[Vserver] Re: Bug#378673: problem when /var/run/service is readonly inside vserver
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alexander Gerasiov wrote: > Micah Anderson wrote: >> Hi, >> >> Alexander Gerasiov wrote: >> >>>> Package: util-vserver >>>> Version: 0.30.210-10 >>>> Severity: normal >>>> >>>> Hi there. >>>> I want to push main host's mysqld socket inside vserver. >>>> So I think that the simplest way is to mount /var/run/mysqld from host >>>> to /var/run/mysqld on vserver. But that forces /var/run/mysqld cleaning >>>> on vserver's start. >>>> >> >> The reason this happens is not because of util-vserver, or anything >> related to vservers at all, but instead the Debian startup scripts which >> clean /var/run on bootup and shutdown. The only way to fix this is to >> alter your debian scripts not to do this. > Nope. As I can see, you wrong here. Have a look at /etc/init.d/mountall-bootclean, which calls /etc/init.d/bootclean (or bootclean.sh in sarge), specifically the part that cleans /var/run, and you will see that I am not wrong here: case "$1" in start|"") # Clean /tmp, /var/lock, /var/run /etc/init.d/bootclean This script is called on boot-up and cleans out /var/run. This is a debian startup script. > I don't know how to debug vserver (cause even strace halts), but simple > test (something like adding "echo $0" in all of init scripts) gave me > the following: > without /var/run/mysqld ro=== > # vserver bigfoot start > rc > inetd > Starting internet superserver: inetd. > cron > Starting periodic command scheduler: cron. > apache2 > Starting web server: Apache2. > rmnologin > stop-bootlogd > bootlogd I have a hard time believing that this is *all* the init scripts that run during startup. Maybe only those that are run during run level 2, but there are more run levels that happen during startup. In a normal debootstrapped sarge vserver the initscripts that are run are quite a lot more than the ones that you have listed above. As a result, I conclude that your test is flawed and I am not convinced that I am wrong. > = > with /var/run/mysqld ro=== > # vserver bigfoot start > chroot-shunlink("var/run/mysqld/mysqld.pid"): Read-only file system > chroot-shunlink("var/run/mysqld/mysqld.sock"): Read-only file system Yeah, this happens because the boot-clean scripts are run on boot-up and they are trying to remove the .pid and the .sock file in /var/run. This is to be expected, is not a bug, and is most assuredly not a bug in util-vserver. > Failed to start vserver 'bigfoot' > == > So this isn't init scripts who fails. How do you conclude this? >> This fails because the Debian startup scripts need to be able to write >> to /var/run, so they fail and thus the startup of that server fails. > Sigh... No.. Sigh... Yes. >>>> 2nd Am I wrong? May be there are better way to do the same thing (I'm >>>> speaking not about mysql, I know that it's possible to use network >>>> socket, but I want to use the same scheme for some other services, so >>>> I'm interested in mounting something inside vserver with bind option.). >> >> The way I solved this was to have mysql listen on the private network >> and then I contact it over the network, rather than through a socket. If >> you want to use a socket, then you need to be putting that socket >> somewhere other than /var/run. > Now the 1st thing I want is to get clean reply from upstream: > Is this possible to connect host and vserver via UNIX-socket as I did, > or that's working but just because of bug and wouldn't work in future. Yes, you can connect via sockets cross vservers. I know that Ola did not know this is possible, but it is, and it is intentional. It is not a security bug. The only way to get a socket from the host, or from another vserver, into the filesystem of a vserver is through a privileged manner. If you want to do this, you are allowed. >> First of all this is not a bug in util-vserver. It is at most >> a bug in mysql-server, but in this case it is not that either. > No, it isn't. Mysqld works fine, the problems I have is in scripts wich > clean /var/run on vserver start. Where do you suppose these initscripts come from? They do not come from util-vserver, they are debian provided initscripts. The functionality that they provide (cleaning /var/run, cleaning /tmp) are designed to be there, and are not bugs. You are trying to do something that these scripts were not designed for. If you wish you can report a bug on those scripts, but I assure you that the response
[Vserver] Re: vservers start very slow after a reboot
In gmane.linux.vserver, you wrote: [trimming extra stuff to save bandwidth] > thanks for the info. I think your suggestions will actually solve the > problem i'm having. > Thing is that i'm not sure on how to do it correctly on Debian. > I have a util-vserver script in /etc/init.d > which is linked to from rc2.d: > S23util-vserver -> ../init.d/util-vserver > > In /etc/default/util-vserver i reread this comment: > # The vserver initscript runs late in the boot-up sequence, which may > # be inappropriate for services that need to run earlier, such as > # nameservers or VPN tunnels. If a copy of the initscript is made to > # run at an earlier position, you can then set $MARK to be those vservers > # that you want to run then. > #MARK=default > > This is confusing to me. The comment says to copy the initscript for those > servers that need to be started earlier but the script looks at > /etc/default/util-vserver to find info on what servers to start first. > So how do i do that? I could copy the script, copy /etc/default/util-vserver > and adjust the MARK & AUTO parameters there but i don't think that's the > proper way to deal with this problem or is it? Its not a very clear paragraph, I agree. I think the idea is that if you have: vserver1 -- needs to be started early, has mark set to "early" vserver2 -- can be started manually, has mark set to "default" or nothing then you set /etc/default/util-vserver so that MARK=early and then had this symlink: /etc/rc1.d/S01util-vserver -> ../init.d/util-vserver then this would run and start the "early" marked vservers. Once the system came up you could manually start the other vservers. Or you would have two copies of the initscript and have one with DEBIANCONFIG=/etc/default/util-vserver2 with a different MARK variable set than the other initscript. Its a rather crude oddity that doesn't really solve any problems, and it should be removed from the package. One thing to note: The depends flag that Herbert mentions is useful only when a vserver is a pre-requisite for another to start. However, if you need a vserver to start that is a pre-requisite for the rest of the system bootup process, then this flag is not what you want. [snip tons of extra information] Micah ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Re: 2.6.16-rc1-vs2.1.0.9 latest test on parisc
In gmane.linux.vserver, you wrote: > On Fri February 3 2006 12:04, Joel Soete wrote: >> > >> Appologies for late answer but this isp webmail interface is very a nightmare >> (it tooks me all this afternoon to reach to login Grrr). >> > Joel, > > I sent you a possible solution to that problem. > Of course, that does not mean you received it. If this was a solution to Joel's problem with dietlib, can you re-send it to the list so the rest of us can know the answer? I'd like to be able to reference it in the future if other HPPA users come here with the same problem. :) micah ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Re: 2.6.16-rc1-vs2.1.0.9 latest test on parisc
In gmane.linux.vserver, you wrote: > On Thu, Feb 02, 2006 at 02:29:38PM -0500, Micah Anderson wrote: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> Herbert Poetzl wrote: >> > On Thu, Feb 02, 2006 at 09:33:12AM +0100, Joel Soete wrote: >> >>On toh for my private build from upstream src (on going to build latest >> >>0.30.210), I disabled use of dietlibc (not yet available for hppa at this >> >>time) and all seems to works fine. >> > >> > >> > really depends on the dietlibc, but I'd assume it >> > is _still_ broken on HPPA, nevertheless the glibc >> > is _not_ a good alternative, although it _might_ >> > work for simple things. >> >> I guess we can find out when Joel sends results of tests? > > possible, well, testme and testfs will not > detect the insecurities introduced by glibc Ah, I meant we can find out if dietlibc is broken on HPPA or not. I did not mean we can find out if glibc insecurities still exist. >> > PS: I hope that dietlibc on hppa will be fixed soon. >> >> Have the issues on HPPA been brought to the dietlibc developers? > > yes, but AFAICT, they were ignored ... I tried to google around for references to this to see if I could help push these up, but didn't find anything. Sometimes all it takes is a ping to the right place to get people to realise that they overlooked something. Micah ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: 2.6.16-rc1-vs2.1.0.9 latest test on parisc
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Herbert Poetzl wrote: > On Thu, Feb 02, 2006 at 09:33:12AM +0100, Joel Soete wrote: >>On toh for my private build from upstream src (on going to build latest >>0.30.210), I disabled use of dietlibc (not yet available for hppa at this >>time) and all seems to works fine. > > > really depends on the dietlibc, but I'd assume it > is _still_ broken on HPPA, nevertheless the glibc > is _not_ a good alternative, although it _might_ > work for simple things. I guess we can find out when Joel sends results of tests? > PS: I hope that dietlibc on hppa will be fixed soon. Have the issues on HPPA been brought to the dietlibc developers? micah -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFD4l2h9n4qXRzy1ioRAsKMAKCv8YQr/D/9YQDQc/XOAQO/pJwe2wCggmD+ sRKaersGBPipGCipwjTdHP0= =YeQB -END PGP SIGNATURE- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: 2.6.16-rc1-vs2.1.0.9 latest test on parisc
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joel, Please do not hijack threads, it is better to start a new thread with a new subject. If you use an existing thread to talk about something completely different than the thread's subject, it causes a lot of problems with mail and news readers. Also, you cannot just change the subject line to create a new thread. Most news and mail readers use other headers such as References: to track and build the thread of messages by message ID, and changing the subject line does not change the actual threading. Therefore, one should always compose a new (and therefore reference-free) message when changing topics. Joel Soete wrote: > Hello Micah, > > I just read the changelog of your debian's pkg upload (util-vserver > (0.30.209-2) unstable) and btw discover: > o it was re-enable for hppa ;-) > o and it's build with dietlibc (now available also for this arch too) > > So my question is: was it already tested on this arch? No, it was re-enabled after a long period of being disabled, and needs to be tested by someone with that arch. If you can test it, it would be appreciated. > On toh for my private build from upstream src (on going to build latest > 0.30.210), I disabled use of dietlibc (not yet available for hppa at this > time) and all seems to works fine. What is "toh"? I would prefer to use dietlibc if possible as it seems to be required to handle some corner security issues. > (But tbh I'm still ignoring what kind of pb am I supposed to encounter) I'm sorry, I am not able to parse your acronyms! Micah -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFD4k2f9n4qXRzy1ioRAgE+AKCNSjFwgU3YR7xsSM2AfJtPuUPtRwCggTFq bpj4fogMkfkdDx9Uh8gM2Yo= =k4Fm -END PGP SIGNATURE- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: 2.6.16-rc1-vs2.1.0.9 latest test on parisc
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Herbert Poetzl wrote: > On Wed, Feb 01, 2006 at 01:40:29PM -0500, Micah Anderson wrote: > > Herbert Poetzl wrote: > >>>Btw may I ask you to add this -n (i.e. no_color option) to testme. >>>That would look like: > > >>no problem, will put it into the next version ... > >>thanks, >>Herbert > > I thought that the -n (no_color) option was added after I sent a similar > patch back in October[1]? > > >> yes, it was, but (if you read your mail again) only >> to the testfs.sh script, not the testme.sh one ... /me hits head with hand. micah -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFD4SG59n4qXRzy1ioRAsJ/AJ9GiMfPLq1GwiST/Zng1pLiiRnZVQCdF6iY 9faF5SBsx7eSi8ppXLUXpzA= =iGTQ -END PGP SIGNATURE- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: 2.6.16-rc1-vs2.1.0.9 latest test on parisc
