--- Day changed

--- Log opened Sun Aug 24 00:00:01 2003
00:49 -!- coryb [~cory@24.124.36.198] has joined #uml
00:52 -!- coryb [~cory@24.124.36.198] has quit [Client Quit]
00:53 -!- coryb [~cory@24.124.36.198] has joined #uml
02:18 < j0s3ph3n> anyone here?
02:37 -!- j0s3ph3n [~lara_sk@65.208.20.232] has quit [Quit: Client exiting]
03:18 -!- bradley [~bradley@202.83.81.124] has joined #uml
03:18 < bradley> hey
03:20 -!- bradley [~bradley@202.83.81.124] has quit [Client Quit]
04:15 -!- frediz [~frediz@ALyon-209-1-29-234.w81-248.abo.wanadoo.fr] has joined #uml
04:34 -!- collord_ [~collord@dt.collord.net] has quit [Ping timeout: 501 seconds]
04:35 -!- collord_ [~collord@64.239.79.11] has joined #uml
05:06 -!- j0s3ph3n [~lara_sk@a002.labarts.com] has joined #uml
05:06 < j0s3ph3n> hi
05:06 < j0s3ph3n> does anyone here know why i can't mount a cow file? i'm getting errno=9
06:13 -!- frediz [~frediz@ALyon-209-1-29-234.w81-248.abo.wanadoo.fr] has quit [Quit: Pw3t]
07:36 -!- elm [~elm@217.81.171.131] has joined #uml
07:44 < elm> hello, i am new to uml, so i'd love to ask some questions about installing a uml system on top of debian woody. can someone help me doing this?
08:09 -!- elm [~elm@217.81.171.131] has quit [Quit: using sirc version 2.211+KSIRC/1.2.4]
08:36 -!- frediz [~frediz@81.51.17.152] has joined #uml
08:49 -!- elm [~elm@217.81.171.131] has joined #uml
09:48 -!- elm [~elm@217.81.171.131] has quit [Ping timeout: 490 seconds]
10:04 -!- elm [~elm@80.128.189.49] has joined #uml
10:37 -!- elm [~elm@80.128.189.49] has quit [Ping timeout: 490 seconds]
11:02 -!- ticallion [~ticallion@213.175.160.188] has joined #uml
11:04 < ticallion> guys, I'm giving an iptables tutorial on freenode.net in #iptables in 2 hours, feel free :)
11:05 < frediz> ticallion: could u remind me the link you gave about irc lessons ?
11:05 < ticallion> umm...
11:05 < ticallion> http://www.linuks.mine.nu/irc/
11:05 < frediz> thx
11:06 < frediz> bonne journée ;)
11:06 < ticallion> same to u :) btw, I understand french very well
11:07 < frediz> thats why I told you that ;)
11:07 < ticallion> but I'll be answering u in english :)
11:07 < frediz> np
11:12 -!- jdike [~jdike@jdike.stearns.org] has joined #uml
11:12 < jdike> hi guys
11:12 < frediz> hi
11:13 < ticallion> hey dude
11:13 -!- ticallion [~ticallion@213.175.160.188] has quit [Quit: iptables tutorial in 2 hours on freenode.net in #iptables, all r welcome]
11:41 < KFrench_> even without using devfs, I can't seem to get my 2.6.0-test3 UML to find the rootfs
11:42 < jdike> KFrench_: are you using a 'root=' on the command line?
11:42 < KFrench_> ./linux mem=96m root=/dev/ubd/0
11:42 < KFrench_> ahha...
11:42 < KFrench_> root=/dev/ubd0 works...
11:45 < jdike> KFrench_: I'm going to change it so at least the non-devfs case works
11:47 < mistral> lo jdike
11:48 < jdike> hi mistral, long time no talk
11:48 < mistral> yeah 
11:48 < mistral> lost my net conencitonf or a month there
12:22 -!- ticallion [~ticallion@213.175.160.162] has joined #uml
12:26 -!- ichilton [~ian@pc3-stoc3-4-cust203.midd.cable.ntl.com] has quit [Ping timeout: 501 seconds]
12:34 < KFrench_> has anyone tried tuntap on guest v2.6.0-test3?
12:34 < KFrench_> The interface is coming up, received packets by the guest look ok, but the outbound packets have goofy headers.
12:35 < jdike> KFrench_: that'll be fixed in my next 2.6
12:35 < KFrench_> should I use another transport type other than tuntap for now?
12:35 < jdike> KFrench_: the network is fine for me now
12:35 < jdike> KFrench_: it affects all transports
12:36 < KFrench_> what that just a test3 breakage?
12:36 < jdike> KFrench_: test3 and earlier, don't know how far back
12:46 < ticallion> for the last time, thanks for tolerating me, iptables tutorial on freenode in #iptables in 15 minutes, later
12:46 -!- ticallion [~ticallion@213.175.160.162] has quit [Quit: for the last time, thanks for tolerating me, iptables tutorial on freenode in #iptables in 15 minutes, later]
12:51 -!- ichilton [~ian@pc3-stoc3-4-cust203.midd.cable.ntl.com] has joined #uml
13:20 -!- jdike [~jdike@jdike.stearns.org] has quit [Quit: Leaving]
14:35 -!- shak [~shak@pc1-hudd2-6-cust166.hudd.cable.ntl.com] has joined #uml
14:35 -!- shak is now known as rob
14:35 < rob> hi
14:36 -!- com4 [~com4@12-209-152-183.client.attbi.com] has joined #uml
14:36 < com4> has anyone else had problems with mysql running in a uml?
14:36 < rob> nope
14:36 < com4> i ask, because i've compiled mysql a few times where uml isn't on the box, it's never given me problems -- when i follow the installation instructions on the site
14:36 < com4> like i usually do
14:37 < com4> mysql sits there and restarts
14:37 < com4> like all the threads that run crash or something until htere are 0 processes running
14:37 < com4> then it restarts them all
14:37 < com4> then it's probably something i'm doing :P
14:38 < rob> hmm
14:38 < rob> sounds odd
14:38 < rob> doesn't sound like its UML's fault
14:38 < rob> have you tried a pre-compiled mysql?
14:39 < com4> yeah, it doesn't
14:39 < com4> but i ask because maybe it's something like, mysql gets angry because umls performance isn't exactly top notch, or something wierd like that
14:39 < rob> it doesn't crash when its a pre-compiled one?
14:39 < com4> but now thinking about it that wouldn't make sense either
14:39 < com4> no, i havne't tried precompiled yet
14:39 < rob> I'd suggest that
14:39 < com4> i'm saying "no it doesn't sound like UMLs fault"
14:40 < rob> see if its something about the actual compile that makes the problem
14:40 < com4> alright
14:40 < rob> then you can go further into the UML depth.
14:40 < rob> now, I need to consider whether 1 bridge for my UMLs is ok
14:41 < com4> heh, what is the benifit of two?
14:41 < rob> well, I dont know, other than the total bandwidth of the UML is capped to 100mb/s full duplex via one
14:42 < rob> and when you have a number of UMLs running that could be a bit of an issue.
14:42 < com4> right
14:43 < com4> wouldn't you have to install a second nic for the second bridge to benifit?
