[00:03] <blottoface> sarnold: apache complains after I restart that the Alias directive will likely never be reached because it overlaps an earlier alias.  I can't for the life of me find any other Alias directives for apache.  I even went so far as to disable the 000-default site.
[00:04] <sarnold> blottoface: grep -ri alias /etc/apache* or something? :)
[00:04] <sarnold> grab the big guns..
[00:10] <blottoface> hrm, I'll have to take a look at this tomorrow.  That's a pretty bad bug in the package.
[00:15] <zzxc> Hey guys, I'm trying to get my a machine running 12.04 server to play audio and keep getting this message 'ALSA lib pcm_dmix.c:1018:(snd_pcm_dmix_open) unable to open slave' anyone have a where to start to fix this?
[00:43] <PryMar56> zzxc, install alsa tools?
[00:44] <PryMar56> can you open the ncurses mixer?
[00:44] <PryMar56> zzxc, I run xmms2+abraca
[00:45] <PryMar56> works headless
[00:45] <zzxc> PryMar56: Yeah ALSA works fine there is 3 cards outputs listed but it works
[00:45] <zzxc> xmms2+abraca what is it?
[00:45] <PryMar56> xmms2 is a server and abraca is a frontend which can x11 forward
[00:46] <PryMar56> xmms2 plays all digital formats+icecast+online radio
[00:47] <zzxc> PryMar56: Mmmm, yeah Its less an issue of that part. More of an issue of everything gives me that same message.
[00:48] <zzxc> PryMar56: I'm running MOCP and pianobar, and was hoping to get airplay enabled so I can play sound through my speakers. But I'm currently having some issues with that.
[00:48] <zzxc> Its been a while since I'm worked on a server isntance that had physical hardware.
[00:51] <PryMar56> zzxc, login as users , do groups: are you member of audio and video?
[00:52] <zzxc> video no audio yes
[00:53] <zzxc> Got the speakers to pop. Scared the shit out of me. Also most likely in the wrong jack from the looks of it
[02:54] <basketball> does anyone have a server that i can you real quick i want to test a setting
[05:36] <fiasco_averted> I have two-factor authentication setup in Ubuntu 13.10 using pam.d and google-auth. It prompts me for username then password then two-factor-auth token. I'd like it to only be two total prompts, one for username, and one for password+2FA-token.
[05:36] <fiasco_averted> (10:23:11 PM) fiasco_averted: Any idea how to set that up? I assume it's a line or two in /etc/pam.d/sshd, but after trying a few examples from blog posts and reading the man page on pam.d I haven't found a working solution. Thanks. Next step is to hook it up to openvpn as well, and I believe that'll require the pasword+token setup as well.
[05:52] <sarnold> fiasco_averted: hrm, I wouldn't expect there to be any easy way to get only two prompts
[05:52] <sarnold> fiasco_averted: without having investigated at all :) I expect the answer would be to write or find a PAM module that does exactly what you want
[05:53] <sarnold> fiasco_averted: since PAM is .. finicky .. and vital I'd be scared to do it myself
[05:58] <fiasco_averted> sarnold: I'm pretty sure its possible just within the pam.d sshd file configuration. That's how I set it initially. Others with other OSes seem to just be editing that file, but then calling different authentication .so files that ubuntu doens't have (on OSX for example). I'm testing this out in a snapshotted VM first, so I'm more than willing to break everything without causing any issues.
[06:01] <sarnold> fiasco_averted: hooray for vm-testing :)
[06:01] <sarnold> fiasco_averted: you actually had password+2fa token working in one prompt somehow earlier?
[06:02] <fiasco_averted> yes, with three prompts. 1. username 2. password 3. 2FA
[06:03] <sarnold> ah, okay
[06:03] <fiasco_averted> sarnold: its dead simple to setup on ubuntu 13.10 http://fiascoaverted.blogspot.com/2014/03/configuring-two-factor-authentication.html
[06:03] <fiasco_averted> I just want to condense the second two prompts into one.
[06:06] <sarnold> fiasco_averted: yeah, that's the part that I think will be difficult to do without writing your own pam module; none of the pam modules I found in the archive via "apt-cache search two-factor" have a mention in their description that they could accept both unix password and token in one prompt -- you'd think it'd be a selling point of the module if it could do that..
[06:06] <sarnold> oh, I see that's your blog :) nice post
[06:13] <fiasco_averted> thanks. Its up in a million different places, but I hadn't seen it confirmed with the default spelled out for 13.10 and this is less verbose than others, so felt I should document it. I'm going to setup a openvpn a few different ways and document that on the blog as well, but I want to get this one line password+token first.
[07:35] <grek> hi i have this situatiuon http://superuser.com/questions/732971/virtualbox-no-suitable-module-for-running-kernel-found
[07:35] <grek> please help
[07:36] <JiHui_Choi> ubuntu 13.10, cron makes two pids for one job. Is it normal?
[07:36] <JiHui_Choi> init,1
[07:36] <JiHui_Choi>   ├─cron,1022
[07:36] <JiHui_Choi>   │   └─cron,2191
[07:36] <JiHui_Choi>   │       └─sh,2193 -c php -f /home/foo/bar.php
[07:36] <JiHui_Choi>   │           └─php,2195 -f /home/foo/bar.php
[07:37] <JiHui_Choi> Of  course not, I think. please let me know how to fix this.
[08:23] <|usefedora> Hi, I'm running precise server on a laptop, and I need some daemons to remain running when I shut the lid.
[08:23] <|usefedora> Does anyone know how one might go about making that happen?
[08:34] <smb> zul, I know, that is on my list. Yes, it is called code (and a bit of documents in the various doc subdirs in the source).
[08:39] <memoryleak> i discovered a screen session running as root with the " while true; do echo -n "$(date) : "; echo "$(dig +short www.beaverbrooks.co.uk @dns0.star.co.uk)"; sleep 1; done" command running :(
[09:00] <Simon818> Hi. Anyone around for a quick install-related question?
[09:05] <Simon818> lol I guess IRC will always be a place for idle people
[09:12] <bluefrog> ask your question first. comment after
[09:12]  * Simon818 nods
[09:13] <cfhowlett> !ask|Simon818,
[09:13] <Simon818> So I'm wondering what to expect when installing Ubuntu server. I ask this because I am a blind computer user and want to make sure I even can
[09:14] <cfhowlett> Simon818, be aware that the default is no graphic user interface ...
[09:14] <Simon818> I definitely wasn't impatient, just haven't had to venture onto IRC for a long time. Sorry if it seemed that way. Anyways, onward
[09:14] <cfhowlett> Simon818, no worries.
[09:15] <cfhowlett> memoryleak, I'd suspect you have a script somewhere invoking that dig command.  definitely NOT ubuntu default so ...
[09:16] <memoryleak> cfhowlett: I suspect the server is compromised
[09:16] <Simon818> Actually not having a GUI is better. But I do wonder whether I can, say, connect via SSH and then complete the install process. I gues I could try and mess with the server machine to get seakup running or something but, seems kind of pointless if said thing is possible.
[09:16] <cfhowlett> memoryleak, based on this alone?
[09:17] <Simon818> *speakup
[09:17] <cfhowlett> Simon818, ssh is out of my area of experience ...
[09:17] <memoryleak> cfhowlett: It's at least a good reason to investigate further
[09:18] <Simon818> Hmm ok
[09:18] <cfhowlett> memoryleak, agreed.
[09:18] <memoryleak> cfhowlett: Especially because it's in a infinite loop
[09:18] <cfhowlett> Simon818, repost at intervals and someone should answer
[09:18] <cfhowlett> memoryleak, yeah, that's typically a good sign of foul play.
[09:18] <Simon818> I'd assume that the install process is something like a standard comand line installer with prompts and such
[09:19] <cfhowlett> Simon818, indeed - CLI all the way
[09:19] <bluefrog> Simon818, if you want to access a server via ssh then what is your problem? what you have on screen will be read by your system, no?
