002 18:51:09 -0400 From: Matthew Hill User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020212 X-Accept-Language: en-us MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] private server hosting References: <4.3.2.7.2.20020409024518.00b9ccd0@mail.earthlink.net> <3CB2A439.8050907@liquidweb.com> <1018343479.18013.27.camel@laplinux> <3CB2BF9E.4050306@liquidweb.com> <1018351775.18099.33.camel@laplinux> Content-Type: multipart/alternative; boundary="------------060103050101030906060006" X-AntiAbuse: Sender Address Domain - liquidweb.com Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 485 --------------060103050101030906060006 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Daniel, What I neglected to realize when you made the LVM suggestion, is that by creating unique partitions for each vserver, setting up quotas for each discrete vserver would be simple by initializing quotas on the main server. Each vserver LVM partition /vserver/tst1 for example, would contain a unique quota.user file and it would not matter that a UID of the same enumeration had a quota set on another vserver or the primary filesystem as quotas are relevent only to the current partition and quota.user file (in thise case /vserver/tst1/quota.user). The vserver would still have control over it's own quotas as the file is rw root in the directory of "/" within it's chroot. And the server running in security context 0 would do the actual enforcement and maintinence such as quotacheck. Did I miss anything? Sincerely, Matthew HIll CEO, Liquid Web Inc. d m wrote: >Matthew, > >ok, I got it now. Indeed, it would be a life-filling task to >do this with LVM... > >I'm not that firm with quota, but isn't it true, that quota uses only >the UIDs ? > >So, as the UID in a vserver are the same UIDs in the main-server, one >could use quotas on the main-server configuring the UIDs only (!) used >by the users of a vserver (e.g. an isolated area od UIDs). > >Regards, >Daniel > >Am Die, 2002-04-09 um 12.17 schrieb Matthew Hill: > >>Daniel, >> >>Thank you for the suggestion, as LVM would be an excellent >>system for controlling total vserver disk consumption. >> >> >>However the largest concern remaining, on which I was >>admittedly unclear, is that I'm trying to implement >>per-user quotas in a system where users are perpetually >>created and destroyed by web-based admin tools given >>to the owner of the vserver. >> >> >>Any suggestions? I would think it rather tedious from >>an administrative standpoint to attempt to use LVM >>per /home/user directories, whereas the best hack attempts >> >> >>I could envision using the current vserver setup would >>set quotas spanning all vservers and create overlap in chosen >>user names and disk consumption (lacking virtualized quotas, >>which I realize to be no small task). I had noticed one >>other post to this list requesting quotas support on the >>/dev/hdv a few weeks back. >> >>Sincerely, >> >>Matthew Hill >> > --------------060103050101030906060006 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Daniel,

What I neglected to realize when you made the LVM suggestion,
is that by creating unique partitions for each vserver, setting up
quotas for each discrete vserver would be simple by initializing
quotas on the main server.

Each vserver LVM partition /vserver/tst1 for example, would contain
a unique quota.user file and it would not matter that a UID of
the same enumeration had a quota set on another vserver or
the primary filesystem as quotas are relevent only to the current
partition and quota.user file (in thise case /vserver/tst1/quota.user).

The vserver would still have control over it's own quotas as the
file is rw root in the directory of "/" within it's chroot.  And the
server running in security context 0 would do the actual enforcement
and maintinence such as quotacheck.

Did I miss anything?

Sincerely,

Matthew HIll
CEO, Liquid Web Inc.

d m wrote:
Matthew,

ok, I got it now. Indeed, it would be a life-filling task to
do this with LVM...

I'm not that firm with quota, but isn't it true, that quota uses only
the UIDs ?

So, as the UID in a vserver are the same UIDs in the main-server, one
could use quotas on the main-server configuring the UIDs only (!) used
by the users of a vserver (e.g. an isolated area od UIDs).

Regards,
Daniel

Am Die, 2002-04-09 um 12.17 schrieb Matthew Hill:
Daniel,

Thank you for the suggestion, as LVM would be an excellent
system for controlling total vserver disk consumption.


However the largest concern remaining, on which I was
admittedly unclear, is that I'm trying to implement
per-user quotas in a system where users are perpetually
created and destroyed by web-based admin tools given
to the owner of the vserver.


Any suggestions?  I would think it rather tedious from
an administrative standpoint to attempt to use LVM
per /home/user directories, whereas the best hack attempts


I could envision using the current vserver setup would
set quotas spanning all vservers and create overlap in chosen
user names and disk consumption (lacking virtualized quotas,
which I realize to be no small task).  I had noticed one
other post to this list requesting quotas support on the
/dev/hdv a few weeks back.

