From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Sun 06 Mar 2005 - 17:19:51 GMT
On Sun, Mar 06, 2005 at 05:37:24PM +0900, Digital Infra, Inc. wrote:
> Hello Vserver guys.
> Two questions.
> 1. How much isolated each virtual server is?
> I mean, for example, I heard that /dev/random is shared
> between vservers. The latest version still has this feature?
> and how about any other problem?
I think that virtualization to some degree is really
important for linux-vserver, it's just a question of
finding the right balance between overhead and gained
advantage (security or usability wise)
for example, that /dev/random is 'not' virtualized
could be solved by creating a virtualized random pool
for each vserver.
but what would be the advantage?
we can assume that /dev/random values are random, so
every random subset of those values will be random
too, and that is what the vservers will get ...
feeding entropy back via /dev/random is fine too, as
the algorithm ensures that the entropy pool can not
be compromised ...
now what would be the disadvantages?
- a huge data structure for each context
- the need for 'proper' initialization of each
entropy pool for each context
- additional code to handle and separate the
random values ...
> Maybe you would anser like "no, it does not matter".
> I agree with it.
> But please think not technical but psychological ( = marketing)
> aspect. when you do a vserver hosting business, customer
> would ask you like "is really isolated perfectly?".
well, I guess the right answer here would be: of course
it's perfectly isolated, but if you want total isolation
then you have to buy my dedicated server ...
> and understand customer is not a specialist of Linux.
sure, often the provider isn't either .. so they have
to 'trust' them developers to isolate/virtualized the
essential and useful parts ... what they usually do ...
> 2. I suppose the biggest issue current vserver lacks is, a filesystem.
well, I don't agree here, because providers already use
various filesystems (ext2/3, jfs, reiserfs, xfs ...) and
_another_ filesystem would not help anything ...
> a filesystem like unionfs or Copy-on-Write(Cow) or
now that is something different, and alternative solutions
to the unification _might_ be interesting for ease o use,
increased maintainability and improved resource sharing.
but for sure that doesn't happen at the filesystem layer,
it has to happen at the vfs layer ...
> something alike is very desired but it lacks currently.
> Do you have any plan to add this feature?
yes, we are _planning_ to integrate something like Jörn
Engel's COW links, as alternative to unification ...
> BTW, I also am planning a new file system for Vserver.
well, let's hear about it then ...
> Best regards,
> Okajima, Jun. Tokyo, Japan.
> Vserver mailing list
Vserver mailing list