Re: vserver 0.7 change log:
 vserver development mailing list 
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
About this list Date view Thread view Subject view Author view Attachment view

From: Jacques Gelinas (jack_at_solucorp.qc.ca)
Date: Mon 03 Dec 2001 - 05:31:57 GMT

On Wed, 28 Nov 2001 11:15:08 -0500, Jurgen Botz wrote

> I think we should move quickly on getting some or all of vserver into
> the mainline kernel. If Jacques feels that it's too early get the
> whole thing in we might start with the immutable file/link split as
> this has applications beyond vserver.

There are still some issues with the semantic of the set_ipv4root system calls
Some would like to provide access to several IP per vservers. Other would like
to see one private loopback per vserver. As experience is built on this side
we will know.

On the immutable stuff, I would like to see either a new flag or a new behavior.
I would like to say: This file is immutable and if anyone tries to modify it, I want
my pager to ring. I want a trap flag. Basically, after you set a vserver
into immutable state, even the configuration file, it is not possible to modify
it anymore. Yet I would like to know. Because if a vserver tries to update
an immutable file, you know it has been abused/cracked.

The vserver package will evolve with some off-the-shelf security solution
making the root server, a monitoring server.

I feel it is a little soon to push the vserver stuffi the kernel. One option
was the LSM stuff (Linux Security Module). Unfortunatly, this framework
would be useful for some area and not some other.

But for the immutable-linkage stuff could get in. I would like to have
more mileage of this though. The full cycle would be

        install some vservers

        unify them with immutable-file + immutable-linkage (the default)

        let them run for a while.

        Let them evolve (some package update)

        Potentially re-unify them once in a while (if they
        have received the same package update).

        Perform backup

        Perform some vserver migration from one real server to another

        Hook a vserver to heartbeat for some failover

Once we have more experience with the concept, I guess many little
things will have changed.

---------------------------------------------------------
Jacques Gelinas <jack_at_solucorp.qc.ca>
vserver: run general purpose virtual servers on one box, full speed!
http://www.solucorp.qc.ca/miscprj/s_context.hc

About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 06 Nov 2002 - 07:03:38 GMT by hypermail 2.1.3