Sincerely,

Matthew Hill



--------------060103050101030906060006-- From vserver.error@solucorp.qc.ca Tue Apr 9 22:09:09 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3A2983Q011086; Tue, 9 Apr 2002 22:09:08 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3A1xfC12659 for vserver.list; Tue, 9 Apr 2002 21:59:41 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from alien (alien.vlad.net [208.236.0.236]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3A1xeh12655 for ; Tue, 9 Apr 2002 21:59:40 -0400 Received: from localhost (alien.vlad.net [208.236.0.236]) by alien (8.12.1/8.12.1) with ESMTP id g3A1xf3R011022 for ; Tue, 9 Apr 2002 21:59:41 -0400 Date: Tue, 9 Apr 2002 21:59:41 -0400 (EDT) From: Vlad X-X-Sender: vlad@alien To: vserver@solucorp.qc.ca Subject: Re: [vserver] private server hosting In-Reply-To: <4.3.2.7.2.20020409024518.00b9ccd0@mail.earthlink.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 486 We already do it for $100 a pop; We pretty much install everything user requests that can be obtained for free and give them webmin to administer it. So far we've only sold a few and there have been no issues except with Samba but none of our users have figured that out yet or expressed any interest in it.. Only drawback so far has been the network support; we intentionally disabled the raw_packet switch since it would allow all the people on the box to sniff each others network activity... So thats by far the biggest problem, but then again, nobody has noticed or complained yet. -Vlad On Tue, 9 Apr 2002, Philip Hill wrote: > Please accept my apologies if this is the wrong discussion in which to post > this. > > Just wondering if anyone is attempting to use this method to offer hosting > of something similar to a "virtual private server"? Are there any obvious > drawbacks I'm missing? > > Regards, > > Philip > From vserver.error@solucorp.qc.ca Wed Apr 10 01:05:22 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3A55M3Q013094; Wed, 10 Apr 2002 01:05:22 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3A4jIr15665 for vserver.list; Wed, 10 Apr 2002 00:45:18 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtpout.telecom.co.nz (smtpout.telecom.co.nz [146.171.14.10]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3A4jGh15661 for ; Wed, 10 Apr 2002 00:45:18 -0400 Received: from aksmtpmdr1.telecom.co.nz (aksmtpmdr1 [146.171.1.20]) by smtpout.telecom.co.nz (Postfix) with SMTP id 607E745F45 for ; Wed, 10 Apr 2002 16:45:07 +1200 (NZST) Received: from 192.168.192.22 by aksmtpmdr1.telecom.co.nz with ESMTP ( Tumbleweed MMS SMTP Relay (MMS v4.7);); Wed, 10 Apr 2002 16:45:06 +1200 X-Server-Uuid: 9e124d90-33fb-11d3-a293-006008c1e5af Received: from ganymede ([127.0.0.1] helo=localhost.localdomain ident=fran) by ganymede with esmtp (Exim 3.35 #1 (Debian)) id 16v9wv-0006sf-00 for ; Wed, 10 Apr 2002 16:43: 13 +1200 Subject: [vserver] atd and screen From: "Fran Firman" To: vserver X-Mailer: Evolution/1.0.2 Date: 10 Apr 2002 16:43:12 +1200 Message-ID: <1018413793.22612.38.camel@ganymede> MIME-Version: 1.0 X-WSS-ID: 10AD1CD82200233-01-01 Content-Type: multipart/signed; boundary="=-Ekt7ONJBtruF3GZVHnSl"; micalg=pgp-sha1; protocol="application/pgp-signature" Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 487 --=-Ekt7ONJBtruF3GZVHnSl Content-Type: text/plain Content-Transfer-Encoding: quoted-printable I'm trying to get atd running. I get in /var/log/syslog the message atd[9995]: Error redirecting I/O: Permission denied Any ideas on how to get atd to run,=20 Also with screen I get the message No more PTYs Sorry, could not find a PTY. and then exits. Cheers Fran --=-Ekt7ONJBtruF3GZVHnSl Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEABECAAYFAjyzwuAACgkQv1V2oVWAPhapOgCfXgtRItIlOtax53LTU3EBj0Fm AtgAnj+NMYyRUyoPOIK4D3ElUGAXW/iT =V2ks -----END PGP SIGNATURE----- --=-Ekt7ONJBtruF3GZVHnSl-- From vserver.error@solucorp.qc.ca Wed Apr 10 02:02:52 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3A62p3Q013466; Wed, 10 Apr 2002 02:02:51 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3A5i8R16935 for vserver.list; Wed, 10 Apr 2002 01:44:08 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mouse.sectium.com (adsl-b3-74-250.telepac.pt [213.13.74.250]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g3A5i7h16931 for ; Wed, 10 Apr 2002 01:44:07 -0400 Received: (qmail 24284 invoked from network); 10 Apr 2002 05:43:59 -0000 Received: from localhost (HELO vgertech.com) (nuno@127.0.0.1) by localhost with SMTP; 10 Apr 2002 05:43:59 -0000 Message-ID: <3CB3D11E.1020604@vgertech.com> Date: Wed, 10 Apr 2002 06:43:58 +0100 From: Nuno Silva User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020402 Debian/2:0.9.9-4 X-Accept-Language: en-us, pt MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] atd and screen References: <1018413793.22612.38.camel@ganymede> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 488 Hi, I haven't tested atd, but screen runs fine. I suppose that you don't have /vservers/VSERVER-NAME/dev/pts mounted. What's the output, on the main server, of: "vserver VSERVER-NAME running" and "mount"? My wild guess for a fix is: "vserver VSERVER-NAME start" Hope it helps, Nuno silva Fran Firman wrote: > > I'm trying to get atd running. > I get in /var/log/syslog the message > atd[9995]: Error redirecting I/O: Permission denied > > Any ideas on how to get atd to run, > > Also with screen I get the message > > No more PTYs > Sorry, could not find a PTY. > > and then exits. > > > Cheers > > Fran From vserver.error@solucorp.qc.ca Wed Apr 10 03:02:51 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3A72o3Q013780; Wed, 10 Apr 2002 03:02:51 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3A6qV418230 for vserver.list; Wed, 10 Apr 2002 02:52:31 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from saarland.sz-sb.de (saarland.sz-sb.de [212.88.192.10]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3A6qUh18226 for ; Wed, 10 Apr 2002 02:52:30 -0400 Received: from camelot.sz-sb.de (dmz1-camelot.sz-sb.de [212.88.192.2]) by saarland.sz-sb.de (8.9.3+Sun/8.9.3) with SMTP id IAA19884 for ; Wed, 10 Apr 2002 08:52:29 +0200 (MEST) Received: from ([172.16.151.102]) by camelot.sz-sb.de; Wed, 10 Apr 2002 08:52:29 +0200 (MEST) Received: from laplinux.triervf.de (172.16.113.72 [172.16.113.72]) by trierx0.triervf.de with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id 24P3NLK1; Wed, 10 Apr 2002 08:51:30 +0200 Subject: Re: [vserver] double posts - an explanation..? From: d m To: vserver@solucorp.qc.ca In-Reply-To: <3CB31682.18593645@silicide.dk> References: <20020409113525.5e854818fd33@remtk.solucorp.qc.ca> <1018368970.18101.36.camel@laplinux> <3CB31682.18593645@silicide.dk> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.3 Date: 10 Apr 2002 08:52:07 +0200 Message-Id: <1018421532.18013.38.camel@laplinux> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-101.9 required=5.0 tests=IN_REP_TO,SUBJ_ENDS_IN_Q_MARK,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 489 Am Die, 2002-04-09 um 18.27 schrieb Jon Bendtsen: > d m wrote: > > > > > What is jon+vserver ? This sounds like an alias containing someone named > > > jon and the vserver mailing list. > > > > > > Seems to be the only user with such a problem > > > > nope, > > > > i get them double, too. > > yes, well i send them double. Do you send them double as well ? nope, i get yours 4 times, and every other mail double... From vserver.error@solucorp.qc.ca Wed Apr 10 03:16:24 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3A7GN3Q013892; Wed, 10 Apr 2002 03:16:23 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3A757318550 for vserver.list; Wed, 10 Apr 2002 03:05:07 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from saarland.sz-sb.de (saarland.sz-sb.de [212.88.192.10]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3A756h18546 for ; Wed, 10 Apr 2002 03:05:06 -0400 Received: from camelot.sz-sb.de (dmz1-camelot.sz-sb.de [212.88.192.2]) by saarland.sz-sb.de (8.9.3+Sun/8.9.3) with SMTP id JAA20330 for ; Wed, 10 Apr 2002 09:05:07 +0200 (MEST) Received: from ([172.16.151.102]) by camelot.sz-sb.de; Wed, 10 Apr 2002 09:05:05 +0200 (MEST) Received: from laplinux.triervf.de (172.16.113.72 [172.16.113.72]) by trierx0.triervf.de with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id 24P3NLKZ; Wed, 10 Apr 2002 09:04:06 +0200 Subject: Re: [vserver] private server hosting From: d m To: vserver@solucorp.qc.ca In-Reply-To: <3CB3705D.4030804@liquidweb.com> References: <4.3.2.7.2.20020409024518.00b9ccd0@mail.earthlink.net> <3CB2A439.8050907@liq uidweb.com> <1018343479.18013.27.camel@laplinux> <3CB2BF9E.4050306@liquidweb.com> <1018351775.18099.33.camel@laplinux> <3CB3705D.4030804@liquidweb.com> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.3 Date: 10 Apr 2002 09:04:43 +0200 Message-Id: <1018422288.18013.48.camel@laplinux> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 490 Hi, as I mentioned before, I'm not that firm with quota. But your suggestion sounds useable, to set per 'volume'-quotas where a 'volume' is a vserver-volume (mount) using as well user-quotas (UIDs unique to the vserver or not). Pease try it, and report if it worked.... Regards, Daniel Am Mit, 2002-04-10 um 00.51 schrieb Matthew Hill: > Daniel, > > What I neglected to realize when you made the LVM suggestion, > is that by creating unique partitions for each vserver, setting up > quotas for each discrete vserver would be simple by initializing > quotas on the main server. > > Each vserver LVM partition /vserver/tst1 for example, would contain > a unique quota.user file and it would not matter that a UID of > the same enumeration had a quota set on another vserver or > the primary filesystem as quotas are relevent only to the current > partition and quota.user file (in thise case /vserver/tst1/quota.user). > > The vserver would still have control over it's own quotas as the > file is rw root in the directory of "/" within it's chroot. And the > server running in security context 0 would do the actual enforcement > and maintinence such as quotacheck. > > Did I miss anything? > > Sincerely, > > Matthew HIll From vserver.error@solucorp.qc.ca Wed Apr 10 03:36:40 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3A7ad3Q014030; Wed, 10 Apr 2002 03:36:40 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3A7NqQ18851 for vserver.list; Wed, 10 Apr 2002 03:23:52 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from saarland.sz-sb.de (saarland.sz-sb.de [212.88.192.10]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3A7Nph18847 for ; Wed, 10 Apr 2002 03:23:51 -0400 Received: from camelot.sz-sb.de (dmz1-camelot.sz-sb.de [212.88.192.2]) by saarland.sz-sb.de (8.9.3+Sun/8.9.3) with SMTP id JAA21110 for ; Wed, 10 Apr 2002 09:23:51 +0200 (MEST) Received: from ([172.16.151.102]) by camelot.sz-sb.de; Wed, 10 Apr 2002 09:23:49 +0200 (MEST) Received: from laplinux.triervf.de (172.16.113.72 [172.16.113.72]) by trierx0.triervf.de with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id 24P3NLLS; Wed, 10 Apr 2002 09:22:50 +0200 Subject: re: [vserver] double posts - an explanation..? From: d m To: vserver@solucorp.qc.ca In-Reply-To: <1018368970.18101.36.camel@laplinux> References: <20020409113525.5e854818fd33@remtk.solucorp.qc.ca> <1018368970.18101.36.camel@laplinux> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.3 Date: 10 Apr 2002 09:23:27 +0200 Message-Id: <1018423411.18101.50.camel@laplinux> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-101.9 required=5.0 tests=IN_REP_TO,SUBJ_ENDS_IN_Q_MARK,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 491 Am Die, 2002-04-09 um 18.16 schrieb d m: > > > What is jon+vserver ? This sounds like an alias containing someone named > > jon and the vserver mailing list. > > > > Seems to be the only user with such a problem > > nope, > > i get them double, too. > > regards, > daniel > forget, tried another client --> filters to much for me (stupid) sorry.... From vserver.error@solucorp.qc.ca Wed Apr 10 04:46:10 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3A8k93Q015783; Wed, 10 Apr 2002 04:46:09 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3A8c2B20819 for vserver.list; Wed, 10 Apr 2002 04:38:02 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtpout.telecom.co.nz (smtpout.telecom.co.nz [146.171.14.10]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3A8c0h20808 for ; Wed, 10 Apr 2002 04:38:01 -0400 Received: from aksmtpmdr1.telecom.co.nz (aksmtpmdr1 [146.171.1.20]) by smtpout.telecom.co.nz (Postfix) with SMTP id 3790045F05 for ; Wed, 10 Apr 2002 20:37:59 +1200 (NZST) Received: from 192.168.192.22 by aksmtpmdr1.telecom.co.nz with ESMTP ( Tumbleweed MMS SMTP Relay (MMS v4.7);); Wed, 10 Apr 2002 20:37:58 +1200 X-Server-Uuid: 9e124d90-33fb-11d3-a293-006008c1e5af Received: from ganymede ([127.0.0.1] helo=localhost.localdomain ident=fran) by ganymede with esmtp (Exim 3.35 #1 (Debian)) id 16vDaH-0007RY-00 for ; Wed, 10 Apr 2002 20:36: 05 +1200 Subject: Re: [vserver] atd and screen From: "Fran Firman" To: vserver In-Reply-To: <3CB3D11E.1020604@vgertech.com> References: <1018413793.22612.38.camel@ganymede> <3CB3D11E.1020604@vgertech.com> X-Mailer: Evolution/1.0.2 Date: 10 Apr 2002 20:36:04 +1200 Message-ID: <1018427765.28558.0.camel@ganymede> MIME-Version: 1.0 X-WSS-ID: 10AD266C2231095-01-01 Content-Type: multipart/signed; boundary="=-mKbvDCxWH4eGgsyR/hwU"; micalg=pgp-sha1; protocol="application/pgp-signature" Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 492 --=-mKbvDCxWH4eGgsyR/hwU Content-Type: text/plain Content-Transfer-Encoding: quoted-printable vserver test running Server test is running and none on /vservers/test/proc type proc (rw) none on /vservers/test/dev/pts type devpts (rw) Thoughts???? Fran On Wed, 2002-04-10 at 17:43, Nuno Silva wrote: >=20 > Hi, >=20 > I haven't tested atd, but screen runs fine. I suppose that you don't=20 > have /vservers/VSERVER-NAME/dev/pts mounted. >=20 > What's the output, on the main server, of: > "vserver VSERVER-NAME running" and "mount"? >=20 > My wild guess for a fix is: > "vserver VSERVER-NAME start" >=20 > Hope it helps, > Nuno silva >=20 > Fran Firman wrote: > >=20 > > I'm trying to get atd running. > > I get in /var/log/syslog the message > > atd[9995]: Error redirecting I/O: Permission denied > >=20 > > Any ideas on how to get atd to run,=20 > >=20 > > Also with screen I get the message > >=20 > > No more PTYs > > Sorry, could not find a PTY. > >=20 > > and then exits. > >=20 > >=20 > > Cheers > >=20 > > Fran >=20 >=20 >=20 --=-mKbvDCxWH4eGgsyR/hwU Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEABECAAYFAjyz+XQACgkQv1V2oVWAPhb78wCfTSLPBknYl7wGknQfWFebfL8l fqkAnAk7yf6ipISPAN/yMhfHikOK/WzU =g7I/ -----END PGP SIGNATURE----- --=-mKbvDCxWH4eGgsyR/hwU-- From vserver.error@solucorp.qc.ca Wed Apr 10 06:09:12 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3AA9C3Q016209; Wed, 10 Apr 2002 06:09:12 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3A9t6L22575 for vserver.list; Wed, 10 Apr 2002 05:55:06 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3A9t5h22568 for ; Wed, 10 Apr 2002 05:55:06 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16vEoj-0007UM-00 for ; Wed, 10 Apr 2002 11:55:05 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16vEoj-0007UB-00 for ; Wed, 10 Apr 2002 11:55:05 +0200 Sender: jon@silicide.dk Message-ID: <3CB40BF9.AF9098C@silicide.dk> Date: Wed, 10 Apr 2002 11:55:05 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] double posts - an explanation..? References: <20020409113525.5e854818fd33@remtk.solucorp.qc.ca> <1018368970.18101.36.camel@laplinux> <3CB31682.18593645@silicide.dk> <1018421532.18013.38.camel@laplinux> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: vserver@solucorp.qc.ca Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-99.9 required=5.0 tests=SUBJ_ENDS_IN_Q_MARK,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 493 d m wrote: > > Am Die, 2002-04-09 um 18.27 schrieb Jon Bendtsen: > > d m wrote: > > > > > > > What is jon+vserver ? This sounds like an alias containing someone named > > > > jon and the vserver mailing list. > > > > > > > > Seems to be the only user with such a problem > > > > > > nope, > > > > > > i get them double, too. > > > > yes, well i send them double. Do you send them double as well ? > > nope, i get yours 4 times, and every other mail double... This is getting more and more strange?? JonB From vserver.error@solucorp.qc.ca Wed Apr 10 06:12:55 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3AACt3Q016239; Wed, 10 Apr 2002 06:12:55 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3A9sIF22501 for vserver.list; Wed, 10 Apr 2002 05:54:18 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3A9sIh22497 for ; Wed, 10 Apr 2002 05:54:18 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16vEnr-0007Tk-00 for ; Wed, 10 Apr 2002 11:54:11 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16vEnr-0007TZ-00 for ; Wed, 10 Apr 2002 11:54:11 +0200 Sender: jon@silicide.dk Message-ID: <3CB40BC3.CE7A8199@silicide.dk> Date: Wed, 10 Apr 2002 11:54:11 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] private server hosting References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: vserver@solucorp.qc.ca Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 494 Vlad wrote: > So far we've only sold a few and there have been no issues except with > Samba but none of our users have figured that out yet or expressed any > interest in it.. Whats the problem with samba ?? I've used samba with some luck. I do occasionaly experience complete lockup's that brings down the hole computer, nothing works except hardware reset. (the kernel follows a 0 pointer). I've resently upgraded to ctx10, so i asumed it was ctx9 that was the problem, since i also had this problem when doing userspace NFS. I havent yet tried the same ammount of data to and from the computer since the upgrade to ctx10. The problem occured during writing and reading of iso images. JonB From vserver.error@solucorp.qc.ca Wed Apr 10 06:26:26 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3AAQQ3Q016358; Wed, 10 Apr 2002 06:26:26 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3AA9m723033 for vserver.list; Wed, 10 Apr 2002 06:09:48 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3AA9lh23028 for ; Wed, 10 Apr 2002 06:09:47 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16vF2x-0007VL-00 for ; Wed, 10 Apr 2002 12:09:47 +0200 Received: from localhost ([127.0.0.1]) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16vF2w-0007VB-00 for ; Wed, 10 Apr 2002 12:09:47 +0200 Delivered-To: silicide_dk-jon+vserver@silicide.dk Received: from mail.dht.dk [194.239.148.46] by localhost with POP3 (fetchmail-5.9.0) for jon+vserver@silicide.dk (multi-drop); Wed, 10 Apr 2002 12:09:46 +0200 (CEST) Received: (qmail 64020 invoked from network); 10 Apr 2002 10:09:41 -0000 Received: from dns.solucorp.qc.ca (207.253.4.241) by ns.dht.dk with SMTP; 10 Apr 2002 10:09:41 -0000 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3A9t6L22575 for vserver.list; Wed, 10 Apr 2002 05:55:06 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3A9t5h22568 for ; Wed, 10 Apr 2002 05:55:06 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16vEoj-0007UM-00 for ; Wed, 10 Apr 2002 11:55:05 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16vEoj-0007UB-00 for ; Wed, 10 Apr 2002 11:55:05 +0200 Sender: jon@silicide.dk Message-ID: <3CB40BF9.AF9098C@silicide.dk> Date: Wed, 10 Apr 2002 11:55:05 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] double posts - an explanation..? References: <20020409113525.5e854818fd33@remtk.solucorp.qc.ca> <1018368970.18101.36.camel@laplinux> <3CB31682.18593645@silicide.dk> <1018421532.18013.38.camel@laplinux> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: jon+vserver@silicide.dk Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-99.9 required=5.0 tests=SUBJ_ENDS_IN_Q_MARK,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 495 d m wrote: > > Am Die, 2002-04-09 um 18.27 schrieb Jon Bendtsen: > > d m wrote: > > > > > > > What is jon+vserver ? This sounds like an alias containing someone named > > > > jon and the vserver mailing list. > > > > > > > > Seems to be the only user with such a problem > > > > > > nope, > > > > > > i get them double, too. > > > > yes, well i send them double. Do you send them double as well ? > > nope, i get yours 4 times, and every other mail double... This is getting more and more strange?? JonB From vserver.error@solucorp.qc.ca Wed Apr 10 06:31:35 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3AAVZ3Q016391; Wed, 10 Apr 2002 06:31:35 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3AADu723121 for vserver.list; Wed, 10 Apr 2002 06:13:56 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3AADth23117 for ; Wed, 10 Apr 2002 06:13:56 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16vF6x-0007WK-00 for ; Wed, 10 Apr 2002 12:13:55 +0200 Received: from localhost ([127.0.0.1]) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16vF6x-0007WA-00 for ; Wed, 10 Apr 2002 12:13:55 +0200 Delivered-To: silicide_dk-jon+vserver@silicide.dk Received: from mail.dht.dk [194.239.148.46] by localhost with POP3 (fetchmail-5.9.0) for jon+vserver@silicide.dk (multi-drop); Wed, 10 Apr 2002 12:13:55 +0200 (CEST) Received: (qmail 67617 invoked from network); 10 Apr 2002 10:13:24 -0000 Received: from dns.solucorp.qc.ca (207.253.4.241) by ns.dht.dk with SMTP; 10 Apr 2002 10:13:24 -0000 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3A9sIF22501 for vserver.list; Wed, 10 Apr 2002 05:54:18 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3A9sIh22497 for ; Wed, 10 Apr 2002 05:54:18 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16vEnr-0007Tk-00 for ; Wed, 10 Apr 2002 11:54:11 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16vEnr-0007TZ-00 for ; Wed, 10 Apr 2002 11:54:11 +0200 Sender: jon@silicide.dk Message-ID: <3CB40BC3.CE7A8199@silicide.dk> Date: Wed, 10 Apr 2002 11:54:11 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] private server hosting References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: jon+vserver@silicide.dk Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 496 Vlad wrote: > So far we've only sold a few and there have been no issues except with > Samba but none of our users have figured that out yet or expressed any > interest in it.. Whats the problem with samba ?? I've used samba with some luck. I do occasionaly experience complete lockup's that brings down the hole computer, nothing works except hardware reset. (the kernel follows a 0 pointer). I've resently upgraded to ctx10, so i asumed it was ctx9 that was the problem, since i also had this problem when doing userspace NFS. I havent yet tried the same ammount of data to and from the computer since the upgrade to ctx10. The problem occured during writing and reading of iso images. JonB From vserver.error@solucorp.qc.ca Wed Apr 10 10:42:49 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3AEgn3Q018373; Wed, 10 Apr 2002 10:42:49 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3AET6S28512 for vserver.list; Wed, 10 Apr 2002 10:29:06 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from main.cyber-office.net (main.cyber-office.net [216.64.180.226]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3AET5h28508 for ; Wed, 10 Apr 2002 10:29:06 -0400 Received: from localhost (raanders@localhost) by main.cyber-office.net (8.11.6/linuxconf) with ESMTP id g3AET1w10666 for ; Wed, 10 Apr 2002 07:29:01 -0700 X-Authentication-Warning: main.cyber-office.net: raanders owned process doing -bs Date: Wed, 10 Apr 2002 07:29:01 -0700 (PDT) From: X-X-Sender: To: Subject: Re: [vserver] vserver 0.16 change log In-Reply-To: <20020404124338.f16bb003160d@remtk.solucorp.qc.ca> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.8 required=5.0 tests=IN_REP_TO,NO_REAL_NAME,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 497 On Thu, 4 Apr 2002, Jacques Gelinas wrote: > 1.1. Install vserver from cdrom > > This is a start and contributions are welcome. I have written a script > called /usr/lib/vserver/install-rh7.2. This script expects a single > argument (for now), which is the name of the vserver to create. It > will install a vserver based on Red Hat 7.2 CD (found in /mnt/cdrom) > from scratch. It is not using the root server at all. It installs > everything from the first CD. With unification, it creates a not-so- > big vserver and contains pretty much anything an admin might want. This is great. I still have to find the time to try this out but it does bring three (at least) questions to mind. 1. Can /mnt/cdrom be an ISO image? 2. Will this require a CD-ROM change like a typical install does. My server (like I have whined about before) is located 30+ miles away in a co-location I don't have access to without prior arrangements. 3. Is it time to think of a Vserver Distribution? Something that installs a very basic main server. I have been researching what is the very minimum RPM-wise (RHL 7.2) needed but haven't had a chance to test it. This would be to preclude any packages that are not needed to run the vservers and hopefully plug any security holes in the main server. (Does this make any sense?) Cheers, Rod -- Why is it so easy to throw caution to the wind. Shouldn't it be heavier and shaped like an anvil? Jon Anderson From vserver.error@solucorp.qc.ca Wed Apr 10 11:39:33 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3AFdW3Q018979; Wed, 10 Apr 2002 11:39:32 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3AFPNb29956 for vserver.list; Wed, 10 Apr 2002 11:25:23 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3AFPMh29952 for ; Wed, 10 Apr 2002 11:25:23 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16vJyM-0007pH-00 for ; Wed, 10 Apr 2002 17:25:22 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16vJyL-0007p6-00 for ; Wed, 10 Apr 2002 17:25:21 +0200 Sender: jon@silicide.dk Message-ID: <3CB45961.CD69EEBB@silicide.dk> Date: Wed, 10 Apr 2002 17:25:21 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] vserver 0.16 change log References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: vserver@solucorp.qc.ca Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 498 raanders@acm.org wrote: > > 1. Can /mnt/cdrom be an ISO image? I didnt make it, but i dont see any technical reasons why it can not be a loopback mounted iso image. > 2. Will this require a CD-ROM change like a typical install does. My > server (like I have whined about before) is located 30+ miles away > in a co-location I don't have access to without prior arrangements. i would guess that depends on how much data are needed. > 3. Is it time to think of a Vserver Distribution? Something that > installs a very basic main server. I have been researching what is > the very minimum RPM-wise (RHL 7.2) needed but haven't had a chance > to test it. This would be to preclude any packages that are not > needed to run the vservers and hopefully plug any security holes in > the main server. (Does this make any sense?) I dont think the efford is worth it. Because, the main, or root as i call it, server could have all kinds of needs. That properly isnt any services, other than ssh, perhaps some routing deaemons, and stuff like that. They would how ever still need alot of other packages and programs, like log checking tools, rootkit checking tools, backup tools, devellopment tools, at least for compiling a new kernel. Why not just use a part of those packages other distributions already have develloped ?? JonB From vserver.error@solucorp.qc.ca Wed Apr 10 11:53:06 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3AFr53Q019076; Wed, 10 Apr 2002 11:53:06 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3AFdqo30353 for vserver.list; Wed, 10 Apr 2002 11:39:52 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3AFdph30349 for ; Wed, 10 Apr 2002 11:39:52 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16vKCN-0007qL-00 for ; Wed, 10 Apr 2002 17:39:51 +0200 Received: from localhost ([127.0.0.1]) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16vKCN-0007qB-00 for ; Wed, 10 Apr 2002 17:39:51 +0200 Delivered-To: silicide_dk-jon+vserver@silicide.dk Received: from mail.dht.dk [194.239.148.46] by localhost with POP3 (fetchmail-5.9.0) for jon+vserver@silicide.dk (multi-drop); Wed, 10 Apr 2002 17:39:51 +0200 (CEST) Received: (qmail 21300 invoked from network); 10 Apr 2002 15:39:35 -0000 Received: from dns.solucorp.qc.ca (207.253.4.241) by 194.239.148.46 with SMTP; 10 Apr 2002 15:39:35 -0000 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3AFPNb29956 for vserver.list; Wed, 10 Apr 2002 11:25:23 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3AFPMh29952 for ; Wed, 10 Apr 2002 11:25:23 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16vJyM-0007pH-00 for ; Wed, 10 Apr 2002 17:25:22 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16vJyL-0007p6-00 for ; Wed, 10 Apr 2002 17:25:21 +0200 Sender: jon@silicide.dk Message-ID: <3CB45961.CD69EEBB@silicide.dk> Date: Wed, 10 Apr 2002 17:25:21 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] vserver 0.16 change log References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: jon+vserver@silicide.dk Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 499 raanders@acm.org wrote: > > 1. Can /mnt/cdrom be an ISO image? I didnt make it, but i dont see any technical reasons why it can not be a loopback mounted iso image. > 2. Will this require a CD-ROM change like a typical install does. My > server (like I have whined about before) is located 30+ miles away > in a co-location I don't have access to without prior arrangements. i would guess that depends on how much data are needed. > 3. Is it time to think of a Vserver Distribution? Something that > installs a very basic main server. I have been researching what is > the very minimum RPM-wise (RHL 7.2) needed but haven't had a chance > to test it. This would be to preclude any packages that are not > needed to run the vservers and hopefully plug any security holes in > the main server. (Does this make any sense?) I dont think the efford is worth it. Because, the main, or root as i call it, server could have all kinds of needs. That properly isnt any services, other than ssh, perhaps some routing deaemons, and stuff like that. They would how ever still need alot of other packages and programs, like log checking tools, rootkit checking tools, backup tools, devellopment tools, at least for compiling a new kernel. Why not just use a part of those packages other distributions already have develloped ?? JonB From vserver.error@solucorp.qc.ca Wed Apr 10 13:52:00 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3AHpx3Q020296; Wed, 10 Apr 2002 13:51:59 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3AHc8W00622 for vserver.list; Wed, 10 Apr 2002 13:38:08 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from aquarius.diginode.net (aquarius.diginode.net [216.13.250.50]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g3AHc8h00618 for ; Wed, 10 Apr 2002 13:38:08 -0400 Received: (qmail 17253 invoked from network); 10 Apr 2002 17:36:58 -0000 Received: from zerowing.pop-star.net (208.181.22.52) by aquarius.diginode.net with SMTP; 10 Apr 2002 17:36:58 -0000 Subject: Re: [vserver] double posts - an explanation..? From: Andy Kwong To: vserver@solucorp.qc.ca Cc: jon@silicide.dk In-Reply-To: <3CB40BF9.AF9098C@silicide.dk> References: <20020409113525.5e854818fd33@remtk.solucorp.qc.ca> <1018368970.18101.36.camel@laplinux> <3CB31682.18593645@silicide.dk> <1018421532.18013.38.camel@laplinux> <3CB40BF9.AF9098C@silicide.dk> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Evolution/1.0.2 Date: 10 Apr 2002 10:41:38 -0700 Message-Id: <1018460499.1007.1.camel@zerowing.pop-star.net> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-101.9 required=5.0 tests=IN_REP_TO,SUBJ_ENDS_IN_Q_MARK,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 500 Can I ask why you are sending posts twice? On Wed, 2002-04-10 at 02:55, Jon Bendtsen wrote: > d m wrote: > > > > Am Die, 2002-04-09 um 18.27 schrieb Jon Bendtsen: > > > d m wrote: > > > > > > > > > What is jon+vserver ? This sounds like an alias containing someone named > > > > > jon and the vserver mailing list. > > > > > > > > > > Seems to be the only user with such a problem > > > > > > > > nope, > > > > > > > > i get them double, too. > > > > > > yes, well i send them double. Do you send them double as well ? > > > > nope, i get yours 4 times, and every other mail double... > > This is getting more and more strange?? > > > > > JonB > > > > > > > From vserver.error@solucorp.qc.ca Fri Apr 12 08:04:44 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3CC4h3Q010540; Fri, 12 Apr 2002 08:04:43 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3CBfnI23404 for vserver.list; Fri, 12 Apr 2002 07:41:49 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from force.4t2.com (force.4t2.com [195.230.37.100]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3CBfmh23400 for ; Fri, 12 Apr 2002 07:41:48 -0400 Received: from pandemonium.abyss.4t2.com ([192.168.1.10]:11269 "EHLO pandemonium.abyss.4t2.com") by force.4t2.com with ESMTP id ; Fri, 12 Apr 2002 13:42:41 +0200 Received: (x@pandemonium.abyss.4t2.com) by pandemonium.abyss.4t2.com id ; Fri, 12 Apr 2002 13:41:20 +0200 Date: Fri, 12 Apr 2002 13:41:19 +0200 From: Thomas Weber To: vserver@solucorp.qc.ca Subject: [vserver] locking problems with samba Message-ID: <20020412134119.R3025@4t2.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 501 Hi there, i've got problems running samba in a vserver. On a share that's accessible by multiple (Windows)users I get lockups on the client side when someone tries to access a file that's already opened by another user. I don't have this problem when I run the same samba configuration outside the vserver. It's probably some file locking issue. Maybe I just need to enable some capabilities though all i've tried so far didn't work. tested with 2.4.18ctx8 and 2.4.18ctx10 and samba 2.2.1a-4 on RH7.2. Tell me if you need more information (this one is easily to reproduce). any ideas? Tom From vserver.error@solucorp.qc.ca Tue Apr 16 05:29:13 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3G9TC3Q016912; Tue, 16 Apr 2002 05:29:13 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3G9B1g17612 for vserver.list; Tue, 16 Apr 2002 05:11:01 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3G9B0h17606 for ; Tue, 16 Apr 2002 05:11:00 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16xOzF-0002bI-00 for ; Tue, 16 Apr 2002 11:10:53 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16xOzF-0002b7-00 for ; Tue, 16 Apr 2002 11:10:53 +0200 Sender: jon@silicide.dk Message-ID: <3CBBEA9D.E3128EA1@silicide.dk> Date: Tue, 16 Apr 2002 11:10:53 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] locking problems with samba References: <20020412134119.R3025@4t2.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: vserver@solucorp.qc.ca Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 502 Thomas Weber wrote: > > Hi there, > > i've got problems running samba in a vserver. On a share that's accessible > by multiple (Windows)users I get lockups on the client side when someone > tries to access a file that's already opened by another user. I get lock ups even when it's only me that tries to use samba, the lockup happens every other day. I've tried to use the same file with 2 different processes. One that wrote to the file, and one that read from the file. I dont get lockup's from that. I do however mount the smb share with linux. > I don't have this problem when I run the same samba configuration outside > the vserver. I dont wanna do that. > It's probably some file locking issue. Maybe I just need to enable some > capabilities though all i've tried so far didn't work. > > tested with 2.4.18ctx8 and 2.4.18ctx10 and samba 2.2.1a-4 on RH7.2. > Tell me if you need more information (this one is easily to reproduce). How ?? i can access files by 2 processes, how ever from the same machine without trouble. Sometimes when i write with one file, and read another file it locks up. > any ideas? yeah, dont run samba ;-0 At least not in a production environment. I'm the only user of my samba, so i can manage when i have to reboot. JonB From vserver.error@solucorp.qc.ca Tue Apr 16 05:38:42 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3G9cg3Q016962; Tue, 16 Apr 2002 05:38:42 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3G9UV417970 for vserver.list; Tue, 16 Apr 2002 05:30:31 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3G9UUh17966 for ; Tue, 16 Apr 2002 05:30:31 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16xPIE-0002dH-00 for ; Tue, 16 Apr 2002 11:30:30 +0200 Received: from localhost ([127.0.0.1]) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16xPIE-0002d7-00 for ; Tue, 16 Apr 2002 11:30:30 +0200 Delivered-To: silicide_dk-jon+vserver@silicide.dk Received: from mail.dht.dk [194.239.148.46] by localhost with POP3 (fetchmail-5.9.0) for jon+vserver@silicide.dk (multi-drop); Tue, 16 Apr 2002 11:30:30 +0200 (CEST) Received: (qmail 61657 invoked from network); 16 Apr 2002 09:29:41 -0000 Received: from dns.solucorp.qc.ca (207.253.4.241) by ns.dht.dk with SMTP; 16 Apr 2002 09:29:41 -0000 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3G9B1g17612 for vserver.list; Tue, 16 Apr 2002 05:11:01 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3G9B0h17606 for ; Tue, 16 Apr 2002 05:11:00 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16xOzF-0002bI-00 for ; Tue, 16 Apr 2002 11:10:53 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16xOzF-0002b7-00 for ; Tue, 16 Apr 2002 11:10:53 +0200 Sender: jon@silicide.dk Message-ID: <3CBBEA9D.E3128EA1@silicide.dk> Date: Tue, 16 Apr 2002 11:10:53 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] locking problems with samba References: <20020412134119.R3025@4t2.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: jon+vserver@silicide.dk Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 503 Thomas Weber wrote: > > Hi there, > > i've got problems running samba in a vserver. On a share that's accessible > by multiple (Windows)users I get lockups on the client side when someone > tries to access a file that's already opened by another user. I get lock ups even when it's only me that tries to use samba, the lockup happens every other day. I've tried to use the same file with 2 different processes. One that wrote to the file, and one that read from the file. I dont get lockup's from that. I do however mount the smb share with linux. > I don't have this problem when I run the same samba configuration outside > the vserver. I dont wanna do that. > It's probably some file locking issue. Maybe I just need to enable some > capabilities though all i've tried so far didn't work. > > tested with 2.4.18ctx8 and 2.4.18ctx10 and samba 2.2.1a-4 on RH7.2. > Tell me if you need more information (this one is easily to reproduce). How ?? i can access files by 2 processes, how ever from the same machine without trouble. Sometimes when i write with one file, and read another file it locks up. > any ideas? yeah, dont run samba ;-0 At least not in a production environment. I'm the only user of my samba, so i can manage when i have to reboot. JonB From vserver.error@solucorp.qc.ca Tue Apr 16 06:05:17 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3GA5G3Q017146; Tue, 16 Apr 2002 06:05:17 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3G9s9w18462 for vserver.list; Tue, 16 Apr 2002 05:54:09 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from Trademart-1.ednet.ns.ca (Trademart-1.EDnet.NS.CA [142.227.51.1]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3G9s8h18458 for ; Tue, 16 Apr 2002 05:54:09 -0400 Received: from macleajb (helo=localhost) by Trademart-1.ednet.ns.ca with local-esmtp (Exim 3.35 #1) id 16xPf6-0000NO-00 for vserver@solucorp.qc.ca; Tue, 16 Apr 2002 06:54:08 -0300 Date: Tue, 16 Apr 2002 06:54:08 -0300 (ADT) From: James MacLean To: Subject: Re: [vserver] locking problems with samba - cups In-Reply-To: <3CBBEA9D.E3128EA1@silicide.dk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 504 > Thomas Weber wrote: > > Hi there, > > i've got problems running samba in a vserver. On a share that's accessible > > by multiple (Windows)users I get lockups on the client side when someone > > tries to access a file that's already opened by another user. > > any ideas? Possibly totally unrelated but this past weekend I went through an exercise to get CUPS running in a vserver. One big hangup was that CUPS is hardcoded everywhere to talk via localhost. In cup's case, it wasn't just the host 'localhost' or the ip '127.0.0.1' but the hex coded localhost '0x7f000001' everywhere :(. So I've been setting /etc/hosts to say that localhost is actually the vserver's IP. Probably unrelated, but without all the changes, CUPS would hang doing certain activities (ie adding printers). JES -- James B. MacLean macleajb@ednet.ns.ca Department of Education Nova Scotia, Canada B3M 4B2 From vserver.error@solucorp.qc.ca Tue Apr 16 06:23:26 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3GANP3Q017227; Tue, 16 Apr 2002 06:23:26 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3GA9bD18764 for vserver.list; Tue, 16 Apr 2002 06:09:37 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from force.4t2.com (force.4t2.com [195.230.37.100]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3GA9ah18760 for ; Tue, 16 Apr 2002 06:09:36 -0400 Received: from pandemonium.abyss.4t2.com ([192.168.1.10]:58378 "EHLO pandemonium.abyss.4t2.com") by force.4t2.com with ESMTP id ; Tue, 16 Apr 2002 12:11:19 +0200 Received: (x@pandemonium.abyss.4t2.com) by pandemonium.abyss.4t2.com id ; Tue, 16 Apr 2002 12:09:15 +0200 Date: Tue, 16 Apr 2002 12:09:15 +0200 From: Thomas Weber To: vserver@solucorp.qc.ca Subject: Re: [vserver] locking problems with samba Message-ID: <20020416120915.C2509@4t2.com> References: <20020412134119.R3025@4t2.com> <3CBBEA9D.E3128EA1@silicide.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3CBBEA9D.E3128EA1@silicide.dk>; from jon+vserver@silicide.dk on Tue, Apr 16, 2002 at 11:10:53AM +0200 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 505 On Tue, Apr 16, 2002 at 11:10:53AM +0200, Jon Bendtsen wrote: > > i've got problems running samba in a vserver. On a share that's accessible > > by multiple (Windows)users I get lockups on the client side when someone > > tries to access a file that's already opened by another user. > > I get lock ups even when it's only me that tries to use samba, the > lockup > happens every other day. I've tried to use the same file with 2 > different > processes. One that wrote to the file, and one that read from the file. > I > dont get lockup's from that. I do however mount the smb share with > linux. I don't think you can compare linux with windows clients in this case due to the VFS Layer and other Linux issues that won't show you this problem immediately. > > tested with 2.4.18ctx8 and 2.4.18ctx10 and samba 2.2.1a-4 on RH7.2. > > Tell me if you need more information (this one is easily to reproduce). > > How ?? i can access files by 2 processes, how ever from the same machine > without trouble. Sometimes when i write with one file, and read another > file it locks up. Don't test with Linux as a client. > > any ideas? > > yeah, dont run samba ;-0 > At least not in a production environment. I'm the only user of my samba, > so i can manage when i have to reboot. That's a joke, isn't it? I run samba for several hundreds of users for years without problems (of course not within a vserver), it's one of the most reliable pieces of software i've come across. Besides, there's just no alternative (at least none that's as fast, cheap and stable). I'm pretty sure this is a problem with file locking within the vserver, and not a problem with samba itself. Tom From vserver.error@solucorp.qc.ca Tue Apr 16 07:06:51 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3GB6p3Q017454; Tue, 16 Apr 2002 07:06:51 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3GAwOA19782 for vserver.list; Tue, 16 Apr 2002 06:58:24 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3GAwNh19778 for ; Tue, 16 Apr 2002 06:58:24 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16xQfH-0002iN-00 for ; Tue, 16 Apr 2002 12:58:23 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16xQfH-0002iC-00 for ; Tue, 16 Apr 2002 12:58:23 +0200 Sender: jon@silicide.dk Message-ID: <3CBC03CF.53D174B9@silicide.dk> Date: Tue, 16 Apr 2002 12:58:23 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] locking problems with samba References: <20020412134119.R3025@4t2.com> <3CBBEA9D.E3128EA1@silicide.dk> <20020416120915.C2509@4t2.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: vserver@solucorp.qc.ca Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 506 > > > tested with 2.4.18ctx8 and 2.4.18ctx10 and samba 2.2.1a-4 on RH7.2. > > > Tell me if you need more information (this one is easily to reproduce). > > > > How ?? i can access files by 2 processes, how ever from the same machine > > without trouble. Sometimes when i write with one file, and read another > > file it locks up. > > Don't test with Linux as a client. Well, thats all i got, i dont use windows, i dont even have a windows cd, and i dont want to repartition just to install windows, and test this bug. I'll test with linux if people want that. The reason i'm not using NFS, is because it's on a shared network, so i want the password protection. > > > > any ideas? > > > > yeah, dont run samba ;-0 > > At least not in a production environment. I'm the only user of my samba, > > so i can manage when i have to reboot. > > That's a joke, isn't it? Well sort of. I ment dont run samba in a vserver in a production environment. > I run samba for several hundreds of users for years without problems (of > course not within a vserver), it's one of the most reliable pieces of software > i've come across. Besides, there's just no alternative (at least none that's > as fast, cheap and stable). > I'm pretty sure this is a problem with file locking within the vserver, and not > a problem with samba itself. I think so as well, because i run a regular samba server as well, in a production environment, and that works fine. I seem to remember that back when i ran userspace nfs inside a vserver, i had the same lockup's, but i'm not 100% sure. JonB From vserver.error@solucorp.qc.ca Tue Apr 16 07:22:50 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3GBMo3Q017546; Tue, 16 Apr 2002 07:22:50 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3GB8Lp19973 for vserver.list; Tue, 16 Apr 2002 07:08:21 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3GB8Kh19969 for ; Tue, 16 Apr 2002 07:08:20 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16xQou-0002im-00 for ; Tue, 16 Apr 2002 13:08:20 +0200 Received: from localhost ([127.0.0.1]) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16xQou-0002ic-00 for ; Tue, 16 Apr 2002 13:08:20 +0200 Delivered-To: silicide_dk-jon+vserver@silicide.dk Received: from mail.dht.dk [194.239.148.46] by localhost with POP3 (fetchmail-5.9.0) for jon+vserver@silicide.dk (multi-drop); Tue, 16 Apr 2002 13:08:20 +0200 (CEST) Received: (qmail 54648 invoked from network); 16 Apr 2002 11:07:20 -0000 Received: from dns.solucorp.qc.ca (207.253.4.241) by ns.dht.dk with SMTP; 16 Apr 2002 11:07:20 -0000 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3GAwOA19782 for vserver.list; Tue, 16 Apr 2002 06:58:24 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3GAwNh19778 for ; Tue, 16 Apr 2002 06:58:24 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16xQfH-0002iN-00 for ; Tue, 16 Apr 2002 12:58:23 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16xQfH-0002iC-00 for ; Tue, 16 Apr 2002 12:58:23 +0200 Sender: jon@silicide.dk Message-ID: <3CBC03CF.53D174B9@silicide.dk> Date: Tue, 16 Apr 2002 12:58:23 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] locking problems with samba References: <20020412134119.R3025@4t2.com> <3CBBEA9D.E3128EA1@silicide.dk> <20020416120915.C2509@4t2.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: jon+vserver@silicide.dk Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 507 > > > tested with 2.4.18ctx8 and 2.4.18ctx10 and samba 2.2.1a-4 on RH7.2. > > > Tell me if you need more information (this one is easily to reproduce). > > > > How ?? i can access files by 2 processes, how ever from the same machine > > without trouble. Sometimes when i write with one file, and read another > > file it locks up. > > Don't test with Linux as a client. Well, thats all i got, i dont use windows, i dont even have a windows cd, and i dont want to repartition just to install windows, and test this bug. I'll test with linux if people want that. The reason i'm not using NFS, is because it's on a shared network, so i want the password protection. > > > > any ideas? > > > > yeah, dont run samba ;-0 > > At least not in a production environment. I'm the only user of my samba, > > so i can manage when i have to reboot. > > That's a joke, isn't it? Well sort of. I ment dont run samba in a vserver in a production environment. > I run samba for several hundreds of users for years without problems (of > course not within a vserver), it's one of the most reliable pieces of software > i've come across. Besides, there's just no alternative (at least none that's > as fast, cheap and stable). > I'm pretty sure this is a problem with file locking within the vserver, and not > a problem with samba itself. I think so as well, because i run a regular samba server as well, in a production environment, and that works fine. I seem to remember that back when i ran userspace nfs inside a vserver, i had the same lockup's, but i'm not 100% sure. JonB From vserver.error@solucorp.qc.ca Wed Apr 17 15:16:33 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3HJGW3Q001769; Wed, 17 Apr 2002 15:16:33 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3HIxKb29493 for vserver.list; Wed, 17 Apr 2002 14:59:20 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from fnexchange2.corp.fast.net (fnexchange2.corp.fast.net [209.92.29.202]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3HIxKh29489 for ; Wed, 17 Apr 2002 14:59:20 -0400 Received: by fnexchange2.corp.fast.net with Internet Mail Service (5.5.2653.19) id <20SLKGF8>; Wed, 17 Apr 2002 14:59:05 -0400 Message-ID: <684A8B4FD94E464283C3ABA6AE65214102D9BB76@fnexchange2.corp.fast.net> From: Jerry Wilborn To: "'vserver@solucorp.qc.ca'" Subject: [vserver] blocking ssh access from virtual server to physical one Date: Wed, 17 Apr 2002 14:59:05 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 508 i tried implementing ipchains rules on the physical server to reject packets, tried hosts.allow/deny combis has anyone been able to successfully block traffic coming from a virtual server going to the physical server's ip? Jerry Wilborn, Operations Engineer FASTNET - Internet Solutions 610-266-6700 www.fast.net From vserver.error@solucorp.qc.ca Wed Apr 17 15:57:30 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3HJvT3Q002277; Wed, 17 Apr 2002 15:57:30 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3HJkvi30701 for vserver.list; Wed, 17 Apr 2002 15:46:57 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from force.4t2.com (force.4t2.com [195.230.37.100]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3HJkuh30697 for ; Wed, 17 Apr 2002 15:46:57 -0400 Received: from pandemonium.abyss.4t2.com ([192.168.1.10]:64268 "EHLO pandemonium.abyss.4t2.com") by force.4t2.com with ESMTP id ; Wed, 17 Apr 2002 21:48:55 +0200 Received: (x@pandemonium.abyss.4t2.com) by pandemonium.abyss.4t2.com id ; Wed, 17 Apr 2002 21:46:27 +0200 Date: Wed, 17 Apr 2002 21:46:27 +0200 From: Thomas Weber To: vserver@solucorp.qc.ca Subject: Re: [vserver] blocking ssh access from virtual server to physical one Message-ID: <20020417214627.F2509@4t2.com> References: <684A8B4FD94E464283C3ABA6AE65214102D9BB76@fnexchange2.corp.fast.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <684A8B4FD94E464283C3ABA6AE65214102D9BB76@fnexchange2.corp.fast.net>; from jerry.wilborn@fast.net on Wed, Apr 17, 2002 at 02:59:05PM -0400 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 509 On Wed, Apr 17, 2002 at 02:59:05PM -0400, Jerry Wilborn wrote: > i tried implementing ipchains rules on the physical server to reject > packets, tried hosts.allow/deny combis > > has anyone been able to successfully block traffic coming from a virtual > server going to the physical server's ip? should be straight forward. With iptables it'd be like this: iptables -I INPUT -s vserversaddress --dport ssh -j DROP Tom From vserver.error@solucorp.qc.ca Thu Apr 18 19:44:41 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3INif3Q016691; Thu, 18 Apr 2002 19:44:41 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3INNRM07220 for vserver.list; Thu, 18 Apr 2002 19:23:27 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.acun.com (mail-gateway.acun.com [206.27.86.3]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3INNQh07216 for ; Thu, 18 Apr 2002 19:23:26 -0400 Received: from there (nosyarntya@darkstar.acun.net [206.27.86.12]) by ns1.acun.com (8.11.6/8.11.6) with SMTP id g3INORK09669 for ; Thu, 18 Apr 2002 19:24:27 -0400 Message-Id: <200204182324.g3INORK09669@ns1.acun.com> Content-Type: text/plain; charset="iso-8859-1" From: George Organization: Alien Rebel To: vserver@solucorp.qc.ca Subject: [vserver] Virtual web hosting and XFS stuff Date: Thu, 18 Apr 2002 19:23:30 -0400 X-Mailer: KMail [version 1.3.2] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by dns.solucorp.qc.ca id g3INNQh07216 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 510 In the documentation this statement is made: Using port redirection to allow one virtual server to logically bind several IPs. One virtual server could run several web virtual host this way. Has anyone got around to allowing one to bind several ips to a vserver so apache can so web virtual hosting across several ip's? Excerpt from mailing list archive, not sure who actually authored the statement: << Actually i stopped to maintain the patches, the one above have a small bug (don't unbind ports in a vserver) it was more meant as an example for discussion and inclusion in the main vserver patch. The Idea was to provide tow ip/mask pairs to chbind, so it becomes possible to bind to 2 ip-ranges (the first IP is the default) and masking out which bits in an IP are immutable. Later the vserver-user should be able to constrain the range to a subset of his available IP's. The usage is straightforward (look in chbind.c) chbind got a few more options (--ip1/--mask1/--net2/--mask2) thats all. This days i have no time to work on it(i got married today :) ). In January i will fix the bugs and sync it with te actual vserver release. But i still would like to see it included in the main trunk if there is intrest of it, since i dont want to maintain a 50 lines patch in parallel. >> On another note, I got the 2.4.18 kernel built with XFS V1.1 and vserver CTX10, seems to be working ok, although I saw in the mailing list the following: > OK, so after some more digging, it would seem that XFS doesn't support the > IMMUTABLE flag, or really anything like it. Refer to: > http://oss.sgi.com/projects/xfs/mail_archive/0012/msg00073.html. The > source is a bit weird, quite unlike most the source of the other > filesystems I've seen in linux ... so vserver unification in XFS probably > isn't going to happen anytime soon. :-( > > _Paul K. Is this something I should be worrying about? George. From vserver.error@solucorp.qc.ca Fri Apr 19 16:35:09 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3JKZ73Q027409; Fri, 19 Apr 2002 16:35:08 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3JKQU003937 for vserver.list; Fri, 19 Apr 2002 16:26:30 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from velocity.liquidweb.com (ns.liquidweb.com [64.91.224.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3JKQUh03933 for ; Fri, 19 Apr 2002 16:26:30 -0400 Received: from ip-64-7-177-54.mercury.net ([64.7.177.54] helo=liquidweb.com) by velocity.liquidweb.com with asmtp (Exim 3.35 #1) id 16yexH-0003Ql-00 for vserver@solucorp.qc.ca; Fri, 19 Apr 2002 16:26:03 -0400 Message-ID: <3CC07DCF.1040708@liquidweb.com> Date: Fri, 19 Apr 2002 16:27:59 -0400 From: Matthew Hill User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020212 X-Accept-Language: en-us MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: [vserver] newvserver segfaults Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-AntiAbuse: Sender Address Domain - liquidweb.com Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 511 Hello, Having a problem with the newvserver script, haven't had problems previous however it consistently segfaults on this box. Any ideas? root@vserver [~]# uname -a Linux vserver.liquidweb.com 2.4.18ctx-10 #1 Mon Apr 8 16:57:33 EDT 2002 i686 unknown root@vserver [~]# rpm -q vserver-admin vserver linuxconf-lib linuxconf-util vserver-admin-0.17-1 vserver-0.17-1 linuxconf-lib-1.27r3-1 linuxconf-util-1.27r3-1 root@vserver [~]# /usr/sbin/newvserver Segmentation fault Strace is as follows: root@vserver [~]# strace /usr/sbin/newvserver execve("/usr/sbin/newvserver", ["/usr/sbin/newvserver"], [/* 27 vars */]) = 0 uname({sys="Linux", node="vserver.liquidweb.com", ...}) = 0 brk(0) = 0x806e1fc old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000 open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=28307, ...}) = 0 old_mmap(NULL, 28307, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40017000 close(3) = 0 open("/usr/lib/liblinuxconf.so.1", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200Q\3"..., 1024) = 1024 fstat64(3, {st_mode=S_IFREG|0755, st_size=1897288, ...}) = 0 old_mmap(NULL, 714968, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4001e000 mprotect(0x4009e000, 190680, PROT_NONE) = 0 old_mmap(0x4009e000, 102400, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x7f000) = 0x4009e000 old_mmap(0x400b7000, 88280, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400b7000 close(3) = 0 open("/lib/libc.so.6", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360\303"..., 1024) = 1024 fstat64(3, {st_mode=S_IFREG|0755, st_size=5723311, ...}) = 0 old_mmap(NULL, 1265288, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x400cd000 mprotect(0x401f9000, 36488, PROT_NONE) = 0 old_mmap(0x401f9000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x12b000) = 0x401f9000 old_mmap(0x401fe000, 16008, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x401fe000 close(3) = 0 --- SIGSEGV (Segmentation fault) --- +++ killed by SIGSEGV +++ From vserver.error@solucorp.qc.ca Sat Apr 20 08:25:50 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3KCPn3Q002237; Sat, 20 Apr 2002 08:25:49 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3KCF7Z22646 for vserver.list; Sat, 20 Apr 2002 08:15:07 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from bigalke.de (bigalke65.insol.de [62.80.100.65] (may be forged)) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3KCF6h22642 for ; Sat, 20 Apr 2002 08:15:06 -0400 Received: from bigalke.de (shb145.db [192.168.0.145]) by bigalke.de (8.8.8/8.8.3) with ESMTP id OAA06429 for ; Sat, 20 Apr 2002 14:14:29 +0200 Message-ID: <3CC15BA4.40005@bigalke.de> Date: Sat, 20 Apr 2002 14:14:28 +0200 From: Dieter Bigalke User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:0.9.4) Gecko/20011128 Netscape6/6.2.1 X-Accept-Language: de-DE MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] newvserver segfaults References: <3CC07DCF.1040708@liquidweb.