From: Jacques Gelinas (jack_at_solucorp.qc.ca)
Date: Mon 26 May 2003 - 19:33:38 BST
On Sun, 25 May 2003 23:14:04 -0500, Herbert Poetzl wrote
> Hi All!
> Hi Jacques!
> Hi Alexey!
> The last weeks, whenever I had some time left,
> I compared the different vserver approaches and
> future directions (as far as available) ...
> To make it short, I believe the vserver patches
> could benefit from each other, and it would be
> advantageous to re-think/re-adjust some concepts.
> Suggestions for readjustments:
> - context creation/destruction should be independant
> of the actual processes (within the context)
> what I mean: create a context, set its properties
> (limits, rootpath, capabilities, ...), THEN fork
> some process into this context ...
> - vroot (chroot path), capabilites and limits should
> become implicit features of a context
> what I mean: if you fork a process from CTX-0 into
> any context, it automagically inherits ALL the
> properties of the 'binding' context ...
This is how I have implement it. I have a new system call to set per context
> Why should this be considered? because it would
> solve or at least dramatically ease some issues ...
> - chroot jail (and the permissions)
In my current snapshot, I have chrootsafe now.
> - vserver root path (location)
> - quota files & support
> - disk limits (virtual on shared partition)
> - capability issues (venter vs. native)
> - process handling (freeze/stop/kill a vs)
> - accounting/statistics across vs reboot
> - networking (interfaces, iptables, ...)
> - scheduling
> please let me(us) know what you think,
I must analyse the other project. Ideally we should merge.
Jacques Gelinas <jack_at_solucorp.qc.ca>
vserver: run general purpose virtual servers on one box, full speed!