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Herbert Poetzl wrote: >>Btw may I ask you to add this -n (i.e. no_color option) to testme. >>That would look like: > > > no problem, will put it into the next version ... > > thanks, > Herbert I thought that the -n (no_color) option was added after I sent a similar patch back in October[1]? Micah 1. http://list.linux-vserver.org/archive/vserver/msg10918.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFD4QCd9n4qXRzy1ioRAtNAAJwJierglR+/ufpIpIUDaOsfQltKugCfVG0t 1x55Xg0BgliW2mEDNE9TBCU= =eGnX -END PGP SIGNATURE- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Logo contest
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All the logos are great, maybe if one logo cannot be decided on, we can pick them all! You get a random logo every time you visit the page. :) (note to others picking, the numbers for the logos are BELOW the images, not above) I suppose I would rank my preferences as follows: 10, 9, 6 I haven't seen anyone say anything yet, and I do not wish to offend the orginators of any of the logos, as I am quite impressed with all of them, however for some reason the 8, 14-17 and 21-28 logos make me think of a Microsoft project. Maybe its the four boxes of color that is the same as the Microsoft flag... but it reminds me of something like this image: http://www.indigoclothing.com/images/logos/microsoft.gif http://www.lansdownecomputing.co.uk/images/office%20logo%20transparent.gif I didn't look to hard for examples, I am sure there are others that are more similar. I think Microsoft had quite a few similar images for their product line recently. I asked some other folks I know and their responses were: "the logos you mentioned make me think of MS products, not particularly explorer, but any MS product.", "I think it's Office 97 or something." Micah Herbert Poetzl wrote: > On Sat, Jan 21, 2006 at 03:29:39PM +0100, Joep Gommers wrote: > >>Hi folks, >> >>The webpage with all discussed logo's can be found here: >>http://www.virtualinfrastructure.nl/personal/vserver/index.htm > > > you might want to add the 'older' ones too, some of > the ideas are here: http://vserver.13thfloor.at/Stuff/LOGO/ > > you have to dig through the archives to find the artists > of 995994tux.gif and linuxvserver.gif > > best, > Herbert > > >>If everybody could reply their preference and remarks to the >>mailinglist, i can count the replies. Maybe herbert should make the >>final decision? >> >>J- >> >> >>On 1/20/06, Guenther Fuchs <[EMAIL PROTECTED]> wrote: >> >>>Hi there, >>> >>>on Friday, January 20, 2006 at 7:30:28 PM there was posted: >>> >>>OW> would be nice to have a central webpage with all logos or at least >>>OW> links to all logos. >>> >>>JG> Ill do that tomorrow >>> >>>That's great as it takes me out of work ;-) >>> >>>-- >>>regards 'n greez, >>> >>>Guenther Fuchs >>>(aka "muh" and "powerfox") >>> >>>___ >>>Vserver mailing list >>>Vserver@list.linux-vserver.org >>>http://list.linux-vserver.org/mailman/listinfo/vserver >>> > > >>___ >>Vserver mailing list >>Vserver@list.linux-vserver.org >>http://list.linux-vserver.org/mailman/listinfo/vserver > > > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFD3kUN9n4qXRzy1ioRAlt0AJ0bNTIcCc3c/WsSrPJ9bQTjMf/MVACdG7Hj J8bWPlAYYx9q34882kEIknc= =vh+V -END PGP SIGNATURE- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] VServer logo?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alberto Cammozzo wrote: > On Fri, Jan 06, 2006 at 10:56:58PM +0100, Guenther Fuchs wrote: > >>Hi there, >> >>anyone graphically talented created a logo for VServer yet or wants >>to? I guess, there's not only me wanting to show a "powered by Linux- >>VServer" on their page ;-) > > > I Agree... > Here's my attempt: > <http://homes.stat.unipd.it/mmzz/Vserver/Logo/> > See README file for explanations... > Inkscape svg file is available, of course. My only comments on this logo is that the repeated checkmarks look too much like the Nike logo, especially the red one, which they used specifically. I have no doubts that a megacorporation like Nike would find offense with this logo as it is now and would write threatening letters. micah -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDxCqy9n4qXRzy1ioRAjlMAKCfLFYwnpep5WK0F+hUpfvFZBtqnwCeKSSA i5gZP3uDaMaXerIK6ElmhL4= =wN3S -END PGP SIGNATURE- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [OPoll] BME inclusion into next stable release
> OPINION POLL > > > please check (X) all points which apply ... > (according to your opinion) > > [ ] I had no idea about this issue/deficiency > [x] I did already know about it > > [ ] I'm already using BME (or similar) patches > [ ] I will start using BME patches now > [x] I do not need/use this 'feature' at all or if i could add an option: [x] I do not need/use this 'feature' right now, but might in the future > [x] I think this SHOULD get into the next > stable Linux-VServer release because ... > > [ ] I am using it/want to use it > [x] It's more a bugfix than a feature > [x] I like the idea of ro --bind mounts > > [x] I think this should NOT be included into > the next stable release because ... > > [ ] it is not thoroughly tested > [ ] it is not mature enough > [ ] it adds unnecessary code > [x] it should better be fixed in >the mainline Linux Kernel signature.asc Description: Digital signature ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Wiki : HowTo graph vserver usage with cacti
On Fri, 16 Dec 2005, GarconDuMonde clickity clacked: > >>let me know if there is real demand, and somebody is > >>willing to do the userspace part .. we could then go for > >>netlink or relayfs ... > >> > > > I'm interested in monitoring the hell out of the vservers (cpu %, > > loadavg, tokens, memory, network traffic, processes, disk i/o, you > > name it) so I'd be willing to help (please note I haven't used neither > > netlink nor relayfs yet but you learn all your life, don't you?) > > me also! i really don't know that much about kernel stuff at all, and > it's not highest on my list of priorities to learn at the moment, but > i am keen to "monitor the hell out of the vservers" (what a great > phrase!), ultimately on a number of different physical hosts. > currently, the only monitoring tool i really have experience with is > munin, but cacti has been highly recommended to me, so i'm very happy > to learn it and then try to help get it as good as possible for > vserver usage. AOL (in otherwords: me too!). A side note, cacti is not much different than munin, both use rrd backends, and each is just a different front-end for setting up the graphs and monitoring. I tried cacti a number of times as it was going through some major changes, and I found it had a much higher learning curve than munin and I did not get as much out of it. With munin I was able to write new monitoring plug-ins very quickly and imagine I could do so for vserver monitoring to create interesting graphs, if I knew what values to look at and poll. > > I have a little patch to collect per-server disk usage stats (somewhat > > like /proc/diskstats) but I dropped it from my kernels during the > > recent debugging frenzy and I'm a bit reluctant to apply it again - a > > bit too intrusive for my taste and I don't know whether it's SMP-safe > > really. If anybody is interested, feel free to drop me a note. It would be interesting to have this included in linux-vserver kernel patch! Micah signature.asc Description: Digital signature ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: Bug#343277: util-vserver: wrong call to colorize in functions
forwarded https://savannah.nongnu.org/bugs/index.php?func=detailitem&item_id=15281 thanks The Anarcat wrote: > On Wed Dec 14, 2005 at 06:36:21PM +0100, Ola Lundqvist wrote: >>>As I said, it's trivial, benign, but should be fixed and I don't know >>>where else to report this. If you found this bug using the debian package, you should file it with the Debian BTS. The reason is because the package maintainer may have made changes to the upstream code and would know best if this is a local debian issue, or actually an upstream issue. If the package maintainer determines that this is not a Debian bug, then he/she files a bug in the upstream tracker, tags the Debian bug as forwarded with a link to the upstream submitted bug (which I have done above), and then keeps track of the fix upstream. >> >>I suggest you also file this upstream. See http://linux-vserver.org/ >>or just simply send an email to vserver@list.linux-vserver.org describing >>this. Actually, it typically should be the Debian maintainer who does this as the maintainer knows how to do this properly, and should be actively cultivating a relationship with upstream so that communication happens properly. Addtionally, filing this particular bug is not done by sending an email to the vserver mailing list, as Enrico (who maintains the upstream tools) may or may not follow the list. Even if he does, he should not be unnecessarily burdened with needing to file a bug in the proper bug tracker so that he can remember to fix it later. The bug tracker for util-vserver is located here: https://savannah.nongnu.org/bugs/?group=util-vserver&func=browse&set=open The proper way to go about this is to browse through the open issues before submitting a duplicate bug. > i was kind of expecting you to do this, but I can do it.. :) Let's just > CC the list... Just CC'ing the list is like tossing something out, you dont know if someone will pick it up and unless you intend to track this issue and follow-up to find out where the issue is at, it will just be left up to chance. Filing a bug in the tracker will keep the issue around until it is dealt with. Micah ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Script testfs.sh on Reiser3
Michael S. Zick wrote: > wolf466:/mnt# showattr dir_one > ---bui- dir_one > > wolf466:/mnt# setattr --barrier dir_one > wolf466:/mnt# showattr dir_one > ---Bui- dir_one What version of util-vserver are you using? When you do the setattr --barrier it should result in: ---BUi- dir_one This was fixed in version 0.30.208 of util-vserver. Micah ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Hostname confusion inside vserver
Roché Compaan wrote: > Any reason why /usr/bin/mail would think the hostname is the host's > hostname and not the vserver's, even though the hostname command correctly > returns the vserver's hostname? > Check your /etc/mailname and /etc/hosts to see what is defined. Micah ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] m-l pb? [Was: ... failure on parisc-linux]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joel Soete wrote: >> there are several archives available (and linked >> from the wiki page), e.g. >> >> http://list.linux-vserver.org/archive/vserver/ >> http://archives.linux-vserver.org/ >> >> and you can search via >> >> http://www.13thfloor.at/vserver/search/ How frequently is this updated? I tried to search for "parisc testme" on that page to see if I could find the original thread, but it didn't return the thread itself. It appears that this is using google, so it must only get updated as frequently as googlebot crawls the mailing list. Micah -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDmwYI9n4qXRzy1ioRAjoUAKCFyb6nMv+Iorzh1H1UBWH0z6ozOQCgsYwc IX9bxFbswRpbFWuI/+lT9Zw= =Y8Cr -END PGP SIGNATURE- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] testme.sh-0.14 failure on parisc-linux
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Herbert Poetzl wrote: > On Fri, Dec 09, 2005 at 10:10:11PM +0100, Daniel Hokka Zakrisson wrote: > >>Joel Soete wrote: >> >>> vserver(2) syscall#: 273/default >> >>That's wrong for hppa. Rerun configure with >>CPPFLAGS="-D__NR_vserver=263" set in the environment. > > > it should also work fine if you compile the tools from > scratch (i.e. get the 0.30.209 tools and do ./configure, > make, make install) It appears as if he did compile the tools himself, using this configure argument: ./configure --build hppa-linux-gnu -- is this the wrong argument to pass to set the parisc architecture type to get the proper 263 syscall? There is no pre-built debian parisc util-vserver packages at the moment (nor are there ARM packages), but I'm looking to resolve that. micah -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDmwWX9n4qXRzy1ioRAsohAJ0aaHDcDjxys3o6+f5oSeo2t80JawCgqLuL emJScQNE2VsiC0/Sb/Mo8SI= =BA+X -END PGP SIGNATURE- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Configure help patch
Hi, Please find attached (and included below) a patch to adjust the wording for the Configure help for the COW link break code. It is a minor patch, but I believe it tightens it up and corrects the language. Micah --- patch-2.6.14.2-vs2.1.0-rc8.diff 2005-11-30 15:15:02.0 -0500 +++ /tmp/patch-2.6.14.2-vs2.1.0-rc8.diff2005-11-30 15:25:41.0 -0500 @@ -17971,8 +17971,8 @@ diff -NurpP --minimal linux-2.6.14.2/ker + depends on EXPERIMENTAL + default y + help -+This enables the COW link break code which will allow to -+treat unified files like normal files in regard of writing ++This enables the COW (Copy-On-Write) link break code. This allows ++you to treat unified files like normal files when writing +to them (which will implicitely break the link and create +a copy of the unified file) + --- patch-2.6.14.2-vs2.1.0-rc8.diff 2005-11-30 15:15:02.0 -0500 +++ /tmp/patch-2.6.14.2-vs2.1.0-rc8.diff2005-11-30 15:25:41.0 -0500 @@ -17971,8 +17971,8 @@ diff -NurpP --minimal linux-2.6.14.2/ker + depends on EXPERIMENTAL + default y + help -+This enables the COW link break code which will allow to -+treat unified files like normal files in regard of writing ++This enables the COW (Copy-On-Write) link break code. This allows ++you to treat unified files like normal files when writing +to them (which will implicitely break the link and create +a copy of the unified file) + signature.asc Description: OpenPGP digital signature ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Updates to testfs.sh script
Actually, lets just forget about that previous diff, and instead use this one. I found that the mkfs.xfs would fail because there previously was a filesystem created by the mkfs.ext3 and it would complain that you needed to use -f to force it to happen. Please use the attached diff instead of the previous (this also bumps the version number one). Micah --- testfs.sh-0.09 2005-09-19 04:27:43.0 -0400 +++ testfs.sh-0.10 2005-10-04 17:16:07.0 -0400 @@ -1,7 +1,5 @@ #!/bin/bash -eR='\e[31m';eG='\e[32m';eY='\e[33m';eB='\e[34m';eN='\e[0m' - function eecho () { C=$1; shift echo -e "$C$*$eN" @@ -360,7 +358,7 @@ nfsopt="vers=3,hard,intr,tcp,sync" -while getopts ":hlotvxD:F:M:N:O:" option; do +while getopts ":hlotvxcD:F:M:N:O:" option; do case $option in h) # help cat << EOF @@ -377,6 +375,7 @@ -M mount point [$MNT] -N nfs source [$NFS] -O nfs options [$nfsopt] + -cdisable color output examples: @@ -402,6 +401,9 @@ t) # terse output terse=1 ;; +c) # disable color output +color="no" +;; D) # device DEV="$OPTARG" ;; @@ -421,13 +423,17 @@ done shift $(($OPTIND - 1)) +if [ "$color" != "no" ]; then +eR='\e[31m';eG='\e[32m';eY='\e[33m';eB='\e[34m';eN='\e[0m' +fi + outdev="/dev/null" [ $verbose -gt 1 ] && outdev="/dev/stdout" errdev="/dev/null" [ $verbose -gt 0 ] && errdev="/dev/stderr" -eecho $eY "Linux-VServer FS Test [V0.09] Copyright (C) 2005 H.Poetzl" +eecho $eY "Linux-VServer FS Test [V0.10] Copyright (C) 2005 H.Poetzl" KERN=`uname -srm` CHCV=`chcontext --version 2>&1` @@ -454,18 +460,30 @@ echo "---" eecho $eY "testing $fs filesystem ..." case $fs in -ext2|ext3|xfs|jfs) +ext2|ext3) mkfs.$fs $DEV 1>$outdev 2>$errdev rc=$?; ececho $rc "[000]" [ $rc -gt 0 ] && echo "($fs format failed)" && continue do_test "$fs" "$mntopt" ;; +xfs*) +mkfs.$fs -f $DEV 1>$outdev 2>$errdev + rc=$?; ececho $rc "[000]" + [ $rc -gt 0 ] && echo "($fs format failed)" && continue + do_test "$fs" "$mntopt" + ;; reiser*) mkfs.reiserfs -f $DEV 1>$outdev 2>$errdev rc=$?; ececho $rc "[000]" [ $rc -gt 0 ] && echo "(reiser format failed)" && continue do_test reiser "attrs,$mntopt" ;; +jfs*) +mkfs.jfs -q $DEV 1>$outdev 2>$errdev + rc=$?; ececho $rc "[000]" + [ $rc -gt 0 ] && echo "($fs format failed)" && continue + do_test "$fs" "$mntopt" + ;; nfs) do_test nfs "$nfsopt,$mntopt" ;; signature.asc Description: OpenPGP digital signature ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Updates to testfs.sh script
Please find attached a diff against testfs.sh-0.09. This diff adds the -c option to disable color output and also adds the -q option to mkfs.jfs because without this mkfs.jfs asks if you want to continue causing the test to fail erroneously. micah --- testfs.sh-0.09 2005-09-19 04:27:43.0 -0400 +++ testfs.sh-0.10 2005-10-04 14:46:52.0 -0400 @@ -1,7 +1,5 @@ #!/bin/bash -eR='\e[31m';eG='\e[32m';eY='\e[33m';eB='\e[34m';eN='\e[0m' - function eecho () { C=$1; shift echo -e "$C$*$eN" @@ -360,7 +358,7 @@ nfsopt="vers=3,hard,intr,tcp,sync" -while getopts ":hlotvxD:F:M:N:O:" option; do +while getopts ":hlotvxcD:F:M:N:O:" option; do case $option in h) # help cat << EOF @@ -377,6 +375,7 @@ -M mount point [$MNT] -N nfs source [$NFS] -O nfs options [$nfsopt] + -cdisable color output examples: @@ -402,6 +401,9 @@ t) # terse output terse=1 ;; +c) # disable color output +color="no" +;; D) # device DEV="$OPTARG" ;; @@ -421,6 +423,10 @@ done shift $(($OPTIND - 1)) +if [ "$color" != "no" ]; then +eR='\e[31m';eG='\e[32m';eY='\e[33m';eB='\e[34m';eN='\e[0m' +fi + outdev="/dev/null" [ $verbose -gt 1 ] && outdev="/dev/stdout" errdev="/dev/null" @@ -454,7 +460,7 @@ echo "---" eecho $eY "testing $fs filesystem ..." case $fs in -ext2|ext3|xfs|jfs) +ext2|ext3|xfs) mkfs.$fs $DEV 1>$outdev 2>$errdev rc=$?; ececho $rc "[000]" [ $rc -gt 0 ] && echo "($fs format failed)" && continue @@ -466,6 +472,12 @@ [ $rc -gt 0 ] && echo "(reiser format failed)" && continue do_test reiser "attrs,$mntopt" ;; +jfs*) +mkfs.jfs -q $DEV 1>$outdev 2>$errdev + rc=$?; ececho $rc "[000]" + [ $rc -gt 0 ] && echo "($fs format failed)" && continue + do_test "$fs" "$mntopt" + ;; nfs) do_test nfs "$nfsopt,$mntopt" ;; signature.asc Description: OpenPGP digital signature ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] build -m rpm does not work
On Mon, 05 Sep 2005, Jun OKAJIMA wrote: > > I tried with ready-made deb on sid, got from apt-line > and same problem happened. > maybe it is worse ... because vhasify binary seems not to be included. > See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319927 for why vhashify has not been included in the past, but is about to be. Micah ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: util-vserver 0.30.208 debs?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Micah wrote: > Specifically, the configuration errors when libbeecrypt6 and > libbeecrypt6-dev are as follows: > > configure:27544: checking for hashFunctionContextInit in -lbeecrypt > configure:27574: gcc -o conftest -Wall -g -O2 -std=c99 -Wall -pedantic > -W -funit-at-a-time conftest.c -lbeecrypt >&5 > /usr/lib/gcc/i486-linux-gnu/4.0.2/../../../../lib/libbeecrypt.so: > undefined reference to `mppndiv' > /usr/lib/gcc/i486-linux-gnu/4.0.2/../../../../lib/libbeecrypt.so: > undefined reference to `mpmultwo' > /usr/lib/gcc/i486-linux-gnu/4.0.2/../../../../lib/libbeecrypt.so: > undefined reference to `mpaddw' > /usr/lib/gcc/i486-linux-gnu/4.0.2/../../../../lib/libbeecrypt.so: > undefined reference to `mpsetmul' > /usr/lib/gcc/i486-linux-gnu/4.0.2/../../../../lib/libbeecrypt.so: > undefined reference to `sha1Process' > /usr/lib/gcc/i486-linux-gnu/4.0.2/../../../../lib/libbeecrypt.so: > undefined reference to `mpodd' > /usr/lib/gcc/i486-linux-gnu/4.0.2/../../../../lib/libbeecrypt.so: > undefined reference to `mpfill' > /usr/lib/gcc/i486-linux-gnu/4.0.2/../../../../lib/libbeecrypt.so: > undefined reference to `mpsub' > /usr/lib/gcc/i486-linux-gnu/4.0.2/../../../../lib/libbeecrypt.so: > undefined reference to `mpzero' > /usr/lib/gcc/i486-linux-gnu/4.0.2/../../../../lib/libbeecrypt.so: > undefined reference to `mpsubw' > /usr/lib/gcc/i486-linux-gnu/4.0.2/../../../../lib/libbeecrypt.so: > undefined reference to `mpaddsqrtrc' > /usr/lib/gcc/i486-linux-gnu/4.0.2/../../../../lib/libbeecrypt.so: > undefined reference to `mpdivtwo' > /usr/lib/gcc/i486-linux-gnu/4.0.2/../../../../lib/libbeecrypt.so: > undefined reference to `mpadd' > /usr/lib/gcc/i486-linux-gnu/4.0.2/../../../../lib/libbeecrypt.so: > undefined reference to `mpeven' > /usr/lib/gcc/i486-linux-gnu/4.0.2/../../../../lib/libbeecrypt.so: > undefined reference to `mpaddmul' > collect2: ld returned 1 exit status > configure:27580: $? = 1 The resolution looks forth-coming: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323506 I suggest that you subscribe to this bug (subscribing to a bug can be done by sending an email to [EMAIL PROTECTED]), so you can see when it has been resolved and a new package can be uploaded to build properly. micah -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDCI+X9n4qXRzy1ioRArmRAJ0U9mrVVeSmthBLD9EMWNKd1mqHFwCfSeps /D9RutSROa62jJoMsY16Vzw= =1Q/M -END PGP SIGNATURE- ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: util-vserver 0.30.208 debs?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ola Lundqvist wrote: > Does this mean that vhashify is not included in the debian util-vserver > debs because it cannot be built due to the missing beecrypt2 library? > > >> Yes. > > > Would the package libbeecrypt6, libbeecrypt6-dev provide the necessary > resolution to this missing dependency? > > >> I hoped so but no it do not. It find the hearders but some symbol in the >> library is not found so it skip that. > Specifically, the configuration errors when libbeecrypt6 and libbeecrypt6-dev are as follows: configure:27544: checking for hashFunctionContextInit in -lbeecrypt configure:27574: gcc -o conftest -Wall -g -O2 -std=c99 -Wall -pedantic - -W -funit-at-a-time conftest.c -lbeecrypt >&5 /usr/lib/gcc/i486-linux-gnu/4.0.2/../../../../lib/libbeecrypt.so: undefined reference to `mppndiv' /usr/lib/gcc/i486-linux-gnu/4.0.2/../../../../lib/libbeecrypt.so: undefined reference to `mpmultwo' /usr/lib/gcc/i486-linux-gnu/4.0.2/../../../../lib/libbeecrypt.so: undefined reference to `mpaddw' /usr/lib/gcc/i486-linux-gnu/4.0.2/../../../../lib/libbeecrypt.so: undefined reference to `mpsetmul' /usr/lib/gcc/i486-linux-gnu/4.0.2/../../../../lib/libbeecrypt.so: undefined reference to `sha1Process' /usr/lib/gcc/i486-linux-gnu/4.0.2/../../../../lib/libbeecrypt.so: undefined reference to `mpodd' /usr/lib/gcc/i486-linux-gnu/4.0.2/../../../../lib/libbeecrypt.so: undefined reference to `mpfill' /usr/lib/gcc/i486-linux-gnu/4.0.2/../../../../lib/libbeecrypt.so: undefined reference to `mpsub' /usr/lib/gcc/i486-linux-gnu/4.0.2/../../../../lib/libbeecrypt.so: undefined reference to `mpzero' /usr/lib/gcc/i486-linux-gnu/4.0.2/../../../../lib/libbeecrypt.so: undefined reference to `mpsubw' /usr/lib/gcc/i486-linux-gnu/4.0.2/../../../../lib/libbeecrypt.so: undefined reference to `mpaddsqrtrc' /usr/lib/gcc/i486-linux-gnu/4.0.2/../../../../lib/libbeecrypt.so: undefined reference to `mpdivtwo' /usr/lib/gcc/i486-linux-gnu/4.0.2/../../../../lib/libbeecrypt.so: undefined reference to `mpadd' /usr/lib/gcc/i486-linux-gnu/4.0.2/../../../../lib/libbeecrypt.so: undefined reference to `mpeven' /usr/lib/gcc/i486-linux-gnu/4.0.2/../../../../lib/libbeecrypt.so: undefined reference to `mpaddmul' collect2: ld returned 1 exit status configure:27580: $? = 1 Micah -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDCI4+9n4qXRzy1ioRAlv+AJ42a70GuouTTfxjvaNOtP0toupVmwCghGho 7b5IlNA8n+fFEhsewOJDBjo= =hPFQ -END PGP SIGNATURE- ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] IPs in vservers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Herbert Poetzl wrote: > On Fri, Aug 19, 2005 at 09:02:35PM -0500, Micah wrote: > > > Have a look at: http://deb.riseup.net/vserver/usage/ > > Specifically the item: > > "Howto add an IP to a running vserver, without restarting it?" > > >> looks interesting ... but not supposed to work :) >> (i.e. I consider that a bug in the tools ...) Kinda nice that it does though -- if this doesn't then another method to add IPs to running vservers without restarting would be nice :) >> btw, maybe echo "something" >/etc/vservers/iface/... >> is easier to do than the cat/CTRL-D thingy ... Yeah, I changed it to echo, old habit... -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDBqAW9n4qXRzy1ioRArrLAJ4sVvFFuDBR+aGvR7JBRQX+1IstCgCfdKXK 6Qj5/Rhb8Je/pHdhJwb9CdU= =EF60 -END PGP SIGNATURE- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] IPs in vservers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Have a look at: http://deb.riseup.net/vserver/usage/ Specifically the item: "Howto add an IP to a running vserver, without restarting it?" Gaz Wilson wrote: > Quick question before the weekend - am I correct in saying there is no > way to add extra IP addresses/virtual interfaces (e.g. eth0:1) to a > vserver without restarting it? > > Thanks > > GW > -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDBo879n4qXRzy1ioRAsz4AJ9hHD3lQ/N6nxLK4O2liBUq9qr7kQCfRH0v /OErPNKJYlYiK/R/Aae1f8c= =cw93 -END PGP SIGNATURE- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: util-vserver 0.30.208 debs?