From: Jacques Gelinas (jack_at_solucorp.qc.ca)
Date: Tue 07 Oct 2003 - 01:34:07 BST
I have released for testing kernel 2.4.22ctx-18 pre1. As the name implies
this is a test release. I am also releasing vserver 0.24.
You can find the stuff at ftp.solucorp.qc.ca/pub/vserver/testing. There is
a patch against kernel 2.4.22 and the tar file for vserver 0.24. No binaries.
What is ctx-18. It could be the last version before we jump to the new virtual
syscall strategy. What is new in it.
This is a new system call that unlike chroot, can't be escaped.
The system call does various things
-Change the current directory as well as the root directory.
-Fails if there is any open directory
-Keep a pointer on the new root parent to create a no man land
(like done with chmod 000 /vservers before).
Using this new system call, chmod 000 is not needed anymore and we can
support vservers inside vservers.
This is a new system call (and a new utility) to change the ulimit
like limits of a security context (or a vserver).
Currently I have used the same numbers as ulimit (RLIMIT_NOFILE and
so on) but this may change.
The kernel currently keeps track of the open file and memory. Memory
(virtual) is not tested very well.
The system call has been changed completly. You can select several
security context (up to 16). And root in a security context is allowed
to shuffle in the security contexts already assigned.
This was done to allow vservers inside vservers. Basically, you assign
several security context to one vserver and this vserver is allowed
to assign a subset to another context.
The exact semantic of this may evolve.
You need vserver 0.24 to operate this kernel.
A bug in net/ipv4/udp.c was fixed. It appears when we moved from 2.4.20 to
2.4.21 and probably caused various mis-behavior for UDP.
ctx-18 also contains ctx-17a and b enhancements for multi-home vservers.
Jacques Gelinas <jack_at_solucorp.qc.ca>
vserver: run general purpose virtual servers on one box, full speed!