About this list Date view Thread view Subject view Author view Attachment view

From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Sun 06 Mar 2005 - 17:19:51 GMT

On Sun, Mar 06, 2005 at 05:37:24PM +0900, Digital Infra, Inc. wrote:
> Hello Vserver guys.
> Two questions.
> 1. How much isolated each virtual server is?
> I mean, for example, I heard that /dev/random is shared
> between vservers. The latest version still has this feature?
> and how about any other problem?

I think that virtualization to some degree is really
important for linux-vserver, it's just a question of
finding the right balance between overhead and gained
advantage (security or usability wise)

for example, that /dev/random is 'not' virtualized
could be solved by creating a virtualized random pool
for each vserver.

but what would be the advantage?
we can assume that /dev/random values are random, so
every random subset of those values will be random
too, and that is what the vservers will get ...
feeding entropy back via /dev/random is fine too, as
the algorithm ensures that the entropy pool can not
be compromised ...

now what would be the disadvantages?
 - a huge data structure for each context
 - the need for 'proper' initialization of each
   entropy pool for each context
 - additional code to handle and separate the
   random values ...

> Maybe you would anser like "no, it does not matter".
> I agree with it.

good ;)

> But please think not technical but psychological ( = marketing)
> aspect. when you do a vserver hosting business, customer
> would ask you like "is really isolated perfectly?".

well, I guess the right answer here would be: of course
it's perfectly isolated, but if you want total isolation
then you have to buy my dedicated server ...

> and understand customer is not a specialist of Linux.

sure, often the provider isn't either .. so they have
to 'trust' them developers to isolate/virtualized the
essential and useful parts ... what they usually do ...

> 2. I suppose the biggest issue current vserver lacks is, a filesystem.

well, I don't agree here, because providers already use
various filesystems (ext2/3, jfs, reiserfs, xfs ...) and
_another_ filesystem would not help anything ...

> a filesystem like unionfs or Copy-on-Write(Cow) or

now that is something different, and alternative solutions
to the unification _might_ be interesting for ease o use,
increased maintainability and improved resource sharing.
but for sure that doesn't happen at the filesystem layer,
it has to happen at the vfs layer ...

> something alike is very desired but it lacks currently.
> Do you have any plan to add this feature?

yes, we are _planning_ to integrate something like Jörn
Engel's COW links, as alternative to unification ...

> BTW, I also am planning a new file system for Vserver.

well, let's hear about it then ...


> Best regards,
> Okajima, Jun. Tokyo, Japan.
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
Vserver mailing list

About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Sun 06 Mar 2005 - 17:20:13 GMT by hypermail 2.1.3