[09:19] <Simon818> wonder if server comes with sound drivers... somehow I think not
[09:19] <memoryleak> cfhowlett: There are so many users on that server with SSH access, develoepers, wannabe sysadmins and so on.
[09:19] <cfhowlett> Simon818, I don't recall but they're easily added
[09:20] <cfhowlett> memoryleak, infinite loops seems like a kiddie script.  hiding it in the root processes seems malicious ...
[09:20] <Simon818> bluefrog: I need a way to INSTALL the server to begin with, so was just trying to determine whether I could install the server OS onto machine 2 using machine 1 for SSH access
[09:21] <cfhowlett> Simon818, http://www.unixtutorial.org/2009/05/ubuntu-ssh-how-to-enable-secure-shell-in-ubuntu/
[09:22] <cfhowlett> !ssh|Simon818,
[09:23] <cfhowlett> Simon818, as I said, someone on this channel has done installation via ssh - just not me
[09:23] <Simon818> Hmm yeah, PuTTY is what I use generally too
[09:24] <shredding> If i want to upload or download stuff to my ubunto server and am logged in with ssh, I have to log out and reloing to sftp and after that logout and relogin with ssh to continue work.
[09:24] <shredding> is there a faster way?
[09:24] <bluefrog> Simon818, have no way to test a server install right now. might take me 30 minutes before i can do that
[09:24] <Simon818> t's no big deal, I'm having a look at some resources I know of in the meantime, because I know people have done this before.
[09:27] <bluefrog> Simon818, am downloading a server. will test that in 30 minutes if you stick around
[09:27] <shredding> Or is there a way to upload stuff via ssh?
[09:27] <Simon818> I should be here, I'm already up late, no reason to bother changing that now. lol
[09:28] <bluefrog> Simon818, i assume you will have speakers hooked up to the machine used for servers...
[09:29] <Simon818> sure, easy enough to do. It's just an old junk desktop that can't run windows worth a crap, so figured I'd play with Linux and familiarize myself with it more
[09:29] <Simon818> I've used Linux for years in a VPS type situation, so I suppose this is experimental as much as anything
[09:31] <mardraum> Simon818: easiest way is to use scp
[09:31] <Simon818> for what exactly?
[09:32] <mardraum> Simon818: sorry, responding to earlier questions about upload/download
[09:32] <Simon818> Oh I think that was someone else
[09:32] <mardraum> christ
[09:32]  * mardraum takes reading classes
[09:32] <Simon818> it happens. Lol
[09:33] <mardraum> shredding: look into scp, it's easy and you can do it in either direction
[09:34] <shredding> ah, so scp is a command that is executed from within ssh?
[09:35] <shredding> mardraum: But I cant scp to my local computer?
[09:35] <mardraum> from your shell, yes
[09:35] <mardraum> shredding: assuming you make ssh available on your local connection, you can
[09:36] <mardraum> shredding: you can also run multiple windows within a ssh session, look into tmux or screen
[09:37] <shredding> What does it mean to „make ssh available“ on my local machine? I’m on a mac and want to download log files to my local machine or upload stuff without having to open cyberduck or other clicky-dicky stuff.
[09:37] <shredding> i have ssh installed and can login via ssh from my mac, does that mean i have it „available"?
[09:38] <mardraum> just open a new terminal and use sftp or scp?
[09:38] <bluefrog> shredding, yes you have ssh scp sftp on mac
[09:38] <bluefrog> mac is linux
[09:38] <bluefrog> proprietary linux :)
[09:39] <mardraum> well, it's not actually linx
[09:39] <shredding> So if I connect from my mac to my ubuntu server ...
[09:39] <bluefrog> yeah bsd
[09:39] <bluefrog> shredding, yes
[09:39] <shredding> What would be server in that case: scp file  user@server:/targetdirecotry/
[09:40] <shredding> (if i want to download file)
[09:40] <bluefrog> shredding, scp user@server:/targetdirecotry .
[09:40] <shredding> ?
[09:40] <bluefrog> shredding, to download the target blah blah into your current dir
[09:40] <mardraum> shredding: assuming your local machine does not listen on port 22 on the internet, or have it forwarded, it's going to be easier to run from a local shell
[09:40] <Simon818> someone mention me for a sec? I want to make sure I have the sound working
[09:41] <Simon818> for some reason it wasn't before.
[09:41] <shredding> but „server“ is not correct, isn’t it?
[09:41] <bluefrog> Simon818, no
[09:41] <Simon818> good times
[09:41] <Simon818> bluefrog: thanks
[09:41] <shredding> it should be an ip or so, but my local computer does not have a static ip.
[09:41] <shredding> (sorry if i do not get the obvious)
[09:42] <mardraum> shredding: open a new terminal on your local machine, and do "scp user@server:/some/path/file.txt ."
[09:43] <bluefrog> shredding, server=address of the server, either a FQDN or IP
[09:44] <shredding> I understand that, I’m talking vice versa.
[09:44] <shredding> If I’m logged in on my ubuntu, how woul i push a file to my local machine?
[09:44] <shredding> What would be „server“ in that case?
[09:44] <mardraum> your local machines has to have ssh open to the world
[09:44] <mardraum> usually on home connections by port forwarding
[09:45] <mardraum> we have no idea how your network is setup.
[09:45] <bluefrog> shreddinged and you will need to know your public IP
[09:45] <shredding> Well, there is no network setup.
[09:45] <shredding> I connect to my wlan router and thats it.
[09:45] <mardraum> really? you appear to be here
[09:45] <shredding> Yeah, it’s a network.
[09:46] <shredding> But my ssh is not open to the world.
[09:46] <bluefrog> shredding, but actually it seems you may have to learn a bit more before tring to scp whatever
[09:46] <mardraum> it's going to be easier for you to pull from the server
[09:46] <mardraum> forget about the other direction, you are not setup for it.
[09:46] <shredding> I already learned a lot, but once you open a door, a whole new world pops off and I feel like not knowing anything ;)
[09:47] <shredding> Where can i read about that topic?
[09:47] <mardraum> port forwarding?
[09:48] <shredding> I have port forwarding setup on my local computer.
[09:48] <shredding> Even though i did not fully understand what it does, but i have an idea.
[09:49] <shredding> So basically i guess i have to pick up the greater topic.
[09:49] <Simon818> local computer ... port forwarding .... *WHAT*?
[09:51] <shredding> I’m not sure.
[09:51] <shredding> I guess i will start by reading the scp man page.
[09:51] <shredding> thanks for the input, all.
[10:06] <bluefrog> Simon818, out of curiosity, how do you activate speakup on a normal install?
[10:09] <bluefrog> Simon818, trying the server install. there's no speakup option when starting it. you will need someone to do the install for you
[10:11] <bluefrog> Simon818, or you could set up a network install, preseed and launch a stand alone server install
[10:20] <Simon818> bluefrog: your last option sounds somewhat promising, I have n oidea how to go about doing that though
[10:21] <Simon818> bluefrog:  sorry, I was afk for a few. I know people have done this, it can't be impossible.
[10:24] <bluefrog> Simon818, https://help.ubuntu.com/community/Installation/Netboot
[10:25] <bluefrog> Simon818, http://searchitchannel.techtarget.com/feature/Performing-an-automated-Ubuntu-install-using-preseeding
[10:25] <Simon818> aha
[10:25] <Simon818> bluefrog:  both of these look useful, checking now. thanks
[10:35] <Simon818> bluefrog: It looks like kickstart is probably the best option. I'd like to investigate the idea of accessing the server installer remotely somehow so I can install it myself in the right circumstances, but this is no different from the way we have to do windows installs, so I'm used to it. Thanks a lot for investigating this, I really wouldn't have known where to look.
[10:40] <rostam> HI I am using LTS 12.04. I like to upgrade the grub to the version released with 12.10. Is this possible? if so how I can do that? thx
[10:40] <cfhowlett> rostam, sudo apt-get distp-upgrade
[10:40] <cfhowlett> rostam, will update ALL your currently installed packages to current levels in the repos
[10:42] <rostam> cfhowlett,  Thanks for info, but I like to stay with LTS release, I want to upgrade only grub if it is possible???
[10:42] <cfhowlett> rostam, that WILL keep the lts release
[10:42] <bluefrog> rostam it will upgrade for 12.04 not 12.10
[10:43] <cfhowlett> rostam, sudo apt-get install grub2
[10:43] <cfhowlett> !grub
[10:44] <cfhowlett> see the RestoreGrub option
[10:44] <rostam> cfhowlett, bluefrog  oh thanks, so far I have been using "apt-get upgrade"  I was not aware of "distp-upgrade", what are the differences? thx
[10:46] <rostam> apt-get disp-upgrade is not valid so I missed something here...
[10:46] <cfhowlett> rostam, apt-get dist-upgrade   my apologies - fat finger syndrome
[10:47] <bluefrog> rostam, apt-get dist-upgrade and man apt-get to read about the differences
[10:47] <rostam> thank you all.
[12:25] <pmatulis> morning
[13:13] <zul> jamespage:  i just noticed the neutron migration script got merged
[14:18] <hallyn> zul: do you have a rig on which you could set up some nova stress testing for bug 1228977?
[14:18] <hallyn> or do yo uknow who does?
[14:18] <hallyn> i think just an hour of a script creating/starting/destroying instances should suffice
[14:18] <zul> hallyn:  yeah gimme a sec
[14:19] <zul> hallyn:  saucy or precise?
[14:20] <hallyn> zul: saucy
[14:20] <zul> hallyn:  yeah gimme a sec
[14:20] <hallyn> awesome, thanks
[14:20] <hallyn> oh look, gaughen didn't update the meeting page, she gets to run the meeting again :)
[14:25] <zul> hallyn:  what do you need me to do?
[14:25] <zul> hallyn::  yeah gaughen  has to run it again
[14:27] <hallyn> zul: well the test case is a bit vague, so i think simply setting up a small openstack with libvirt-proposed, and making sure that heavy instance create/start/destroy doesn't crash anything and all instances start up,
[14:27] <hallyn> will suffice.  we can at least say it absolutely did not regress, and appears to ahve been solved
[14:28] <zul> hallyn: this one has the load fix as well?
[14:28] <hallyn> zul: the one dberrange pointed us to, yeah
[14:28] <zul> hallyn:  ok
[14:29] <hallyn> then once mdeslaur pushes the new security fix i've got 3 more bugs to sru to saucy :)
[14:29] <zul> ak
[14:29] <hallyn> when does saucy eol again?  april?
[14:29] <hallyn> july, ok, so worth it
[14:32] <gaughen> hallyn, damn it
[14:33] <gaughen> I guess I do get to run it, as penance  <-- hallyn, zul
[14:33] <zul> gaughen:  i did
[14:34] <zul> gaughen:  i had to run it twice because i forgot to update the wiki page
[14:34] <gaughen> zul, it's fair
[14:34] <gaughen> zul, are you really next?
[14:34] <zul> gaughen:  no i dont think so
[14:34] <[conrad]> Hello everyone. I'm using 12.04 and just recently installed a new NIC, and now my LTSP doesn't work anymore. Specifically the DHCP server isc-dhcp-server. I originally thought it wass because my interface went from eth1 to eth4, but I got that resolved ( it's now eth1 ). Trying to start the server via init or service results in a failure, and there is nothing in syslog, just "error code 1" in kern.log .
[14:35] <cfhowlett> !ltsp
[14:36] <hallyn> zul: you should move yourself to the back then :)  i did assume iw as next after gaughen
[14:36] <ogra_> [conrad], you might want to try #ltsp too
[14:36] <zul> hallyn:  even better if i remove myself from that list :)
[14:36] <[conrad]> cfhowlett: If that was for me, again it's just the DHCP server at this point that is the problem.
[14:37] <cfhowlett> [conrad], OK.  completely over my head ...
[14:53] <atpa8a> hello
[14:53] <atpa8a> which upstart job executes init.d stuff?..