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.5 required=5.0 tests=MAY_BE_FORGED version=2.01 Status: RO X-Status: X-Keywords: X-UID: 512 Hello Matthew, i think there are linuxconf rpms for redhat and suse, try the other one. Dieter Matthew Hill wrote: > Hello, > > Having a problem with the newvserver script, haven't had problems previous > however it consistently segfaults on this box. > > Any ideas? > From vserver.error@solucorp.qc.ca Sat Apr 20 14:09:47 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3KI9k3Q004566; Sat, 20 Apr 2002 14:09:46 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3KI0RE30200 for vserver.list; Sat, 20 Apr 2002 14:00:27 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.thedeacon.org (thedeacon.org [64.71.202.149]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3KI0Qh30196 for ; Sat, 20 Apr 2002 14:00:26 -0400 Received: from thedeacon.org (cyrix-m3.thedeacon.org [172.23.172.133]) by mail.thedeacon.org (Postfix) with SMTP id D8AF1241E7 for ; Sun, 21 Apr 2002 13:45:55 -0600 (MDT) Received: from 172.23.172.143 (SquirrelMail authenticated user deacon) by webmail.thedeacon.org with HTTP; Sat, 20 Apr 2002 12:07:58 -0600 (MDT) Message-ID: <2094.172.23.172.143.1019326078.squirrel@webmail.thedeacon.org> Date: Sat, 20 Apr 2002 12:07:58 -0600 (MDT) Subject: Re: [vserver] Virtual web hosting and XFS stuff From: "Paul Kreiner" To: In-Reply-To: <200204182324.g3INORK09669@ns1.acun.com> References: <200204182324.g3INORK09669@ns1.acun.com> X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal X-Mailer: SquirrelMail (version 1.2.5) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 513 George said: > On another note, I got the 2.4.18 kernel built with XFS V1.1 and > vserver CTX10, seems to be working ok, although I saw in the mailing > list the following: > >> OK, so after some more digging, it would seem that XFS doesn't support >> the IMMUTABLE flag, or really anything like it. Refer to: >> http://oss.sgi.com/projects/xfs/mail_archive/0012/msg00073.html. The >> source is a bit weird, quite unlike most the source of the other >> filesystems I've seen in linux ... so vserver unification in XFS >> probably isn't going to happen anytime soon. :-( >> >> _Paul K. > > Is this something I should be worrying about? George, I wouldn't worry too much about it ... you'll just waste a bit more disk space and memory (both are pretty cheap these days) by not having your vservers' filesystems unified. I've built a couple systems using XFS+vserver, back in the ctx6-7 days, and they work fine, just don't do any of the vserver unification stuff, 'cause it won't behave. _Paul K. From vserver.error@solucorp.qc.ca Mon Apr 22 05:48:48 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3M9ml3Q015508; Mon, 22 Apr 2002 05:48:47 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3M9DHa20362 for vserver.list; Mon, 22 Apr 2002 05:13:17 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3M9DBh20357 for ; Mon, 22 Apr 2002 05:13:16 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16zZse-0006Lg-00 for ; Mon, 22 Apr 2002 11:13:04 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16zZse-0006LV-00 for ; Mon, 22 Apr 2002 11:13:04 +0200 Sender: jon@silicide.dk Message-ID: <3CC3D420.292C6586@silicide.dk> Date: Mon, 22 Apr 2002 11:13:04 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] blocking ssh access from virtual server to physical one References: <684A8B4FD94E464283C3ABA6AE65214102D9BB76@fnexchange2.corp.fast.net> <20020417214627.F2509@4t2.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: vserver@solucorp.qc.ca Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 514 Thomas Weber wrote: > > On Wed, Apr 17, 2002 at 02:59:05PM -0400, Jerry Wilborn wrote: > > i tried implementing ipchains rules on the physical server to reject > > packets, tried hosts.allow/deny combis > > > > has anyone been able to successfully block traffic coming from a virtual > > server going to the physical server's ip? > > should be straight forward. With iptables it'd be like this: > iptables -I INPUT -s vserversaddress --dport ssh -j DROP And what if the IP address is the same as the server ?? What if you used the interface option?? So, only allowing from ethX? JonB From vserver.error@solucorp.qc.ca Mon Apr 22 05:50:51 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3M9oo3Q015538; Mon, 22 Apr 2002 05:50:50 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3M9Zhb20792 for vserver.list; Mon, 22 Apr 2002 05:35:43 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from velocity.liquidweb.com (ns.liquidweb.com [64.91.224.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3M9Zgh20788 for ; Mon, 22 Apr 2002 05:35:43 -0400 Received: from 12-245-222-41.client.attbi.com ([12.245.222.41] helo=liquidweb.com) by velocity.liquidweb.com with asmtp (Exim 3.35 #1) id 16zaEV-0007ig-00 for vserver@solucorp.qc.ca; Mon, 22 Apr 2002 05:35:39 -0400 Message-ID: <3CC3D8C1.10408@liquidweb.com> Date: Mon, 22 Apr 2002 05:32:49 -0400 From: Matthew Hill User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020311 X-Accept-Language: en-us, en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] newvserver segfaults References: <3CC07DCF.1040708@liquidweb.com> <3CC15BA4.40005@bigalke.de> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-AntiAbuse: Sender Address Domain - liquidweb.com Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 515 Dieter, I did previously download the linxuconf rpm's supplied via the interface on solucorp, and they were correct for redhat. For whatever reason after erasing all and re-installing with 1.27r5 (was 1.27r3) plus all devel libraries and it now functions. I thank you for the suggestion. Dieter Bigalke wrote: > Hello Matthew, > > i think there are linuxconf rpms for redhat and suse, try the other one. > > Dieter > > Matthew Hill wrote: > >> Hello, >> >> Having a problem with the newvserver script, haven't had problems >> previous >> however it consistently segfaults on this box. >> >> Any ideas? >> > From vserver.error@solucorp.qc.ca Mon Apr 22 06:03:56 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3MA3t3Q015606; Mon, 22 Apr 2002 06:03:56 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3M9o2t21112 for vserver.list; Mon, 22 Apr 2002 05:50:02 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3M9o1h21108 for ; Mon, 22 Apr 2002 05:50:01 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16zaSO-0006NM-00 for ; Mon, 22 Apr 2002 11:50:00 +0200 Received: from localhost ([127.0.0.1]) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16zaSO-0006NC-00 for ; Mon, 22 Apr 2002 11:50:00 +0200 Delivered-To: silicide_dk-jon+vserver@silicide.dk Received: from mail.dht.dk [194.239.148.46] by localhost with POP3 (fetchmail-5.9.0) for jon+vserver@silicide.dk (multi-drop); Mon, 22 Apr 2002 11:50:00 +0200 (CEST) Received: (qmail 33664 invoked from network); 22 Apr 2002 09:49:16 -0000 Received: from dns.solucorp.qc.ca (207.253.4.241) by ns.dht.dk with SMTP; 22 Apr 2002 09:49:16 -0000 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3M9DHa20362 for vserver.list; Mon, 22 Apr 2002 05:13:17 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3M9DBh20357 for ; Mon, 22 Apr 2002 05:13:16 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16zZse-0006Lg-00 for ; Mon, 22 Apr 2002 11:13:04 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16zZse-0006LV-00 for ; Mon, 22 Apr 2002 11:13:04 +0200 Sender: jon@silicide.dk Message-ID: <3CC3D420.292C6586@silicide.dk> Date: Mon, 22 Apr 2002 11:13:04 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] blocking ssh access from virtual server to physical one References: <684A8B4FD94E464283C3ABA6AE65214102D9BB76@fnexchange2.corp.fast.net> <20020417214627.F2509@4t2.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: jon+vserver@silicide.dk Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 516 Thomas Weber wrote: > > On Wed, Apr 17, 2002 at 02:59:05PM -0400, Jerry Wilborn wrote: > > i tried implementing ipchains rules on the physical server to reject > > packets, tried hosts.allow/deny combis > > > > has anyone been able to successfully block traffic coming from a virtual > > server going to the physical server's ip? > > should be straight forward. With iptables it'd be like this: > iptables -I INPUT -s vserversaddress --dport ssh -j DROP And what if the IP address is the same as the server ?? What if you used the interface option?? So, only allowing from ethX? JonB From vserver.error@solucorp.qc.ca Mon Apr 22 10:33:14 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3MEXD3Q017461; Mon, 22 Apr 2002 10:33:14 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3MEMJ427758 for vserver.list; Mon, 22 Apr 2002 10:22:19 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from force.4t2.com (force.4t2.com [195.230.37.100]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3MEMIh27754 for ; Mon, 22 Apr 2002 10:22:19 -0400 Received: from pandemonium.abyss.4t2.com ([192.168.1.10]:51207 "EHLO pandemonium.abyss.4t2.com") by force.4t2.com with ESMTP id ; Mon, 22 Apr 2002 16:25:04 +0200 Received: (x@pandemonium.abyss.4t2.com) by pandemonium.abyss.4t2.com id ; Mon, 22 Apr 2002 16:21:47 +0200 Date: Mon, 22 Apr 2002 16:21:47 +0200 From: Thomas Weber To: vserver@solucorp.qc.ca Subject: Re: [vserver] blocking ssh access from virtual server to physical one Message-ID: <20020422162147.N2509@4t2.com> References: <684A8B4FD94E464283C3ABA6AE65214102D9BB76@fnexchange2.corp.fast.net> <20020417214627.F2509@4t2.com> <3CC3D420.292C6586@silicide.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3CC3D420.292C6586@silicide.dk>; from jon+vserver@silicide.dk on Mon, Apr 22, 2002 at 11:13:04AM +0200 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 517 On Mon, Apr 22, 2002 at 11:13:04AM +0200, Jon Bendtsen wrote: > Thomas Weber wrote: > > > > On Wed, Apr 17, 2002 at 02:59:05PM -0400, Jerry Wilborn wrote: > > > i tried implementing ipchains rules on the physical server to reject > > > packets, tried hosts.allow/deny combis > > > > > > has anyone been able to successfully block traffic coming from a virtual > > > server going to the physical server's ip? > > > > should be straight forward. With iptables it'd be like this: > > iptables -I INPUT -s vserversaddress --dport ssh -j DROP > > And what if the IP address is the same as the server ?? > > What if you used the interface option?? So, only allowing from ethX? huh? i don't understand what you wanna do. Each of your vservers has one IP address to which the processes in the vserver can bind. So block incoming traffic from this address and you're done. Tom From vserver.error@solucorp.qc.ca Mon Apr 22 10:47:07 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3MEl63Q017578; Mon, 22 Apr 2002 10:47:06 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3MEVb128122 for vserver.list; Mon, 22 Apr 2002 10:31:37 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from fnexchange2.corp.fast.net (fnexchange2.corp.fast.net [209.92.29.202]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3MEVbh28118 for ; Mon, 22 Apr 2002 10:31:37 -0400 Received: by fnexchange2.corp.fast.net with Internet Mail Service (5.5.2653.19) id ; Mon, 22 Apr 2002 10:31:37 -0400 Message-ID: <684A8B4FD94E464283C3ABA6AE65214102D9BBA6@fnexchange2.corp.fast.net> From: Jerry Wilborn To: "'vserver@solucorp.qc.ca'" Subject: RE: [vserver] blocking ssh access from virtual server to physical one Date: Mon, 22 Apr 2002 10:31:27 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-99.0 required=5.0 tests=SUBJ_HAS_SPACES,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 518 fyi, the rules DO reject machines that are not within the allowed block, so it seems the rules are good/applied for traffic coming off the wire. Jerry Wilborn, Operations Engineer FASTNET - Internet Solutions 610-266-6700 www.fast.net -----Original Message----- From: Jerry Wilborn [mailto:jerry.wilborn@fast.net] Sent: Monday, April 22, 2002 10:29 AM To: 'vserver@solucorp.qc.ca' Subject: RE: [vserver] blocking ssh access from virtual server to physical one packet level rules dont appear to work; here are my rules and ipchains -v L -n it only disallows a connection if i add something to hosts.allow/deny. but then again you can tell that the port is open from the virtual machine. from /etc/sysconfig/ipchains :input ACCEPT :forward REJECT :output ACCEPT -A input -s 0/0 -d 0/0 -i lo -j ACCEPT -A input -p tcp -s 205.147.200.0/24 -d 0/0 22 -i eth0 -j ACCEPT -A input -p tcp -s 0/0 -d 0/0 22 -i lo -j REJECT -A input -p tcp -s 0/0 -d 0/0 0:1023 -y -j REJECT -A input -p tcp -s 0/0 -d 0/0 2049 -y -j REJECT -A input -p udp -s 0/0 -d 0/0 0:1023 -j REJECT -A input -p udp -s 0/0 -d 0/0 2049 -j REJECT -A input -p tcp -s 0/0 -d 0/0 6000:6009 -y -j REJECT -A input -p tcp -s 0/0 -d 0/0 7100 -y -j REJECT [root@jerrytest root]# ipchains -L -n -v Chain input (policy ACCEPT: 182019 packets, 14019944 bytes): pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports 28 1928 ACCEPT all ------ 0xFF 0x00 lo 0.0.0.0/0 0.0.0.0/0 n/a 4297 322K ACCEPT tcp ------ 0xFF 0x00 eth0 205.147.200.0/24 0.0.0.0/0 * -> 22 0 0 REJECT tcp ------ 0xFF 0x00 lo 0.0.0.0/0 0.0.0.0/0 * -> 22 524 23916 REJECT tcp -y---- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 0:1023 0 0 REJECT tcp -y---- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 2049 54852 6529K REJECT udp ------ 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 0:1023 0 0 REJECT udp ------ 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 2049 0 0 REJECT tcp -y---- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 6000:6009 0 0 REJECT tcp -y---- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 7100 Chain forward (policy REJECT: 0 packets, 0 bytes): Chain output (policy ACCEPT: 223468 packets, 23335617 bytes): Jerry Wilborn, Operations Engineer FASTNET - Internet Solutions 610-266-6700 www.fast.net -----Original Message----- From: Thomas Weber [mailto:l_vserver@mail2news.4t2.com] Sent: Monday, April 22, 2002 10:22 AM To: vserver@solucorp.qc.ca Subject: Re: [vserver] blocking ssh access from virtual server to physical one On Mon, Apr 22, 2002 at 11:13:04AM +0200, Jon Bendtsen wrote: > Thomas Weber wrote: > > > > On Wed, Apr 17, 2002 at 02:59:05PM -0400, Jerry Wilborn wrote: > > > i tried implementing ipchains rules on the physical server to reject > > > packets, tried hosts.allow/deny combis > > > > > > has anyone been able to successfully block traffic coming from a virtual > > > server going to the physical server's ip? > > > > should be straight forward. With iptables it'd be like this: > > iptables -I INPUT -s vserversaddress --dport ssh -j DROP > > And what if the IP address is the same as the server ?? > > What if you used the interface option?? So, only allowing from ethX? huh? i don't understand what you wanna do. Each of your vservers has one IP address to which the processes in the vserver can bind. So block incoming traffic from this address and you're done. Tom From vserver.error@solucorp.qc.ca Mon Apr 22 10:47:53 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3MElq3Q017586; Mon, 22 Apr 2002 10:47:53 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3MESlK27977 for vserver.list; Mon, 22 Apr 2002 10:28:47 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from fnexchange2.corp.fast.net (fnexchange2.corp.fast.net [209.92.29.202]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3MESlh27973 for ; Mon, 22 Apr 2002 10:28:47 -0400 Received: by fnexchange2.corp.fast.net with Internet Mail Service (5.5.2653.19) id ; Mon, 22 Apr 2002 10:28:47 -0400 Message-ID: <684A8B4FD94E464283C3ABA6AE65214102D9BBA5@fnexchange2.corp.fast.net> From: Jerry Wilborn To: "'vserver@solucorp.qc.ca'" Subject: RE: [vserver] blocking ssh access from virtual server to physical one Date: Mon, 22 Apr 2002 10:28:38 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-99.0 required=5.0 tests=SUBJ_HAS_SPACES,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 519 packet level rules dont appear to work; here are my rules and ipchains -v L -n it only disallows a connection if i add something to hosts.allow/deny. but then again you can tell that the port is open from the virtual machine. from /etc/sysconfig/ipchains :input ACCEPT :forward REJECT :output ACCEPT -A input -s 0/0 -d 0/0 -i lo -j ACCEPT -A input -p tcp -s 205.147.200.0/24 -d 0/0 22 -i eth0 -j ACCEPT -A input -p tcp -s 0/0 -d 0/0 22 -i lo -j REJECT -A input -p tcp -s 0/0 -d 0/0 0:1023 -y -j REJECT -A input -p tcp -s 0/0 -d 0/0 2049 -y -j REJECT -A input -p udp -s 0/0 -d 0/0 0:1023 -j REJECT -A input -p udp -s 0/0 -d 0/0 2049 -j REJECT -A input -p tcp -s 0/0 -d 0/0 6000:6009 -y -j REJECT -A input -p tcp -s 0/0 -d 0/0 7100 -y -j REJECT [root@jerrytest root]# ipchains -L -n -v Chain input (policy ACCEPT: 182019 packets, 14019944 bytes): pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports 28 1928 ACCEPT all ------ 0xFF 0x00 lo 0.0.0.0/0 0.0.0.0/0 n/a 4297 322K ACCEPT tcp ------ 0xFF 0x00 eth0 205.147.200.0/24 0.0.0.0/0 * -> 22 0 0 REJECT tcp ------ 0xFF 0x00 lo 0.0.0.0/0 0.0.0.0/0 * -> 22 524 23916 REJECT tcp -y---- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 0:1023 0 0 REJECT tcp -y---- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 2049 54852 6529K REJECT udp ------ 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 0:1023 0 0 REJECT udp ------ 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 2049 0 0 REJECT tcp -y---- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 6000:6009 0 0 REJECT tcp -y---- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 7100 Chain forward (policy REJECT: 0 packets, 0 bytes): Chain output (policy ACCEPT: 223468 packets, 23335617 bytes): Jerry Wilborn, Operations Engineer FASTNET - Internet Solutions 610-266-6700 www.fast.net -----Original Message----- From: Thomas Weber [mailto:l_vserver@mail2news.4t2.com] Sent: Monday, April 22, 2002 10:22 AM To: vserver@solucorp.qc.ca Subject: Re: [vserver] blocking ssh access from virtual server to physical one On Mon, Apr 22, 2002 at 11:13:04AM +0200, Jon Bendtsen wrote: > Thomas Weber wrote: > > > > On Wed, Apr 17, 2002 at 02:59:05PM -0400, Jerry Wilborn wrote: > > > i tried implementing ipchains rules on the physical server to reject > > > packets, tried hosts.allow/deny combis > > > > > > has anyone been able to successfully block traffic coming from a virtual > > > server going to the physical server's ip? > > > > should be straight forward. With iptables it'd be like this: > > iptables -I INPUT -s vserversaddress --dport ssh -j DROP > > And what if the IP address is the same as the server ?? > > What if you used the interface option?? So, only allowing from ethX? huh? i don't understand what you wanna do. Each of your vservers has one IP address to which the processes in the vserver can bind. So block incoming traffic from this address and you're done. Tom From vserver.error@solucorp.qc.ca Mon Apr 22 10:53:39 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3MErc3Q017619; Mon, 22 Apr 2002 10:53:38 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3MEcDw28404 for vserver.list; Mon, 22 Apr 2002 10:38:13 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3MEcDh28400 for ; Mon, 22 Apr 2002 10:38:13 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16zexI-0006X9-00 for ; Mon, 22 Apr 2002 16:38:12 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16zexI-0006Wy-00 for ; Mon, 22 Apr 2002 16:38:12 +0200 Sender: jon@silicide.dk Message-ID: <3CC42054.63DD6B7B@silicide.dk> Date: Mon, 22 Apr 2002 16:38:12 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] blocking ssh access from virtual server to physical one References: <684A8B4FD94E464283C3ABA6AE65214102D9BB76@fnexchange2.corp.fast.net> <20020417214627.F2509@4t2.com> <3CC3D420.292C6586@silicide.dk> <20020422162147.N2509@4t2.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: vserver@solucorp.qc.ca Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 520 Thomas Weber wrote: > > On Mon, Apr 22, 2002 at 11:13:04AM +0200, Jon Bendtsen wrote: > > Thomas Weber wrote: > > > > > > On Wed, Apr 17, 2002 at 02:59:05PM -0400, Jerry Wilborn wrote: > > > > i tried implementing ipchains rules on the physical server to reject > > > > packets, tried hosts.allow/deny combis > > > > > > > > has anyone been able to successfully block traffic coming from a virtual > > > > server going to the physical server's ip? > > > > > > should be straight forward. With iptables it'd be like this: > > > iptables -I INPUT -s vserversaddress --dport ssh -j DROP > > > > And what if the IP address is the same as the server ?? > > > > What if you used the interface option?? So, only allowing from ethX? > > huh? i don't understand what you wanna do. Each of your vservers has one IP > address to which the processes in the vserver can bind. So block incoming > traffic from this address and you're done. Okay, i was unclear. You dont have to block it. Usualy you can specify a ! infront to revert the testing, or else you can just do "allow" all trafic to the port he wants protected that comes from ethX, or not his own ip. JonB From vserver.error@solucorp.qc.ca Mon Apr 22 11:28:05 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3MFS33Q017954; Mon, 22 Apr 2002 11:28:04 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3MEshQ28872 for vserver.list; Mon, 22 Apr 2002 10:54:43 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3MEshh28868 for ; Mon, 22 Apr 2002 10:54:43 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16zfDG-0006YF-00 for ; Mon, 22 Apr 2002 16:54:42 +0200 Received: from localhost ([127.0.0.1]) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16zfDG-0006Y5-00 for ; Mon, 22 Apr 2002 16:54:42 +0200 Delivered-To: silicide_dk-jon+vserver@silicide.dk Received: from mail.dht.dk [194.239.148.46] by localhost with POP3 (fetchmail-5.9.0) for jon+vserver@silicide.dk (multi-drop); Mon, 22 Apr 2002 16:54:42 +0200 (CEST) Received: (qmail 98722 invoked from network); 22 Apr 2002 14:54:06 -0000 Received: from dns.solucorp.qc.ca (207.253.4.241) by ns.dht.dk with SMTP; 22 Apr 2002 14:54:06 -0000 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3MEcDw28404 for vserver.list; Mon, 22 Apr 2002 10:38:13 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3MEcDh28400 for ; Mon, 22 Apr 2002 10:38:13 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 16zexI-0006X9-00 for ; Mon, 22 Apr 2002 16:38:12 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 16zexI-0006Wy-00 for ; Mon, 22 Apr 2002 16:38:12 +0200 Sender: jon@silicide.dk Message-ID: <3CC42054.63DD6B7B@silicide.dk> Date: Mon, 22 Apr 2002 16:38:12 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] blocking ssh access from virtual server to physical one References: <684A8B4FD94E464283C3ABA6AE65214102D9BB76@fnexchange2.corp.fast.net> <20020417214627.F2509@4t2.com> <3CC3D420.292C6586@silicide.dk> <20020422162147.N2509@4t2.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: jon+vserver@silicide.dk Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 521 Thomas Weber wrote: > > On Mon, Apr 22, 2002 at 11:13:04AM +0200, Jon Bendtsen wrote: > > Thomas Weber wrote: > > > > > > On Wed, Apr 17, 2002 at 02:59:05PM -0400, Jerry Wilborn wrote: > > > > i tried implementing ipchains rules on the physical server to reject > > > > packets, tried hosts.allow/deny combis > > > > > > > > has anyone been able to successfully block traffic coming from a virtual > > > > server going to the physical server's ip? > > > > > > should be straight forward. With iptables it'd be like this: > > > iptables -I INPUT -s vserversaddress --dport ssh -j DROP > > > > And what if the IP address is the same as the server ?? > > > > What if you used the interface option?? So, only allowing from ethX? > > huh? i don't understand what you wanna do. Each of your vservers has one IP > address to which the processes in the vserver can bind. So block incoming > traffic from this address and you're done. Okay, i was unclear. You dont have to block it. Usualy you can specify a ! infront to revert the testing, or else you can just do "allow" all trafic to the port he wants protected that comes from ethX, or not his own ip. JonB From vserver.error@solucorp.qc.ca Tue Apr 23 05:59:00 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3N9wx3Q027658; Tue, 23 Apr 2002 05:59:00 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3N9HrS21462 for vserver.list; Tue, 23 Apr 2002 05:17:53 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from april.netcraft.com.au (april.netcraft.com.au [203.16.231.73]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3N9Hph21458 for ; Tue, 23 Apr 2002 05:17:52 -0400 Received: (from g@localhost) by april.netcraft.com.au (8.11.6/8.11.6) id g3N9Hh118115 for vserver@solucorp.qc.ca; Tue, 23 Apr 2002 18:47:43 +0930 Date: Tue, 23 Apr 2002 18:47:43 +0930 From: "Geoffrey D. Bennett" To: vserver@solucorp.qc.ca Subject: [vserver] strace in ctx 1 Message-ID: <20020423184743.H14070@april.netcraft.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 522 Hi all, Does anyone else have problems running strace from ctx 1 on a process in a different context? It looks like this test: if (!child || child->s_context != current->s_context) goto out; should check for current->context != 1? Regards, -- Geoffrey D. Bennett, RHCE, RHCX geoffrey@netcraft.com.au Senior Systems Engineer http://www.netcraft.com.au/geoffrey/ NetCraft Australia Pty Ltd http://www.netcraft.com.au/linux/ From vserver.error@solucorp.qc.ca Wed Apr 24 14:01:21 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3OI1K3Q010118; Wed, 24 Apr 2002 14:01:21 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3OHfXB01718 for vserver.list; Wed, 24 Apr 2002 13:41:33 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from noc.easyspace.net (noc.easyspace.net [62.254.202.67]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3OHfWh01714 for ; Wed, 24 Apr 2002 13:41:33 -0400 Received: from hoffman.vilain.net (gw1.noc.easyspace.net [62.254.202.66]) by noc.easyspace.net (8.11.0/8.11.0) with ESMTP id g3OHdXk16770 for ; Wed, 24 Apr 2002 18:39:33 +0100 Received: from hoffman.vilain.net ([127.0.0.1] helo=hoffman ident=sam) by hoffman.vilain.net with smtp (Exim 3.33 #1 (Debian)) id 170Qli-00085K-00 for ; Wed, 24 Apr 2002 18:41:26 +0100 Date: Wed, 24 Apr 2002 18:41:25 +0100 From: Sam Vilain To: vserver@solucorp.qc.ca Subject: [vserver] www.cplusplussucks.com X-Mailer: Sylpheed version 0.7.4 (GTK+ 1.2.10; i386-debian-linux-gnu) X-Face: NErb*2NY4\th?$s.!!]_9le_WtWE'b4;dk<5ot)OW2hErS|tE6~D3errlO^fVil?{qe4Lp_m\&Ja!;>%JqlMPd27X|;b!GH'O.,NhF*)e\ln4W}kFL5c`5t'9,(~Bm_&on,0Ze"D>rFJ$Y[U""nR Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-99.3 required=5.0 tests=SUPERLONG_LINE,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 523 I'm getting this wierd compile error on one of my test machines: linux10321:~/vserver/dist/vserver-0.17$ make gcc -funsigned-char -Wall -g -DVERSION=\"0.17\" chcontext.cc syscall.o -o chcontext \ -lstdc++ In file included from /usr/include/sys/wait.h:39, from vutil.h:7, from chcontext.cc:17: /usr/include/bits/waitflags.h:26: warning: `WNOHANG' redefined /usr/include/linux/wait.h:4: warning: this is the location of the previous definition /usr/include/bits/waitflags.h:27: warning: `WUNTRACED' redefined /usr/include/linux/wait.h:5: warning: this is the location of the previous definition In file included from /usr/include/g++-2/alloc.h:21, from /usr/include/g++-2/std/bastring.h:39, from /usr/include/g++-2/string:6, from vutil.h:8, from chcontext.cc:17: /usr/include/g++-2/stl_alloc.h:320: parse error before `.' /usr/include/g++-2/stl_alloc.h:320: missing ';' before right brace /usr/include/g++-2/stl_alloc.h:322: parse error before `.' /usr/include/g++-2/stl_alloc.h: In function `size_t ROUND_UP(size_t)': /usr/include/g++-2/stl_alloc.h:325: parse error before `.' /usr/include/g++-2/stl_alloc.h:325: parse error before `.' /usr/include/g++-2/stl_alloc.h:326: warning: control reaches end of non-void function `ROUND_UP(size_t)' /usr/include/g++-2/stl_alloc.h: At top level: /usr/include/g++-2/stl_alloc.h:327: parse error before `private' /usr/include/g++-2/stl_alloc.h:331: parse error before `}' /usr/include/g++-2/stl_alloc.h: In function `size_t FREELIST_INDEX(size_t)': /usr/include/g++-2/stl_alloc.h:340: parse error before `.' /usr/include/g++-2/stl_alloc.h:341: warning: control reaches end of non-void function `FREELIST_INDEX(size_t)' /usr/include/g++-2/stl_alloc.h: In method `lock::lock()': /usr/include/g++-2/stl_alloc.h:382: `threads' undeclared (first use this function) /usr/include/g++-2/stl_alloc.h:382: (Each undeclared identifier is reported only once /usr/include/g++-2/stl_alloc.h:382: for each function it appears in.) /usr/include/g++-2/stl_alloc.h: In method `lock::~lock()': /usr/include/g++-2/stl_alloc.h:383: confused by earlier errors, bailing out make: *** [chcontext] Error 1 linux10321:~/vserver/dist/vserver-0.17$ Any ideas? Something odd seems to be going wrong with the `#include ' in vutils.h Versions 0.16 and 0.14 have a different problem: linux10321:~/vserver/dist/vserver-0.16$ make g++ -c -o syscall.o syscall.cc gcc -funsigned-char -Wall -g -DVERSION=\"0.16\" chbind.cc syscall.o -o chbind /tmp/cc1gxINB.o: In function `__rb_tree_base_iterator::decrement(void)': /usr/include/g++-2/stl_tree.h(.__malloc_alloc_template<0>::gnu.linkonce.t.oom_malloc(unsigned int)+0x17): undefined reference to `endl(ostream &)' /usr/include/g++-2/stl_tree.h(.__malloc_alloc_template<0>::gnu.linkonce.t.oom_malloc(unsigned int)+0x21): undefined reference to `cerr' /usr/include/g++-2/stl_tree.h(.__malloc_alloc_template<0>::gnu.linkonce.t.oom_malloc(unsigned int)+0x26): undefined reference to `ostream::operator<<(char const *)' /usr/include/g++-2/stl_tree.h(.__malloc_alloc_template<0>::gnu.linkonce.t.oom_malloc(unsigned int)+0x31): undefined reference to `ostream::operator<<(ostream &(*)(ostream &))' /usr/include/g++-2/stl_tree.h(.basic_string, __default_alloc_template<1, 0> >::Rep::gnu.linkonce.t.copy(unsigned int, char const *, unsigned int)+0x2a): undefined reference to `string_char_traits::copy(char *, char const *, unsigned int)' /usr/include/g++-2/stl_tree.h(.basic_string, __default_alloc_template<1, 0> >::Rep::gnu.linkonce.t.move(unsigned int, char const *, unsigned int)+0x2a): undefined reference to `string_char_traits::move(char *, char const *, unsigned int)' /usr/include/g++-2/stl_tree.h(.basic_string, __default_alloc_template<1, 0> >::gnu.linkonce.t.replace(unsigned int, unsigned int, char const *, unsigned int)+0x2e): undefined reference to `__out_of_range(char const *)' /tmp/cc1gxINB.o: In function `chbind_devexist(char const *)': /home/sv/vserver/dist/vserver-0.16/chbind.cc:39: undefined reference to `__length_error(char const *)' /home/sv/vserver/dist/vserver-0.16/chbind.cc:35: undefined reference to `__out_of_range(char const *)' /home/sv/vserver/dist/vserver-0.16/chbind.cc:40: undefined reference to `__length_error(char const *)' /tmp/cc1gxINB.o: In function `ifconfig_getaddr(char const *, unsigned long &, unsigned long &)': /home/sv/vserver/dist/vserver-0.16/chbind.cc:75: undefined reference to `string_char_traits::assign(char &, char const &)' /home/sv/vserver/dist/vserver-0.16/chbind.cc:87: undefined reference to `string_char_traits::assign(char &, char const &)' /tmp/cc1gxINB.o: In function `__rb_tree_base_iterator::decrement(void)': /usr/include/g++-2/stl_tree.h(.basic_string, __default_alloc_template<1, 0> >::gnu.linkonce.t.compare(basic_string, __default_alloc_template<1, 0> > const &, unsigned int, unsigned int) const+0x26): undefined reference to `__out_of_range(char const *)' /tmp/cc1gxINB.o: In function `chbind_devexist(char const *)': /home/sv/vserver/dist/vserver-0.16/chbind.cc:40: undefined reference to `string_char_traits::compare(char const *, char const *, unsigned int)' /tmp/cc1gxINB.o: In function `__rb_tree_base_iterator::decrement(void)': /usr/include/g++-2/stl_tree.h(.gnu.linkonce.t.__ls__H3ZcZt18string_char_traits1ZcZt24__default_alloc_template2b1i0_R7ostreamRCt12basic_string3ZX01ZX11ZX21_R7ostream+0x26): undefined reference to `ostream::write(char const *, int)' /tmp/cc1gxINB.o: In function `chbind_devexist(char const *)': /home/sv/vserver/dist/vserver-0.16/chbind.cc:35: undefined reference to `__out_of_range(char const *)' collect2: ld returned 1 exit status make: *** [chbind] Error 1 The latest version I could compile on that machine was 0.13. On a later release of RedHat (7.1 instead of 6.2), it compiles fine. From vserver.error@solucorp.qc.ca Thu Apr 25 12:53:47 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3PGrk3Q020785; Thu, 25 Apr 2002 12:53:46 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3PGNEZ32329 for vserver.list; Thu, 25 Apr 2002 12:23:14 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3PGNEh32325 for ; Thu, 25 Apr 2002 12:23:14 -0400 Received: from remtk.solucorp.qc.ca (g36-103.citenet.net [206.123.36.103]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g3PGR4614573 for ; Thu, 25 Apr 2002 12:27:04 -0400 (EDT) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g3PGH8O02527 for vserver@solucorp.qc.ca; Thu, 25 Apr 2002 12:17:08 -0400 From: Jacques Gelinas Date: Thu, 25 Apr 2002 12:17:08 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] www.cplusplussucks.com X-mailer: tlmpmail 0.6 Message-ID: <20020425121708.cfce128fc469@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 524 On Wed, 24 Apr 2002 18:41:25 -0500, Sam Vilain wrote > I'm getting this wierd compile error on one of my test machines: Which gcc distribution is this. There are problems in the STL headers on some GCC version. I just compiled it on a pretty vanilla rh6.2. The STL headers are part of the package egcs-c++-1.1.2-30 > linux10321:~/vserver/dist/vserver-0.17$ make > gcc -funsigned-char -Wall -g -DVERSION=\"0.17\" chcontext.cc syscall.o -o chcontext > \ > -lstdc++ > In file included from /usr/include/sys/wait.h:39, > from vutil.h:7, > from chcontext.cc:17: > /usr/include/bits/waitflags.h:26: warning: `WNOHANG' redefined > /usr/include/linux/wait.h:4: warning: this is the location of the previous definition > /usr/include/bits/waitflags.h:27: warning: `WUNTRACED' redefined > /usr/include/linux/wait.h:5: warning: this is the location of the previous definition To compile the utility, I am including and this is kind of bad. The kernel headers are not meant to be included. Normally, glibc include files are providing the necessary services to shield applications from the kernel headers. But glibc does not support any interface to the capability system. To fix this one, I suggest you install new kernel headers on the compilation machine, potentially taken from a 2.4.18 kernel. > In file included from /usr/include/g++-2/alloc.h:21, > from /usr/include/g++-2/std/bastring.h:39, > from /usr/include/g++-2/string:6, > from vutil.h:8, > from chcontext.cc:17: > /usr/include/g++-2/stl_alloc.h:320: parse error before `.' > /usr/include/g++-2/stl_alloc.h:320: missing ';' before right brace > /usr/include/g++-2/stl_alloc.h:322: parse error before `.' > /usr/include/g++-2/stl_alloc.h: In function `size_t ROUND_UP(size_t)': > /usr/include/g++-2/stl_alloc.h:325: parse error before `.' > /usr/include/g++-2/stl_alloc.h:325: parse error before `.' > /usr/include/g++-2/stl_alloc.h:326: warning: control reaches end of non-void function > `ROUND_UP(size_t)' > /usr/include/g++-2/stl_alloc.h: At top level: > /usr/include/g++-2/stl_alloc.h:327: parse error before `private' > /usr/include/g++-2/stl_alloc.h:331: parse error before `}' > /usr/include/g++-2/stl_alloc.h: In function `size_t FREELIST_INDEX(size_t)': > /usr/include/g++-2/stl_alloc.h:340: parse error before `.' > /usr/include/g++-2/stl_alloc.h:341: warning: control reaches end of non-void function > `FREELIST_INDEX(size_t)' > /usr/include/g++-2/stl_alloc.h: In method `lock::lock()': > /usr/include/g++-2/stl_alloc.h:382: `threads' undeclared (first use this function) > /usr/include/g++-2/stl_alloc.h:382: (Each undeclared identifier is reported only once > /usr/include/g++-2/stl_alloc.h:382: for each function it appears in.) > /usr/include/g++-2/stl_alloc.h: In method `lock::~lock()': > /usr/include/g++-2/stl_alloc.h:383: confused by earlier errors, bailing out > make: *** [chcontext] Error 1 > linux10321:~/vserver/dist/vserver-0.17$ > > Any ideas? Something odd seems to be going wrong with the `#include ' in > vutils.h I would say this is a bug in the STL headers. Which egcs package are you using ? > The latest version I could compile on that machine was 0.13. > > On a later release of RedHat (7.1 instead of 6.2), it compiles fine. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Fri Apr 26 11:23:18 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3QFNH3Q002156; Fri, 26 Apr 2002 11:23:17 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3QF7vp01028 for vserver.list; Fri, 26 Apr 2002 11:07:57 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from blueyonder.co.uk (pcow007o.blueyonder.co.uk [195.188.53.118]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3QF7uh01024 for ; Fri, 26 Apr 2002 11:07:57 -0400 Received: from mail pickup service by blueyonder.co.uk with Microsoft SMTPSVC; Fri, 26 Apr 2002 16:08:27 +0100 Content-Class: urn:content-classes:message From: To: Subject: [vserver] LVM and Quotas Date: Fri, 26 Apr 2002 16:08:27 +0100 Message-ID: <3c5901c1ed34$37f219a0$7635bcc3@blueyonder.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Mailer: Microsoft CDO for Windows 2000 Thread-Index: AcHtNDfvxmscJVkXEdazEQCQJ9GLUQ== X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2014.211 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by dns.solucorp.qc.ca id g3QF7uh01024 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=1.9 required=5.0 tests=NO_REAL_NAME,SUPERLONG_LINE version=2.01 Status: RO X-Status: X-Keywords: X-UID: 525 I have been experimenting with ways of meeting two particular requirements: i. Controlling the disk space used by virtual servers ii. Allowing virtual servers to set up their own disk quotas (as mentioned in previous posts, this is a requirement for some web hosting control panels, etc.) Requirement (i) can be met using Logical Volume Management (LVM) at the expense of loosing filesystem unification (see notes below for LVM setup details). As for requirement (ii), with each virtual server installed on its own logical volume, it is possible to set up standard filesystem quotas per virtual server. Quotas are initialised by running quotacheck -ugm -F vfsold /vservers/vs1 quotaon /vservers/vs1 on the base server. This creates the accounting files 'quota.user' and 'quota.group' in the root folder of the virtual server. The root user on the base server can use 'edquota' to set quotas specific to the users/groups on that virtual server. To allow root on the virtual server to view quota status with 'repquota' it is necessary to create the /dev/vservers/vs1lv device in the virtual server filesystem and edit mtab to remove the 'hdv1' entry and replace it with: /dev/vservers/vs1lv / ext3 rw,usrquota,grpquota 0 0 (are there any security issues with this?) 'repquota' then works in virtual server context, but commands to set quotas or turn quota management on/off fail. This is because most calls to the kernel function sys_quotactl fail without CAP_SYS_ADMIN. To work around this, would it be sensible to add another capability, say CAP_QUOTACTL, to the kernel capabilities set, and then patch sys_quotactl() to allow calls with CAP_SYSADMIN or CAP_QUOTACTL set, or would this be too much of a hack? Iain LVM install/setup on Redhat 7.2 host server: 1. install lvm-1.0.3-4.i386.rpm 2. add to /etc/modules.conf: alias block-major-58 lvm-mod alias char-major-109 lvm-mod 3. vgscan (to initialise /etc/lvmtab) 4. create some physical disk partition(s) of type 8e, and run pvcreate /dev/hd** 5. Create a volume group: vgcreate vservers /dev/hd** ... 6. Create a logical volume for each private server, e.g.: lvcreate -L 600 -n vs1lv vservers (this will create a device file /dev/vservers/vs1lv) 7. mke2fs -j /dev/vservers/vs1lv You can then mount the logical volumes under /vservers, e.g. add to fstab: /dev/vservers/vs1lv /vservers/vs1 ext3 defaults,usrquota,grpquota 1 2 And then use 'vserver build' or newvserver to create a virtual server filesystem.at the logical volume mount point. From vserver.error@solucorp.qc.ca Fri Apr 26 11:36:53 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3QFaq3Q002409; Fri, 26 Apr 2002 11:36:52 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3QFJ2L01217 for vserver.list; Fri, 26 Apr 2002 11:19:02 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from noc.easyspace.net (noc.easyspace.net [62.254.202.67]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3QFJ1h01213 for ; Fri, 26 Apr 2002 11:19:02 -0400 Received: from hoffman.vilain.net (gw1.noc.easyspace.net [62.254.202.66]) by noc.easyspace.net (8.11.0/8.11.0) with ESMTP id g3QFGtk08757 for ; Fri, 26 Apr 2002 16:16:55 +0100 Received: from hoffman.vilain.net ([127.0.0.1] helo=hoffman ident=sam) by hoffman.vilain.net with smtp (Exim 3.33 #1 (Debian)) id 1717Uw-0000sL-00 for ; Fri, 26 Apr 2002 16:18:58 +0100 Date: Fri, 26 Apr 2002 16:18:57 +0100 From: Sam Vilain To: vserver@solucorp.qc.ca Subject: Re: [vserver] www.cplusplussucks.com In-Reply-To: <20020425121708.cfce128fc469@remtk.solucorp.qc.ca> References: <20020425121708.cfce128fc469@remtk.solucorp.qc.ca> X-Mailer: Sylpheed version 0.7.4 (GTK+ 1.2.10; i386-debian-linux-gnu) X-Face: NErb*2NY4\th?$s.!!]_9le_WtWE'b4;dk<5ot)OW2hErS|tE6~D3errlO^fVil?{qe4Lp_m\&Ja!;>%JqlMPd27X|;b!GH'O.,NhF*)e\ln4W}kFL5c`5t'9,(~Bm_&on,0Ze"D>rFJ$Y[U""nR Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 526 Jacques Gelinas wrote: > Which gcc distribution is this. There are problems in the STL headers on > some GCC version. I just compiled it on a pretty vanilla rh6.2. The STL > headers are part of the package egcs-c++-1.1.2-30 Mmm, I have that version (1.1.2-30). I've checked the packages (egcs, egcs-c++) are sane with rpm -V. > To compile the utility, I am including and this is > kind of bad. The kernel headers are not meant to be included. Normally, > glibc include files are providing the necessary services to shield > applications from the kernel headers. But glibc does not support any > interface to the capability system. > To fix this one, I suggest you install new kernel headers on the > compilation machine, potentially taken from a 2.4.18 kernel. Sure. I have already ensured that /usr/src/linux (and hence, /usr/include/linux) points to the correct place, in Red Hat tradition. Looking at the preprocessed output from gcc, it seems to be including the correct capability.h, from the kernel source tree. Looking a bit deeper, this is the section of the template library it is complaining about: > class __default_alloc_template { > > private: > // Really we should use static const int x = N > // instead of enum { x = N }, but few compilers accept the former. > # ifndef __SUNPRO_CC > enum {__ALIGN = 8}; > enum {__MAX_BYTES = 128}; > enum {__NFREELISTS = __MAX_BYTES/__ALIGN}; > # endif > static size_t ROUND_UP(size_t bytes) { > return (((bytes) + __ALIGN-1) & ~(__ALIGN - 1)); > } Which is being preprocessed to this: > class __default_alloc_template { > > private: > > > > enum {.align 4,0x90 = 8}; > enum {__MAX_BYTES = 128}; > enum {__NFREELISTS = __MAX_BYTES/ .align 4,0x90 }; > > static size_t ROUND_UP(size_t bytes) { > return (((bytes) + .align 4,0x90 -1) & ~(.align 4,0x90 - 1)); > } Hence this error: > > /usr/include/g++-2/stl_alloc.h:320: parse error before `.' > > /usr/include/g++-2/stl_alloc.h:320: missing ';' before right brace > > /usr/include/g++-2/stl_alloc.h:322: parse error before `.' But why on earth would it have __SUNPRO_CC defined in the first place? This baffles me more than RedHat's popularity. btw perl -e '`cat /proc/self/status`=~m/__NR_new_s_context: (\d+)/; syscall($1, 10); exec @ARGV' works. > I would say this is a bug in the STL headers. Which egcs package are you > using ? Name : egcs Relocations: (not relocateable) Version : 1.1.2 Vendor: Red Hat, Inc. Release : 30 Build Date: Thu 17 Feb 2000 07:17:14 PM GMT Install date: Wed 26 Jul 2000 06:47:29 PM GMT Build Host: porky.devel.redhat.com Group : Development/Languages Source RPM: egcs-1.1.2-30.src.rpm Size : 3447148 License: GPL Packager : Red Hat, Inc. URL : http://gcc.gnu.org/ Summary : The GNU Compiler Collection. Description : The egcs package contains the GNU Compiler Collection: cc, gcc and egcs. You'll need this package in order to compile C/C++ code. -- Sam Vilain, sam@vilain.net WWW: http://sam.vilain.net/ 7D74 2A09 B2D3 C30F F78E GPG: http://sam.vilain.net/sam.asc 278A A425 30A9 05B5 2F13 Tell a man that there are 300 billion stars in the universe, and he'll believe you.... Tell him that a bench has wet paint upon it and he'll have to touch it to be sure. From vserver.error@solucorp.qc.ca Sat Apr 27 02:20:13 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3R6KC3Q012325; Sat, 27 Apr 2002 02:20:13 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3R5Z4x18724 for vserver.list; Sat, 27 Apr 2002 01:35:04 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtp13.dti.ne.jp (smtp13.dti.ne.jp [202.216.228.48]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3R5Z2h18720 for ; Sat, 27 Apr 2002 01:35:03 -0400 Received: from posha.cats.yamato (PPPa232.ibaraki-ip.dti.ne.jp [210.159.157.232]) by smtp13.dti.ne.jp (8.12.1/3.7W) with SMTP id g3R5Z0SW027908 for ; Sat, 27 Apr 2002 14:35:00 +0900 (JST) Date: Sat, 27 Apr 2002 14:35:00 +0900 (JST) Message-Id: <200204270535.g3R5Z0SW027908@smtp13.dti.ne.jp> From: "S.Yamto" Errors-To: sy@my.email.ne.jp To: vserver@solucorp.qc.ca Subject: [vserver] [Q] Can not ForwardX11 in ssh X-Mailer: mnews [version 1.22] 1999-12/19(Sun) X-Dispatcher: Nomail 0.4.9 (Caravanserai) Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 527 Hello, I am new to vserver and I was very impressed by the light_weithtedness of the `vserver', it runs like a breeze. I am happy running `vserver' as simple compile engines for different distributions(running as routers). Thanks a lot. But, as in Subject:, it seems that I can not forward X11 packets in ssh sessions from host server to a remote terminal. (if host server is running any virtual machines or not) Here is the log -------------------------------- terminal$] xhost + access control disabled, clients can connect from any host terminal$] ssh -X server host_server> host_server> env | grep DISPLAY DISPLAY=localhost:10.0 host_server> xterm xterm Xt error: Can't open display: localhost:10.0 host_server> export DISPLAY=terminal:0.0 host_server> xterm .. XTERM appers at terminal's display. O.K. ... host_server> uname -a Linux host_server.xxx.xxx 2.4.18ctx-10 #1 SMP Tue Apr 23 11:37:34 JST 2002 i686 unknown host_server> sudo /usr/sbin/vserver-stat Password: CTX# PROC QTY VSZ RSS userTIME sysTIME UPTIME NAME 0 89 315Mb 27Kb 3h31m33 1h16m28 16h22m26 root server 2 3 6Mb 711b m00.91 m00.40 27m07.12 vskj host_server> /sbin/route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 192.168.0.3 0.0.0.0 UG 0 0 0 eth0 host_server> exit logout Connection to server closed. terminal$] ---------------------------------- The `host_server' is running RedHat 7.2(like) and `terminal' Mandrake 8.2. Is there any workaround? ( chbind etc.. ) I could not find any in ML archive at vlad. Thanks in advance, (Reading this ML in digest mode, and can not reply soon) --- S.Yamato/$BBgOB?50l(B sy@my.email.ne.jp From vserver.error@solucorp.qc.ca Sat Apr 27 14:17:19 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3RIHI3Q018450; Sat, 27 Apr 2002 14:17:18 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3RI2Gx07889 for vserver.list; Sat, 27 Apr 2002 14:02:16 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from linux969.dn.net ([216.167.77.141]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3RI2Fh07885 for ; Sat, 27 Apr 2002 14:02:15 -0400 Received: from mbyrk (tunnel-44-72.vpn.uib.no [129.177.44.72]) by linux969.dn.net (8.9.3/8.9.3) with ESMTP id UAA05966 for ; Sat, 27 Apr 2002 20:03:39 +0200 From: "Magnus Byrkjeflot" To: Subject: [vserver] Multiple vservers on one IP Date: Sat, 27 Apr 2002 20:01:39 +0200 Message-ID: <000a01c1ee15$a74cd9c0$11720d0a@mbyrk> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 528 Hello. I have not tested vserver, but would like to know if its possible to setup multiple vservers bound to same ip address? The vservers would be unique with services running on different ports. Thanks, Magnus Byrkjeflot From vserver.error@solucorp.qc.ca Sat Apr 27 14:41:34 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3RIfX3Q018596; Sat, 27 Apr 2002 14:41:34 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3RIRUS08556 for vserver.list; Sat, 27 Apr 2002 14:27:30 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tux.rsn.bth.se (tux.rsn.bth.se [194.47.143.135]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3RIRTh08552 for ; Sat, 27 Apr 2002 14:27:29 -0400 Received: from tux.rsn.bth.se (localhost [127.0.0.1]) by tux.rsn.bth.se (8.12.2/8.12.2/Debian -5) with ESMTP id g3RIREPb007438; Sat, 27 Apr 2002 20:27:14 +0200 Received: (from gandalf@localhost) by tux.rsn.bth.se (8.12.2/8.12.2/Debian -5) id g3RIRDNT007437; Sat, 27 Apr 2002 20:27:13 +0200 X-Authentication-Warning: tux.rsn.bth.se: gandalf set sender to gandalf@wlug.westbo.se using -f Subject: Re: [vserver] Multiple vservers on one IP From: Martin Josefsson To: vserver@solucorp.qc.ca Cc: Magnus Byrkjeflot In-Reply-To: <000a01c1ee15$a74cd9c0$11720d0a@mbyrk> References: <000a01c1ee15$a74cd9c0$11720d0a@mbyrk> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.3 Date: 27 Apr 2002 20:27:13 +0200 Message-Id: <1019932033.29406.137.camel@tux> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 529 On Sat, 2002-04-27 at 20:01, Magnus Byrkjeflot wrote: > Hello. > > I have not tested vserver, but would like to know if its possible to > setup multiple vservers bound to same ip address? > The vservers would be unique with services running on different ports. Yes it's possible for several vservers to be bound to the same ipaddress. They will of course not be able to bind to the same ports but as long as they bind to diffrent ports it's ok. -- /Martin Never argue with an idiot. They drag you down to their level, then beat you with experience. From vserver.error@solucorp.qc.ca Mon Apr 29 04:49:50 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3T8nn3Q032487; Mon, 29 Apr 2002 04:49:49 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3T8Su205090 for vserver.list; Mon, 29 Apr 2002 04:28:56 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail4.messagelabs.com (mail4.messagelabs.com [212.125.75.12]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g3T8Ssh05086 for ; Mon, 29 Apr 2002 04:28:55 -0400 X-VirusChecked: Checked Received: (qmail 24927 invoked from network); 29 Apr 2002 08:28:49 -0000 Received: from porgy.logica.co.uk (158.234.250.67) by server-23.tower-4.messagelabs.com with SMTP; 29 Apr 2002 08:28:49 -0000 Received: from lat.logica.co.uk (lat.logica.co.uk [158.234.190.58]) by porgy.logica.co.uk (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id JAA22041 for ; Mon, 29 Apr 2002 09:28:47 +0100 Received: from maximus (158.234.191.190 [158.234.191.190]) by lat.logica.co.uk with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2448.0) id G4YGK4G3; Mon, 29 Apr 2002 16:28:44 +0800 Subject: [vserver] Bind to broadcast address at port 2xxxx From: Lew Teck Kheng To: Vserver mailing list Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.3.99 Date: 29 Apr 2002 16:28:17 +0800 Message-Id: <1020068917.1570.32.camel@maximus> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 530 hi all : I am having problem with binding to a broadcast address at port 2xxxx. I must said everything is working fine except this. I have 2 NIC -- 1 is public and 1 is a private network IP (192.168.100.32). I have a process that startup from inittab and this process need to bind to a udp port 20000 at address 192.168.100.255. Sample output of netstat : ============================== udp 0 0 192.168.100.32:20000 0.0.0.0:* udp 0 0 192.168.100.255:20000 0.0.0.0:* This process worked fine on the second NIC card but not on vserver and I get this error : "failed: bind() failed: Cannot assign requested address" Below is my conf for the vserver : IPROOT=192.168.100.33 IPROOTDEV=eth1 IPROOTMASK=255.255.255.0 ONBOOT=yes S_CAPS="CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_ADMIN" S_HOSTNAME=arsenic S_FLAGS="nproc sched fakeinit" Do i miss anything or this is the limitation of the current vserver ? Many many thanks Cheers ________________________________________________________________________ This email has been scanned for all viruses by the MessageLabs SkyScan service. For more information on a proactive anti-virus service working around the clock, around the globe, visit http://www.messagelabs.com ________________________________________________________________________ From vserver.error@solucorp.qc.ca Tue Apr 30 00:36:23 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3U4aM3Q010580; Tue, 30 Apr 2002 00:36:22 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3U47B900889 for vserver.list; Tue, 30 Apr 2002 00:07:11 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g3U47Ah00885 for ; Tue, 30 Apr 2002 00:07:11 -0400 Received: from remtk.solucorp.qc.ca (g36-115.citenet.net [206.123.36.115]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g3U47BA87308 for ; Tue, 30 Apr 2002 00:07:11 -0400 (EDT) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g3U41ZR05620 for vserver@solucorp.qc.ca; Tue, 30 Apr 2002 00:01:35 -0400 From: Jacques Gelinas Date: Tue, 30 Apr 2002 00:01:35 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] Bind to broadcast address at port 2xxxx X-mailer: tlmpmail 0.6 Message-ID: <20020430000135.8337818cb5fe@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 531 On Mon, 29 Apr 2002 16:28:17 -0500, Lew Teck Kheng wrote > hi all : > > I am having problem with binding to a broadcast address at port 2xxxx. > > I must said everything is working fine except this. > > I have 2 NIC -- 1 is public and 1 is a private network IP > (192.168.100.32). > > I have a process that startup from inittab and this process need to bind > to a udp port 20000 at address 192.168.100.255. I would say this is a bug. I will look at it. Any reason why this is only binding to the broadcast address. If any UDP service does a bind any, it automatically picks the broadcast as well. Is this an option ? Anyway, this is easily fixable. The concept of a broadcast address for a vserver was introduced lately (ctx-9) and adding a test in bind to allow binding to the broadcast address is certainly doable. > Sample output of netstat : > ============================== > udp 0 0 192.168.100.32:20000 0.0.0.0:* > udp 0 0 192.168.100.255:20000 0.0.0.0:* > > > This process worked fine on the second NIC card but not on vserver and I > get this error : > > "failed: bind() failed: Cannot assign requested address" > > Below is my conf for the vserver : > > IPROOT=192.168.100.33 > IPROOTDEV=eth1 > IPROOTMASK=255.255.255.0 > ONBOOT=yes > S_CAPS="CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_NET_BROADCAST > CAP_NET_ADMIN" > S_HOSTNAME=arsenic > S_FLAGS="nproc sched fakeinit" > > Do i miss anything or this is the limitation of the current vserver ? > > Many many thanks > > Cheers > > > > ________________________________________________________________________ > This email has been scanned for all viruses by the MessageLabs SkyScan > service. For more information on a proactive anti-virus service working > around the clock, around the globe, visit http://www.messagelabs.com > ________________________________________________________________________ > --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Tue Apr 30 02:21:20 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g3U6LK3Q011661; Tue, 30 Apr 2002 02:21:20 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g3U5unX03198 for vserver.list; Tue, 30 Apr 2002 01:56:49 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail4.messagelabs.com (mail4.messagelabs.com [212.125.75.12]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g3U5umh03194 for ; Tue, 30 Apr 2002 01:56:48 -0400 X-VirusChecked: Checked Received: (qmail 2731 invoked from network); 30 Apr 2002 05:56:43 -0000 Received: from porgy.logica.co.uk (158.234.250.67) by server-23.tower-4.messagelabs.com with SMTP; 30 Apr 2002 05:56:43 -0000 Received: from lat.logica.co.uk (lat.logica.co.uk [158.234.190.58]) by porgy.logica.co.uk (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id GAA03464 for ; Tue, 30 Apr 2002 06:56:41 +0100 Received: from maximus (158.234.191.190 [158.234.191.190]) by lat.logica.co.uk with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2448.0) id G4YGK443; Tue, 30 Apr 2002 13:56:37 +0800 Subject: re: [vserver] Bind to broadcast address at port 2xxxx From: Lew Teck Kheng To: vserver@solucorp.qc.ca In-Reply-To: <20020430000135.8337818cb5fe@remtk.solucorp.qc.ca> References: <20020430000135.8337818cb5fe@remtk.solucorp.qc.ca> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.3.99 Date: 30 Apr 2002 13:56:23 +0800 Message-Id: <1020146188.2034.18.camel@maximus> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 532 hi Jacques : Thank for the reply. There is a process that need to bind to the broadcast at certain port before i can start the remaining cluster nodes. This process is actually a run level controller. I am trying to setup a cluster vserver but without the process able to bind to the broadcast at the prot I cannot startup any of the cluster nodes. Looking forward for the patches. Once again , great software. Many thanks Cheers On Tue, 2002-04-30 at 13:01, Jacques Gelinas wrote: > On Mon, 29 Apr 2002 16:28:17 -0500, Lew Teck Kheng wrote > > hi all : > > > > I am having problem with binding to a broadcast address at port 2xxxx. > > > > I must said everything is working fine except this. > > > > I have 2 NIC -- 1 is public and 1 is a private network IP > > (192.168.100.32). > > > > I have a process that startup from inittab and this process need to bind > > to a udp port 20000 at address 192.168.100.255. > > I would say this is a bug. I will look at it. Any reason why this is only > binding to the broadcast address. If any UDP service does a bind any, it automatically > picks the broadcast as well. Is this an option ? > > Anyway, this is easily fixable. The concept of a broadcast address for a vserver > was introduced lately (ctx-9) and adding a test in bind to allow binding > to the broadcast address is certainly doable. > > > Sample output of netstat : > > ============================== > > udp 0 0 192.168.100.32:20000 0.0.0.0:* > > udp 0 0 192.168.100.255:20000 0.0.0.0:* > > > > > > This process worked fine on the second NIC card but not on vserver and I > > get this error : > > > > "failed: bind() failed: Cannot assign requested address" > > > > Below is my conf for the vserver : > > > > IPROOT=192.168.100.33 > > IPROOTDEV=eth1 > > IPROOTMASK=255.255.255.0 > > ONBOOT=yes > > S_CAPS="CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_NET_BROADCAST > > CAP_NET_ADMIN" > > S_HOSTNAME=arsenic > > S_FLAGS="nproc sched fakeinit" > > > > Do i miss anything or this is the limitation of the current vserver ? > > > > Many many thanks > > > > Cheers > > > > > > > > ________________________________________________________________________ > > This email has been scanned for all viruses by the MessageLabs SkyScan > > service. For more information on a proactive anti-virus service working > > around the clock, around the globe, visit http://www.messagelabs.com > > ________________________________________________________________________ > > > > --------------------------------------------------------- > Jacques Gelinas > vserver: run general purpose virtual servers on one box, full speed! > http://www.solucorp.qc.ca/miscprj/s_context.hc -- ======================================================================== Lew Teck Kheng System Engineer Asia LMN System Engineering (Malaysia) (+603) 7725 6890 www.logica.com "Logica Make MMS Real Person to Person MMS demonstrated live using devices from 8 manufacturers on the Orange France GPRS Network at the 3 GSM World Congress in Cannes." ======================================================================== ________________________________________________________________________ This email has been scanned for all viruses by the MessageLabs SkyScan service. For more information on a proactive anti-virus service working around the clock, around the globe, visit http://www.messagelabs.com ________________________________________________________________________ From vserver.error@solucorp.qc.ca Wed May 1 08:39:21 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g41CdK3Q029763; Wed, 1 May 2002 08:39:20 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g41CA9j12014 for vserver.list; Wed, 1 May 2002 08:10:09 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtp13.dti.ne.jp (smtp13.dti.ne.jp [202.216.228.48]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g41CA8h12010 for ; Wed, 1 May 2002 08:10:08 -0400 Received: from posha.cats.yamato (PPPa232.ibaraki-ip.dti.ne.jp [210.159.157.232]) by smtp13.dti.ne.jp (8.12.1/3.7W) with SMTP id g41CA1SW013170 for ; Wed, 1 May 2002 21:10:01 +0900 (JST) Date: Wed, 1 May 2002 21:10:01 +0900 (JST) Message-Id: <200205011210.g41CA1SW013170@smtp13.dti.ne.jp> From: "S.Yamto" To: vserver@solucorp.qc.ca Subject: [vserver] zebedee & telnet localhost does not work X-Mailer: mnews [version 1.22] 1999-12/19(Sun) X-Dispatcher: Nomail 0.4.9 (Caravanserai) Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 533 Hello, I posted Message-Id: <200204270535.g3R5Z0SW027908@smtp13.dti.ne.jp> Subject: [vserver] [Q] Can not ForwardX11 in ssh And now I met other difficulties, 1. zebedee port forwarder does not work on vserver_host. On child OS it works fine. 2. telnet localhost is refused. ( telnet: connect to address 127.0.0.1: Connection refused ) But telnet LocalHost's_eth0 works. Both seem to be caused by the refusal of connection to 127.0.0.1. I tried /usr/sbin/chbind --ip lo /sbin/ifocnfig lo 127.0.0.1 netmask \ 255.0.0.0 dev lo ; /sbin/route add ... etc. in vain. Is this a known restriction? Or have I made a careless mistake? Is there any other port forwarding solutions? Regards ________ S.Yamato From vserver.error@solucorp.qc.ca Thu May 2 03:05:24 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g4275N3Q007491; Thu, 2 May 2002 03:05:23 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g426lcG03029 for vserver.list; Thu, 2 May 2002 02:47:38 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtp.hzhome.mine.nu (p508AA428.dip.t-dialin.net [80.138.164.40]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g426lbh03025 for ; Thu, 2 May 2002 02:47:37 -0400 Received: from [192.168.1.219] (vpc1.hzhome.mine.nu [192.168.1.219]) by smtp.hzhome.mine.nu (8.11.6/8.11.3/SuSE Linux 8.11.1-0.5) with ESMTP id g426uNP21669 for ; Thu, 2 May 2002 08:56:23 +0200 Date: Thu, 2 May 2002 08:45:42 -0100 (GMT+1) From: X-X-Sender: To: Subject: [vserver] vserver and X programs Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=1.2 required=5.0 tests=NO_REAL_NAME version=2.01 Status: RO X-Status: X-Keywords: X-UID: 534 Hello, I want to run untrusted X programs from (different) vservers. Unfortunately I am not very familiar with X's features and security issues. My first idea was to run one X Server as a normal user (from the real machine; not within a vserver) and to connect to this X Server via 'xhost' authentication. However, as it seems it is very easy for an X Client (once it gained access to X) to spy other windows as well as mouse and keyboard inputs (entering passwords !). Using Xnest would prevent this behaviour, but in any case running the X server not within a vserver seems to be dangerous due to the oftenly buggy X server. On the other hand, an X server needs permissions to devices like /dev/mem. But with the permission to this device a vserver would be able to spy everything running in the machine, real one and vserver. Right ? Any ideas ? Thanks in advance. P.S.: Yes I know, the 'server' part of vserver stands for SERVER and not for X, which is a typically client-side app. But I want to use vservers to test untrusted apps which sometimes include X ones. From vserver.error@solucorp.qc.ca Thu May 2 12:50:21 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g42GoK3Q013486; Thu, 2 May 2002 12:50:21 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g42GMxp16843 for vserver.list; Thu, 2 May 2002 12:22:59 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from remtk.solucorp.qc.ca (dns.unigiciel.com [207.253.4.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g42GMwh16839 for ; Thu, 2 May 2002 12:22:58 -0400 Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g42GN4T01743 for vserver@solucorp.qc.ca; Thu, 2 May 2002 12:23:04 -0400 From: Jacques Gelinas Date: Thu, 2 May 2002 12:23:04 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] Bind to broadcast address at port 2xxxx X-mailer: tlmpmail 0.6 Message-ID: <20020502122304.79e7c044cf7a@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 535 On Tue, 30 Apr 2002 13:56:23 -0500, Lew Teck Kheng wrote > hi Jacques : > > Thank for the reply. > > There is a process that need to bind to the broadcast at certain port > before i can start the remaining cluster nodes. This process is actually > a run level controller. > > I am trying to setup a cluster vserver but without the process able to > bind to the broadcast at the prot I cannot startup any of the cluster > nodes. Here is the patch. If all is fine, I will do ctx-11 with that. *** net/ipv4/af_inet.bak Mon Mar 18 12:26:22 2002 --- net/ipv4/af_inet.c Thu May 2 11:09:53 2002 *************** *** 497,503 **** bcast_addr = current->ipv4root_bcast; }else if (s_addr == 0x0100007f){ s_addr = current->ipv4root; ! }else if (s_addr != current->ipv4root){ return -EADDRNOTAVAIL; } } --- 497,504 ---- bcast_addr = current->ipv4root_bcast; }else if (s_addr == 0x0100007f){ s_addr = current->ipv4root; ! }else if (s_addr != current->ipv4root_bcast ! && s_addr != current->ipv4root){ return -EADDRNOTAVAIL; } } --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Sun May 5 09:59:00 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g45Dwx3Q015096; Sun, 5 May 2002 09:58:59 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g45DQM819937 for vserver.list; Sun, 5 May 2002 09:26:22 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from john-new (host213-122-105-29.in-addr.btopenworld.com [213.122.105.29]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g45DQDh19932 for ; Sun, 5 May 2002 09:26:18 -0400 Received: from 213.122.105.29 by john-new ([213.122.105.29] running VPOP3) with SMTP for ; Sun, 5 May 2002 14:25:53 +0100 From: "John Lyons" To: Subject: RE: [vserver] vunify immutable Date: Sun, 5 May 2002 14:25:53 +0100 Message-ID: <000001c1f438$61940100$1d697ad5@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) In-Reply-To: Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 536 I've built a vserver using vbuild --noflags --immutable vs_skel vs210 Now I need to delete vs210. I understand that this can't be done by any user because of the --immutable setting when the server was built. However running any vunify commands to try and allow the files to be unlinked is giving errors. [root@svr10 vservers]# vunify --noflags --immutable-mayunlink vs_skel vs210 -- all vservers vs210 %{name}=%{version}-%{release}\n: No such file or directory Is there a quick way of removing a vs once it's been created without the unlink flag being available? Regards John Lyons DomainCity http://www.domaincity.co.uk support@domaincity.co.uk ICQ 74187012 *********************************************************************** Please quote your account number in the subject line of all emails. Failure to do so may result in your enquiries taking longer to process. *********************************************************************** From vserver.error@solucorp.qc.ca Sun May 5 17:50:14 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g45LoD3Q018790; Sun, 5 May 2002 17:50:13 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g45LJw929677 for vserver.list; Sun, 5 May 2002 17:19:58 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from taz.eijk.nu (node-d-0565.a2000.nl [62.195.5.101]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g45LJuh29673 for ; Sun, 5 May 2002 17:19:56 -0400 Received: from eijk.nu (localhost.localdomain [127.0.0.1]) by taz.eijk.nu (8.12.1/linuxconf) with ESMTP id g45LJ4Ot026858 for ; Sun, 5 May 2002 23:19:05 +0200 Message-ID: <3CD5A1C8.2060406@eijk.nu> Date: Sun, 05 May 2002 23:19:04 +0200 From: Stefan van der Eijk User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0rc1) Gecko/00200203 X-Accept-Language: en-us, en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: [vserver] GR security & CTX Content-Type: multipart/mixed; boundary="------------080208070102070403060300" Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-5.0 required=5.0 tests=UNIFIED_PATCH version=2.01 Status: RO X-Status: X-Keywords: X-UID: 537 This is a multi-part message in MIME format. --------------080208070102070403060300 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Hi, I'm trying to get the CTX patch to work with Mandrake's development kernels. While applying the patch I noticed that the CTX patch conflicts with an earlier applied patch (the gr security patch, see http://www.grsecurity.org/ ). Before I continue trying to figure things out I've got a few questions: - If somebody wants to run the kernel without CTX functionality, will a CTX enabled kernel have any disadvantages against a normal kernel? - Are you planning to make configureable kernel options for the CTX functionality? - Does the GR security functionality conflict with CTX? - Is there a smart way to merge GR security and CTX patches? I've tried to merge the CTX patch, the resulting diff of the original patch is attached to this email. kind regards, Stefan van der Eijk Parts where conflicts are found: $ less ./fs/proc/base.c.rej *************** *** 1019,1022 **** if (!pid) continue; if (--index >= 0) continue; --- 1025,1041 ---- if (!pid) continue; + /* Even if the pid 1 is not part of the security context */ + /* we show it anyway. This makes the security box */ + /* more standard (and helps pstree do its job) */ + /* So current process "knows" pid 1 exist anyway and can't */ + /* send any signal either */ + + /* A process with security context 1 can see all processes */ + if (pid != 1 + && current->s_context != 1 + && p->s_context != current->s_context) continue; + /* We hide the fakeinit process since we show it as process 1 */ + if (current->s_info != NULL + && current->s_info->initpid == pid) continue; if (--index >= 0) continue; $ less ./fs/proc/base.c if (!pid) continue; #ifdef CONFIG_GRKERNSEC_ACL if(gr_check_hidden_task(p)) continue; #endif if (--index >= 0) continue ===================================================================================== $ less ./kernel/signal.c.rej *************** *** 593,597 **** read_lock(&tasklist_lock); for_each_task(p) { ! if (p->pgrp == pgrp) { int err = send_sig_info(sig, info, p); if (retval) --- 593,599 ---- read_lock(&tasklist_lock); for_each_task(p) { ! if (p->pgrp == pgrp ! && ((long)info==1 ! || p->s_context == current->s_context)) { int err = send_sig_info(sig, info, p); if (retval) *************** *** 640,645 **** p = find_task_by_pid(pid); error = -ESRCH; ! if (p) ! error = send_sig_info(sig, info, p); read_unlock(&tasklist_lock); return error; --- 642,663 ---- p = find_task_by_pid(pid); error = -ESRCH; ! if (p != NULL){ ! switch((unsigned long)info) { ! case 0: ! if(p->s_context == current->s_context){ ! error = send_sig_info(sig, info, p); ! } ! break; ! case 1: ! error = send_sig_info(sig, info, p); ! break; ! default: ! if( info->si_code == SI_KERNEL ! || p->s_context == current->s_context){ ! error = send_sig_info(sig, info, p); ! } ! break; ! } ! } read_unlock(&tasklist_lock); return error; *************** *** 664,668 **** read_lock(&tasklist_lock); for_each_task(p) { ! if (p->pid > 1 && p != current) { int err = send_sig_info(sig, info, p); ++count; --- 682,686 ---- read_lock(&tasklist_lock); for_each_task(p) { ! if (p->pid > 1 && p != current && p->s_context == current->s_context) { int err = send_sig_info(sig, info, p); ++count; ===================================================================================== $ less ./kernel/sys.c.rej *************** *** 1116,1119 **** { int errno; if (!capable(CAP_SYS_ADMIN)) --- 1186,1190 ---- { int errno; + char *domainname; if (!capable(CAP_SYS_ADMIN)) ===================================================================================== $ less ./Makefile.rej *************** *** 2,6 **** PATCHLEVEL = 4 SUBLEVEL = 18 ! EXTRAVERSION = KERNELRELEASE=$(VERSION).$(PATCHLEVEL).$(SUBLEVEL)$(EXTRAVERSION) --- 2,6 ---- PATCHLEVEL = 4 SUBLEVEL = 18 ! EXTRAVERSION =ctx-10 KERNELRELEASE=$(VERSION).$(PATCHLEVEL).$(SUBLEVEL)$(EXTRAVERSION) less ./Makefile PATCHLEVEL = 4 SUBLEVEL = 19 EXTRAVERSION = -pre6 KERNELRELEASE=$(VERSION).$(PATCHLEVEL).$(SUBLEVEL)$(EXTRAVERSION) ===================================================================================== --------------080208070102070403060300 Content-Type: text/plain; name="patch-2.4.18ctx-10.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="patch-2.4.18ctx-10.diff" --- patch-2.4.18ctx-10.orig 2002-04-15 19:28:22.000000000 +0200 +++ patch-2.4.18ctx-10 2002-05-05 23:13:38.000000000 +0200 @@ -5,13 +5,13 @@ *** 2,6 **** PATCHLEVEL = 4 SUBLEVEL = 18 -! EXTRAVERSION = +! EXTRAVERSION = -pre6 KERNELRELEASE=$(VERSION).$(PATCHLEVEL).$(SUBLEVEL)$(EXTRAVERSION) --- 2,6 ---- PATCHLEVEL = 4 SUBLEVEL = 18 -! EXTRAVERSION =ctx-10 +! EXTRAVERSION = pre6-ctx-10 KERNELRELEASE=$(VERSION).$(PATCHLEVEL).$(SUBLEVEL)$(EXTRAVERSION) diff -rc2P linux-2.4.18/arch/i386/kernel/entry.S linux-2.4.18ctx-10/arch/i386/kernel/entry.S @@ -758,25 +758,26 @@ dentry->d_op = &pid_base_dentry_operations; *************** -*** 1019,1022 **** ---- 1025,1041 ---- - if (!pid) - continue; -+ /* Even if the pid 1 is not part of the security context */ -+ /* we show it anyway. This makes the security box */ -+ /* more standard (and helps pstree do its job) */ -+ /* So current process "knows" pid 1 exist anyway and can't */ -+ /* send any signal either */ -+ -+ /* A process with security context 1 can see all processes */ -+ if (pid != 1 -+ && current->s_context != 1 -+ && p->s_context != current->s_context) continue; -+ /* We hide the fakeinit process since we show it as process 1 */ -+ if (current->s_info != NULL -+ && current->s_info->initpid == pid) continue; - if (--index >= 0) - continue; +*** 1095,1098 **** +--- 1095,1111 ---- + if (!pid) + continue; ++ /* Even if the pid 1 is not part of the security context */ ++ /* we show it anyway. This makes the security box */ ++ /* more standard (and helps pstree do its job) */ ++ /* So current process "knows" pid 1 exist anyway and can't */ ++ /* send any signal either */ ++ ++ /* A process with security context 1 can see all processes */ ++ if (pid != 1 ++ && current->s_context != 1 ++ && p->s_context != current->s_context) continue; ++ /* We hide the fakeinit process since we show it as process 1 */ ++ if (current->s_info != NULL ++ && current->s_info->initpid == pid) continue; + #ifdef CONFIG_GRKERNSEC_ACL + if(gr_check_hidden_task(p)) + continue; diff -rc2P linux-2.4.18/fs/udf/inode.c linux-2.4.18ctx-10/fs/udf/inode.c *** linux-2.4.18/fs/udf/inode.c Tue Feb 26 22:22:08 2002 --- linux-2.4.18ctx-10/fs/udf/inode.c Tue Feb 26 22:31:23 2002 @@ -1351,14 +1352,13 @@ + } read_unlock(&tasklist_lock); spin_lock_irq(&runqueue_lock); -diff -rc2P linux-2.4.18/kernel/signal.c linux-2.4.18ctx-10/kernel/signal.c *** linux-2.4.18/kernel/signal.c Fri Nov 23 15:07:52 2001 --- linux-2.4.18ctx-10/kernel/signal.c Tue Feb 26 22:31:23 2002 *************** *** 593,597 **** read_lock(&tasklist_lock); for_each_task(p) { -! if (p->pgrp == pgrp) { +! if (p->pgrp == pgrp && thread_group_leader(p)) { int err = send_sig_info(sig, info, p); if (retval) --- 593,599 ---- @@ -1370,17 +1370,31 @@ int err = send_sig_info(sig, info, p); if (retval) *************** -*** 640,645 **** +*** 712,717 **** p = find_task_by_pid(pid); error = -ESRCH; -! if (p) -! error = send_sig_info(sig, info, p); - read_unlock(&tasklist_lock); - return error; ---- 642,663 ---- +! if (p) { + #ifdef CONFIG_GRKERNSEC_ACL + if( !(gr_check_protected_task(p)) || current->pid == 1) + #endif +--- 712,718 ---- p = find_task_by_pid(pid); error = -ESRCH; -! if (p != NULL){ +! if (p != NULL) + #ifdef CONFIG_GRKERNSEC_ACL ++ { + if( !(gr_check_protected_task(p)) || current->pid == 1) + #endif +*************** +*** 723,727 **** + p = tg; + } +! error = send_sig_info(sig, info, p); + } + } +--- 724,742 ---- + p = tg; + } ! switch((unsigned long)info) { ! case 0: ! if(p->s_context == current->s_context){ @@ -1396,21 +1410,19 @@ ! error = send_sig_info(sig, info, p); ! } ! break; -! } -! } - read_unlock(&tasklist_lock); - return error; + } + } *************** -*** 664,668 **** - read_lock(&tasklist_lock); - for_each_task(p) { -! if (p->pid > 1 && p != current) { +*** 766,770 **** + if(!(gr_check_protected_task(p) || current->pid == 1)) + #endif +! if (p->pid > 1 && p != current && thread_group_leader(p)) { int err = send_sig_info(sig, info, p); ++count; ---- 682,686 ---- - read_lock(&tasklist_lock); - for_each_task(p) { -! if (p->pid > 1 && p != current && p->s_context == current->s_context) { +--- 766,770 ---- + if(!(gr_check_protected_task(p) || current->pid == 1)) + #endif +! if (p->pid > 1 && p != current && thread_group_leader(p) && p->s_context == current->s_context) { int err = send_sig_info(sig, info, p); ++count; *************** @@ -1727,8 +1739,8 @@ errno = -EFAULT; up_read(&uts_sem); *************** -*** 1066,1069 **** ---- 1136,1140 ---- +*** 1268,1271 **** +--- 1268,1272 ---- { int errno; + char *domainname; --------------080208070102070403060300-- From vserver.error@solucorp.qc.ca Mon May 6 08:42:34 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g46CgX3Q027005; Mon, 6 May 2002 08:42:34 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g46CESX18047 for vserver.list; Mon, 6 May 2002 08:14:28 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from prserv.net (out4.prserv.net [32.97.166.34]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g46CESh18043 for ; Mon, 6 May 2002 08:14:28 -0400 Received: from slip139-92-140-22.dub.ie.prserv.net ([139.92.140.22]) by prserv.net (out4) with SMTP id <2002050612141920400tvg86e>; Mon, 6 May 2002 12:14:20 +0000 Subject: re: [vserver] Bind to broadcast address at port 2xxxx From: Lew Teck Kheng To: vserver@solucorp.qc.ca In-Reply-To: <20020502122304.79e7c044cf7a@remtk.solucorp.qc.ca> References: <20020502122304.79e7c044cf7a@remtk.solucorp.qc.ca> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.3.99 Date: 06 May 2002 20:14:12 +0800 Message-Id: <1020687255.10199.16.camel@maximus> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-1.2 required=5.0 tests=IN_REP_TO,KNOWN_BAD_DIALUPS version=2.01 Status: RO X-Status: X-Keywords: X-UID: 538 hi jacques : The patch worked perfectly ! Thanks Cheers On Fri, 2002-05-03 at 01:23, Jacques Gelinas wrote: > On Tue, 30 Apr 2002 13:56:23 -0500, Lew Teck Kheng wrote > > hi Jacques : > > > > Thank for the reply. > > > > There is a process that need to bind to the broadcast at certain port > > before i can start the remaining cluster nodes. This process is actually > > a run level controller. > > > > I am trying to setup a cluster vserver but without the process able to > > bind to the broadcast at the prot I cannot startup any of the cluster > > nodes. > > Here is the patch. If all is fine, I will do ctx-11 with that. > > *** net/ipv4/af_inet.bak Mon Mar 18 12:26:22 2002 > --- net/ipv4/af_inet.c Thu May 2 11:09:53 2002 > *************** > *** 497,503 **** > bcast_addr = current->ipv4root_bcast; > }else if (s_addr == 0x0100007f){ > s_addr = current->ipv4root; > ! }else if (s_addr != current->ipv4root){ > return -EADDRNOTAVAIL; > } > } > --- 497,504 ---- > bcast_addr = current->ipv4root_bcast; > }else if (s_addr == 0x0100007f){ > s_addr = current->ipv4root; > ! }else if (s_addr != current->ipv4root_bcast > ! && s_addr != current->ipv4root){ > return -EADDRNOTAVAIL; > } > } > > > --------------------------------------------------------- > Jacques Gelinas > vserver: run general purpose virtual servers on one box, full speed! > http://www.solucorp.qc.ca/miscprj/s_context.hc -- ======================================================================== Lew Teck Kheng System Engineer Asia LMN System Engineering (Malaysia) (+603) 7725 6890 www.logica.com "Logica Make MMS Real Person to Person MMS demonstrated live using devices from 8 manufacturers on the Orange France GPRS Network at the 3 GSM World Congress in Cannes." ======================================================================== From vserver.error@solucorp.qc.ca Mon May 6 11:06:05 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g46F643Q028393; Mon, 6 May 2002 11:06:04 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g46Eiaq22195 for vserver.list; Mon, 6 May 2002 10:44:36 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtp017.mail.yahoo.com (smtp017.mail.yahoo.com [216.136.174.114]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g46EiZh22190 for ; Mon, 6 May 2002 10:44:35 -0400 Received: from dsl-65-189-35-237.telocity.com (HELO PremiumFood) (peterkwanchan@65.189.35.237 with login) by smtp.mail.vip.sc5.yahoo.com with SMTP; 6 May 2002 14:44:34 -0000 From: "Peter Kwan Chan" To: Subject: [vserver] Redhat Install Script error? Date: Mon, 6 May 2002 09:44:27 -0500 Message-ID: <000701c1f50c$868acaa0$ed23bd41@PremiumFood> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <3CD5A1C8.2060406@eijk.nu> Importance: Normal Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-101.9 required=5.0 tests=IN_REP_TO,SUBJ_ENDS_IN_Q_MARK,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 539 Hello, I have tried to use the install script to install an ISO image mounted as /mnt/cdrom. The build process was apparent successful, but at the end it produces the line, /usr/lib/vserver/install-rh7.2: /usr/lib/vserver/install_post.sh: No such file or directory Also, an error message sometimes pop up in the list of packages installed, for example, /proc is empty (not mounted ?) or awk: cmd. line:2: fatal: cannot open file `/etc/fstab' for reading (No such file or directory) Is this normal? Thanks, Peter From vserver.error@solucorp.qc.ca Mon May 6 13:13:11 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g46HDA3Q029650; Mon, 6 May 2002 13:13:10 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g46GtMo25728 for vserver.list; Mon, 6 May 2002 12:55:22 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtp018.mail.yahoo.com (smtp018.mail.yahoo.com [216.136.174.115]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g46GtLh25724 for ; Mon, 6 May 2002 12:55:21 -0400 Received: from dsl-65-189-35-237.telocity.com (HELO PremiumFood) (peterkwanchan@65.189.35.237 with login) by smtp.mail.vip.sc5.yahoo.com with SMTP; 6 May 2002 16:55:20 -0000 From: "Peter Kwan Chan" To: Subject: [vserver] How to clone reference server from cdrom? Date: Mon, 6 May 2002 11:55:14 -0500 Message-ID: <000001c1f51e$cb72b1c0$ed23bd41@PremiumFood> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <000701c1f50c$868acaa0$ed23bd41@PremiumFood> Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-101.9 required=5.0 tests=IN_REP_TO,SUBJ_ENDS_IN_Q_MARK,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 540 Hello, I have installed a redhat 7.2 from CDROM at /vservers/rh72. However, when I run "newvserver", there is only an option to clone the root server, but not the reference server at /vservers/rh72. How do I enable that? Thanks, Peter -----Original Message----- From: Peter Kwan Chan [mailto:peterkwanchan@yahoo.com] Sent: Monday, May 06, 2002 9:44 AM To: vserver@solucorp.qc.ca Subject: [vserver] Redhat Install Script error? Hello, I have tried to use the install script to install an ISO image mounted as /mnt/cdrom. The build process was apparent successful, but at the end it produces the line, /usr/lib/vserver/install-rh7.2: /usr/lib/vserver/install_post.sh: No such file or directory Also, an error message sometimes pop up in the list of packages installed, for example, /proc is empty (not mounted ?) or awk: cmd. line:2: fatal: cannot open file `/etc/fstab' for reading (No such file or directory) Is this normal? Thanks, Peter From vserver.error@solucorp.qc.ca Mon May 6 16:08:08 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g46K873Q031255; Mon, 6 May 2002 16:08:07 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g46JiK700672 for vserver.list; Mon, 6 May 2002 15:44:20 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from blue.wowweb.dk (0x503e3545.arcnxx10.adsl-dhcp.tele.dk [80.62.53.69]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g46JiJh00667 for ; Mon, 6 May 2002 15:44:20 -0400 Received: from there (boa.wowweb.dk [10.0.0.7]) by blue.wowweb.dk (Postfix) with SMTP id 561E111851 for ; Mon, 6 May 2002 21:44:18 +0200 (CEST) Content-Type: text/plain; charset="iso-8859-1" From: Jesper Andersen <424242424242424242@j-f.dk> To: vserver@solucorp.qc.ca Subject: Re: [vserver] GR security & CTX Date: Mon, 6 May 2002 21:44:13 +0200 X-Mailer: KMail [version 1.3.2] References: <3CD5A1C8.2060406@eijk.nu> In-Reply-To: <3CD5A1C8.2060406@eijk.nu> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <20020506194418.561E111851@blue.wowweb.dk> Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-0.1 required=5.0 tests=IN_REP_TO,FROM_ENDS_IN_NUMS version=2.01 Status: RO X-Status: X-Keywords: X-UID: 541 On Sunday 05 May 2002 23:19, you wrote: > I'm trying to get the CTX patch to work with Mandrake's development > kernels. While applying the patch I noticed that the CTX patch conflicts > with an earlier applied patch (the gr security patch, see > http://www.grsecurity.org/ ). Before I continue trying to figure things > out I've got a few questions: If you get et working please tell. I tried the same thing on a 2.4.18 kernel and after resolving a few conflicts it compiled fine, but during boot something went wrong during the load of the unix module as far as I remember. I didn't do any more to figure out what went wrong. > - Does the GR security functionality conflict with CTX? > - Is there a smart way to merge GR security and CTX patches? I can't remember which order but there is a difference in applying the one before the other. -- Jesper 21:43:14 up 3 days, 8:00, 17 users, load average: 1.72, 1.78, 2.34 From vserver.error@solucorp.qc.ca Mon May 6 17:37:24 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g46LbN3Q032637; Mon, 6 May 2002 17:37:23 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g46LCeu05658 for vserver.list; Mon, 6 May 2002 17:12:40 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtpout.telecom.co.nz (smtpout.telecom.co.nz [146.171.14.10]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g46LCdh05654 for ; Mon, 6 May 2002 17:12:39 -0400 Received: from aksmtpmdr1.telecom.co.nz (aksmtpmdr1 [146.171.1.20]) by smtpout.telecom.co.nz (Postfix) with SMTP id A4B7C45EF7 for ; Tue, 7 May 2002 09:12:31 +1200 (NZST) Received: from 192.168.192.252 by aksmtpmdr1.telecom.co.nz with ESMTP ( Tumbleweed MMS SMTP Relay (MMS v4.7);); Tue, 07 May 2002 09:12:31 +1200 X-Server-Uuid: 9e124d90-33fb-11d3-a293-006008c1e5af Received: from localhost ([127.0.0.1] helo=localhost.localdomain ident=fran) by ganymede with esmtp (Exim 3.35 #1 (Debian)) id 174pkV-00009t-00 for ; Tue, 07 May 2002 09:10: 23 +1200 Subject: Re: [vserver] vserver and X programs From: "Fran Firman" To: vserver In-Reply-To: References: X-Mailer: Ximian Evolution 1.0.3 Date: 07 May 2002 09:10:22 +1200 Message-ID: <1020719423.538.4.camel@ganymede> MIME-Version: 1.0 X-WSS-ID: 10C82E3597455-01-01 Content-Type: multipart/signed; boundary="=-x9J2YUA6iqY5V0F+9+RQ"; micalg=pgp-sha1; protocol="application/pgp-signature" Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 542 --=-x9J2YUA6iqY5V0F+9+RQ Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Have you thought of using vncserver in the vserver / full machine and Xvnc to the vncserver via a ssh tunnel. Fran. On Thu, 2002-05-02 at 21:45, minu@hzhome.mine.nu wrote: >=20 > Hello, >=20 > I want to run untrusted X programs from (different) vservers. >=20 > Unfortunately I am not very familiar with X's features and security > issues. >=20 > My first idea was to run one X Server as a normal user (from the real > machine; not within a vserver) and to connect to this X Server via 'xhost= ' > authentication. > However, as it seems it is very easy for an X Client (once it gained > access to X) to spy other windows as well as mouse and keyboard inputs > (entering passwords !). >=20 > Using Xnest would prevent this behaviour, but in any case running the X > server not within a vserver seems to be dangerous due to the oftenly bugg= y > X server. >=20 > On the other hand, an X server needs permissions to devices like /dev/mem= . > But with the permission to this device a vserver would be able to spy > everything running in the machine, real one and vserver. Right ? >=20 > Any ideas ? >=20 >=20 > Thanks in advance. >=20 >=20 > P.S.: Yes I know, the 'server' part of vserver stands for SERVER and not > for X, which is a typically client-side app. But I want to use vservers t= o > test untrusted apps which sometimes include X ones. >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 --=-x9J2YUA6iqY5V0F+9+RQ Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEABECAAYFAjzW8T4ACgkQv1V2oVWAPhY87QCgtPKdCElr/sqvFzPDqbjbbU0Y zk0AoINt3H5sLhuPXA2RBFHH1pR/iUNT =05F9 -----END PGP SIGNATURE----- --=-x9J2YUA6iqY5V0F+9+RQ-- From vserver.error@solucorp.qc.ca Mon May 6 17:45:51 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g46Ljo3Q032732; Mon, 6 May 2002 17:45:50 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g46Kk7m04116 for vserver.list; Mon, 6 May 2002 16:46:07 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from taz.eijk.nu (node-d-0565.a2000.nl [62.195.5.101]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g46Kk1h04109 for ; Mon, 6 May 2002 16:46:02 -0400 Received: from eijk.nu (localhost.localdomain [127.0.0.1]) by taz.eijk.nu (8.12.1/linuxconf) with ESMTP id g46Kj3Ot028336 for ; Mon, 6 May 2002 22:45:03 +0200 Message-ID: <3CD6EB4F.5000308@eijk.nu> Date: Mon, 06 May 2002 22:45:03 +0200 From: Stefan van der Eijk User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0rc1) Gecko/00200203 X-Accept-Language: en-us, en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] GR security & CTX References: <3CD5A1C8.2060406@eijk.nu> <20020506194418.561E111851@blue.wowweb.dk> Content-Type: multipart/mixed; boundary="------------090005060508000700050403" Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 543 This is a multi-part message in MIME format. --------------090005060508000700050403 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Jesper Andersen wrote: >On Sunday 05 May 2002 23:19, you wrote: > > > >>I'm trying to get the CTX patch to work with Mandrake's development >>kernels. While applying the patch I noticed that the CTX patch conflicts >>with an earlier applied patch (the gr security patch, see >>http://www.grsecurity.org/ ). Before I continue trying to figure things >>out I've got a few questions: >> >> > >If you get et working please tell. > I'm trying to compile it, but the build is hanging on: /usr/bin/gcc -D__KERNEL__ -I/home/cooker/RPM/BUILD/linux/include -Wall -Wstrict-prototypes -Wno-trigraphs -O2 -fno-strict-aliasing -fno-common -fomit-frame-pointer -pipe -mpre ferred-stack-boundary=2 -march=i586 -DMODULE -DMODVERSIONS -include /home/cooker/RPM/BUILD/linux/include/linux/modversions.h -nostdinc -I /usr/l ib/gcc-lib/i586-mandrake-linux-gnu/2.96/include -DKBUILD_BASENAME=inode -c -o inode.o inode.c inode.c: In function `reiserfs_new_inode': inode.c:1528: `EXT2_IMMUTABLE_FL' undeclared (first use in this function) inode.c:1528: (Each undeclared identifier is reported only once inode.c:1528: for each function it appears in.) inode.c:1590: `S_IMMUTABLE' undeclared (first use in this function) inode.c: In function `sd_attrs_to_i_attrs': inode.c:2127: `EXT2_IMMUTABLE_FL' undeclared (first use in this function) inode.c:2128: `S_IMMUTABLE' undeclared (first use in this function) inode.c: In function `i_attrs_to_sd_attrs': inode.c:2145: `S_IMMUTABLE' undeclared (first use in this function) inode.c:2146: `EXT2_IMMUTABLE_FL' undeclared (first use in this function) make[2]: *** [inode.o] Error 1 make[2]: Leaving directory `/home/cooker/RPM/BUILD/linux/fs/reiserfs' make[1]: *** [_modsubdir_reiserfs] Error 2 make[1]: Leaving directory `/home/cooker/RPM/BUILD/linux/fs' make: *** [_mod_fs] Error 2 error: Bad exit status from /home/cooker/tmp/rpm-tmp.25008 (%build) RPM build errors: Bad exit status from /home/cooker/tmp/rpm-tmp.25008 (%build) See: http://node-d-0565.a2000.nl/build/new_i586/i586/problem/kernel-2.4.18.13mdk_ctx10-1-1mdk.src.rpm.txt src.rpm: http://node-d-0565.a2000.nl/new_i586/kernel-2.4.18.13mdk_ctx10-1-1mdk.src.rpm >I tried the same thing on a 2.4.18 kernel and after resolving a few conflicts >it compiled fine, but during boot something went wrong during the load of the >unix module as far as I remember. I didn't do any more to figure out what >went wrong. > I've succeeded in compiling it once (against 2.4.18-7mdk I beleive) but the kernel didn't boot... >>- Does the GR security functionality conflict with CTX? >>- Is there a smart way to merge GR security and CTX patches? >> >> > >I can't remember which order but there is a difference in applying the one >before the other. > Neither do I... Attached is my modified patch, which probably doesn't work :-/ Stefan --------------090005060508000700050403 Content-Type: text/plain; name="patch-2.4.18ctx-10" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="patch-2.4.18ctx-10" diff -rc2P linux-2.4.18/Makefile linux-2.4.18ctx-10/Makefile *** linux-2.4.18/Makefile Tue Feb 26 22:21:48 2002 --- linux-2.4.18ctx-10/Makefile Tue Mar 19 23:20:34 2002 *************** *** 2,6 **** PATCHLEVEL = 4 SUBLEVEL = 18 ! EXTRAVERSION = -pre6 KERNELRELEASE=$(VERSION).$(PATCHLEVEL).$(SUBLEVEL)$(EXTRAVERSION) --- 2,6 ---- PATCHLEVEL = 4 SUBLEVEL = 18 ! EXTRAVERSION = pre6-ctx-10 KERNELRELEASE=$(VERSION).$(PATCHLEVEL).$(SUBLEVEL)$(EXTRAVERSION) diff -rc2P linux-2.4.18/arch/i386/kernel/entry.S linux-2.4.18ctx-10/arch/i386/kernel/entry.S *** linux-2.4.18/arch/i386/kernel/entry.S Tue Feb 26 22:21:49 2002 --- linux-2.4.18ctx-10/arch/i386/kernel/entry.S Wed Feb 27 14:36:44 2002 *************** *** 635,638 **** --- 635,640 ---- .long SYMBOL_NAME(sys_ni_syscall) /* reserved for lremovexattr */ .long SYMBOL_NAME(sys_ni_syscall) /* reserved for fremovexattr */ + .long SYMBOL_NAME(sys_new_s_context) + .long SYMBOL_NAME(sys_set_ipv4root) .rept NR_syscalls-(.-sys_call_table)/4 diff -rc2P linux-2.4.18/arch/i386/kernel/ptrace.c linux-2.4.18ctx-10/arch/i386/kernel/ptrace.c *** linux-2.4.18/arch/i386/kernel/ptrace.c Fri Nov 23 15:07:41 2001 --- linux-2.4.18ctx-10/arch/i386/kernel/ptrace.c Tue Feb 26 22:31:23 2002 *************** *** 171,175 **** get_task_struct(child); read_unlock(&tasklist_lock); ! if (!child) goto out; --- 171,175 ---- get_task_struct(child); read_unlock(&tasklist_lock); ! if (!child || child->s_context != current->s_context) goto out; diff -rc2P linux-2.4.18/fs/devpts/inode.c linux-2.4.18ctx-10/fs/devpts/inode.c *** linux-2.4.18/fs/devpts/inode.c Wed Oct 10 11:58:19 2001 --- linux-2.4.18ctx-10/fs/devpts/inode.c Tue Feb 26 22:31:23 2002 *************** *** 25,28 **** --- 25,29 ---- #include #include + #include #include "devpts_i.h" *************** *** 153,157 **** inode->i_fop = &devpts_root_operations; inode->i_nlink = 2; - s->u.generic_sbp = (void *) sbi; s->s_blocksize = 1024; --- 154,157 ---- *************** *** 181,184 **** --- 181,197 ---- static DECLARE_FSTYPE(devpts_fs_type, "devpts", devpts_read_super, FS_SINGLE); + static int devpts_tty_permission(struct inode *inode, int mask) + { + int ret = -EACCES; + if (current->s_context == inode->u.devpts_i.s_context){ + ret = vfs_permission(inode, mask); + } + return ret; + } + + struct inode_operations devpts_tty_inode_operations = { + permission: devpts_tty_permission, + }; + void devpts_pty_new(int number, kdev_t device) { *************** *** 199,202 **** --- 212,217 ---- inode->i_gid = sbi->setgid ? sbi->gid : current->fsgid; inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME; + inode->u.devpts_i.s_context = current->s_context; + inode->i_op = &devpts_tty_inode_operations; init_special_inode(inode, S_IFCHR|sbi->mode, kdev_t_to_nr(device)); diff -rc2P linux-2.4.18/fs/devpts/root.c linux-2.4.18ctx-10/fs/devpts/root.c *** linux-2.4.18/fs/devpts/root.c Sat Dec 22 22:38:37 2001 --- linux-2.4.18ctx-10/fs/devpts/root.c Tue Feb 26 22:31:23 2002 *************** *** 15,18 **** --- 15,19 ---- #include #include + #include #include "devpts_i.h" *************** *** 65,69 **** while ( nr - 2 < sbi->max_ptys ) { int ptynr = nr - 2; ! if ( sbi->inodes[ptynr] ) { genptsname(numbuf, ptynr); if ( filldir(dirent, numbuf, strlen(numbuf), nr, nr, DT_CHR) < 0 ) --- 66,73 ---- while ( nr - 2 < sbi->max_ptys ) { int ptynr = nr - 2; ! struct inode *inode = sbi->inodes[ptynr]; ! if ( inode != NULL ! && (current->s_context == 1 ! || inode->u.devpts_i.s_context == current->s_context)) { genptsname(numbuf, ptynr); if ( filldir(dirent, numbuf, strlen(numbuf), nr, nr, DT_CHR) < 0 ) *************** *** 101,104 **** --- 105,109 ---- int i; const char *p; + struct inode *inode; dentry->d_op = &devpts_dentry_operations; *************** *** 127,135 **** return NULL; ! if ( sbi->inodes[entry] ) ! atomic_inc(&sbi->inodes[entry]->i_count); ! d_add(dentry, sbi->inodes[entry]); return NULL; } --- 132,147 ---- return NULL; ! inode = sbi->inodes[entry]; ! if (inode != NULL ! && inode->u.devpts_i.s_context == current->s_context){ ! atomic_inc(&inode->i_count); ! }else{ ! inode = NULL; ! } ! d_add(dentry, inode); return NULL; } + + diff -rc2P linux-2.4.18/fs/exec.c linux-2.4.18ctx-10/fs/exec.c *** linux-2.4.18/fs/exec.c Sat Dec 22 22:38:37 2001 --- linux-2.4.18ctx-10/fs/exec.c Tue Feb 26 22:31:23 2002 *************** *** 686,690 **** int do_unlock = 0; ! new_permitted = cap_intersect(bprm->cap_permitted, cap_bset); working = cap_intersect(bprm->cap_inheritable, current->cap_inheritable); --- 686,690 ---- int do_unlock = 0; ! new_permitted = cap_intersect(bprm->cap_permitted, current->cap_bset); working = cap_intersect(bprm->cap_inheritable, current->cap_inheritable); diff -rc2P linux-2.4.18/fs/ext2/ialloc.c linux-2.4.18ctx-10/fs/ext2/ialloc.c *** linux-2.4.18/fs/ext2/ialloc.c Tue Feb 26 22:22:03 2002 --- linux-2.4.18ctx-10/fs/ext2/ialloc.c Tue Feb 26 22:31:23 2002 *************** *** 389,393 **** inode->u.ext2_i.i_flags = dir->u.ext2_i.i_flags; if (S_ISLNK(mode)) ! inode->u.ext2_i.i_flags &= ~(EXT2_IMMUTABLE_FL|EXT2_APPEND_FL); inode->u.ext2_i.i_block_group = group; if (inode->u.ext2_i.i_flags & EXT2_SYNC_FL) --- 389,393 ---- inode->u.ext2_i.i_flags = dir->u.ext2_i.i_flags; if (S_ISLNK(mode)) ! inode->u.ext2_i.i_flags &= ~(EXT2_IMMUTABLE_FILE_FL | EXT2_IMMUTABLE_LINK_FL | EXT2_APPEND_FL); inode->u.ext2_i.i_block_group = group; if (inode->u.ext2_i.i_flags & EXT2_SYNC_FL) diff -rc2P linux-2.4.18/fs/ext2/inode.c linux-2.4.18ctx-10/fs/ext2/inode.c *** linux-2.4.18/fs/ext2/inode.c Tue Feb 26 22:22:03 2002 --- linux-2.4.18ctx-10/fs/ext2/inode.c Tue Feb 26 22:31:23 2002 *************** *** 801,805 **** S_ISLNK(inode->i_mode))) return; ! if (IS_APPEND(inode) || IS_IMMUTABLE(inode)) return; --- 801,805 ---- S_ISLNK(inode->i_mode))) return; ! if (IS_APPEND(inode) || IS_IMMUTABLE_FILE(inode)) return; *************** *** 1007,1013 **** inode->i_flags |= S_APPEND; } ! if (inode->u.ext2_i.i_flags & EXT2_IMMUTABLE_FL) { ! inode->i_attr_flags |= ATTR_FLAG_IMMUTABLE; ! inode->i_flags |= S_IMMUTABLE; } if (inode->u.ext2_i.i_flags & EXT2_NOATIME_FL) { --- 1007,1017 ---- inode->i_flags |= S_APPEND; } ! if (inode->u.ext2_i.i_flags & EXT2_IMMUTABLE_FILE_FL) { ! inode->i_attr_flags |= ATTR_FLAG_IMMUTABLE_FILE; ! inode->i_flags |= S_IMMUTABLE_FILE; ! } ! if (inode->u.ext2_i.i_flags & EXT2_IMMUTABLE_LINK_FL) { ! inode->i_attr_flags |= ATTR_FLAG_IMMUTABLE_LINK; ! inode->i_flags |= S_IMMUTABLE_LINK; } if (inode->u.ext2_i.i_flags & EXT2_NOATIME_FL) { diff -rc2P linux-2.4.18/fs/ext2/ioctl.c linux-2.4.18ctx-10/fs/ext2/ioctl.c *** linux-2.4.18/fs/ext2/ioctl.c Wed Sep 27 16:41:33 2000 --- linux-2.4.18ctx-10/fs/ext2/ioctl.c Tue Feb 26 22:31:23 2002 *************** *** 45,49 **** * This test looks nicer. Thanks to Pauline Middelink */ ! if ((flags ^ oldflags) & (EXT2_APPEND_FL | EXT2_IMMUTABLE_FL)) { if (!capable(CAP_LINUX_IMMUTABLE)) return -EPERM; --- 45,49 ---- * This test looks nicer. Thanks to Pauline Middelink */ ! if ((flags ^ oldflags) & (EXT2_APPEND_FL | EXT2_IMMUTABLE_FILE_FL | EXT2_IMMUTABLE_LINK_FL)) { if (!capable(CAP_LINUX_IMMUTABLE)) return -EPERM; *************** *** 62,69 **** else inode->i_flags &= ~S_APPEND; ! if (flags & EXT2_IMMUTABLE_FL) ! inode->i_flags |= S_IMMUTABLE; else ! inode->i_flags &= ~S_IMMUTABLE; if (flags & EXT2_NOATIME_FL) inode->i_flags |= S_NOATIME; --- 62,76 ---- else inode->i_flags &= ~S_APPEND; ! ! if (flags & EXT2_IMMUTABLE_FILE_FL) ! inode->i_flags |= S_IMMUTABLE_FILE; ! else ! inode->i_flags &= ~S_IMMUTABLE_FILE; ! ! if (flags & EXT2_IMMUTABLE_LINK_FL) ! inode->i_flags |= S_IMMUTABLE_LINK; else ! inode->i_flags &= ~S_IMMUTABLE_LINK; ! if (flags & EXT2_NOATIME_FL) inode->i_flags |= S_NOATIME; diff -rc2P linux-2.4.18/fs/ext3/ialloc.c linux-2.4.18ctx-10/fs/ext3/ialloc.c *** linux-2.4.18/fs/ext3/ialloc.c Tue Feb 26 22:22:04 2002 --- linux-2.4.18ctx-10/fs/ext3/ialloc.c Tue Feb 26 22:31:23 2002 *************** *** 486,490 **** inode->u.ext3_i.i_flags = dir->u.ext3_i.i_flags & ~EXT3_INDEX_FL; if (S_ISLNK(mode)) ! inode->u.ext3_i.i_flags &= ~(EXT3_IMMUTABLE_FL|EXT3_APPEND_FL); #ifdef EXT3_FRAGMENTS inode->u.ext3_i.i_faddr = 0; --- 486,490 ---- inode->u.ext3_i.i_flags = dir->u.ext3_i.i_flags & ~EXT3_INDEX_FL; if (S_ISLNK(mode)) ! inode->u.ext3_i.i_flags &= ~(EXT3_IMMUTABLE_FILE_FL | EXT3_IMMUTABLE_LINK_FL | EXT3_APPEND_FL); #ifdef EXT3_FRAGMENTS inode->u.ext3_i.i_faddr = 0; diff -rc2P linux-2.4.18/fs/ext3/inode.c linux-2.4.18ctx-10/fs/ext3/inode.c *** linux-2.4.18/fs/ext3/inode.c Tue Feb 26 22:22:04 2002 --- linux-2.4.18ctx-10/fs/ext3/inode.c Tue Feb 26 22:31:23 2002 *************** *** 1846,1850 **** S_ISLNK(inode->i_mode))) return; ! if (IS_APPEND(inode) || IS_IMMUTABLE(inode)) return; --- 1846,1850 ---- S_ISLNK(inode->i_mode))) return; ! if (IS_APPEND(inode) || IS_IMMUTABLE_FILE(inode)) return; *************** *** 2150,2156 **** inode->i_flags |= S_APPEND; } ! if (inode->u.ext3_i.i_flags & EXT3_IMMUTABLE_FL) { /* inode->i_attr_flags |= ATTR_FLAG_IMMUTABLE; unused */ ! inode->i_flags |= S_IMMUTABLE; } if (inode->u.ext3_i.i_flags & EXT3_NOATIME_FL) { --- 2150,2159 ---- inode->i_flags |= S_APPEND; } ! if (inode->u.ext3_i.i_flags & EXT3_IMMUTABLE_FILE_FL) { /* inode->i_attr_flags |= ATTR_FLAG_IMMUTABLE; unused */ ! inode->i_flags |= S_IMMUTABLE_FILE; ! } ! if (inode->u.ext3_i.i_flags & EXT3_IMMUTABLE_LINK_FL) { ! inode->i_flags |= S_IMMUTABLE_LINK; } if (inode->u.ext3_i.i_flags & EXT3_NOATIME_FL) { diff -rc2P linux-2.4.18/fs/ext3/ioctl.c linux-2.4.18ctx-10/fs/ext3/ioctl.c *** linux-2.4.18/fs/ext3/ioctl.c Fri Nov 23 15:07:49 2001 --- linux-2.4.18ctx-10/fs/ext3/ioctl.c Tue Feb 26 22:31:23 2002 *************** *** 54,58 **** * This test looks nicer. Thanks to Pauline Middelink */ ! if ((flags ^ oldflags) & (EXT3_APPEND_FL | EXT3_IMMUTABLE_FL)) { if (!capable(CAP_LINUX_IMMUTABLE)) return -EPERM; --- 54,58 ---- * This test looks nicer. Thanks to Pauline Middelink */ ! if ((flags ^ oldflags) & (EXT3_APPEND_FL | EXT3_IMMUTABLE_FILE_FL | EXT3_IMMUTABLE_LINK_FL)) { if (!capable(CAP_LINUX_IMMUTABLE)) return -EPERM; *************** *** 90,97 **** else inode->i_flags &= ~S_APPEND; ! if (flags & EXT3_IMMUTABLE_FL) ! inode->i_flags |= S_IMMUTABLE; else ! inode->i_flags &= ~S_IMMUTABLE; if (flags & EXT3_NOATIME_FL) inode->i_flags |= S_NOATIME; --- 90,101 ---- else inode->i_flags &= ~S_APPEND; ! if (flags & EXT3_IMMUTABLE_FILE_FL) ! inode->i_flags |= S_IMMUTABLE_FILE; else ! inode->i_flags &= ~S_IMMUTABLE_FILE; ! if (flags & EXT3_IMMUTABLE_LINK_FL) ! inode->i_flags |= S_IMMUTABLE_LINK; ! else ! inode->i_flags &= ~S_IMMUTABLE_LINK; if (flags & EXT3_NOATIME_FL) inode->i_flags |= S_NOATIME; diff -rc2P linux-2.4.18/fs/fat/file.c linux-2.4.18ctx-10/fs/fat/file.c *** linux-2.4.18/fs/fat/file.c Sun Aug 12 13:56:56 2001 --- linux-2.4.18ctx-10/fs/fat/file.c Tue Feb 26 22:31:23 2002 *************** *** 120,124 **** if (IS_RDONLY (inode)) return /* -EPERM */; ! if (IS_IMMUTABLE(inode)) return /* -EPERM */; cluster = 1 << sbi->cluster_bits; --- 120,124 ---- if (IS_RDONLY (inode)) return /* -EPERM */; ! if (IS_IMMUTABLE_FILE(inode)) return /* -EPERM */; cluster = 1 << sbi->cluster_bits; diff -rc2P linux-2.4.18/fs/fat/inode.c linux-2.4.18ctx-10/fs/fat/inode.c *** linux-2.4.18/fs/fat/inode.c Tue Feb 26 22:22:04 2002 --- linux-2.4.18ctx-10/fs/fat/inode.c Tue Feb 26 22:31:23 2002 *************** *** 948,952 **** if(de->attr & ATTR_SYS) if (sbi->options.sys_immutable) ! inode->i_flags |= S_IMMUTABLE; MSDOS_I(inode)->i_attrs = de->attr & ATTR_UNUSED; /* this is as close to the truth as we can get ... */ --- 948,952 ---- if(de->attr & ATTR_SYS) if (sbi->options.sys_immutable) ! inode->i_flags |= S_IMMUTABLE_FILE; MSDOS_I(inode)->i_attrs = de->attr & ATTR_UNUSED; /* this is as close to the truth as we can get ... */ diff -rc2P linux-2.4.18/fs/hpfs/file.c linux-2.4.18ctx-10/fs/hpfs/file.c *** linux-2.4.18/fs/hpfs/file.c Sun Aug 12 20:37:53 2001 --- linux-2.4.18ctx-10/fs/hpfs/file.c Tue Feb 26 22:31:23 2002 *************** *** 61,65 **** void hpfs_truncate(struct inode *i) { ! if (IS_IMMUTABLE(i)) return /*-EPERM*/; i->i_hpfs_n_secs = 0; i->i_blocks = 1 + ((i->i_size + 511) >> 9); --- 61,65 ---- void hpfs_truncate(struct inode *i) { ! if (IS_IMMUTABLE_FILE(i)) return /*-EPERM*/; i->i_hpfs_n_secs = 0; i->i_blocks = 1 + ((i->i_size + 511) >> 9); diff -rc2P linux-2.4.18/fs/intermezzo/vfs.c linux-2.4.18ctx-10/fs/intermezzo/vfs.c *** linux-2.4.18/fs/intermezzo/vfs.c Tue Feb 26 22:22:04 2002 --- linux-2.4.18ctx-10/fs/intermezzo/vfs.c Tue Feb 26 22:31:23 2002 *************** *** 90,94 **** return -EPERM; if (check_sticky(dir, victim->d_inode)||IS_APPEND(victim->d_inode)|| ! IS_IMMUTABLE(victim->d_inode)) return -EPERM; if (isdir) { --- 90,94 ---- return -EPERM; if (check_sticky(dir, victim->d_inode)||IS_APPEND(victim->d_inode)|| ! IS_IMMUTABLE_LINK(victim->d_inode)) return -EPERM; if (isdir) { *************** *** 191,195 **** } ! if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) { EXIT; return -EPERM; --- 191,195 ---- } ! if (IS_IMMUTABLE_FILE(inode) || IS_APPEND(inode)) { EXIT; return -EPERM; *************** *** 232,236 **** } ! if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) { EXIT; return -EPERM; --- 232,236 ---- } ! if (IS_IMMUTABLE_FILE(inode) || IS_APPEND(inode)) { EXIT; return -EPERM; *************** *** 619,623 **** */ error = -EPERM; ! if (IS_APPEND(inode) || IS_IMMUTABLE(inode)) { EXIT; goto exit_lock; --- 619,623 ---- */ error = -EPERM; ! if (IS_APPEND(inode) || IS_IMMUTABLE_LINK(inode)) { EXIT; goto exit_lock; *************** *** 2221,2225 **** } ! if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) { EXIT; return -EPERM; --- 2221,2225 ---- } ! if (IS_IMMUTABLE_FILE(inode) || IS_APPEND(inode)) { EXIT; return -EPERM; diff -rc2P linux-2.4.18/fs/namei.c linux-2.4.18ctx-10/fs/namei.c *** linux-2.4.18/fs/namei.c Tue Feb 26 22:22:07 2002 --- linux-2.4.18ctx-10/fs/namei.c Tue Feb 26 22:31:23 2002 *************** *** 153,156 **** --- 153,165 ---- umode_t mode = inode->i_mode; + /* + A dir with permission bit all 0s is a dead zone for + process running in a vserver. By doing + chmod 000 /vservers + you fix the "escape from chroot" bug. + */ + if ((mode & 0777) == 0 + && S_ISDIR(mode) + && current->s_context != 0) return -EACCES; if (mask & MAY_WRITE) { /* *************** *** 164,168 **** * Nobody gets write access to an immutable file. */ ! if (IS_IMMUTABLE(inode)) return -EACCES; } --- 173,177 ---- * Nobody gets write access to an immutable file. */ ! if (IS_IMMUTABLE_FILE(inode)) return -EACCES; } *************** *** 879,884 **** if (IS_APPEND(dir)) return -EPERM; ! if (check_sticky(dir, victim->d_inode)||IS_APPEND(victim->d_inode)|| ! IS_IMMUTABLE(victim->d_inode)) return -EPERM; if (isdir) { --- 888,892 ---- if (IS_APPEND(dir)) return -EPERM; ! if (check_sticky(dir, victim->d_inode)||IS_APPEND(victim->d_inode)||IS_IMMUTABLE_LINK(victim->d_inode)) return -EPERM; if (isdir) { *************** *** 1596,1600 **** */ error = -EPERM; ! if (IS_APPEND(inode) || IS_IMMUTABLE(inode)) goto exit_lock; if (!dir->i_op || !dir->i_op->link) --- 1604,1608 ---- */ error = -EPERM; ! if (IS_APPEND(inode) || IS_IMMUTABLE_LINK(inode)) goto exit_lock; if (!dir->i_op || !dir->i_op->link) diff -rc2P linux-2.4.18/fs/nfsd/vfs.c linux-2.4.18ctx-10/fs/nfsd/vfs.c *** linux-2.4.18/fs/nfsd/vfs.c Sat Dec 22 22:38:38 2001 --- linux-2.4.18ctx-10/fs/nfsd/vfs.c Tue Feb 26 22:31:23 2002 *************** *** 1485,1489 **** return 0; #if 0 ! dprintk("nfsd: permission 0x%x%s%s%s%s%s%s%s mode 0%o%s%s%s\n", acc, (acc & MAY_READ)? " read" : "", --- 1485,1489 ---- return 0; #if 0 ! dprintk("nfsd: permission 0x%x%s%s%s%s%s%s%s mode 0%o%s%s%s%s\n", acc, (acc & MAY_READ)? " read" : "", *************** *** 1495,1499 **** (acc & MAY_OWNER_OVERRIDE)? " owneroverride" : "", inode->i_mode, ! IS_IMMUTABLE(inode)? " immut" : "", IS_APPEND(inode)? " append" : "", IS_RDONLY(inode)? " ro" : ""); --- 1495,1500 ---- (acc & MAY_OWNER_OVERRIDE)? " owneroverride" : "", inode->i_mode, ! IS_IMMUTABLE_FILE(inode)? " immut(F)" : "", ! IS_IMMUTABLE_LINK(inode)? " immut(L)" : "", IS_APPEND(inode)? " append" : "", IS_RDONLY(inode)? " ro" : ""); *************** *** 1510,1514 **** if (EX_RDONLY(exp) || IS_RDONLY(inode)) return nfserr_rofs; ! if (/* (acc & MAY_WRITE) && */ IS_IMMUTABLE(inode)) return nfserr_perm; } --- 1511,1515 ---- if (EX_RDONLY(exp) || IS_RDONLY(inode)) return nfserr_rofs; ! if (/* (acc & MAY_WRITE) && */ IS_IMMUTABLE_FILE(inode)) return nfserr_perm; } diff -rc2P linux-2.4.18/fs/open.c linux-2.4.18ctx-10/fs/open.c *** linux-2.4.18/fs/open.c Wed Oct 31 15:32:41 2001 --- linux-2.4.18ctx-10/fs/open.c Tue Feb 26 22:31:23 2002 *************** *** 123,127 **** error = -EPERM; ! if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) goto dput_and_out; --- 123,127 ---- error = -EPERM; ! if (IS_IMMUTABLE_FILE(inode) || IS_APPEND(inode)) goto dput_and_out; *************** *** 471,475 **** goto out_putf; err = -EPERM; ! if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) goto out_putf; if (mode == (mode_t) -1) --- 471,475 ---- goto out_putf; err = -EPERM; ! if (IS_IMMUTABLE_FILE(inode) || IS_APPEND(inode)) goto out_putf; if (mode == (mode_t) -1) *************** *** 502,506 **** error = -EPERM; ! if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) goto dput_and_out; --- 502,506 ---- error = -EPERM; ! if (IS_IMMUTABLE_FILE(inode) || IS_APPEND(inode)) goto dput_and_out; *************** *** 532,536 **** goto out; error = -EPERM; ! if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) goto out; if (user == (uid_t) -1) --- 532,536 ---- goto out; error = -EPERM; ! if (IS_IMMUTABLE_FILE(inode) || IS_APPEND(inode)) goto out; if (user == (uid_t) -1) diff -rc2P linux-2.4.18/fs/proc/array.c linux-2.4.18ctx-10/fs/proc/array.c *** linux-2.4.18/fs/proc/array.c Wed Oct 31 15:32:41 2001 --- linux-2.4.18ctx-10/fs/proc/array.c Wed Apr 3 16:41:02 2002 *************** *** 76,79 **** --- 76,80 ---- #include #include + #include /* Gcc optimizes away "strlen(x)" for constant x */ *************** *** 148,153 **** { int g; ! read_lock(&tasklist_lock); buffer += sprintf(buffer, "State:\t%s\n" --- 149,158 ---- { int g; ! pid_t ppid; read_lock(&tasklist_lock); + ppid = p->p_opptr->pid; + if (ppid != 0 + && current->s_info != NULL + && current->s_info->initpid == ppid) ppid = 1; buffer += sprintf(buffer, "State:\t%s\n" *************** *** 159,163 **** "Gid:\t%d\t%d\t%d\t%d\n", get_task_state(p), p->tgid, ! p->pid, p->pid ? p->p_opptr->pid : 0, 0, p->uid, p->euid, p->suid, p->fsuid, p->gid, p->egid, p->sgid, p->fsgid); --- 164,168 ---- "Gid:\t%d\t%d\t%d\t%d\n", get_task_state(p), p->tgid, ! p->pid, p->pid ? ppid : 0, 0, p->uid, p->euid, p->suid, p->fsuid, p->gid, p->egid, p->sgid, p->fsgid); *************** *** 264,271 **** return buffer + sprintf(buffer, "CapInh:\t%016x\n" "CapPrm:\t%016x\n" ! "CapEff:\t%016x\n", cap_t(p->cap_inheritable), cap_t(p->cap_permitted), ! cap_t(p->cap_effective)); } --- 269,278 ---- return buffer + sprintf(buffer, "CapInh:\t%016x\n" "CapPrm:\t%016x\n" ! "CapEff:\t%016x\n" ! "CapBset:\t%016x\n", cap_t(p->cap_inheritable), cap_t(p->cap_permitted), ! cap_t(p->cap_effective), ! cap_t(p->cap_bset)); } *************** *** 289,292 **** --- 296,319 ---- buffer = task_sig(task, buffer); buffer = task_cap(task, buffer); + #ifdef __NR_new_s_context + buffer += sprintf (buffer,"s_context: %d\n",task->s_context); + buffer += sprintf (buffer,"ipv4root: %08x\n",task->ipv4root); + buffer += sprintf (buffer,"ipv4root_bcast: %08x\n",task->ipv4root_bcast); + if (task->s_info != NULL){ + buffer += sprintf (buffer,"ctxticks: %d %ld %d\n" + ,atomic_read(&task->s_info->ticks),task->counter + ,task->s_info->refcount); + buffer += sprintf (buffer,"ctxflags: %d\n" + ,task->s_info->flags); + buffer += sprintf (buffer,"initpid: %d\n" + ,task->s_info->initpid); + }else{ + buffer += sprintf (buffer,"ctxticks: none\n"); + buffer += sprintf (buffer,"ctxflags: none\n"); + buffer += sprintf (buffer,"initpid: none\n"); + } + buffer += sprintf (buffer,"__NR_new_s_context: %d\n",__NR_new_s_context); + buffer += sprintf (buffer,"__NR_set_ipv4root: %d rev1\n",__NR_set_ipv4root); + #endif #if defined(CONFIG_ARCH_S390) buffer = task_show_regs(task, buffer); *************** *** 342,345 **** --- 369,374 ---- read_lock(&tasklist_lock); ppid = task->pid ? task->p_opptr->pid : 0; + if (current->s_info != NULL + && current->s_info->initpid == ppid) ppid = 1; read_unlock(&tasklist_lock); res = sprintf(buffer,"%d (%s) %c %d %d %d %d %d %lu %lu \ diff -rc2P linux-2.4.18/fs/proc/base.c linux-2.4.18ctx-10/fs/proc/base.c *** linux-2.4.18/fs/proc/base.c Tue Feb 26 22:22:07 2002 --- linux-2.4.18ctx-10/fs/proc/base.c Tue Feb 26 22:31:23 2002 *************** *** 973,976 **** --- 973,982 ---- goto out; + if (pid != 1 + && current->s_context != 1 + && task->s_context != current->s_context){ + free_task_struct(task); + goto out; + } inode = proc_pid_make_inode(dir->i_sb, task, PROC_PID_INO); *************** *** 983,987 **** inode->i_fop = &proc_base_operations; inode->i_nlink = 3; ! inode->i_flags|=S_IMMUTABLE; dentry->d_op = &pid_base_dentry_operations; --- 989,993 ---- inode->i_fop = &proc_base_operations; inode->i_nlink = 3; ! inode->i_flags|=S_IMMUTABLE_FILE; dentry->d_op = &pid_base_dentry_operations; *************** *** 1089,1092 **** --- 1095,1111 ---- if (!pid) continue; + /* Even if the pid 1 is not part of the security context */ + /* we show it anyway. This makes the security box */ + /* more standard (and helps pstree do its job) */ + /* So current process "knows" pid 1 exist anyway and can't */ + /* send any signal either */ + + /* A process with security context 1 can see all processes */ + if (pid != 1 + && current->s_context != 1 + && p->s_context != current->s_context) continue; + /* We hide the fakeinit process since we show it as process 1 */ + if (current->s_info != NULL + && current->s_info->initpid == pid) continue; #ifdef CONFIG_GRKERNSEC_ACL if(gr_check_hidden_task(p)) continue; diff -rc2P linux-2.4.18/fs/udf/inode.c linux-2.4.18ctx-10/fs/udf/inode.c *** linux-2.4.18/fs/udf/inode.c Tue Feb 26 22:22:08 2002 --- linux-2.4.18ctx-10/fs/udf/inode.c Tue Feb 26 22:31:23 2002 *************** *** 864,868 **** S_ISLNK(inode->i_mode))) return; ! if (IS_APPEND(inode) || IS_IMMUTABLE(inode)) return; --- 864,868 ---- S_ISLNK(inode->i_mode))) return; ! if (IS_APPEND(inode) || IS_IMMUTABLE_FILE(inode)) return; diff -rc2P linux-2.4.18/fs/ufs/truncate.c linux-2.4.18ctx-10/fs/ufs/truncate.c *** linux-2.4.18/fs/ufs/truncate.c Tue Feb 26 22:22:08 2002 --- linux-2.4.18ctx-10/fs/ufs/truncate.c Tue Feb 26 22:31:23 2002 *************** *** 435,439 **** if (!(S_ISREG(inode->i_mode) || S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode))) return; ! if (IS_APPEND(inode) || IS_IMMUTABLE(inode)) return; while (1) { --- 435,439 ---- if (!(S_ISREG(inode->i_mode) || S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode))) return; ! if (IS_APPEND(inode) || IS_IMMUTABLE_FILE(inode)) return; while (1) { diff -rc2P linux-2.4.18/include/asm-i386/unistd.h linux-2.4.18ctx-10/include/asm-i386/unistd.h *** linux-2.4.18/include/asm-i386/unistd.h Tue Feb 26 22:22:08 2002 --- linux-2.4.18ctx-10/include/asm-i386/unistd.h Wed Feb 27 14:36:00 2002 *************** *** 243,246 **** --- 243,248 ---- #define __NR_lremovexattr 236 #define __NR_fremovexattr 237 + #define __NR_new_s_context 238 + #define __NR_set_ipv4root 239 /* user-visible error numbers are in the range -1 - -124: see */ diff -rc2P linux-2.4.18/include/linux/capability.h linux-2.4.18ctx-10/include/linux/capability.h *** linux-2.4.18/include/linux/capability.h Fri Nov 23 15:07:52 2001 --- linux-2.4.18ctx-10/include/linux/capability.h Tue Mar 19 23:24:38 2002 *************** *** 232,235 **** --- 232,236 ---- arbitrary SCSI commands */ /* Allow setting encryption key on loopback filesystem */ + /* Allow the selection of a security context */ #define CAP_SYS_ADMIN 21 *************** *** 279,282 **** --- 280,287 ---- #define CAP_LEASE 28 + + /* Allow opening special device file */ + + #define CAP_OPENDEV 29 #ifdef __KERNEL__ diff -rc2P linux-2.4.18/include/linux/devpts_fs_info.h linux-2.4.18ctx-10/include/linux/devpts_fs_info.h *** linux-2.4.18/include/linux/devpts_fs_info.h Wed Dec 31 19:00:00 1969 --- linux-2.4.18ctx-10/include/linux/devpts_fs_info.h Tue Feb 26 22:31:23 2002 *************** *** 0 **** --- 1,4 ---- + struct devpts_inode_info{ + int s_context; + }; + diff -rc2P linux-2.4.18/include/linux/ext2_fs.h linux-2.4.18ctx-10/include/linux/ext2_fs.h *** linux-2.4.18/include/linux/ext2_fs.h Wed Oct 31 15:32:45 2001 --- linux-2.4.18ctx-10/include/linux/ext2_fs.h Tue Mar 19 23:25:19 2002 *************** *** 188,192 **** #define EXT2_COMPR_FL 0x00000004 /* Compress file */ #define EXT2_SYNC_FL 0x00000008 /* Synchronous updates */ ! #define EXT2_IMMUTABLE_FL 0x00000010 /* Immutable file */ #define EXT2_APPEND_FL 0x00000020 /* writes to file may only append */ #define EXT2_NODUMP_FL 0x00000040 /* do not dump file */ --- 188,192 ---- #define EXT2_COMPR_FL 0x00000004 /* Compress file */ #define EXT2_SYNC_FL 0x00000008 /* Synchronous updates */ ! #define EXT2_IMMUTABLE_FILE_FL 0x00000010 /* Immutable file */ #define EXT2_APPEND_FL 0x00000020 /* writes to file may only append */ #define EXT2_NODUMP_FL 0x00000040 /* do not dump file */ *************** *** 199,206 **** /* End compression flags --- maybe not all used */ #define EXT2_BTREE_FL 0x00001000 /* btree format dir */ #define EXT2_RESERVED_FL 0x80000000 /* reserved for ext2 lib */ ! #define EXT2_FL_USER_VISIBLE 0x00001FFF /* User visible flags */ ! #define EXT2_FL_USER_MODIFIABLE 0x000000FF /* User modifiable flags */ /* --- 199,207 ---- /* End compression flags --- maybe not all used */ #define EXT2_BTREE_FL 0x00001000 /* btree format dir */ + #define EXT2_IMMUTABLE_LINK_FL 0x00008000 /* Immutable link */ #define EXT2_RESERVED_FL 0x80000000 /* reserved for ext2 lib */ ! #define EXT2_FL_USER_VISIBLE 0x00009FFF /* User visible flags */ ! #define EXT2_FL_USER_MODIFIABLE 0x000080FF /* User modifiable flags */ /* diff -rc2P linux-2.4.18/include/linux/ext3_fs.h linux-2.4.18ctx-10/include/linux/ext3_fs.h *** linux-2.4.18/include/linux/ext3_fs.h Tue Feb 26 22:22:11 2002 --- linux-2.4.18ctx-10/include/linux/ext3_fs.h Tue Mar 19 23:28:09 2002 *************** *** 191,195 **** #define EXT3_COMPR_FL 0x00000004 /* Compress file */ #define EXT3_SYNC_FL 0x00000008 /* Synchronous updates */ ! #define EXT3_IMMUTABLE_FL 0x00000010 /* Immutable file */ #define EXT3_APPEND_FL 0x00000020 /* writes to file may only append */ #define EXT3_NODUMP_FL 0x00000040 /* do not dump file */ --- 191,195 ---- #define EXT3_COMPR_FL 0x00000004 /* Compress file */ #define EXT3_SYNC_FL 0x00000008 /* Synchronous updates */ ! #define EXT3_IMMUTABLE_FILE_FL 0x00000010 /* Immutable file */ #define EXT3_APPEND_FL 0x00000020 /* writes to file may only append */ #define EXT3_NODUMP_FL 0x00000040 /* do not dump file */ *************** *** 204,211 **** #define EXT3_IMAGIC_FL 0x00002000 /* AFS directory */ #define EXT3_JOURNAL_DATA_FL 0x00004000 /* file data should be journaled */ #define EXT3_RESERVED_FL 0x80000000 /* reserved for ext3 lib */ ! #define EXT3_FL_USER_VISIBLE 0x00005FFF /* User visible flags */ ! #define EXT3_FL_USER_MODIFIABLE 0x000000FF /* User modifiable flags */ /* --- 204,212 ---- #define EXT3_IMAGIC_FL 0x00002000 /* AFS directory */ #define EXT3_JOURNAL_DATA_FL 0x00004000 /* file data should be journaled */ + #define EXT3_IMMUTABLE_LINK_FL 0x00008000 /* Immutable link */ #define EXT3_RESERVED_FL 0x80000000 /* reserved for ext3 lib */ ! #define EXT3_FL_USER_VISIBLE 0x0000DFFF /* User visible flags */ ! #define EXT3_FL_USER_MODIFIABLE 0x000080FF /* User modifiable flags */ /* diff -rc2P linux-2.4.18/include/linux/fs.h linux-2.4.18ctx-10/include/linux/fs.h *** linux-2.4.18/include/linux/fs.h Tue Feb 26 22:22:11 2002 --- linux-2.4.18ctx-10/include/linux/fs.h Tue Mar 19 23:24:38 2002 *************** *** 129,139 **** /* Inode flags - they have nothing to superblock flags now */ ! #define S_SYNC 1 /* Writes are synced at once */ ! #define S_NOATIME 2 /* Do not update access times */ ! #define S_QUOTA 4 /* Quota initialized for file */ ! #define S_APPEND 8 /* Append-only file */ ! #define S_IMMUTABLE 16 /* Immutable file */ ! #define S_DEAD 32 /* removed, but still open directory */ ! #define S_NOQUOTA 64 /* Inode is not counted to quota */ /* --- 129,140 ---- /* Inode flags - they have nothing to superblock flags now */ ! #define S_SYNC 1 /* Writes are synced at once */ ! #define S_NOATIME 2 /* Do not update access times */ ! #define S_QUOTA 4 /* Quota initialized for file */ ! #define S_APPEND 8 /* Append-only file */ ! #define S_IMMUTABLE_FILE 16 /* Immutable file */ ! #define S_DEAD 32 /* removed, but still open directory */ ! #define S_NOQUOTA 64 /* Inode is not counted to quota */ ! #define S_IMMUTABLE_LINK 128 /* Immutable links */ /* *************** *** 159,163 **** #define IS_NOQUOTA(inode) ((inode)->i_flags & S_NOQUOTA) #define IS_APPEND(inode) ((inode)->i_flags & S_APPEND) ! #define IS_IMMUTABLE(inode) ((inode)->i_flags & S_IMMUTABLE) #define IS_NOATIME(inode) (__IS_FLG(inode, MS_NOATIME) || ((inode)->i_flags & S_NOATIME)) #define IS_NODIRATIME(inode) __IS_FLG(inode, MS_NODIRATIME) --- 160,165 ---- #define IS_NOQUOTA(inode) ((inode)->i_flags & S_NOQUOTA) #define IS_APPEND(inode) ((inode)->i_flags & S_APPEND) ! #define IS_IMMUTABLE_FILE(inode) ((inode)->i_flags & S_IMMUTABLE_FILE) ! #define IS_IMMUTABLE_LINK(inode) ((((inode)->i_flags & S_IMMUTABLE_FILE) << 3) ^ ((inode)->i_flags & S_IMMUTABLE_LINK) ) #define IS_NOATIME(inode) (__IS_FLG(inode, MS_NOATIME) || ((inode)->i_flags & S_NOATIME)) #define IS_NODIRATIME(inode) __IS_FLG(inode, MS_NODIRATIME) *************** *** 317,320 **** --- 319,323 ---- #include #include + #include /* *************** *** 358,366 **** * This is the inode attributes flag definitions */ ! #define ATTR_FLAG_SYNCRONOUS 1 /* Syncronous write */ ! #define ATTR_FLAG_NOATIME 2 /* Don't update atime */ ! #define ATTR_FLAG_APPEND 4 /* Append-only file */ ! #define ATTR_FLAG_IMMUTABLE 8 /* Immutable file */ ! #define ATTR_FLAG_NODIRATIME 16 /* Don't update atime for directory */ /* --- 361,370 ---- * This is the inode attributes flag definitions */ ! #define ATTR_FLAG_SYNCRONOUS 1 /* Syncronous write */ ! #define ATTR_FLAG_NOATIME 2 /* Don't update atime */ ! #define ATTR_FLAG_APPEND 4 /* Append-only file */ ! #define ATTR_FLAG_IMMUTABLE_FILE 8 /* Immutable file */ ! #define ATTR_FLAG_NODIRATIME 16 /* Don't update atime for directory */ ! #define ATTR_FLAG_IMMUTABLE_LINK 32 /* Immutable file */ /* *************** *** 507,510 **** --- 511,515 ---- struct usbdev_inode_info usbdev_i; struct jffs2_inode_info jffs2_i; + struct devpts_inode_info devpts_i; void *generic_ip; } u; diff -rc2P linux-2.4.18/include/linux/sched.h linux-2.4.18ctx-10/include/linux/sched.h *** linux-2.4.18/include/linux/sched.h Sat Dec 22 22:38:45 2001 --- linux-2.4.18ctx-10/include/linux/sched.h Wed Apr 3 16:41:02 2002 *************** *** 269,272 **** --- 269,273 ---- struct user_struct *next, **pprev; uid_t uid; + int s_context; }; *************** *** 276,279 **** --- 277,309 ---- __user; }) + + /* + We may have a different domainname and nodename for each security + context. By default, a security context share the same as its + parent, potentially the information in system_utsname + */ + #define S_CTX_INFO_LOCK 1 /* Can't request a new s_context */ + #define S_CTX_INFO_SCHED 2 /* All process in the s_context */ + /* Contribute to the schedular */ + #define S_CTX_INFO_NPROC 4 /* Limit number of processes in a context */ + #define S_CTX_INFO_PRIVATE 8 /* Noone can join this security context */ + #define S_CTX_INFO_INIT 16 /* This process wants to become the */ + /* logical process 1 of the security */ + /* context */ + + + struct context_info{ + int refcount; + int s_context; + char nodename[65]; + char domainname[65]; + int flags; /* S_CTX_INFO_xxx */ + atomic_t ticks; /* Number of ticks used by all process */ + /* in the s_context */ + int initpid; /* PID of the logical process 1 of the */ + /* of the context */ + }; + + extern struct user_struct root_user; #define INIT_USER (&root_user) *************** *** 400,403 **** --- 430,440 ---- size_t sas_ss_size; int (*notifier)(void *priv); + /* Field to make virtual server running in chroot more isolated */ + int s_context; /* Process can only deal with other processes */ + /* with the same s_context */ + __u32 cap_bset; /* Maximum capability of this process and children */ + __u32 ipv4root; /* Process can only bind to this iP */ + __u32 ipv4root_bcast; + struct context_info *s_info; void *notifier_data; sigset_t *notifier_mask; *************** *** 502,505 **** --- 539,543 ---- alloc_lock: SPIN_LOCK_UNLOCKED, \ journal_info: NULL, \ + cap_bset: CAP_INIT_EFF_SET, \ } *************** *** 566,570 **** /* per-UID process charging. */ ! extern struct user_struct * alloc_uid(uid_t); extern void free_uid(struct user_struct *); --- 604,608 ---- /* per-UID process charging. */ ! extern struct user_struct * alloc_uid(int, uid_t); extern void free_uid(struct user_struct *); *************** *** 927,930 **** --- 965,973 ---- return res; } + + /* Manage the reference count of the context_info pointer */ + void sys_release_s_info (struct task_struct *); + void sys_assign_s_info (struct task_struct *); + void sys_alloc_s_info (void); #endif /* __KERNEL__ */ diff -rc2P linux-2.4.18/include/net/route.h linux-2.4.18ctx-10/include/net/route.h *** linux-2.4.18/include/net/route.h Tue Feb 26 22:22:12 2002 --- linux-2.4.18ctx-10/include/net/route.h Wed Apr 3 16:45:16 2002 *************** *** 161,164 **** --- 161,174 ---- { int err; + if (current->ipv4root != 0){ + if (src == 0){ + src = current->ipv4root; + }else if (current->ipv4root != src){ + return -EPERM; + } + if (dst == 0x0100007f && current->s_context != 0){ + dst = current->ipv4root; + } + } err = ip_route_output(rp, dst, src, tos, oif); if (err || (dst && src)) diff -rc2P linux-2.4.18/include/net/sock.h linux-2.4.18ctx-10/include/net/sock.h *** linux-2.4.18/include/net/sock.h Sat Dec 22 22:38:45 2001 --- linux-2.4.18ctx-10/include/net/sock.h Wed Apr 3 16:45:16 2002 *************** *** 526,529 **** --- 526,530 ---- unsigned int allocation; /* Allocation mode */ int sndbuf; /* Size of send buffer in bytes */ + __u32 bcast_addr; /* Local bcast addr, for ipv4root */ struct sock *prev; *************** *** 669,673 **** /* RPC layer private data */ void *user_data; ! /* Callbacks */ void (*state_change)(struct sock *sk); --- 670,677 ---- /* RPC layer private data */ void *user_data; ! ! /* Context of process creating this socket */ ! int s_context; ! /* Callbacks */ void (*state_change)(struct sock *sk); diff -rc2P linux-2.4.18/include/net/tcp.h linux-2.4.18ctx-10/include/net/tcp.h *** linux-2.4.18/include/net/tcp.h Wed Oct 10 11:58:22 2001 --- linux-2.4.18ctx-10/include/net/tcp.h Wed Apr 3 16:50:08 2002 *************** *** 191,194 **** --- 191,195 ---- struct in6_addr v6_rcv_saddr; #endif + int s_context; }; diff -rc2P linux-2.4.18/ipc/util.c linux-2.4.18ctx-10/ipc/util.c *** linux-2.4.18/ipc/util.c Sun Aug 12 20:37:53 2001 --- linux-2.4.18ctx-10/ipc/util.c Tue Feb 26 22:31:23 2002 *************** *** 94,97 **** --- 94,98 ---- for (id = 0; id <= ids->max_id; id++) { + if (ids->entries[id].s_context != current->s_context) continue; p = ids->entries[id].p; if(p==NULL) *************** *** 168,171 **** --- 169,173 ---- spin_lock(&ids->ary); ids->entries[id].p = new; + ids->entries[id].s_context = current->s_context; return id; } diff -rc2P linux-2.4.18/ipc/util.h linux-2.4.18ctx-10/ipc/util.h *** linux-2.4.18/ipc/util.h Mon Feb 19 13:18:18 2001 --- linux-2.4.18ctx-10/ipc/util.h Tue Feb 26 22:31:23 2002 *************** *** 26,29 **** --- 26,30 ---- struct ipc_id { struct kern_ipc_perm* p; + int s_context; // Context owning this ID }; *************** *** 75,80 **** spin_lock(&ids->ary); out = ids->entries[lid].p; ! if(out==NULL) spin_unlock(&ids->ary); return out; } --- 76,85 ---- spin_lock(&ids->ary); out = ids->entries[lid].p; ! if(out==NULL ! || (ids->entries[lid].s_context != current->s_context ! && current->s_context != 1)){ spin_unlock(&ids->ary); + out = NULL; + } return out; } diff -rc2P linux-2.4.18/kernel/exit.c linux-2.4.18ctx-10/kernel/exit.c *** linux-2.4.18/kernel/exit.c Tue Feb 26 22:22:12 2002 --- linux-2.4.18ctx-10/kernel/exit.c Wed Feb 27 14:45:32 2002 *************** *** 66,69 **** --- 66,70 ---- if (current->counter >= MAX_COUNTER) current->counter = MAX_COUNTER; + sys_release_s_info(p); p->pid = 0; free_task_struct(p); *************** *** 159,169 **** { struct task_struct * p, *reaper; read_lock(&tasklist_lock); ! /* Next in our thread group */ reaper = next_thread(father); if (reaper == father) ! reaper = child_reaper; for_each_task(p) { --- 160,178 ---- { struct task_struct * p, *reaper; + struct task_struct *vchild_reaper = child_reaper; read_lock(&tasklist_lock); ! if (father->s_info != NULL){ ! pid_t initpid = father->s_info->initpid; ! if (initpid != 0 ! && father->pid != initpid){ ! struct task_struct *r = find_task_by_pid(initpid); ! if (r != NULL) vchild_reaper = r; ! } ! } /* Next in our thread group */ reaper = next_thread(father); if (reaper == father) ! reaper = vchild_reaper; for_each_task(p) { *************** *** 175,179 **** /* Make sure we're not reparenting to ourselves */ if (p == reaper) ! p->p_opptr = child_reaper; else p->p_opptr = reaper; --- 184,188 ---- /* Make sure we're not reparenting to ourselves */ if (p == reaper) ! p->p_opptr = vchild_reaper; else p->p_opptr = reaper; diff -rc2P linux-2.4.18/kernel/fork.c linux-2.4.18ctx-10/kernel/fork.c *** linux-2.4.18/kernel/fork.c Tue Feb 26 22:22:12 2002 --- linux-2.4.18ctx-10/kernel/fork.c Wed Feb 27 14:48:50 2002 *************** *** 589,592 **** --- 589,596 ---- retval = -EAGAIN; + if (p->s_info != NULL && (p->s_info->flags & S_CTX_INFO_NPROC)!=0){ + if (p->s_info->refcount >= p->rlim[RLIMIT_NPROC].rlim_max) + goto bad_fork_free; + } /* * Check if we are over our maximum process limit, but be sure to *************** *** 598,601 **** --- 602,607 ---- && !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE)) goto bad_fork_free; + + sys_assign_s_info (p); atomic_inc(&p->user->__count); diff -rc2P linux-2.4.18/kernel/printk.c linux-2.4.18ctx-10/kernel/printk.c *** linux-2.4.18/kernel/printk.c Tue Feb 26 22:22:12 2002 --- linux-2.4.18ctx-10/kernel/printk.c Tue Feb 26 22:31:23 2002 *************** *** 173,176 **** --- 173,178 ---- int error = 0; + if (!capable(CAP_SYS_ADMIN) && current->s_context != 0) return -EPERM; + switch (type) { case 0: /* Close log */ diff -rc2P linux-2.4.18/kernel/sched.c linux-2.4.18ctx-10/kernel/sched.c *** linux-2.4.18/kernel/sched.c Sat Dec 22 22:38:45 2001 --- linux-2.4.18ctx-10/kernel/sched.c Tue Feb 26 22:31:23 2002 *************** *** 166,170 **** * over.. */ ! weight = p->counter; if (!weight) goto out; --- 166,176 ---- * over.. */ ! if (p->s_info != NULL ! && (p->s_info->flags & S_CTX_INFO_SCHED)!=0){ ! weight = atomic_read (&p->s_info->ticks)/p->s_info->refcount; ! weight = (weight+p->counter)>>1; ! }else{ ! weight = p->counter; ! } if (!weight) goto out; *************** *** 621,626 **** spin_unlock_irq(&runqueue_lock); read_lock(&tasklist_lock); ! for_each_task(p) p->counter = (p->counter >> 1) + NICE_TO_TICKS(p->nice); read_unlock(&tasklist_lock); spin_lock_irq(&runqueue_lock); --- 627,647 ---- spin_unlock_irq(&runqueue_lock); read_lock(&tasklist_lock); ! /* ! Reset the s_info->ticks to the sum off all ! member processes p->counter ! */ ! for_each_task(p){ ! if (p->s_info != NULL ! && (p->s_info->flags & S_CTX_INFO_SCHED)!=0){ ! atomic_set (&p->s_info->ticks,0); ! } ! } ! for_each_task(p){ p->counter = (p->counter >> 1) + NICE_TO_TICKS(p->nice); + if (p->s_info != NULL + && (p->s_info->flags & S_CTX_INFO_SCHED)!=0){ + atomic_add (p->counter,&p->s_info->ticks); + } + } read_unlock(&tasklist_lock); spin_lock_irq(&runqueue_lock); *** linux-2.4.18/kernel/signal.c Fri Nov 23 15:07:52 2001 --- linux-2.4.18ctx-10/kernel/signal.c Tue Feb 26 22:31:23 2002 *************** *** 593,597 **** read_lock(&tasklist_lock); for_each_task(p) { ! if (p->pgrp == pgrp && thread_group_leader(p)) { int err = send_sig_info(sig, info, p); if (retval) --- 593,599 ---- read_lock(&tasklist_lock); for_each_task(p) { ! if (p->pgrp == pgrp ! && ((long)info==1 ! || p->s_context == current->s_context)) { int err = send_sig_info(sig, info, p); if (retval) *************** *** 712,717 **** p = find_task_by_pid(pid); error = -ESRCH; ! if (p) { #ifdef CONFIG_GRKERNSEC_ACL if( !(gr_check_protected_task(p)) || current->pid == 1) #endif --- 712,718 ---- p = find_task_by_pid(pid); error = -ESRCH; ! if (p != NULL) #ifdef CONFIG_GRKERNSEC_ACL + { if( !(gr_check_protected_task(p)) || current->pid == 1) #endif *************** *** 723,727 **** p = tg; } ! error = send_sig_info(sig, info, p); } } --- 724,742 ---- p = tg; } ! switch((unsigned long)info) { ! case 0: ! if(p->s_context == current->s_context){ ! error = send_sig_info(sig, info, p); ! } ! break; ! case 1: ! error = send_sig_info(sig, info, p); ! break; ! default: ! if( info->si_code == SI_KERNEL ! || p->s_context == current->s_context){ ! error = send_sig_info(sig, info, p); ! } ! break; } } *************** *** 766,770 **** if(!(gr_check_protected_task(p) || current->pid == 1)) #endif ! if (p->pid > 1 && p != current && thread_group_leader(p)) { int err = send_sig_info(sig, info, p); ++count; --- 766,770 ---- if(!(gr_check_protected_task(p) || current->pid == 1)) #endif ! if (p->pid > 1 && p != current && thread_group_leader(p) && p->s_context == current->s_context) { int err = send_sig_info(sig, info, p); ++count; *************** *** 1257,1258 **** --- 1275,1420 ---- } #endif /* !alpha && !__ia64__ && !defined(__mips__) */ + + static int set_initpid (int flags) + { + int ret = 0; + if ((flags & S_CTX_INFO_INIT)!=0){ + if (current->s_info == NULL){ + ret = -EINVAL; + }else if (current->s_info->initpid != 0){ + ret = -EPERM; + }else{ + current->s_info->initpid = current->tgid; + } + } + return ret; + } + + static inline int switch_user_struct(int new_context) + { + struct user_struct *new_user; + + new_user = alloc_uid(new_context, current->uid); + if (!new_user) + return -ENOMEM; + + if (new_user != current->user) { + struct user_struct *old_user = current->user; + + atomic_inc(&new_user->processes); + atomic_dec(&old_user->processes); + current->user = new_user; + free_uid(old_user); + } + return 0; + } + + /* + Change to a new security context and reduce the capability + basic set of the current process + */ + asmlinkage int + sys_new_s_context(int ctx, __u32 remove_cap, int flags) + { + #define MAX_S_CONTEXT 65535 /* Arbitrary limit */ + int ret = -EPERM; + if (ctx == -1){ + if (current->s_info == NULL + || (current->s_info->flags & S_CTX_INFO_LOCK) == 0){ + /* Ok we allocate a new context. For now, we just increase */ + /* it. Wrap around possible, so we loop */ + static int alloc_ctx=1; + static spinlock_t alloc_ctx_lock = SPIN_LOCK_UNLOCKED; + spin_lock(&alloc_ctx_lock); + while (1){ + int found = 0; + struct task_struct *p; + alloc_ctx++; + /* The s_context 1 is special. It sess all processes */ + if (alloc_ctx == 1){ + alloc_ctx++; + }else if (alloc_ctx > MAX_S_CONTEXT){ + // No need to grow and grow + alloc_ctx = 2; + } + /* Check if in use */ + read_lock(&tasklist_lock); + for_each_task(p) { + if (p->s_context == alloc_ctx){ + found = 1; + break; + } + } + read_unlock(&tasklist_lock); + if (!found) break; + } + ret = switch_user_struct(alloc_ctx); + if (ret == 0) { + current->s_context = alloc_ctx; + current->cap_bset &= (~remove_cap); + ret = alloc_ctx; + sys_alloc_s_info(); + if (current->s_info != NULL) { + set_initpid (flags); + current->s_info->flags |= flags; + } + } + spin_unlock(&alloc_ctx_lock); + } + }else if (ctx == -2){ + ret = set_initpid(flags); + if (ret == 0){ + /* We keep the same s_context, but lower the capabilities */ + current->cap_bset &= (~remove_cap); + ret = current->s_context; + if (current->s_info != NULL){ + if ((flags & S_CTX_INFO_INIT)!=0){ + current->s_info->initpid = current->tgid; + } + current->s_info->flags |= flags; + } + } + }else if (ctx <= 0 || ctx > MAX_S_CONTEXT){ + ret = -EINVAL; + }else if (current->s_context == 0 + && capable(CAP_SYS_ADMIN) + && (current->s_info == NULL + ||(current->s_info->flags & S_CTX_INFO_LOCK) == 0)){ + /* The root context can become any context it wants */ + int found = 0; + struct task_struct *p; + /* Check if in use so we reuse the same context_info */ + read_lock(&tasklist_lock); + ret = ctx; + for_each_task(p) { + if (p->s_context == ctx){ + found = 1; + if (p->s_info == NULL + || (p->s_info->flags & S_CTX_INFO_PRIVATE)==0){ + sys_release_s_info(current); + sys_assign_s_info (p); + current->s_info = p->s_info; + }else{ + ret = -EPERM; + } + break; + } + } + read_unlock(&tasklist_lock); + if (ret == ctx) { + ret = switch_user_struct(ctx); + if (ret == 0) { + current->s_context = ctx; + current->cap_bset &= (~remove_cap); + if (!found) { + sys_alloc_s_info(); + } + if (current->s_info != NULL) { + current->s_info->flags |= flags; + } + } + } + } + return ret; + } + diff -rc2P linux-2.4.18/kernel/sys.c linux-2.4.18ctx-10/kernel/sys.c *** linux-2.4.18/kernel/sys.c Tue Feb 26 22:22:12 2002 --- linux-2.4.18ctx-10/kernel/sys.c Tue Feb 26 22:31:23 2002 *************** *** 7,10 **** --- 7,11 ---- #include #include + #include #include #include *************** *** 500,504 **** * we should be checking for it. -DaveM */ ! new_user = alloc_uid(new_ruid); if (!new_user) return -EAGAIN; --- 501,505 ---- * we should be checking for it. -DaveM */ ! new_user = alloc_uid(current->s_context, new_ruid); if (!new_user) return -EAGAIN; *************** *** 1016,1022 **** { int errno = 0; down_read(&uts_sem); ! if (copy_to_user(name,&system_utsname,sizeof *name)) errno = -EFAULT; up_read(&uts_sem); --- 1017,1032 ---- { int errno = 0; + struct new_utsname tmp,*pttmp; down_read(&uts_sem); ! if (current->s_info != NULL){ ! tmp = system_utsname; ! strcpy (tmp.nodename,current->s_info->nodename); ! strcpy (tmp.domainname,current->s_info->domainname); ! pttmp = &tmp; ! }else{ ! pttmp = &system_utsname; ! } ! if (copy_to_user(name,pttmp,sizeof *name)) errno = -EFAULT; up_read(&uts_sem); *************** *** 1024,1030 **** --- 1034,1095 ---- } + /* + Decrease the reference count on the context_info member of a task + Free the struct if the reference count reach 0. + */ + void sys_release_s_info (struct task_struct *p) + { + down_write (&uts_sem); + if (p->s_info != NULL){ + p->s_info->refcount--; + if (p->s_info->refcount == 0){ + // printk ("vfree s_info %d\n",p->pid); + vfree (p->s_info); + p->s_info = NULL; + } + } + up_write (&uts_sem); + } + /* + Increase the reference count on the context_info member of a task + */ + void sys_assign_s_info (struct task_struct *p) + { + down_write (&uts_sem); + if (p->s_info != NULL) p->s_info->refcount++; + up_write (&uts_sem); + } + + /* + Alloc a new s_info to the current process and release + the one currently owned by the current process. + */ + void sys_alloc_s_info() + { + struct context_info *s_info = vmalloc(sizeof(struct context_info)); + // printk ("new s_info %d\n",current->pid); + s_info->s_context = current->s_context; + s_info->refcount = 1; + atomic_set (&s_info->ticks,current->counter); + s_info->flags = 0; + s_info->initpid = 0; + down_read (&uts_sem); + if (current->s_info != NULL){ + strcpy (s_info->nodename,current->s_info->nodename); + strcpy (s_info->domainname,current->s_info->domainname); + }else{ + strcpy (s_info->nodename,system_utsname.nodename); + strcpy (s_info->domainname,system_utsname.domainname); + } + up_read (&uts_sem); + sys_release_s_info (current); + current->s_info = s_info; + } + + asmlinkage long sys_sethostname(char *name, int len) { int errno; + char *nodename; if (!capable(CAP_SYS_ADMIN)) *************** *** 1034,1039 **** down_write(&uts_sem); errno = -EFAULT; ! if (!copy_from_user(system_utsname.nodename, name, len)) { ! system_utsname.nodename[len] = 0; errno = 0; } --- 1099,1106 ---- down_write(&uts_sem); errno = -EFAULT; ! nodename = system_utsname.nodename; ! if (current->s_info) nodename = current->s_info->nodename; ! if (!copy_from_user(nodename, name, len)) { ! nodename[len] = 0; errno = 0; } *************** *** 1045,1057 **** { int i, errno; if (len < 0) return -EINVAL; down_read(&uts_sem); ! i = 1 + strlen(system_utsname.nodename); if (i > len) i = len; errno = 0; ! if (copy_to_user(name, system_utsname.nodename, i)) errno = -EFAULT; up_read(&uts_sem); --- 1112,1127 ---- { int i, errno; + char *nodename; if (len < 0) return -EINVAL; down_read(&uts_sem); ! nodename = system_utsname.nodename; ! if (current->s_info != NULL) nodename = current->s_info->nodename; ! i = 1 + strlen(nodename); if (i > len) i = len; errno = 0; ! if (copy_to_user(name, nodename, i)) errno = -EFAULT; up_read(&uts_sem); *************** *** 1268,1271 **** --- 1268,1272 ---- { int errno; + char *domainname; if (!capable(CAP_SYS_ADMIN)) *************** *** 1073,1080 **** down_write(&uts_sem); errno = -EFAULT; ! if (!copy_from_user(system_utsname.domainname, name, len)) { errno = 0; ! system_utsname.domainname[len] = 0; } up_write(&uts_sem); --- 1144,1153 ---- down_write(&uts_sem); + domainname = system_utsname.domainname; + if (current->s_info) domainname = current->s_info->domainname; errno = -EFAULT; ! if (!copy_from_user(domainname, name, len)) { errno = 0; ! domainname[len] = 0; } up_write(&uts_sem); diff -rc2P linux-2.4.18/kernel/sysctl.c linux-2.4.18ctx-10/kernel/sysctl.c *** linux-2.4.18/kernel/sysctl.c Sat Dec 22 22:38:45 2001 --- linux-2.4.18ctx-10/kernel/sysctl.c Tue Feb 26 22:31:23 2002 *************** *** 380,383 **** --- 380,384 ---- static int test_perm(int mode, int op) { + if (!capable(CAP_SYS_ADMIN)) mode &= ~(0222); if (!current->euid) mode >>= 6; *************** *** 794,798 **** --- 795,810 ---- { int r; + ctl_table tmp; + /* HACK for per s_context hostname and domainname */ + if (current->s_info != NULL){ + tmp = *table; + table = &tmp; + if (table->data == (void*)&system_utsname.nodename){ + tmp.data = ¤t->s_info->nodename; + }else if (table->data == (void*)&system_utsname.domainname){ + tmp.data = ¤t->s_info->domainname; + } + } if (!write) { down_read(&uts_sem); diff -rc2P linux-2.4.18/kernel/timer.c linux-2.4.18ctx-10/kernel/timer.c *** linux-2.4.18/kernel/timer.c Wed Oct 10 11:58:22 2001 --- linux-2.4.18ctx-10/kernel/timer.c Tue Feb 26 22:31:23 2002 *************** *** 584,587 **** --- 584,592 ---- update_one_process(p, user_tick, system, cpu); if (p->pid) { + if (p->s_info != NULL + && (p->s_info->flags & S_CTX_INFO_SCHED)!=0){ + // atomic_sub (ticks*p->s_info->refcount, &p->s_info->ticks); + atomic_dec (&p->s_info->ticks); + } if (--p->counter <= 0) { p->counter = 0; *************** *** 720,723 **** --- 725,733 ---- { /* This is SMP safe - current->pid doesn't change */ + if (current->s_info != NULL + && current->s_info->initpid == current->tgid){ + /* We are faking process 1 for this security context */ + return 1; + } return current->tgid; } *************** *** 765,768 **** --- 775,784 ---- #endif break; + } + if (pid != 0 + && current->s_info != NULL + && current->s_info->initpid == pid){ + /* We are faking process 1 for this security context */ + pid = 1; } return pid; diff -rc2P linux-2.4.18/kernel/user.c linux-2.4.18ctx-10/kernel/user.c *** linux-2.4.18/kernel/user.c Wed Nov 29 01:43:39 2000 --- linux-2.4.18ctx-10/kernel/user.c Tue Feb 26 22:31:23 2002 *************** *** 7,10 **** --- 7,23 ---- * processes, files etc the user has claimed, in order to be * able to have per-user limits for system resources. + * + * For the vserver project, the key is extended from UID to (SC,UID), + * with SC being the security context ID. Thus, each security context + * has independant per-UID resource usage counters. + * + * As a consequence, even if two UIDs are the same, the 'struct user *' + * in their task_struct could be different. I don't think any code cares. + * + * (vserver modifications done Sun Jan 13 08:48:45 CET 2002 by bof@bof.de) + * + * NOTE: For now, the hash function is unmodified: the same uid in several + * security contexts, will always sit on the same hash chain. This could + * be changed easily. */ *************** *** 57,61 **** } ! static inline struct user_struct *uid_hash_find(uid_t uid, struct user_struct **hashent) { struct user_struct *next; --- 70,74 ---- } ! static inline struct user_struct *uid_hash_find(int s_context, uid_t uid, struct user_struct **hashent) { struct user_struct *next; *************** *** 66,70 **** if (next) { next = up->next; ! if (up->uid != uid) continue; atomic_inc(&up->__count); --- 79,83 ---- if (next) { next = up->next; ! if (up->uid != uid || up->s_context != s_context) continue; atomic_inc(&up->__count); *************** *** 83,87 **** } ! struct user_struct * alloc_uid(uid_t uid) { struct user_struct **hashent = uidhashentry(uid); --- 96,100 ---- } ! struct user_struct * alloc_uid(int s_context, uid_t uid) { struct user_struct **hashent = uidhashentry(uid); *************** *** 89,93 **** spin_lock(&uidhash_lock); ! up = uid_hash_find(uid, hashent); spin_unlock(&uidhash_lock); --- 102,106 ---- spin_lock(&uidhash_lock); ! up = uid_hash_find(s_context, uid, hashent); spin_unlock(&uidhash_lock); *************** *** 99,102 **** --- 112,116 ---- return NULL; new->uid = uid; + new->s_context = s_context; atomic_set(&new->__count, 1); atomic_set(&new->processes, 0); *************** *** 108,112 **** */ spin_lock(&uidhash_lock); ! up = uid_hash_find(uid, hashent); if (up) { kmem_cache_free(uid_cachep, new); --- 122,126 ---- */ spin_lock(&uidhash_lock); ! up = uid_hash_find(s_context, uid, hashent); if (up) { kmem_cache_free(uid_cachep, new); diff -rc2P linux-2.4.18/net/ipv4/af_inet.c linux-2.4.18ctx-10/net/ipv4/af_inet.c *** linux-2.4.18/net/ipv4/af_inet.c Sat Dec 22 22:38:46 2001 --- linux-2.4.18ctx-10/net/ipv4/af_inet.c Mon Mar 18 12:26:22 2002 *************** *** 394,397 **** --- 394,399 ---- sk->protinfo.af_inet.mc_list = NULL; + sk->s_context = current->s_context; + #ifdef INET_REFCNT_DEBUG atomic_inc(&inet_sock_nr); *************** *** 478,481 **** --- 480,485 ---- int chk_addr_ret; int err; + __u32 s_addr; + __u32 bcast_addr = 0xffffffffl; /* If the socket has its own bind function then use it. (RAW) */ *************** *** 486,490 **** return -EINVAL; ! chk_addr_ret = inet_addr_type(addr->sin_addr.s_addr); /* Not specified by any standard per-se, however it breaks too --- 490,507 ---- return -EINVAL; ! s_addr = addr->sin_addr.s_addr; ! if (current->ipv4root != 0){ ! // printk ("ipv4root0 %08lx %08x\n",current->ipv4root,s_addr); ! if (s_addr == 0){ ! s_addr = current->ipv4root; ! bcast_addr = current->ipv4root_bcast; ! }else if (s_addr == 0x0100007f){ ! s_addr = current->ipv4root; ! }else if (s_addr != current->ipv4root){ ! return -EADDRNOTAVAIL; ! } ! } ! chk_addr_ret = inet_addr_type(s_addr); ! // printk ("ipv4root %08lx %08x %d\n",current->ipv4root,s_addr,chk_addr_ret); /* Not specified by any standard per-se, however it breaks too *************** *** 497,501 **** if (sysctl_ip_nonlocal_bind == 0 && sk->protinfo.af_inet.freebind == 0 && ! addr->sin_addr.s_addr != INADDR_ANY && chk_addr_ret != RTN_LOCAL && chk_addr_ret != RTN_MULTICAST && --- 514,518 ---- if (sysctl_ip_nonlocal_bind == 0 && sk->protinfo.af_inet.freebind == 0 && ! s_addr != INADDR_ANY && chk_addr_ret != RTN_LOCAL && chk_addr_ret != RTN_MULTICAST && *************** *** 522,526 **** goto out; ! sk->rcv_saddr = sk->saddr = addr->sin_addr.s_addr; if (chk_addr_ret == RTN_MULTICAST || chk_addr_ret == RTN_BROADCAST) sk->saddr = 0; /* Use device */ --- 539,544 ---- goto out; ! sk->rcv_saddr = sk->saddr = s_addr; ! sk->bcast_addr = bcast_addr; if (chk_addr_ret == RTN_MULTICAST || chk_addr_ret == RTN_BROADCAST) sk->saddr = 0; /* Use device */ diff -rc2P linux-2.4.18/net/ipv4/devinet.c linux-2.4.18ctx-10/net/ipv4/devinet.c *** linux-2.4.18/net/ipv4/devinet.c Sat Dec 22 22:38:46 2001 --- linux-2.4.18ctx-10/net/ipv4/devinet.c Tue Feb 26 22:31:23 2002 *************** *** 559,563 **** goto done; } ! switch(cmd) { case SIOCGIFADDR: /* Get interface address */ --- 559,569 ---- goto done; } ! if (ifa != NULL ! && current->s_context != 0 ! && current->ipv4root != 0 ! && current->ipv4root != ifa->ifa_local){ ! ret = -EADDRNOTAVAIL; ! goto done; ! } switch(cmd) { case SIOCGIFADDR: /* Get interface address */ *************** *** 692,695 **** --- 698,705 ---- for ( ; ifa; ifa = ifa->ifa_next) { + // We do not show other IP devices to vservers + if (current->s_context != 0 + && current->ipv4root != 0 + && current->ipv4root != ifa->ifa_local) continue; if (!buf) { done += sizeof(ifr); *************** *** 909,912 **** --- 919,925 ---- for (ifa = in_dev->ifa_list, ip_idx = 0; ifa; ifa = ifa->ifa_next, ip_idx++) { + if (current->s_context != 0 + && current->ipv4root != 0 + && current->ipv4root != ifa->ifa_local) continue; if (ip_idx < s_ip_idx) continue; diff -rc2P linux-2.4.18/net/ipv4/raw.c linux-2.4.18ctx-10/net/ipv4/raw.c *** linux-2.4.18/net/ipv4/raw.c Tue Jul 10 19:11:43 2001 --- linux-2.4.18ctx-10/net/ipv4/raw.c Tue Feb 26 22:31:23 2002 *************** *** 658,662 **** for (sk = raw_v4_htable[i]; sk; sk = sk->next, num++) { ! if (sk->family != PF_INET) continue; pos += 128; --- 658,662 ---- for (sk = raw_v4_htable[i]; sk; sk = sk->next, num++) { ! if (sk->family != PF_INET || (current->s_context != 1 && sk->s_context != current->s_context)) continue; pos += 128; diff -rc2P linux-2.4.18/net/ipv4/tcp_ipv4.c linux-2.4.18ctx-10/net/ipv4/tcp_ipv4.c *** linux-2.4.18/net/ipv4/tcp_ipv4.c Tue Feb 26 22:22:12 2002 --- linux-2.4.18ctx-10/net/ipv4/tcp_ipv4.c Tue Feb 26 22:31:23 2002 *************** *** 2074,2077 **** --- 2074,2080 ---- struct tcp_opt *tp = &(sk->tp_pinfo.af_tcp); + if (current->s_context != 1 && sk->s_context != current->s_context) + continue; + if (!TCP_INET_FAMILY(sk->family)) goto skip_listen; *************** *** 2127,2131 **** read_lock(&head->lock); for(sk = head->chain; sk; sk = sk->next, num++) { ! if (!TCP_INET_FAMILY(sk->family)) continue; pos += TMPSZ; --- 2130,2134 ---- read_lock(&head->lock); for(sk = head->chain; sk; sk = sk->next, num++) { ! if (!TCP_INET_FAMILY(sk->family) || (current->s_context != 1 && sk->s_context != current->s_context)) continue; pos += TMPSZ; *************** *** 2142,2146 **** tw != NULL; tw = (struct tcp_tw_bucket *)tw->next, num++) { ! if (!TCP_INET_FAMILY(tw->family)) continue; pos += TMPSZ; --- 2145,2149 ---- tw != NULL; tw = (struct tcp_tw_bucket *)tw->next, num++) { ! if (!TCP_INET_FAMILY(tw->family) || (current->s_context != 1 && tw->s_context != current->s_context)) continue; pos += TMPSZ; diff -rc2P linux-2.4.18/net/ipv4/tcp_minisocks.c linux-2.4.18ctx-10/net/ipv4/tcp_minisocks.c *** linux-2.4.18/net/ipv4/tcp_minisocks.c Wed Oct 10 11:58:23 2001 --- linux-2.4.18ctx-10/net/ipv4/tcp_minisocks.c Tue Feb 26 22:31:23 2002 *************** *** 382,385 **** --- 382,387 ---- tw->pprev_death = NULL; + tw->s_context = sk->s_context; + #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) if(tw->family == PF_INET6) { diff -rc2P linux-2.4.18/net/ipv4/udp.c linux-2.4.18ctx-10/net/ipv4/udp.c *** linux-2.4.18/net/ipv4/udp.c Tue Feb 26 22:22:12 2002 --- linux-2.4.18ctx-10/net/ipv4/udp.c Mon Mar 18 13:26:18 2002 *************** *** 273,277 **** (s->daddr && s->daddr!=rmt_addr) || (s->dport != rmt_port && s->dport != 0) || ! (s->rcv_saddr && s->rcv_saddr != loc_addr) || (s->bound_dev_if && s->bound_dev_if != dif)) continue; --- 273,277 ---- (s->daddr && s->daddr!=rmt_addr) || (s->dport != rmt_port && s->dport != 0) || ! (s->rcv_saddr && s->rcv_saddr != loc_addr && s->bcast_addr != loc_addr) || (s->bound_dev_if && s->bound_dev_if != dif)) continue; *************** *** 988,992 **** for (sk = udp_hash[i]; sk; sk = sk->next, num++) { ! if (sk->family != PF_INET) continue; pos += 128; --- 988,992 ---- for (sk = udp_hash[i]; sk; sk = sk->next, num++) { ! if (sk->family != PF_INET || (current->s_context != 1 && sk->s_context != current->s_context)) continue; pos += 128; diff -rc2P linux-2.4.18/net/ipv6/raw.c linux-2.4.18ctx-10/net/ipv6/raw.c *** linux-2.4.18/net/ipv6/raw.c Thu Sep 20 17:12:56 2001 --- linux-2.4.18ctx-10/net/ipv6/raw.c Tue Feb 26 22:31:23 2002 *************** *** 798,802 **** for (sk = raw_v6_htable[i]; sk; sk = sk->next, num++) { ! if (sk->family != PF_INET6) continue; pos += LINE_LEN+1; --- 798,802 ---- for (sk = raw_v6_htable[i]; sk; sk = sk->next, num++) { ! if (sk->family != PF_INET6 || (current->s_context != 1 && sk->s_context != current->s_context)) continue; pos += LINE_LEN+1; diff -rc2P linux-2.4.18/net/ipv6/tcp_ipv6.c linux-2.4.18ctx-10/net/ipv6/tcp_ipv6.c *** linux-2.4.18/net/ipv6/tcp_ipv6.c Tue Feb 26 22:22:13 2002 --- linux-2.4.18ctx-10/net/ipv6/tcp_ipv6.c Tue Feb 26 22:31:23 2002 *************** *** 2007,2011 **** struct tcp_opt *tp = &(sk->tp_pinfo.af_tcp); ! if (sk->family != PF_INET6) continue; pos += LINE_LEN+1; --- 2007,2011 ---- struct tcp_opt *tp = &(sk->tp_pinfo.af_tcp); ! if (sk->family != PF_INET6 || (current->s_context != 1 && sk->s_context != current->s_context)) continue; pos += LINE_LEN+1; *************** *** 2057,2061 **** read_lock(&head->lock); for(sk = head->chain; sk; sk = sk->next, num++) { ! if (sk->family != PF_INET6) continue; pos += LINE_LEN+1; --- 2057,2061 ---- read_lock(&head->lock); for(sk = head->chain; sk; sk = sk->next, num++) { ! if (sk->family != PF_INET6 || (current->s_context != 1 && sk->s_context != current->s_context)) continue; pos += LINE_LEN+1; *************** *** 2072,2076 **** tw != NULL; tw = (struct tcp_tw_bucket *)tw->next, num++) { ! if (tw->family != PF_INET6) continue; pos += LINE_LEN+1; --- 2072,2076 ---- tw != NULL; tw = (struct tcp_tw_bucket *)tw->next, num++) { ! if (tw->family != PF_INET6 || (current->s_context != 1 && tw->s_context != current->s_context)) continue; pos += LINE_LEN+1; diff -rc2P linux-2.4.18/net/ipv6/udp.c linux-2.4.18ctx-10/net/ipv6/udp.c *** linux-2.4.18/net/ipv6/udp.c Fri Sep 7 14:01:21 2001 --- linux-2.4.18ctx-10/net/ipv6/udp.c Tue Feb 26 22:31:23 2002 *************** *** 953,957 **** for (sk = udp_hash[i]; sk; sk = sk->next, num++) { ! if (sk->family != PF_INET6) continue; pos += LINE_LEN+1; --- 953,957 ---- for (sk = udp_hash[i]; sk; sk = sk->next, num++) { ! if (sk->family != PF_INET6 || (current->s_context != 1 && sk->s_context != current->s_context)) continue; pos += LINE_LEN+1; diff -rc2P linux-2.4.18/net/socket.c linux-2.4.18ctx-10/net/socket.c *** linux-2.4.18/net/socket.c Sat Dec 22 22:38:47 2001 --- linux-2.4.18ctx-10/net/socket.c Wed Apr 3 16:41:02 2002 *************** *** 1764,1765 **** --- 1764,1778 ---- return len; } + + asmlinkage int sys_set_ipv4root (__u32 ip, __u32 bcast) + { + int ret = -EPERM; + if (current->ipv4root == 0 + || capable(CAP_SYS_ADMIN)){ + ret = 0; + current->ipv4root = ip; + current->ipv4root_bcast = bcast; + } + return ret; + } + diff -rc2P linux-2.4.18/net/unix/af_unix.c linux-2.4.18ctx-10/net/unix/af_unix.c *** linux-2.4.18/net/unix/af_unix.c Tue Feb 26 22:22:13 2002 --- linux-2.4.18ctx-10/net/unix/af_unix.c Tue Feb 26 22:31:23 2002 *************** *** 480,483 **** --- 480,485 ---- sk->write_space = unix_write_space; + sk->s_context = current->s_context; + sk->max_ack_backlog = sysctl_unix_max_dgram_qlen; sk->destruct = unix_sock_destructor; *************** *** 1751,1754 **** --- 1753,1759 ---- forall_unix_sockets (i,s) { + if (current->s_context != 1 && s->s_context != current->s_context) + continue; + unix_state_rlock(s); --------------090005060508000700050403-- From vserver.error@solucorp.qc.ca Mon May 6 23:03:47 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g4733k3Q004040; Mon, 6 May 2002 23:03:46 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g472gLa17799 for vserver.list; Mon, 6 May 2002 22:42:21 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from hotmail.com (f104.law3.hotmail.com [209.185.241.104]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g472gKh17794 for ; Mon, 6 May 2002 22:42:21 -0400 Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 6 May 2002 19:42:20 -0700 Received: from 209.128.145.94 by lw3fd.law3.hotmail.msn.com with HTTP; Tue, 07 May 2002 02:42:19 GMT X-Originating-IP: [209.128.145.94] From: "Nathan Hoult" To: vserver@solucorp.qc.ca Subject: [vserver] An idea that i hope is not to stupid: Date: Tue, 07 May 2002 02:42:19 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 07 May 2002 02:42:20.0664 (UTC) FILETIME=[CF545F80:01C1F570] Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.8 required=5.0 tests=FORGED_HOTMAIL_RCVD version=2.01 Status: RO X-Status: X-Keywords: X-UID: 544 I would like to be able to run 2+ people on the same computer using 2+ mice , 2+ keyboards, 2+ monitors, 2+ sound cards. There is a hack for X at : http://cambuca.ldhs.cetuc.puc-rio.br/multiuser/ . This doesnt work well and can be very unstable to get started. I have got it working and infact played about 10 hours of Diablo2 multiplayer with my brother. The problem is that i HAVE to boot up off the PCI card (NVIDIA TNT), and use the GF2 card as 2nd. this isnt THAT bad but the 2nd output cant do full screen, which can be tolerated but if the master terminal switched VT the entire system freezes and i cant even telnet in, which isnt that bad except i cant use a X login manager (eg: gdm) because if the master user logs out it had a 33% chance of freezing the 2nd user, which is ok but i have to reboot because i cant switch VT. there was a discussion at: http://www.kerneltrap.org/node.php?id=146 about working on the Linux VT setup to allow more than one display. My crazy idea is using Virtual Linux and having a configuration file that will tell the Virtual Linux to "see" PCI spot (eg: PCI:0:7:0 my TNT video card address), "/bin/input/eventX" (USB keyboayrd), "/bin/input/mice" (usb mouse), and my PCI address of the sound card (that i dont have second one yet). When you start the Virtual Linux it will activate what it "sees" so you could install X on VLinux, syslink to /home or whatever. I havent used Virtual server yet so i dont know what it is like or what it is capible of. (rant) the Kernel programers are saying X, and X is saying Kernel, then people ask why and that computers are not powerfull enough, well if my Ath 1.33 with 256 DDR can run Diablo2 server+ 2 clients in wine with low/no lag, or run server + 2 clients of Return to Castle Wolf, then what could a $150 more dual Ath do? well over performance of say 2 celrons (that i would have to throw away in 1.5 years anyhow). _________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx From vserver.error@solucorp.qc.ca Tue May 7 01:17:40 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g475Hd3Q005142; Tue, 7 May 2002 01:17:40 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g474r6l20788 for vserver.list; Tue, 7 May 2002 00:53:06 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from prserv.net (out2.prserv.net [32.97.166.32]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g474r5h20784 for ; Tue, 7 May 2002 00:53:05 -0400 Received: from slip139-92-140-48.dub.ie.prserv.net ([139.92.140.48]) by prserv.net (out2) with SMTP id <2002050704530320200i1o59e>; Tue, 7 May 2002 04:53:04 +0000 Subject: [vserver] Openldap server on vserver From: Lew Teck Kheng To: Vserver mailing list Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.3.99 Date: 07 May 2002 12:52:54 +0800 Message-Id: <1020747177.4420.57.camel@maximus> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-99.2 required=5.0 tests=A_FROM_IN_AUTO_WLIST,KNOWN_BAD_DIALUPS version=2.01 Status: RO X-Status: X-Keywords: X-UID: 545 hi all : I tried to setup a openldap server on a vserver but when i try to start the openldap server it cannot be start and complained about "Broken Pipe" ? Have anyone manage to setup a openldap server on a vserver ? many many thanks cheers From vserver.error@solucorp.qc.ca Tue May 7 01:46:53 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g475kq3Q005480; Tue, 7 May 2002 01:46:53 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g475Xc421569 for vserver.list; Tue, 7 May 2002 01:33:38 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail1.lga.net.sg (mail1.lga.net.sg [203.92.64.241]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g475Xah21565 for ; Tue, 7 May 2002 01:33:37 -0400 Received: (qmail 10328 invoked from network); 7 May 2002 05:33:35 -0000 Received: from unknown (HELO localhost.localdomain) (203.92.90.66) by mail1.lga.net.sg with SMTP; 7 May 2002 05:33:35 -0000 Subject: Re: [vserver] Openldap server on vserver From: Meng Kuan To: vserver@solucorp.qc.ca In-Reply-To: <1020747177.4420.57.camel@maximus> References: <1020747177.4420.57.camel@maximus> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.3 Date: 07 May 2002 13:33:35 +0800 Message-Id: <1020749615.24746.1.camel@tao.lga.net.sg> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 546 Hi, I am able to set up openldap on a debian vserver. So it should work on other distributions. cheers, mengkuan On Tue, 2002-05-07 at 12:52, Lew Teck Kheng wrote: > hi all : > > I tried to setup a openldap server on a vserver but when i try to start > the openldap server it cannot be start and complained about "Broken > Pipe" ? > > Have anyone manage to setup a openldap server on a vserver ? > > many many thanks > > cheers > From vserver.error@solucorp.qc.ca Tue May 7 02:19:45 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g476Ji3Q005690; Tue, 7 May 2002 02:19:44 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g475vsi21943 for vserver.list; Tue, 7 May 2002 01:57:54 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from taz.eijk.nu (node-d-0565.a2000.nl [62.195.5.101]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g475vrh21939 for ; Tue, 7 May 2002 01:57:53 -0400 Received: from eijk.nu (localhost.localdomain [127.0.0.1]) by taz.eijk.nu (8.12.1/linuxconf) with ESMTP id g475uqOt001507 for ; Tue, 7 May 2002 07:56:52 +0200 Message-ID: <3CD76CA4.1070008@eijk.nu> Date: Tue, 07 May 2002 07:56:52 +0200 From: Stefan van der Eijk User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0rc1) Gecko/00200203 X-Accept-Language: en-us, en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] GR security & CTX References: <3CD5A1C8.2060406@eijk.nu> <20020506194418.561E111851@blue.wowweb.dk> <3CD6EB4F.5000308@eijk.nu> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.7 required=5.0 tests=SUPERLONG_LINE version=2.01 Status: RO X-Status: X-Keywords: X-UID: 547 Stefan van der Eijk wrote: > Jesper Andersen wrote: > >> On Sunday 05 May 2002 23:19, you wrote: >> >> >> >>> I'm trying to get the CTX patch to work with Mandrake's development >>> kernels. While applying the patch I noticed that the CTX patch >>> conflicts >>> with an earlier applied patch (the gr security patch, see >>> http://www.grsecurity.org/ ). Before I continue trying to figure >>> things >>> out I've got a few questions: >>> >> >> >> If you get et working please tell. >> > I'm trying to compile it, but the build is hanging on: Yesterday's error seems to be gone (I did some tweaking in the patch, the patch was attached to my post yesterday), but a new one has come up: /usr/bin/gcc-3.0.4 -D__KERNEL__ -I/home/cooker/RPM/BUILD/linux/include -Wall -Wstrict-prototypes -Wno-trigraphs -O2 -fno-strict-aliasing -fno-common -fomit-frame-pointer -pipe -mpreferred-stack-boundary=2 -march=i586 -DMODULE -DMODVERSIONS -include /home/cooker/RPM/BUILD/linux/include/linux/modversions.h -nostdinc -I /usr/lib/gcc-lib/i586-mandrake-linux-gnu/3.0.4/include -DKBUILD_BASENAME=inode -c -o inode.o inode.c inode.c: In function `reiserfs_new_inode': inode.c:1528: `EXT2_IMMUTABLE_FL' undeclared (first use in this function) inode.c:1528: (Each undeclared identifier is reported only once inode.c:1528: for each function it appears in.) inode.c:1590: `S_IMMUTABLE' undeclared (first use in this function) inode.c: In function `sd_attrs_to_i_attrs': inode.c:2127: `EXT2_IMMUTABLE_FL' undeclared (first use in this function) inode.c:2128: `S_IMMUTABLE' undeclared (first use in this function) inode.c: In function `i_attrs_to_sd_attrs': inode.c:2145: `S_IMMUTABLE' undeclared (first use in this function) inode.c:2146: `EXT2_IMMUTABLE_FL' undeclared (first use in this function) make[2]: *** [inode.o] Error 1 make[2]: Leaving directory `/home/cooker/RPM/BUILD/linux/fs/reiserfs' make[1]: *** [_modsubdir_reiserfs] Error 2 make[1]: Leaving directory `/home/cooker/RPM/BUILD/linux/fs' make: *** [_mod_fs] Error 2 error: Bad exit status from /home/cooker/tmp/rpm-tmp.46847 (%build) RPM build errors: Bad exit status from /home/cooker/tmp/rpm-tmp.46847 (%build) Full buildoutput: http://localhost/build/new_i586/i586/problem/kernel-2.4.18.14mdk_ctx10-1-1mdk.src.rpm.txt src.rpm: http://node-d-0565.a2000.nl/new_i586/kernel-2.4.18.14mdk_ctx10-1-1mdk.src.rpm So I guess I need to look at the inode.c patch... Stefan From vserver.error@solucorp.qc.ca Tue May 7 05:58:18 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g479wI3Q008573; Tue, 7 May 2002 05:58:18 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g479Mr726749 for vserver.list; Tue, 7 May 2002 05:22:53 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from force.4t2.com (force.4t2.com [195.230.37.100]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g479Mqh26745 for ; Tue, 7 May 2002 05:22:52 -0400 Received: from pandemonium.abyss.4t2.com ([192.168.1.10]:31751 "EHLO pandemonium.abyss.4t2.com") by force.4t2.com with ESMTP id ; Tue, 7 May 2002 11:28:15 +0200 Received: (x@pandemonium.abyss.4t2.com) by pandemonium.abyss.4t2.com id ; Tue, 7 May 2002 11:22:23 +0200 Date: Tue, 7 May 2002 11:22:23 +0200 From: Thomas Weber To: vserver@solucorp.qc.ca Subject: Re: [vserver] locking problems with samba Message-ID: <20020507112223.C17577@4t2.com> References: <20020412134119.R3025@4t2.com> <3CBBEA9D.E3128EA1@silicide.dk> <20020416120915.C2509@4t2.com> <3CBC03CF.53D174B9@silicide.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3CBC03CF.53D174B9@silicide.dk>; from jon+vserver@silicide.dk on Tue, Apr 16, 2002 at 12:58:23PM +0200 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 548 Hi, Anyone looking into these problems? I'll have to put this server into production soon and need to decide on my samba setup. Tom On Tue, Apr 16, 2002 at 12:58:23PM +0200, Jon Bendtsen wrote: > > > > tested with 2.4.18ctx8 and 2.4.18ctx10 and samba 2.2.1a-4 on RH7.2. > > > > Tell me if you need more information (this one is easily to reproduce). > > > > > > How ?? i can access files by 2 processes, how ever from the same machine > > > without trouble. Sometimes when i write with one file, and read another > > > file it locks up. > > > > Don't test with Linux as a client. > > Well, thats all i got, i dont use windows, i dont even have a > windows cd, and i dont want to repartition just to install > windows, and test this bug. I'll test with linux if people > want that. The reason i'm not using NFS, is because it's on > a shared network, so i want the password protection. > > > > > > > any ideas? > > > > > > yeah, dont run samba ;-0 > > > At least not in a production environment. I'm the only user of my samba, > > > so i can manage when i have to reboot. > > > > That's a joke, isn't it? > > Well sort of. I ment dont run samba in a vserver in a production > environment. > > > > I run samba for several hundreds of users for years without problems (of > > course not within a vserver), it's one of the most reliable pieces of software > > i've come across. Besides, there's just no alternative (at least none that's > > as fast, cheap and stable). > > I'm pretty sure this is a problem with file locking within the vserver, and not > > a problem with samba itself. > > I think so as well, because i run a regular samba server as well, in a > production > environment, and that works fine. I seem to remember that back when i > ran userspace > nfs inside a vserver, i had the same lockup's, but i'm not 100% sure. > > > > JonB > > From vserver.error@solucorp.qc.ca Tue May 7 06:40:50 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g47Aeo3Q008879; Tue, 7 May 2002 06:40:50 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g47A7fk27734 for vserver.list; Tue, 7 May 2002 06:07:41 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g47A7eh27726 for ; Tue, 7 May 2002 06:07:41 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 1751sb-0001F7-00 for ; Tue, 07 May 2002 12:07:33 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 1751sb-0001Ew-00 for ; Tue, 07 May 2002 12:07:33 +0200 Sender: jon@silicide.dk Message-ID: <3CD7A765.5437A648@silicide.dk> Date: Tue, 07 May 2002 12:07:33 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] locking problems with samba References: <20020412134119.R3025@4t2.com> <3CBBEA9D.E3128EA1@silicide.dk> <20020416120915.C2509@4t2.com> <3CBC03CF.53D174B9@silicide.dk> <20020507112223.C17577@4t2.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: vserver@solucorp.qc.ca Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 549 Thomas Weber wrote: > > Hi, > > Anyone looking into these problems? I'll have to put this server into > production soon and need to decide on my samba setup. I dont know anyone looking at this. Dont run samba in a vserver yet. Neither NFS (userspace) JonB From vserver.error@solucorp.qc.ca Tue May 7 07:23:11 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g47BNB3Q009176; Tue, 7 May 2002 07:23:11 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g47Ai4r28530 for vserver.list; Tue, 7 May 2002 06:44:04 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g47Ai3h28526 for ; Tue, 7 May 2002 06:44:03 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 1752Rv-0001HP-00 for ; Tue, 07 May 2002 12:44:03 +0200 Received: from localhost ([127.0.0.1]) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 1752Ru-0001HF-00 for ; Tue, 07 May 2002 12:44:02 +0200 Delivered-To: silicide_dk-jon+vserver@silicide.dk Received: from mail.dht.dk [194.239.148.46] by localhost with POP3 (fetchmail-5.9.0) for jon+vserver@silicide.dk (multi-drop); Tue, 07 May 2002 12:44:02 +0200 (CEST) Received: (qmail 44280 invoked from network); 7 May 2002 10:40:55 -0000 Received: from dns.solucorp.qc.ca (207.253.4.241) by 194.239.148.46 with SMTP; 7 May 2002 10:40:55 -0000 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g47A7fk27734 for vserver.list; Tue, 7 May 2002 06:07:41 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g47A7eh27726 for ; Tue, 7 May 2002 06:07:41 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 1751sb-0001F7-00 for ; Tue, 07 May 2002 12:07:33 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 1751sb-0001Ew-00 for ; Tue, 07 May 2002 12:07:33 +0200 Sender: jon@silicide.dk Message-ID: <3CD7A765.5437A648@silicide.dk> Date: Tue, 07 May 2002 12:07:33 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] locking problems with samba References: <20020412134119.R3025@4t2.com> <3CBBEA9D.E3128EA1@silicide.dk> <20020416120915.C2509@4t2.com> <3CBC03CF.53D174B9@silicide.dk> <20020507112223.C17577@4t2.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: jon+vserver@silicide.dk Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 550 Thomas Weber wrote: > > Hi, > > Anyone looking into these problems? I'll have to put this server into > production soon and need to decide on my samba setup. I dont know anyone looking at this. Dont run samba in a vserver yet. Neither NFS (userspace) JonB From vserver.error@solucorp.qc.ca Tue May 7 09:32:08 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien (8.12.1/8.12.1) with ESMTP id g47DW73Q010225; Tue, 7 May 2002 09:32:07 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g47D40332008 for vserver.list; Tue, 7 May 2002 09:04:00 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from Trademart-1.ednet.ns.ca (Trademart-1.EDnet.NS.CA [142.227.51.1]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g47D40h32002 for ; Tue, 7 May 2002 09:04:00 -0400 Received: from macleajb (helo=localhost) by Trademart-1.ednet.ns.ca with local-esmtp (Exim 3.35 #1) id 1754dJ-0007p9-00 for vserver@solucorp.qc.ca; Tue, 07 May 2002 10:03:57 -0300 Date: Tue, 7 May 2002 10:03:57 -0300 (ADT) From: James MacLean To: Subject: Re: [vserver] GR security & CTX In-Reply-To: <3CD76CA4.1070008@eijk.nu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-101.3 required=5.0 tests=IN_REP_TO,SUPERLONG_LINE,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 551 On Tue, 7 May 2002, Stefan van der Eijk wrote: > Yesterday's error seems to be gone (I did some tweaking in the patch, > the patch was attached to my post yesterday), but a new one has come up: > > /usr/bin/gcc-3.0.4 -D__KERNEL__ -I/home/cooker/RPM/BUILD/linux/include -Wall -Wstrict-prototypes -Wno-trigraphs -O2 -fno-strict-aliasing -fno-common -fomit-frame-pointer -pipe -mpreferred-stack-boundary=2 -march=i586 -DMODULE -DMODVERSIONS -include /home/cooker/RPM/BUILD/linux/include/linux/modversions.h -nostdinc -I /usr/lib/gcc-lib/i586-mandrake-linux-gnu/3.0.4/include -DKBUILD_BASENAME=inode -c -o inode.o inode.c > inode.c: In function `reiserfs_new_inode': > inode.c:1528: `EXT2_IMMUTABLE_FL' undeclared (first use in this function) > inode.c:1528: (Each undeclared identifier is reported only once > inode.c:1528: for each function it appears in.) > inode.c:1590: `S_IMMUTABLE' undeclared (first use in this function) > inode.c: In function `sd_attrs_to_i_attrs': > inode.c:2127: `EXT2_IMMUTABLE_FL' undeclared (first use in this function) > inode.c:2128: `S_IMMUTABLE' undeclared (first use in this function) > inode.c: In function `i_attrs_to_sd_attrs': > inode.c:2145: `S_IMMUTABLE' undeclared (first use in this function) > inode.c:2146: `EXT2_IMMUTABLE_FL' undeclared (first use in this function) > make[2]: *** [inode.o] Error 1 > make[2]: Leaving directory `/home/cooker/RPM/BUILD/linux/fs/reiserfs' > make[1]: *** [_modsubdir_reiserfs] Error 2 > make[1]: Leaving directory `/home/cooker/RPM/BUILD/linux/fs' > make: *** [_mod_fs] Error 2 > error: Bad exit status from /home/cooker/tmp/rpm-tmp.46847 (%build) These look like the changes to the DEFINES that are in the 2.4.19-pre kernels where EXT2_IMMUTABLE_FL becomes EXT2_IMMUTABLE_FILE_FL and EXT2_IMMUTABLE_LINK_FL depending ? Dido for S_IMMUTABLE to S_IMMUTABLE_{FILE|LINK}. Look in include/linux/fs.h for them. JES -- James B. MacLean macleajb@ednet.ns.ca Department of Education Nova Scotia, Canada B3M 4B2 From vserver.error@solucorp.qc.ca Tue May 7 18:29:08 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g47MT7iA017925; Tue, 7 May 2002 18:29:07 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g47M8ov15359 for vserver.list; Tue, 7 May 2002 18:08:50 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from main.cyber-office.net (main.cyber-office.net [216.64.180.226]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g47M8nh15355 for ; Tue, 7 May 2002 18:08:50 -0400 Received: from localhost (raanders@localhost) by main.cyber-office.net (8.11.6/linuxconf) with ESMTP id g47M8hR03070 for ; Tue, 7 May 2002 15:08:43 -0700 Date: Tue, 7 May 2002 15:08:43 -0700 (PDT) From: "Roderick A. Anderson" X-X-Sender: To: Subject: [vserver] initrd option Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 552 I ran into a situation where I was required to make an initrd file for 18ctx-10 (system with SCSI drives.) It is working just fine now. My questions is is there any harm with creating and using an initrd for a system that does not need it to boot? TIA, Rod -- Why is it so easy to throw caution to the wind. Shouldn't it be heavier and shaped like an anvil? Jon Anderson From vserver.error@solucorp.qc.ca Tue May 7 19:01:03 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g47N12iA018266; Tue, 7 May 2002 19:01:02 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g47MRmR15846 for vserver.list; Tue, 7 May 2002 18:27:48 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from main.cyber-office.net (main.cyber-office.net [216.64.180.226]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g47MRmh15842 for ; Tue, 7 May 2002 18:27:48 -0400 Received: from localhost (raanders@localhost) by main.cyber-office.net (8.11.6/linuxconf) with ESMTP id g47MRqO03145 for ; Tue, 7 May 2002 15:27:52 -0700 Date: Tue, 7 May 2002 15:27:51 -0700 (PDT) From: "Roderick A. Anderson" X-X-Sender: To: Subject: [vserver] Cookbook Vservers Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 553 I am working on writing a cook book for creating a vserver based system. So far I have had interesting results with the systems I have played with so I think even now is a good time for this. (The original idea was write an article for one of the Linux magazines but they do not seem interested at this time.) So if anyone that can offer ideas or thoughts I would appreciate them. As I write I'm going to test the process so initailly I only have some vague ideas on the process. Please be kind. 1. Build/aquire a system capable of running vservers. (I currently have one as low as a Pentium-S 133 with 64 MByte RAM, Two SCSI drives (a 4 GByte main disk and a 2 GByte - the vserser partition) This will be a very light duty system. Mostly providing mail services for a couple of domains instead of using vmail. 2. Install the OS. I'm using Redhat Linux 7.2 but will upgrade to 7.3/8.9 (skipjack) as soon as it is out. (Kernel matches the current ctx version. 3. Create a template vserver. My thoughts are to install from the root server and then strip out the fluff/cruft that comes with a do-many-things Redhat install. (Could I create an 'install CD' of RPMS based on the packages this template vserver has installed and use it on other physical systems for an install from CD options?) 4. Create unified servers from the template. Add whatever is wanted/needed for each vserver. Customize /etc/vservers/XXXX.conf and /etc/vservers/XXXX.sh for each vserver. Thoughts and ideas? TIA, Rod -- Why is it so easy to throw caution to the wind. Shouldn't it be heavier and shaped like an anvil? Jon Anderson From vserver.error@solucorp.qc.ca Tue May 7 21:45:14 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g481jDiA019703; Tue, 7 May 2002 21:45:13 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g481TNc19569 for vserver.list; Tue, 7 May 2002 21:29:23 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtp017.mail.yahoo.com (smtp017.mail.yahoo.com [216.136.174.114]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g481TMh19565 for ; Tue, 7 May 2002 21:29:22 -0400 Received: from dsl-65-189-35-237.telocity.com (HELO PremiumFood) (peterkwanchan@65.189.35.237 with login) by smtp.mail.vip.sc5.yahoo.com with SMTP; 8 May 2002 01:29:21 -0000 From: "Peter Kwan Chan" To: Subject: [vserver] Vserver install from Redhat 7.2 bug Date: Tue, 7 May 2002 20:29:09 -0500 Message-ID: <000001c1f62f$c4937b20$ed23bd41@PremiumFood> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 Importance: Normal In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 554 Hello, It seems that the install script called the install_post.sh, which does not exist. The correct one should be install-post.sh. By the way, I had both my previous issues resolved. Peter From vserver.error@solucorp.qc.ca Tue May 7 23:18:42 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g483IgiA020654; Tue, 7 May 2002 23:18:42 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g48339021740 for vserver.list; Tue, 7 May 2002 23:03:09 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g48338h21736 for ; Tue, 7 May 2002 23:03:08 -0400 Received: from remtk.solucorp.qc.ca (g39-97.citenet.net [206.123.39.97]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g4834UA71460 for ; Tue, 7 May 2002 23:04:30 -0400 (EDT) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g482dtZ02881 for vserver@solucorp.qc.ca; Tue, 7 May 2002 22:39:55 -0400 From: Jacques Gelinas Date: Tue, 7 May 2002 22:39:55 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] How to clone reference server from cdrom? X-mailer: tlmpmail 0.6 Message-ID: <20020507223955.24b4c1c90191@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-99.9 required=5.0 tests=SUBJ_ENDS_IN_Q_MARK,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 555 On Mon, 6 May 2002 11:55:14 -0500, Peter Kwan Chan wrote > Hello, > I have installed a redhat 7.2 from CDROM at /vservers/rh72. However, > when I run "newvserver", there is only an option to clone the root > server, but not the reference server at /vservers/rh72. How do I enable > that? The script checks for files *.conf in /etc/vservers. Your rh72 is probably incomplete. Just create an empty /etc/vservers/rh72.conf and newvserver will see it. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Tue May 7 23:23:47 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g483NkiA020693; Tue, 7 May 2002 23:23:46 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g482t6G21523 for vserver.list; Tue, 7 May 2002 22:55:06 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtpout.telecom.co.nz (smtpout.telecom.co.nz [146.171.14.10]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g482t5h21519 for ; Tue, 7 May 2002 22:55:06 -0400 Received: from aksmtpmdr1.telecom.co.nz (aksmtpmdr1 [146.171.1.20]) by smtpout.telecom.co.nz (Postfix) with SMTP id 9EB5345F84 for ; Wed, 8 May 2002 14:54:58 +1200 (NZST) Received: from 192.168.192.22 by aksmtpmdr1.telecom.co.nz with ESMTP ( Tumbleweed MMS SMTP Relay (MMS v4.7);); Wed, 08 May 2002 14:54:57 +1200 X-Server-Uuid: 9e124d90-33fb-11d3-a293-006008c1e5af Received: from localhost ([127.0.0.1] helo=localhost.localdomain ident=fran) by ganymede with esmtp (Exim 3.35 #1 (Debian)) id 175HZP-0003ah-00 for ; Wed, 08 May 2002 14:52: 47 +1200 Subject: Re: [vserver] Cookbook Vservers From: "Fran Firman" To: vserver In-Reply-To: References: X-Mailer: Ximian Evolution 1.0.3 Date: 08 May 2002 14:52:46 +1200 Message-ID: <1020826367.13169.6.camel@ganymede> MIME-Version: 1.0 X-WSS-ID: 10C64C0B371312-01-01 Content-Type: multipart/signed; boundary="=-5bVZbK9oP4SnTaDJu89F"; micalg=pgp-sha1; protocol="application/pgp-signature" Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 556 --=-5bVZbK9oP4SnTaDJu89F Content-Type: text/plain Content-Transfer-Encoding: quoted-printable I have a fairly good method of getting vservers running on a deb system, over nfs with a deb system in side the system. Over the nfs allows me to move vservers from server to server, esp if the server it self has a problem. F. On Wed, 2002-05-08 at 10:27, Roderick A. Anderson wrote: > I am working on writing a cook book for creating a vserver based system. = =20 > So far I have had interesting results with the systems I have played with= =20 > so I think even now is a good time for this. (The original idea was writ= e=20 > an article for one of the Linux magazines but they do not seem interested= =20 > at this time.) >=20 > So if anyone that can offer ideas or thoughts I would appreciate them. A= s=20 > I write I'm going to test the process so initailly I only have some vague= =20 > ideas on the process. Please be kind. >=20 > 1. Build/aquire a system capable of running vservers. (I currently have= =20 > one as low as a Pentium-S 133 with 64 MByte RAM, Two SCSI drives (a 4= =20 > GByte main disk and a 2 GByte - the vserser partition) > This will be a very light duty system. Mostly providing mail service= s=20 > for a couple of domains instead of using vmail. >=20 > 2. Install the OS. I'm using Redhat Linux 7.2 but will upgrade to=20 > 7.3/8.9 (skipjack) as soon as it is out. (Kernel matches the current > ctx version. >=20 > 3. Create a template vserver. My thoughts are to install from the root=20 > server and then strip out the fluff/cruft that comes with a=20 > do-many-things Redhat install. (Could I create an 'install CD'=20 > of RPMS based on the packages this template vserver has installed and > use it on other physical systems for an install from CD options?) >=20 > 4. Create unified servers from the template. Add whatever is=20 > wanted/needed for each vserver. Customize /etc/vservers/XXXX.conf an= d=20 > /etc/vservers/XXXX.sh for each vserver. >=20 > Thoughts and ideas? >=20 >=20 > TIA, > Rod > --=20 > Why is it so easy to throw caution to the wind. > Shouldn't it be heavier and shaped like an anvil? >=20 > Jon Anderson >=20 >=20 --=-5bVZbK9oP4SnTaDJu89F Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEABECAAYFAjzYkv4ACgkQv1V2oVWAPhb73QCeLcrNJ//uUvzYNv713HkV3UnC xYsAniw6xIRVrbgXUSxYs2rwOKBuI1CR =+/VO -----END PGP SIGNATURE----- --=-5bVZbK9oP4SnTaDJu89F-- From vserver.error@solucorp.qc.ca Tue May 7 23:36:27 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g483aQiA020772; Tue, 7 May 2002 23:36:27 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g48337l21734 for vserver.list; Tue, 7 May 2002 23:03:07 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g48337h21730 for ; Tue, 7 May 2002 23:03:07 -0400 Received: from remtk.solucorp.qc.ca (g39-97.citenet.net [206.123.39.97]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g4834SA71456 for ; Tue, 7 May 2002 23:04:28 -0400 (EDT) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g482wHq02908 for vserver@solucorp.qc.ca; Tue, 7 May 2002 22:58:17 -0400 From: Jacques Gelinas Date: Tue, 7 May 2002 22:58:17 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] Openldap server on vserver X-mailer: tlmpmail 0.6 Message-ID: <20020507225817.0868e9e78753@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 557 On Tue, 7 May 2002 12:52:54 -0500, Lew Teck Kheng wrote > hi all : > > I tried to setup a openldap server on a vserver but when i try to start > the openldap server it cannot be start and complained about "Broken > Pipe" ? > > Have anyone manage to setup a openldap server on a vserver ? > Works ok on rh7.2. Nothing special to do --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Wed May 8 00:04:47 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4844kiA021014; Wed, 8 May 2002 00:04:47 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g483lZE22669 for vserver.list; Tue, 7 May 2002 23:47:35 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtp016.mail.yahoo.com (smtp016.mail.yahoo.com [216.136.174.113]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g483lYh22665 for ; Tue, 7 May 2002 23:47:34 -0400 Received: from dsl-65-189-35-237.telocity.com (HELO PremiumFood) (peterkwanchan@65.189.35.237 with login) by smtp.mail.vip.sc5.yahoo.com with SMTP; 8 May 2002 03:47:34 -0000 From: "Peter Kwan Chan" To: Subject: [vserver] Problem: "Cannot assign requested address", Bind, webmin, and others Date: Tue, 7 May 2002 22:47:28 -0500 Message-ID: <000a01c1f643$13674020$ed23bd41@PremiumFood> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 Importance: Normal In-Reply-To: <000001c1f62f$c4937b20$ed23bd41@PremiumFood> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 558 Hello, I seem to have some trouble installing some server. Excuse me, since I am only a linux newbie, but here are the problems I observed. What's particular curious is that I didn't experience these problems on other server which has a slightly older versions of vserver. -Even though I have Bind running in the root server, the domain names in the child servers are not resolved. For example, ping redhat.com returns with host not found(or something like that). I remember on the old server the bind in the root server resolves the names for the child servers(?). Even after installing and starting bind in the child server, the names are still unresolved. -Also, when I start a vserver or enter it, I am getting the message, SIOCSIFBRDADDR: Cannot assign requested address SIOCSIFFLAGS: Cannot assign requested address -In addition, webmin doesn't seem to work. It used to work fine on the old server (in a vserver). But now it doesn't run, and during startup, the message. (I am still working on this, maybe this isn't vserver-related) I have tried to solve these problems, but since I am a linux newbie, I don't know how to. I would appreciate any help. Thanks, Peter From vserver.error@solucorp.qc.ca Wed May 8 02:42:27 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g486gQiA022051; Wed, 8 May 2002 02:42:27 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g486P4R25991 for vserver.list; Wed, 8 May 2002 02:25:04 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtp13.dti.ne.jp (smtp13.dti.ne.jp [202.216.228.48]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g486P3h25987 for ; Wed, 8 May 2002 02:25:03 -0400 Received: from posha.cats.yamato (PPPa232.ibaraki-ip.dti.ne.jp [210.159.157.232]) by smtp13.dti.ne.jp (8.12.1/3.7W) with SMTP id g486P1SW026653 for ; Wed, 8 May 2002 15:25:01 +0900 (JST) Date: Wed, 8 May 2002 15:25:01 +0900 (JST) Message-Id: <200205080625.g486P1SW026653@smtp13.dti.ne.jp> From: "S.Yamto" To: vserver@solucorp.qc.ca Subject: [vserver] Re: [Q] Can not ForwardX11 in ssh In-Reply-To: Your message of "Sat, 27 Apr 2002 14:35:00 +0900 (JST)". <200204270535.g3R5Z0SW027908@smtp13.dti.ne.jp> X-Mailer: mnews [version 1.22] 1999-12/19(Sun) X-Dispatcher: Nomail 0.4.9 (Caravanserai) Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 559 I posted "Can not ForwardX11" and "can not telnet localhost" before. I think I've found my faults. That was all from v_xinetd and v_sshd. The machine running vserver is located remotely, and I was running the commands in a shell invoked by the sshd, which is `chbind'ed. So all the programms including zebedee, sshd and xinetd were also `chbinded'. (I have tested "/etc/init.d/v_xinetd stop; /etc/init.d/xinetd start" with the same failure.) ``netstat -atn | grep LISTEN'' revealed that sshd is listening only to the eth0 address. I disabled v_xinetd and v_sshd and then rebooted the machine, then all worked. I am now running xinetd (for telnet and invoking zebedee) and v_sshd, and everything runs fine, thank you. # I was wondering why so many people can live without port forwarding :-P # I learned that "EXPERIMENTS WITHOUT CONSOLE IS DANGEROUS." Regards, -------------- S.Yamato/$BBgOB?50l(B From vserver.error@solucorp.qc.ca Wed May 8 09:24:44 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g48DOhiA025401; Wed, 8 May 2002 09:24:44 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g48DCfC03246 for vserver.list; Wed, 8 May 2002 09:12:41 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from force.4t2.com (force.4t2.com [195.230.37.100]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g48DCeh03242 for ; Wed, 8 May 2002 09:12:41 -0400 Received: from pandemonium.abyss.4t2.com ([192.168.1.10]:19463 "EHLO pandemonium.abyss.4t2.com") by force.4t2.com with ESMTP id ; Wed, 8 May 2002 15:12:29 +0200 Received: (x@pandemonium.abyss.4t2.com) by pandemonium.abyss.4t2.com id ; Wed, 8 May 2002 15:12:16 +0200 Date: Wed, 8 May 2002 15:12:16 +0200 From: Thomas Weber To: vserver@solucorp.qc.ca Subject: Re: [vserver] Problem: "Cannot assign requested address", Bind, webmin, and others Message-ID: <20020508151216.F25124@4t2.com> References: <000001c1f62f$c4937b20$ed23bd41@PremiumFood> <000a01c1f643$13674020$ed23bd41@PremiumFood> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <000a01c1f643$13674020$ed23bd41@PremiumFood>; from peterkwanchan@yahoo.com on Tue, May 07, 2002 at 10:47:28PM -0500 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: RO X-Status: X-Keywords: X-UID: 560 On Tue, May 07, 2002 at 10:47:28PM -0500, Peter Kwan Chan wrote: > > -Even though I have Bind running in the root server, the domain names in > the child servers are not resolved. For example, ping redhat.com returns > with host not found(or something like that). I remember on the old > server the bind in the root server resolves the names for the child > servers(?). Even after installing and starting bind in the child server, > the names are still unresolved. check the /etc/resolv.conf in your vserver. there should be an entry nameserver IP-Adress with the IP of your main server - or any other box running a well configured bind. > -Also, when I start a vserver or enter it, I am getting the message, > > SIOCSIFBRDADDR: Cannot assign requested address > SIOCSIFFLAGS: Cannot assign requested address check for correct settings of IPROOT= in your /etc/vservers/*.conf and make sure you've got an Interface configured for this IP on your hosting server. > -In addition, webmin doesn't seem to work. It used to work fine on the > old server (in a vserver). But now it doesn't run, and during startup, > the message. (I am still working on this, maybe this isn't > vserver-related) probably related to the above. Tom From vserver.error@solucorp.qc.ca Wed May 8 12:27:46 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g48GRjiA026705; Wed, 8 May 2002 12:27:46 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g48FuGx08262 for vserver.list; Wed, 8 May 2002 11:56:16 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from main.cyber-office.net (main.cyber-office.net [216.64.180.226]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g48FuGh08258 for ; Wed, 8 May 2002 11:56:16 -0400 Received: from localhost (raanders@localhost) by main.cyber-office.net (8.11.6/linuxconf) with ESMTP id g48FuI606705 for ; Wed, 8 May 2002 08:56:18 -0700 Date: Wed, 8 May 2002 08:56:18 -0700 (PDT) From: "Roderick A. Anderson" X-X-Sender: To: vserver Subject: Re: [vserver] Cookbook Vservers In-Reply-To: <1020826367.13169.6.camel@ganymede> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 561 On 8 May 2002, Fran Firman wrote: > I have a fairly good method of getting vservers running on a deb system, > over nfs with a deb system in side the system. > > Over the nfs allows me to move vservers from server to server, esp if > the server it self has a problem. Sounds good. Would you be willing to share it - with credit where due? I'm a Redhat user but this should help any and all. I'd like to add that I want to do it cook book verses HOWTO. Not a lot of side-theory just step by step with specific distribution(s) and generic setups. Rod -- Why is it so easy to throw caution to the wind. Shouldn't it be heavier and shaped like an anvil? Jon Anderson From vserver.error@solucorp.qc.ca Wed May 8 12:56:13 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g48GuCiA026955; Wed, 8 May 2002 12:56:13 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g48GYxb09267 for vserver.list; Wed, 8 May 2002 12:34:59 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from domino-2.prominic.com (s2-f1-gb.prominic.com [63.254.227.1]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g48GYwh09263 for ; Wed, 8 May 2002 12:34:58 -0400 Subject: [vserver] bind to multiple IPs To: vserver@solucorp.qc.ca X-Mailer: Lotus Notes Release 5.0.8 June 18, 2001 Message-ID: From: "Justin M Kuntz" Date: Wed, 8 May 2002 11:35:24 -0500 X-MIMETrack: Serialize by Router on domino-2.prominic.com/Prominic(Release 5.0.8 |June 18, 2001) at 05/08/2002 11:34:59 AM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 562 Hello, I'm wondering if the discussion here: http://vserver.vlad.net/list/0096.html ever resulted in the ability to bind multiple IP aliases to a vserver. This would be a very handy feature indeed! Thanks! Justin From vserver.error@solucorp.qc.ca Wed May 8 13:03:58 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g48H3wiA027001; Wed, 8 May 2002 13:03:58 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g48GeBR09486 for vserver.list; Wed, 8 May 2002 12:40:11 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from fnexchange2.corp.fast.net (fnexchange2.corp.fast.net [209.92.29.202]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g48GeAh09482 for ; Wed, 8 May 2002 12:40:10 -0400 Received: by fnexchange2.corp.fast.net with Internet Mail Service (5.5.2653.19) id ; Wed, 8 May 2002 12:40:11 -0400 Message-ID: <684A8B4FD94E464283C3ABA6AE65214102D9BC67@fnexchange2.corp.fast.net> From: Jerry Wilborn To: "'vserver@solucorp.qc.ca'" Subject: RE: [vserver] bind to multiple IPs Date: Wed, 8 May 2002 12:40:10 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 563 yes yes yes... that would TOTALLY rock. Jerry Wilborn, Operations Engineer FASTNET - Internet Solutions 610-266-6700 www.fast.net -----Original Message----- From: Justin M Kuntz [mailto:jkuntz@prominic.com] Sent: Wednesday, May 08, 2002 12:35 PM To: vserver@solucorp.qc.ca Subject: [vserver] bind to multiple IPs Hello, I'm wondering if the discussion here: http://vserver.vlad.net/list/0096.html ever resulted in the ability to bind multiple IP aliases to a vserver. This would be a very handy feature indeed! Thanks! Justin From vserver.error@solucorp.qc.ca Wed May 8 13:32:25 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g48HWPiA027269; Wed, 8 May 2002 13:32:25 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g48H7uo10255 for vserver.list; Wed, 8 May 2002 13:07:56 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g48H7th10251 for ; Wed, 8 May 2002 13:07:55 -0400 Received: from remtk.solucorp.qc.ca (g36-71.citenet.net [206.123.36.71]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g48H9NA16104 for ; Wed, 8 May 2002 13:09:23 -0400 (EDT) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g48Gfl901302 for vserver@solucorp.qc.ca; Wed, 8 May 2002 12:41:47 -0400 From: Jacques Gelinas Date: Wed, 8 May 2002 12:41:47 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] Vserver install from Redhat 7.2 bug X-mailer: tlmpmail 0.6 Message-ID: <20020508124147.6eb5fa26287f@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 564 On Tue, 7 May 2002 20:29:09 -0500, Peter Kwan Chan wrote > Hello, > It seems that the install script called the install_post.sh, which does > not exist. The correct one should be install-post.sh. Fixed. Thanks. Will be in the next release > By the way, I had both my previous issues resolved. :-) --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From jkuntz@prominic.com Wed May 8 13:51:06 2002 Received: from domino-2.prominic.com (hidden-user@s2-f1-gb.prominic.com [63.254.227.1]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g48Hp6iA027489 for ; Wed, 8 May 2002 13:51:06 -0400 Subject: apache security / Cookbook Vservers / vserver system usage To: vserver@solucorp.qc.ca X-Mailer: Lotus Notes Release 5.0.8 June 18, 2001 Message-ID: From: "Justin M Kuntz" Date: Wed, 8 May 2002 12:51:44 -0500 X-MIMETrack: Serialize by Router on domino-2.prominic.com/Prominic(Release 5.0.8 |June 18, 2001) at 05/08/2002 12:51:06 PM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 565 Johan -- Your work on securing Apache + PHP etc. could definitely be beneficial in the context of further securing Apache from root exploits by putting the engine inside a vserver. See http://www.solucorp.qc.ca/mlist/index.hc?list=vserver to subscribe to the list - I think you'll find it very beneficial. Rod -- I think this is related to your Cookbook Vservers concept. Lets work on this together. Can you send me a draft of what you've got so far or post it somewhere so we can all begin to look at it? Vlad -- Your post here is especially relevant to vserver in a hosted environment: http://vserver.vlad.net/list/0135.html I think many of us are interested in vserver because it helps our web hosting operations be more secure, scalable, reliable, etc. But rather than each of us re-inventing the wheel about vserver + apache + mysql + standard web hosting security framework, I do think we need to help Jack and the vserver development group by documenting some best practices. Jack and the other real wizards on the mailing list are busy figuring out complex kernel things... so hopefully we can help the vserver effort with sharing our use of it in production environments. vserver has a ton of power. What we need to do is combine its raw power with some boiler-plate ways to help it manage applications. Look at what the commercial offerings have like http://www.sphera.com and http://www.ensim.com ... those places have figured out how to best allow Apache + MySQL + PHP + etc. to be safely segmented from one another on a per-user basis. Lets do the same thing and wrapper each one in vservers. I see two basic approaches for web hosting security with vservers. I will call them Shared Apache and Partitioned Apache, defined as follows: * Partitioned Apache is an instance of Apache (in its own vserver) with all the modules that someone wants bound directly into it, such as mod_perl, mod_php, etc. From what I understand, if mod_php is loaded into an Apache server, any PHP script executed is going to run with the same privs as the Apache base server. Same thing with Perl, etc. This is a problem in the case that more than one untrusted user is going to be using the same Apache server. The solution of course is to give each untrusted user their own Apache vserver. However, this means that each customer must be assigned their own IP address and that multiple virtual domains (for different customers) can not be used to share an IP address... naturally, IPs are hard to come by so this is a problem. So the idea is that customers who want to pay for extra security, reliability, and configuration capabilities of their own Apache Partition will pay a premium. But most customers who are primarily concerned with cost will want a Shared Apache. * Shared Apache is an instance of Apache (in its own vserver), but with no security-hole modules compiled in, and multiple untrusted customers each given their own home directory for cgi-bin, etc. Shared Apache is basically Partitioned Apache but meant to be shared among many untrusted, unrelated customers. The key to security in a Shared Apache environment is suexec or cgiwrap must be used to wrapper any programmable logic done by each untrusted user. Really most "semi-safe" hosting environments right now are using this basic model of an suexec/cgiwrap with an Apache server running lots of virtual domains to host many different customers on the same Apache engine, and typically sharing the same IP address. This is great in terms of resource sharing for IPs, memory, and processing time since only one Apache instance is used. But what if that Apache instance gets hacked? That's why it should be wrappered in a vserver of course. Frankly I've looked into both Ensim and Sphera. Both are extremely expensive, and they are closed proprietary technology that requires pretty much full adoption of their automation systems. The core technology at work in Ensim may be more polished than vserver right now... but certainly vserver is so far along that it has proven its potential already for becoming part of the core Linux kernel down the road. What vserver needs to become polished for web hosting is: 1) Ensim-like resource guarantees. This means having minimum resource guarantees, but allow for burstability when technically feasible in terms of CPU and bandwidth. There should be quotas on disk space and memory usage, as well as possibly file descriptors... maybe we can think of other resources which are generally limited and can cause a crash if someone exhausts them. I know ulimit can do a lot of this on a per-process basis but we need to make it on a per-vserver basis. 2) Sphera-like application support inside Apache. Sphera does a GREAT job of having an integrated system for everything from Tomcat to MySQL. I'm not proposing we go that far with documenting this stuff, but I think the more we can combine what is needed by web-hosters and ISPs within Rod's idea of cookbook vservers, the more attractive vserver will look. Here is a great article on these other web hosting systems - it's short but hits the major points of resource isolation: http://hosting.developersnetwork.com/Articles/Articles.asp?Article=290 Let me know your thoughts... Justin From vserver.error@solucorp.qc.ca Wed May 8 14:04:11 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g48I4AiA027548; Wed, 8 May 2002 14:04:10 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g48Hp6j12064 for vserver.list; Wed, 8 May 2002 13:51:06 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from domino-2.prominic.com (s2-f1-gb.prominic.com [63.254.227.1]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g48Hp5h12060 for ; Wed, 8 May 2002 13:51:05 -0400 Subject: [vserver] apache security / Cookbook Vservers / vserver system usage To: vserver@solucorp.qc.ca X-Mailer: Lotus Notes Release 5.0.8 June 18, 2001 Message-ID: From: "Justin M Kuntz" Date: Wed, 8 May 2002 12:51:44 -0500 X-MIMETrack: Serialize by Router on domino-2.prominic.com/Prominic(Release 5.0.8 |June 18, 2001) at 05/08/2002 12:51:06 PM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 566 Johan -- Your work on securing Apache + PHP etc. could definitely be beneficial in the context of further securing Apache from root exploits by putting the engine inside a vserver. See http://www.solucorp.qc.ca/mlist/index.hc?list=vserver to subscribe to the list - I think you'll find it very beneficial. Rod -- I think this is related to your Cookbook Vservers concept. Lets work on this together. Can you send me a draft of what you've got so far or post it somewhere so we can all begin to look at it? Vlad -- Your post here is especially relevant to vserver in a hosted environment: http://vserver.vlad.net/list/0135.html I think many of us are interested in vserver because it helps our web hosting operations be more secure, scalable, reliable, etc. But rather than each of us re-inventing the wheel about vserver + apache + mysql + standard web hosting security framework, I do think we need to help Jack and the vserver development group by documenting some best practices. Jack and the other real wizards on the mailing list are busy figuring out complex kernel things... so hopefully we can help the vserver effort with sharing our use of it in production environments. vserver has a ton of power. What we need to do is combine its raw power with some boiler-plate ways to help it manage applications. Look at what the commercial offerings have like http://www.sphera.com and http://www.ensim.com ... those places have figured out how to best allow Apache + MySQL + PHP + etc. to be safely segmented from one another on a per-user basis. Lets do the same thing and wrapper each one in vservers. I see two basic approaches for web hosting security with vservers. I will call them Shared Apache and Partitioned Apache, defined as follows: * Partitioned Apache is an instance of Apache (in its own vserver) with all the modules that someone wants bound directly into it, such as mod_perl, mod_php, etc. From what I understand, if mod_php is loaded into an Apache server, any PHP script executed is going to run with the same privs as the Apache base server. Same thing with Perl, etc. This is a problem in the case that more than one untrusted user is going to be using the same Apache server. The solution of course is to give each untrusted user their own Apache vserver. However, this means that each customer must be assigned their own IP address and that multiple virtual domains (for different customers) can not be used to share an IP address... naturally, IPs are hard to come by so this is a problem. So the idea is that customers who want to pay for extra security, reliability, and configuration capabilities of their own Apache Partition will pay a premium. But most customers who are primarily concerned with cost will want a Shared Apache. * Shared Apache is an instance of Apache (in its own vserver), but with no security-hole modules compiled in, and multiple untrusted customers each given their own home directory for cgi-bin, etc. Shared Apache is basically Partitioned Apache but meant to be shared among many untrusted, unrelated customers. The key to security in a Shared Apache environment is suexec or cgiwrap must be used to wrapper any programmable logic done by each untrusted user. Really most "semi-safe" hosting environments right now are using this basic model of an suexec/cgiwrap with an Apache server running lots of virtual domains to host many different customers on the same Apache engine, and typically sharing the same IP address. This is great in terms of resource sharing for IPs, memory, and processing time since only one Apache instance is used. But what if that Apache instance gets hacked? That's why it should be wrappered in a vserver of course. Frankly I've looked into both Ensim and Sphera. Both are extremely expensive, and they are closed proprietary technology that requires pretty much full adoption of their automation systems. The core technology at work in Ensim may be more polished than vserver right now... but certainly vserver is so far along that it has proven its potential already for becoming part of the core Linux kernel down the road. What vserver needs to become polished for web hosting is: 1) Ensim-like resource guarantees. This means having minimum resource guarantees, but allow for burstability when technically feasible in terms of CPU and bandwidth. There should be quotas on disk space and memory usage, as well as possibly file descriptors... maybe we can think of other resources which are generally limited and can cause a crash if someone exhausts them. I know ulimit can do a lot of this on a per-process basis but we need to make it on a per-vserver basis. 2) Sphera-like application support inside Apache. Sphera does a GREAT job of having an integrated system for everything from Tomcat to MySQL. I'm not proposing we go that far with documenting this stuff, but I think the more we can combine what is needed by web-hosters and ISPs within Rod's idea of cookbook vservers, the more attractive vserver will look. Here is a great article on these other web hosting systems - it's short but hits the major points of resource isolation: http://hosting.developersnetwork.com/Articles/Articles.asp?Article=290 Let me know your thoughts... Justin From vserver.error@solucorp.qc.ca Wed May 8 15:27:49 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g48JRmaC028330; Wed, 8 May 2002 15:27:49 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g48JE9R14771 for vserver.list; Wed, 8 May 2002 15:14:09 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g48JE8h14767 for ; Wed, 8 May 2002 15:14:08 -0400 Received: from remtk.solucorp.qc.ca (g39-156.citenet.net [206.123.39.156]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g48JFbA27936 for ; Wed, 8 May 2002 15:15:37 -0400 (EDT) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g48IPOm01732 for vserver@solucorp.qc.ca; Wed, 8 May 2002 14:25:24 -0400 From: Jacques Gelinas Date: Wed, 8 May 2002 14:25:24 -0500 To: vserver@solucorp.qc.ca Subject: Re: [vserver] locking problems with samba X-mailer: tlmpmail 0.6 Message-ID: <20020508142524.a864a1234472@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 567 On Tue, 7 May 2002 11:22:23 -0500, Thomas Weber wrote > Hi, > > Anyone looking into these problems? I'll have to put this server into > production soon and need to decide on my samba setup. Me starting today ... --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Wed May 8 15:28:31 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g48JSUaC028338; Wed, 8 May 2002 15:28:30 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g48JECH14789 for vserver.list; Wed, 8 May 2002 15:14:12 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g48JECh14785 for ; Wed, 8 May 2002 15:14:12 -0400 Received: from remtk.solucorp.qc.ca (g39-156.citenet.net [206.123.39.156]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g48JFfA27961 for ; Wed, 8 May 2002 15:15:41 -0400 (EDT) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g48IQTF01734 for vserver@solucorp.qc.ca; Wed, 8 May 2002 14:26:29 -0400 From: Jacques Gelinas Date: Wed, 8 May 2002 14:26:29 -0500 To: vserver@solucorp.qc.ca Subject: Re: [vserver] locking problems with samba - cups X-mailer: tlmpmail 0.6 Message-ID: <20020508142629.c55b5e7b3405@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 568 On Tue, 16 Apr 2002 06:54:08 -0500, James MacLean wrote > > Thomas Weber wrote: > > > Hi there, > > > i've got problems running samba in a vserver. On a share that's accessible > > > by multiple (Windows)users I get lockups on the client side when someone > > > tries to access a file that's already opened by another user. > > > any ideas? > > Possibly totally unrelated but this past weekend I went through an > exercise to get CUPS running in a vserver. One big hangup was that CUPS is > hardcoded everywhere to talk via localhost. In cup's case, it wasn't just > the host 'localhost' or the ip '127.0.0.1' but the hex coded localhost > '0x7f000001' everywhere :(. > > So I've been setting /etc/hosts to say that localhost is actually the > vserver's IP. Newer ctx kernel handle this 127.0.0.1 -> iproot address translation on the fly. Which kernel were you using ? --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Wed May 8 15:30:36 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g48JUaaC028374; Wed, 8 May 2002 15:30:36 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g48JEAu14777 for vserver.list; Wed, 8 May 2002 15:14:10 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g48JE9h14773 for ; Wed, 8 May 2002 15:14:09 -0400 Received: from remtk.solucorp.qc.ca (g39-156.citenet.net [206.123.39.156]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g48JFcA27944 for ; Wed, 8 May 2002 15:15:38 -0400 (EDT) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g48I0ge01724 for vserver@solucorp.qc.ca; Wed, 8 May 2002 14:00:42 -0400 From: Jacques Gelinas Date: Wed, 8 May 2002 14:00:42 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] initrd option X-mailer: tlmpmail 0.6 Message-ID: <20020508140042.72793e5ca4ab@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 569 On Tue, 7 May 2002 15:08:43 -0500, Roderick A. Anderson wrote > I ran into a situation where I was required to make an initrd file for > 18ctx-10 (system with SCSI drives.) It is working just fine now. My > questions is is there any harm with creating and using an initrd for a > system that does not need it to boot? No. An initrd is a general purpose solution to do things very early during the boot process. Loading scsi drivers is just one of those. For the xtermkit project, we are creating an initrd which attempts to load network drivers until one fits in place. So this creates a single boot strategy for many different machine. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Wed May 8 15:37:00 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g48JaxaC028456; Wed, 8 May 2002 15:36:59 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g48JEB314783 for vserver.list; Wed, 8 May 2002 15:14:11 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g48JEBh14779 for ; Wed, 8 May 2002 15:14:11 -0400 Received: from remtk.solucorp.qc.ca (g39-156.citenet.net [206.123.39.156]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g48JFdA27955 for ; Wed, 8 May 2002 15:15:39 -0400 (EDT) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g48Hvcg01720 for vserver@solucorp.qc.ca; Wed, 8 May 2002 13:57:38 -0400 From: Jacques Gelinas Date: Wed, 8 May 2002 13:57:38 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] Redhat Install Script error? X-mailer: tlmpmail 0.6 Message-ID: <20020508135738.565e22da6c0d@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-99.9 required=5.0 tests=SUBJ_ENDS_IN_Q_MARK,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 570 On Mon, 6 May 2002 09:44:27 -0500, Peter Kwan Chan wrote > Also, an error message sometimes pop up in the list of packages > installed, for example, > > /proc is empty (not mounted ?) > > or > > awk: cmd. line:2: fatal: cannot open file `/etc/fstab' for reading (No > such file or directory) > > Is this normal? Yes. The script simply dumps rpm in place without much prior setup. This could be fixed, but in general, these errors do not affect a virtual server. Installing a real linux like this would produce a barely working linux installation. The difference between a vserver and a real installation is that the real one must handle hardware configuration while a vserver is just 'renting' the place with 'all services contract'. This script will have to be rework a little, but the real interest will be to create an upgrade script (7.2 -" 7.3). --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Wed May 8 19:58:05 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g48Nw5aC030410; Wed, 8 May 2002 19:58:05 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g48NcvL22042 for vserver.list; Wed, 8 May 2002 19:38:57 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from Trademart-1.ednet.ns.ca (Trademart-1.EDnet.NS.CA [142.227.51.1]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g48Ncvh22038 for ; Wed, 8 May 2002 19:38:57 -0400 Received: from macleajb (helo=localhost) by Trademart-1.ednet.ns.ca with local-esmtp (Exim 3.35 #1) id 175b1N-0005aB-00 for vserver@solucorp.qc.ca; Wed, 08 May 2002 20:38:57 -0300 Date: Wed, 8 May 2002 20:38:57 -0300 (ADT) From: James MacLean To: Subject: Re: [vserver] locking problems with samba - cups In-Reply-To: <20020508142629.c55b5e7b3405@remtk.solucorp.qc.ca> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 571 On Wed, 8 May 2002, Jacques Gelinas wrote: > On Tue, 16 Apr 2002 06:54:08 -0500, James MacLean wrote > > > Thomas Weber wrote: > > > > Hi there, > > > > i've got problems running samba in a vserver. On a share that's accessible > > > > by multiple (Windows)users I get lockups on the client side when someone > > > > tries to access a file that's already opened by another user. > > > > any ideas? > > > > Possibly totally unrelated but this past weekend I went through an > > exercise to get CUPS running in a vserver. One big hangup was that CUPS is > > hardcoded everywhere to talk via localhost. In cup's case, it wasn't just > > the host 'localhost' or the ip '127.0.0.1' but the hex coded localhost > > '0x7f000001' everywhere :(. > > > > So I've been setting /etc/hosts to say that localhost is actually the > > vserver's IP. > > Newer ctx kernel handle this 127.0.0.1 -> iproot address translation on > the fly. Which kernel were you using ? Hi Jacques, Actually I would have been trying it originally on a 2.4.18 + ctx-10. Now that time has past I'm unsure exactly what led me to force the localhosts all to local vserver IP, but I certainly remember it fixed it ;). I think the problem was always showing itself when you used the web interface to add a printer. It would appear to stall, and I seemed to remember it was (according to strace maybe) to be trying to do something using 127.0.0.1 and getting an error something like permission denied. So I thought I would just setup the obvious settings in the code to be the local IP instead of 127.0.0.1. That's when I also noticed it was hardcoded in quite a few places in hex, and after altering them, it worked. Now chances are you'll be able to do a default CUPS install and not have the same problem :(. I'm currently running ctx-10 on 2.4.19-pre8, and I could probably bring it up and see if it shows up again if you can not see it on your end. JES -- James B. MacLean macleajb@ednet.ns.ca Department of Education Nova Scotia, Canada B3M 4B2 From vserver.error@solucorp.qc.ca Thu May 9 04:24:29 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g498OSaC002282; Thu, 9 May 2002 04:24:29 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g497PPj00419 for vserver.list; Thu, 9 May 2002 03:25:25 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g497PNh00415 for ; Thu, 9 May 2002 03:25:24 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 175iIg-0002MB-00 for ; Thu, 09 May 2002 09:25:18 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 175iIg-0002Lw-00 for ; Thu, 09 May 2002 09:25:18 +0200 Sender: jon@silicide.dk Message-ID: <3CDA245E.EF391BE7@silicide.dk> Date: Thu, 09 May 2002 09:25:18 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: vserver on NFS (was Re: [vserver] Cookbook Vservers References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: vserver@solucorp.qc.ca Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 572 "Roderick A. Anderson" wrote: > > On 8 May 2002, Fran Firman wrote: > > > I have a fairly good method of getting vservers running on a deb system, > > over nfs with a deb system in side the system. > > > > Over the nfs allows me to move vservers from server to server, esp if > > the server it self has a problem. > > Sounds good. Would you be willing to share it - with credit where due? > I'm a Redhat user but this should help any and all. > > I'd like to add that I want to do it cook book verses HOWTO. Not a lot of > side-theory just step by step with specific distribution(s) and generic > setups. Please include some performance numbers, i'm not sure running over NFS is fast. JonB From vserver.error@solucorp.qc.ca Thu May 9 05:02:32 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4992VaC002525; Thu, 9 May 2002 05:02:32 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g498OpC02831 for vserver.list; Thu, 9 May 2002 04:24:51 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g498Ooh02827 for ; Thu, 9 May 2002 04:24:50 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 175jEI-0002N9-00 for ; Thu, 09 May 2002 10:24:50 +0200 Received: from localhost ([127.0.0.1]) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 175jEI-0002Mz-00 for ; Thu, 09 May 2002 10:24:50 +0200 Delivered-To: silicide_dk-jon+vserver@silicide.dk Received: from mail.dht.dk [194.239.148.46] by localhost with POP3 (fetchmail-5.9.0) for jon+vserver@silicide.dk (multi-drop); Thu, 09 May 2002 10:24:50 +0200 (CEST) Received: (qmail 76138 invoked from network); 9 May 2002 08:24:32 -0000 Received: from dns.solucorp.qc.ca (207.253.4.241) by 194.239.148.46 with SMTP; 9 May 2002 08:24:32 -0000 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g497PPj00419 for vserver.list; Thu, 9 May 2002 03:25:25 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g497PNh00415 for ; Thu, 9 May 2002 03:25:24 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 175iIg-0002MB-00 for ; Thu, 09 May 2002 09:25:18 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 175iIg-0002Lw-00 for ; Thu, 09 May 2002 09:25:18 +0200 Sender: jon@silicide.dk Message-ID: <3CDA245E.EF391BE7@silicide.dk> Date: Thu, 09 May 2002 09:25:18 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: vserver on NFS (was Re: [vserver] Cookbook Vservers References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: jon+vserver@silicide.dk Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 573 "Roderick A. Anderson" wrote: > > On 8 May 2002, Fran Firman wrote: > > > I have a fairly good method of getting vservers running on a deb system, > > over nfs with a deb system in side the system. > > > > Over the nfs allows me to move vservers from server to server, esp if > > the server it self has a problem. > > Sounds good. Would you be willing to share it - with credit where due? > I'm a Redhat user but this should help any and all. > > I'd like to add that I want to do it cook book verses HOWTO. Not a lot of > side-theory just step by step with specific distribution(s) and generic > setups. Please include some performance numbers, i'm not sure running over NFS is fast. JonB From vserver.error@solucorp.qc.ca Thu May 9 07:55:05 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g49Bt4aC003535; Thu, 9 May 2002 07:55:05 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g49BThF06860 for vserver.list; Thu, 9 May 2002 07:29:43 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from john-new (host213-122-199-197.in-addr.btopenworld.com [213.122.199.197]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g49BTfh06856 for ; Thu, 9 May 2002 07:29:42 -0400 Received: from 192.168.0.1 by john-new ([192.168.0.1] running VPOP3) with SMTP for ; Thu, 9 May 2002 12:29:28 +0100 From: "John Lyons" To: Subject: RE: [vserver] apache security / Cookbook Vservers / vserver system usage Date: Thu, 9 May 2002 12:29:27 +0100 Message-ID: <005d01c1f74c$c80ffa30$0100a8c0@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: Importance: Normal X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 574 > Your post here is especially relevant to vserver in a hosted > environment: > http://vserver.vlad.net/list/0135.html > > I think many of us are interested in vserver because it helps our web > hosting operations be more secure, scalable, reliable, etc. Slightly changing the approach here, I think you're looking at using vservers within a hosting environment in the sense that you offer individual hosting accounts to customers but host those accounts on vservers. Yes, this is a good use for the vserver. We're doing this already. We're not that heavily into apache/php/mysql hardening we're just using the latest php4.1.2 rpm packages so that we can unify everything across multiple vservers. To us the advantage of the vserver is that we've now got apache, mysql, smtp/pop and bind each running in their own vservers. From this we've got some enhanced security and when the load from any one of those services gets too much we can easily move them to a separate server. The other use that vserver is good for is giving each customer their own vserver in the FreeVSD style. We've just launched this to a select number of our own customers which is proving to be very popular! Regards John Lyons DomainCity http://www.domaincity.co.uk support@domaincity.co.uk ICQ 74187012 *********************************************************************** Please quote your account number in the subject line of all emails. Failure to do so may result in your enquiries taking longer to process. *********************************************************************** From vserver.error@solucorp.qc.ca Thu May 9 12:44:39 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g49GicaC005874; Thu, 9 May 2002 12:44:38 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g49GOaH14479 for vserver.list; Thu, 9 May 2002 12:24:36 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from domino-2.prominic.com (s2-f1-gb.prominic.com [63.254.227.1]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g49GOZh14475 for ; Thu, 9 May 2002 12:24:35 -0400 Subject: [vserver] vserver with reiserfs or ext3 To: vserver@solucorp.qc.ca X-Mailer: Lotus Notes Release 5.0.8 June 18, 2001 Message-ID: From: "Justin M Kuntz" Date: Thu, 9 May 2002 11:24:44 -0500 X-MIMETrack: Serialize by Router on domino-2.prominic.com/Prominic(Release 5.0.8 |June 18, 2001) at 05/09/2002 11:24:36 AM MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by dns.solucorp.qc.ca id g49GOZh14475 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 575 Sam -- It seems you are the guru when it comes to ReiserFS support with vserver. :) Having a journaling filesystem is of utmost importance to me. So my choices are ext3 or ReiserFS. Currently I have several systems running ReiserFS on SuSE 7.3 - but none of them are using vserver kernel patches (yet?). I'm installing a new system - Red Hat 7.2 - with ext3 simply because it seems like right now vserver is most tested on this platform. But some messages I've seen in the mailing list archive have made me unclear on the status of which filesystems support _all_ of the vserver features including immutable flags and unification. Back in Nov 2001 this was posted by you: http://vserver.vlad.net/list/0066.html along with this link to why ReiserFS doesn't support extended attributes: http://www.namesys.com/stream_ans.html Has this changed by now (May 9, 2002)? I mean would you consider ReiserFS now feature complete in terms of vserver's requirements? How about ext3? Based on this message: http://vserver.vlad.net/list/0513.html it sounded like some of the ext2 attributes had to be mapped to ext3 unused bits, which I assume may not be a permanent solution if vserver has to officially request those bits to be reserved from the ext3 management team. (I have no idea of the actual process of managing filesystem development, I'm simply making an assumption about bits needing to be well-known, etc): Currently I'm using on the Red Hat 7.2 system 2.4.18ctx-10. Is the 2.4.19-pre3 kernel the one to be using if I want feature complete ReiserFS support for vserver? Or do you still need to build a patch of some kind? Thanks! Justin -------------------------- Excellent, it looks like inode attributes on reiserfs are in the latest stable kernel pre-release. I feel another patch coming on... Sam. Begin forwarded message: Date: Tue, 12 Mar 2002 14:40:16 +0300 From: Oleg Drokin To: Sam Vilain Subject: inode attributes Hello! On Tue, Mar 12, 2002 at 11:20:00AM +0000, Sam Vilain wrote: > btw, nice to see inode attributes back in the "pending" patches. Any idea> when this patch will make it into the mainstream kernel? It is already. Download 2.4.19-pre3 and enjoy. Bye,    Oleg From vserver.error@solucorp.qc.ca Thu May 9 12:46:14 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g49GkDaC005899; Thu, 9 May 2002 12:46:13 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g49G4Ne13905 for vserver.list; Thu, 9 May 2002 12:04:23 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from domino-2.prominic.com (s2-f1-gb.prominic.com [63.254.227.1]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g49G4Nh13901 for ; Thu, 9 May 2002 12:04:23 -0400 Subject: RE: [vserver] apache security / Cookbook Vservers / vserver system usage To: vserver@solucorp.qc.ca Cc: support@nsnoc.com X-Mailer: Lotus Notes Release 5.0.8 June 18, 2001 Message-ID: From: "Justin M Kuntz" Date: Thu, 9 May 2002 11:04:32 -0500 X-MIMETrack: Serialize by Router on domino-2.prominic.com/Prominic(Release 5.0.8 |June 18, 2001) at 05/09/2002 11:04:24 AM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 576 John, Thanks for the reply. Indeed, my intent is to have dual security at suexec and vserver levels for the "Shared Apache" method. It sounds like you are doing "Partitioned Apache" so that each customer right now gets their own Apache and vserver. Definitely that seems to be the more straightforward approach when it is not necessary to share IPs between many customers. What OS are you running? Red Hat 7.2, SuSE 7.3, etc? Are you using ReiserFS or ext3? I am trying to decide right now which filesystem is safest to use with vserver... I really like ReiserFS but I thought I read earlier in the mailing list archive that the unification and immutable features aren't supported on Reiser. One of my associates did some testing and felt that ext3 wasn't mature enough or had some problems relative to Reiser. I'd love to hear your experience. Incidentally, we are using the http://www.3Ware.com IDE hardware RAID controllers for RAID 10 support on our Linux boxes across 4 drives. For about $300 this is a good investment, although it does rquire in vserver's case for a recompiled kernel to be made. No big deal - but I just wanted to offer that advice. Thanks! Justin From vserver.error@solucorp.qc.ca Thu May 9 15:42:55 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g49JgsaC007144; Thu, 9 May 2002 15:42:55 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g49JSaJ19818 for vserver.list; Thu, 9 May 2002 15:28:36 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail4.messagelabs.com (mail4.messagelabs.com [212.125.75.12]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g49JSZh19814 for ; Thu, 9 May 2002 15:28:35 -0400 X-VirusChecked: Checked Received: (qmail 19763 invoked from network); 9 May 2002 19:28:26 -0000 Received: from porgy.logica.co.uk (158.234.250.67) by server-4.tower-4.messagelabs.com with SMTP; 9 May 2002 19:28:26 -0000 Received: from shannon.ie.logica.com (shannon.ie.logica.com [158.234.96.46]) by porgy.logica.co.uk (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id UAA21219 for ; Thu, 9 May 2002 20:28:26 +0100 Received: from ruth.ie.logica.com ([158.234.96.113]) by shannon.ie.logica.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2448.0) id KGKL5SFB; Thu, 9 May 2002 20:28:24 +0100 Received: from pc243.ie.logica.com (pc243.ie.logica.com [158.234.98.243]) by ruth.ie.logica.com (8.9.1/8.9.0) with ESMTP id UAA03288 for ; Thu, 9 May 2002 20:28:25 +0100 (BST) Subject: [vserver] rsh between virtual server From: Lew Teck Kheng To: Vserver mailing list Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.3.99 Date: 09 May 2002 20:28:10 +0100 Message-Id: <1020972491.12666.1.camel@maximus> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 577 hi all : After being thru reading the redhat user guide about rsh service , i still not able to rsh between virtual server. I alway get "Permission Denied". Any ideas ? Many many thanks. cheers -- ======================================================================== Lew Teck Kheng System Engineer Asia LMN System Engineering (Malaysia) (+603) 7725 6890 www.logica.com "Logica Make MMS Real Person to Person MMS demonstrated live using devices from 8 manufacturers on the Orange France GPRS Network at the 3 GSM World Congress in Cannes." ======================================================================== ________________________________________________________________________ This email has been scanned for all viruses by the MessageLabs SkyScan service. For more information on a proactive anti-virus service working around the clock, around the globe, visit http://www.messagelabs.com ________________________________________________________________________ From vserver.error@solucorp.qc.ca Thu May 9 18:01:27 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g49M1QaC008452; Thu, 9 May 2002 18:01:27 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g49LmZ223701 for vserver.list; Thu, 9 May 2002 17:48:35 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtpout.telecom.co.nz (smtpout.telecom.co.nz [146.171.14.10]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g49LmYh23697 for ; Thu, 9 May 2002 17:48:34 -0400 Received: from aksmtpmdr1.telecom.co.nz (aksmtpmdr1 [146.171.1.20]) by smtpout.telecom.co.nz (Postfix) with SMTP id 292C845E81 for ; Fri, 10 May 2002 09:48:28 +1200 (NZST) Received: from 192.168.192.252 by aksmtpmdr1.telecom.co.nz with ESMTP ( Tumbleweed MMS SMTP Relay (MMS v4.7);); Fri, 10 May 2002 09:48:26 +1200 X-Server-Uuid: 9e124d90-33fb-11d3-a293-006008c1e5af Received: from localhost ([127.0.0.1] helo=localhost.localdomain ident=fran) by ganymede with esmtp (Exim 3.35 #1 (Debian)) id 175vjo-0006qI-00 for ; Fri, 10 May 2002 09:46: 13 +1200 Subject: Re: vserver on NFS (was Re: [vserver] Cookbook Vservers From: "Fran Firman" To: vserver In-Reply-To: <3CDA245E.EF391BE7@silicide.dk> References: <3CDA245E.EF391BE7@silicide.dk> X-Mailer: Ximian Evolution 1.0.3 Date: 10 May 2002 09:46:12 +1200 Message-ID: <1020980772.26116.8.camel@ganymede> MIME-Version: 1.0 X-WSS-ID: 10C4312054281-01-01 Content-Type: multipart/signed; boundary="=-GbUjWUSw9VpEB7nm4Wrw"; micalg=pgp-sha1; protocol="application/pgp-signature" Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 578 --=-GbUjWUSw9VpEB7nm4Wrw Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Performance on our system seems fine. Thou I do shift /tmp to the local harddrive. for a time dd if=3D/dev/zero of=3Dblah bs=3D1k count=3D100k=20 (create a 100 MByte file takes) On the nfs array =3D 21.66s On the local HD =3D 15.4s The server talks to a switch via 100M which talks to a Firwall via 100M which talks to the nfs array via Gig E. The array has 8x18Gb Ultra Wide Scsi disks. F. On Thu, 2002-05-09 at 19:25, Jon Bendtsen wrote: > "Roderick A. Anderson" wrote: > >=20 > > On 8 May 2002, Fran Firman wrote: > >=20 > > > I have a fairly good method of getting vservers running on a deb syst= em, > > > over nfs with a deb system in side the system. > > > > > > Over the nfs allows me to move vservers from server to server, esp if > > > the server it self has a problem. > >=20 > > Sounds good. Would you be willing to share it - with credit where due? > > I'm a Redhat user but this should help any and all. > >=20 > > I'd like to add that I want to do it cook book verses HOWTO. Not a lot= of > > side-theory just step by step with specific distribution(s) and generic > > setups. >=20 > Please include some performance numbers, i'm not sure running over NFS > is > fast. >=20 >=20 >=20 > JonB >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 --=-GbUjWUSw9VpEB7nm4Wrw Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEABECAAYFAjza7iMACgkQv1V2oVWAPhZbUgCfcIDF8CHYwapmrBrThUvVA8kT MS8Anip1aFx0w89m2x+71qypCUjDLxec =fZgq -----END PGP SIGNATURE----- --=-GbUjWUSw9VpEB7nm4Wrw-- From vserver.error@solucorp.qc.ca Thu May 9 18:59:16 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g49MxGaC008899; Thu, 9 May 2002 18:59:16 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g49MjqW25001 for vserver.list; Thu, 9 May 2002 18:45:52 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from tungsten.btinternet.com (tungsten.btinternet.com [194.73.73.81]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g49Mjph24997 for ; Thu, 9 May 2002 18:45:51 -0400 Received: from host213-1-177-234.btinternet.com ([213.1.177.234] helo=home4v9eek8u3l) by tungsten.btinternet.com with smtp (Exim 3.22 #8) id 175wfM-0005K3-00 for vserver@solucorp.qc.ca; Thu, 09 May 2002 23:45:41 +0100 From: "John Lyons" To: Subject: RE: [vserver] apache security / Cookbook Vservers / vserver system usage Date: Thu, 9 May 2002 23:42:19 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 In-Reply-To: Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 579 > What OS are you running? Red Hat 7.2 RedHat 7.2 > ReiserFS or ext3? Initially installed with ext3, patched kernel (our network cards aren't installed with the pre compiled) got everything working fine for 2 months. Upgraded kernel and patch to the next version in March and lost all Ext3 support in the kernel. I'm off to the datacentre tomorrow to install network cards in the servers so we'll have one for internet traffic and one for internal ssh and backups. Hopefully I'll be upgrading to the latest kernel and patch version at the same time. > earlier in the mailing list archive that the unification and immutable > features aren't supported on Reiser. One of my associates did > some testing > and felt that ext3 wasn't mature enough or had some problems relative to > Reiser. Beyond loosing support with a kernel upgrade ext3, has proved fine on all of our non vserver machines. I do like the ability for a server to get a hard reboot and not need a 70 mile drive to the data centre to fix the file system. > I'd love to hear your experience. Incidentally, we are using the > http://www.3Ware.com IDE hardware RAID controllers for RAID 10 support on > our Linux boxes across 4 drives. I've got other customers in our rack using one of these. Very impressive. Quite tempted to use one on an nfs server for backups etc. Regards John Lyons Netserve Consultants Ltd www.domaincity.co.uk From vserver.error@solucorp.qc.ca Thu May 9 21:36:07 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4A1a7aC010390; Thu, 9 May 2002 21:36:07 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4A1Jkv28126 for vserver.list; Thu, 9 May 2002 21:19:46 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from carbon (carbon.btinternet.com [194.73.73.92]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4A1Jjh28122 for ; Thu, 9 May 2002 21:19:46 -0400 Received: from host213-122-10-163.in-addr.btopenworld.com ([213.122.10.163] helo=home4v9eek8u3l) by carbon with smtp (Exim 3.22 #8) id 175z4T-0000HK-00 for vserver@solucorp.qc.ca; Fri, 10 May 2002 02:19:45 +0100 From: "John Lyons" To: Subject: [vserver] ctx-10 kernel compile Date: Fri, 10 May 2002 02:16:25 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 580 I think I'm going mad here. It's 2am and this ain't working :-( RedHat 7.2 server. I've unziped the 2.4.18 kernel source, and applied the 2.1.18ctx10 patch, all wored fine. I've run: make dep clean bzImage modules modules_install install No errors reported. Boot now has: -rw-r--r-- 1 root root 478238 May 11 02:05 System.map-2.4.18ctx-10 -rw-r--r-- 1 root root 945043 May 11 02:05 vmlinuz-2.4.18ctx-10 grub.conf has: [root@svr9 grub]# cat grub.conf # grub.conf generated by anaconda #boot=/dev/hda default=0 timeout=5 splashimage=(hd0,0)/grub/splash.xpm.gz title Red Hat Linux (2.4.7-18-ctx10) root (hd0,0) kernel /vmlinuz-2.4.18ctx-10 ro root=/dev/hda2 That's the only entry but a restart shows [root@svr9 grub]# uname -a Linux svr9 2.4.17ctx-8 #1 SMP Wed Mar 6 01:15:04 GMT 2002 i686 unknown I'm missing something obvious here, any clues anyone? Regards John Lyons From vserver.error@solucorp.qc.ca Thu May 9 21:36:16 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4A1aGaC010398; Thu, 9 May 2002 21:36:16 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4A1MPj28196 for vserver.list; Thu, 9 May 2002 21:22:25 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from domino-2.prominic.com (s2-f1-gb.prominic.com [63.254.227.1]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4A1MPh28192 for ; Thu, 9 May 2002 21:22:25 -0400 Subject: RE: [vserver] apache security / Cookbook Vservers / vserver system usage To: vserver@solucorp.qc.ca X-Mailer: Lotus Notes Release 5.0.8 June 18, 2001 Message-ID: From: "Justin M Kuntz" Date: Thu, 9 May 2002 20:23:32 -0500 X-MIMETrack: Serialize by Router on domino-2.prominic.com/Prominic(Release 5.0.8 |June 18, 2001) at 05/09/2002 08:22:26 PM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 581 John, Thank you very much for all of the details... so just so I'm clear, basically the only problem you had with ext3 was that you accidentally recompiled a kernel that didn't support it and so you lost support once you rebooted that machine? Have you used ext3 or ReiserFS specifically on machines with vserver patches applied to the kernel? Have the immutability and unification features worked for you even with the latest ctx10 2.4.18 patches? The reason I'm confused is because you said "ext3... has proved fine on all of our non vserver machines". I'm wondering what you're using on your production vserver machines for base OS + filesystem. My plan is Red Hat 7.2 base + compiling our own 2.4.18 kernel from kernel.org w/ vserver patches, ext3, and 3ware support built-in. Our data center is remote also - about 17 miles north of our office. Offices and data center spaces don't tend to mix. :) I've found APC MasterSwitch Plus to be a helpful addition for remote hard rebooting. I want to get a StarTech IP KVM switch to connect to our main KVM matrix so that we can even do remote BIOS/CMOS management. Compaq has a really cool card call the Remote Insight Management Board, which supplies virtual floppy, video, and power control on a per-server basis. I wish I could find something like that for non-Compaq machines. I really appreciate your help with my questions. Thanks again, Justin "John Lyons" .com> cc: Fax to: 05/09/2002 Subject: RE: [vserver] apache security / Cookbook Vservers / vserver system usage 05:42 PM Please respond to vserver > What OS are you running? Red Hat 7.2 RedHat 7.2 > ReiserFS or ext3? Initially installed with ext3, patched kernel (our network cards aren't installed with the pre compiled) got everything working fine for 2 months. Upgraded kernel and patch to the next version in March and lost all Ext3 support in the kernel. I'm off to the datacentre tomorrow to install network cards in the servers so we'll have one for internet traffic and one for internal ssh and backups. Hopefully I'll be upgrading to the latest kernel and patch version at the same time. > earlier in the mailing list archive that the unification and immutable > features aren't supported on Reiser. One of my associates did > some testing > and felt that ext3 wasn't mature enough or had some problems relative to > Reiser. Beyond loosing support with a kernel upgrade ext3, has proved fine on all of our non vserver machines. I do like the ability for a server to get a hard reboot and not need a 70 mile drive to the data centre to fix the file system. > I'd love to hear your experience. Incidentally, we are using the > http://www.3Ware.com IDE hardware RAID controllers for RAID 10 support on > our Linux boxes across 4 drives. I've got other customers in our rack using one of these. Very impressive. Quite tempted to use one on an nfs server for backups etc. Regards John Lyons Netserve Consultants Ltd www.domaincity.co.uk From vserver.error@solucorp.qc.ca Thu May 9 23:45:24 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4A3jNaC011560; Thu, 9 May 2002 23:45:24 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4A3OgM30827 for vserver.list; Thu, 9 May 2002 23:24:42 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from force.4t2.com (force.4t2.com [195.230.37.100]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4A3Ofh30823 for ; Thu, 9 May 2002 23:24:42 -0400 Received: from pandemonium.abyss.4t2.com ([192.168.1.10]:1544 "EHLO pandemonium.abyss.4t2.com") by force.4t2.com with ESMTP id ; Fri, 10 May 2002 05:24:38 +0200 Received: (x@pandemonium.abyss.4t2.com) by pandemonium.abyss.4t2.com id ; Fri, 10 May 2002 05:24:23 +0200 Date: Fri, 10 May 2002 05:24:23 +0200 From: Thomas Weber To: vserver@solucorp.qc.ca Subject: Re: [vserver] ctx-10 kernel compile Message-ID: <20020510052423.J25124@4t2.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: ; from support@nsnoc.com on Fri, May 10, 2002 at 02:16:25AM +0100 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: O X-Status: X-Keywords: X-UID: 582 On Fri, May 10, 2002 at 02:16:25AM +0100, John Lyons wrote: > > Boot now has: > -rw-r--r-- 1 root root 478238 May 11 02:05 > System.map-2.4.18ctx-10 > -rw-r--r-- 1 root root 945043 May 11 02:05 vmlinuz-2.4.18ctx-10 > > grub.conf has: > [root@svr9 grub]# cat grub.conf > # grub.conf generated by anaconda > #boot=/dev/hda > default=0 > timeout=5 > splashimage=(hd0,0)/grub/splash.xpm.gz > > title Red Hat Linux (2.4.7-18-ctx10) ~~~~~~~~~~~~~~ only cosmetic, but a bit senseless > root (hd0,0) > kernel /vmlinuz-2.4.18ctx-10 ro root=/dev/hda2 > > That's the only entry but a restart shows > > [root@svr9 grub]# uname -a > Linux svr9 2.4.17ctx-8 #1 SMP Wed Mar 6 01:15:04 GMT 2002 i686 unknown > > I'm missing something obvious here, any clues anyone? that's more a grub/booting question than a vserver one. does the grub menu at startup show the same title line as your grub.conf? could be that your editing a grub.conf in the wrong place. Oh, and make sure you really use grub and not lilo ;-) Tom From vserver.error@solucorp.qc.ca Fri May 10 00:13:03 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4A4D3aC011767; Fri, 10 May 2002 00:13:03 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4A3YVN31067 for vserver.list; Thu, 9 May 2002 23:34:31 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from force.4t2.com (force.4t2.com [195.230.37.100]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4A3YVh31063 for ; Thu, 9 May 2002 23:34:31 -0400 Received: from pandemonium.abyss.4t2.com ([192.168.1.10]:6920 "EHLO pandemonium.abyss.4t2.com") by force.4t2.com with ESMTP id ; Fri, 10 May 2002 05:34:19 +0200 Received: (x@pandemonium.abyss.4t2.com) by pandemonium.abyss.4t2.com id ; Fri, 10 May 2002 05:34:03 +0200 Date: Fri, 10 May 2002 05:34:03 +0200 From: Thomas Weber To: vserver@solucorp.qc.ca Subject: Re: [vserver] apache security / Cookbook Vservers / vserver system usage Message-ID: <20020510053403.K25124@4t2.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: ; from jkuntz@prominic.com on Thu, May 09, 2002 at 08:23:32PM -0500 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-2.0 required=5.0 tests=IN_REP_TO version=2.01 Status: O X-Status: X-Keywords: X-UID: 583 On Thu, May 09, 2002 at 08:23:32PM -0500, Justin M Kuntz wrote: > > Have you used ext3 or ReiserFS specifically on machines with vserver > patches applied to the kernel? Have the immutability and unification > features worked for you even with the latest ctx10 2.4.18 patches? > > The reason I'm confused is because you said "ext3... has proved fine on all > of our non vserver machines". I'm wondering what you're using on your > production vserver machines for base OS + filesystem. My plan is Red Hat > 7.2 base + compiling our own 2.4.18 kernel from kernel.org w/ vserver > patches, ext3, and 3ware support built-in. for what's it worth: I'm running domino in a minimalistic vserver environment since last december. The box is a P4 with a 3ware controller. Basesystem is RH7.2, self compiled Kernel 2.4.18ctx10. All Filesystems are reiserfs. So far with only few problems, but I mostly blame domino and the domino setup / administrator for these. Tom From vserver.error@solucorp.qc.ca Fri May 10 04:09:59 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4A89waC013852; Fri, 10 May 2002 04:09:58 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4A7tTx04694 for vserver.list; Fri, 10 May 2002 03:55:29 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4A7tSh04690 for ; Fri, 10 May 2002 03:55:28 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 1765FR-0002ou-00 for ; Fri, 10 May 2002 09:55:29 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 1765FR-0002oj-00 for ; Fri, 10 May 2002 09:55:29 +0200 Sender: jon@silicide.dk Message-ID: <3CDB7CF1.ECAA80E8@silicide.dk> Date: Fri, 10 May 2002 09:55:29 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] rsh between virtual server References: <1020972491.12666.1.camel@maximus> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: vserver@solucorp.qc.ca Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: O X-Status: X-Keywords: X-UID: 584 Lew Teck Kheng wrote: > > hi all : > > After being thru reading the redhat user guide about rsh service , i > still not able to rsh between virtual server. I alway get "Permission > Denied". Not knowing much (anything?) about rsh, since i use ssh, but but but Do all your vservers share the same ip ?? Did you allow rsh connections from the ip in question. Did you consider that 127.0.0.1 might be the ip they are connecting from ? JonB From vserver.error@solucorp.qc.ca Fri May 10 04:15:03 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4A8F2aC013898; Fri, 10 May 2002 04:15:03 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4A7pwV04594 for vserver.list; Fri, 10 May 2002 03:51:58 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4A7pwh04590 for ; Fri, 10 May 2002 03:51:58 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 1765C2-0002oQ-00 for ; Fri, 10 May 2002 09:51:58 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 1765C2-0002oF-00 for ; Fri, 10 May 2002 09:51:58 +0200 Sender: jon@silicide.dk Message-ID: <3CDB7C1E.3A6805BF@silicide.dk> Date: Fri, 10 May 2002 09:51:58 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] apache security / Cookbook Vservers / vserver system usage References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: vserver@solucorp.qc.ca Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: O X-Status: X-Keywords: X-UID: 585 John Lyons wrote: > > I'd love to hear your experience. Incidentally, we are using the > > http://www.3Ware.com IDE hardware RAID controllers for RAID 10 support on > > our Linux boxes across 4 drives. > > I've got other customers in our rack using one of these. Very impressive. > Quite tempted to use one on an nfs server for backups etc. Oh yeah, i forgot to mention in my other post that i did some comparisons between a 3ware and regular software raid. The performance is roughly the same, but do put the 3ware card in a real chipset. I had half performance on a via chipset, and full performance on a serverworks. It didnt matter if i used the 32bit pci, or the full 64bit potential of the 3ware card, possibly because i only have 4 disks. JonB From vserver.error@solucorp.qc.ca Fri May 10 04:31:10 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4A8V9aC014090; Fri, 10 May 2002 04:31:09 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4A8FKV05846 for vserver.list; Fri, 10 May 2002 04:15:20 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4A8FKh05842 for ; Fri, 10 May 2002 04:15:20 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 1765Ye-0002q6-00 for ; Fri, 10 May 2002 10:15:20 +0200 Received: from localhost ([127.0.0.1]) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 1765Ye-0002pw-00 for ; Fri, 10 May 2002 10:15:20 +0200 Delivered-To: silicide_dk-jon+vserver@silicide.dk Received: from mail.dht.dk [194.239.148.46] by localhost with POP3 (fetchmail-5.9.0) for jon+vserver@silicide.dk (multi-drop); Fri, 10 May 2002 10:15:20 +0200 (CEST) Received: (qmail 83176 invoked from network); 10 May 2002 08:15:06 -0000 Received: from dns.solucorp.qc.ca (207.253.4.241) by 194.239.148.46 with SMTP; 10 May 2002 08:15:06 -0000 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4A7pwV04594 for vserver.list; Fri, 10 May 2002 03:51:58 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4A7pwh04590 for ; Fri, 10 May 2002 03:51:58 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 1765C2-0002oQ-00 for ; Fri, 10 May 2002 09:51:58 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 1765C2-0002oF-00 for ; Fri, 10 May 2002 09:51:58 +0200 Sender: jon@silicide.dk Message-ID: <3CDB7C1E.3A6805BF@silicide.dk> Date: Fri, 10 May 2002 09:51:58 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] apache security / Cookbook Vservers / vserver system usage References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: jon+vserver@silicide.dk Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: O X-Status: X-Keywords: X-UID: 586 John Lyons wrote: > > I'd love to hear your experience. Incidentally, we are using the > > http://www.3Ware.com IDE hardware RAID controllers for RAID 10 support on > > our Linux boxes across 4 drives. > > I've got other customers in our rack using one of these. Very impressive. > Quite tempted to use one on an nfs server for backups etc. Oh yeah, i forgot to mention in my other post that i did some comparisons between a 3ware and regular software raid. The performance is roughly the same, but do put the 3ware card in a real chipset. I had half performance on a via chipset, and full performance on a serverworks. It didnt matter if i used the 32bit pci, or the full 64bit potential of the 3ware card, possibly because i only have 4 disks. JonB From vserver.error@solucorp.qc.ca Fri May 10 04:33:17 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4A8XGaC014097; Fri, 10 May 2002 04:33:17 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4A7lmu04465 for vserver.list; Fri, 10 May 2002 03:47:48 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4A7llh04460 for ; Fri, 10 May 2002 03:47:48 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 17657u-0002o1-00 for ; Fri, 10 May 2002 09:47:42 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 17657u-0002nq-00 for ; Fri, 10 May 2002 09:47:42 +0200 Sender: jon@silicide.dk Message-ID: <3CDB7B1E.5C557027@silicide.dk> Date: Fri, 10 May 2002 09:47:42 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] apache security / Cookbook Vservers / vserver system usage References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: vserver@solucorp.qc.ca Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: O X-Status: X-Keywords: X-UID: 587 Justin M Kuntz wrote: > > John, > > Thanks for the reply. Indeed, my intent is to have dual security at suexec > and vserver levels for the "Shared Apache" method. It sounds like you are > doing "Partitioned Apache" so that each customer right now gets their own > Apache and vserver. Definitely that seems to be the more straightforward > approach when it is not necessary to share IPs between many customers. You can even do this partitioning even when you share a single ip. What you do is that you use a reverseproxy in apache, and run that server on the real ip, then you just "get" the files from the customers server, which could use a 10.x.y.z ip. You can even run the reverse proxy apache inside a vserver. > What OS are you running? Red Hat 7.2, SuSE 7.3, etc? Are you using > ReiserFS or ext3? I am trying to decide right now which filesystem is > safest to use with vserver... I really like ReiserFS but I thought I read > earlier in the mailing list archive that the unification and immutable > features aren't supported on Reiser. One of my associates did some testing > and felt that ext3 wasn't mature enough or had some problems relative to > Reiser. I'm using ext3 anywhere i can get to it. At home i have my vserver running on ext3, but i dont do unification. At work i have trouble with a reiserfs filesystem, but not my ext3 filesystems. Work is not yet running in a vserver. > I'd love to hear your experience. Incidentally, we are using the > http://www.3Ware.com IDE hardware RAID controllers for RAID 10 support on > our Linux boxes across 4 drives. For about $300 this is a good investment, > although it does rquire in vserver's case for a recompiled kernel to be > made. No big deal - but I just wanted to offer that advice. Yeah, i like them as well, though i would like to have their hotswap hd cases as well. JonB From vserver.error@solucorp.qc.ca Fri May 10 04:35:26 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4A8ZPaC014120; Fri, 10 May 2002 04:35:26 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4A8AEW05704 for vserver.list; Fri, 10 May 2002 04:10:14 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4A8ADh05700 for ; Fri, 10 May 2002 04:10:13 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 1765Ti-0002pl-00 for ; Fri, 10 May 2002 10:10:14 +0200 Received: from localhost ([127.0.0.1]) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 1765Th-0002pb-00 for ; Fri, 10 May 2002 10:10:13 +0200 Delivered-To: silicide_dk-jon+vserver@silicide.dk Received: from mail.dht.dk [194.239.148.46] by localhost with POP3 (fetchmail-5.9.0) for jon+vserver@silicide.dk (multi-drop); Fri, 10 May 2002 10:10:13 +0200 (CEST) Received: (qmail 77202 invoked from network); 10 May 2002 08:10:04 -0000 Received: from dns.solucorp.qc.ca (207.253.4.241) by 194.239.148.46 with SMTP; 10 May 2002 08:10:04 -0000 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4A7tTx04694 for vserver.list; Fri, 10 May 2002 03:55:29 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4A7tSh04690 for ; Fri, 10 May 2002 03:55:28 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 1765FR-0002ou-00 for ; Fri, 10 May 2002 09:55:29 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 1765FR-0002oj-00 for ; Fri, 10 May 2002 09:55:29 +0200 Sender: jon@silicide.dk Message-ID: <3CDB7CF1.ECAA80E8@silicide.dk> Date: Fri, 10 May 2002 09:55:29 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] rsh between virtual server References: <1020972491.12666.1.camel@maximus> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: jon+vserver@silicide.dk Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: O X-Status: X-Keywords: X-UID: 588 Lew Teck Kheng wrote: > > hi all : > > After being thru reading the redhat user guide about rsh service , i > still not able to rsh between virtual server. I alway get "Permission > Denied". Not knowing much (anything?) about rsh, since i use ssh, but but but Do all your vservers share the same ip ?? Did you allow rsh connections from the ip in question. Did you consider that 127.0.0.1 might be the ip they are connecting from ? JonB From vserver.error@solucorp.qc.ca Fri May 10 04:48:09 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4A8m9aC014190; Fri, 10 May 2002 04:48:09 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4A8YOs06226 for vserver.list; Fri, 10 May 2002 04:34:24 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from hofmann (pc4-woki3-0-cust99.gfd.cable.ntl.com [213.107.77.99]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4A8YNh06222 for ; Fri, 10 May 2002 04:34:24 -0400 Received: from hofmann ([127.0.0.1]) by hofmann with smtp (Exim 3.35 #1 (Debian)) id 1765qz-0001oB-00 for ; Fri, 10 May 2002 09:34:17 +0100 Date: Fri, 10 May 2002 09:34:17 +0100 From: Sam Vilain To: vserver@solucorp.qc.ca Subject: Re: [vserver] rsh between virtual server In-Reply-To: <1020972491.12666.1.camel@maximus> References: <1020972491.12666.1.camel@maximus> X-Mailer: Sylpheed version 0.7.4 (GTK+ 1.2.10; i386-debian-linux-gnu) X-Face: NErb*2NY4\th?$s.!!]_9le_WtWE'b4;dk<5ot)OW2hErS|tE6~D3errlO^fVil?{qe4Lp_m\&Ja!;>%JqlMPd27X|;b!GH'O.,NhF*)e\ln4W}kFL5c`5t'9,(~Bm_&on,0Ze"D>rFJ$Y[U""nR Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: O X-Status: X-Keywords: X-UID: 589 Yes. ssh is a drop-in replacement for rsh, and `ssh -v -p 60 host' run on the client end with `sshd -d -p 69' on the server end will certainly reveal your hosts.equiv/.rhosts/etc configuration problem. On 09 May 2002 20:28:10 +0100 Lew Teck Kheng wrote: > hi all : > > After being thru reading the redhat user guide about rsh service , i > still not able to rsh between virtual server. I alway get "Permission > Denied". > > Any ideas ? > > Many many thanks. > > cheers > -- > ======================================================================== > Lew Teck Kheng > System Engineer > Asia LMN System Engineering (Malaysia) > (+603) 7725 6890 > www.logica.com > "Logica Make MMS Real > Person to Person MMS demonstrated live using devices from 8 > manufacturers > on the Orange France GPRS Network at the 3 GSM World Congress in > Cannes." > ======================================================================== > > > ________________________________________________________________________ > This email has been scanned for all viruses by the MessageLabs SkyScan > service. For more information on a proactive anti-virus service working > around the clock, around the globe, visit http://www.messagelabs.com > ________________________________________________________________________ > > -- Sam Vilain, sam@vilain.net WWW: http://sam.vilain.net/ 7D74 2A09 B2D3 C30F F78E GPG: http://sam.vilain.net/sam.asc 278A A425 30A9 05B5 2F13 Hi, I'm a .signature virus! Add me to your ~/.signature, please! From vserver.error@solucorp.qc.ca Fri May 10 04:48:40 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4A8meaC014199; Fri, 10 May 2002 04:48:40 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4A8VcM06174 for vserver.list; Fri, 10 May 2002 04:31:38 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from hofmann (pc4-woki3-0-cust99.gfd.cable.ntl.com [213.107.77.99]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4A8Vbh06170 for ; Fri, 10 May 2002 04:31:37 -0400 Received: from hofmann ([127.0.0.1]) by hofmann with smtp (Exim 3.35 #1 (Debian)) id 1765oD-0001ny-00; Fri, 10 May 2002 09:31:25 +0100 Date: Fri, 10 May 2002 09:31:18 +0100 From: Sam Vilain To: "Justin M Kuntz" Cc: vserver@solucorp.qc.ca Subject: [vserver] Re: vserver with reiserfs or ext3 In-Reply-To: References: X-Mailer: Sylpheed version 0.7.4 (GTK+ 1.2.10; i386-debian-linux-gnu) X-Face: NErb*2NY4\th?$s.!!]_9le_WtWE'b4;dk<5ot)OW2hErS|tE6~D3errlO^fVil?{qe4Lp_m\&Ja!;>%JqlMPd27X|;b!GH'O.,NhF*)e\ln4W}kFL5c`5t'9,(~Bm_&on,0Ze"D>rFJ$Y[U""nR Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-107.0 required=5.0 tests=IN_REP_TO,UNIFIED_PATCH,A_FROM_IN_AUTO_WLIST version=2.01 Status: O X-Status: X-Keywords: X-UID: 590 Justin, Sorry, I haven't released a patch for this recently. Once you get the reiserfs inode attributes patch patch (from ftp://ftp.namesys.com/pub/reiserfs-for-2.4/2.4.18.pending in the case of 2.4.18, or by using a 2.4.19-preN kernel), then the changes to allow immutability (assuming you have the ctx10 patch) are fairly minimal; this patch works for me: diff -ur linux-2.4.18-ac3-ctx10-reiser-crypto-netdev-preempt/fs/reiserfs/inode.c linux-2.4.18-ac3-ctx10-reiser-crypto-netdev-preempt-C/fs/reiserfs/inode.c --- linux-2.4.18-ac3-ctx10-reiser-crypto-netdev-preempt/fs/reiserfs/inode.c Tue Apr 23 16:49:34 2002 +++ linux-2.4.18-ac3-ctx10-reiser-crypto-netdev-preempt-C/fs/reiserfs/inode.c Tue Apr 23 18:28:34 2002 @@ -1587,7 +1587,7 @@ /* symlink cannot be immutable or append only, right? */ if( S_ISLNK( inode -> i_mode ) ) - inode -> i_flags &= ~ ( S_IMMUTABLE | S_APPEND ); + inode -> i_flags &= ~ ( S_IMMUTABLE_FILE | S_APPEND ); inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME; inode->i_size = i_size; @@ -2124,10 +2124,14 @@ inode -> i_flags |= S_SYNC; else inode -> i_flags &= ~S_SYNC; - if( sd_attrs & REISERFS_IMMUTABLE_FL ) - inode -> i_flags |= S_IMMUTABLE; + if( sd_attrs & REISERFS_IMMUTABLE_FILE_FL ) + inode -> i_flags |= S_IMMUTABLE_FILE; else - inode -> i_flags &= ~S_IMMUTABLE; + inode -> i_flags &= ~S_IMMUTABLE_FILE; + if( sd_attrs & REISERFS_IMMUTABLE_LINK_FL ) + inode -> i_flags |= S_IMMUTABLE_LINK; + else + inode -> i_flags &= ~S_IMMUTABLE_LINK; if( sd_attrs & REISERFS_NOATIME_FL ) inode -> i_flags |= S_NOATIME; else @@ -2142,10 +2146,14 @@ void i_attrs_to_sd_attrs( struct inode *inode, __u16 *sd_attrs ) { if( reiserfs_attrs( inode -> i_sb ) ) { - if( inode -> i_flags & S_IMMUTABLE ) - *sd_attrs |= REISERFS_IMMUTABLE_FL; + if( inode -> i_flags & S_IMMUTABLE_FILE ) + *sd_attrs |= REISERFS_IMMUTABLE_FILE_FL; + else + *sd_attrs &= ~REISERFS_IMMUTABLE_FILE_FL; + if( inode -> i_flags & S_IMMUTABLE_LINK ) + *sd_attrs |= REISERFS_IMMUTABLE_LINK_FL; else - *sd_attrs &= ~REISERFS_IMMUTABLE_FL; + *sd_attrs &= ~REISERFS_IMMUTABLE_LINK_FL; if( inode -> i_flags & S_SYNC ) *sd_attrs |= REISERFS_SYNC_FL; else diff -ur linux-2.4.18-ac3-ctx10-reiser-crypto-netdev-preempt/fs/reiserfs/ioctl.c linux-2.4.18-ac3-ctx10-reiser-crypto-netdev-preempt-C/fs/reiserfs/ioctl.c --- linux-2.4.18-ac3-ctx10-reiser-crypto-netdev-preempt/fs/reiserfs/ioctl.c Tue Apr 23 16:49:34 2002 +++ linux-2.4.18-ac3-ctx10-reiser-crypto-netdev-preempt-C/fs/reiserfs/ioctl.c Tue Apr 23 18:29:10 2002 @@ -47,7 +47,7 @@ if (get_user(flags, (int *) arg)) return -EFAULT; - if ( ( flags & REISERFS_IMMUTABLE_FL ) && + if ( ( flags & REISERFS_IMMUTABLE_FILE_FL ) && !capable( CAP_LINUX_IMMUTABLE ) ) return -EPERM; diff -ur linux-2.4.18-ac3-ctx10-reiser-crypto-netdev-preempt/include/linux/reiserfs_fs.h linux-2.4.18-ac3-ctx10-reiser-crypto-netdev-preempt-C/include/linux/reiserfs_fs.h --- linux-2.4.18-ac3-ctx10-reiser-crypto-netdev-preempt/include/linux/reiserfs_fs.h Tue Apr 23 18:09:33 2002 +++ linux-2.4.18-ac3-ctx10-reiser-crypto-netdev-preempt-C/include/linux/reiserfs_fs.h Tue Apr 23 18:26:46 2002 @@ -723,7 +723,8 @@ /* we want common flags to have the same values as in ext2, so chattr(1) will work without problems */ -#define REISERFS_IMMUTABLE_FL EXT2_IMMUTABLE_FL +#define REISERFS_IMMUTABLE_FILE_FL EXT2_IMMUTABLE_FILE_FL +#define REISERFS_IMMUTABLE_LINK_FL EXT2_IMMUTABLE_LINK_FL #define REISERFS_SYNC_FL EXT2_SYNC_FL #define REISERFS_NOATIME_FL EXT2_NOATIME_FL #define REISERFS_NODUMP_FL EXT2_NODUMP_FL @@ -739,7 +740,8 @@ #define REISERFS_NOTAIL_FL (0x00008000) /* EXT2_NOTAIL_FL */ /* persistent flags that file inherits from the parent directory */ -#define REISERFS_INHERIT_MASK ( REISERFS_IMMUTABLE_FL | \ +#define REISERFS_INHERIT_MASK ( REISERFS_IMMUTABLE_FILE_FL | \ + REISERFS_IMMUTABLE_LINK_FL | \ REISERFS_SYNC_FL | \ REISERFS_NOATIME_FL | \ REISERFS_NODUMP_FL | \ Most of the work is still being done by the immutability macros in the main ctx10 patch and by the kernel's may_delete() functions, etc. Assuming that after this patch your kernel compiles (if something is wrong it will just barf, because I don't define the old XXX_IMMUTABLE macros - only the XXX_IMMUTABLE_LINK and XXX_IMMUTABLE_FILE pair), then reiserfs works. I do recommend applying the patch to e2fsprogs, as then you will have admin visibility of the new inode attribute. With the out-of-the-box vserver kernel, ext2/3 are fully supported, but unification with reiserfs needs a patch. This will change when the ctx patches are based on the 2.4.19 linux kernel release. Good luck, Sam. On Thu, 9 May 2002 11:24:44 -0500 "Justin M Kuntz" wrote: > Sam -- > > It seems you are the guru when it comes to ReiserFS support with vserver. > :) Having a journaling filesystem is of utmost importance to me. So my > choices are ext3 or ReiserFS. Currently I have several systems running > ReiserFS on SuSE 7.3 - but none of them are using vserver kernel patches > (yet?). > > I'm installing a new system - Red Hat 7.2 - with ext3 simply because it > seems like right now vserver is most tested on this platform. But some > messages I've seen in the mailing list archive have made me unclear on the > status of which filesystems support _all_ of the vserver features including > immutable flags and unification. > > Back in Nov 2001 this was posted by you: > http://vserver.vlad.net/list/0066.html > > along with this link to why ReiserFS doesn't support extended attributes: > http://www.namesys.com/stream_ans.html > > Has this changed by now (May 9, 2002)? I mean would you consider ReiserFS > now feature complete in terms of vserver's requirements? How about ext3? > Based on this message: > http://vserver.vlad.net/list/0513.html > it sounded like some of the ext2 attributes had to be mapped to ext3 unused > bits, which I assume may not be a permanent solution if vserver has to > officially request those bits to be reserved from the ext3 management team. > (I have no idea of the actual process of managing filesystem development, > I'm simply making an assumption about bits needing to be well-known, etc): > > Currently I'm using on the Red Hat 7.2 system 2.4.18ctx-10. Is the > 2.4.19-pre3 kernel the one to be using if I want feature complete ReiserFS > support for vserver? Or do you still need to build a patch of some kind? > > Thanks! > > Justin > > -------------------------- > > Excellent, it looks like inode attributes on reiserfs are in the latest > stable kernel pre-release. > > > I feel another patch coming on... > > > Sam. > > > Begin forwarded message: > > > Date: Tue, 12 Mar 2002 14:40:16 +0300 > From: Oleg Drokin > To: Sam Vilain > Subject: inode attributes > > > Hello! > > > On Tue, Mar 12, 2002 at 11:20:00AM +0000, Sam Vilain wrote: > > > > btw, nice to see inode attributes back in the "pending" patches. Any > idea> when this patch will make it into the mainstream kernel? > It is already. > Download 2.4.19-pre3 and enjoy. > > > Bye, >    Oleg > > > > -- Sam Vilain, sam@vilain.net WWW: http://sam.vilain.net/ 7D74 2A09 B2D3 C30F F78E GPG: http://sam.vilain.net/sam.asc 278A A425 30A9 05B5 2F13 Hi, I'm a .signature virus! Add me to your ~/.signature, please! From vserver.error@solucorp.qc.ca Fri May 10 04:51:30 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4A8pUaC014227; Fri, 10 May 2002 04:51:30 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4A8YUm06236 for vserver.list; Fri, 10 May 2002 04:34:30 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4A8YTh06232 for ; Fri, 10 May 2002 04:34:30 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 1765rC-0002qg-00 for ; Fri, 10 May 2002 10:34:30 +0200 Received: from localhost ([127.0.0.1]) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 1765rC-0002qW-00 for ; Fri, 10 May 2002 10:34:30 +0200 Delivered-To: silicide_dk-jon+vserver@silicide.dk Received: from mail.dht.dk [194.239.148.46] by localhost with POP3 (fetchmail-5.9.0) for jon+vserver@silicide.dk (multi-drop); Fri, 10 May 2002 10:34:30 +0200 (CEST) Received: (qmail 5760 invoked from network); 10 May 2002 08:33:20 -0000 Received: from dns.solucorp.qc.ca (207.253.4.241) by 194.239.148.46 with SMTP; 10 May 2002 08:33:20 -0000 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4A7lmu04465 for vserver.list; Fri, 10 May 2002 03:47:48 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4A7llh04460 for ; Fri, 10 May 2002 03:47:48 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 17657u-0002o1-00 for ; Fri, 10 May 2002 09:47:42 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 17657u-0002nq-00 for ; Fri, 10 May 2002 09:47:42 +0200 Sender: jon@silicide.dk Message-ID: <3CDB7B1E.5C557027@silicide.dk> Date: Fri, 10 May 2002 09:47:42 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] apache security / Cookbook Vservers / vserver system usage References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: jon+vserver@silicide.dk Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: O X-Status: X-Keywords: X-UID: 591 Justin M Kuntz wrote: > > John, > > Thanks for the reply. Indeed, my intent is to have dual security at suexec > and vserver levels for the "Shared Apache" method. It sounds like you are > doing "Partitioned Apache" so that each customer right now gets their own > Apache and vserver. Definitely that seems to be the more straightforward > approach when it is not necessary to share IPs between many customers. You can even do this partitioning even when you share a single ip. What you do is that you use a reverseproxy in apache, and run that server on the real ip, then you just "get" the files from the customers server, which could use a 10.x.y.z ip. You can even run the reverse proxy apache inside a vserver. > What OS are you running? Red Hat 7.2, SuSE 7.3, etc? Are you using > ReiserFS or ext3? I am trying to decide right now which filesystem is > safest to use with vserver... I really like ReiserFS but I thought I read > earlier in the mailing list archive that the unification and immutable > features aren't supported on Reiser. One of my associates did some testing > and felt that ext3 wasn't mature enough or had some problems relative to > Reiser. I'm using ext3 anywhere i can get to it. At home i have my vserver running on ext3, but i dont do unification. At work i have trouble with a reiserfs filesystem, but not my ext3 filesystems. Work is not yet running in a vserver. > I'd love to hear your experience. Incidentally, we are using the > http://www.3Ware.com IDE hardware RAID controllers for RAID 10 support on > our Linux boxes across 4 drives. For about $300 this is a good investment, > although it does rquire in vserver's case for a recompiled kernel to be > made. No big deal - but I just wanted to offer that advice. Yeah, i like them as well, though i would like to have their hotswap hd cases as well. JonB From vserver.error@solucorp.qc.ca Fri May 10 06:18:16 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4AAIGaC014685; Fri, 10 May 2002 06:18:16 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4A9qjr07733 for vserver.list; Fri, 10 May 2002 05:52:45 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from force.4t2.com (force.4t2.com [195.230.37.100]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4A9qjh07729 for ; Fri, 10 May 2002 05:52:45 -0400 Received: from pandemonium.abyss.4t2.com ([192.168.1.10]:46601 "EHLO pandemonium.abyss.4t2.com") by force.4t2.com with ESMTP id ; Fri, 10 May 2002 11:51:30 +0200 Received: (x@pandemonium.abyss.4t2.com) by pandemonium.abyss.4t2.com id ; Fri, 10 May 2002 11:51:23 +0200 Date: Fri, 10 May 2002 11:51:22 +0200 From: Thomas Weber To: vserver@solucorp.qc.ca Subject: Re: [vserver] apache security / Cookbook Vservers / vserver system usage Message-ID: <20020510115122.L25124@4t2.com> References: <3CDB7B1E.5C557027@silicide.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3CDB7B1E.5C557027@silicide.dk>; from jon+vserver@silicide.dk on Fri, May 10, 2002 at 09:47:42AM +0200 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: O X-Status: X-Keywords: X-UID: 592 On Fri, May 10, 2002 at 09:47:42AM +0200, Jon Bendtsen wrote: > > You can even do this partitioning even when you share a single ip. > What you do is that you use a reverseproxy in apache, and run that > server on the real ip, then you just "get" the files from the customers > server, which could use a 10.x.y.z ip. You can even run the reverse > proxy > apache inside a vserver. or squid in accelerator mode - might even improve performance a bit. > > What OS are you running? Red Hat 7.2, SuSE 7.3, etc? Are you using > > ReiserFS or ext3? I am trying to decide right now which filesystem is > > safest to use with vserver... I really like ReiserFS but I thought I read > > earlier in the mailing list archive that the unification and immutable > > features aren't supported on Reiser. One of my associates did some testing > > and felt that ext3 wasn't mature enough or had some problems relative to > > Reiser. > > I'm using ext3 anywhere i can get to it. At home i have my vserver > running > on ext3, but i dont do unification. At work i have trouble with a > reiserfs > filesystem, but not my ext3 filesystems. Work is not yet running in a > vserver. hmm, never had reiserfs problems. I think both are fine, depends what you wanna do. reiserfs is probably better for - huge directories (many entries) - filesystems with many many files - it just won't run out of inodes, which is one of the main advantages for me - disk space efficience (saves a noteable amount of disk space) - ok, not a big point these days. ext3 is - back and forward compatible with ext2 - has journaling even for file data, not only fs-metadata [..3ware..] > Yeah, i like them as well, though i would like to have their hotswap hd > cases as well. We do hotswap on 3ware with common IDE Mobile Racks/Cases - no problems so far. Note that you need only ATA66 specified cases since the 3ware (at least the 6xxx series) only do ATA66. Tom From vserver.error@solucorp.qc.ca Fri May 10 07:45:18 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4ABjHaC015179; Fri, 10 May 2002 07:45:17 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4ABUbo09832 for vserver.list; Fri, 10 May 2002 07:30:37 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from john-new (host213-122-145-202.in-addr.btopenworld.com [213.122.145.202]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4ABUZh09825 for ; Fri, 10 May 2002 07:30:36 -0400 Received: from 192.168.0.1 by john-new ([192.168.0.1] running VPOP3) with SMTP for ; Fri, 10 May 2002 12:30:23 +0100 From: "John Lyons" To: Subject: RE: [vserver] apache security / Cookbook Vservers / vserver system usage Date: Fri, 10 May 2002 12:30:22 +0100 Message-ID: <013601c1f816$12e597d0$0100a8c0@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal In-Reply-To: X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: O X-Status: X-Keywords: X-UID: 593 > Thank you very much for all of the details... so just so I'm clear, > basically the only problem you had with ext3 was that you accidentally > recompiled a kernel that didn't support it and so you lost > support once you rebooted that machine? Yes, Ext3 was running fine on the vserver machines until I buggered it up :-) > Have you used ext3 or ReiserFS specifically on machines with vserver > patches applied to the kernel? Have the immutability and unification > features worked for you even with the latest ctx10 2.4.18 patches? I need to go an rebuild the RH installation on both vserver hosts we were running ctx-8. A fresh start with Ext3 and ctx-10 is probably in order as I don't think I can get back to ext3 from 2 without starting from scratch. Regards John Lyons DomainCity http://www.domaincity.co.uk support@domaincity.co.uk ICQ 74187012 *********************************************************************** Please quote your account number in the subject line of all emails. Failure to do so may result in your enquiries taking longer to process. *********************************************************************** From vserver.error@solucorp.qc.ca Fri May 10 09:57:31 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4ADvUaC016307; Fri, 10 May 2002 09:57:31 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4ADlMb13318 for vserver.list; Fri, 10 May 2002 09:47:22 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtp017.mail.yahoo.com (smtp017.mail.yahoo.com [216.136.174.114]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g4ADlLh13313 for ; Fri, 10 May 2002 09:47:22 -0400 Received: from dsl-65-189-35-237.telocity.com (HELO PremiumFood) (peterkwanchan@65.189.35.237 with login) by smtp.mail.vip.sc5.yahoo.com with SMTP; 10 May 2002 13:47:22 -0000 From: "Peter Kwan Chan" To: Subject: RE: [vserver] Problem: "Cannot assign requested address", Bind, webmin, and others Date: Fri, 10 May 2002 08:47:15 -0500 Message-ID: <000701c1f829$3281cec0$ed23bd41@PremiumFood> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 In-Reply-To: <20020508151216.F25124@4t2.com> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: O X-Status: X-Keywords: X-UID: 594 Thanks for your help. I have the name server and webmin issue resolved. However, I still can't figure out why it says "Cannot assign requested address". I check the IP root to make sure it is the correct one. Every service also starts up fine, and I am able to connect to them through the IP. (HTTP, FTP, webmin, SSH). This is not really a problem currently, but I am just concerned that such a message is showing up. Thanks, Peter -----Original Message----- From: Thomas Weber [mailto:x@4t2.com] Sent: Wednesday, May 08, 2002 8:12 AM To: vserver@solucorp.qc.ca Subject: Re: [vserver] Problem: "Cannot assign requested address", Bind, webmin, and others On Tue, May 07, 2002 at 10:47:28PM -0500, Peter Kwan Chan wrote: > > -Even though I have Bind running in the root server, the domain names in > the child servers are not resolved. For example, ping redhat.com returns > with host not found(or something like that). I remember on the old > server the bind in the root server resolves the names for the child > servers(?). Even after installing and starting bind in the child server, > the names are still unresolved. check the /etc/resolv.conf in your vserver. there should be an entry nameserver IP-Adress with the IP of your main server - or any other box running a well configured bind. > -Also, when I start a vserver or enter it, I am getting the message, > > SIOCSIFBRDADDR: Cannot assign requested address > SIOCSIFFLAGS: Cannot assign requested address check for correct settings of IPROOT= in your /etc/vservers/*.conf and make sure you've got an Interface configured for this IP on your hosting server. > -In addition, webmin doesn't seem to work. It used to work fine on the > old server (in a vserver). But now it doesn't run, and during startup, > the message. (I am still working on this, maybe this isn't > vserver-related) probably related to the above. Tom From vserver.error@solucorp.qc.ca Fri May 10 11:29:52 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4AFTqaC017072; Fri, 10 May 2002 11:29:52 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4AFA6S15671 for vserver.list; Fri, 10 May 2002 11:10:06 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4AFA6h15667 for ; Fri, 10 May 2002 11:10:06 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 176C22-00033Q-00 for ; Fri, 10 May 2002 17:10:06 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 176C22-00033F-00 for ; Fri, 10 May 2002 17:10:06 +0200 Sender: jon@silicide.dk Message-ID: <3CDBE2CE.187EE33C@silicide.dk> Date: Fri, 10 May 2002 17:10:06 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: vserver on NFS (was Re: [vserver] Cookbook Vservers References: <3CDA245E.EF391BE7@silicide.dk> <1020980772.26116.8.camel@ganymede> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: vserver@solucorp.qc.ca Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: O X-Status: X-Keywords: X-UID: 595 Fran Firman wrote: > > Performance on our system seems fine. > > Thou I do shift /tmp to the local harddrive. > > for a time dd if=/dev/zero of=blah bs=1k count=100k > > (create a 100 MByte file takes) > > On the nfs array = 21.66s > > On the local HD = 15.4s 100% = 15.4 1% = 0.154 140.64935% = 21.66seconds not that bad, but not good enough. This is one big file, depending on the service type, you have lots of small files, or has to do pretty random access. I would asume the startup overhead of getting the first few bytes over NFS is much higher than from the disk. But perhaps the added benefit of a single backup place and the ease of moving a vserver to another host makes running vservers on NFS the best solution. It has made me rethink an old idea I had myself. My idea was to create bootable cd images useable for turning any linux installation into a vserver, to try it out. Possibly this could be coupled with your idea, so one could get a really fast deployment. JonB From vserver.error@solucorp.qc.ca Fri May 10 11:54:38 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4AFsbaC017290; Fri, 10 May 2002 11:54:37 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4AFVjv16381 for vserver.list; Fri, 10 May 2002 11:31:45 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4AFVih16377 for ; Fri, 10 May 2002 11:31:45 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 176CMz-000346-00 for ; Fri, 10 May 2002 17:31:45 +0200 Received: from localhost ([127.0.0.1]) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 176CMz-00033w-00 for ; Fri, 10 May 2002 17:31:45 +0200 Delivered-To: silicide_dk-jon+vserver@silicide.dk Received: from mail.dht.dk [194.239.148.46] by localhost with POP3 (fetchmail-5.9.0) for jon+vserver@silicide.dk (multi-drop); Fri, 10 May 2002 17:31:45 +0200 (CEST) Received: (qmail 56215 invoked from network); 10 May 2002 15:29:54 -0000 Received: from dns.solucorp.qc.ca (207.253.4.241) by 194.239.148.46 with SMTP; 10 May 2002 15:29:54 -0000 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4AFA6S15671 for vserver.list; Fri, 10 May 2002 11:10:06 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4AFA6h15667 for ; Fri, 10 May 2002 11:10:06 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 176C22-00033Q-00 for ; Fri, 10 May 2002 17:10:06 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 176C22-00033F-00 for ; Fri, 10 May 2002 17:10:06 +0200 Sender: jon@silicide.dk Message-ID: <3CDBE2CE.187EE33C@silicide.dk> Date: Fri, 10 May 2002 17:10:06 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: vserver on NFS (was Re: [vserver] Cookbook Vservers References: <3CDA245E.EF391BE7@silicide.dk> <1020980772.26116.8.camel@ganymede> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: jon+vserver@silicide.dk Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: O X-Status: X-Keywords: X-UID: 596 Fran Firman wrote: > > Performance on our system seems fine. > > Thou I do shift /tmp to the local harddrive. > > for a time dd if=/dev/zero of=blah bs=1k count=100k > > (create a 100 MByte file takes) > > On the nfs array = 21.66s > > On the local HD = 15.4s 100% = 15.4 1% = 0.154 140.64935% = 21.66seconds not that bad, but not good enough. This is one big file, depending on the service type, you have lots of small files, or has to do pretty random access. I would asume the startup overhead of getting the first few bytes over NFS is much higher than from the disk. But perhaps the added benefit of a single backup place and the ease of moving a vserver to another host makes running vservers on NFS the best solution. It has made me rethink an old idea I had myself. My idea was to create bootable cd images useable for turning any linux installation into a vserver, to try it out. Possibly this could be coupled with your idea, so one could get a really fast deployment. JonB From vserver.error@solucorp.qc.ca Fri May 10 14:03:17 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4AI3GaC018108; Fri, 10 May 2002 14:03:16 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4AHnL920521 for vserver.list; Fri, 10 May 2002 13:49:21 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from domino-2.prominic.com (s2-f1-gb.prominic.com [63.254.227.1]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4AHnKh20517 for ; Fri, 10 May 2002 13:49:21 -0400 Subject: [vserver] SIOCS... errors - any ideas? To: vserver@solucorp.qc.ca X-Mailer: Lotus Notes Release 5.0.8 June 18, 2001 Message-ID: From: "Justin M Kuntz" Date: Fri, 10 May 2002 12:52:03 -0500 X-MIMETrack: Serialize by Router on domino-2.prominic.com/Prominic(Release 5.0.8 |June 18, 2001) at 05/10/2002 12:49:22 PM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-99.9 required=5.0 tests=SUBJ_ENDS_IN_Q_MARK,A_FROM_IN_AUTO_WLIST version=2.01 Status: O X-Status: X-Keywords: X-UID: 597 Hello, I'm having the following errors - does anyone know how to fix them? I'm running a fresh install of Red Hat 7.2 base with ext3 on all filesystems. I have 2.4.18-ctx10 kernel that I built because I needed to include 3ware and ext3 support. Thanks! Justin [root@linux-4 opt]# cat /proc/version Linux version 2.4.18ctx-10 (root@linux-4.prominic.com) (gcc version 2.96 20000731 (Red Hat Linux 7.1 2.96-98)) #4 SMP Wed May 8 22:12:58 EGST 2002 [root@linux-4 opt]# /usr/sbin/vserver 0001 start Starting the virtual server 0001 Server 0001 is not running SIOCSIFADDR: File exists SIOCSIFFLAGS: Cannot assign requested address SIOCSIFNETMASK: Cannot assign requested address SIOCSIFBRDADDR: Cannot assign requested address SIOCSIFFLAGS: Cannot assign requested address ipv4root is now 172.16.128.100 Host name is now jmk1.prominic.com Domain name is now prominic.com New security context is 11 Can't chroot to directory . (Permission denied) [root@linux-4 opt]# ifconfig -a eth0 Link encap:Ethernet HWaddr 00:04:76:21:5A:42 inet addr:172.16.128.99 Bcast:172.16.255.255 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:45120 errors:0 dropped:0 overruns:0 frame:0 TX packets:12158 errors:0 dropped:0 overruns:0 carrier:0 collisions:107 txqueuelen:100 RX bytes:11119397 (10.6 Mb) TX bytes:2259431 (2.1 Mb) Interrupt:11 Base address:0xb400 eth0:0 Link encap:Ethernet HWaddr 00:04:76:21:5A:42 inet addr:172.16.128.100 Bcast:172.16.255.255 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Base address:0xb400 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:4925 errors:0 dropped:0 overruns:0 frame:0 TX packets:4925 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1225344 (1.1 Mb) TX bytes:1225344 (1.1 Mb) [root@linux-4 opt]# cat /etc/vservers/0001.conf # Description: Vserver #0001 # Select an unused context (this is optional) # The default is to allocate a free context on the fly # In general you don't need to force a context #S_CONTEXT= # Select the IP number assigned to the virtual server # This IP must be one IP of the server, either an interface # or an IP alias IPROOT=172.16.128.100 # You can define on which device the IP alias will be done # The IP alias will be set when the server is started and unset # when the server is stopped # The netmask and broadcast are computed by default from IPROOTDEV #IPROOTMASK= #IPROOTBCAST= IPROOTDEV=eth0 # Uncomment the onboot line if you want to enable this # virtual server at boot time ONBOOT=yes # You can set a different host name for the vserver # If empty, the host name of the main server is used S_HOSTNAME=jmk1.prominic.com # You can set a different NIS domain for the vserver # If empty, the current on is kept # Set it to "none" to have no NIS domain set S_DOMAINNAME=prominic.com # You can set the priority level (nice) of all process in the vserver # Even root won't be able to raise it S_NICE= # You can set various flags for the new security context # lock: Prevent the vserver from setting new security context # sched: Merge scheduler priority of all processes in the vserver # so that it acts a like a single one. # nproc: Limit the number of processes in the vserver according to ulimit # (instead of a per user limit, this becomes a per vserver limit) # private: No other process can join this security context. Even root # Do not forget the quotes around the flags S_FLAGS="lock nproc" # You can set various ulimit flags and they will be inherited by the # vserver. You enter here various command line argument of ulimit # ULIMIT="-H -u 200" # The example above, combined with the nproc S_FLAGS will limit the # vserver to a maximum of 200 processes ULIMIT="-H -u 1000" # You can set various capabilities. By default, the vserver are run # with a limited set, so you can let root run in a vserver and not # worry about it. He can\'t take over the machine. In some cases # you can to give a little more capabilities \(such as CAP_NET_RAW\) # S_CAPS="CAP_NET_RAW" S_CAPS="" [root@linux-4 opt]# From vserver.error@solucorp.qc.ca Fri May 10 15:14:16 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4AJEFaC018718; Fri, 10 May 2002 15:14:16 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4AJ12x22682 for vserver.list; Fri, 10 May 2002 15:01:02 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from force.4t2.com (force.4t2.com [195.230.37.100]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4AJ12h22678 for ; Fri, 10 May 2002 15:01:02 -0400 Received: from pandemonium.abyss.4t2.com ([192.168.1.10]:17677 "EHLO pandemonium.abyss.4t2.com") by force.4t2.com with ESMTP id ; Fri, 10 May 2002 21:00:51 +0200 Received: (x@pandemonium.abyss.4t2.com) by pandemonium.abyss.4t2.com id ; Fri, 10 May 2002 21:00:46 +0200 Date: Fri, 10 May 2002 21:00:45 +0200 From: Thomas Weber To: vserver@solucorp.qc.ca Subject: Re: [vserver] SIOCS... errors - any ideas? Message-ID: <20020510210045.N25124@4t2.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: ; from jkuntz@prominic.com on Fri, May 10, 2002 at 12:52:03PM -0500 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-101.9 required=5.0 tests=IN_REP_TO,SUBJ_ENDS_IN_Q_MARK,A_FROM_IN_AUTO_WLIST version=2.01 Status: O X-Status: X-Keywords: X-UID: 598 On Fri, May 10, 2002 at 12:52:03PM -0500, Justin M Kuntz wrote: > [root@linux-4 opt]# cat /proc/version > Linux version 2.4.18ctx-10 (root@linux-4.prominic.com) (gcc version 2.96 > 20000731 (Red Hat Linux 7.1 2.96-98)) #4 SMP Wed May 8 22:12:58 EGST 2002 > [root@linux-4 opt]# /usr/sbin/vserver 0001 start > Starting the virtual server 0001 > Server 0001 is not running > SIOCSIFADDR: File exists > SIOCSIFFLAGS: Cannot assign requested address > SIOCSIFNETMASK: Cannot assign requested address > SIOCSIFBRDADDR: Cannot assign requested address > SIOCSIFFLAGS: Cannot assign requested address > ipv4root is now 172.16.128.100 > Host name is now jmk1.prominic.com > Domain name is now prominic.com > New security context is 11 > Can't chroot to directory . (Permission denied) > [root@linux-4 opt]# ifconfig -a > eth0 Link encap:Ethernet HWaddr 00:04:76:21:5A:42 > inet addr:172.16.128.99 Bcast:172.16.255.255 Mask:255.255.0.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:45120 errors:0 dropped:0 overruns:0 frame:0 > TX packets:12158 errors:0 dropped:0 overruns:0 carrier:0 > collisions:107 txqueuelen:100 > RX bytes:11119397 (10.6 Mb) TX bytes:2259431 (2.1 Mb) > Interrupt:11 Base address:0xb400 > > eth0:0 Link encap:Ethernet HWaddr 00:04:76:21:5A:42 > inet addr:172.16.128.100 Bcast:172.16.255.255 Mask:255.255.0.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > Interrupt:11 Base address:0xb400 > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > UP LOOPBACK RUNNING MTU:16436 Metric:1 > RX packets:4925 errors:0 dropped:0 overruns:0 frame:0 > TX packets:4925 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:1225344 (1.1 Mb) TX bytes:1225344 (1.1 Mb) > > [root@linux-4 opt]# cat /etc/vservers/0001.conf > # Description: Vserver #0001 > > # Select an unused context (this is optional) > # The default is to allocate a free context on the fly > # In general you don't need to force a context > #S_CONTEXT= > # Select the IP number assigned to the virtual server > # This IP must be one IP of the server, either an interface > # or an IP alias > IPROOT=172.16.128.100 > # You can define on which device the IP alias will be done > # The IP alias will be set when the server is started and unset > # when the server is stopped > # The netmask and broadcast are computed by default from IPROOTDEV > #IPROOTMASK= > #IPROOTBCAST= > IPROOTDEV=eth0 As I understand it: If you have the IP Aliases already defined you won't need the IPROOTDEV line. Comment it out. If you use IPROOTDEV and IPROOT, vserver tries to asign an alias of ${IPROOT} to ${IPROOTDEV} - in your case it fails to do so because it already exists. Tom From vserver.error@solucorp.qc.ca Fri May 10 15:34:02 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4AJY1aC018898; Fri, 10 May 2002 15:34:02 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4AJHWJ23089 for vserver.list; Fri, 10 May 2002 15:17:32 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from monserveur.net ([205.151.16.128]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4AJHWh23085 for ; Fri, 10 May 2002 15:17:32 -0400 Received: from [205.151.16.4] (helo=jvandal) by monserveur.net with asmtp (Exim 3.35 #9) id 176Fzc-0003d1-00 for vserver@solucorp.qc.ca; Fri, 10 May 2002 15:23:52 -0400 Message-ID: <00c801c1f857$75cae940$1400010a@infoteck.ca> From: "Joel Vandal" To: References: Subject: Re: [vserver] SIOCS... errors - any ideas? Date: Fri, 10 May 2002 15:18:26 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.1 required=5.0 tests=SUBJ_ENDS_IN_Q_MARK version=2.01 Status: O X-Status: X-Keywords: X-UID: 599 > Starting the virtual server 0001 > Server 0001 is not running > SIOCSIFADDR: File exists > SIOCSIFFLAGS: Cannot assign requested address > SIOCSIFNETMASK: Cannot assign requested address > SIOCSIFBRDADDR: Cannot assign requested address > SIOCSIFFLAGS: Cannot assign requested address If I'm not wrong, vservers will automatically create the interface. To remove it, try: " ifconfig eth0:0 down " and restart vservers. > Can't chroot to directory . (Permission denied) I've solve this problem using: chmod 000 /vservers chmod 644 /vservers/0001 -- Joel Vandal From vserver.error@solucorp.qc.ca Fri May 10 15:35:55 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4AJZsaC018930; Fri, 10 May 2002 15:35:55 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4AJNJB23219 for vserver.list; Fri, 10 May 2002 15:23:19 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from merlin.zolotek.net (bts-0640.dialup.zetnet.co.uk [194.247.50.128]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g4AJNHh23215 for ; Fri, 10 May 2002 15:23:17 -0400 Resent-Date: Fri, 10 May 2002 15:23:17 -0400 Resent-Message-Id: <200205101923.g4AJNHh23215@dns.solucorp.qc.ca> Received: from bts-0640.dialup.zetnet.co.uk (merlin.zolotek.net [127.0.0.1]) by merlin.zolotek.net (Weasel v1.20) for ; 10 May 2002 20:23:17 From: "Lyn St George" Resent-From: "Lyn St George" To: "vserver@solucorp.qc.ca" X-Original-To: "Christian" Date: Fri, 10 May 2002 18:30:55 +0000 Priority: Normal X-Mailer: PMMail 1.96a For OS/2 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Subject: [vserver] Re: vserver - did your patch ever get finished? Message-ID: <200205102023.00000029@merlin.zolotek.net> Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.1 required=5.0 tests=SUBJ_ENDS_IN_Q_MARK version=2.01 Status: O X-Status: X-Keywords: X-UID: 600 On Thu, 9 May 2002 19:01:16 +0200, Christian wrote: >On Wed, 8 May 2002 23:19:43 -0500 >"Justin M Kuntz" wrote: > >> http://vserver.vlad.net/list/0269.html >> >> From that message, you indicated some financial incentive might help the >> patch along. I don't have a ton to spend, but can you give me an idea >> of how much and a timeframe you'd need to get it done and _merged_ with >> Jack's code? >> > >a few days ago "Lyn St George" asked me about the patch >and wanted to work further on it. I send him my old code. I would still >work on it, but its low on priority to me. I have no 'testing-machine' >available and don't need the patch for my use at this time. So i would >need the money to buy an second-hand test machine and some refound for the >actual work lets guess $500 or so. Maybe chances are good that Lyn >implements it or his own use or we can work cooperative on that. The patch >itself isn't really hard work but maintaining and proprosing it for >inclusion in the main tree might be some annoyina task *G*. I still >wondered that no programmer who works for an isp already adopted the idea >and maintains it further. I will get onto this and start work ASAP, but it's really just a matter of finding the time :/ For my own purposes - ie, webhosting - I consider this principle of multiple IPs within a VS to be essential, even if only for an option. While one excellent use of VS is to put each user inside his own isolated sandbox, another good use is to put many users inside the one VS - if those users are to have SSL, SSH, or FTP, then each user must have a unique IP. I still haven't had the time to even install the VS stuff on a local test box, but will soon ..... >Greetings Christian > >> Thanks! >> >> Justin Kuntz >> http://www.Prominic.NET >> Phone: 217-356-2888 x 101 | Fax: 356-3356 | Pager: 888-241-0647 >> Internet: jkuntz@prominic.com | NotesNet: Justin Kuntz@Prominic@Notes >> Net"In the middle of difficulty lies opportunity." -- Albert Einstein >> >> > - Cheers Lyn St George +--------------------------------------------------------------------------------- + http://www.zolotek.net .. eCommerce hosting, consulting + http://www.os2docs.org .. some 'How To' stuff ... +---------------------------------------------------------------------------------- From vserver.error@solucorp.qc.ca Fri May 10 15:41:19 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4AJfIaC018993; Fri, 10 May 2002 15:41:19 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4AJLBY23177 for vserver.list; Fri, 10 May 2002 15:21:11 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4AJLBh23173 for ; Fri, 10 May 2002 15:21:11 -0400 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id 5A898108D for ; Fri, 10 May 2002 21:22:30 +0200 (CEST) Subject: RE: [vserver] apache security / Cookbook Vservers / vserver system usage From: klavs klavsen To: vserver@solucorp.qc.ca In-Reply-To: <013601c1f816$12e597d0$0100a8c0@johnnew> References: <013601c1f816$12e597d0$0100a8c0@johnnew> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-Btx/gBiX5221R1JNlJo4" X-Mailer: Ximian Evolution 1.0.3 Date: 10 May 2002 21:21:04 +0200 Message-Id: <1021058465.2719.65.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-101.0 required=5.0 tests=IN_REP_TO,SUBJ_HAS_SPACES,A_FROM_IN_AUTO_WLIST version=2.01 Status: O X-Status: X-Keywords: X-UID: 601 --=-Btx/gBiX5221R1JNlJo4 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Fri, 2002-05-10 at 13:30, John Lyons wrote: >=20 > I need to go an rebuild the RH installation on both vserver hosts we were > running ctx-8. A fresh start with Ext3 and ctx-10 is probably in order as= I > don't think I can get back to ext3 from 2 without starting from scratch. >=20 Why shouldn't you be able to do that? Just boot on the new ext3-enabled ker= nel and it should work 100%. If it for some reason barfs about it having been run as ext2 for a while (can't see why it should), you can convert it to and from ext3 without having to umount anything - see http://people.spoiled.org/jha/ext3-faq.html. =20 --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - Open Source Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-Btx/gBiX5221R1JNlJo4 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA83B2g4c1kHlhtW8oRAomXAJ4ug90rJ4aIYRaLUUIkquxV9p9uyACfdduN lJ01OEecG8VETjTi3aE1vXI= =oAPh -----END PGP SIGNATURE----- --=-Btx/gBiX5221R1JNlJo4-- From vserver.error@solucorp.qc.ca Fri May 10 15:57:44 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4AJvhaC019127; Fri, 10 May 2002 15:57:43 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4AJeeg23760 for vserver.list; Fri, 10 May 2002 15:40:40 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from taz.eijk.nu (node-d-0565.a2000.nl [62.195.5.101]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4AJebh23755 for ; Fri, 10 May 2002 15:40:37 -0400 Received: from eijk.nu (localhost.localdomain [127.0.0.1]) by taz.eijk.nu (8.12.1/linuxconf) with ESMTP id g4AJd8lA007133 for ; Fri, 10 May 2002 21:39:09 +0200 Message-ID: <3CDC21DC.4040601@eijk.nu> Date: Fri, 10 May 2002 21:39:08 +0200 From: Stefan van der Eijk User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0rc1) Gecko/00200203 X-Accept-Language: en-us, en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] GR security & CTX References: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-99.3 required=5.0 tests=SUPERLONG_LINE,A_FROM_IN_AUTO_WLIST version=2.01 Status: O X-Status: X-Keywords: X-UID: 602 James, >On Tue, 7 May 2002, Stefan van der Eijk wrote: > > >>Yesterday's error seems to be gone (I did some tweaking in the patch, >>the patch was attached to my post yesterday), but a new one has come up: >> >>/usr/bin/gcc-3.0.4 -D__KERNEL__ -I/home/cooker/RPM/BUILD/linux/include -Wall -Wstrict-prototypes -Wno-trigraphs -O2 -fno-strict-aliasing -fno-common -fomit-frame-pointer -pipe -mpreferred-stack-boundary=2 -march=i586 -DMODULE -DMODVERSIONS -include /home/cooker/RPM/BUILD/linux/include/linux/modversions.h -nostdinc -I /usr/lib/gcc-lib/i586-mandrake-linux-gnu/3.0.4/include -DKBUILD_BASENAME=inode -c -o inode.o inode.c >>inode.c: In function `reiserfs_new_inode': >>inode.c:1528: `EXT2_IMMUTABLE_FL' undeclared (first use in this function) >>inode.c:1528: (Each undeclared identifier is reported only once >>inode.c:1528: for each function it appears in.) >>inode.c:1590: `S_IMMUTABLE' undeclared (first use in this function) >>inode.c: In function `sd_attrs_to_i_attrs': >>inode.c:2127: `EXT2_IMMUTABLE_FL' undeclared (first use in this function) >>inode.c:2128: `S_IMMUTABLE' undeclared (first use in this function) >>inode.c: In function `i_attrs_to_sd_attrs': >>inode.c:2145: `S_IMMUTABLE' undeclared (first use in this function) >>inode.c:2146: `EXT2_IMMUTABLE_FL' undeclared (first use in this function) >>make[2]: *** [inode.o] Error 1 >>make[2]: Leaving directory `/home/cooker/RPM/BUILD/linux/fs/reiserfs' >>make[1]: *** [_modsubdir_reiserfs] Error 2 >>make[1]: Leaving directory `/home/cooker/RPM/BUILD/linux/fs' >>make: *** [_mod_fs] Error 2 >>error: Bad exit status from /home/cooker/tmp/rpm-tmp.46847 (%build) >> >> > >These look like the changes to the DEFINES that are in the 2.4.19-pre >kernels where EXT2_IMMUTABLE_FL becomes EXT2_IMMUTABLE_FILE_FL and >EXT2_IMMUTABLE_LINK_FL depending ? Dido for S_IMMUTABLE to >S_IMMUTABLE_{FILE|LINK}. Look in include/linux/fs.h for them. > Disclaimer: I've got no programming skills, and am doing this by trying to think logically... The thing that puzzles me is that this is happening in the reiserfs directory, which isn't touched by the ctx patch. Does this mean that if reiserfs (and the other filessytems that might bork after this one is fixed) need to be patched in order to cope with the changes that are made against include/linux/fs.h ? Stefan From vserver.error@solucorp.qc.ca Fri May 10 17:47:42 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4ALlgaC020051; Fri, 10 May 2002 17:47:42 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4ALS1b26917 for vserver.list; Fri, 10 May 2002 17:28:01 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from domino-2.prominic.com (s2-f1-gb.prominic.com [63.254.227.1]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4ALS0h26912 for ; Fri, 10 May 2002 17:28:01 -0400 Subject: Re: [vserver] SIOCS... errors - any ideas? To: vserver@solucorp.qc.ca X-Mailer: Lotus Notes Release 5.0.8 June 18, 2001 Message-ID: From: "Justin M Kuntz" Date: Fri, 10 May 2002 16:30:46 -0500 X-MIMETrack: Serialize by Router on domino-2.prominic.com/Prominic(Release 5.0.8 |June 18, 2001) at 05/10/2002 04:28:02 PM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-99.9 required=5.0 tests=SUBJ_ENDS_IN_Q_MARK,A_FROM_IN_AUTO_WLIST version=2.01 Status: O X-Status: X-Keywords: X-UID: 603 Joel -- Thank you for your advice below. You are right, vservers do create the ipalias when they are started. I've followed the two steps you suggested below and now here is what happens: Do you have any idea what I need to do next to get it working? I mean the message "Server 0001 is not running" is showing up both after the start command and after the enter command, so I'm assuming something is still wrong. Thanks! Justin [root@linux-4 opt]# /usr/sbin/vserver 0001 start Starting the virtual server 0001 Server 0001 is not running ipv4root is now 172.16.128.100 Host name is now jmk1.prominic.com Domain name is now prominic.com New security context is 16 [root@linux-4 opt]# /usr/sbin/vserver 0001 enter Server 0001 is not running ipv4root is now 172.16.128.100 Host name is now jmk1.prominic.com Domain name is now prominic.com New security context is 17 [root@jmk1 /]# "Joel Vandal" rveur.net> cc: Fax to: 05/10/2002 Subject: Re: [vserver] SIOCS... errors - any ideas? 02:18 PM Please respond to vserver > Starting the virtual server 0001 > Server 0001 is not running > SIOCSIFADDR: File exists > SIOCSIFFLAGS: Cannot assign requested address > SIOCSIFNETMASK: Cannot assign requested address > SIOCSIFBRDADDR: Cannot assign requested address > SIOCSIFFLAGS: Cannot assign requested address If I'm not wrong, vservers will automatically create the interface. To remove it, try: " ifconfig eth0:0 down " and restart vservers. > Can't chroot to directory . (Permission denied) I've solve this problem using: chmod 000 /vservers chmod 644 /vservers/0001 -- Joel Vandal From vserver.error@solucorp.qc.ca Sat May 11 05:23:46 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4B9NjaC025484; Sat, 11 May 2002 05:23:46 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4B8PWT09886 for vserver.list; Sat, 11 May 2002 04:25:32 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from prserv.net (out1.prserv.net [32.97.166.31]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4B8PVh09882 for ; Sat, 11 May 2002 04:25:31 -0400 Received: from slip139-92-140-235.dub.ie.prserv.net ([139.92.140.235]) by prserv.net (out1) with SMTP id <2002051108252320102tp86ce>; Sat, 11 May 2002 08:25:24 +0000 Subject: Re: [vserver] rsh between virtual server From: Lew Teck Kheng To: vserver@solucorp.qc.ca In-Reply-To: <3CDB7CF1.ECAA80E8@silicide.dk> References: <1020972491.12666.1.camel@maximus> <3CDB7CF1.ECAA80E8@silicide.dk> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.3.99 Date: 11 May 2002 09:25:04 +0100 Message-Id: <1021105508.1307.4.camel@maximus> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-101.2 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST,KNOWN_BAD_DIALUPS version=2.01 Status: O X-Status: X-Keywords: X-UID: 604 hi all : Thank for the reply. I managed to solved the problem. To rsh as root , you need to comment out two line in the PAM rsh configuration. Cheers On Fri, 2002-05-10 at 08:55, Jon Bendtsen wrote: > Lew Teck Kheng wrote: > > > > hi all : > > > > After being thru reading the redhat user guide about rsh service , i > > still not able to rsh between virtual server. I alway get "Permission > > Denied". > > Not knowing much (anything?) about rsh, since i use ssh, but but but > Do all your vservers share the same ip ?? > Did you allow rsh connections from the ip in question. Did you consider > that 127.0.0.1 might be the ip they are connecting from ? > > > > JonB > > > -- ======================================================================== Lew Teck Kheng System Engineer Asia LMN System Engineering (Malaysia) (+603) 7725 6890 www.logica.com "Logica Make MMS Real Person to Person MMS demonstrated live using devices from 8 manufacturers on the Orange France GPRS Network at the 3 GSM World Congress in Cannes." ======================================================================== From vserver.error@solucorp.qc.ca Sat May 11 12:03:27 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4BG3RaC027484; Sat, 11 May 2002 12:03:27 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4BFk3r18642 for vserver.list; Sat, 11 May 2002 11:46:03 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail.trekia.se (stratos.trekia.se [212.105.83.242]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4BFjth18636 for ; Sat, 11 May 2002 11:46:01 -0400 Received: from localhost (jonas@localhost) by mail.trekia.se (8.11.1/8.11.1) with ESMTP id g4BFjnw21541 for ; Sat, 11 May 2002 17:45:49 +0200 X-Authentication-Warning: stratos.trekia.se: jonas owned process doing -bs Date: Sat, 11 May 2002 17:45:49 +0200 (CEST) From: jonasb@hem.passagen.se X-X-Sender: jonas@stratos To: vserver@solucorp.qc.ca Subject: [vserver] MOSIX In-Reply-To: <1021105508.1307.4.camel@maximus> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-0.8 required=5.0 tests=IN_REP_TO,NO_REAL_NAME version=2.01 Status: O X-Status: X-Keywords: X-UID: 605 Has anyone tried to run MOSIX + vserver? htp://www.mosix.org/ http://openmosix.sourceforge.net/ From vserver.error@solucorp.qc.ca Sat May 11 14:12:18 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4BICIoN028504; Sat, 11 May 2002 14:12:18 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4BHwgg21438 for vserver.list; Sat, 11 May 2002 13:58:42 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtp015.mail.yahoo.com (smtp015.mail.yahoo.com [216.136.173.59]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g4BHwfh21434 for ; Sat, 11 May 2002 13:58:42 -0400 Received: from dsl-65-189-35-237.telocity.com (HELO PremiumFood) (peterkwanchan@65.189.35.237 with login) by smtp.mail.vip.sc5.yahoo.com with SMTP; 11 May 2002 17:58:41 -0000 From: "Peter Kwan Chan" To: Subject: [vserver] iptables? Date: Sat, 11 May 2002 12:58:38 -0500 Message-ID: <000901c1f915$7ab27630$ed23bd41@PremiumFood> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 Importance: Normal In-Reply-To: <3CD5A1C8.2060406@eijk.nu> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-101.9 required=5.0 tests=IN_REP_TO,SUBJ_ENDS_IN_Q_MARK,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 606 Does vserver supports iptables manipulation inside a vserver? I tried but it gave me a permission denied message. If it doesn't support iptables currently, would this be a possibility? Thanks, Peter From vserver.error@solucorp.qc.ca Sat May 11 14:17:09 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4BIH9oN028527; Sat, 11 May 2002 14:17:09 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4BHvbD21420 for vserver.list; Sat, 11 May 2002 13:57:37 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtp012.mail.yahoo.com (smtp012.mail.yahoo.com [216.136.173.32]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g4BHvbh21413 for ; Sat, 11 May 2002 13:57:37 -0400 Received: from dsl-65-189-35-237.telocity.com (HELO PremiumFood) (peterkwanchan@65.189.35.237 with login) by smtp.mail.vip.sc5.yahoo.com with SMTP; 11 May 2002 17:57:36 -0000 From: "Peter Kwan Chan" To: Subject: RE: [vserver] Problem: "Cannot assign requested address", Bind, webmin, and others Date: Sat, 11 May 2002 12:57:33 -0500 Message-ID: <000801c1f915$5410c860$ed23bd41@PremiumFood> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 Importance: Normal In-Reply-To: <000701c1f829$3281cec0$ed23bd41@PremiumFood> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 607 Following the advice of another message, I have figured why the error message came up. Because I already had IP alias done in the root server, all I had to was to comment out the IPDEV line in the conf file, and the error disappear. Peter -----Original Message----- From: Peter Kwan Chan [mailto:peterkwanchan@yahoo.com] Sent: Friday, May 10, 2002 8:47 AM To: vserver@solucorp.qc.ca Subject: RE: [vserver] Problem: "Cannot assign requested address", Bind, webmin, and others Thanks for your help. I have the name server and webmin issue resolved. However, I still can't figure out why it says "Cannot assign requested address". I check the IP root to make sure it is the correct one. Every service also starts up fine, and I am able to connect to them through the IP. (HTTP, FTP, webmin, SSH). This is not really a problem currently, but I am just concerned that such a message is showing up. Thanks, Peter -----Original Message----- From: Thomas Weber [mailto:x@4t2.com] Sent: Wednesday, May 08, 2002 8:12 AM To: vserver@solucorp.qc.ca Subject: Re: [vserver] Problem: "Cannot assign requested address", Bind, webmin, and others On Tue, May 07, 2002 at 10:47:28PM -0500, Peter Kwan Chan wrote: > > -Even though I have Bind running in the root server, the domain names in > the child servers are not resolved. For example, ping redhat.com returns > with host not found(or something like that). I remember on the old > server the bind in the root server resolves the names for the child > servers(?). Even after installing and starting bind in the child server, > the names are still unresolved. check the /etc/resolv.conf in your vserver. there should be an entry nameserver IP-Adress with the IP of your main server - or any other box running a well configured bind. > -Also, when I start a vserver or enter it, I am getting the message, > > SIOCSIFBRDADDR: Cannot assign requested address > SIOCSIFFLAGS: Cannot assign requested address check for correct settings of IPROOT= in your /etc/vservers/*.conf and make sure you've got an Interface configured for this IP on your hosting server. > -In addition, webmin doesn't seem to work. It used to work fine on the > old server (in a vserver). But now it doesn't run, and during startup, > the message. (I am still working on this, maybe this isn't > vserver-related) probably related to the above. Tom From vserver.error@solucorp.qc.ca Sat May 11 17:25:25 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4BLPOoN029559; Sat, 11 May 2002 17:25:24 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4BL1Si25008 for vserver.list; Sat, 11 May 2002 17:01:28 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from domino-2.prominic.com (s2-f1-gb.prominic.com [63.254.227.1]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4BL1Sh25004 for ; Sat, 11 May 2002 17:01:28 -0400 Subject: [vserver] install-rh72 and update process To: vserver@solucorp.qc.ca X-Mailer: Lotus Notes Release 5.0.8 June 18, 2001 Message-ID: From: "Justin M Kuntz" Date: Sat, 11 May 2002 16:06:49 -0500 X-MIMETrack: Serialize by Router on domino-2.prominic.com/Prominic(Release 5.0.8 |June 18, 2001) at 05/11/2002 04:01:29 PM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 608 Hello, I've used the /usr/lib/vserver/install-rh7.2 script to install my first vserver. I notice when I do ps -ef inside the vserver, I see the "update" task is running: However, vps shows both the root sever and the vserver are now running update: root@linux-4 vservers]# vps -ef | grep -i update root 7 0 MAIN 0 0 20:02 ? 00:00:01 [kupdated] root 4091 8 rh72 3829 0 20:51 ? 00:00:00 update (sync) When I read the "man update" it makes it sound like it is bad to have more than one update running. Should I remove the update from the inittab in the rh72 base vserver? Thanks! Justin From vserver.error@solucorp.qc.ca Sat May 11 20:06:20 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4C06JoN030512; Sat, 11 May 2002 20:06:19 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4BNqgc28448 for vserver.list; Sat, 11 May 2002 19:52:42 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from john-new (host213-122-140-48.in-addr.btopenworld.com [213.122.140.48]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4BNqeh28444 for ; Sat, 11 May 2002 19:52:41 -0400 Received: from 213.122.140.48 by john-new ([213.122.140.48] running VPOP3) with SMTP for ; Sun, 12 May 2002 00:52:31 +0100 From: "John Lyons" To: Subject: RE: [vserver] apache security / Cookbook Vservers / vserver systemusage Date: Sun, 12 May 2002 00:52:30 +0100 Message-ID: <001e01c1f946$ea6b6be0$308c7ad5@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) Importance: Normal In-Reply-To: <1021058465.2719.65.camel@amd.vsen.dk> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 609 > Why shouldn't you be able to do that? Just boot on the new > ext3-enabled kernel and it should work 100%. I'm having all sorts of problems with this server. [root@svr9 root]# cat /proc/version Linux version 2.4.17ctx-8 (root@svr9) [root@svr9 boot]# ls -l total 1556 drwxr-xr-x 2 root root 4096 May 11 12:40 grub -rw-r--r-- 1 root root 405 Mar 6 01:29 kernel.h -rw-r--r-- 1 root root 13312 May 11 15:14 map lrwxrwxrwx 1 root root 23 May 11 13:35 System.map -> System.map-2.4.18ctx-10 -rw-r--r-- 1 root root 504426 May 11 13:35 System.map-2.4.18ctx-10 lrwxrwxrwx 1 root root 20 May 11 13:35 vmlinuz -> vmlinuz-2.4.18ctx-10 -rw-r--r-- 1 root root 1052007 May 11 13:35 vmlinuz-2.4.18ctx-10 According to grub I've only got one available kernel to boot from. From vserver.error@solucorp.qc.ca Sat May 11 20:15:11 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4C0FBoN030655; Sat, 11 May 2002 20:15:11 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4BNtvn28545 for vserver.list; Sat, 11 May 2002 19:55:57 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from john-new (host213-122-140-48.in-addr.btopenworld.com [213.122.140.48]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4BNtth28541 for ; Sat, 11 May 2002 19:55:56 -0400 Received: from 213.122.140.48 by john-new ([213.122.140.48] running VPOP3) with SMTP for ; Sun, 12 May 2002 00:55:48 +0100 From: "John Lyons" To: Subject: RE: [vserver] apache security / Cookbook Vservers / vserver systemusage Date: Sun, 12 May 2002 00:55:47 +0100 Message-ID: <001f01c1f947$5f6cbac0$308c7ad5@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) Importance: Normal In-Reply-To: <1021058465.2719.65.camel@amd.vsen.dk> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 610 > > > I need to go an rebuild the RH installation on both vserver > hosts we were > > running ctx-8. A fresh start with Ext3 and ctx-10 is > probably in order as I > > don't think I can get back to ext3 from 2 without starting > from scratch. > > > Why shouldn't you be able to do that? Just boot on the new > ext3-enabled kernel > and it should work 100%. I'm having all sorts of problems with this server. [root@svr9 root]# cat /proc/version Linux version 2.4.17ctx-8 (root@svr9) [root@svr9 boot]# ls -l total 1556 drwxr-xr-x 2 root root 4096 May 11 12:40 grub -rw-r--r-- 1 root root 405 Mar 6 01:29 kernel.h -rw-r--r-- 1 root root 13312 May 11 15:14 map lrwxrwxrwx 1 root root 23 May 11 13:35 System.map -> System.map-2.4.18ctx-10 -rw-r--r-- 1 root root 504426 May 11 13:35 System.map-2.4.18ctx-10 lrwxrwxrwx 1 root root 20 May 11 13:35 vmlinuz -> vmlinuz-2.4.18ctx-10 -rw-r--r-- 1 root root 1052007 May 11 13:35 vmlinuz-2.4.18ctx-10 According to grub I've only got one available kernel to boot from. default=0 timeout=5 splashimage=(hd0,0)/grub/splash.xpm.gz title Red Hat Linux (2.4.7-18-ctx10) root (hd0,0) kernel /vmlinuz ro root=/dev/hda2 I've almost given up trying to get it upgraded now to ctx-10. locate and grep find no files called or containging ctx-8 but everytime the server boots it's back to ctx-8. Only thing that I can think of is that it is the ctx-10 kernel but it's being misreported but I don't know how that could happen. :-( Regards John From vserver.error@solucorp.qc.ca Sat May 11 20:36:21 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4C0aKoN030770; Sat, 11 May 2002 20:36:21 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4C0LvB29236 for vserver.list; Sat, 11 May 2002 20:21:57 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from john-new (host213-122-5-239.in-addr.btopenworld.com [213.122.5.239]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4C0Lth29232 for ; Sat, 11 May 2002 20:21:56 -0400 Received: from 213.122.5.239 by john-new ([213.122.5.239] running VPOP3) with SMTP for ; Sun, 12 May 2002 01:21:44 +0100 From: "John Lyons" To: Subject: RE: [vserver] iptables? Date: Sun, 12 May 2002 01:21:43 +0100 Message-ID: <002001c1f94a$feee70e0$308c7ad5@johnnew> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) Importance: Normal In-Reply-To: <000901c1f915$7ab27630$ed23bd41@PremiumFood> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Server: VPOP3 V1.3.4 - Registered to: n0Pk1LL4 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-101.9 required=5.0 tests=IN_REP_TO,SUBJ_ENDS_IN_Q_MARK,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 611 > Does vserver supports iptables manipulation inside a vserver? I tried > but it gave me a permission denied message. If it doesn't support > iptables currently, would this be a possibility? I'm not into the tech side of this but I would guess that if it can be done it will be as a result of you giving the root user within the verserver additional rights in the conf file for the vserver. Regards John Lyons From vserver.error@solucorp.qc.ca Sun May 12 04:47:32 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4C8lVoN016169; Sun, 12 May 2002 04:47:32 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4C8Oep17293 for vserver.list; Sun, 12 May 2002 04:24:40 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4C8Och17289 for ; Sun, 12 May 2002 04:24:39 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 176oej-0003p5-00 for ; Sun, 12 May 2002 10:24:37 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 176oei-0003ou-00 for ; Sun, 12 May 2002 10:24:36 +0200 Sender: jon@silicide.dk Message-ID: <3CDE26C4.26839690@silicide.dk> Date: Sun, 12 May 2002 10:24:36 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] iptables? References: <000901c1f915$7ab27630$ed23bd41@PremiumFood> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: vserver@solucorp.qc.ca Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-99.9 required=5.0 tests=SUBJ_ENDS_IN_Q_MARK,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 612 Peter Kwan Chan wrote: > > Does vserver supports iptables manipulation inside a vserver? I tried > but it gave me a permission denied message. If it doesn't support > iptables currently, would this be a possibility? cant you just set it up in the root server running on bare iron ? JonB From vserver.error@solucorp.qc.ca Sun May 12 05:04:42 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4C94goN016263; Sun, 12 May 2002 05:04:42 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4C8n7T17755 for vserver.list; Sun, 12 May 2002 04:49:07 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4C8n7h17751 for ; Sun, 12 May 2002 04:49:07 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 176p2R-0003pf-00 for ; Sun, 12 May 2002 10:49:07 +0200 Received: from localhost ([127.0.0.1]) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 176p2R-0003pV-00 for ; Sun, 12 May 2002 10:49:07 +0200 Delivered-To: silicide_dk-jon+vserver@silicide.dk Received: from mail.dht.dk [194.239.148.46] by localhost with POP3 (fetchmail-5.9.0) for jon+vserver@silicide.dk (multi-drop); Sun, 12 May 2002 10:49:07 +0200 (CEST) Received: (qmail 34151 invoked from network); 12 May 2002 08:47:35 -0000 Received: from dns.solucorp.qc.ca (207.253.4.241) by 194.239.148.46 with SMTP; 12 May 2002 08:47:35 -0000 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4C8Oep17293 for vserver.list; Sun, 12 May 2002 04:24:40 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from ns1.silicide.dk (62.61.158.2.generic-hostname.arrowhead.dk [62.61.158.2]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4C8Och17289 for ; Sun, 12 May 2002 04:24:39 -0400 Received: from mail by ns1.silicide.dk with local (Exim 3.33 #1 (Debian)) id 176oej-0003p5-00 for ; Sun, 12 May 2002 10:24:37 +0200 Received: from gw.silicide.dk ([192.168.2.1] helo=silicide.dk) by ns1.silicide.dk with esmtp (Exim 3.33 #1 (Debian)) id 176oei-0003ou-00 for ; Sun, 12 May 2002 10:24:36 +0200 Sender: jon@silicide.dk Message-ID: <3CDE26C4.26839690@silicide.dk> Date: Sun, 12 May 2002 10:24:36 +0200 From: Jon Bendtsen Organization: Silicide A/S X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: en MIME-Version: 1.0 To: vserver@solucorp.qc.ca Subject: Re: [vserver] iptables? References: <000901c1f915$7ab27630$ed23bd41@PremiumFood> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Envelope-To: jon+vserver@silicide.dk Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-99.9 required=5.0 tests=SUBJ_ENDS_IN_Q_MARK,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 613 Peter Kwan Chan wrote: > > Does vserver supports iptables manipulation inside a vserver? I tried > but it gave me a permission denied message. If it doesn't support > iptables currently, would this be a possibility? cant you just set it up in the root server running on bare iron ? JonB From vserver.error@solucorp.qc.ca Sun May 12 10:35:38 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4CEZboN017868; Sun, 12 May 2002 10:35:37 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4CDkw623955 for vserver.list; Sun, 12 May 2002 09:46:58 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from www.vsen.dk (213.237.54.63.adsl.suoe.worldonline.dk [213.237.54.63]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4CDkvh23951 for ; Sun, 12 May 2002 09:46:57 -0400 Received: from amd.vsen.dk (unknown [192.168.1.4]) by www.vsen.dk (Postfix) with ESMTP id 36D8C108D for ; Sun, 12 May 2002 15:48:13 +0200 (CEST) Subject: RE: [vserver] apache security / Cookbook Vservers / vserver systemusage From: klavs klavsen To: vserver@solucorp.qc.ca In-Reply-To: <001f01c1f947$5f6cbac0$308c7ad5@johnnew> References: <001f01c1f947$5f6cbac0$308c7ad5@johnnew> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-IzDLIQljiIAn8btRfoBd" X-Mailer: Ximian Evolution 1.0.3 Date: 12 May 2002 15:46:43 +0200 Message-Id: <1021211205.2155.1.camel@amd.vsen.dk> Mime-Version: 1.0 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-101.0 required=5.0 tests=IN_REP_TO,SUBJ_HAS_SPACES,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 614 --=-IzDLIQljiIAn8btRfoBd Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Sun, 2002-05-12 at 01:55, John Lyons wrote: >=20 > I've almost given up trying to get it upgraded now to ctx-10. locate and > grep find no files called or containging ctx-8 but everytime the server > boots it's back to ctx-8. Only thing that I can think of is that it is t= he > ctx-10 kernel but it's being misreported but I don't know how that could > happen. :-( Seems youre not quite up2date on grub :-) Nor am I. That's why I stick to lilo. keep a bootdisk handy.. if you don't have one, mkbootdisk will help ya :-) set up /etc/lilo properly - it's much easier than grub, and run lilo. Reboot and there should be no problems. =20 --=20 Regards, Klavs Klavsen -------------| This mail has been sent to you by: |------------ Klavs Klavsen - Open Source Consultant=20 kl@vsen.dk - http://www.vsen.dk Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA=20 Fingerprint =3D A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter --=-IzDLIQljiIAn8btRfoBd Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA83nJD4c1kHlhtW8oRAvR6AJ9WoogIhwTLNI1AkXgM9069nerNywCfVR/M r9pJ4jX3B0NADm9obBjbHkE= =1OeH -----END PGP SIGNATURE----- --=-IzDLIQljiIAn8btRfoBd-- From vserver.error@solucorp.qc.ca Sun May 12 13:15:31 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4CHFVoN018742; Sun, 12 May 2002 13:15:31 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4CGoT927746 for vserver.list; Sun, 12 May 2002 12:50:29 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtp015.mail.yahoo.com (smtp015.mail.yahoo.com [216.136.173.59]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g4CGoSh27741 for ; Sun, 12 May 2002 12:50:29 -0400 Received: from dsl-65-189-35-237.telocity.com (HELO PremiumFood) (peterkwanchan@65.189.35.237 with login) by smtp.mail.vip.sc5.yahoo.com with SMTP; 12 May 2002 16:50:28 -0000 From: "Peter Kwan Chan" To: Subject: RE: [vserver] iptables? Date: Sun, 12 May 2002 11:50:25 -0500 Message-ID: <000801c1f9d5$1d5c8f00$ed23bd41@PremiumFood> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 In-Reply-To: <3CDE26C4.26839690@silicide.dk> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-101.9 required=5.0 tests=IN_REP_TO,SUBJ_ENDS_IN_Q_MARK,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 615 I could, but I was just wondering if each vserver could get to manage its own firewall. I could already think of an implementation: script in each vserver could call a daemon in the main server, which is then responsible for validating the request (so each vserver only create rules that apply to itself), and set the iptables policy on the main server. Peter -----Original Message----- From: jon@silicide.dk [mailto:jon@silicide.dk] On Behalf Of Jon Bendtsen Sent: Sunday, May 12, 2002 3:25 AM To: vserver@solucorp.qc.ca Subject: Re: [vserver] iptables? Peter Kwan Chan wrote: > > Does vserver supports iptables manipulation inside a vserver? I tried > but it gave me a permission denied message. If it doesn't support > iptables currently, would this be a possibility? cant you just set it up in the root server running on bare iron ? JonB From vserver.error@solucorp.qc.ca Sun May 12 17:02:53 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4CL2roN020008; Sun, 12 May 2002 17:02:53 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4CKl6V32128 for vserver.list; Sun, 12 May 2002 16:47:06 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtpout.telecom.co.nz (smtpout.telecom.co.nz [146.171.14.10]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4CKl4h32124 for ; Sun, 12 May 2002 16:47:05 -0400 Received: from aksmtpmdr1.telecom.co.nz (aksmtpmdr1 [146.171.1.20]) by smtpout.telecom.co.nz (Postfix) with SMTP id 8409D45F70 for ; Mon, 13 May 2002 08:46:58 +1200 (NZST) Received: from 192.168.192.252 by aksmtpmdr1.telecom.co.nz with ESMTP ( Tumbleweed MMS SMTP Relay (MMS v4.7);); Mon, 13 May 2002 08:46:53 +1200 X-Server-Uuid: 9e124d90-33fb-11d3-a293-006008c1e5af Received: from localhost ([127.0.0.1] helo=localhost.localdomain ident=fran) by ganymede with esmtp (Exim 3.35 #1 (Debian)) id 1770Cp-0003aw-00 for ; Mon, 13 May 2002 08:44: 35 +1200 Subject: Re: vserver on NFS (was Re: [vserver] Cookbook Vservers From: "Fran Firman" To: vserver In-Reply-To: <3CDBE2CE.187EE33C@silicide.dk> References: <3CDA245E.EF391BE7@silicide.dk> <1020980772.26116.8.camel@ganymede> <3CDBE2CE.187EE33C@silicide.dk> X-Mailer: Ximian Evolution 1.0.3 Date: 13 May 2002 08:44:35 +1200 Message-ID: <1021236275.11078.3.camel@ganymede> MIME-Version: 1.0 X-WSS-ID: 10C00B37315790-01-01 Content-Type: multipart/signed; boundary="=-j3CDFRo7WNeUqPaSfteM"; micalg=pgp-sha1; protocol="application/pgp-signature" Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-102.0 required=5.0 tests=IN_REP_TO,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 616 --=-j3CDFRo7WNeUqPaSfteM Content-Type: text/plain Content-Transfer-Encoding: quoted-printable > not that bad, but not good enough. This is one big file, > depending on the service type, you have lots of small files, > or has to do pretty random access. I would asume the startup > overhead of getting the first few bytes over NFS is much=20 > higher than from the disk. But perhaps the added benefit of > a single backup place and the ease of moving a vserver to > another host makes running vservers on NFS the best solution. It was mainly the being able to move vservers around that was the biggest advantage. But for times when a program wants to create some temp file on /tmp, is why I created a local /tmp for the vserver. Also I noticed, that with IDE, even with dma on , if you hit the HD hard, the cpu usage is quite high, where even maxing a 100M link doesn't seem to bother the CPU much.=20 >=20 > It has made me rethink an old idea I had myself. My idea was > to create bootable cd images useable for turning any linux > installation into a vserver, to try it out. Possibly this > could be coupled with your idea, so one could get a really > fast deployment.=20 >=20 >=20 We are thinking along the same idea as well. An even quicker deployment (assuming that each pc is the same hardware), would be a tftp boot option... ???? Thou then do lose the advantage of the /tmp on the local HD. Fran. --=-j3CDFRo7WNeUqPaSfteM Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEABECAAYFAjze1DIACgkQv1V2oVWAPhYXrACeJpyrBquirCof+GSQuoO1zEjH Q/kAn2eaNmwOXsv1Bnt8Pe3gmlNVjLwl =fqKD -----END PGP SIGNATURE----- --=-j3CDFRo7WNeUqPaSfteM-- From vserver.error@solucorp.qc.ca Sun May 12 23:58:40 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4D3weoN022659; Sun, 12 May 2002 23:58:40 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4D3f6L07087 for vserver.list; Sun, 12 May 2002 23:41:06 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtp015.mail.yahoo.com (smtp015.mail.yahoo.com [216.136.173.59]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g4D3f6h07083 for ; Sun, 12 May 2002 23:41:06 -0400 Received: from dsl-65-189-35-237.telocity.com (HELO PremiumFood) (peterkwanchan@65.189.35.237 with login) by smtp.mail.vip.sc5.yahoo.com with SMTP; 13 May 2002 03:41:06 -0000 From: "Peter Kwan Chan" To: Subject: [vserver] Support vserver name longer than 4 characters? Date: Sun, 12 May 2002 22:41:01 -0500 Message-ID: <000001c1fa30$01542330$ed23bd41@PremiumFood> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 Importance: Normal In-Reply-To: <3CB40BC3.CE7A8199@silicide.dk> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-101.9 required=5.0 tests=IN_REP_TO,SUBJ_ENDS_IN_Q_MARK,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 617 Hello, I read on the "newserver" screen that vserver name can only be 4 characters or less. Is there any reason why there is such a restriction? Any plan to extend it? Thanks, Peter From vserver.error@solucorp.qc.ca Mon May 13 14:39:50 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4DIdnoN029536; Mon, 13 May 2002 14:39:49 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4DI6Kb29577 for vserver.list; Mon, 13 May 2002 14:06:20 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from mail4.messagelabs.com (mail4.messagelabs.com [212.125.75.12]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g4DI6Jh29573 for ; Mon, 13 May 2002 14:06:19 -0400 X-VirusChecked: Checked Received: (qmail 2960 invoked from network); 13 May 2002 18:06:14 -0000 Received: from porgy.logica.co.uk (158.234.250.67) by server-5.tower-4.messagelabs.com with SMTP; 13 May 2002 18:06:14 -0000 Received: from shannon.ie.logica.com (shannon.ie.logica.com [158.234.96.46]) by porgy.logica.co.uk (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id TAA22042 for ; Mon, 13 May 2002 19:06:13 +0100 Received: from ruth.ie.logica.com ([158.234.96.113]) by shannon.ie.logica.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2448.0) id KGKL5W6L; Mon, 13 May 2002 19:06:11 +0100 Received: from pc243.ie.logica.com (pc243.ie.logica.com [158.234.98.243]) by ruth.ie.logica.com (8.9.1/8.9.0) with ESMTP id TAA23097 for ; Mon, 13 May 2002 19:06:12 +0100 (BST) Subject: [vserver] Apache services and LVS From: Lew Teck Kheng To: Vserver mailing list Content-Type: text/plain Content-Transfer-Encoding: 7bit Message-Id: <1021313147.1522.74.camel@maximus> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.0.3.99 Date: 13 May 2002 19:05:52 +0100 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 618 hi all : I am trying to implement multiple apache service behind a LVS (linux vritual server for load balancing). I can see the incoming packet but somehow the vserver cannot route the packet outside LVS ? Have anybody successfully attempt such setup ? many many thanks ________________________________________________________________________ This email has been scanned for all viruses by the MessageLabs SkyScan service. For more information on a proactive anti-virus service working around the clock, around the globe, visit http://www.messagelabs.com ________________________________________________________________________ From vserver.error@solucorp.qc.ca Mon May 13 14:47:59 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4DIlwoN029675; Mon, 13 May 2002 14:47:58 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4DHO5t28375 for vserver.list; Mon, 13 May 2002 13:24:05 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from domino-2.prominic.com (s2-f1-gb.prominic.com [63.254.227.1]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4DHO4h28371 for ; Mon, 13 May 2002 13:24:04 -0400 Subject: [vserver] rh72 default vserver install - inittab issues (vserver version 0.17) To: vserver@solucorp.qc.ca X-Mailer: Lotus Notes Release 5.0.8 June 18, 2001 Message-ID: From: "Justin M Kuntz" Date: Mon, 13 May 2002 12:33:48 -0500 X-MIMETrack: Serialize by Router on domino-2.prominic.com/Prominic(Release 5.0.8 |June 18, 2001) at 05/13/2002 12:24:05 PM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-99.3 required=5.0 tests=LINE_OF_YELLING,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 619 Hello, I've used the /usr/lib/vserver/install-rh7.2 script to create my first vserver. The only problem I noticed with this process is the install-rh7.2 script references install_post.sh when really it should be install-post.sh Now that I have my verver up and running on 2.4.18-ctx10 with vserver 0.17, I wanted to understand better the boot process and what is the minimum process list that should be operating in a vserver environment. The /usr/lib/vserver/install-post.sh script was very helpful to understand what vserver is doing after installing the RPMs. The inittab does a few things I think should be disabled, and I'd like to hear your thoughts. First, the default sysinit is called: si::sysinit:/etc/rc.d/rc.sysinit ... and this rc.sysinit script does all sorts of things which could and probably should be trimmed down for a vserver. Notably, it does file system checking, starts up pre-syslog logging, etc. I noticed the update daemon doesn't look like it needs to be running on vservers as well as the main server, so I commented that out as follows: # Things to run in every runlevel. #JMK - I think this should not be running since the main server runs kupdate #ud::once:/sbin/update I assume these lines probably wouldn't mean much in a vserver because the primary init is not going to know to tell the vserver inits what is happening in case of powerfailure or ctrl-alt-del by default, without special configuration... so I left them alone for now: ca::ctrlaltdel:/sbin/shutdown -t3 -r now pf::powerfail:/sbin/shutdown -f -h +2 "Power Failure; System Shutting Down" pr:12345:powerokwait:/sbin/shutdown -c "Power Restored; Shutdown Cancelled" The tty inputs I assume can all be disabled since the vserver has no control over the main machine's console anyway, and they'll just generate needless /var/log/messages traffic in the vserver about not having access to the ttys? # Run gettys in standard runlevels #1:2345:respawn:/sbin/mingetty tty1 #2:2345:respawn:/sbin/mingetty tty2 #3:2345:respawn:/sbin/mingetty tty3 #4:2345:respawn:/sbin/mingetty tty4 #5:2345:respawn:/sbin/mingetty tty5 #6:2345:respawn:/sbin/mingetty tty6 This leaves me with my big question being what to do with syslog and minilogd. I assume that the processes running inside the vserver are going to try to talk to the standard logging mechanism inside that vserver. Red Hat has a white paper on this which is a good read: http://www.redhat.com/support/wpapers/redhat/initscripts/index.html#toc So this is what I get after running "vserver rh72 start" followed by "vserver rh72 enter": [root@vserver:rh72 log]ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0 May11 ? 00:00:06 init [3] root 14695 1 0 13:14 ? 00:00:00 minilogd root 14911 14900 0 13:15 pts/3 00:00:00 /bin/bash -login root 14965 14911 0 13:15 pts/3 00:00:00 ps -ef [root@vserver:rh72 log] Now, minilogd is running but I think it is just collecting the messages and not actually writing them anywhere until we start syslog. But starting syslog also attempts to start a kernel log daemon, which I don't think we want since the main server is already going to be running a kernel log daemon - right? [root@vserver:rh72 init.d]./syslog start Starting system logger: [ OK ] Starting kernel logger: [ OK ] [root@vserver:rh72 init.d]ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0 May11 ? 00:00:06 init [3] root 14911 14900 0 13:15 pts/3 00:00:00 /bin/bash -login root 14979 1 0 13:16 ? 00:00:00 syslogd -m 0 root 14987 14911 0 13:16 pts/3 00:00:00 ps -ef [root@vserver:rh72 init.d] So somehow by running syslog, it is disabling the minilogd and replacing that with syslogd, and I'm not sure why the kerneld doesn't startup too. I'd appreciate any ideas or suggestions to further streamline the startup process and make sure minimal services and logging are loaded which won't interfere with the root server. For now I'm going to re-enable syslog inside the vserver as follows: [root@vserver:rh72 /]chkconfig --level 2345 syslog on Thanks! Justin From vserver.error@solucorp.qc.ca Mon May 13 17:59:29 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4DLxToN006586; Mon, 13 May 2002 17:59:29 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4DKXtI01215 for vserver.list; Mon, 13 May 2002 16:33:55 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtpout.telecom.co.nz (smtpout.telecom.co.nz [146.171.14.10]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4DKXsh01210 for ; Mon, 13 May 2002 16:33:55 -0400 Received: from aksmtpmdr1.telecom.co.nz (aksmtpmdr1 [146.171.1.20]) by smtpout.telecom.co.nz (Postfix) with SMTP id CD38545E52 for ; Tue, 14 May 2002 08:33:52 +1200 (NZST) Received: from 192.168.192.252 by aksmtpmdr1.telecom.co.nz with ESMTP ( Tumbleweed MMS SMTP Relay (MMS v4.7);); Tue, 14 May 2002 08:33:46 +1200 X-Server-Uuid: 9e124d90-33fb-11d3-a293-006008c1e5af Received: from localhost ([127.0.0.1] helo=localhost.localdomain ident=fran) by ganymede with esmtp (Exim 3.35 #1 (Debian)) id 177MTb-0005Lh-00 for ; Tue, 14 May 2002 08:31: 23 +1200 Subject: Re: [vserver] Support vserver name longer than 4 characters? From: "Fran Firman" To: vserver In-Reply-To: <000001c1fa30$01542330$ed23bd41@PremiumFood> References: <000001c1fa30$01542330$ed23bd41@PremiumFood> X-Mailer: Ximian Evolution 1.0.3 Date: 14 May 2002 08:31:09 +1200 Message-ID: <1021321883.11079.57.camel@ganymede> MIME-Version: 1.0 X-WSS-ID: 10FEFCA0581411-01-01 Content-Type: multipart/signed; boundary="=-hU629oSu/phgdHS348xu"; micalg=pgp-sha1; protocol="application/pgp-signature" Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-101.9 required=5.0 tests=IN_REP_TO,SUBJ_ENDS_IN_Q_MARK,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 620 --=-hU629oSu/phgdHS348xu Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Well I never saw that - been creating the vservers by hand. And I've been using names like web_server , imap_server And it all seems ok. Under vserver-stat the full name is shown under ifconfig the subinterfaces are called. eth0:web_ eth0:imap So I think it means that the first 4 chars have to be unique, not the total length has to be four. Fran. On Mon, 2002-05-13 at 15:41, Peter Kwan Chan wrote: > Hello, > I read on the "newserver" screen that vserver name can only be 4 > characters or less. Is there any reason why there is such a restriction? > Any plan to extend it? >=20 > Thanks, >=20 > Peter >=20 >=20 --=-hU629oSu/phgdHS348xu Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQA84CKGv1V2oVWAPhYRAop+AJ92gOGaB6hCnUytKkpgIuJFEiCHjwCfX46O gO8w3kD0nyrdmz2JMiWSZxg= =4FP+ -----END PGP SIGNATURE----- --=-hU629oSu/phgdHS348xu-- From vserver.error@solucorp.qc.ca Mon May 13 23:35:14 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4E3ZEoN009892; Mon, 13 May 2002 23:35:14 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4E34HR10963 for vserver.list; Mon, 13 May 2002 23:04:17 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4E34Hh10959 for ; Mon, 13 May 2002 23:04:17 -0400 Received: from remtk.solucorp.qc.ca (g36-125.citenet.net [206.123.36.125]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g4E36eA59811 for ; Mon, 13 May 2002 23:06:40 -0400 (EDT) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g4E2ese02420 for vserver@solucorp.qc.ca; Mon, 13 May 2002 22:40:54 -0400 From: Jacques Gelinas Date: Mon, 13 May 2002 22:40:54 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] Support vserver name longer than 4 characters? X-mailer: tlmpmail 0.6 Message-ID: <20020513224054.c8a80746a024@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-99.9 required=5.0 tests=SUBJ_ENDS_IN_Q_MARK,A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 621 On Sun, 12 May 2002 22:41:01 -0500, Peter Kwan Chan wrote > Hello, > I read on the "newserver" screen that vserver name can only be 4 > characters or less. Is there any reason why there is such a restriction? > Any plan to extend it? The real limit is 10. I will change this in the next release. This is a mistake on my side. Here is the story. For every vserver, you assign an IP alias combining the network device and the name. So for vserver abc, you get the IP alias eth0:abc. The limit in the kernel for a network device name (alias or not) is 15 ( I think, I have not looked in the code). So if you remove eth0:, you have 10 character for the vserver name. The mistake came from looking at ifconfig output. ifconfig truncate the network device name while formating, leaving only 4 characters visible. 10 should be plenty. Note that newvserver doest no enforce any limit. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Mon May 13 23:35:21 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4E3ZKoN009899; Mon, 13 May 2002 23:35:21 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4E34Mp10974 for vserver.list; Mon, 13 May 2002 23:04:22 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4E34Lh10970 for ; Mon, 13 May 2002 23:04:21 -0400 Received: from remtk.solucorp.qc.ca (g36-125.citenet.net [206.123.36.125]) by cti06.citenet.net (8.11.6/8.11.6) with ESMTP id g4E36iA59820 for ; Mon, 13 May 2002 23:06:44 -0400 (EDT) (envelope-from jack@remtk.solucorp.qc.ca) Received: (from jack@localhost) by remtk.solucorp.qc.ca (8.11.0/linuxconf) id g4E2x4r02429 for vserver@solucorp.qc.ca; Mon, 13 May 2002 22:59:04 -0400 From: Jacques Gelinas Date: Mon, 13 May 2002 22:59:04 -0500 To: vserver@solucorp.qc.ca Subject: re: [vserver] rh72 default vserver install - inittab issues (vserver version 0.17) X-mailer: tlmpmail 0.6 Message-ID: <20020513225904.c66f938c382b@remtk.solucorp.qc.ca> Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 622 On Mon, 13 May 2002 12:33:48 -0500, Justin M Kuntz wrote > > Hello, > > I've used the /usr/lib/vserver/install-rh7.2 script to create my first > vserver. The only problem I noticed with this process is the install-rh7.2 > script references install_post.sh when really it should be install-post.sh > > Now that I have my verver up and running on 2.4.18-ctx10 with vserver 0.17, > I wanted to understand better the boot process and what is the minimum > process list that should be operating in a vserver environment. The > /usr/lib/vserver/install-post.sh script was very helpful to understand what > vserver is doing after installing the RPMs. > > The inittab does a few things I think should be disabled, and I'd like to > hear your thoughts. First, the default sysinit is called: > si::sysinit:/etc/rc.d/rc.sysinit > > ... and this rc.sysinit script does all sorts of things which could and > probably should be trimmed down for a vserver. Notably, it does file > system checking, starts up pre-syslog logging, etc. I noticed the update > daemon doesn't look like it needs to be running on vservers as well as the > main server, so I commented that out as follows: rc.sysinit does not contain anything useful (or doable by) for a vserver. > # Things to run in every runlevel. > #JMK - I think this should not be running since the main server runs > kupdate > #ud::once:/sbin/update Indeed update is only needed a single time on the physical server. > I assume these lines probably wouldn't mean much in a vserver because the > primary init is not going to know to tell the vserver inits what is > happening in case of powerfailure or ctrl-alt-del by default, without > special configuration... so I left them alone for now: > ca::ctrlaltdel:/sbin/shutdown -t3 -r now > pf::powerfail:/sbin/shutdown -f -h +2 "Power Failure; System Shutting Down" > pr:12345:powerokwait:/sbin/shutdown -c "Power Restored; Shutdown Cancelled" Right. > The tty inputs I assume can all be disabled since the vserver has no > control over the main machine's console anyway, and they'll just generate > needless /var/log/messages traffic in the vserver about not having access > to the ttys? > # Run gettys in standard runlevels > #1:2345:respawn:/sbin/mingetty tty1 > #2:2345:respawn:/sbin/mingetty tty2 > #3:2345:respawn:/sbin/mingetty tty3 > #4:2345:respawn:/sbin/mingetty tty4 > #5:2345:respawn:/sbin/mingetty tty5 > #6:2345:respawn:/sbin/mingetty tty6 If you create say /dev/tty2 in a vserver, then it would be possible to have one console per vserver. A neat way to switch between them as needed. /dev/ttyX are not created by default on vservers. You will need to trim the tty usage on the root server, in its own /etc/inittab. > This leaves me with my big question being what to do with syslog and > minilogd. I assume that the processes running inside the vserver are going > to try to talk to the standard logging mechanism inside that vserver. Red > Hat has a white paper on this which is a good read: > http://www.redhat.com/support/wpapers/redhat/initscripts/index.html#toc No, by default they can't reach the root syslog. They talk to the syslog daemon using /dev/log, which is a unix domain socket. In general, each vserver runs its own syslogd process, so each has its own set of /var/log files. In general a vserver will also run crond, so log files are rotated once in a while. Note that a syslogd daemon can setup multiple /dev/log socket. or you can use hard links to setup /dev/log using the root server /dev/log in every vserver. This way, logging would go to the root log files. This could be used in a high security setup, where logging become invisible to a vserver (and thus an attacker wanting to cleanup). Another solution would be to run one syslogd setup per vserver, but in the root server. This will avoid mixing messages from each vservers. > So this is what I get after running "vserver rh72 start" followed by > "vserver rh72 enter": > [root@vserver:rh72 log]ps -ef > UID PID PPID C STIME TTY TIME CMD > root 1 0 0 May11 ? 00:00:06 init [3] > root 14695 1 0 13:14 ? 00:00:00 minilogd > root 14911 14900 0 13:15 pts/3 00:00:00 /bin/bash -login > root 14965 14911 0 13:15 pts/3 00:00:00 ps -ef > [root@vserver:rh72 log] > > Now, minilogd is running but I think it is just collecting the messages and > not actually writing them anywhere until we start syslog. But starting > syslog also attempts to start a kernel log daemon, which I don't think we > want since the main server is already going to be running a kernel log > daemon - right? Yes klogd can't grab kernel message (capability). But start the syslog service anyway. It fails to start klogd but syslogd starts and work fine. > [root@vserver:rh72 init.d]./syslog start > Starting system logger: [ OK ] > Starting kernel logger: [ OK ] > [root@vserver:rh72 init.d]ps -ef > UID PID PPID C STIME TTY TIME CMD > root 1 0 0 May11 ? 00:00:06 init [3] > root 14911 14900 0 13:15 pts/3 00:00:00 /bin/bash -login > root 14979 1 0 13:16 ? 00:00:00 syslogd -m 0 > root 14987 14911 0 13:16 pts/3 00:00:00 ps -ef > [root@vserver:rh72 init.d] > > > So somehow by running syslog, it is disabling the minilogd and replacing > that with syslogd, and I'm not sure why the kerneld doesn't startup too. You don't need kernel on a 2.4 kernel. Further, kerneld can,t work in a vserver since a vserver is not allowed to load kernel module. Or you mean klogd. klogd is not allowed to work in a vserver because of the capability system. If it was allowed, it would steal message away from the root server. > I'd appreciate any ideas or suggestions to further streamline the startup > process and make sure minimal services and logging are loaded which won't > interfere with the root server. In general, we do not run /sbin/init in a vserver. We simply start services in runlevel 3 (whatever is defined in /etc/inittab as the default). In general we have sshd, syslog and crond running. > For now I'm going to re-enable syslog inside the vserver as follows: > [root@vserver:rh72 /]chkconfig --level 2345 syslog on Yes this is we do on our vserver. --------------------------------------------------------- Jacques Gelinas vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc From vserver.error@solucorp.qc.ca Tue May 14 06:08:07 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4EA86oN013768; Tue, 14 May 2002 06:08:06 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4E9kWb21100 for vserver.list; Tue, 14 May 2002 05:46:32 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from smtprelay01.ilcampo.com (smtprelay01.ilcampo.com [193.172.126.25]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with SMTP id g4E9kUh21096 for ; Tue, 14 May 2002 05:46:31 -0400 Received: (qmail 10067 invoked from network); 14 May 2002 09:46:29 -0000 Received: from offpulse.ilcampo.com (HELO Kees) (Kees.Schrama?siennax@193.172.126.230) by smtprelay01.ilcampo.com with SMTP; 14 May 2002 09:46:29 -0000 From: "Kees Schrama" To: Subject: [vserver] Multicast between vservers Date: Tue, 14 May 2002 11:49:13 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Importance: Normal Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 623 Hi, Is it possible to have multiple vservers listen to the same IP multicast address? The reason for this: we have a application in a clustered setup. This means that multiple instances of this application run, each in a different verserver. The vservers all have IP adresses in the same subnet. Each application uses the same multicast address in order to communicate with its neighbours. However, it seems that only one vserver at a time is able to receive multicast, because the multicast traffic (multicast-subnet) can be routed only to one (and-only-one) virtual-interface at a time. It seems to me that the problem is the single routing table that is used by all vservers, so that only one interface at a time can receive multicast. Can anyone confirm my findings? Or am I missing something? Thanks! Kees Schrama From vserver.error@solucorp.qc.ca Tue May 14 12:59:39 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4EGxcoN016883; Tue, 14 May 2002 12:59:39 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4EFTwC29419 for vserver.list; Tue, 14 May 2002 11:29:58 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from iteckmailx.infoteck.qc.ca (smtp2.infoteck.qc.ca [205.151.16.14]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4EFTwh29415 for ; Tue, 14 May 2002 11:29:58 -0400 Received: from [205.151.16.16] (port=1677 helo=ITeckShield.infoteck.qc.ca) by iteckmailx.infoteck.qc.ca with smtp (Exim 4.04) id 177e8S-0006fp-00 for vserver@solucorp.qc.ca; Tue, 14 May 2002 11:22:44 -0400 Received: from iteck4.infoteck.qc.ca(205.151.16.4) by ITeckShield.infoteck.qc.ca via csmap id 4916; Tue, 14 May 2002 11:23:14 -0400 (EDT) Message-ID: <00ff01c1fb5c$536f9870$1400010a@infoteck.ca> From: "Joel Vandal" To: , "Justin M Kuntz" References: Subject: Re: [vserver] SIOCS... errors - any ideas? Date: Tue, 14 May 2002 11:30:49 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.1 required=5.0 tests=SUBJ_ENDS_IN_Q_MARK version=2.01 Status: RO X-Status: X-Keywords: X-UID: 624 > Do you have any idea what I need to do next to get it working? I mean the > message "Server 0001 is not running" is showing up both after the start > command and after the enter command, so I'm assuming something is still > wrong. You must have at less one service running on your vserver, can you try to do: vservers 0001 service sshd start then log on your vservers and activate default service. -- Joel Vandal From vserver.error@solucorp.qc.ca Tue May 14 14:12:26 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4EICPoN017557; Tue, 14 May 2002 14:12:26 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4EHXmD00726 for vserver.list; Tue, 14 May 2002 13:33:48 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from domino-2.prominic.com (s2-f1-gb.prominic.com [63.254.227.1]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4EHXlh00722 for ; Tue, 14 May 2002 13:33:48 -0400 Subject: [vserver] context count To: vserver@solucorp.qc.ca X-Mailer: Lotus Notes Release 5.0.8 June 18, 2001 Message-ID: From: "Justin M Kuntz" Date: Tue, 14 May 2002 12:46:02 -0500 X-MIMETrack: Serialize by Router on domino-2.prominic.com/Prominic(Release 5.0.8 |June 18, 2001) at 05/14/2002 12:33:48 PM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 625 Hello, Am I correct in my understanding that the security context is essentially 4 hex digits (2 bytes long)? So if I were to start and stop vservers in a continuous loop for 65535 times, then on the next time it will fail? Thanks, Justin From vserver.error@solucorp.qc.ca Tue May 14 14:25:54 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4EIProN017737; Tue, 14 May 2002 14:25:53 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4EI0RO01527 for vserver.list; Tue, 14 May 2002 14:00:27 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from iteckmailx.infoteck.qc.ca (smtp2.infoteck.qc.ca [205.151.16.14]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4EI0Rh01523 for ; Tue, 14 May 2002 14:00:27 -0400 Received: from [205.151.16.16] (port=4417 helo=ITeckShield.infoteck.qc.ca) by iteckmailx.infoteck.qc.ca with smtp (Exim 4.04) id 177gU9-0000FW-00 for vserver@solucorp.qc.ca; Tue, 14 May 2002 13:53:17 -0400 Received: from iteck4.infoteck.qc.ca(205.151.16.4) by ITeckShield.infoteck.qc.ca via csmap id 6190; Tue, 14 May 2002 13:53:49 -0400 (EDT) Message-ID: <01bf01c1fb71$5c7d8250$1400010a@infoteck.ca> From: "Joel Vandal" To: References: Subject: Re: [vserver] context count Date: Tue, 14 May 2002 14:01:23 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 626 > Am I correct in my understanding that the security context is essentially 4 > hex digits (2 bytes long)? So if I were to start and stop vservers in a > continuous loop for 65535 times, then on the next time it will fail? If you check on the Kernel Patch, on signal.c (sys_new_s_context function) you will see something like: #define MAX_S_CONTEXT 65535 if (alloc_ctx == 1) { ... } else if (alloc_ctx > MAX_S_CONTEXT) { alloc_ctx = 2; } I assume that when the countern reach 65535, they restart the count at 2 (Context 0 and 1 are reserved). -- Joel Vandal From vserver.error@solucorp.qc.ca Tue May 14 15:30:10 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4EJUAoN018286; Tue, 14 May 2002 15:30:10 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4EIJaW02025 for vserver.list; Tue, 14 May 2002 14:19:36 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from domino-2.prominic.com (s2-f1-gb.prominic.com [63.254.227.1]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4EIJZh02019 for ; Tue, 14 May 2002 14:19:35 -0400 Subject: [vserver] per-vserver timezones To: vserver@solucorp.qc.ca X-Mailer: Lotus Notes Release 5.0.8 June 18, 2001 Message-ID: From: "Justin M Kuntz" Date: Tue, 14 May 2002 13:31:54 -0500 X-MIMETrack: Serialize by Router on domino-2.prominic.com/Prominic(Release 5.0.8 |June 18, 2001) at 05/14/2002 01:19:36 PM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=-100.0 required=5.0 tests=A_FROM_IN_AUTO_WLIST version=2.01 Status: RO X-Status: X-Keywords: X-UID: 627 Hello, Is it possible for vservers to operate in different timezones from one another and from the main server? I understand the actual raw time across all vservers would be the same, but I'd like each vserver to interpret the timezone differently. Thanks! Justin From vserver.error@solucorp.qc.ca Tue May 14 15:47:12 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4EJlBoN018407; Tue, 14 May 2002 15:47:11 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4EIZGH02465 for vserver.list; Tue, 14 May 2002 14:35:16 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from iteckmailx.infoteck.qc.ca (smtp2.infoteck.qc.ca [205.151.16.14]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4EIZGh02461 for ; Tue, 14 May 2002 14:35:16 -0400 Received: from [205.151.16.16] (port=1164 helo=ITeckShield.infoteck.qc.ca) by iteckmailx.infoteck.qc.ca with smtp (Exim 4.04) id 177h1q-0000ky-00 for vserver@solucorp.qc.ca; Tue, 14 May 2002 14:28:06 -0400 Received: from iteck4.infoteck.qc.ca(205.151.16.4) by ITeckShield.infoteck.qc.ca via csmap id 6367; Tue, 14 May 2002 14:28:38 -0400 (EDT) Message-ID: <01e901c1fb76$39f959c0$1400010a@infoteck.ca> From: "Joel Vandal" To: References: Subject: Re: [vserver] per-vserver timezones Date: Tue, 14 May 2002 14:36:13 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 628 > Is it possible for vservers to operate in different timezones from one > another and from the main server? I understand the actual raw time across > all vservers would be the same, but I'd like each vserver to interpret the > timezone differently. I try to set different Timezone on 3 vservers and when I check the time, they show the time corresponding to my timezone. main server: mar mai 14 14:34:12 EDT 2002 (America/Montreal) vserver1 : mar mai 14 20:34:21 CEST 2002 (Europe/Paris) vserver2 : mar mai 14 19:34:43 BST 2002 (Great Britain) vserver3 : mar mai 14 22:34:52 MUT 2002 (India/Maurice) -- Joel Vandal From vserver.error@solucorp.qc.ca Tue May 14 17:08:32 2002 Received: from dns.solucorp.qc.ca (dns.solucorp.qc.ca [207.253.4.241]) by alien.vlad.net (8.12.1/8.12.1) with ESMTP id g4EL8WoN019087; Tue, 14 May 2002 17:08:32 -0400 Received: (from mail@localhost) by dns.solucorp.qc.ca (8.11.0/linuxconf) id g4EKf9X06375 for vserver.list; Tue, 14 May 2002 16:41:09 -0400 X-Authentication-Warning: dns.solucorp.qc.ca: mail set sender to vserver.error@solucorp.qc.ca using -f Received: from imf12bis.bellsouth.net (mail012.mail.bellsouth.net [205.152.58.32]) by dns.solucorp.qc.ca (8.11.0/linuxconf) with ESMTP id g4EKf9h06369 for ; Tue, 14 May 2002 16:41:09 -0400 Received: from localhost.localdomain ([66.157.153.33]) by imf12bis.bellsouth.net (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with ESMTP id <20020514204235.MEUQ18573.imf12bis.bellsouth.net@localhost.localdomain> for ; Tue, 14 May 2002 16:42:35 -0400 Content-Type: text/plain; charset="us-ascii" From: Billy Hager To: Subject: [vserver] Virtual Network Devices Date: Tue, 14 May 2002 16:40:27 -0400 User-Agent: KMail/1.4.1 MIME-Version: 1.0 Message-Id: <200205141640.27327.whager@bellsouth.net> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by dns.solucorp.qc.ca id g4EKf9h06369 Reply-to: vserver@solucorp.qc.ca Precedence: bulk X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01 Status: RO X-Status: X-Keywords: X-UID: 629 I am working with a computer which has one network card and runs one vserver. Outside the vserver the computer acts a print/nfs server for my local network. Inside the shell server is a full Linux distrobution running as a shell server. I would like to set up a situation where no network traffic from the vserver ever goes anywhere else but the internet. I don't want people on the vserver using my printer and poking around my local network. ;) I would like to create a virtual network interface that I could connect the vserver to and filter with iptables. User Mode Linux(UML) uses virtual network devices to manage its network, and I know I could use it. Unfortunately, UML creates a layer of complexity that I don't want to deal with. Is there another way that I can create a virtual network interface without using UML? TUN/TAP looks promising, and that's what UML uses to create its virtual network. Again, I have been unable to find a solution that doesn't use UML. Does anyone know of any solutions that don't require UML? Another option would be to buy a second network card and switch. The vserver would be bound to one card(eth0) and everything else would use the other card(eth1). That's a $60+ solution, though, and I don't learn anything in the process. There must be a way to set up a virtual network. Thanks in advance, Bil