14:44 < rob> yep
14:44 < rob> Im planning on having 3 NICs
14:44 < com4> ah
14:44 < com4> i see
14:44 < rob> one for the machine itself to do I/O on
14:44 < rob> two enslaved to the same bridge..
14:44 < rob> but, there I'm not sure whether the bridge will use both out
14:45 < rob> or use one
14:45 < com4> i'd imagine that it'd use 1 until you told it to load balance
14:45 < com4> i've been using linux for a number of years, but i'm relativly new to "in" linux networking
14:45 < com4> bridges and iptables and what not
14:46 < rob> Im not sure whether I can tell it to load balance
14:47 < com4> ah
14:47 < david> rob: you can't
14:47 < david> rob: if you have two NICs connected to  switch, and the NICs are bridged, one will be lbocked
14:47 < david> er, blocked
14:48 < rob> david, so for my 20 UMLs you'd suggest I had 10 UMLs on each bridge and each bridge on a single NIC?
14:48 < david> rob: why do you want to 'load balance' across the NICs
14:48 < david> isn't 100mbit enough?
14:48 < rob> david, I'm being pedantic basically, I was just wondering.
14:49 < david> rob: you could do tht
14:50 -!- glommer [~glauber@200-158-192-147.dsl.telesp.net.br] has joined #uml
14:50 < rob> I think I'll settle with that then
14:50 < rob> thanks david
14:51 < david> np
14:52 < glommer> Hi Pals. I got a problem right here. UML is pretty good at 2.4.20. But when I try to boot in a 2.6 kernel, a problem happens. I passed the line: ./linux ubd0=<my_fs> debug, but the kernel stops at a certain point, and UML exits with no message. While debuging, I see that a kernel panic happens with the message "VFS: Unable to mount root fs on %s". In something different in 2.6 ? I am doing something wrong ?
14:54 < rob> hmm, I've not got UML working in 2.6.x either, but not the same error.
14:54 < glommer> I now found out the "%s" in gdb... and it is : 
14:55 < rob> hmm..
14:55 < glommer> unknown-block(0,0
14:56 < glommer> rob: Did you ran it right with a simple "ubd0=<fs>"  ?
14:56 < rob> I just ran it with ./linux meaning it'll mount the root_fs in that dir IIRC
14:56 -!- collord_ [~collord@64.239.79.11] has quit [Ping timeout: 490 seconds]
14:57 -!- com4 [~com4@12-209-152-183.client.attbi.com] has quit [Remote host closed the connection]
14:57 < glommer> wich dir ?
14:59 < rob> the CWD.
14:59 < rob> current working directory.
15:00 -!- com4 [~com4@12-209-152-183.client.attbi.com] has joined #uml
15:00 < glommer> humm... As I specified a path, I don't think this should be the problem. But let me try
15:01 < glommer> not worked again :)
15:01 < KFrench_> try root=/dev/ubd0
15:01 < glommer> KFrench_: But how will I attach the filesystem I want to /dev/ubd0 ?
15:02 < KFrench_> ./linux ubd0=/path/to/root_fs root=/dev/ubd0
15:02 < glommer> I have already done it
15:02 < glommer> and it failed
15:02 < glommer> but I will try to do it again :)
15:03 < KFrench_> you're using /dev/ubd0 instead of /dev/ubd/0?  I couldn't get the 2nd form to work on 2.6
15:03 < glommer> None of these devices were avaiable in my /dev. So I created the first
15:04  * glommer is using devfs
15:04 < KFrench_> the root=whatever doesn't consult the devices you've created in the /dev/ on the guest.  It's parsed by some table in the kernel looking for the correct dev
15:05 < glommer> well... I have just tried root=/dev/ubd/0 
15:05 < glommer> failed again
15:05 < rob> mine boots
15:05 < rob> but I have issues with no /proc
15:05 < KFrench_> try with devfs=nomount if you have proper devices in your guest's /dev/
15:05 < glommer> with no messages besides the ones gdb gives me
15:06 < glommer> failed again
15:06 < KFrench_> still used the root=/dev/ubd0 along with the devfs=nomount?
15:07 < glommer> yes and no. I tried both
15:08 < KFrench_> I dunno what else to try.
15:09 < glommer> I think something strange is happening here
15:09 < glommer> maybe, it has anything to do with these options
15:09 < glommer> this same filesystem boots alright in my 2.4 UML
15:09 < KFrench_> I had to fight with it yesterday and this morning.  I got it working up until the point that I couldn't get the networking to work.  Jeff said it would be fixed in his next release
15:09 < KFrench_> me too.  I have a few v2.4 guests that work great.  The 2.6's give me fits.
15:10 < glommer> I could't compile networking :))
15:10 < glommer> But as I do not need it... I disabled it. It was easier than start trying to find wich option set was crashed
15:22 < Getty> oh stupid question beside
15:23 < Getty> uml can run on non-i386-linux, or?
15:23 < david> right
15:23 < david> no, it can't
15:23 < Getty> good
15:23 < Getty> :)
15:23 < Getty> bad!
15:23 < Getty> :-/
15:27 < green> well, actually there is somewhat working ppc port and ia64 & x86_64 should work too in x86 emulation mode
15:30 < Getty> mh
15:30 < Getty> i use a sparc as workstation, soon, with a way too much ram ;)
15:31 < Getty> some umls for developementwould be cool, but then.... bad bad
15:31 < green> well, there was some sparc port in progress. See mailinglist archieves to get a email address of the porter
15:33 < Getty> i'll check
15:33 < Getty> first i must bring this shit up tomorrow...
15:33 < Getty> new harddisk (8 GB too less for solaris/linux dualboot)
15:34 < green> that's [retty good
15:34 < green> I only have 512M hdd in my sparc classic ;)
15:34 < Getty> thats the ram i have ;)
15:35 < green> hehe, I only have 48M ;)
15:35 < Getty> yeah but u understand why i can't let there be no uml running ;)
15:35 < Getty> it has 233 MHz and 512 MB ram.. that cryies for uml
16:21 -!- elm [~elm@p5080B1C2.dip.t-dialin.net] has joined #uml
16:21 < elm> hi, is anyone around? i can't seem to get uml-networking working, can someone please help me?
16:22 < KFrench_> what's up?
16:22 -!- KFrench_ is now known as KFrench
16:22 < elm> i am using debian 3.0 woody and there's now /dev/net/tun
16:23 < elm> though i loaded tun.o
16:24 < KFrench> hmm
16:24 < KFrench> UMLs can't find it either?
16:24 < elm> so, i don't exactly know what to do, because all those tutorials on the net only say "load tun.o and run tunctl -u userid"
16:25 < KFrench> If you have uml_net installed, and setuid root, then the UML will set up the tap device for you
16:26 < elm> won't it need a /dev/net/tun ?
16:26 < elm> i'll have a look
16:26 < KFrench> do you have a /proc/net/tun?
16:27 < elm> no
16:27 -!- glommer [~glauber@200-158-192-147.dsl.telesp.net.br] has quit [Read error: Connection reset by peer]
16:27 < KFrench> do you have a uml_net tool?
