[00:21] going to uninstall ubuntu-server and install debian again. [00:21] this wasnt like i expected [00:21] see you === nxvl_ is now known as nxvl_work === nxvl is now known as Guest59286 === nxvl_work is now known as nxvl [05:56] when i run sudo i get no output and the command does not execute from what i can see [07:07] the only difference between server and desktop installs (minus packages) is something about cpu timing? i forget. [07:16] Anyone here with a glue in integrating Ubuntu (LTSP envinroment) into Active Directory domain? [07:16] methods: Is that a question? [07:17] soren: when i run a command using sudo it gives me no output and doesn't run the command... [07:17] LTSPTNK: ogra is our LTSP dude. [07:17] ogra: ^^ [07:18] methods: What command are you trying to run? [07:18] does this mean my sudoers file is messed p ? [07:18] sudo echo test [07:18] methods: And nothing at all happens? [07:18] nope just returns [07:19] Interesting. Did you edit your sudoers file? [07:19] idk maybe but i dont think i did [07:19] i have no root password either so i can't do anything [07:19] You can always boot into recovery mode. [07:19] it's remote [07:20] hmm.. [07:20] Well, you can't read your sudoers file, but can you see if it's maybe been truncated? [07:20] (i.e. size is 0) [07:21] -r--r----- 1 root root 394 May 13 05:51 /etc/sudoers [07:21] well another thing is that it asks me for the password every time [07:21] normally it caches it right [07:22] 394 sounds a bit small. [07:22] Ah, so it does actually ask you for a password? [07:22] You said that it just returns.. [07:23] yea i put in my password and it just returns [07:24] /var/run is mounted alright? [07:24] yes [07:24] I know it sounds lame, but have you tried rebooting it? [07:25] what would that do ? [07:25] I don't know. Since I don't know what you did to break it, it's sort of hard to come up with good ideas to fix it. [07:26] Especially, ideas that a non-privileged user can do anything about. [07:26] Oh... How would you reboot it? [07:26] web panel i presume [07:26] anyway thanks i'll just call htem tomrorow [07:27] np [07:55] (09:17:25) soren: LTSPTNK: ogra is our LTSP dude. [07:55] (09:17:28) soren: ogra: ^^ [07:55] guys, Ogra told me to try to contact this channel, becouse the problem is more LDAP/AD related than LTSP :) [08:04] I know what you have to do to hook into an AD domain, but I haven't a clue how that interacts with LTSP. [08:10] I have been trying different hook-ups, now I'm pretty satisfied with Likewise-winbind [08:11] but I run to little problems, because the ppl who authenticate against AD doesnt belong to any system groups, any hints on that? [08:12] Add them? [08:12] soren: i'm looking for you since friday [08:12] soren: did you get my mail? [08:15] nxvl: I haven't gotten to it yet. I think. Which one is it? [08:16] add them? U really mean I should add all the 500 users from our AD to Ubuntu LTSP server and every time we get new person to house or one leaves, follow behind and update /etc/group? [08:17] Easy now.. [08:17] You told me precisely *nothing* about your setup. [08:19] I don't even know which system groups you're talking about? [08:19] oki, I just got little upset :) [08:19] soren: about augeas [08:19] soren: and a wiki page [08:21] I work for one anonymous school in Finlan, doing my civil service. We have like 300 workstations/laptops in the house, all windows XP. I have been developing LTSP envinroment to replace one computing class. Infact to not to replace it, just hook the LTSP server betweem the switch and outer network. [08:21] nxvl: Yes, I see it. I'll get to it in a minute, I think. [08:24] I have been testing many ways to authenticate against AD domain, only problem is the groups. I have been thingking if it is possible to add (for example) fuse group to AD and make ppl part of it. Or different, to link "domain^users" to some groups somehow, and for example "domain^admins" to "admin" [08:25] and by authenticating via Likewise, I'm able to see all the AD groups i belong in, by typing the "id" command :) [08:25] I'm not really sure what mechanisms likewise/winbind offers for that. [08:25] Truth