[00:01] <smartboyhw> SergioMeneses ah I know how to get rid of the duplicate image itemd in Testdrive now. Thx!
[00:02] <SergioMeneses> smartboyhw, :)
[02:32] <tacorwin_> I know its late, but is anyone on that i could report a bug to?
[02:39] <TheDrums> You can always report bugs to the bug tracker.
[02:39] <TheDrums> !bugs
[02:47] <tacorwin_> Thank you. :)
[06:42] <dholbach> good morning
[06:51] <jibel> good morning
[07:02] <pitti> bonjour jibel
[07:05] <jibel> bonjour pitti , ça va ?
[07:07] <pitti> jibel: ça va bien, merci!
[07:07] <zyga> good morning
[07:08] <pitti> jibel: some bumps from training yesterday, we practiced self-defense again
[07:08] <pitti> jibel: je me demande pourquoi autant de autopkgtests sont cassé
[07:09] <jibel> pitti, ENOSPACE
[07:09] <pitti> oh :)
[07:09] <jibel> pitti, I did some cleanup, and will restart them
[07:09] <pitti> jibel: merci
[07:09] <pitti> jibel: is there something leaking, or is it just due to the accumulation of logs?
[07:09] <jibel> pitti, do we need libpam-systemd on the jhbuild machine ?
[07:10] <pitti> jibel: I installed it so that e. g. polkit properly detects that it should use logind
[07:10] <pitti> it's a bit of a workaround
[07:10] <pitti> but I can apply a different workaround, if it gets in the way
[07:10] <jibel> pitti, ah ok, because installation fails
[07:10] <pitti> yeah, apparently it cannot mount the cgroup in the container
[07:10] <jibel> service systemd-logind fails to start
[07:11] <pitti> not sure why, it's something I've been meaning to ask stgraber
[07:11] <jibel> yeah, cgroup inside cgroup
[07:11] <pitti> yeah, it doesn't matter; the configure check actually only checks for /sys/fs/cgroup/systemd/
[07:11] <stgraber> pitti: yes?
[07:12] <pitti> stgraber: in our jhbuild container, mounting a cgroup fails; is this expected?
[07:12] <stgraber> is that on 13.04?
[07:12] <pitti> guest is 13.04, host is (I guess) precise, checking
[07:13] <stgraber> oh, actually I think we may be rejecting this in apparmor in all cases. It's just that in 13.04 we made it slightly better when you're doing nesting
[07:14] <stgraber> pitti: anyway, yes, mounting cgroups in a container is considered unsafe as it lets you adjust the container's restriction from within
[07:14] <stgraber> pitti: if you don't care about this, it's easy to enable cgroups in a custom apparmor profile
[07:14] <pitti> that means we can't run logind in a container
[07:14] <pitti> stgraber: host is 12.10, guest is 13.04
[07:15] <pitti> $ sudo mount -t cgroup -o nosuid,noexec,nodev,none,name=systemd systemd /sys/fs/cgroup/systemd
[07:15] <pitti> mount: block device systemd is write-protected, mounting read-only
[07:15] <pitti> mount: cannot mount block device systemd read-only
[07:15] <pitti> ah, indeed
[07:15] <pitti> apparmor="DENIED" operation="mount" info="failed type match" error=-13 parent=104752 profile="lxc-container-default" name="/sys/fs/cgroup/systemd/" pid=104821 comm="mount" fstype="cgroup" srcname="systemd" flags="ro, nosuid, nodev, noexec"
[07:15] <stgraber> pitti: ok, that specific mount should be safe (as it mounts an empty cgroup), let me come up with an apparmor pattern that matches that one exactly
[07:16] <pitti> stgraber: i. e. it should be okay to mount new groups, but not change existing ones?
[07:17] <stgraber> pitti: well, the problem is that if you use a cgroup controller like "blkio", then it's going to always be shared, and we clearly don't want that
[07:17] <stgraber> for those we have a lxc hook you can add (starting with 13.04) which bind-mounts just the right sub-directories of the cgroup
[07:17] <pitti> stgraber: ah, sure; I wasn't sure whether cgroups can nest in principle
[07:18] <stgraber> anyway, the specific case of systemd should be safe, I'll just confirm that and come up with an extra apparmor rule to cover it
[07:20] <stgraber> pitti: gah, no it's not safe...
