=== mgalvin [n=mgalvin@ubuntu/member/mgalvin] has joined #ubuntu-server | ||
=== nictuku [n=yves@201.10.184.190] has joined #ubuntu-server | ||
=== mgalvin [n=mgalvin@ubuntu/member/mgalvin] has joined #ubuntu-server | ||
=== mgalvin [n=mgalvin@ubuntu/member/mgalvin] has joined #ubuntu-server | ||
=== natroll_movie [n=natroll@68-190-90-101.dhcp.mdsn.wi.charter.com] has joined #ubuntu-server | ||
=== bpuccio [n=brian@ool-457a9c38.dyn.optonline.net] has joined #ubuntu-server | ||
neuralis | fabbione: have we considered shipping with some sane limits enabled by default in /etc/security/limits.conf? | 08:11 |
---|---|---|
fabbione | neuralis: the defaults are sane. :) | 08:11 |
fabbione | no we are not going to touch them | 08:11 |
fabbione | not for dapper | 08:11 |
fabbione | and we are way past FF for that | 08:12 |
neuralis | i didn't think any limits are enabled by defualt, are they? | 08:12 |
fabbione | there are no limits | 08:12 |
fabbione | and we don't want them | 08:12 |
fabbione | it's more the time they break something that really protects you against stupidity | 08:12 |
fabbione | i have seen far too many apache installs broken for the crap in limits.conf | 08:13 |
maswan | if you have a multi-user system where you need them, you know much better what kind of limits you need | 08:13 |
neuralis | it seems strange that we ship a system that's susceptible to a forkbomb out of the box. | 08:13 |
fabbione | neuralis: i can give you a 20 lines C program that no matter what limits you put there it will kill your machine... | 08:14 |
neuralis | right, but an nproc limit is low-hanging fruit. i don't feel too strongly about it, but i do think we should ship one. | 08:16 |
maswan | hmm.. I think the only one we enforce is a 3 hour soft cputime limit on our multiuser machines | 08:16 |
maswan | and that's mostly because people forget looping processes | 08:17 |
maswan | neuralis: what should it be then? would a limit on 100k be useful? | 08:18 |
fabbione | neuralis: i think who really needs limits should set them up as it fits better for them | 08:18 |
maswan | neuralis: because below that I see it conflicting with real use | 08:18 |
neuralis | maswan: your users run 100k processes in parallel? | 08:23 |
maswan | neuralis: apache might | 08:24 |
neuralis | very unlikely, and that's a special case. | 08:24 |
neuralis | in any case, i'll consider throwing it into a spec for dapper+1, and we can get some other feedback. | 08:25 |
neuralis | fabbione: send me your 20-line C program. there are any number of ways i can think of to bring down a machine, but i'd love to see yours. :) | 08:27 |
fabbione | neuralis: just do a while loop with open(filefoo); close(fd); | 08:28 |
fabbione | make sure you open and close | 08:28 |
fabbione | a perfectly legal operation that will not hit limits at all | 08:29 |
fabbione | 1 file open | 08:29 |
fabbione | you will see your machine crashing in a few seconds.. depending on the RAM | 08:29 |
fabbione | do not sleep in the middle.. no need to do any operations in the loop | 08:30 |
fabbione | just open/close :) | 08:30 |
=== Pygi [n=mario@83-131-250-25.adsl.net.t-com.hr] has joined #ubuntu-server | ||
=== natroll [n=natroll@68-190-90-101.dhcp.mdsn.wi.charter.com] has joined #ubuntu-server | ||
=== |JulienH| [n=JulienH@tru75-2-82-67-204-235.fbx.proxad.net] has joined #ubuntu-server | ||
=== fdb [n=fdb@88.213.130.166] has joined #ubuntu-server | ||
=== _JulienH_ [n=JulienH@tru75-2-82-67-204-235.fbx.proxad.net] has joined #ubuntu-server | ||
=== |JulienH| [n=JulienH@tru75-2-82-67-204-235.fbx.proxad.net] has joined #ubuntu-server | ||
=== hunger [n=tobias@p54A61836.dip0.t-ipconnect.de] has joined #ubuntu-server | ||
=== mgalvin [n=mgalvin@ubuntu/member/mgalvin] has joined #ubuntu-server | ||
=== mgalvin [n=mgalvin@ubuntu/member/mgalvin] has joined #ubuntu-server | ||
=== Pygi [n=mario@83-131-247-214.adsl.net.t-com.hr] has joined #ubuntu-server | ||
=== lionelp [n=lionel@ip-128.net-82-216-65.rev.numericable.fr] has joined #ubuntu-server | ||
=== Pygi [n=mario@83-131-247-214.adsl.net.t-com.hr] has joined #ubuntu-server | ||
=== lbm [n=lbm@x1-6-00-13-10-7a-d1-e4.k233.webspeed.dk] has joined #ubuntu-server | ||
=== tiefox [n=giovanni@200.208.130.3] has joined #ubuntu-server | ||
=== allee [n=ach@allee.exgal.mpe.mpg.de] has left #ubuntu-server ["Konversation] | ||
=== mgalvin [n=mgalvin@ubuntu/member/mgalvin] has joined #ubuntu-server | ||
=== mario_ [n=mario@83-131-236-96.adsl.net.t-com.hr] has joined #ubuntu-server | ||
=== LordHunter317 [n=hunter@nat73.vnet.wnec.edu] has joined #ubuntu-server | ||
=== Pygi [n=mario@83-131-247-116.adsl.net.t-com.hr] has joined #ubuntu-server | ||
=== mgalvin [n=mgalvin@ubuntu/member/mgalvin] has joined #ubuntu-server | ||