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ola, Ola Lundqvist wrote: >>>>The debian maintainer is working on .208 debs now: >>>>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321659 >>> >>hi >>thanks for the dsc - one odd thing came up through building - it claimed >>(though >>installed) that beecrypt couldn't be found and this would not allow to >>vhashify >>- actually I'm quite clueless what this finally means, but maybe someone here >>can enlighten me. > > > Note that if you use beecrypt2 it will work. That library is not > included in Debian sid so I can not use it. Does this mean that vhashify is not included in the debian util-vserver debs because it cannot be built due to the missing beecrypt2 library? Would the package libbeecrypt6, libbeecrypt6-dev provide the necessary resolution to this missing dependency? I have not begun to look into unification yet, but from what I can tell vhashify is a necessary part to do this. Micah -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDBo7k9n4qXRzy1ioRAuGXAJsFNPrCUk0ob1h5AsvzfYPjIm3yuACeJibO ORL72PGo5T2Vlt2nGE4D+64= =2+Ib -END PGP SIGNATURE- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] util-vserver 0.30.208 debs?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andreas John wrote: > Hi! > > HAve you considered the libbeecrypt problem I reported this night, might > be debian specific? > > And I get the following problem when buildinf vashify: > >> checking for sys/capability.h... yes >> checking beecrypt/beecrypt.h usability... yes >> checking beecrypt/beecrypt.h presence... yes >> checking for beecrypt/beecrypt.h... yes >> checking for hashFunctionContextInit in -lbeecrypt... no >> configure: WARNING: >> >> 'beecrypt' could not be found; >> this will disable the build of 'vhashify' >> > > Bertl told that he can compile it von -mdk versions . > > I didn't file a bug anywhere, because I am not sure what's the right > place debian or savannah If you are building a debian package, you should almost always report the bug to the debian BTS, and let the maintainer decide if the bug should be filed upstream (in this case in savannah). There might be a debian packaging specific problem that is the cause of the problem, and enrico is not going to be able to track that down and is going to be confused about the bug report. micah -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDBo4Y9n4qXRzy1ioRAjGoAJ9sbNPXPLx4p7tI15rW8UFlrbbZWQCgp/PQ E5Vtr9JsuHs5tvLZ7jIZ0NY= =vfxq -END PGP SIGNATURE- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: util-vserver 0.30.208 debs?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ola Lundqvist wrote: >> >>the following patches should be of interest to you: >> >> http://vserver.13thfloor.at/Experimental/UTIL-VSERVER/delta-0.30.208-kheaders.diff >> http://vserver.13thfloor.at/Experimental/UTIL-VSERVER/delta-0.30.208-shiny7.diff >> > > I used the 208 relese with the corresponding patch file. > > I was not able to apply the patch files you give me here... > [EMAIL PROTECTED]:~/build/debian/util-vserver/unstable/util-vserver-0.30.208$ > patch -p1 < debian/patches/delta-0.30.208-kheaders.diff > patching file kernel/cvirt_def.h > Reversed (or previously applied) patch detected! Assume -R? [n] > [EMAIL PROTECTED]:~/build/debian/util-vserver/unstable/util-vserver-0.30.208$ > patch -p1 < debian/patches/delta-0.30.208-shiny7.diff > patching file lib/syscall-alternative.h > Hunk #1 FAILED at 1. > 1 out of 1 hunk FAILED -- saving rejects to file lib/syscall-alternative.h.rej Could this be because you applied the fix01 patch to the source before attempting to apply these diffs? The fix01 patch has these fixes incorporated in it (but is missing some others), so I would guess that you get "previously applied" errors if fix01 is there already. Apply these diffs without fix01 and I bet it will work. micah -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDBeto9n4qXRzy1ioRAiQVAKCdXdTMoEGsMLfHeluOdSB8PxDlWQCdHg7l XTMeK/uoS+BE2JA7lrHQ0Gk= =bS2Z -END PGP SIGNATURE- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] util-vserver 0.30.208 debs?
On Fri, 12 Aug 2005, John Goerzen wrote: > Hi, > > Herbert was advising me on IRC to not use 0.30.207 with a new vs2.0 > installation because 207 is broken upstream, and because the Debian > package adds some additional brokenness. > > So I have two questions: > > 1) Has anyone made 0.30.208 debs? The debian maintainer is working on .208 debs now: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321659 > 2) Does anyone know what this additional brokenness in the Debian > packages is? Part of the problem is .207 is several months old, and many things were fixed between that release and .208, in fact there are additional fixes that Bertl have done for .208. I am not aware of Debian specific package brokenness, but I would like to know if there are such things so we can file bugs and get those fixed, poste haste. micah ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Fwd: Re: [Vserver] [Release] Stable 2.0]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I am forwarding this message to the debian bug ID related to updating the util-vserver tools to the latest version. Ola, please be sure to apply the patch that Herbert provides for util-vserver to fix some additional known issues. micah Herbert Poetzl wrote: > please check the patch(es) I provide against util-vserver > 0.30.208, as they will either extend functionality or > fix known issues ... > > http://www.13thfloor.at/vserver/s_rel26/v2.0/patch-0.30.208-fix01.diff.bz2 > (for now) > > TIA, > Herbert > -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFC9/Zb9n4qXRzy1ioRAuUFAJ91R499Tu+4YzGlmzWAcMPOU26CzACfeHUM rSoktoRSQHkCDORkOMNDy2g= =etSm -END PGP SIGNATURE- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [Release] Stable 2.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andreas John wrote: > Hello! > > Good Question! If diff'ed a little: > And: Is Ola aware of the release, so we may urge him so pack it in > Debain Sid soon? I've been working on the debian package for the kernel-patch (kernel-patch-vserver), and as soon as I saw the release last night, I tested the patch against the latest kernel-source in debian (linux-source-2.6.12), and then uploaded a new package with the new patch. Also, the other day I was sick of people complaining that the util-vserver tools were out of date in debian, so I filed a bug against the package asking Ola to update them and he said he would do so right away. micah 1. http://packages.qa.debian.org/k/kernel-patch-vserver/news/1.html 2. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321659 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFC94zD9n4qXRzy1ioRAgKIAJ9tii3E1TuVevksfmxB6gouWulLwACeMtDv L6vX/4+Txn4P9pLK/FxSpNs= =ldQX -END PGP SIGNATURE- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [Release] Stable 2.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Congratulations, great work!! Herbert Poetzl wrote: > Greetings Community! > > after some time of testing and ironing out minor > issues we proudly present the first stable release > for the 2.6 kernels ... > > http://www.13thfloor.at/vserver/s_rel26/v2.0/ > (tools supposed to work fine on Mandrake 10.x) > > enjoy, > Herbert -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFC9tt69n4qXRzy1ioRAsHxAJ0cnmCIAvRsn8RbxwcaDgyeH05d4QCfYyUI D41+Sw0afLcQ+IpAWuBYSFA= =GK+O -END PGP SIGNATURE- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] setrlimit limit failed: Operation not permitted
Thorsten Gunkel schrieb am Wednesday, den 06. July 2005: > I have set up several Debian Sarge vservers on a Debian Sarge host. > > Kernel 2.6.11.5-vs1.9.5 If you used the debian package kernel-patch-vserver perhaps you can try the new kernel-patch-vserver package that is available in unstable. This provides a patch for debian kernel-source-2.6.11-7 to provide vs2.0-rc4. I dont know if this will fix the issue, but it will get you to a much improved version of vserver, see if your problem still exists after this change. Micah ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] newstyle vhost and vreboot
Herbert Poetzl schrieb am Wednesday, den 06. July 2005: > On Wed, Jul 06, 2005 at 05:35:07AM +0200, Harald Kapper wrote: > > On Wed, 6 Jul 2005 04:59:27 +0200, Herbert Poetzl <[EMAIL PROTECTED]> wrote: > > > > >debian sarge is broken (at least regarding linux-vserver) > > > > hi > > uhm - if this is so why are there not bug-reports / package-maintainers > > notified, etc.? > > > > anyway, would you care to share your opinion on which > > distro vservers aren't broken? > > they work just fine on almost all distros including debian, > it's just not advised to take the debian packages for now > (until debian folks have fixed them) So that we can know, can you give an idea of what the problems are? I am using the debian kernel patch and util-vserver packages on 4 different machines and I haven't had any problems. This does not mean that there are no problems, but I haven't seen any and would like to know what might be things I could encounter (and others probably want to know too). > this means: > > - get a vanilla kernel (2.6.12.2 is current) > - get the linux-vserver patch (vs2.0-rc5 is current) Additionally, I have updated kernel-patch-vserver so that patch vs2.0-rc4 is working for debian kernel 2.6.11-7. I am working on updating the 2.6.8 patch to also work with vs2.0. The Debian 2.6.12 kernel is coming soon (it has been held up by the gcc-4.0 transition), and when it is available I will update the patch to work with that kernel as well. If you wish to be more conservative, and play with a more "stable" situation, with less enhancements, the Debian vserver patch works against kernel-source-2.4.27 (in stable, using the vserver stable vs1.2.10 patch). > - get the most recent tools (util-vserver-0.30.207) The util-vserver package in debian unstable has 0.30.207 available on all architectures except ia64 (0.30.204-6). > PS: I'm pretty sure debian folks (including maintainers) > will soon catch up (and fix the issues) ... nevertheless > feel free to submit bug reports to the debian maintainers > for all your issues you encounter with the sarge version. Please do, dont bug Bertl because the debian packages are out of date, report the bugs using the Debian BTS (install package reportbug and run it!). Micah signature.asc Description: Digital signature ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] capchroot: chroot(): Permission denied
Did you compile the legacy kernel API options into the kernel when you made it? micah Marc Fournier schrieb am Monday, den 20. June 2005: > Hello, > > I just came across a strange problem on debian with kernel 2.6.11 and > debian kernel-patch-vserver 1.9.5.3. When my vserver root is an LVM mount > point (ie: I mounted /dev/mapper/vg0-host on /var/lib/vservers/host), then > "vserver host start" fails after this: > > [...] > Host name is now host > New security context is 49153 > capchroot: chroot(): Permission denied > > This problem doesn't occur if not trying to chroot on a mountpoint. > Any idea ? I know it once was possible to do this (with a 2.4 kernel). Am > I doing something wrong ? Might it be a debian-specific bug ? > > Thanks ! > Marc > > > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Improving utils / debian package
