From: Jacques Gelinas (jack_at_solucorp.qc.ca)
Date: Tue 03 Dec 2002 - 04:46:19 GMT
On Fri, 29 Nov 2002 09:44:03 -0500, Herbert Poetzl wrote
> On Fri, Nov 29, 2002 at 09:23:01AM +0100, Jon Bendtsen wrote:
> these issues are not realized by vserver people,
> because they want the stuff to work (so more tolerance)
> but what would the typical linux user think?
> maybe Jacques should discuss such issues more often
> with the list, or maybe some kind of WikiWiki todo
> list would be beneficial ...
There are still few litle things in the vserver project that have to be explained
because they are not standard. These have to be fixed first.
-We need a solution for bind(any) which is really binding all the IPs
in the vserver. I have this solutionr right now, but it is something crashing
-We also need private network loopback devices.
Once we have the bind(any) and loopback stuff, we won't need to explain them.
They will work as expected. Agreed, very few people hit these limitation (current
one), but it has to be fixed.
-We need quota support. A patch is floatting. This is not essential for inclusion
but it is important.
There are other gadget we need to add, but Linux does not provide them
anyway currently. For example, many people wants to limit resource globally
for a vserver. I agree this is useful, but vanilla linux can't do it either,
On the other end, adding this per-security-context global limit would
push the idea that the vserver project is providing more than a virtual
the vserver project was designed out of independant concepts. For example, anyone
to kind of run the program is a secure box where no other program can interact.
The same can be said with chbind. For example, I can do
/usr/sbin/chbind --ip 188.8.131.52 some_program
and this program won't be able to do any networking (unless 184.108.40.206 correspond
to an interface of the computer).
So we could argue that the vserver patch is generally useful, not only useful
to do virtual servers.
I will register to do a presentation to the Ottawa linux symposium, so they will
all see the vserver project. Most expect should be there.
Jacques Gelinas <jack_at_solucorp.qc.ca>
vserver: run general purpose virtual servers on one box, full speed!