[00:16] New bug: #1065320 in nova (main) "/var/lib/nova/volumes is owned by root after Folsom upgrade" [Undecided,New] https://launchpad.net/bugs/1065320 === guampa|2 is now known as guampa === cpg is now known as cpg|away [00:46] New bug: #1064735 in maas "maas-cli tag commands needs help " [Undecided,Confirmed] https://launchpad.net/bugs/1064735 [00:46] New bug: #1064737 in maas "Adding a new tag with empty string as the definition parameter causes maas-cli to hang" [Undecided,Confirmed] https://launchpad.net/bugs/1064737 [00:52] hi, whats the default version of perl in latest ubuntu server ? [00:53] Hello [00:53] https://launchpad.net/ubuntu/+source/perl [00:53] I am using Ubuntu Server 12.04, and the notification about updates, when you login via ssh, seems to be missing [00:54] bigjools thanks [00:54] is pam_motd.so still in your /etc/pam.d/* configs? [00:55] sarnold: nope [00:56] ironhalik_: in my /etc/pam.d/sshd: [00:56] # Print the message of the day upon successful login. [00:56] session optional pam_motd.so # [1] [00:56] (yes, even with # [1] -- no idea what that refers to) [00:57] hmm, isn't it provided by landscape? [00:57] No [00:58] I remeber landscape having something to do with the motd displaying packages that needed updating [01:03] landscape provides a similar buyt different display === shantorn_ is now known as shantorn [01:05] ironhalik_, you mean, /usr/lib/update-notifier/update-motd-updates-available [01:05] defently not part of landscape [01:06] ah, then I was thinking about the load, etc info [01:06] New bug: #1065331 in dbconfig-common (main) "variables defined in maintanier script overriden by global config" [Undecided,New] https://launchpad.net/bugs/1065331 [01:06] ironhalik_, /usr/lib/update-notifier/update-motd-cpu-checker [01:06] oh opps, not that one :) [01:06] patdk-lap: either way, the info about new packages is not showing [01:07] well, then your missing update-notifier [01:07] or update-motd [01:07] nah, I've got update-motd [01:08] does update-notifier really requires 193 packages :> [01:08] ? [01:08] if you install the gui one [01:09] Hmm, dunno - I tried out ubuntu server on a VM, it had a nice update notification [01:09] (the default image from ubuntu.com) [01:09] on my VPS, its lacking it [01:11] I always use minimal/jeos install, so I never have it [01:11] I kinda liked it :) [01:11] likely you just need update-motd and update-notifier-common [01:12] ah, finally! [01:12] had update-motd, needed update-notifier-common [01:12] thanks guys! === ironhalik_ is now known as ironhalik [02:13] hi, how I can enable root login over ssh ? PermitRootLogin yes is not enough in sshd config [02:14] I know I shouldn't be doing that, but I need it to be enabled [02:14] it is enabled by default, but root doesn't have a password by default [02:14] to log in as root over SSH, use SSH keys [02:15] you should not under any circumstance allow root login with a password, that's just asking for a bot to break in [02:16] New bug: #1065055 in maas (main) "celeryconfig_cluster.py imports utility method from maas (import_settings)" [Undecided,In progress] https://launchpad.net/bugs/1065055 [02:19] qman__++ [02:20] I usually turn off root login altogether as a failsafe, but using good keys and keeping those keys secured is reasonably safe [02:21] allowing password authentication, no matter how good your passwords are, is not very safe at all [02:21] because it only takes one mistake to accidentally set that password to something weak or to leak it out somehow [02:22] and it's a one-factor attack, the username is known [02:22] if you prevent root from logging in, you've increased the difficulty [02:22] because the attacker has to know your user name too [02:22] admittedly not the most secure information, but an unknown is an unknown [02:25] qman__ agree, but machine is not visible to the internet, so its safe [02:26] anway, thanks [02:26] it's still bad practice and you shouldn't do it [02:26] even if it isn't now, it could be later, or it could be reachable and you just don't know it [02:26] well, I used to think like that, but recently come to conclusion, that machines should make life easier, not harder [02:26] keys are easier than passwords [02:26] sometimes its good to use passwords [02:27] keys are _way_ easier than passwords [02:27] faster [02:28] more reliable [02:28] safer [02:28] less hassle [02:28] keys++ :) [02:29] generate keys, add your public key to /root/.ssh/authorized_keys, done [02:29] from operator view yes, but not from the user [02:29] oh yes, they're also far easier to audit after the faact :) [02:29] Iskorptix_: heh, even on my blackberry, keys are easier. :) [02:29] but they are easier [02:29] one simple example [02:30] and anybody who doesn't think so really has no business using root access [02:30] or you know what, I think this discussion is going nowhere, not worth time waste ;) [02:31] perhaps, you're not about to convince me that passwords are better :) I've been there, gave that up eight years ago. [02:32] keys have limitations, in that you have to have them with you to gain access [02:32] but that's a _good_ limitation [02:32] you don't want to log into your system from just any random machine [02:33] not without otpw or something [02:33] if you think for even a second that that random hotel kiosk isn't keylogging you, you're sorely mistaken [02:33] yeah [02:33] OTP is the exception to that, but that's not easy to set up [02:34] if a machine is trustworthy, it's under your control or the control of someone you trust, and distributing keys to it or using them from a flash drive is simple and easy to do [02:36] one thing I know for sure is that there is no better replacement for authentication than radius [02:36] passwords, keys or anything else is just beyond that [02:36] that's fine for user logins, but you're talking about root [02:38] not sure what you mean ? [02:38] root doesn't belong in your centralized auth system [02:38] he's the local admin on each machine [02:40] ok, I would allow root access from the specific hosts ? [02:41] or, not sure would be wrong if I would allow direct root login from anywhere within the network if I would know that network is invisible to others [02:41] well, in a good setup, you'd only allow root access when absolutely necessary, like in a cluster [02:42] and you'd use sudo or su and a standard user account for admin purposes [02:42] sude is waste of time imho, not sure why debian flawors using it, but anyway, thats my oppinion [02:42] Hello, what is a match block? [02:42] if someone already got single user access and trying to gain root, one day he will succed [02:42] is just a matter of time [02:43] pmp6nl: from sshd_config ? [02:43] better think of "how to prevent bad guys inside network" not just how to secure root [02:43] sarnold, yes [02:43] Iskorptix_: :) [02:45] securing the network is important, but it's also important to secure in depth [02:45] allowing root access directly is forfeiting that layer of protection [02:45] you're putting all your eggs in one basket [02:45] you are looking into this from very short perspective [02:45] also, by using a non-root user and sudo, they have to guess two things, not just one [02:46] have you ever managed systems with lots of users ? [02:46] plenty [02:46] doesn't look so [02:46] we have over 2200 machines in our systems [02:46] at work [02:47] what I'm trying to say, is that you should look into this from broader view, not just than "how to keep root safe" [02:47] a good example could be two factor auth [02:48] and problem with root password is "relatively" shorted [02:48] keeping root safe is paramount to keeping your systems secure [02:48] and by not allowing root to log in, you're gaining almost as much as a two factor auth [02:48] you said that you have 2200 machines in your system [02:48] ok, I believe you [02:48] Also if you use sudo, you get a log of who did what as root, which is very important when doing an autopsy on a multi-user system. [02:49] how many users accessing/managing such systems ? [02:49] you can also manage root access in an easy way with sudo [02:49] I don't actually know, going to guess about 3000 [02:50] ok what happens when one or more than one user will become evil and will try to access protected data [02:50] will you get noticed about that ? [02:51] the file security isn't that tight on most of them [02:51] we can, however, look back at who did what, when, if asked [02:52] Hello, I am trying to use unison to sync ubuntu server with ubuntu desktop. unison keeps timing out (scanning takes too long?) Any ideas? [02:52] yeah, you will only find if user is pretty much short of unix systems [02:52] but if the "right" person will join your company, gain your trust and you give him root [02:53] you systems will be compromised and you wont get noticed about that [02:53] so concluding about what I'm arguing here is [02:53] you're arguing that by not securing root you're somehow defending yourself against corporate espionage [02:53] not following the logic there, to be honest [02:54] our systems don't do much to guard data over what's typical, but they have very good logging [02:55] and we have good backups [02:55] there's room for improvement, but keeping good practices is important to move in the right direction [02:55] simply I just saying that securing root is not enough, you should think about more security countermeasures [02:56] of course it isn't enough alone [02:56] but not securing root is like leaving your front door open [02:56] well, if you believe that loging and backups will save you against disaster, than I don't have