[07:20] <stgraber> pitti: I tried mounting the cgroup in two containers and can see the entry I create in one in the other
[07:21] <pitti> stgraber: I'll ask Lennart about that; he mentioned this topic (systemd/logind in containers) the other day, maybe he has an ide
[07:21] <pitti> a
[07:21] <pitti> anyway, it's not urgent for now, but this will become a topic in squishy
[07:21] <stgraber> so in theory we could use the same magic as for other cgroups
[07:22] <stgraber> which is to create "lxc/$container-name" in the cgroup on the host and then bind-mount just the sub-directory in the container
[07:22]  * stgraber quickly checks we don't actually already do that on 13.04
[07:24] <stgraber> pitti: we do!
[07:25] <pitti> nice!
[07:25] <pitti> stgraber: so upgrading the host to 13.04 should do it?
[07:25] <stgraber> pitti: yep, upgrading the host to 13.04, make sure the systemd cgroup is mounted on the host and add "lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups" to the container config
[07:26] <pitti> so 13.10 on 13.10 should by and large work, except for this ^ config bit
[07:27] <stgraber> yep, which we may end up doing by default by then (I can't think of any security issue with it, so we may as well do it by default for distros that use logind)
[07:27] <pitti> splendid; thanks stgraber!
[07:27] <stgraber> np, glad to see our very recent cgroup magic actually works as intended ;)
[07:31] <jibel> pitti, I finish the notifications today then we can upgrade the host to 13.04. In any case, it will be a good test a week before the release.
[07:31] <pitti> jibel: it's not urgent right now, but if you want to do the upgrade anyway, sure
[14:45] <SergioMeneses> morning!
[14:56] <chilicuil> morning SergioMeneses
[14:57] <balloons> morning chilicuil and SergioMeneses
[14:57] <chilicuil> ~.~/ balloons
[14:57] <SergioMeneses> chilicuil, balloons hey hey, how's everything?
[15:02] <balloons> SergioMeneses, pretty good.. Working on expanding out the stats I showed yesterday to make them clearer and show more stuff :)
[15:15] <balloons> I saw your post in Spanish SergioMeneses .. I hope you encourage some more spanish speaking folks to give things a try
[15:16] <smartboyhw_> balloons: Or rather, since the passage is dedicated to us, he should have made an English translation:P
[15:18] <SergioMeneses> balloons, :) I hope so
[15:18] <SergioMeneses> smartboyhw_, aaah
[15:22] <balloons> smartboyhw_, lolol
[15:23] <smartboyhw_> SergioMeneses, lolol
[15:23]  * balloons is waiting for a chinese post from smartboyhw_ 
[15:24] <smartboyhw_> balloons: Sure, but wait for a century please;P
[15:24] <balloons> a century?
[15:25] <smartboyhw_> balloons: Yep:P
[15:27] <SergioMeneses> balloons, totally agree jeje
[15:27] <balloons> updates for everyone in a 1 min
[15:28] <smartboyhw_> balloons: What update?
[15:38] <smartboyhw_> SergioMeneses: What sort of update you guess will balloons bring?
[15:40] <SergioMeneses> smartboyhw_, I have no idea! maybe the chars or something in his blog
[15:40] <SergioMeneses> but I dont know
[15:46] <balloons> :-) http://91.189.93.58/
[15:46] <balloons> I added the other tracker stats :-)
[15:47] <smartboyhw_> balloons \o/
[15:48] <smartboyhw_> balloons: The new stats are the package testing and laptop testing ones right?
[15:48] <balloons> yea.. I subtitled everything too to make it easier to understand I hope
[15:48] <smartboyhw_> SergioMeneses: The Laptop Testing Team is happy now eh? ^^
[15:49] <SergioMeneses> smartboyhw_, balloons :O
[15:49] <SergioMeneses> awesome! balloons great work!
[15:50] <SergioMeneses> laptop testing is working pretty hard!
[15:52] <SergioMeneses> btw, balloons where do you get this information?
[15:53] <balloons> SergioMeneses, all this information is from public data sources.. launchpad, bzr and the various trackers
[15:54] <balloons> does everything make more sense now? that is, do the graphs make sense? do the subtitles help?
[15:54] <smartboyhw_> balloons: Do one flavour for me: Package the QA Tracker APIs for me in S-cycle:P
[15:54] <smartboyhw_> balloons: It works perfectly!
[15:55] <balloons> smartboyhw_, the tracker api is in python http://iso.qa.ubuntu.com/qatracker/api
[15:55] <balloons> you could even use it to submit results :-)
[15:55] <SergioMeneses> balloons, I see everything perfect! maybe a nice post that would be nice
[15:56] <balloons> imagine a testdrive client that you could browse a testcase and have it pull the image, start and display the testcase for you to run, and let you submit a pass/fail after :-)
[15:56] <smartboyhw_> balloons: Whoa!
[15:56]  * SergioMeneses dreams
[15:56] <smartboyhw_> That's a S or T cycle target
[15:59] <balloons> you all have the skills now.. but yea, the api has enough stuff you could conceivably write a desktop client for it
[15:59] <balloons> I'm not sure it makes sense (aka, a whole client) because the site is already there and works well :-)
[15:59] <balloons> but integration pieces are interesting perhaps
[21:17] <phillw> balloons: I look forward to learning about lxc. I feel it may be another tool in the testing armoury to add to Vbox and KVM (although the testdrive people will possibly hate me :D )
[21:17] <balloons> lxc is quite nice
[21:18] <balloons> juju uses it
[21:18] <phillw> I'd never heard of it. I only looked it up because it began 'lx' which is often an lxde associated item :)
[21:20] <Noskcaj> what is lxc? and what will it make testdrive people(e.g. me) angry?
[21:20] <phillw> oh, and while you're here. I will be sending an 'old fashioned' update for the lubuntu encrypted alternate test case as it should also include the "write the pass phrase down"
[21:21] <Noskcaj> ok
[21:22] <phillw> Noskcaj: sorry, the ^^ was for balloons, the link for you is http://lxc.sourceforge.net/
[21:22] <Noskcaj> ok, thanks
[21:23] <balloons> phillw, gonna get a commit in?
[21:23] <balloons> :-) :-) :-)
[21:23] <Noskcaj> also, i'm adding an extra bug to testdrive, very minor
[21:24] <balloons> Noskcaj, in a nutshell lxc is a virtual container for running linux on linux
[21:24] <phillw> balloons: nope, I'm going to send you the file :P
[21:25] <balloons> it's more lightweight than running a full vm, but has it's own limitations of course
[21:25] <balloons> phillw, you know I have a new goal now
[21:26] <phillw> all vm's have limitations, but I see no reason for it not to be added to our options for testing 13.10 :)
[21:26] <balloons> help you get a commit
[21:27] <balloons> xephyr is cool too.. since I got it support
[21:28] <Noskcaj> balloons, lolwut? even that hurts my brain.
[21:28] <balloons> it always you to run an xserver as a window in an existing xserver
[21:28] <balloons> wow.. I don't know what's going on..
[21:28] <balloons> brain and keyboard are disconnected
[21:28] <balloons> zzzzz
[21:28] <phillw> balloons: only when I have time to upgrade to 13.04 and copy a lot of  http://mgjuddltd.co.uk/ to http://demo.oscommerce.com/ as the sponsor of my dedicated server now wishes to be able to sell on-line. That will take some doing, but it has been agreed that it will not start until after 13.04 is released.
[21:29] <balloons> you don't run precise on your server
[21:29] <balloons> ?
[21:30] <phillw> I get sponsorship, but in return, I give my time freely for any support / dev stuff that company needs.
[21:31] <phillw> I use 12.10 on piglet. I want to upgrade to 13.04. On my 2nd Hard Drive, I run CentOS 6.4 which is the same as my server. This means I can do the dev work on piglet before committing to the server :)
[21:31] <balloons> ahh
[21:32] <balloons> I'm switching providers at the end of the month
[21:32] <phillw> But, starting such a thing this close to 13.04 release would be too big a task. The sponsor fully understands that.
[21:33] <phillw> balloons: you could do a lot worse than kimsufi, if you are happy to manage your own dedicated server.
[21:34] <balloons> can't beat free.. you know that :-)
[21:36] <phillw> indeed :)
[22:22] <phillw> I love dead-lines, in fact, the best thing about dead-lines is the wooshing sound that they make as they fly past me :D