be told, I haven't really used it. :/ [08:27] what kind of authentication U have used? [08:27] LDAP [08:29] Hi, I'm hoping you all can help me with a very strange problem that I've run into. If I add an IPv6 tunnel to /etc/network/interfaces, without even enabling radvd, it breaks connectivity to certain websites to some of my NATed IPv4 clients although the affected sites work just fine from the gateway machine themselves. [08:29] does it work with 2003 / 2008 AD?? [08:29] or if NATed through a different gateway. [08:30] LTSPTNK: Don't know. I really meant that I've never really used AD. [08:31] anyone have any ideas? [08:31] awh, ok, i see [08:32] as far as i know, AD is just modified LDAP and they are compatible to some point... [08:32] in LDAP U can add ppl to be part of the system groups in server side? [08:36] I've never really needed to, I think. [08:53] soren: btw [08:54] soren: if you haven't read it in planet ubuntu still, augeas got it's second ack [08:54] soren: so we can start breaking it any time from now on [08:54] nxvl: Has it been uploaded? [08:54] soren: not still i think [08:55] soren: the 2nd acker was unsure about the first one (if it was still valid on not) [08:55] so i'm waiting for raphink to upload it [08:55] (the first acker) [08:56] Oh, ok. [08:56] soren: bot if you want to give it a 3th ack and upload i won't get mad [08:56] s/bot/but [08:56] :) [08:56] If it's got two ack's already, I don't think I will. I'm a rather slow reviewer :) [08:57] soren: btw, if you got impressed with the 1st copyright, check the actual one [08:57] soren: even i am impressed with it [08:58] soren: and i wrote it [08:58] :) === folke_ is now known as afk_away === afk_away is now known as folke [09:18] soren: thanks for your answer! [09:18] soren: if you got some time, would you like to write the libvirt lense? [09:18] np :) [09:18] soren: i think it will be really easy, since there is already an xml module [09:18] I'm not sure such a thing makes sens. [09:18] You are *really* not supposed to edit those files directly. [09:18] soren: yes, i wanted to discuss it with you [09:18] Ever. [09:19] soren: so better to remove it from the list? [09:19] soren: and not include libvirt support on augeas? [09:19] I would say so. Sorry, I missed the fact that it was on there. [09:19] I only really looked for stuff that might be missing and not so much stuff that was on there, but shouldn't be. :) [09:20] soren: but, you don't think it would be useful to have libvirt support (or some kind of kvm support) on ucsa (or however i call it later) [09:20] Sure, but as far as I understand augeas, it only deals with files directly, correct? [09:21] yep [09:21] Then it's not going to be suitable for working with libvirt. [09:21] That is not to say that UCSA couldn't, though. [09:21] oh ok [09:22] so, you are saying that there mustn't be config file support for kvm, but other kind of support for it? [09:23] When you're dealing with libvirt, you'r not just editing files. You need to do special things to extract the config file and special things to put it back and make it take effect. [09:23] but, editing files will be needed [09:24] That's the core of the issue. There are various ways to work around this. How you choose to do so is up to you :) [09:24] Well, yes, files will have to be edited. [09:24] so augeas will need to support it [09:24] Probably. [09:24] Somehow. [09:24] and make aditional work on ucsa [09:24] for the effects to be taken [09:25] Unless you can throw random files at augeas and make it read that (instead of having augeas go look for the files itself) [09:25] i don't know much of kvm or the virtualization software that we use [09:25] that's why i wanted to discuss this with you, so you can guide me on how to plan it [09:26] soren: i think we can [09:26] AIUI, if you want to work with grub in augeas, it finds the menu.lst by itself. You don't tell it "hey, I want you to parse /boot/grub/menu.lst using the grub lens". You just tell it that you want to change grub's config. [09:26] ...and it goes and find the file. [09:26] soren: you can specify "/path/*" [09:26] Ok. [09:27] Well... Yes, I suppose you can use that somehow. [09:27] soren: to the api you need to tell it which file you want to edit. I think [09:28] soren: for yum it uses * [09:28] So in UCSA, you'd: 1) Extract all configurations virtual machines and dump them in /var/tmp/ucsa/libvirt, 2) add a special lens (that know to look in /var/tmp/ucsa/libvirt) to libaugeas, 3) parse the stuff, 4) make changes, 5) define everything from what's now in /var/tmp/ucsa/libvirt [09:28] let filter = (incl "/etc/yum.conf") . (incl "/etc/yum.repos.d/*") [09:29] * nxvl moves libvirt to the bottom of the ToDo since it looks like a nightmare [09:29] :D [09:30] ok now i need to sleep [09:30] we can discuss more about this later, when we are almost reaching the lenses goal [09:31] i hope i reach it for intrepid [09:31] and have augeas (the standalone version of it) for intrepid+1 [09:31] and discuss the desing of it in california (if get invited) [09:32] s/if/if i/g [09:36] Cool. [09:38] yeah, augeas has simplified my work a lot [09:39] soren: have a good day! [09:39] i'm gone [09:39] Good night! [09:39] i need to be at work on 4.5 hours [09:40] soren: please think about if you want to have kvm support on ucsa and send me some documents on how to do this (how the configuration work and such things) to plan it better [09:40] soren: thank you! [10:07] hi [10:08] is there a netinstall cd for hardy? === mdz_ is now known as mdz [10:12] moin [10:52] soren, ltsp just uses ssh for everything, so the proper question would have been "how do i integrate ssh (including X forwarding) into AD" [10:55] Oh. [10:55] Ok, thanks. [10:56] we try to keep away from user management as far as we can in ltsp :) [10:57] its all ssh only using whatever is set up on the server for auth ... [10:58] Sounds reasonable enough. That's good to know. [11:16] it is good to see that ppl really care about my problem here :) this school has a lot of potential to start using Linux allmost as prior system if all goes well :) === fReAkY[t] is now known as freaky[t] === freaky[t] is now known as fReAkY[t] === fReAkY[t] is now known as freaky[t] [13:29] hi folks, could anyone point me at a ubuntu-specific doc for apache ssl "the ubuntu way" - ie how to set up vhosts, ssl etc [13:32] thefish: there's some information in the serverguide: https://help.ubuntu.com/8.04/serverguide/C/httpd.html [13:34] thanks sommer [13:34] np [13:37] hi [13:37] is there anybody for helping me? [13:37] ;) [13:38] i have got a start up service problem... [13:39] :( [13:40] I likely can't help, but when you get on a channel just ask a question and see for a response [13:40] ok [13:42] How can I run ssh service at start up? [13:42] automatically...;) [13:44] tolun, sudo update-rc.d ssh defaults [13:44] tolun, it should be set to start automatically when you install it anyway, do you have the ssh server installed? [13:45] yes...thanks a lot... I will try it now [13:52] thefish, thank you... it has been worked... [13:52] tolun, glad it helped :) [13:53] thefish, if I want to remove this start up script what should I do? [13:54] tolun, you can either remove the links in /etc/init.d (bad) or sudo update-rc.d ssl remove (best) [13:54] tolun, man update-rc.d ;) [13:55] wow :D ok... [13:55] again really thank you... [13:55] no worries [13:56] guys... have a nice day... bye bye [13:57] seeya tolun [13:58] allo anyone use knokd? [14:37] hi all [14:39] help! i would make a network with dump clients [14:39] on those exist only /tmp /var and /dev [14:39] other directories will be mounted via NFS [14:39] how should i do that? [14:39] its enough, to be the same kernels on serever and clients both? [15:02] just a thought to throw out there do we want dovecot 1.1.1? [15:07] zul: sure [15:08] zul, its the best imap server ive played with - really easy and impressive [15:08] not tested in very high load situations though [15:18] Anyone here with knowledge bout 8.04 and vmware esx ? [15:19] I am having trouble to compile vmware-tools on hardy with esx 3.02 === jjesse_ is now known as jjesse [15:29] <_ruben> folke: depending on your needs you might want to try using open-vm-tools instead of the commercial vmware tools [15:29] _ruben: Oh, is this in hardy repo? [15:30] <_ruben> no, it was, but has been pulled due to being alpha status, its maintained/developed by vmware though [15:30] <_ruben> http://open-vm-tools.sf.net [15:30] Ah, tnx, I will look in to that. You said "depending on your needs".. Is there som drawbacks? [15:31] <_ruben> the commercial vmware tools offer more functionality .. i dont have a complete list of differences in my head [15:32] I am thinking of using 8.04 in production enviroment. [15:32] Not so i/o hungry servers, at first.. [15:34] from what I see in the faq, it says that non-experimental stuff is released. [15:34] But nithing about stability and performance. [15:36] <_ruben> not using esx in production here (due to its licensing method regarding 3rd party usage) .. so not sure how it'd perform there [15:40] _ruben: Have you heard anythoing pro / con with the open source tools.. Would be really nice if they worked nicely tho,.. [15:41] soren: ping did you mention that you had an munin patch for me? [15:48] <_ruben> folke: i installed em on some test machines that hardly do anything .. and i lurk on the open-vm-tools mailing list, which doesnt mention all that much problems (most of em are compilation ones) [15:49] zul: Yes! Hang on. [15:49] _ruben: Perhaps I give it a try on an internal 8.04 jeos at first :) [15:50] zul: http://people.ubuntu.com/~soren/221-apt-ubuntu-changes.patch [15:50] zul: Sorry about the delay. I had an ssh key issue I needed worked out first (And I was too lazy to just do it from another machine). [15:51] soren: no problem im going to merge the new one today and want to update the patc [15:51] patch even [15:51] cool [16:16] jdstrand: have you seen this? http://www.imapwiki.org/ImapTest [16:22] greetings, how do i bring up my network at the local.premount time inside a initram? [16:25] Why? [16:25] one sec, longer explanation [16:27] pxe boot, client is diskless, should get a "image" from nfs/whatever networksource with full rw support in ram, currently im editing the init script so that it makes the "real_root" inside a created ramdisk, therefor i need to get the image , but error message seems to be that the network isnt up yet [16:30] hi everyone... [16:31] the finished idea bout it is having a pxe with some "images" of the clients, the clients get a minimal sys to boot, and chroot inside their image [16:31] hu tolun [16:31] i need an information...about a package name for db and db-devel... [16:32] what are the new names for that? or how can I install them? [16:32] cant say, dont know, sry [16:32] Dark_Shadow2: you should ask the ltsp guys about this setup - that's what ltsp is doing IIRC - ogra should be able to help you [16:33] hmm i could allways try [16:33] thought the clients should not get a "terminal" at all [16:33] ill check that tomorrow, thx for the tip [16:35] Dark_Shadow2, what we do is to chave a botstrapped chroot with X, login manager and some other bits, that is rolled into a squashfs ... the client mounts that as nbd device and sets up a unionfs from it ... if you take that, ad remove all packages you dont want you should essentially have a minimal system to mount nfs shares over the dirs [16:35] tolun: you may be looking for libdb4.6 and libdb4.6-dev? [16:37] maybe [16:38] i really dont know... one of the product which is named as @mail it needs this db and dbdevel... [16:38] tolun: sommer is almost certainly pointing you in the right direction. [16:39] himmm ok [16:39] thank you sommer and ScottK [16:40] ScottK: You know that feeling, when long ago you said something or advocated something and no one listened, and now people realize what you were trying to say? [16:40] Yes. [16:43] that should be an option, ill give it some reading and a try tomorrow, need to go now, thx though [16:44] Dark_Shadow2, https://help.ubuntu.com/community/UbuntuLTSP/LTSPQuickInstall (you want the bottom part) [16:44] How can I activate apache2's mod_deflate ? [16:46] tolun: sudo a2enmod deflate then sudo /etc/init.d/apache2 force-reload [16:47] New bug: #246298 in bacula (universe) "package bacula-director-sqlite3 2.4.0-1ubuntu1 [modified: usr/sbin/bacula-dir usr/sbin/dbcheck] failed to install/upgrade: " [Undecided,New] https://launchpad.net/bugs/246298 [17:49] don't worry if I don't have a question right now I just want listen and learn new stuff currently [17:50] I hope no one minds [17:51] Not at all. [17:51] ty [17:54] Hi [17:54] I'm setting up Apache + SSL, and I would like Apache to start/restart automaticaly without having to type the password [17:55] ty you just gave me another idea lol [17:56] pubo: Then don't have passworded private keys. [17:56] pubo: If you can name one good reason to have a passphrase on your private key, I'll give you a cookie. [17:57] infinity, then, I should create the key without a password? [17:57] pubo: Yes. [17:57] uhm, ok :) [17:58] pubo: As long as it's readable (on-disk) only by root, you've lost no security here. [17:58] I thought It was a security problem not tu set a password [17:58] pubo: Think about the fact that root can read the key from memory once apache loads it anyway. [17:58] oki doki... thank you [17:59] (The only possible implication is physical security, but if you have people with physical access to your server, you have bigger problems than key management, IMO) [18:00] infinity, no. I use an Internet private server :) [18:04] * delcoyote hi [18:14] soren: btw I included your patch in the upload thanks [18:18] What are some good cluster management options for ubuntu? [18:18] andyway to turn on remote access for vnc from bash? [18:42] New bug: #246343 in dhcp3 (main) "dhclient.conf should request nis-domain etc. by default" [Undecided,New] https://launchpad.net/bugs/246343 [18:42] uh no [18:47] *shrug* [18:47] Until there's a better mechanism for packages to list which dhcpoptions they want to request, it's better to ask for too many than too few. [19:13] ScottK: what do you think about the libdb transition in intrepid ? I'm updating the ServerTeam roadmap and there is an item about libdb4 transition [19:14] kirkland: what is the state of status action to init scripts ? [19:14] moin moin [19:15] nealmcb: any new factoids that should be updated ? [19:15] mathiaz: the common library pieces are present in Intrepid's /lib/lsb/init-functions [19:15] !serverguide [19:15] Sorry, I don't know anything about serverguide [19:15] !inetd [19:15] Sorry, I don't know anything about inetd [19:15] I vote for serverguide :) [19:15] !openssl [19:15] mathiaz: we now need to add the 4-line block to the pertinent init scripts, and bump their depends up to >= a particular version of lsb [19:15] Sorry, I don't know anything about openssl [19:16] kirkland: is this still something that is targeted for intrepid ? [19:16] mathiaz: i'd very much like to see it done for the server init scripts [19:16] !ubottu [19:16] Hi! I'm #ubuntu-server's favorite infobot, you can search my brain yourself at http://tinyurl.com/5zfb6t - Usage info: http://wiki.ubuntu.com/UbuntuBots [19:17] mathiaz: i was sort of hoping owh would run with it [19:17] mathiaz: or perhaps another community member [19:26] hello! [19:28] I'm trying to configure my ubuntu server for accepting ssh connections using dsa keys but it doesnt seem to work fine. I have added my public key to the server's authorized_keys file but when starting the connection, the server does not give any answer after sending the public key... [19:28] I've configured this many other times on different ubuntu servers, and can't find out whats happing this time on this server [19:29] I've also tried to configure a different server to check if I'm missing something, and the configuration works on the other server! [19:29] anyone here has experienced something similar? [19:31] you've done a diff on your ssh config files and another servers config files? [19:31] yeah [19:31] they are both the same [19:31] authoried_keys has the correct perms and is in the correct directory with correct perms? [19:31] its on .ssh [19:31] with 600 [19:31] owned by the user [19:32] now seriously really noob questoion, is my vnc server running, heres a pic [19:32] http://img411.imageshack.us/img411/9115/vnccq4.png [19:33] orry BockBilbo that's all i can think of [19:33] hehe [19:33] me too [19:33] i have compared the debug on a connection that works [19:33] with the one that doesnt [19:33] and this is the main diff: [19:37] in both, after stablishing an initial connection with the ssh server, the client shows this message: debug2: we sent a publickey packet, wait for reply [19:37] kirkland: you may wanna update the section about status action in init scripts on the ServerTeam Roadmap [19:37] when making a connection it should continue with: debug1: Server accepts key: pkalg ssh-dss blen 433 [19:37] kirkland: it seems that what's written there related to the hardy dev cycle. [19:38] mathiaz: yeah, no problem [19:38] mathiaz: i can do that [19:38] mathiaz: last I recall we needed to work on the factoids related to virtualization [19:38] !virtualization [19:38] There are several solutions for running other operating systems (or their programs) inside Ubuntu, while using the native CPU as much as possible: !QEmu (with !KQemu), !VirtualBox, !VMWare, as well as !WINE and !Cedega for Windows applications [19:38] !kvm [19:38] Sorry, I don't know anything about kvm [19:39] ^^ that should be fixed :) [19:39] mathiaz: Error: "^" is not a valid command. [19:39] debug1: Authentications that can continue: publickey,password [19:39] debug2: we did not send a packet, disable method [19:39] but when the non working server i get: debug1: Authentications that can continue: publickey,password // debug2: we did not send a packet, disable method [19:39] sorry for the flood... [19:39] ubottu: kvm is the preferred virtualization approach in Ubuntu. For more information see https://help.ubuntu.com/community/KVM [19:39] !paste | BockBilbo [19:39] BockBilbo: pastebin is a service to post multiple-lined texts so you don't flood the channel. The Ubuntu pastebin is at http://paste.ubuntu.com (make sure you give us the URL for your paste - see also the channel topic) [19:40] ubottu: virtualization is There are several solutions for running other operating systems (or their programs) inside Ubuntu, while using the native CPU as much as possible: !kvm is the preferred approach in Ubuntu. See also !QEmu (with !KQemu), !VirtualBox, !VMWare, as well as !WINE and !Cedega for Windows applications [19:40] mathiaz, ok [19:40] soren - any comments on those proposals? [19:40] mathiaz: We should still try to get rid of anything older the 4.6. [19:42] kirkland: There is a thread going on now in debian-devel about LSB and status was discussed as a good thing. This might be an opportune time to send the lsb/init-functions patch to Debian. [19:42] You might discuss it with slangesek. [19:42] BockBilbo: I recall some serious recent concerns over dsa usage with ssh given its vulnerability to random number generator problems [19:43] There has also been a big upswing in SSH cracking attempts. [19:45] BockBilbo: see e.g. http://wiki.debian.org/SSLkeys [19:48] http://paste.ubuntu.com/25754/ [19:48] i have written down the steps I've taken and the verbose output of a connection [19:48] nealmcb im going to take a look at it now [19:49] but it still is strange the fact that the method I'm trying to follow worked with an ssh server on ubuntu desktop installation and not on the server [19:52] nealmcb, I already knew about that issued, I have perhaps reinstalled the whole openssh-server package, purging the previous installation, so all the config file should be new... [19:59] BockBilbo: yeah - I don't know if it is related, and I haven't heard of plans to withdraw support. but I for one won't be using dsa for that reason and for the covert channel issue. I'm curious - why do you want to use dsa? [20:00] i was just trying it [20:00] i tried rsa too [20:00] and didnt work [20:18] ScottK: I've sent to Debian already [20:18] ScottK: see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483285 [20:19] Debian bug 483285 in lsb-base "lsb-base: lsb status_of_proc() function" [Wishlist,Open] [20:19] OK. You might ask slangesek for suggestions about how to push it. [20:19] ScottK: maintainer says "I'm holding off on integrating these patches until I [20:19] get 3.2-12 into testing; adding functionality would break the spirit of the freeze, but I'll plan on getting status_of_proc() into unstable soon after that migration happens (hopefully soon)" [20:19] That's not so bad. It may miss Lenny though. [20:24] nealmcb: Looks fine [20:25] soren: pretty simple... I proposed these a few weeks ago, but people probably missed them. I'll follow up in u-ops [20:25] there may be more that could use help there also [20:26] (related to virtualization) [20:27] how do i tell what virtual display vnc is running on please? [20:31] !virtualization [20:31] There are several solutions for running other operating systems (or their programs) inside Ubuntu, while using the native CPU as much as possible: !kvm is the preferred approach in Ubuntu. See also !QEmu (with !KQemu), !VirtualBox, !VMWare, as well as !WINE and !Cedega for Windows applications [20:33] !kvm [20:33] kvm is the preferred virtualization approach in Ubuntu. For more information see https://help.ubuntu.com/community/KVM [20:33] :) [20:47] im afraid i havent been able to fix the problem [20:47] thanks anyway [20:47] :) [21:28] anybody heard about issues installing 8.04.1 as a xen guest [21:28] when I try to install it just suspends the guest and then when I bring it back goes back to the begining of the installer [21:29] 8.04 doesn't work in xen, dunno if that got resolved for .1 [21:31] lamont: Please see ubuntu-server ML. You have mail (re why is Postfix shipped in chroot and BIND not). [21:34] Deeps: do you know what the issue with 8.04 and Xen is or a bug report I can follow [21:35] search the bug tracker for xen, it's a kernel issue and there's some patch that can be applied which resolves some issues i believe === erichammond1 is now known as erichammond [22:00] ScottK: because BIND had an installed base when I got it, that's why [22:00] lamont: I think it'd be useful if you'd respond on the list... [22:00] yeah [22:01] will do so in a little bit [22:01] OK. [22:01] * lamont needs to finish out his work day [22:01] Would BIND defaults in chroot be a good release goal for Lenny +1/Intrepid +1? [22:02] ScottK: +1 [22:02] * ScottK isn't the one that needs convincing. [22:02] lol [22:02] so who is needed to be convinced? [22:03] ^^^ lamont is the maintainer for BIND in Debian and Ubuntu, but give him a chance to finish work first before you bug him too much. [22:03] ScottK: Error: "^^" is not a valid command. [22:03] ^^^ lamont is the maintainer for BIND in Debian and Ubuntu, but give him a chance to finish work first before you bug him too much. [22:04] i see [22:04] ScottK: my next proposal (on CA i hope) will be chroot services out-of-the-box [22:05] that would be better xD [22:06] but bind should have been chrooted by default long time ago xD [22:11] ScottK: certainly for new installs, yes [22:11] RoAkSoAx: the one point where it almost was, I broke a fair chunk of the installed base, it never made it out of unstable [22:11] actually, that wasn't chrooting - that was just running as non-root [22:12] which it now does just on fresh installs, not upgrades [22:12] lamont: what about a bind-chroot meta package containing only the configuration of a bind chrooted? [22:13] either requires an API exported from the bind package, or be delivered from bind9 source, else iz config violation [22:14] nxvl_work: I think doing it on new installs is reasonable. [22:14] ScottK: yep, that's why i suggest a new package instead of changing the new one [22:14] but lamont is right, it is config violation [22:14] yeah would be better to have new pkg with chroot config as nxvl_work said [22:15] * nxvl_work will figure out how to do it wihout breaking debian policy rules [22:15] nick nxvl [22:15] given that 99% of the user community has their own FHS-hating ideas on where files live, I want to give them a few minutes to get over the pain we caused with apparmor before we do more to them [22:15] nxvl_work: it is a violation of policy for a package to modify a config file of another package. [22:16] it's pretty simple... either you get the other package to export an API, or you don't do it. [22:17] lamont: yes, i know, that's why i will figure out how to have a different package (let's say bind-chroot) without breaking any rules [22:18]