From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Sun 25 May 2003 - 22:14:49 BST
The last weeks, whenever I had some time left,
I compared the different vserver approaches and
future directions (as far as available) ...
To make it short, I believe the vserver patches
could benefit from each other, and it would be
advantageous to re-think/re-adjust some concepts.
Suggestions for readjustments:
- context creation/destruction should be independant
of the actual processes (within the context)
what I mean: create a context, set its properties
(limits, rootpath, capabilities, ...), THEN fork
some process into this context ...
- vroot (chroot path), capabilites and limits should
become implicit features of a context
what I mean: if you fork a process from CTX-0 into
any context, it automagically inherits ALL the
properties of the 'binding' context ...
Why should this be considered? because it would
solve or at least dramatically ease some issues ...
- chroot jail (and the permissions)
- vserver root path (location)
- quota files & support
- disk limits (virtual on shared partition)
- capability issues (venter vs. native)
- process handling (freeze/stop/kill a vs)
- accounting/statistics across vs reboot
- networking (interfaces, iptables, ...)
please let me(us) know what you think,