[15:08] <jodh> atpa8a: /etc/init/rc.conf (see http://upstart.ubuntu.com/cookbook/#the-rc-job)
[15:09] <atpa8a> rc-sysinit rather
[15:09] <atpa8a> thanks
[15:19] <caribou> gaughen: I might be slightly late to the meeting. I have nothing to bring up this week
[15:20] <gaughen> caribou, thanks for the heads up. I try to move fast.
[15:40] <rostam> HI I am using 12.04 LTS. I need to use grub2-common pkg which comes with 1210. I need to port this package to 12.04. How is this possible? thx
[15:41] <hallyn> zul: jdstrand: there is a patch on today's livirt m-l to make vfio work (fixing bug #1276719).  i'll probably merge it in when i push the fix for the trusty machine type
[15:42] <bluefrog> rostam try your luck with backport repo
[15:42] <jamespage> zul: great!
[15:43] <rostam> bluefrog: you said "luck" that scares me. Thx
[15:43] <bluefrog> rostam, don't know if there's a backport for that
[15:44] <zul> hallyn:  ack
[15:45] <rostam> bluefrog,  thanks,
[15:53] <jamespage> coreycb, zul: either of you have capacity to look at https://jenkins.qa.ubuntu.com/view/Trusty/view/AutoPkgTest/job/trusty-adt-python-boto/5/
[15:53] <jamespage> that's blocking boto -> release for 14.04
[15:55] <coreycb> jamespage, sure
[15:55] <coreycb> jamespage, what package is this for?
[16:12] <zetheroo> After performing an update and rebooting the server will no longer boot up .. trying in recovery mode it comes to the point "Gave up waiting for root device." and dumps me into initramfs ... :P
[16:12] <zetheroo> Above it says "Alert! /dev/disk/by-uuid/*UUID* does not exist.
[16:13] <timmytimtimo> i choosed Server Virtualization for my final project. i want to use ubuntu server 12.04, how can i get kvm and libvirt-bin to install
[16:14] <timmytimtimo> i need help?
[16:14] <cfhowlett> timmytimtimo, not going to do your homework for you ---
[16:15] <cfhowlett> !info !kvm > timmytimtimo,
[16:16] <cfhowlett> !info kvm > timmytimtimo,
[16:16] <timmytimtimo> cfhowlett, please how can i install kvm and libvirt-bin?
[16:17] <cfhowlett> timmytimtimo, have you installed server?
[16:17] <timmytimtimo> yes
[16:18] <cfhowlett> timmytimtimo, have you installed any additional software on the server?
[16:18] <timmytimtimo> NO
[16:18] <cfhowlett> sudo apt-get install
[16:19] <timmytimtimo> okay
[16:20] <timmytimtimo> it said install can not be found on E:
[16:21] <cfhowlett> timmytimtimo, time for you to stop being lazy "ubuntu + server + install + kvm" in your favorite search engine
[16:21] <jpds> timmytimtimo: sudo apt-get install kvm libvirt-bin -y # done.
[16:22] <gaughen> so is it zul or hallyn running the meeting next week?
[16:22] <timmytimtimo> am new in ubuntu server
[16:22] <hallyn> gaughen: put me down, move zul to right in front of you at the back
[16:23] <gaughen> thanks hallyn, done!
[16:23] <zul> thats fair
[16:23] <zul> :)
[16:25] <timmytimtimo> where can i download libvirt-bin?
[16:25] <coreycb> jamespage, when you have a chance: https://code.launchpad.net/~corey.bryant/charm-helpers/1294140/+merge/212430
[16:28] <jamespage> coreycb, something is wonky with your branch
[16:29] <coreycb> jamespage, hmm
[16:29] <coreycb> jamespage, I have parent branch: bzr+ssh://bazaar.launchpad.net/~openstack-charmers/charms/precise/nova-compute/icehouse/
[16:29] <jamespage> wrong target - lp:~openstack-charmers/charm-helpers/icehouse
[16:30] <jamespage> yeah - you are targetting a nova-compute update against the charm-helpers branch
[16:30] <jamespage> coreycb, ^^
[16:30] <coreycb> doh
[16:31] <coreycb> jamespage, that's right.. the last fix I proposed was for charm-helpers and I re-used that
[16:31] <coreycb> fixing
[16:31] <jamespage> coreycb, good-oh
[16:37] <coreycb> jamespage, https://code.launchpad.net/~corey.bryant/charms/precise/nova-compute/1294140/+merge/212667
[16:51] <jamespage> coreycb, +1 merged
[16:51] <jamespage> thanks
[16:51] <jamespage> !
[16:51] <coreycb> jamespage, np thanks!
[17:13] <zul> hallyn:  looks ok so far
[17:14] <hallyn> zul: awesome, thanks.  if you add a comment to the bug i'll add the verification-done tag
[17:14] <zul> hallyn:  bug number again?
[17:14] <hallyn> bug 1228977
[17:15] <zul> hallyn:  done
[17:16] <hallyn> excellent, thx
[17:17] <hallyn> mdeslaur: ^ how long will the saucy-security package percolate?
[17:17] <hallyn> (i'll make a note to push the next 3 patches to -proposed the day after)
[17:18] <mdeslaur> hallyn: it depends how long it's going to take me to test it...it's lxc fixes
[17:19] <mdeslaur> hallyn: there's a test script for the lxc backend, right?
[17:20] <mdeslaur> hallyn: let me build it and stick it in the security team proposed PPA, and I'll let you know
[17:20] <hallyn> mdeslaur: oh feh, i don't expec tthose to work now
[17:20] <hallyn> sorry
[17:22] <mdeslaur> hallyn: oh har har, another cve popped up
[17:22] <mdeslaur> hallyn: forget it, push your changes to -proposed, it's going to take me a while to get to it
[17:23] <hallyn> mdeslaur: ok - if you need to drop these no big deal (these should be pretty simple).
[17:23] <hallyn> thanks, ttyl
[18:25] <utlemming> smoser: i386 cloud images are failing to build: http://paste.ubuntu.com/7152440/
[18:27] <utlemming> smoser: it looks like libc6-xen requires a version a libc6 that is older than what is already installed/required
[18:27] <smoser> https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1271534
[18:27] <smoser> that is what did it
[18:47] <Valduare> hey guys how do I setup a reverse ssh tunnel that auto re-connects
[18:58] <andol> Valduare: s/ssh/autossh/
[18:59] <Valduare> autossh?
[18:59] <Valduare> googling that
[19:00] <andol> Acts as a wrapper around ssh, but also establishing an additional tunnel loop which it uses to check whatever the connection is still alive, reconnecting if neccesary.
[19:03] <Valduare> interestin
[19:21] <Valduare> andol: hmm
[19:21] <Valduare> http://akntechblog.wordpress.com/2010/09/11/autossh-for-persistent-reverse-ssh-tunnels/
[19:21] <Valduare> following this guide
[19:23] <Valduare> having trouble
[19:32] <Saur0_> hi can anyone help me set up lvm with 4 tb disks?
[19:39] <arlen> >
[19:42] <patdk-wk> is there no way to know the current users home directory in apparmor?
[19:42] <sarnold> patdk-wk: none, sorry
[19:42] <sarnold> patdk-wk: if you use the 'owner' rule with the @{HOME} variable, you can at least confine them to scribbling over their own files..
[19:42] <patdk-wk> no that doesn't work
[19:42] <patdk-wk> people keep setting things owned by the www-data group
[19:43] <patdk-wk> then other users are screwing with them
[19:43] <patdk-wk> figured if I could use apparmor to rmeove access to other home folders, solved
[19:44] <sarnold> patdk-wk: 'owner' wouldn't allow them to screw with each other via the www-data group owner, they really would need to be the -owner-
[19:44] <patdk-wk> no
[19:45] <patdk-wk> for some reason the users think www-data needs write access
[19:47] <sarnold> patdk-wk: i really do think something like "profile user_shell { owner @{HOME}/ rw, owner @{HOME}/**/ rw, owner @{HOME}/** rw, } would go a long way towards knocking off that kind of crap :)
[19:48] <patdk-wk> wait
[19:48] <patdk-wk> what does that owner flag do?
[19:48] <patdk-wk> haven't see nthat in my reading
[19:48] <patdk-wk> ah, ya, that should do it
[19:48] <jjohansen> patdk-wk: it only permits access to files who oid == the tasks fsuid
[19:49] <patdk-wk> now, hmm, I wonder what shell I run these users as :)
[19:50] <patdk-wk> how does the matching work?
[19:50] <patdk-wk> first to match? last to match?
[19:51] <sarnold> patdk-wk: depends; for 'x' rules, that's a most-specific-rule-wins; the other rules in a policy accumulate
[19:52] <sarnold> patdk-wk: if you want your users to get a confined shell on login but don't want to confine /bin/bash (you don't :) -- check this out: http://wiki.apparmor.net/index.php/Pam_apparmor_example
[19:52] <patdk-wk> ok, just wondering how to add in a /home/shared folder
[19:52] <sarnold> patdk-wk: that'd be something like "/home/shared/ r, /home/shared/** rw,"  -- just leave off the 'owner' qualifier
[19:53] <patdk-wk> but then how will that interact with the owner /home/**/ rw,
[19:53] <patdk-wk> that is what I'm wondering
[19:55] <sarnold> patdk-wk: it should Just Work; the 'owner' rules will grant some accesses, the /home/shared/** rule will grant other accesses, and the union of all the rules should work out just as you expect
[20:01] <raj__> within bash script I use "for file in /xx/* " to refer to all files within /xx but to refer to all files within "xx" as well its subfolders in the for statement, what can I use ?
[20:02] <sarnold> raj__: check out the 'globstar' entry in bash(1) -- I think that enables the ** feature from zfs
[20:02] <sarnold> err, not zfs, zsh
[20:02] <sarnold> stupid brain :)
[20:22] <larsemil> i am running ubuntu on several servers. I mount an nfs share to different servers. It works fine on all except 2 servers. On the host i get: [ 1706.286305] lockd: server mail not responding, timed out
[20:23] <larsemil> for that and the other server.
[20:23] <larsemil> any takes?
[20:23] <raj__> sarnold: thanks sarnold, that worked out!
[20:25] <raj__> sarnold: could I probably filter all files  to  "   .xyz" files within folder & subsequent subfolders ?
[20:27] <patdk-wk> sarnold, almost works
[20:28] <patdk-wk> I have it so users can't read other users folders at all
[20:28] <patdk-wk> but they can still write to them :(
[20:43] <coreycb> zul, jamespage: can you take a look when you get a chance?  https://code.launchpad.net/~corey.bryant/ubuntu/trusty/python-boto/jenkins-2014-02-26/+merge/212722
[20:47] <jamespage> coreycb, what's the rationale for dropping the assertion in the unit test?
[20:48] <coreycb> jamespage, that assertion was failing
[20:48] <jamespage> coreycb, do we know why?
[20:48] <coreycb> jamespage, not exactly...
[21:02] <dragoonis> curl https://monitoring.api.rackspacecloud.com/pki/agent/linux.asc | sudo apt-key add -
[21:02] <dragoonis> The program 'curl' is currently not installed.  You can install it by typing:
[21:02] <dragoonis> apt-get install curl
[21:03] <dragoonis> E: Package 'curl' has no installation candidate
[21:03] <dragoonis> Help ?
[21:24] <Valduare> hi guys
[21:24] <Valduare> anyone here know how autossh works
[21:28] <coreycb> jamespage, it looks to me like the assertion should be testing for True, if I understand MagicMock correctly
[21:29] <sarnold> raj__: probably /foo/**.zyx
[21:29] <sarnold> patdk-wk: hrm; can you pastebin your profile? I'll give it a look
[21:32] <patdk-wk> well, it is fixed
[21:33] <patdk-wk> except if a user knows the exact path they have permissions to write to
[21:34] <patdk-wk> http://pastebin.com/yUb1U6Fy
[21:35] <patdk-wk> it's probably, good enough
[21:35] <patdk-wk> just not perfect
[21:38] <sarnold> patdk-wk: nice :)