Hello, I've read this thread with interest., but I am also a little confused. Are these modifications for the debian util-vserver package? Or are these general modifications to util-vserver? Is vserver_sarge distributed with the util-vserver package? Does this method of building vservers replace the debian newvserver command? Thanks for the improvements! micah On Thu, 05 May 2005, Thomas Gelf wrote: > vserver vstest build --netdev eth0 --interface 192.168.192.168/24 \ > --initstyle plain --context 501 --hostname vstest.company.local \ > -m debootstrap -- -d sarge -m http://mirror.company.local/debian \ > -s /usr/lib/debootstrap/scripts/vserver_sarge > > scripts/vserver_sarge is the same as scripts/sarge, our modifications > are: > > ok, that's it - works fine and has already installed many many > ready-to-use debian vservers. It for sure needs some cleanup, as > ola merged most of this stuff into newvserver we could use his > code in a new cleanup script for debian as a part of util-vserver > somewhere in /usr/lib/util-vserver/distributions/... > > this approach needs no modification to vserver-build.functions, > tries to do things the way debian likes it and tries to be as less > "intrusive" as possible. ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] /tmp issues
Edit /etc/vservers//fstab to have the filesystem parameters you want, remove the /tmp line that is in there and put in the one you want to be mounted. micah On Tue, 31 May 2005, Gaz Wilson wrote: > > Hi! > > I would like to mount a filesystem as /tmp from outside of the vserver > (i.e. NFS on the host, mounts directoried mapped into the vserver at boot > time) - this works well for user data directories, but when the vserver > is started, a tiny (RAM based?) /tmp is mapped instead of my disk > based /tmp. > > Is the vserver default /tmp changable or removable? The reason I want > to do this is I want to share a disk based tmp across multiple servers > so the content is the same regardless of which server the user accesses. > > Any clues? > > G > > -- >/ Gary Wilson, aka dragon/dragonlord/dragonv480\ > .'(_.--. e: [EMAIL PROTECTED] MSN: dragonv480 .--._)`. > < _ | Skype:dragonv480 ICQ:342070475 AIM:dragonv480 | _ > > `.( `--' w: http://volvo480.northernscum.org.uk `--' ).' >\w: http://www.northernscum.org.uk / > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] hostname in guest is equal to the hosts hostname
Depends on what you used as arguments when you created the vserver. Since its already been created, maybe changing /etc/vservers//uts/nodename to what you are expecting and restarting the vserver will get your expected results. micah On Mon, 30 May 2005, Thorsten Busse wrote: > Hi, > > I set up vserver 2.0 rc2 / kernel 2.6.11.10 / debian. If I run a guest > (debian sarge) and type hostname the hostname of the host gets returned > and not the one of the guest. Also hostname -i gives me the ip address of > the host and not of the client. > > Is this some configuration issue or a bug in vserver? > > > Cheers, > > - Thorsten > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Start-Up Scipts
Can you add the bind mount to /etc/vservers/wwwmain/fstab so that it is mounted on startup? micah Oliver Welter schrieb am Friday, den 27. May 2005: > Hi List, > > I have a little problem with vserver Start-up scriots... > I am running Gentoo Host/Guest with 2.6.9 kernel and vserver-tools 0.30.196 > > 1) I have a vServer called "wwwmain" - I added a script "wwwmain.sh" in > /etc/vservers/ but it seems that this is never executed.. > > 2) I want to create a "mount --bind" inside the vserver. The problem is > that I need this mount-point already when running through the init > (Apache has its config on this mount) > I tried "vnamespace -e wwwmain mount --bind" which works fine after > starting the vserver, but how can I call this command when the context > is set up but the init has not started... > > Oliver > -- > Diese Nachricht wurde digital unterschrieben > oliwel's public key: http://www.oliwel.de/oliwel.crt > Basiszertifikat: http://www.ldv.ei.tum.de/page72 > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Is the VServer the right thing for me?
This would be a great script, just reading the items that you wrote made me curious about some things in my setup and would like to test them out, but manually it would be a chore on several of them of course. micah On Fri, 29 Apr 2005, Oliver Dietz wrote: > Hi NG, > Hi Herbert, > > >>Is there a tool (like testme.sh) that tests the common (maybe also > >>uncommon) possibilities of misconfigurations (like the capabilities and > >>chroot-exploids) from inside the VServer? > > > >not yet, but sounds like something useful to me ... > > ok, lets do some brainstorming (comment: i'm no vserver specialist nor can > i write programs on linux): > > Output could be like this: > --- > # vserver test enter > [...] > context id is now ... > [...] > # vcapcheck > Checking environment ... > > conextid is: 4711 [OK] > effective userid is: 0 [OK] > real userid is: 0 [OK] > effective groupid is: 0[OK] > real groupid is: 0 [OK] > > Checking posix capabilities ... > > i have CAP_CHOWN [OK] > i have CAP_KILL[OK] > [...] > i have CAP_LINUX_IMMUTABLE[WARN] > if you have locked some files because of unification, > you should assign the immutable-flag to an vps. > to remove this capability edit ... > i dont have CAP_NET_BROADCAST[OK] > i have CAP_SYS_BOOT [ERROR] > Warning: any vserver can reboot the read server > i dont have CAP_MKNOD [OK] > > Checking the Network Separation ... > > determining if someone other listens on my ip [WARN] > on port 22 (ssh) listens someone other, maybe > the host is configured to listen on 0:0:0:0 > trying to listen on localhost: no success [OK] > [...] > > Trying to break out the chroot-jail ... > > ... to access the hosts files: no success [OK] > ... to access other vservers: success [ERROR] >[...] > > Trying to mount hda/sda/...: no success [OK] > Checking dev-directory: nothing suspicious found >[OK] > Checking proc-fs [WARN] > found kmem-entry [...] > > Checking for the usable RAM space [512MB] > Checking for available disk space [10 G] > if the vserver is on the same partition as the real server > you should verify that the vserver can't grab all disk space > available > [...] > --- > > hm ... this list will get very long ... but i think its very useful when > configuring a vserver ... > > > ... Oliver > > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Update on Debian kernel 2.6.8-15 and vs1.9.5
Here is an update of more hacking done to port the vserver 1.9.5 patches to the debian 2.6.8 kernel. I've applied Bertl's second attempt at the patch ;) to the Debian 2.6.8-15 kernel-source tree, configured everything (including vserver and kernel debugging options), compiled and installed the kernel. Everything has been stable so far. Tonight we tested a few of the TODO items: . Uptime virtualization test Uptime virtualization will cause the context to account all process times and the uptime relative to the the context starting. When you do not have the virtualized uptime flag set, the uptime in a context is the host's uptime. It was not expected that this test would work, but we wanted to know for sure. The test: chcontext --ctx 100 --flag ^17 bash -c "sleep 600 & sleep 500; uptime; ps auxwww" This will change context to 100, set the uptime virtualization flag, and then run two sleeps (the first in the background). If it is working it should show something like 8 minutes uptime and the process start time for the backgrounded sleep should be 8 minutes back, and the current time for the "ps auxwww". Result: The uptime worked, but the ps time was wrong Bertl created new patches which should fix most of the issues (possibly including the uptime), and incorporates all fixes waiting for 1.9.6: http://vserver.13thfloor.at/Experimental/patch-2.6.8-15-vs1.9.5.x-3.diff http://vserver.13thfloor.at/Experimental/delta-2.6.8-15-vs1.9.5.x-2-3.diff (second is a delta between the -2 and the first) Three major things will not be included in this Debian version: - varhz: this changes the timer interrupt the kernel uses (was 100Hz for 2.4 and now is 1000Hz) the varhz allows you to change it between 20 and 2 Hz, this reduces the slice time for interactive servers and/or decreases the scheduling overhead. It didn't make a really big difference so it probably will go away soon. - the memory split for x86: memory split simply doesn't work before 2.6.9*/10 (this allows to have other memory splits on i386 other than 3/1 which allows to have more than 1GB memory without himem. For example systems with 2GB memory using highmem for them will add significant overhead, avoiding that with a 2/2 split is simply an advantage - bind mount extensions: http://lwn.net/Articles/124482/ bind bind mount extentions exist for 2.6.8, but are very different than the ones used for 2.6.11+, so they aren't included, if they are desired, then you should use the older patches, or move on to the 2.6.11 kernel TODO: . Test the -3 version of the patches . Need to check task_state (in proc) regarding initpid virtualization (means /proc//stat(us) . Need to check ext2/ext3 xattr with disk limit accounting . Need to test NFS . Need to test other basic capabilities (http://linux-vserver.org/Linux-VServer-Paper-14) ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Report on Debian kernel 2.6.8-15 and vs1.9.5.12
Here is a report of the hacking done last night (or day, depending on your timezone) to port the vserver 1.9.5.12 patches to the Debian kernel 2.6.8. Bertl is truely an amazing kernel hacker! Debian's Sarge, which will freeze "any day now"(tm), will be shipped with the 2.6.8 kernel as the primarly supported kernel. It contains backports of critical issues (including security fixes and major crashes), is the 2.6 kernel that is part of the Debian Installer that will be a part of the Sarge release, and will be the primary supported kernel for Sarge. This means that most Debian users will use the Debian 2.6.8 kernel, however there will be a 2.6.11 kernel available as a fall-back in the case that 2.6.8 has a major problem that cannot be backported. It is for these reasons that there was work done to get the vserver 1.9.5 patch sets to work with this version of the Debian kernel. Having a working version of this patch against the Debian kernel will make it easier to get it to work for future Debian kernel revisions, and will be included in the debian package kernel-patch-vserver. Plan: . Get a vanilla/mainline 2.6.11.6-vs1.9.5.12 kernel up and running on one machine . Find a way to easily check the debian 2.6.8-15-vs1.9.5.12 kernel, compare them and check for differences . Port the split vserver 1.9.5.12 patches, by using a diff against the vanilla 2.6.8 source and the debian 2.6.8-15 source (this diff has the md5sum: 823fee2ebc230fdddff90824662fae62) . Compile, reboot, test test test. Progress: . Got the 2.6.11-vs1.9.5.12 kernel up and running . Installed the vserver utils 0.30.205 + 2 patches . Converted legacy vserver configurations to new format . Bertl finished adapting each split patch, reassembled and was able to build successfully . Filed a couple Debian kernel-source-2.6.8 bug reports . First compile did not boot in qemu . After disabling power-management it boots fine (apparantly ACPI and PM got selected in kernel config) . 02:08 < Bertl> Linux-VServer Test [V0.11] (C) 2003-2005 H.Poetzl 02:08 < Bertl> chcontext is working. 02:08 < Bertl> chbind is working. 02:08 < Bertl> Linux 2.6.8-vs1.9.5 i686/0.30.204/0.30.204 [Ea] 02:08 < Bertl> VCI: 0001:0025 273 03110076 02:08 < Bertl> --- 02:08 < Bertl> [001]# succeeded. 02:08 < Bertl> [011]# succeeded. 02:08 < Bertl> [031]# succeeded. 02:08 < Bertl> [101]# succeeded. 02:08 < Bertl> [102]# succeeded. 02:08 < Bertl> [201]# succeeded. 02:08 < Bertl> [202]# succeeded. . Bertl tried with a different split (different from default) and it was broken somehow . http://vserver.13thfloor.at/Experimental/patch-2.6.8-15-vs1.9.5-1.diff was the first one . The latest version is http://vserver.13thfloor.at/Experimental/patch-2.6.8-15-vs1.9.5-1.1.diff Notes/TODO: . Need to test NFS . Need to compile, boot and test several times with small changes, loooking at various features (from vserver paper and changelogs) to know what to test . Need to check ext2/ext3 xattr with disk limit accounting . The ext3 xattr/dquot stuff is broken in Debian, Bertl submitted a patch a few months ago that was included in mainline (http://lkml.org/lkml/2005/1/26/174), this gets quota wrong (filed debian bug: #303426) . Debian is missing http://www.ussg.iu.edu/hypermail/linux/kernel/0501.3/1026.html which is a spinlock_assert issue will crash your kernel when compiled with up/spinlock_debug (filed debian bug: #303424) . Debian has atomic_inc_return for all archs, except x86 (but not really a 'bug' because kernel does not need inc_and_return()) . Had to add some rcu stuff (what was this Bertl?) . Need to check task_state (in proc) regarding initpid virtualization . Virtual process uptime probably needs fixing . FIXADDR mapping is missing (what is this Bertl?) . Need to test cross-compile for other arches (http://vserver.13thfloor.at/Stuff/Cross/howto.info) . Need to compile x25 in, as this is one of the typical bug sources in recent vserver kernels Additional Info: . The Debian kernel has a lot of modules configured by default, needed to find a way to recompile the vserver debian kernel with minimal recompile times: using the official debian image packages, you can nuke the extra configs, and drop a lot of modules out of the remaining configuration: rm config/{386,k7,k7-smp,686-smp} cp config/686 linux-2.6.11/.config, cd linu
Re: [vserver] Delete
Yes, but make sure that you stop the vserver first! micah Timo Mueller schrieb am Monday, den 07. March 2005: > Hey, > > how can I completly remove a vserver ? > Just delete the directory and the configfiles ?? > > Thanks > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] bouncing users off the ssh trampoline
I've recently had this script pointed out to me by Bertl: http://vserver.13thfloor.at/Stuff/SCRIPT/trampoline.sh I also found this IRC log which details the creation of it, and how to use it: http://www.sculpturedlife.com/vserver/irc-logs/index.php?date=2004-07-08 The basic idea is that you put this script in /root, then you add to .ssh/authorized_keys something like the following: command="/root/trampoline.sh",environment="CTX=$NAME" ssh-dss B3NzaC1kc3MAAACBAN1V+DSc1RC... substitute $NAME for the context that the user should be bounced into, and change the ssh-dss AB3... into the actual ssh id_dsa.pub or id_rsa.pub for the user. This works great for the root user, however, if you try to do this for a non-root user you run into problems: ARGS: CONTEXT: flat -- /bin/rm: cannot remove /usr/local/var/run/vservers/flat': Permission denied 'vserver ... suexec' is support for running vservers only; aborting... the vserver is running for sure, so I changed the /root/trampoline.sh script to add a --debug to see what is going on. The relevant portion is below: +++ _ivr_procnum=0 ++ test 0 = 0 +++ /usr/local/lib/util-vserver/readlink /usr/local/etc/vservers/flat/run ++ local runfile=/usr/local/var/run/vservers/flat ++ test -z 1 ++ /bin/rm -f /usr/local/var/run/vservers/flat /bin/rm: cannot remove /usr/local/var/run/vservers/flat': Permission denied ++ return 1 ++ return 1 ++ is_stopped=1 ++ test -z 1 -o '' ++ echo ''\''vserver ... suexec'\'' is support for running vservers only; aborting...' 'vserver ... suexec' is support for running vservers only; aborting... ++ exit 1 Apparantly vserver $CTX exec /bin/bash is trying to remove /usr/local/var/run/vservers/flat which cannot happen because that is owned by root, not by the user that I am running as, so it fails to allow me to enter. Is there a way around this, or perhaps a better way to do this? Should I suid the trampoline.sh script (yikes!)? Some additional questions: 1. What about users who do not have a ssh-key, but have a password instead? 2. Will this work for sftp? 3. Can a user be bounced as that particular user into the vserver? 4. can I create a vserver whose purpose is to do this bouncing? If I created a vserver called "sshtrampoline" this vserver would somehow need to run the vserver command, but wouldn't be able to because it was in its own context already Micah ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Patching kernel-source-2.6.10 (Debian)
On Tue, 22 Feb 2005, Ola Lundqvist wrote: > Well then I would use exprimental instead. Let us start there at least. Great, Herbert has offered his help in creating a Debian Kernel 2.6.8 vserver 1.9.4 patch, lets take him up on the offer and get this into experimental. > > > 1) Have heard of build problems on some arches. > > > > Can you elaborate so they can be fixed? > > The problem right now is that I do not have access to machines to test on. What are the architectures, and what are the problems? There are many people here who have many different types of machines available and seeing the problems can help resolve them. Micah ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vs1.9.4 against Debian 2.6.10-5
Thanks for providing this Stephen! It is my understanding from the Debian kernel team that 2.6.8 is the kernel that will be shipped with Sarge. The 2.6.10 kernel will go away once 2.6.11 comes available (any day now), 2.6.8 will be supported with security fixes and stability fixes and the 2.6.1[0|1] kernel will be the fall-back maintenance kernel if for some reason 2.6.8 doesn't work out. With this in mind, does anyone know of a debian 2.6.8 kernel patch for vserver 1.9.4? Micah On Tue, 22 Feb 2005, Stephen Frost wrote: > All, > > Here's the vs1.9.4 patch changed to patch cleanly against Debian's > 2.6.10-5 kernel. It was relatively simple, just a change in mmap.c > that caused the one reject file (which I then fixed). As someone else > mentioned wrt their patch: > > There might be security, meltdown and KillAndEatMyDog problems. > > http://kenobi.snowman.net/~sfrost/patch-2.6.10-5-debian-vs1.9.4.diff > > I'd like to hear if you have problems with it though, since I'm > running it in a number of places. > > Thanks, > > Stephen > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Patching kernel-source-2.6.10 (Debian)
On Sun, 20 Feb 2005, Ola Lundqvist wrote: > > > An example would be the difference between kernel-patch-2.4-grsecurity > > > (for 2.4 kernels and old grsec) and kernel-patch-grsecurity2 (for 2.6 > > > kernels and new grsec). Obviously the maintainer of the -ctx patch and > > > the util-vserver does not find the newer patch and utilities important > > > or stable enough, but everyone else does. > > I have argued about this lot of times. I think the current development > branch is really good. The problem is that I do not see a timeline for the > Debian release and I would like a couple of months of testing (with the > package in testing) before I would like to release vserver to Debian > stable. I believe that it is possible to provide the new kernel patch and utilities in Sid (unstable) that do *not* migrate into Sarge, simply tag them as having an RC bug... However, if we could say that Debian will not freeze in the next two months, would you consider putting the new kernel patches and utilities into Sid and letting them migrate into testing so that they can be tested for two months? > > And, again, the current maintainer seems active, a little suprised he > > hasn't commented on this thread... > > I do not read this mailinglist every day. :) > > I want to explain this as it get up to discussion from time to time. > > 1) I'm interested in the development branch. Great... > 2) I really would like "upstream" to release this development branch >in some kind of stable version. We have discussed this quite a lot >and it do not seem too far away. The upstream has mentioned and commented in this thread that the 1.9.4 release that has recently happened is "stable", it is a matter of semantics here. > 3) I want the development branch to have at least a couple of months of >testing in the Debian distribution to catch the most critical issues before >sarge is released as stable. And right now I have no clue when this >is going to happen. I have a fairly decent idea because I am working on the sarge-testing security team trying to resolve all remaining security holes in sarge while the security buildd infrastructure is setup. Its not far off, but it is not inconceivable that it could be two months before everything is ready. However, I think the repository for testing is the unstable respository, put things there, let us who want to use it use it. Tag it with a RC bug so it doesn't merge into Sarge and then everyone will be happy. > 4) I will release a util-vservers and kernel-patch-ctx (or similar name) >to exprimental soon. I hope I can get some time, maybe tomorrow. Experimental is a good first step. I highly recommend changing the name to kernel-patch-vserver as the "ctx" name has not been used in a really long time, the website doesn't mention it and the project is known as vservers. Additionally, if you do an apt-cache search vserver you do *not* find kernel-patch-ctx, I thought that the vserver patch wasn't included in debian and was about to file an ITP before I found the kernel-patch-ctx package. Two and a half years from now, when Sarge is as old as Woody is now, the kernel-patch-ctx is going to be very outdated and it will have been about 4 years since anyone had referred to the project as CTX. > 5) My main focus before the release of sarge as stable, is to not get any >release critical bugs to my packages. It would be _very_ sad if > util-vserver >will not be released at all becuase of build problems, RC bugs or similar. >Such decisions is FTP-masters and I can not do anything about it more than >having a really stable package. No problem... this makes perfect sense, however you can keep the newer version out of Sarge, and leave the one in there as it is and it will be fine. > 1) Have heard of build problems on some arches. Can you elaborate so they can be fixed? > 3) Handling of /var/lib/vserver with backward compatibility mode. What needs to be done here? > So please do not hijack my package. I have quite long experience with Debian > Development and I know that changing things just before a release is a _very_ > bad > thing. I did so just before the last release (and during a security update) > and I > have learnt a big lesson there. As I have said over and over and over again, and will say so here again, I do not want to hijack your package. I simply wanted to either encourage you to update it before it was too late, or to put together a different package. Micah signature.asc Description: Digital signature ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Patching kernel-source-2.6.10 (Debian)
Stephen Frost schrieb am Sunday, den 20. February 2005: > In general I feel it's: > > a) bad form to hijack packages from active maintainers I'm not suggesting to hijack these packages. > b) Have multiple source packages in the archive for the same programs The difference between these programs is so vast that I don't really believe that you can say that these are the "same program". Thats like saying vim is the same as nvi is the same as elvis, or that bittorrent is the same as bittornado. They are all based on the same original thing, and often share similar code, but they all have very different enhancements that make them unique and appropriate as different packages. I am not even sure it makes sense to call the vserver kernel patch CTX anymore (the debian package is kernel-patch-ctx), even the 1.2.10 version is referred to as the vserver patch. I had no idea that this patch existed in debian, because I never thought to look for kernel-patch-ctx (and apt-cache search vserver does not return kernel-patch-ctx). > c) effectively go around the existing maintainer This I agree with. Since the maintainer is not responding to these messages, I suspect that they are busy and cannot notice them. It would be only appropriate to ask them directly, even better to CC the bug report on this so the communication can be in the open. > It's not entirely the case that the existing maintainer is totally > uninterested in the 1.9.x vserver series or I'd be more concerned. He's > shown interest and seemed to be working with some others on a better > solution to the current situation (which might involve what you're > suggesting, but I'd really hope not..). I don't know that we've given > them quite enough time yet to claim that nothing's happening and that we > need to move forward independently - it's only been maybe a month or so > as I recall since serious discussion of 1.9.x was brought up to the > maintainer. Then we should ask them what their plans are, and what is going on with this, and if they need help. > And, again, the current maintainer seems active, a little suprised he > hasn't commented on this thread... The current maintainer has 71 packages to their name, many of them very high-profile busy packages that need a lot of work, its my guess that they have their hands full. micah ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Linux-VServer Agenda ...
Herbert, This is a great honor, congratulations! Ultimately the decision is up to you, however as someone who has found your presence in the vserver project to be incredibly valuable, I fear that we will loose such an important piece of this project if you were to take this position. Many free software developers are hired by corporations because the corporations have found that their software is valuable to them, their paying someone enables them to contribute to the community, as well as ensure that the development of the software is able to be sustained in such a way that does not leave them in a bind. It also gives them the ability to say that they contribute to the Free Software movement, if they find it advantageous to make such a claim. If this company is wanting to hire you so that you can continue to work on the vserver project (and get paid), then this is a great opportunity for you and weighing the pros and cons of taking this position are very easy. If the company is wanting to hire a good kernel developer to work on their product, then I would be suspicious. Why? Well, they obviously have identified you as a good kernel developer and would find you a valuable addition to their team. However, they would be asking you to focus your work, time and energy on their product, rather than the vserver product. This may be fine, because you could still work on vserver in your spare time, but working for a demanding company takes its toll and your spare time is often spent recovering from work, rather than doing more coding. You have done incredible work in the vserver project, this work has been done with care and passion, time and energy. If this company wants to take you away from the project that you have devoted so much of yourself to, then there must be a very good reason for you to do that, otherwise they are tearing you away from something you enjoy to work on their commercial product. This would show to me that they do not care about the vserver project, but only their product, and this is not a very nice way to treat someone. It is my opinion that if they want to take you away from the project that you have devoted yourself to in a very passionate way, then they either should be supporting the vserver project in doing so, or it does not matter because you need the money. I suppose some of this suspicion comes from the fact that this company develops a product that is very similar to vservers, but it is commercial and proprietary. I question their motivation behind wanting to hire you, the driving force behind the free software "competitor" to their product. It would be a shrewd business move for them to hire you away from the vserver project because they think that it would languish and fall apart without you behind it. However, I do not know the details of what your arrangement with them would be, or what they have said to you about the vserver project, or their plans for their own product. Perhaps they want to pay you to work on vservers and they will move their product to use vservers as a base, I do not know. These are important questions I think to ask. I do not say all of this to dissuade you from taking this job, if you need to take it, you should, the decision is up to you. I for one would miss greatly Bertl if he was not around because he got vacuumed up by a company. micah Herbert Poetzl schrieb am Sunday, den 20. February 2005: > > Hi Community! > > yesterday evening I had the pleasure to meet with > Serguei Beloussov. we had excellent Dinner at the > 'Schnitzelwirt' where we talked about - who would > have guessed - different virtualization techniques > and various commercial and non commercial products > in this area ... > > he clearly pointed out that his company has some > interest, that virtualization techniques - like the > one linux-vserver uses - 'gain momentum' in the face > of system emulators like VMware(tm) and partitioning > approaches like Xen. he also told me that they are > watching this project very closely and that, while > it is small compared to their products, it's quite > interesting ... > > after that we had some fun with Billards (Carambol) > and right afterwards I was basically offered a job > where I would be able to do some kernel development > and get payed for doing so ... > > let me know what you think! > > TIA, > Herbert > > > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Patching kernel-source-2.6.10 (Debian)
Stephen Frost schrieb am Thursday, den 17. February 2005: > This is certainly something I'm all for, and were the Debian maintainer > of vserver going to upload a kernel-patch for 1.9.4 I'd be happy to help > him create that package such that it patches cleanly against Debian > kernel sources (again, not hard to do, really). What is to stop us (both debian developers), as well as other debian developers who are wanting this, from creating our own kernel-patch package that implements the patches for 1.9.4 and the updated tools? An example would be the difference between kernel-patch-2.4-grsecurity (for 2.4 kernels and old grsec) and kernel-patch-grsecurity2 (for 2.6 kernels and new grsec). Obviously the maintainer of the -ctx patch and the util-vserver does not find the newer patch and utilities important or stable enough, but everyone else does. If the maintainer of the -ctx patch and of util-vserver wishes to continue to maintain those old packages and does not wish to maintain the package for the newer kernel patch and newer utilities, we should have no problem with that. We simply solve what is obviously our problem, rather than try to make it Ola Lundqvist and Ron Lee's problem. > I think it's a good idea, but I'm not the current maintainer, just > another DD. and another here... micah ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Small bug report and feature request
On Tue, 01 Feb 2005, Enrico Scholz wrote: > [EMAIL PROTECTED] (Herbert Poetzl) writes: > > > here is some other stuff to think about ;) > > > > http://linux-vserver.org/ToDo+List+Tools > > |* make a 'clone' build method > | > |which allows to clone an existing vserver (with modified options) > > I would like to have a generic CLI tool which modifies the > configuration, before I implement this method. 'vcopy' needs > testing also; especially for the not-link-but-copy and > skipped-files cases. What is vcopy? I did not know it existed and I cannot find any man pages for it. Does it do a "clone" of a vserver? Micah ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vunify problem
On Tue, 01 Feb 2005, Enrico Scholz wrote: > [EMAIL PROTECTED] (Micah Anderson) writes: > > > Then I followed the instructions on > > http://linux-vserver.org/alpha+util-vserver to unify vservers: > > > > 1. mkdir -p /usr/local/etc/vservers/MT/apps/vunify > > 2. ln -s /usr/local/etc/vservers/seedbank > > /usr/local/etc/vservers/MT/apps/vunify/refserver.00 > > > > Then when I do a dry-run of the unification, it does not work: > > # /usr/local/lib/util-vserver/vunify -v -n MT > > /usr/local/lib/util-vserver/vunify -v -n MT > > Initializing exclude-list for /vservers/MT (MT) > > no reference vserver configured > > > > ? > > Strange... you should get 'unification for reference vserver not > configured'... I should mention that I am using util-vserver-0.30.201. > Can you try > > | # mkdir -p /usr/local/etc/vservers/seedbank/apps/vunify > | # /usr/local/lib/util-vserver/vunify -v -n MT This worked... I see that the mkdir -p /usr/local/etc/vservers//apps/vunify was not included in the instructions, but it is now. This solved the problem. Also, while following these instructions I was not sure if this line was correct: # ln -s /etc/vservers/ /etc/vservers//apps/vunify/refserver.00 I thought it was intending: # ln -s /etc/vservers/ /etc/vservers//apps/vunify/.00 but I see that is supposed to be literally "refserver.00". Thanks! micah ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] vunify problem
I am having problems getting vunify to work properly. I have created a reference server called "seedbank", I then cloned that reference server into a new vserver called MT (I did this by doing vserver MT build -m skeleton; cp -a /vservers/seedbank/* /vservers/MT). Then I followed the instructions on http://linux-vserver.org/alpha+util-vserver to unify vservers: 1. mkdir -p /usr/local/etc/vservers/MT/apps/vunify 2. ln -s /usr/local/etc/vservers/seedbank /usr/local/etc/vservers/MT/apps/vunify/refserver.00 Then when I do a dry-run of the unification, it does not work: # /usr/local/lib/util-vserver/vunify -v -n MT /usr/local/lib/util-vserver/vunify -v -n MT Initializing exclude-list for /vservers/MT (MT) no reference vserver configured ? Thanks for any tips! micah ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Small bug report and feature request
A small bug report and a feature request: 1. vserver --help shows me: running ... succeeds iff the vserver is running -^^^ should only be one "f" :) Feature request would be to create a vserver remove that properly shuts down the vserver and then removes its configuration and vserver files. I mistakenly removed the files before stopping the vserver last night and it was an interesting adventure to solve that (credit of course goes to Bertl to track down how). micah ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Networking between vservers
I just found out the exact thing that you suggested before I read your message, I had a SNAT line: Chain POSTROUTING (policy ACCEPT) target prot opt source destination SNAT all -- 192.168.0.1 anywhere to:212.112.147.194 Duh... thanks :) Micah On Wed, 21 Apr 2004, Liam Helmer wrote: > Oh, ok. Then, it's probably an iptables rule that's doing it, 'cause the > processes inside the vserver wouldn't be able to bind to that IP to > connect otherwise. Check and make sure that you've excluded traffic to > private ips from your SNAT/MASQUERADE rules. > > Cheers, > Liam > > On Wed, 2004-04-21 at 19:07, Micah Anderson wrote: > > You may have missed the section below where I include the > > vservers/.conf file which shows clearly that the private IP is > > in the IPROOT= variable, and this still doesn't work. > > > > micah > > > > On Wed, 21 Apr 2004, Liam Helmer wrote: > > > > > To make it communicate using a private IP would involved adding that > > > private ip to it's IPROOT= variable in the vservsers/.conf file. > > > However, you're probably much better off adding permissions to the mysql > > > server so that that the external IP can connect, and not changing the > > > vserver config at all. > > > > > > Cheers, > > > Liam > > > > > > On Wed, 2004-04-21 at 02:03, Micah Anderson wrote: > > > > I've got a vserver whose IP is 192.168.0.1 and another whose is > > > > 192.168.0.2. I can ping between these two vservers fine, however, I > > > > tried to setup mysql to connect from .1 to .2 and found that it was > > > > using the host's actual IP to connect, instead of the private IP: > > > > > > > > $ mysqladmin -h 192.168.0.2 ping > > > > connect to server at '192.168.0.2' failed > > > > error: 'Host '212.112.147.194' is not allowed to connect to this MySQL > > > > server' > > > > > > > > I used tcpdump to look at the different interfaces, and it was only > > > > when I looked at the loopback did I see the traffic happening: > > > > > > > > 18:51:54.867738 212.112.147.194.43166 > 192.168.0.2.mysql: S > > > > 648997658:648997658(0) win 32767 > > > 0,nop,wscale 0> (DF) > > > > 18:51:54.867825 192.168.0.2.mysql > 212.112.147.194.43166: S > > > > 649947611:649947611(0) ack 648997659 win 32767 > > > 16396,sackOK,timestamp 88679821 88679821,nop,wscale 0> (DF) > > > > 18:51:54.867904 212.112.147.194.43166 > 192.168.0.2.mysql: . ack > > > > 1 win 32767 (DF) > > > > 18:51:54.868663 192.168.0.2.mysql > 212.112.147.194.43166: P > > > > 1:77(76) ack 1 win 32767 (DF) > > > > [tos 0x8] > > > > 18:51:54.868740 212.112.147.194.43166 > 192.168.0.2.mysql: . ack > > > > 77 win 32767 (DF) > > > > 18:51:54.868801 192.168.0.2.mysql > 212.112.147.194.43166: F > > > > 77:77(0) ack 1 win 32767 (DF) > > > > [tos 0x8] > > > > 18:51:54.869254 212.112.147.194.43166 > 192.168.0.2.mysql: F > > > > 1:1(0) ack 78 win 32767 (DF) > > > > [tos 0x8] > > > > 18:51:54.869305 192.168.0.2.mysql > 212.112.147.194.43166: . ack > > > > 2 win 32767 (DF) [tos 0x8] > > > > > > > > How can I make it so that the vserver is communicating with the > > > > private IP instead of the public one? I want to do this so I can allow > > > > some vservers the ability to access the mysql, but not others. I can > > > > simply add 212.112.147.194 to the tables to be able to connect, but > > > > then all the vservers would be able to connect, when I only want > > > > 192.168.0.1 to be able to connect, but not 192.168.0.3 for example. > > > > > > > > Thanks for any pointers! Here is some more info: > > > > > > > > /etc/vservers/db.conf: > > > > # > > > > # the vserver which runs the databases > > > > # > > > > S_DOMAINNAME="db" > > > > S_HOSTNAME="db" > > > > IPROOT="192.168.0.2" > > > > IPROOTMASK="255.255.255.0" > > > > IPROOTDEV="eth0" > > > > S_CAPS="CAP_NET_RAW" > > > > > > > > /etc/vservers/zun.conf: > > > > S_HOSTNAME="zun" > > > > IPROOT="192.168.0.1" > > >