to say much here [02:56] they don't avert disaster, they're for disaster recovery [02:57] and disaster recovery comes before averting disaster on the priority list [02:57] there are so many ways to breach the system, that only limit is the imagination [02:57] and backups and logs wont save your seat in plane [02:58] you can't prevent all disasters, but you can prepare for them [02:58] and keeping good backups and logs is easier than fixing every possible hole [02:58] so yes, backups and logs come first [02:58] that is why large corporations have dedicated people who work only on security within corporation, starting with employes and ending with everyone else [02:58] this is basic operating principle [02:59] you've picked the wrong person to lecture on security [02:59] [05:58:18] you can't prevent all disasters, but you can prepare for them [02:59] that is just wrong, if you follow this then basically you do not know from where it comes [02:59] that's just a fact of life, things happen [02:59] you can't stop everything [02:59] so as I said earlier, if the right man is hired to compromise your system and if one of the job options is to delete everything [03:00] that doesn't mean you shouldn't try [03:00] then you are doomed [03:00] but you can't stop everything, and you have to be prepared for that situation [03:00] you can stop, if you do not know how, then its your problem [03:00] end of story. [03:00] Should I be worried about: [03:00] var/log/auth.log:Oct 7 07:44:31 bison sshd[23288]: reverse mapping checking getaddrinfo for 115.11 [03:00] 3.148.214.static-pune.vsnl.net.in [115.113.148.214] failed - POSSIBLE BREAK-IN ATTEMPT! [03:01] pmp6nl, only if you have a whole bunch of them [03:01] qman__, I do, at least a few dozen [03:01] in which case you should implement some measure to restrict it, like fail2ban or -m recent on your firewall [03:02] qman__, I have fail2ban installed. I will look up -m? [03:02] pmp6nl, it's a module for iptables, the recent module, which can slow down incoming connections [03:02] but fail2ban should be plenty [03:02] make sure your passwords are strong, or preferrably, use keys instead [03:03] qman__, I am using keys and no root. I dont know if I configured fail2ban -- does that need much configuration? [03:03] no, the stock configuration is fine [03:03] it will allow a few attempts, then stop them [03:03] qman__, don't be upset, it just looks that you are looking into security thing that you have already lost a war [03:03] for example me, I love full control of things [03:03] the idea is to not allow nearly enough attempts to actually break in [03:03] starting from the first packet which comes within the network [03:04] qman__, ok. Should I still see all of those attempts in the log, even though i have fail2ban installed [03:04] Iskorptix_, it's impossible to defend against every possible attack [03:05] and if you have systems which has more users than you, then you should only use the things which fit the best, not only partially [03:05] not all possible attacks are even known, many are not possible to defend against, and many your users simply will not tolerate the defense of [03:06] qman__, can you imagine how people would react during job interview if candidate would answer with such pessimism ? [03:06] that is not an excuse to ignore best practices [03:06] it's not pessimism, it's fact [03:06] how can you know its a fact ? [03:06] your denying it shows your level of ignorance when it comes to security [03:06] pmp6nl, you should still see around 5-10 per attacker [03:07] but then they should stop after that [03:07] its not me, but its you [03:07] how you think most bussiest and largest internet systems keep running for years with being hacked ? [03:07] they thinked about every possible way of breach [03:07] simple as that [03:08] Iskorptix_, it's simple fact, new vulnerabilites are discovered daily; therefore, they were unknown the previous day, and therefore not defendable [03:08] Iskorptix_: honestly, qman__'s "not all possible attacks are even known" shows that he's paid attention to the last two decades of security :) [03:08] as new vulnerabilites are discovered, they take time to fix [03:08] meaning known, but not defendable [03:08] and some vulnerabilies are by design in software your users need [03:08] vulnerabilites only dicovered if code is bad, but if code is ok, then there is no vulnerabilites [03:08] and therefore cannot be fixed [03:09] ooof, never seen such head-in-the-sand-ism... [03:09] yeah [03:09] security, not just computer security, all security, is a matter of risk calculation [03:09] qman__: btw, you may like to investigate pam_apparmor; it's not quite the tool I'd like it to be, yet, but it may help with locking users down to a subset of data... [03:09] defend well enough that most attacks will not succeed [03:10] and prepare to deal with a successful attack [03:10] because it will happen eventually [03:11] ayup. [03:11] see kernel.org. [03:11] shoulda been tight and good. small user base. constrained needs.. [03:12] qman__, I saw way more than that: http://pastebin.com/JKiBWTLa [03:13] pmp6nl, yeah, looks like your fail2ban either isn't working or is set a bit too lax [03:13] check if it's enabled using sudo iptables -L [03:13] you should see a fail2ban chain [03:14] qman__, http://pastebin.com/8YEyq2Nk [03:15] yeah, definitely enabled [03:15] ok, do I need to change anything? [03:16] doesn't look to me like anything to worry about, check the fail2ban log, I think /var/log/fail2ban [03:17] it looks like that client opened a bunch of connections before authenticating to get more attempts in [03:17] even so, with that number of attempts, it'd take decades to brute force [03:18] you could adjust the fail2ban settings, or implement the recent module to further reduce that attack [03:18] but unless it looks like that all the time, with new attacks every few minutes every day, I wouldn't worry about it too much [03:21] qman__, ok thanks. The log file looks like http://pastebin.com/ke1QdEnW [03:22] hmm, that doesn't look good [03:22] it was working but then it started producing errors [03:23] qman__, any way to fix it? [03:24] oh, that error is in stopping, not starting [03:24] looks like it's working, it was just restarted a few times, probably a bug in the stopping portion [03:24] ok thanks qman__ ... do you know anything about unison [03:24] rebooted or restarted fail2ban or your firewall recently? [03:25] no, I don't [03:25] qman__, I think I may have. I was having some ssh issue and running through a few things [03:25] ok, makes sense then [03:25] judging by that log, you may want to increase the ban time [03:26] looks like the same hosts are getting banned and unbanned a lot, so increasing that ban time would reduce the number [03:26] but, it's doing its job [03:26] how do I increase the ban time? [03:26] should be a config file for fail2ban in /etc somewhere with those parameters [03:27] namely maxretry = 6, findtime = 600, and bantime = 1200 [03:28] I'd increase the bantime to 2400 or 3600 [03:28] ok thanks. I will take a look. Appreciate help! === n0ts_off is now known as n0ts === chincloud is now known as Guest10796 [04:31] New bug: #1065372 in qemu-kvm (main) "kvm not working on my 64bit Vista64 Ultimate vm. I am assuming it is my cpu that can't handle the hardware virtualization" [Undecided,New] https://launchpad.net/bugs/1065372 === cpg|away is now known as cpg === chilicuil is now known as chilicui1 === dendrobates is now known as dendro-afk === smb` is now known as smb [07:43] hmm, augeas lense for sysctl does not include /etc/sysctl.d/* [07:43] not in precise, but even not in quantal === mcclurmc_away is now known as mcclurmc [09:09] just booted my brand new ubuntu server,and it came up like: login: init: plymouth-splash main process (442) terminated with status 1 any ideas please? [09:22] good moning everyone! [09:22] i've a question please! i need to disable login on start for my ubuntu-server [09:23] so that i can get the shell command right away on start! === doko_ is now known as doko === uksysadmin is now known as itarchitectkev === n0ts is now known as n0ts_off [10:09] I love the fact we install language-pack-gnome-en on precise. :/ [10:09] on server? [10:10] * RoyK diverts Daviey to https://bugs.launchpad.net/ [10:10] RoyK: I've added that to my bookmarks. Thanks. [10:11] Daviey: :P [10:45] zul, bug 1062160 worthy of attention for quantal? [10:45] Launchpad bug 1062160 in python-swiftclient "python-swiftclient fails install if the swift package is installed" [High,Confirmed] https://launchpad.net/bugs/1062160 [10:55] FAILURE is not a package install option ! === cpg is now known as cpg|away [11:10] Hello all, I suspect Squid is the cause of a major bug I've been experiencing and I'm not at all sure how to go about troubleshooting it. Any advice? [11:23] jamespage: yep [11:23] zul, you ok to pickup? [11:24] jamespage: yep after i wake up :) [11:25] Hello there [11:25] why is anacron not installed by default on server edition but is on desktop editons??? [11:27] blackdex, cause you did something strange? [11:27] it's installed on all of my servers, and I normally use the minimal install setting [11:27] nope.. just a default install of ubuntu server 12.04 LTS [11:27] i have it on multiple servers [11:28] oh wait [11:28] now the /etc/cron.daily etc.. didn't run [11:28] it doesn't install anacron for me, but cron [11:28] ok.. so it's not just me then :P [11:29] my daily does run though [11:29] hmm [11:29] in /etc/crontab there stands this [11:29] 25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily ) [11:30] but that doesn't seems to work [11:30] strange [11:30] I have the same [11:30] and in my /etc/cron.daily I have stuff that updates files from the net [11:30] it looks like it should run [11:31] and those files are updates daily, just checked [11:31] strange [11:31] 2012-10-11 06:53 [11:31] in fact, happened just alittle bit ago :) [11:32] you sure the script you put in there runs ok? without a user shell? [11:34] ah, that is why it isn't installed [11:34] anacron runs the /etc/cron.* stuff if the system is powered off [11:34] since servers normally never poweroff, it's not really needed [11:35] but it makes sure they run on desktops/laptops that are normally powered off during the time it would normally run those things [11:35] Hey, I'm trying to open the 3306 port in order to acce to mysql from outside so I did : "iptables -A INPUT -p tcp --dport 3306 -j ACCEPT" but the port is still "closed" When i'm trying to connect using telnet on 3306 I get connection Refused any ideas? [11:36] alex0, normally -A won't help [11:36] -I would, if it's really a firewall issue [11:36] but more likely mysql isn't listening on your external ip [11:36] ah.. hmmmm [11:36] -I is the interface right? [11:36] did you check netstat? [11:37] well thx [11:37] patdk-lap: Yep he's listening [11:37] it* [11:37] to what ip? [11:37] 0.0.0.0 [11:37] and a dump of, iptables -L INPUT -nv [11:39] patdk-lap: 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 [11:39] that is the only line? [11:39] I don't see the headers or anything [11:40] plus, not the first two columns say 0, nothing matched that [11:40] so the packets never arrived, or the other rules you didn't paste, blocked it [11:42] patdk-lap: Sorry i though you just need that line, http://pastebin.com/Ban1WWaY [11:42] ^ The whole thing [11:42] AlexO: Error: "The" is not a valid command. [11:47] default is accept, so it's not set to block anything anyways [11:47] looks like the packets never arrive [11:47] that's strange :/ [12:00] patdk-lap: I really don't get why it isn't working, this morning it was working, I did a nap, woke up and it's not working anymore (I mean I was able to connect to the base from outside telnet etc) === dendro-afk is now known as dendrobates [12:58] Can SELinux be easily installed on Ubuntu? [13:00] it's in universe [13:02] Can I enable universe for just that package? [13:03] enable it, install it, and then turn it off I guess [13:04] Ha, I hadn't thought of that, thanks [13:21] I've just done cat /etc/passwd and i see testuser has id/gid of 1000 and postfix has id/gid of 1001. How can i swap these around? Trying to match them to another server. [13:21] jamespage: ping [13:25] jamespage: this should be ok for swift right? http://pastebin.ubuntu.com/1273189/ [13:26] zul: looking [13:27] zul: make it less that the version that the rejig happened in rather than less than or equal to the previous version [13:27] that way if we have todo a SRU upgrades still work [13:28] jamespage: so "<" ? [13:28] swift (< 1.7.4-0ubuntu1) [13:29] even better would be the first version where this change happened [13:29] but that may be lost [13:29] * jamespage looks === n0ts_off is now known as n0ts [13:30] jamespage: looks like 1.6.0-0ubuntu1 [13:31] New bug: #996088 in bind9 (main) "Bind is not configured correctly on upgrade (resolvconf integration)" [Medium,Confirmed] https://launchpad.net/bugs/996088 [13:31] New bug: #1065506 in linux-meta-lts-backport-oneiric (main) "rtlwifi/rtl8712u.bin firmware missing from oneiric backport to 10.04" [Undecided,New] https://launchpad.net/bugs/1065506 [13:32] zul, I concur so swift (< 1.6.0-0ubuntu1) [13:32] jamespage: ack [13:33] zul, I think you might want Replaces/Breaks rather than Replaces/Conflicts as well [13:34] jamespage: done [13:34] zul, you might wanna test that - I can never remember [13:35] zul: << is the correct syntax as well [13:36] jamespage: yeah going to test it first [13:37] zul, go-oh [13:48] jamespage: looks like we are good === n0ts is now known as n0ts_off [13:56] jamespage/Daviey: http://paste.ubuntu.com/1273255/ [14:09] hi. i'd like to enable core dumps for dovecot, but the things i've tried so far [ulimit -c unlimited and modifying limits.conf] don't seem to have worked. how can i do this? [14:21] ah, figured it out. [14:28] setting ulimit -c unlimited in /etc/init/dovecot.conf seemed to get me what i'm after. === kInOzAwA1 is now known as kInOzAwA [15:34] hi there, trying to do a do-release-upgrade runs into "proxy ' ' looks invalid" has someone an idea how to fix that [15:40] jstephan: echo \"$http_proxy\" [15:40] or env|grep http_proxy [15:40] perhaps that is set [15:40] ah, got it, apt.conf has ist set empty === MagicFab is now known as Guest68405 === dendrobates is now known as dendro-afk === dendro-afk is now known as dendrobates [16:15] Hi All, [16:15] I am struggling with strange issue here regaing WUBI and XEN [16:16] i am having dual boot ubuntu 12.04 x86_64 with win7 using wubi [16:16] and i have just installed Xen on it [16:16] but it just do not boot in with xeb 4.1 [16:16] XEN [16:16] and i cant either see menu.lst [16:17] Please suggest if some one know anything abt it [16:19] If some one could please suggest something that would be great help [16:19] please help [16:22] please sugets [16:24] Subhranshu_: you haven't really said anything that anyone could use to debug your problem... you may wish to describe your setup and what specifically you changed between working -> non-working... [16:26] xm list ERROR: Can't find hypervisor information in sysfs! [16:26] this is the error which i am getting [16:26] when i boot into ubuntu post installation [16:26] are you confident you're running inside xen? or is sysfs not mounted? [16:28] see that is what the case is im not getting xen option on boot loader, i have tried this page https://help.ubuntu.com/community/XenProposed === dendrobates is now known as dendro-afk === dendro-afk is now known as dendrobates === mcclurmc is now known as mcclurmc_away [17:00] soren: Any chance I could get uvirtbot to not snarf the bug links that eucabot sends to the channel? [17:16] New bug: #1065589 in lxc (universe) ""initctl list" shows 11974 instances of network-interface-security after two days of uptime" [Undecided,New] https://launchpad.net/bugs/1065589 [18:00] yeah that could be bad [18:42] New bug: #1065628 in qemu-kvm (main) "pci device not reset (passthrough)" [Undecided,New] https://launchpad.net/bugs/1065628 === dendrobates is now known as dendro-afk === dendro-afk is now known as dendrobates [19:26] New bug: #1062671 in cloud-utils "ubuntu-cloudimg-query in precise cannot query for quantal" [Medium,Triaged] https://launchpad.net/bugs/1062671 [19:35] <_0x783czar> question, I'm trying to install an imap extension for php. This extension fails it's configure command because it says that it needs to know where the Kerberos install prefix is. I was wondering if anyone knows where I might look for this. [19:39] _0x783czar: are you using kerberos? if not, better look for a way to disable kerberos support, maybe ./configure --without-kerberos or something simila [19:40] _0x783czar: if you do need kerberos support, probably you'll need to install either libkrb5-dev or krb5-multidev or heimdal-dev or heimdal-multidev -- depending upon the details of your site [19:44] <_0x783czar> sarnold: heimdal-dev seems to have provided the needed dependecy, thanks. I hit another error with signatures, but that got me past that point, thanks! [19:59] hallyn: what happens if you configure an interface and move it to another netns, does the config stick? [19:59] (trying to figure out whether moving gives us the same as unplug/replug or if it's different) [20:00] in the case where everything is flushed and you get a blank config, then it'd make sense for the kernel to emit net-device-remove. If the config sticks, then I'm not sure as you clearly don't want an interface to send you net-device-added with a pre-existing config (as that'd make ifupdown and likely some other things to fail) [20:01] stgraber: i don't think that's the right thing to consider. Rather, uevents are sent over netlink sockets which are only valid (i believe - though this may have changed) in initial netns [20:02] of course this could be seen as another side-effect of lack of devicens [20:02] so anyway, since uevents are sent over a netlink socket in some namespace, if a nic is moved to another ns, a -removed should be sent to the one and -added to the other [20:03] yes, the config may stick - but it's up to the target to decide whether to keep it in my opnion [20:03] bc in plenty of cases, the nic will be unconfigured, or configured wrongly [20:03] most cases i'd say [20:03] and so the target will want to be told it has this new nic which it should configure [20:03] anyway for now we can certainly fake it in lxc, [20:04] but i think we need a deeper discussion with kernel folks [20:05] i'll send out an email [20:07] hallyn: ok. anyway, time for my flight. ttyl [20:07] stgraber: have a good flight! ttyl [20:21] gholms: I'm not sure I can make it ignore stuff from a specific user. [20:21] brb [20:22] soren: It's a supybot, right? Do you suppose its global ignore list would work with that plugin? === Ursinha-afk is now known as Ursinha === cpg|away is now known as cpg [20:51] New bug: #1065714 in vsftpd (main) "vsftpd 2.3.5 needs allow_writeable_chroot option" [Undecided,New] https://launchpad.net/bugs/1065714 === santegoeds is now known as tdc === Ursinha is now known as mariazinha === lifeless_ is now known as lifeless === cpg is now known as cpg|away === cpg|away is now known as cpg