16:27 < elm> for loading tun.o # insmod tun should be enough, right?
16:27 < elm> yes
16:27 < KFrench> You'd think so.  I don't use modules.
16:28 < KFrench> Just start up your uml with eth0=tuntap,,,192.168.254.1 (where that's the IP of your host)
16:28 < elm> ok, just one second
16:30 < elm> ok
16:31 < elm> but now, how do i actually test, if it works?
16:31 < KFrench> ping it
16:31 < KFrench> log into it from one of the consoles and see if it shows up in ifconfig
16:31 < elm> from my guest-linux?
16:31 < elm> no it doesn't show up
16:31 < KFrench> dmesg | less
16:31 < KFrench> does it show it trying to bring up the interface?
16:32 < elm> no
16:32 < elm> btw, i am using the debian woody root fs
16:32 < KFrench> how about a ifconfig eth0 192.168.254.2 netmask 255.255.255.0 from the guest.  Does it say the device isn't there?
16:33 < elm> invalid argumetn
16:33 < KFrench> typo?
16:34 < elm> ifconfig eth0 192.168.100.150 netmask 255.255.255.0
16:34 < elm> where 192.168.100.150 is an unused ip
16:34 < elm> my host is 192.168.100.100
16:35 -!- Fede [~Fede@OL6-77.fibertel.com.ar] has left #uml [Client Exiting]
16:35 < KFrench> not sure why it's giving that error
16:36 < elm> SIOCSIFFLAGS: Invalid argument <- thats what i get
16:37 < elm> btw, con0 shows the following
16:37 < elm> tuntap_open_tramp : didn't receive a message
16:37 < elm> Exec of '/usr/lib/uml/uml_net' failed - errno = 13
16:37 < elm> tuntap_open_tramp failed - errno = 22
16:37 < elm> tuntap_open_tramp : didn't receive a message
16:37 < KFrench> Is your /usr/bin/uml_net setuid root?
16:38 < elm> -rwsr-x---    1 root     uml-net     18072 Apr 26  2002 uml_net
16:39 < KFrench> Are you running your UML as root or as a user that's in the uml-net group?
16:39 < elm> actually i am running as a user ... but he's not in uml-net
16:39 < KFrench> Add him to the uml-net group and log back in.
16:40 < rob> be right back, different machine requirex
16:40 -!- rob [~shak@pc1-hudd2-6-cust166.hudd.cable.ntl.com] has quit [Quit: rob]
16:44 < elm> still the same
16:44 < KFrench> can you run uml_net manually?  It should give you funky errors, but you'll know to stop looking there or not
16:45 < elm> should it work running uml_net as a user?
16:45 < KFrench> It should if that user is in your uml-net group
16:46 < KFrench> use the same user as you're running the UML as.
16:46 < elm> stupid failure editing groups :(
16:48 < elm> wow it actually works!
16:48 < KFrench> the UML?
16:48 < elm> inside uml (none):~# ifconfig eth0 192.168.100.100 netmask 255.255.255.0
16:48 < KFrench> coolness!
16:48 < elm> :)
16:48 < KFrench> do you have a /proc/net/tun on the host now?
16:48 -!- collord_ [~collord@dt.collord.net] has joined #uml
16:49 < elm> now /proc/net/tun but /dev/net/tun
16:49 < elm> not now, no
16:50 < KFrench> <shrug>
16:50 < KFrench> anyways, if your host is 192.168.100.100, you'll want to give your guest a different IP
16:50 < elm> i am doing this right now ;)
16:51 < elm> but still i cannot ping my host
16:52 < KFrench> check route -n on the host.  It should have a route for .150 pointing to tap0 (as opposed to eth0)
16:52 < KFrench> also, is your UML v2.4.x, or v2.6.0-testx?
16:52 < elm> 2.4.18
16:52 < KFrench> k
16:52 < elm> route exists
16:53 < KFrench> use tethereal or tcpdump on the host (tap0) and the guest (eth0) and see if you see the requests on both sides
16:54 < elm> well, as my root_fs is only a 30mb debian root, i don't have either in my guest os
16:54 < KFrench> try on your host for now then
16:55 < elm> would you mind telling me what to do exactly (tcpdump)
16:55 < KFrench> tcpdump -tni tap0
16:56 < elm> arp who-has 192.168.100.100 tell 192.168.100.150
16:56 < elm> arp reply 192.168.100.100 is-at 0:ff:78:f8:14:4b
16:56 < elm> 192.168.100.150 > 192.168.100.100: icmp: echo request (DF)
16:56 < KFrench> cool.  the requests are getting out at least.
16:57 < KFrench> firewall on the host?
16:57 < elm> well but shouldn't restrict any icmp's
16:59 < elm> well but actually it's a firewall problem
16:59 < KFrench> iptables -I INPUT -s 192.168.100.150 -j ACCEPT
17:00 < KFrench> iptables -I OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
17:00 < elm> ping works! :)
17:00 < KFrench> sweet
17:00 < elm> indeed
17:01 < KFrench> Now if you get routing working on the host, the UML can talk to outside machines
17:01 < elm> well, routing on the host shouldn't be a problem, since it's my dialup server :)
17:01 < KFrench> You can probably just echo 1 >/proc/net/ipv4/ip_forward (there's a space after the 1), and add a default route in your host
17:01 < KFrench> er, add a default route in your guest
17:06 < elm> still i cannot ping any machine outside..
17:07 < elm> i did route add default gw 192.168.100.100
17:07 < KFrench> You have other hosts on the local ethernet, right?
17:07 < elm> yes
17:08 < KFrench> echo 1 >/proc/sys/net/ipv4/conf/eth0/proxy_arp
17:09 < elm> host or guest?
17:09 < KFrench> host...
17:10 < elm> but why is uml_net then writing 0 to proxy_arp ?
17:10 < KFrench> into eth0?
17:10 < elm> argh, i am sorry
17:10 < elm> :)
17:12 < elm> still no reply from machines != host
17:12 < KFrench> try tcpdump -tni eth0 arp or host 192.168.100.150
17:12 < KFrench> on the host
17:13 < elm> well eth0 gives *lots* of output
17:13 < elm> forgot arp
17:14 < KFrench> do the 'or host xxx' to
17:14 < KFrench> too
17:14 < elm> nothing happens when pinging from inside
17:14 < elm> arp who-has 192.168.100.150 tell 192.168.100.102
17:14 < elm> arp reply 192.168.100.150 is-at 8:0:6:c:37:40
17:14 < elm> 192.168.100.102 > 192.168.100.150: icmp: echo request (DF)
17:15 < elm> this is from outside
17:15 < KFrench> ooh, you're pinging from the remote machine to the UML
17:15 < KFrench> I bet it's firewall rules again..
17:15 < elm> argh
17:15 < KFrench> iptables -I FORWARD -p icmp -j ACCEPT
17:15 < KFrench> that should let you ping both directions, but not much else
17:16 < elm> that it does
17:16 < elm> ok, now i need to get domainname resolving to work
17:16 < KFrench> spend some quality time with your firewall rules, stick that other stuff (proxy arp) someplace appropriate, and you'll be all set.
17:17 < KFrench> iptables -I FORWARD -p udp --dport 53 -j ACCEPT
17:17 < elm> thanks so far!!!
17:17 < KFrench> iptables -I FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
17:17 < KFrench> then I bet DNS will work.
17:19 -!- l4ra [~lara_sk@a002.labarts.com] has joined #uml
17:19 < l4ra> hostfs has HUGE bugs.
17:19 < l4ra> not only that, it looks like you can mount host file systems without regard to command line seclusions. THIS MEANS THAT it's really easy to break out of a UML jail.
17:20 < KFrench> I'm betting that you're supposed to use the UML in a chroot enviornment as non-root.
17:20 < l4ra> I'm using 2.4.18-17um (on Debian) so I'm going to try a newer version. However, at this point, there's no reason an attacker who gained root on a UML wouldn't be able to read any file on the host
17:21 < l4ra> KFrench: no, no mention of that.... 
17:21 < KFrench> I've been pretty scared of hostfs as well though.  I just avoid it.  Use ubd or even NFS.
17:21 < l4ra> KFrench: although that would alleviate the issues a little. However, all these ISP's that are doing it using COWs or something are in for a nasty surprise...
17:21 < l4ra> KFrench: that doesn't alleviate the symptoms. You can still do this from within a UML:
17:22 < KFrench> Well, if the backing store file is not owned by the same user, and is just read-only, then it shouldn't be too bad
17:22 < l4ra> no, you can read any file in the host that is readable by the user running as the uml.
17:22 < KFrench> chroot the whole thing where the only thing in the root is the UML kernel and your root_fs.  Make the root to be read-only to that user.
17:22 < l4ra> in other words, hostfs= doesn't work.
17:22 < KFrench> not if it's chroot it can't
17:23 < l4ra> KFrench: that's the only way... :-(
17:23 < l4ra> KFrench: right. my point is that if you're using ubd, you'd better still chroot it.
17:23 < KFrench> yup...
17:24 < KFrench> no matter what you're using, you better chroot it.  Even use you use nfsroot, the UML can theoretically read anything in its enviornment
17:24 < l4ra> well, you've helped me a little bit. :-) i dont' know why i didn't think of chrooting the uml -- i was thinking about either/or, not both...
17:24 < l4ra> KFrench: exactly!!
17:24 < KFrench> Well, you can help me a bit then.  How do you use chroot as a non-root user?
17:24 < KFrench> non-root can't run chroot.  So you gotta be root, chroot to the root, and then someone change to the non-root user securely.  I dunno how to do that.
17:24 < l4ra> chrootuid -- wietse venema wrote it. check out http://www.porcupine.org.
17:25 < KFrench> cool.  thanks
17:26 < l4ra> never tried it though...
17:26 < l4ra> :-(
17:26 < l4ra> you could do su - username, but i don't htink that's secure...
17:26 < l4ra> (wietse venema also wrote postfix and tcp wrappers. it should be pretty solid.) ;-)
17:27 < KFrench> you could, but wouldn't you already be in the new root, so su has to be in there among lots of other stuff?
17:27 -!- derelm [~elm@217.81.169.137] has joined #uml
17:28 < l4ra> yeah. i don't think it'd be secure. hwoever, i think it'd be difficult to break out of a uml. i'm more concerned about the attacker reading files on the root file system. it's very easy to do.
17:28 < l4ra> i.e., try this from a uml.
17:28 < l4ra> mount none /mnt -t hostfs
17:28 < l4ra> cat /mnt/somefile
17:29 < l4ra> if the uml is running as user umluser, he can read any file on the hostfs. this freaks me out because i dont' trust myself to not have some detail in a file someplace. WORSE, the user could read a file in another UML.
17:29 < KFrench> like I said, I avoid hostfs for that reason.
17:29 < l4ra> (i.e., mount /mnt/umls/someuml /tmp/somefile -o loop)
17:29 < l4ra> KFrench: you can't. ;-) it's still there!
17:30 < l4ra> that's what i'm saying. it's there even when you use UBD's.
17:30 < l4ra> (bug or a feature? both, i think..)
17:30 < l4ra> (i boot from ubd and then mount /etc.)
17:30 < KFrench> It's just a lot harder to do.  You need to convince the UML process to do something that it wasn't programmed to do.  Do be safe you need the chroot
17:31 < KFrench> you mount -t hostfs when booted from the ubd?  Try using a UML that doesn't have the hostfs filesystem at all
17:31 < l4ra> no, it's simple. try it in a uml right now. you can read any file on the hostfs. then you can mount other umls (because the umls, for some reason, have to be other readable).
17:31 < l4ra> KFrench: huh?? are you talking about a UML kernel?
17:31 < l4ra> you'd need to disable it in the patch.
17:32 < KFrench> bash-2.05b# mount none /mnt/floppy/ -t hostfs
17:32 < KFrench> mount: fs type hostfs not supported by kernel
17:32 < l4ra> what uml kernel are you using?
17:32 < derelm> not the one that comes with debian ;)
17:32 < KFrench> Linux bth-dns 2.4.20-1um #1 Mon Mar 17 17:40:34 EST 2003 i686 i686 i386 GNU/Linux
17:32 < l4ra> modprobe hostfs
17:33 < KFrench> bash-2.05b# modprobe hostfs
17:33 < KFrench> modprobe: Can't locate module hostfs
17:33 < KFrench> that doesn't mean one couldn't build one themselves though
17:33 < l4ra> yeah exactly. i was just going to say that. ;-)
17:33 < l4ra> you could turn off module support when you build the kernel.
17:33 < KFrench> thus, gotta chroot even in my case (which I don't at the moment, pending the Venema toool)
17:34 < l4ra> probably don't really need module support anyway in a uml.
17:34 < KFrench> Yes, which makes it harder, but not impossible.  You can manually patch /proc/kmem, etc, etc
17:34 < l4ra> KFrench: not a kernel hacker. ;-) the most i normally do is apply other people's patches. hehehe
17:34 < l4ra> ahh i see what you meant. you mean the cracker could patch those..
17:34 < KFrench> I can't do it either.  That just means the UMLs run this way are good enough to keep you and I in our places :-)
17:34 < l4ra> yes, you're right... that'd be hard -- patching a kernel on the fly...
17:35 < l4ra> right, IF they're chrooted and/or you disable module support and remove hostfs as a filesystem
17:35 -!- elm [~elm@p5080B1C2.dip.t-dialin.net] has quit [Ping timeout: 501 seconds]
17:35 < KFrench> I'd do all of it.
17:35 < l4ra> yes, i agree.
17:35 < l4ra> the whole point for me is security, not anything else. great sandbox. ;-)
17:35 < KFrench> I think I have module support there, but no modules available.
17:36 -!- Rygel [~wir@p5088F39D.dip.t-dialin.net] has joined #uml
17:36 < KFrench> so that means I need to remove the module support in my next build, and put the chrootuid in place
17:36  * l4ra cracker: i could just wget a pre-built module for the same kernel...
17:37 < l4ra> mne too
17:37 < KFrench> To go farther, you gotta add the patches that remove things like /dev/kmem completely
17:37 < l4ra> jeez i've spent two weeks playing with this. i didn't want to do ubd's, just hostfs
17:37 < KFrench> I think the openwall patches might be useful here
17:37 < l4ra> i don't like keeping file systems in files. one more layer to repair if something gets corrupted.
17:37 < l4ra> plus, it's gotta be slower for things like mysql
17:38 < l4ra> openwall?
17:38 < KFrench> To use hostfs, I really think that means you need to run the UML as root.  It has to be able to chown files/etc that live in your root.  You can't do that as non-root
17:38 < l4ra> KFrench: what about devfs
17:38 < Rygel> Hi everyone :)
17:38 < KFrench> devfs just replaces the files in your /dev with virtual forms.  I don't think it helps in this discussion
17:38 < l4ra> KFrench: no, not really... although the bugs i found seem to indicate that is the case. in the howto, jdike just chowns files owned by root to the uml user
17:39 < KFrench> Have you considered nfsroot?  It leaves you without a 'local' filesystem completely.  It does open up your nfs server to attack though
17:39 < l4ra> (as i say, i still had weird problems related to file ownership.)
17:39 < KFrench> sure, chown them to the user.  But then all of your perms inside the UML are all screwy...
17:39 < l4ra> KFrench: not an nfs fan. :-( sorry, haven't trie dit
17:39 < l4ra> Hi Rygel
17:39 < l4ra> KFrench: exactly. lots of big problems.
17:40 < KFrench> I don't think there's a lot of choice here.  hostfs seems to be very problematic.  you don't like ubd's because of corruption problems, and you don't like nfs.
17:40 < l4ra> KFrench: you could use hppfs to get rid of some of the stuff in /proc
17:40 < KFrench> I use ubd's.  I don't see a huge problem with it
17:40 < l4ra> KFrench: yeah it seems to be the only real solution, but it does bother me.
17:41 < KFrench> I'm not trying to hide the fact that I'm in a UML, so I haven't used hppfs.  I haven't looked at it either though.
17:41 < l4ra> KFrench: booting from a hostfs seems to be the real issues. mounting them after boot is ok, except for the security flaws. i'm going to chroot and then still use hostfs. makes it easy to change (e.g.) a file in /etc for ten machines at once
17:41 < KFrench> What about using a raw partition instead of ubd?
17:41 < l4ra> KFrench: freaky but a cool idea.
17:42 < l4ra> KFrench: but then you're still using hostfs
17:42 < l4ra> or no you're not
17:42 < KFrench> no, you're using a ubd
17:42 < l4ra> great idea!!!
17:42 < l4ra> no.
17:42 < l4ra> you can't 
17:42 < KFrench> no COW, but it removes that one layer you were thinking about.  I don't see how it will reduce any problems though
17:42 < l4ra> ubd expects a file, not a directory tree
17:42 < KFrench> nono, use ubd0=/dev/myrawfile
17:42 < l4ra> oh you're saying do ahh you said it first ;-)
17:43 < l4ra> cool idea. very cool idea
17:43 < KFrench> where /dev is a directory in your choot, and the myrawfile is a dev file you set up ahead of time that lets the uml user read/write to it
17:43 < l4ra> only needs to be a few gig.
17:43 < KFrench> You can make it a true raw filesystem to avoid the caching affects.  I haven't tried this at all though
17:43 < l4ra> whoa you just lost me
17:43 < l4ra> what do you mean by /dev is a directory in your choot, and the myrawfile is a dev file
17:43 < KFrench> Well, you could just make your myrawfile to point to a physical partition....
17:44 < l4ra> you mean by MAKEDEV but not in /dev?
17:44 < KFrench> but there are things called raw devices.  google for them.  I don't know enough about them to talk about them much.
17:44 < l4ra> with major and minor numbers pointing to the real raw partition?
17:44 < KFrench> right...
17:44 < l4ra> OR...
17:44 < KFrench> mkdir /myumlroot
17:44 < l4ra> just ln -s it into the chroot
17:44 < KFrench> mkdir /myumlroot/dev
17:44 < KFrench> mknod /myumlroot/dev/myrawfile b 3 2
17:45 < KFrench> Then your myrawfile is really hda2
17:45 < KFrench> no -s.  the real /dev/ won't be accessable.  you can ln /dev/hda2 /myumlroot/dev/myrawfile, but that's almost the same as creating a seperate copy
17:46 < l4ra> sweet. great idea.
17:46 < KFrench> It avoids some work for the host that way (using truely raw filesystems), but I'm not sure what else it buys you over file backed ubd's
17:47 < l4ra> KFrench: well, a bunch of things:
17:47 < l4ra> 1) no double kernel caching for things like mysql.
17:47 < KFrench> like?  I'd love to hear your thought
17:47 < KFrench> yes...that's the 'less work for the host' part.
17:48 < KFrench> Sometimes that's a benefit though.  You can give less memory to the UML and let the host dynamically adjust it's cache among all of the UMLs
17:48 < l4ra> 2) if the file system gets corrupted, you can more easily fix it. you might not be able to mount a corrupted ubd file, don't you think? or do you think it's irrelevant...
17:48 < KFrench> from the host, you can always 'e2fsck /myumlroot/root_fs'
17:48 < l4ra> since reiserfs or a similar file system isn't really going to be any more repairable.
17:49 < l4ra> KFrench: right, yes. (I'm actually using reiserfs with my own filesystems but same thing)
17:49 < KFrench> you can just run the fsck from the host against the backing file.  It won't matter if the UML is broken, as the host is still operational
17:49 < l4ra> KFrench: hmmm
17:49 < KFrench> If the host is screwed, then you have different problems
17:50 < l4ra> KFrench: I like your point about the dynamic swap allocation
17:50 < KFrench> If you use COW files, then you can't fsck them from the host
17:50 < l4ra> KFrench: yes, but if the host is screwed I'd rather get the file from a partition than from a partition within a file within a partition
17:50 < KFrench> I don't think COW files are a huge benefit over time.
17:50 < KFrench> so I don't use them
17:50 < l4ra> KFrench: I agree. It's a cool idea but the divergency over time outweighs the benefits
17:51 < KFrench> Yes, in theory, fs corruption can lose the root_fs easier than losing a seperate partition
17:51 < l4ra> unless all your boxes were the same anyway. (and that's nearly impossible)
17:51 < KFrench> Yes, they can all start using the same one, but you gotta add patches/etc over time, thus making them diverge
17:51 < l4ra> right.
17:51 < KFrench> and if you only have one ubd, the data that you store in the UML will make the COW file grow to be almost the same size as your backing store
17:52 < l4ra> and if they can all use the same file system, why wouldn't you use mount it read only and then use hostfs for the temp files.
17:52 < KFrench> right.  that's would be good, except when it comes to updates time.  You'd need to shutdown all of the UMLs
17:52 < KFrench> that problem doesn't exist if you use nfsroot though
17:52 < l4ra> right.
17:52 < l4ra> ok i'll look into nfsroot.
17:52 < l4ra> cool. you've answered some questions for me. thanks KFrench!
17:53 < KFrench> so, so far, I use seperate ubd's for each UML.  I haven't decided whether I think the risk to the nfs server is small enough to use nfsroot
17:53 < l4ra> nfs relies on client-side security. therefore, it's insecure.
17:53 < l4ra> of course, so does uml. :-(
17:53 < KFrench> the nfs server could be a huge/central nfs server, or it can just be the host exporting nfs to the UMLs
17:54 < KFrench> yes, but the nfs server can export the fs as read only, and only certain files to individual IPs...
17:54 < KFrench> If you export as read-only, you can still share that fs among multiple UMLs with safety.  You can even do upgrades without taking down the UMLs
17:54 < l4ra> KFrench: you're talking UMLs here. it'd be easy to spoof an internal ip.
17:54 < KFrench> but if your nfs server has a security problem, the UMLs can infect each other, or even break out of their little jail
17:55 < l4ra> right, but any uml would be able to read the files on the master export
17:55 < KFrench> Yes, you can spoof the IP, but you can set up the tap devices on the root ahead of time
17:55 < l4ra> true
17:55 < KFrench> then you set up firewall rules on the host that only allows a particular IP to pass.  Then the guest can set whatever IP they want - it just won't do anything
17:56 < l4ra> true.
17:56 < l4ra> KFrench: you could also set up separate subnets. but can you put a UML interface in promiscous mode? can it sniff?
17:56 -!- derelm [~elm@217.81.169.137] has quit [Quit: using sirc version 2.211+KSIRC/1.2.4]
17:57 < KFrench> no, the host will still control routing using the tap devices.  The guest can sniff all it wants, but it won't see anything but its own traffic
17:57 < l4ra> looks like i'm going to have to keep massaging my python scripts for this. ;-) only way to handle lots of umls would be through lots of scripts.
17:57 < KFrench> If you use the switch device or maybe the daemon device, you could probably see traffic to the other UMLs
17:57 < l4ra> KFrench: hmm
17:57 < KFrench> I have a startuml script.
17:57 < l4ra> i was thinking about running snort on the host
17:57 < l4ra> me too.. mine's better. hehehe
17:58 < KFrench> probably
17:58 -!- frediz [~frediz@81.51.17.152] has quit [Quit: Pw3t]
17:58 < KFrench> mine is pretty wimpy.  There isn't any reason I couldn't extend it to do stuff we're talking about.  I'll do that someday
17:58 < l4ra> mine does some crazy stuff, like switching user (using os.setuid) and forking a watcher process that waits for the uml to crash and then restarts it.
17:59 < KFrench> If you have known services running in the UMLs, then you block all traffic to that UML except for those services.  Then you run snort to catch everything else
17:59 < l4ra> right good call exactly.
17:59 < KFrench> I just use daemontools to restart it....
17:59 < l4ra> KFrench: i like daemontools except that dan bernstein has to always reinvent the wheel. mine's a normal sys v startup script and has the same capabilities.
18:00 < l4ra> i'm going to release it shortly.
18:00 < l4ra> do you code python at all?
18:00 < KFrench> no need to disuss that here.  We like different things.
18:00 < l4ra> ;-) true
18:00 < KFrench> I like that you can control daemontools without having to make changes to my inittab all of the time
18:00 < KFrench> python has always been on my list of things to do, but I haven't touched it yet
18:00 < l4ra> what do you mean change your inittab?
18:01 < l4ra> i like daemontool's variables in a file idea, although i'm not sure that it's high performance.
18:01 < KFrench> oh, wait.  you said sys V startup.  I was thinking you were using init to restart them
18:01 < l4ra> i think if everyone adopted daemontools it'd be a good thing .. but they haven't.
18:01 < l4ra> yeah i mean init.d/
18:01 < KFrench> I think it's high performance.  I'd love to replace init with daemontools.  daemontools needs dependencies to do it cleanly though
18:01 < l4ra> i just have a single script (uml) in init.d/
18:02 < l4ra> then i symlink that script to (e.g.) apache, mysql, etc. one symlink for each service
18:02 < KFrench> right.  I have one run for each daemontools service.  It's all pretty much the same thing
18:02 < l4ra> then the script detects what it's starting as, sets the correct nat tunnels etc for the uml, switches to that uml's user, and starts it up
18:02 < KFrench> svc -d /service/dnscache; service dnscache stop;  same differenc
18:03 < l4ra> right. but mine i can use my distro's normal start-stop utils to control startup and stopping.
18:03 < KFrench> I know.  Like I said, we all like different things.
18:03 < KFrench> I run djbdns and qmail already, so the daemontools are usually there anyhow ;-)
18:03 < l4ra> ;-) of course. it's what makes the world go round. (especially the open source world)
18:03 < l4ra> yeah
18:04 < l4ra> i run djbdns (for caching dns) but postfix instead of qmail.
18:04 < l4ra> sorry -- mispoke -- run tinydns for recursion, mydns for auth
18:05 < l4ra> daemontools are cool. just had some bad experience with a race conditions with unreal tournament! ;-)
18:05 < KFrench> tinydns is the authorative daemon.  You mean dnscache + mydns
18:05 < l4ra> ah you're right. ;-)
18:07 < l4ra> i gotta roll. thanks KFrench, talk to you later on hopefully..
18:07 < KFrench> see ya
18:07  * l4ra is away: I'm busy
18:11 -!- solarce [~solarce@209-16-139-4.cortland.com] has quit [Remote host closed the connection]
18:11 -!- solarce [~solarce@209.16.139.4] has joined #uml
18:24 < KFrench> the chrootuid seems to be working good.  thanks
18:25 < KFrench> ew, yucky.  It ran in TT mode because it couldn't find /proc/mm
18:25 < KFrench> suggestions?  Should I mount /proc in my chroot?
18:26 < david> er, yes
18:26 < KFrench> I guess you can't mount -bind /proc/mm /myumlroot/proc/mm?
18:31 < KFrench> hmm, I need uml_net too.  I guess it's time I set up the tap interface outside the UML
18:36 < coryb> it's a problem with skas3, it needs to be changed to have it be /dev/mm or a syscall interface or something chrootable... iirc...
18:36 < KFrench> nod.  I'm patient
18:37 < david> coryb: /dev/mm is just as bad as /proc/mm
18:37 < david> coryb: linux suggested a syscall
18:37 < coryb> why is it just as bad?
18:37  * coryb is curious
18:38 < david> coryb: because it's not a device
18:38 < david> coryb: memory mapping crap shouldn't be in /dev
18:38 < coryb> well, yeah... but at least it'd "work" :>
18:38  * l4ra is back (gone 00:30:51)
18:38 < caker> plus /dev is on it's way to having an overhaul, anyway ..
18:38 < l4ra> welcome KFrench ;-)
18:38 < david> it 'works' in /proc
18:38 < coryb> but if it's being changed, a syscall does make more sense
18:38 < l4ra> KFrench: hmm...
18:40 < l4ra> hostfs is sucking big time
18:41  * l4ra is away: I'm busy
18:42 < l4ra> i'm just going to run the uml normally and just recognize that umls can read the host file system's files to the perm limits defined by the uml user
18:43 < KFrench> It's safest to always make that assumption
18:43 < l4ra> yeah. i have to get this thing done yesterday. it's still way more secure than running the apps locally.
18:43 < KFrench> absolutely
18:44 < l4ra> KFrench: yeah... i'm not going to try to chroot it right now... maybe later. just in a time crunch. i'm paying for a T1 and colos simultaneously and i need to move stuff to the colo so I can turn off the T1. ;-) That's all.
18:44 -!- l4ra is now known as l4ra_away
18:59 < l4ra_away> hi j0s3ph3n
18:59 < j0s3ph3n> hi
18:59 < j0s3ph3n> what's up
18:59 < l4ra_away> not much
18:59 < l4ra_away> hey do you know what's going on with hostfs mounting my fs multiple times even though i only have it specified as once in /etc/fstab?
19:00 < j0s3ph3n> no idea
19:00 < j0s3ph3n> do you always talk to yourself you schizophrenic freak?
19:00 < l4ra_away> oh am i logged in twice again?
19:00 < j0s3ph3n> yeah
19:00 < l4ra_away> hmm. at least i can carry on a conversation with myself. it's always something you've seemed to have trouble with.
19:00 < j0s3ph3n> yeah. sure.
19:01 < j0s3ph3n> ok well i'm going to close this extra window now ok?
19:01 < l4ra_away> and you call me the freak?
19:01 -!- j0s3ph3n [~lara_sk@a002.labarts.com] has quit [Quit: Client exiting]
19:01 < l4ra_away> whatta freak
19:01 < l4ra_away> so KFrench, any ideas on what's going on with hostfs mounting my fs multiple times even though i only have it specified as once in /etc/fstab?
19:02 < KFrench> mount shows it twice, eh?
19:02 < KFrench> cat /proc/mounts does too?
19:04 < l4ra_away> yeah
19:04 < l4ra_away> unfortunately
19:04 < l4ra_away> hold on i'll check proc
19:05 < l4ra_away> no weird
19:05 < l4ra_away> mount shows four times
19:05 < KFrench> remove your /etc/mtab and reboot
19:05 < l4ra_away> /proc/mounts shows once
19:06 < l4ra_away> which /etc/mtab? the old one or the new one?
19:06 < l4ra_away> (ie the mounted one?
19:06 < KFrench> Uh, there's only 1 /etc/mtab, right?
19:06 < KFrench> remove the whole file (not fstab)
19:06 < l4ra_away> well i'm mounting etc. so the first /etc/fstab says mount /etc over the top of the existing /etc
19:07 < KFrench> past the line that says that so I can see exactly what it says
19:07 < l4ra_away> already halting hold on
19:08 < l4ra_away> actually, the second fstab doesn't have the mount command at all (it doesn't need it, /etc/fstab is already mounted)
19:08 < KFrench> what is this first/second fstab??  Isn't there only 1 file?
19:08 < l4ra_away> no... here's the deal
19:08 < l4ra_away> i have a ubd that has an /etc with an fstab
19:08 < l4ra_away> hold on a sec i have an idea
19:09 < l4ra_away> ok and then i mount (in that fstab) another hostfs as /etc
19:09 < l4ra_away> which mounts over the /etc/ in the ubd
19:09 < l4ra_away> does that make sense so far?
19:09 < KFrench> nope
19:09 < l4ra_away> so each of them have their own fstabs and mtabs
19:09 < KFrench> can you paste your fstab to me
19:10 < l4ra_away> sure. (which one ;-))
19:10 < l4ra_away> hold on
19:10 < KFrench> wait
19:10 < KFrench> I'm really confused
19:10 < l4ra_away> ok here's my goal
19:10 < l4ra_away> (what i'm REALLY trying to do)
19:10 < l4ra_away> 1) boot from a ubd since it seems the most stable
19:10 < l4ra_away> 2) mount a new /etc/ for each separate uml
19:10 < l4ra_away> (ie., the ubd is shared)
19:11 < KFrench> where is your /etc/ mounting from?  a second ubd per UML?
19:11 < l4ra_away> so the ubd boots and then mounts the hostfs /etc halfway through booting when it mounts the local filesystems
19:11 < l4ra_away> no, a hostfs but same difference basically
19:12 < KFrench> where are you mounting /etc/ from?  the fstab, or in something like rc.sysinit?
19:12 < l4ra_away> fstab
19:12 < KFrench> k
19:12 < KFrench> is that your only 2 mounts?  the ubd and the /etc/?
19:13 < l4ra_away> right (so far) not counting stuff like proc
19:13 < l4ra_away> ahh weird
19:13 < l4ra_away> ok
19:13 < l4ra_away> so i removed the mtabs in both the ubd's etc and the hostfs etc
19:14 < KFrench> is your ubd read-only?
19:14 < l4ra_away> also made sure that /etc was only listed in the fstab in the ubd's etc.
19:14 -!- lah [~z@AVATAR.internet.ufg.ac.at] has quit [Ping timeout: 501 seconds]
19:14 < l4ra_away> no
19:14 < KFrench> aah, now I see what you mean by different fstabs
19:14 < l4ra_away> ok so now here's my mount:
19:14 < l4ra_away> Sun Aug 24 jamie@apache:~
19:14 < l4ra_away> mount
19:14 < l4ra_away> none on /etc type hostfs (rw,apache/etc)
19:14 < KFrench> If your ubd isn't read-only, then you can't share it amont different UMLs.  You'll corrupt the fs
19:14 < l4ra_away> right, i'll use cow in a few minutes probably
19:15 < l4ra_away> but i don't want to store etc in the cow. too unclean
19:15 < l4ra_away> too hard to modify on the fly -- have to boot the uml to change things
19:15 < KFrench> I don't see what you are gaining by putting each /etc/ in hostsfs then
19:15 < l4ra_away> so you were right. but it's weird that cat /proc/mounts
19:15 < l4ra_away> /dev/ubd/0 / reiserfs rw 0 0
19:15 < l4ra_away> proc /proc proc rw 0 0
19:15 < l4ra_away> devpts /dev/pts devpts rw 0 0
19:15 < l4ra_away> none /etc hostfs rw 0 0
19:15  * KFrench ducks!
19:15 < l4ra_away> shows that but mount only shows /etc
19:16 < l4ra_away> i can change the /etc in hostfs without sshing in, even when the machine is off
19:16 < l4ra_away> it gets mounted before most daemons start
19:16 < KFrench> we've been through this before.  I won't revisit :-)
19:16 < l4ra_away> ?
19:17 < l4ra_away> sorry about the flood ;-)
19:17 < KFrench> when you mount your hostfs overtop of /etc/, you'll lose the /etc/mtab from the ubd.  You might need to merge the ubd's mtab with the hostfs's mtab to get a proper reading
19:17 < l4ra_away> ahh that makes sense
19:18 < KFrench> that wouldn't explain the multiple entries though.  You'd only be missing some
19:18 < l4ra_away> i think it added a mount each time i booted that way perhaps?
19:18 < l4ra_away> but you see what i'm gaining by this arrangement, or do you think that i could do this differently...
19:19 < l4ra_away> i'm rebooting to see if it adds another mount listing
19:19 < KFrench> I see where you are going, but I'd rather not use COW, and just have a single ubd for each UML
19:19 < l4ra_away> hmmm
19:19 < l4ra_away> even so i'd like to have etc in a hostfs
19:20 < KFrench> your call
19:20 < l4ra_away> so i can (e.g.) replicate etc changes to multiple etc's.
19:20 < l4ra_away> but i agree. separate ubds make more sense, but that's not really relevant is it?
19:20 < KFrench> that doesn't explain your mtab problem, no
19:20 < l4ra_away> ahh yes that's what's happening. every time i reboot, it adds another /etc/ listing to mtab
19:21 < l4ra_away> that is, everytime i boot, not at shutdown.
19:21 < KFrench> probably because rc.sysinit or something removes the /etc/mtab right after going rw.  When you mount /etc/, it just appends to it.
19:21 -!- collord_ [~collord@dt.collord.net] has quit [Ping timeout: 480 seconds]
19:21 < KFrench> you might need to have rc.sysinit mount /etc/ before root goes rw
19:21 < l4ra_away> you're probably right...
19:22 < l4ra_away> ok. will it remount properly rw?
19:22 < KFrench> it should.  they are still 2 different fs'es
19:22 < l4ra_away> do you think this is not worth the trouble?
19:22 < KFrench> right
19:22 < KFrench> that's more changes to rc.sysinit and who knows what else
19:22 < l4ra_away> what's the harm in having an incorrect mtab
19:23 < Rygel> bye
19:23 -!- Rygel [~wir@p5088F39D.dip.t-dialin.net] has quit []
19:23 < l4ra_away> or, what's the harm in just wiping the mtab on shutdown
19:23 < KFrench> that makes it harder to add patches/upgrades by your dist because you get farther from the plain-jane install that the dist wants.
19:23 < l4ra_away> (btw debian woody)
19:24 < l4ra_away> during shutdown; can't create lock file /etc/mtab~290: Read-only file system (use -n flag to override)
19:25 < KFrench> mounting /etc/ as ro?
19:25 < l4ra_away> actually check flood
19:25 < l4ra_away> no
19:25 < KFrench> I think I'm on #flood now
19:25 < l4ra_away> yep hold on
19:26 < KFrench> It looks like Debian expects /etc/ to be on the root fs
19:27 < KFrench> dunno.
19:27 < l4ra_away> i actually don't know if /etc/ is normally movable to a separate fs because fstab would have to be overmounted
19:27 < l4ra_away> i dropped some more of that log there if it interests you
19:27 < l4ra_away> yeah weird
19:28 < l4ra_away> oh well. maybe i'll just do the ubd thing and just loop mount it when i don't want to bring the machine up.
19:28 < KFrench> dunno what's up with the 'can't find none' and the illegal seek
19:28 < l4ra_away> certainly don't want to be in an unsupportable uncertified configuration.
19:28  * l4ra_away grins
19:28 < KFrench> that's my philosophy
19:28 < KFrench> I try to keep it as stock as I can.
19:28 < l4ra_away> the can't find none:
19:28 < l4ra_away> none        /etc     hostfs   apache/etc  0 0
19:28 < l4ra_away> part of using hostfs for it.
19:29 < l4ra_away> if it was a ubd, it'd come in as /dev/ubd/1 or /dev/ubd1 or something
19:29 < l4ra_away> hostfs uses the options field for the source fs
19:29 < l4ra_away> ie mount none /etc -t hostfs -o apache/etc
19:30 < l4ra_away> 'stock'.. ;-)
19:30 < l4ra_away> you mean like using uml and ubd's.
19:30 < KFrench> fstabs are always custom
19:30 < KFrench> but I'd try to not modify rc.sysinit to fix mtab problems
19:30  * l4ra_away doesn't really care about what's supportable
19:30 < l4ra_away> yeah i agree
19:31 < l4ra_away> but just because i don't know what i might break elsewhere
19:31 < l4ra_away> -)
19:31 < KFrench> that's good enough reason - at least on production machines
19:31 < KFrench> break the dev ones
19:31 < l4ra_away> yeah
19:31 < l4ra_away> i totally agree
19:31 < l4ra_away> but i wouldn't run uml on production yet... just not comfortable enough with it...
19:32  * l4ra_away is a consultant for a huge two-letter computer manufacturer that competes with ibm
19:32 < l4ra_away> many of my customers worry about support with red hat as on various sorts of hardware, kernel errata, etc.
19:33 < l4ra_away> my view is, if i can't fix it (and it's open source), i probably won't run it.
19:33 < l4ra_away> i.e., so we offer support for custom kernels now finally even though red hat won't
19:34 < l4ra_away> kinda the whole point of open source, but don't fix it if it ain't..
19:34 < l4ra_away> thks KFrench. ;-) i'll go back to the regular /etc and keep it all in a ubd. simple way is usually best way.
19:35 < l4ra_away> maybe i'll just mount my mysql partition as a raw partition and keep all the os/bootable file systems in the ubd...
19:35  * l4ra_away is away: I'm busy
19:35 < KFrench> that's probably worth doing...
19:35 < l4ra_away> cool.
19:35 < l4ra_away> thanks!!
19:35 < KFrench> the db is a special case because of its nature
19:36 < l4ra_away> ok my wife is calling me to dinner (and my daughter is screaming;-)) so i've gotta go. 
19:36 < l4ra_away> yeah i agree
19:36 < l4ra_away> ok see ya later KFrench -- thanks for the good advice, hope i helped you too. later
19:36  * l4ra_away is away: I'm busy
19:43 -!- l4ra_away [~lara_sk@a002.labarts.com] has quit [Quit: Client exiting]
19:48 < KFrench> I should be able to make a script that traps the TERM signal, and then starts my uml.  When the script gets a TERM, I should be able to call the mconsole and send the Ctrl-Alt-del to the uml.  Sound sane?
20:07 -!- solarce [~solarce@209.16.139.4] has quit [Remote host closed the connection]
20:17 -!- solarce [~solarce@209-16-139-4.cortland.com] has joined #uml
20:42 -!- mistral [mistral@jstevenson.plus.com] has quit [Read error: Connection reset by peer]
20:43 -!- mistral [mistral@jstevenson.plus.com] has joined #uml
21:13 -!- collord_ [~collord@dt.collord.net] has joined #uml
21:50 -!- l4ra [~lara_sk@a002.labarts.com] has joined #uml
21:51 < l4ra> KFrench: you still around?
21:51 < l4ra> i'm a sucker for punishment so i started chrooting it anyway. ;-) what hoops do i have to go through to make it work with /proc/mm?
22:05 -!- caker [~null@pcp507591pcs.nash01.tn.comcast.net] has quit [Ping timeout: 480 seconds]
22:27 -!- collord_ [~collord@dt.collord.net] has quit [Ping timeout: 480 seconds]
22:27 < KFrench> I'm here.  Only for a short bit though
22:27 < KFrench> just mkdir /umlroot/proc; mount proc /umlroot/proc -t proc
22:40 -!- KFrench [~chatzilla@68.50.83.1] has quit [Quit: ChatZilla 0.8.11 [Mozilla rv:1.2.1/20030225]]
--- Log closed Mon Aug 25 00:00:00 2003