Re: [Vserver] Networking between vservers
You may have missed the section below where I include the vservers/.conf file which shows clearly that the private IP is in the IPROOT= variable, and this still doesn't work. micah On Wed, 21 Apr 2004, Liam Helmer wrote: > To make it communicate using a private IP would involved adding that > private ip to it's IPROOT= variable in the vservsers/.conf file. > However, you're probably much better off adding permissions to the mysql > server so that that the external IP can connect, and not changing the > vserver config at all. > > Cheers, > Liam > > On Wed, 2004-04-21 at 02:03, Micah Anderson wrote: > > I've got a vserver whose IP is 192.168.0.1 and another whose is > > 192.168.0.2. I can ping between these two vservers fine, however, I > > tried to setup mysql to connect from .1 to .2 and found that it was > > using the host's actual IP to connect, instead of the private IP: > > > > $ mysqladmin -h 192.168.0.2 ping > > connect to server at '192.168.0.2' failed > > error: 'Host '212.112.147.194' is not allowed to connect to this MySQL > > server' > > > > I used tcpdump to look at the different interfaces, and it was only > > when I looked at the loopback did I see the traffic happening: > > > > 18:51:54.867738 212.112.147.194.43166 > 192.168.0.2.mysql: S > > 648997658:648997658(0) win 32767 > 0,nop,wscale 0> (DF) > > 18:51:54.867825 192.168.0.2.mysql > 212.112.147.194.43166: S > > 649947611:649947611(0) ack 648997659 win 32767 > 16396,sackOK,timestamp 88679821 88679821,nop,wscale 0> (DF) > > 18:51:54.867904 212.112.147.194.43166 > 192.168.0.2.mysql: . ack > > 1 win 32767 (DF) > > 18:51:54.868663 192.168.0.2.mysql > 212.112.147.194.43166: P > > 1:77(76) ack 1 win 32767 (DF) > > [tos 0x8] > > 18:51:54.868740 212.112.147.194.43166 > 192.168.0.2.mysql: . ack > > 77 win 32767 (DF) > > 18:51:54.868801 192.168.0.2.mysql > 212.112.147.194.43166: F > > 77:77(0) ack 1 win 32767 (DF) > > [tos 0x8] > > 18:51:54.869254 212.112.147.194.43166 > 192.168.0.2.mysql: F > > 1:1(0) ack 78 win 32767 (DF) > > [tos 0x8] > > 18:51:54.869305 192.168.0.2.mysql > 212.112.147.194.43166: . ack > > 2 win 32767 (DF) [tos 0x8] > > > > How can I make it so that the vserver is communicating with the > > private IP instead of the public one? I want to do this so I can allow > > some vservers the ability to access the mysql, but not others. I can > > simply add 212.112.147.194 to the tables to be able to connect, but > > then all the vservers would be able to connect, when I only want > > 192.168.0.1 to be able to connect, but not 192.168.0.3 for example. > > > > Thanks for any pointers! Here is some more info: > > > > /etc/vservers/db.conf: > > # > > # the vserver which runs the databases > > # > > S_DOMAINNAME="db" > > S_HOSTNAME="db" > > IPROOT="192.168.0.2" > > IPROOTMASK="255.255.255.0" > > IPROOTDEV="eth0" > > S_CAPS="CAP_NET_RAW" > > > > /etc/vservers/zun.conf: > > S_HOSTNAME="zun" > > IPROOT="192.168.0.1" > > IPROOTMASK="255.255.255.0" > > IPROOTDEV="eth0" > > S_FLAGS="lock nproc" > > ULIMIT="-u 256 -n 1024" > > S_CAPS="CAP_NET_RAW" > > > > Thanks! > > > > micah > > > > > > "Naturally, the common people don't want war, but after all, it > > is the leaders of a country who determine the policy...Voice or no > > voice, the people can always be brought to the bidding of the leaders. > > This is easy. All you have to do is to tell them they are being > > attacked, and denounce the pacifists for lack of patriotism and > > exposing the country to danger. It works the same in every country." > > -- Goering, Nuremburg trial > > ___ > > Vserver mailing list > > [EMAIL PROTECTED] > > http://list.linux-vserver.org/mailman/listinfo/vserver > > > > ___ > Vserver mailing list > [EMAIL PROTECTED] > http://list.linux-vserver.org/mailman/listinfo/vserver micah "Naturally, the common people don't want war, but after all, it is the leaders of a country who determine the policy...Voice or no voice, the people can always be brought to the bidding of the leaders. This is easy. All you have to do is to tell them they are being attacked, and denounce the pacifists for lack of patriotism and exposing the country to danger. It works the same in every country." -- Goering, Nuremburg trial ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Networking between vservers
I've got a vserver whose IP is 192.168.0.1 and another whose is 192.168.0.2. I can ping between these two vservers fine, however, I tried to setup mysql to connect from .1 to .2 and found that it was using the host's actual IP to connect, instead of the private IP: $ mysqladmin -h 192.168.0.2 ping connect to server at '192.168.0.2' failed error: 'Host '212.112.147.194' is not allowed to connect to this MySQL server' I used tcpdump to look at the different interfaces, and it was only when I looked at the loopback did I see the traffic happening: 18:51:54.867738 212.112.147.194.43166 > 192.168.0.2.mysql: S 648997658:648997658(0) win 32767 (DF) 18:51:54.867825 192.168.0.2.mysql > 212.112.147.194.43166: S 649947611:649947611(0) ack 648997659 win 32767 (DF) 18:51:54.867904 212.112.147.194.43166 > 192.168.0.2.mysql: . ack 1 win 32767 (DF) 18:51:54.868663 192.168.0.2.mysql > 212.112.147.194.43166: P 1:77(76) ack 1 win 32767 (DF) [tos 0x8] 18:51:54.868740 212.112.147.194.43166 > 192.168.0.2.mysql: . ack 77 win 32767 (DF) 18:51:54.868801 192.168.0.2.mysql > 212.112.147.194.43166: F 77:77(0) ack 1 win 32767 (DF) [tos 0x8] 18:51:54.869254 212.112.147.194.43166 > 192.168.0.2.mysql: F 1:1(0) ack 78 win 32767 (DF) [tos 0x8] 18:51:54.869305 192.168.0.2.mysql > 212.112.147.194.43166: . ack 2 win 32767 (DF) [tos 0x8] How can I make it so that the vserver is communicating with the private IP instead of the public one? I want to do this so I can allow some vservers the ability to access the mysql, but not others. I can simply add 212.112.147.194 to the tables to be able to connect, but then all the vservers would be able to connect, when I only want 192.168.0.1 to be able to connect, but not 192.168.0.3 for example. Thanks for any pointers! Here is some more info: /etc/vservers/db.conf: # # the vserver which runs the databases # S_DOMAINNAME="db" S_HOSTNAME="db" IPROOT="192.168.0.2" IPROOTMASK="255.255.255.0" IPROOTDEV="eth0" S_CAPS="CAP_NET_RAW" /etc/vservers/zun.conf: S_HOSTNAME="zun" IPROOT="192.168.0.1" IPROOTMASK="255.255.255.0" IPROOTDEV="eth0" S_FLAGS="lock nproc" ULIMIT="-u 256 -n 1024" S_CAPS="CAP_NET_RAW" Thanks! micah "Naturally, the common people don't want war, but after all, it is the leaders of a country who determine the policy...Voice or no voice, the people can always be brought to the bidding of the leaders. This is easy. All you have to do is to tell them they are being attacked, and denounce the pacifists for lack of patriotism and exposing the country to danger. It works the same in every country." -- Goering, Nuremburg trial ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Error compiling util-vserver 0.29.2
This seems to compile ok! However, there are some ANSI warnings at the beginning. I am attaching my configure output and the compile output for your information. Micah On Thu, 04 Mar 2004, Enrico Scholz wrote: > [EMAIL PROTECTED] (Micah Anderson) writes: > > > I get the following error when I try to compile util-vserver 0.29.2, > > this is using linux-2.4.24 on debian woody. > > Can you try version 0.29.3 which is available at > > http://www-user.tu-chemnitz.de/~ensc/util-vserver/pre/ > > > > lib/vserver-internal.h: In function vserver': > > lib/vserver-internal.h:99: error: __NR_vserver' undeclared (first use > > in this function) > > > > > Enrico > ___ > Vserver mailing list > [EMAIL PROTECTED] > http://list.linux-vserver.org/mailman/listinfo/vserver Script started on Thu Mar 4 10:17:31 2004 checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for gawk... no checking for mawk... mawk checking whether make sets $(MAKE)... yes checking whether to enable maintainer-specific portions of Makefiles... no checking for g++... g++ checking for C++ compiler default output file name... a.out checking whether the C++ compiler works... yes checking whether we are cross compiling... no checking for suffix of executables... checking for suffix of object files... o checking whether we are using the GNU C++ compiler... yes checking whether g++ accepts -g... yes checking for style of include used by make... GNU checking dependency style of g++... gcc checking for gcc... gcc checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ANSI C... none needed checking dependency style of gcc... gcc checking for a BSD-compatible install... /usr/bin/install -c checking whether ln -s works... yes checking for ranlib... ranlib checking whether gcc and cc understand -c and -o together... yes checking whether the C-compiler accepts -Werror -W... yes checking whether gcc accepts -std=c99... no checking whether gcc accepts -Wall... yes checking whether gcc accepts -pedantic... yes checking whether gcc accepts -W... yes checking whether gcc accepts -Wno-unused-parameter... no checking whether the C++-compiler accepts -Werror -W... yes checking whether g++ accepts -ansi... yes checking whether g++ accepts -Wall... yes checking whether g++ accepts -pedantic... yes checking whether g++ accepts -W... yes checking whether g++ accepts -fmessage-length=0... no checking for linux kernel dir... /usr checking for linux kernel headers... /usr/include checking which vserver-rootdir is to use... /vservers checking for cvs2cl... no checking for rcs2log... no checking whether to enable linuxconf modules... no checking whether to use internal kernel headers... yes checking for supported APIs... legacy,compat,v11 checking how to run the C preprocessor... gcc -E checking for egrep... grep -E checking for number of syscall 'vserver'... 273/default checking for syscall(2) invocation method... auto checking which syscall(2) invocation works... fast checking how to run the C++ preprocessor... g++ -E checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking for ext2fs-headers... kernel checking linux/ext2_fs.h usability... yes checking linux/ext2_fs.h presence... yes checking for linux/ext2_fs.h... yes checking for vserver... no checking whether MS_MOVE is declared... yes checking for xid_t... no configure: creating ./config.status config.status: creating util-vserver.spec config.status: creating Makefile config.status: creating config.h config.status: config.h is unchanged config.status: executing depfiles commands raven# make echo '#include ' >linuxcaps.h.tmp sed -e 's!^#include .*!!g;s!\<__u32\>!uint32_t!g;s!\<__user\>!!g;' /usr/include/linux/capability.h >>linuxcaps.h.tmp mv -f linuxcaps.h.tmp linuxcaps.h ln -sf './lib/virtual.h' 'linuxvirtual.h' make all-am make[1]: Entering directory `/usr/src/util-vserver-0.29.3' source='lib/syscall.c' object='lib/lib_libvserver_a-syscall.o' libtool=no \ depfile='lib/.deps/lib_libvserver_a-syscall.Po' tmpdepfile='lib/.deps/lib_libvserver_a-syscall.TPo' \ depmode=gcc /bin/sh ./depcomp \ gcc -DHAVE_CONFIG_H -I. -I. -I. -D_GNU_SOURCE -Wall -pedantic -g -O2 -Wall -pedantic -W -c -o lib/lib_libvserver_a-syscall.o `test -f 'lib/syscall.c' || echo './'`lib/syscall.c In file included from lib/syscall.c:25: lib/vserver-internal.h:98:
[Vserver] Error compiling util-vserver 0.29.2
I get the following error when I try to compile util-vserver 0.29.2, this is using linux-2.4.24 on debian woody. I have cleaned the source and re-configured, but I still get this: make make all-am make[1]: Entering directory /usr/src/vserver/util-vserver-0.29.2' if gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/src/linux/include -D_GNU_SOURCE -Wall -pedantic -g -O2 -std=c99 -Wall -pedantic -W -Wno-unused-parameter -MT lib/lib_libvserver_a-syscall.o -MD -MP -MF "lib/.deps/lib_libvserver_a-syscall.Tpo" -c -o lib/lib_libvserver_a-syscall.o test -f 'lib/syscall.c' || echo './'lib/syscall.c; \ then mv -f "lib/.deps/lib_libvserver_a-syscall.Tpo" "lib/.deps/lib_libvserver_a-syscall.Po"; else rm -f "lib/.deps/lib_libvserver_a-syscall.Tpo"; exit 1; fi In file included from lib/syscall.c:25: lib/vserver-internal.h: In function vserver': lib/vserver-internal.h:99: error: __NR_vserver' undeclared (first use in this function) lib/vserver-internal.h:99: error: (Each undeclared identifier is reported only once lib/vserver-internal.h:99: error: for each function it appears in.) make[1]: *** [lib/lib_libvserver_a-syscall.o] Error 1 make[1]: Leaving directory /usr/src/vserver/util-vserver-0.29.2' make: *** [all] Error 2 ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver