From: Dariush Pietrzak (eyck_at_ghost.anime.pl)
Date: Tue 02 Mar 2004 - 18:26:51 GMT
Hi,
there's some info circulating about 'new', 'revolutionary' features in
Solaris10, one of them are 'Zones' which are roughly equivalent to ctx/jail
of free world.
There are few things that are nice about their implementation, and so here
goes the list of thing missing from current vserver:
1) inherit-pkg-dir - roughly equivalent to 'mount -o bind,ro ..'
but that only workd with Herbert patches
(http://vserver.13thfloor.at/Experimental/patch-2.4.25-rc3-vs1.26-bme0.04.diff)
2) near-instantenious creation of vservers,
Zones are used a bit different then vservers, similarly to how you would
use vserver in all-debian or all-gentoo or all-redhat shop. So they've got
this little tool that creates symlink farm-based zone in seconds ( Zone
requires ~50-100M of diskspace ).
This, together with NIS accounts turns zones into easily created and
destroyed commodities.
3) single configuration for zone - what devices it needs, what directories to import,
comment ( seriously, comment for zone is great idea ) ...
With vserver you've got the same functionality - you want to access some
block device, just copy it's node to the vserver, but with zones, it
clearly defined that that particular zone needs this particular device.
4) IPv6 support. Zones have it, vserver does not.
5) Some types of filesystems should be mountable inside vservers... some shouldn't.
There's someone doing work on something similiar in 2.6.x tree ( user-mountable filesystems )
With zones there seems to be a list of filesystems that can be mounted
inside zone, and a list of those that cannot ( that is - mounted from
inside vserver/zone ). Not a bad idea.
6) Extended auditing inside zones
I don't quite follow what this 'extended solaris auditing' meens, I never
used it, but some kind of extended auditing for vservers would be nice.
7) 'privilege' set,
this is something similiar to capabilites, it seems that something like
that is already in development.
Links:
http://groups.google.com/groups?selm=c1j796%2424c%241%40news1nwk.SFbay.Sun.COM&oe=utf-8&output=gplain
- news post about zones
http://www.sun.com/bigadmin/content/zones/sys-admin-rm.pdf - Solaris System
Administration Guide
http://forum.sun.com/forum.jsp?forum=226 - Sun forum about zones.
-- Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9 We're giving you a new chance in life, and an opportunity to screw it up in a new, original way. _______________________________________________ Vserver mailing list Vserver_at_list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver