From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Fri 12 Aug 2005 - 15:01:26 BST
On Fri, Aug 12, 2005 at 02:49:36PM +0200, Francois Duchatelet wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Hi all vserver freaks :-),
> Since the use of the alpha tools, I see this sentence everywhere.
no basically since the first release vs1.00 the dynamic
contexts are deprecated (you only use them for on-the-fly
isolation and testing)
> Why is this so?
because certain things are connected with a context
and sooner or later folks start using the shared disk
limits (or similar) which involves context file tagging
and *bang* you end up with all kind of strange issues ...
also context creation with dynamic contexts is racy by
design, and does move policy into the kernel (where
it definitely doesn't belong)
> Using static contexts forces us to manage them, just like ip adresses.
once, when you create a guest, yes, but that's about it
as benefit you get a 'stable' environment, where you
always _know_ which process/file/socket belongs to what
context, regardless of the guest state
here an example:
guest 'hansi' starts with dynamic context 49152, it
then opens a few network connections and dies a horribly
death, because the administrator did a vkill/shutdown
but, what about the network connections? of course, they
will linger around until certain timeouts are met (which
is how linux systems behave)
I guess you can imagine what happens if a different
guest starts with xid = 49152 or the same guest (now with
xid = 49153) tries to use those addresses/sockets ...
> This is specially annoying for master/backup vservers running on
> different machines.
why? nothing stops you from using 'unique' context IDs
for each guest, regardless of master or backup ...
on the contrary, this would allow for a real backup guest
even if you are using a shared disk or nfs volume ...
> François Duchatelet,
> Ariane Services
> Rue du Verregat, 12
> B-1020 Brussels
> TEL:+32(2)479.37.59 - FAX:+32(2)478.14.20
> Mobile:+32(486)13.07.85 - +31 (6) 47044881
> GPS: 4°19'59" E 50°54'03" N
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0.3
> -----END PGP SIGNATURE-----
> Vserver mailing list
Vserver mailing list