=== TMM [n=hp@c51471f2c.cable.wanadoo.nl] has joined #ubuntu-server | ||
TMM | hi! | 10:33 |
TMM | to repost my question on -devel: | 10:33 |
TMM | what would me the chances of getting iscsi support into the -server kernel before dapper releases? slim? extremely small? near-zero? :) it pretty much doesn't touch any files, it just adds a couple | 10:33 |
mkrufky | zero -- dapper kernel is in code freeze | 10:33 |
TMM | crud... | 10:33 |
TMM | I only just noticed that it's missing | 10:34 |
mkrufky | TMM: they are only doing bug fixes | 10:34 |
mkrufky | TMM: try #ubuntu-kernel | 10:34 |
TMM | hahaha, ok :) | 10:34 |
mkrufky | TMM: maybe they can help you | 10:34 |
=== TMM joins the 3rd channel | ||
mkrufky | ;-) | 10:34 |
=== Fujitsu [n=fujitsu@c211-28-183-112.eburwd7.vic.optusnet.com.au] has joined #ubuntu-server | ||
=== tseng [n=tseng@unaffiliated/tseng] has joined #ubuntu-server | ||
TMM | but, thanks mkrufky :) | 10:36 |
mkrufky | TMM: i try | 10:37 |
mkrufky | TMM: you shouldnt be afraid to compile your own kernel | 10:37 |
mkrufky | TMM: the ubuntu guys frown on it, though | 10:37 |
TMM | ow, I'm not, it's just that our customers won't like it very much | 10:37 |
mkrufky | TMM: you will lose ubuntu tech support | 10:37 |
mkrufky | gotcha | 10:37 |
TMM | they *really* won't like that | 10:37 |
mkrufky | well, you can always provide a package for them | 10:38 |
TMM | not having iscsi support is going to be a huge problem | 10:38 |
TMM | not only for me, but for others, and I am a fucking retard that I didn't check | 10:38 |
TMM | earlier | 10:38 |
TMM | I noteced it was missing from breezy as well, and never bothered to check dapper, until today, I was sort of assuming it would be there | 10:39 |
mkrufky | TMM: here is a GREAT howto for building .deb kernel-pachages | 10:39 |
mkrufky | http://www.us.debian.org/releases/stable/i386/ch08s05.html.en#id2530099 | 10:39 |
TMM | I really don't want to put any more sles boxes | 10:39 |
mkrufky | if i were you, I would build a kernel package, and host it in your own apt repo for your customers | 10:39 |
TMM | mkrufky: I know how to do all that, but then I would have to track security. and prompty recompile | 10:39 |
mkrufky | TMM: but, this DOES violate your support | 10:40 |
mkrufky | yup :-( | 10:40 |
TMM | I know, and I don't want that | 10:40 |
mkrufky | ok | 10:40 |
=== mkrufky just trying to share the knowledge | ||
TMM | also, our company is looking to become ubuntu support reseller... would be a pretty stupid move | 10:40 |
mkrufky | well, then.... your company may have some pull | 10:40 |
TMM | meh, doubtful | 10:40 |
TMM | we aren't yet | 10:40 |
TMM | I am just too late probably | 10:41 |
TMM | I am a fucking moron :) | 10:41 |
mkrufky | :-( | 10:41 |
TMM | trying to push ubuntu in the company I work for, and forgetting to implement something as critical as this... | 10:41 |
ajmitch | TMM: we're not at kernel freeze yet, so there still might be a chance | 10:42 |
TMM | that would be awesome... just tell me what I need to do :) | 10:42 |
Fujitsu | More than a month until kernel freeze. | 10:42 |
TMM | I'll do anything | 10:42 |
Fujitsu | It is quite possible that you could get it in, as there is a focus on servers this time around. | 10:42 |
Fujitsu | May 18. | 10:42 |
ajmitch | TMM: filed a bug in malone asking for it? | 10:43 |
TMM | I've got big hardware to test all of this crap on, I got 3 different types of iscsi sans to test from, got amd64 box too | 10:43 |
ajmitch | talked to the guys in #ubuntu-kernel? | 10:43 |
TMM | ajmitch: I just asked, there doesn't seem to be anyone home yet | 10:43 |
TMM | ajmitch: and I haven't asked on malone yet... | 10:43 |
TMM | having iscsi support would mean that I can stop putting crappy sles9 boxes in places where vmware needs to run for instance | 10:44 |
TMM | with rhcs now in dapper, I think it is strange that it isn't in actually :) | 10:45 |
TMM | rhcs is pretty darn cool | 10:45 |
TMM | I implemented a 6 node cluster on redhat as4 for a customer :) | 10:45 |
TMM | neat hardware too | 10:45 |
TMM | I felt like a kid in a candystore | 10:46 |
TMM | :) | 10:46 |
TMM | ajmitch: what would I need to do? put it in malone? I don't necceceraly want to request it as a feature, more like 'permission' or something, I don't like asking others to do "my" work :) | 10:49 |
TMM | ajmitch: plus, there is also the matter of the user-space utilities that would have to go into main/ then I suppose... that's probably a tad nastier | 10:50 |
TMM | I really need to go sleep now, early day tomorrow... | 10:50 |
TMM | ajmitch: could you please email me at hein-pieter.van.braam@ictivity.nl if you can help me with some information, please? :) I would really like to have this in dapper | 10:51 |
TMM | bye now | 10:51 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!