From: Jacques Gelinas (jack_at_solucorp.qc.ca)
Date: Tue 03 Dec 2002 - 04:46:19 GMT

• Next message: Ola Lundqvist: "[vserver] Re: Bug#171488: vserver: Doesn't allow separate netmasks / broadcast addrs"
• Previous message: Jacques Gelinas: "re: [vserver] 2.4.20 is out"
• Next in thread: John Goerzen: "[vserver] Re: merging into the mainstream kernel in the future"
• Reply: John Goerzen: "[vserver] Re: merging into the mainstream kernel in the future"

On Fri, 29 Nov 2002 09:44:03 -0500, Herbert Poetzl wrote
> On Fri, Nov 29, 2002 at 09:23:01AM +0100, Jon Bendtsen wrote:

> these issues are not realized by vserver people,
> because they want the stuff to work (so more tolerance)
> but what would the typical linux user think?
>
> maybe Jacques should discuss such issues more often
> with the list, or maybe some kind of WikiWiki todo
> list would be beneficial ...

There are still few litle things in the vserver project that have to be explained
because they are not standard. These have to be fixed first.

-We need a solution for bind(any) which is really binding all the IPs
 in the vserver. I have this solutionr right now, but it is something crashing
 my machine.

-We also need private network loopback devices.

Once we have the bind(any) and loopback stuff, we won't need to explain them.
They will work as expected. Agreed, very few people hit these limitation (current
one), but it has to be fixed.

-We need quota support. A patch is floatting. This is not essential for inclusion
 but it is important.

There are other gadget we need to add, but Linux does not provide them
anyway currently. For example, many people wants to limit resource globally
for a vserver. I agree this is useful, but vanilla linux can't do it either,

On the other end, adding this per-security-context global limit would
push the idea that the vserver project is providing more than a virtual
server solution.

-----

the vserver project was designed out of independant concepts. For example, anyone
can do

        /usr/sbin/chcontext some_program

to kind of run the program is a secure box where no other program can interact.
The same can be said with chbind. For example, I can do

        /usr/sbin/chbind --ip 1.2.3.4 some_program

and this program won't be able to do any networking (unless 1.2.3.4 correspond
to an interface of the computer).

So we could argue that the vserver patch is generally useful, not only useful
to do virtual servers.

I will register to do a presentation to the Ottawa linux symposium, so they will
all see the vserver project. Most expect should be there.

---------------------------------------------------------
Jacques Gelinas <jack_at_solucorp.qc.ca>
vserver: run general purpose virtual servers on one box, full speed!
http://www.solucorp.qc.ca/miscprj/s_context.hc

• Next message: Ola Lundqvist: "[vserver] Re: Bug#171488: vserver: Doesn't allow separate netmasks / broadcast addrs"
• Previous message: Jacques Gelinas: "re: [vserver] 2.4.20 is out"
• Next in thread: John Goerzen: "[vserver] Re: merging into the mainstream kernel in the future"
• Reply: John Goerzen: "[vserver] Re: merging into the mainstream kernel in the future"