vserver 0.6 change log

About this list Date view Thread view Subject view Author view Attachment view

From: Jacques Gelinas (jack_at_solucorp.qc.ca)
Date: Fri Nov 09 2001 - 10:52:20 EST


  vserver 0.6
  Change log

  1. Enhancements

  1.1. New kernel 2.4.13 and new immutable flags

  The patch now work on top of kernel 2.4.13. Both normal and SMP kernel
  are supplied. This new kernel provides mostly the same feature and
  implementation as before. Here are the changes:

  + System call number has been changed to avoid conflict with other
     new feature in the kernel.

  + New IMMUTABLE-LINK-INVERT flag. This was contributed by Sam Vilain
     (sam_at_vilain.net). This new ext2 flag solves the unification issues.
     When you unify two vservers, to save disk space, you have to
     protect the file somewhat, to avoid one vserver from affecting the
     other. The solution is to turn the file immutable so even root
     can't modify them (root in vservers is not allowed to play with the
     immutable bit).

     There was a drawback with this. The unified vservers were locked
     somewhat. A vserver administrator could not perform package update
     for example.

     The new IMMUTABLE-LINKAGE-INVERT solves this. It modifies the way
     an immutable file behave. With this flag on, the file may be
     unlinked (removed), allowing normal package updates. But the
     original data can't be modified.

     The default for vunify and vbuild is to set both IMMUTABLE-FILE and
     IMMUTABLE-LINKAGE-INVERT bits on linked file. This gives you
     robustness (one vserver can't modify the linked file shared by
     other vservers) and flexibility (one vserver may evolve
     independently.

  You absolutely need vserver 0.6 to use this kernel. You can find more
  information about the new immutable-linkage-invert flag at
  http://sam.vilain.net/immutable. You will find there a modified
  ext2fsprog package to use those flags. The vunify and vbuild utility
  do not need this package to operate though.

  1.2. New vbuild utility

  The /usr/lib/vserver/vbuild utility has been written. It allows one to
  clone a reference vserver, hard linking files when possible. You end
  up creating a new virtual private server with a large package set, yet
  using only few megs of disk space. Like the vunify command, vbuild
  sets the immutable flag on linked file so the vserver can't change
  them (since they are shared between several vservers).

  Here is the command line usage:

  vbuild [ options ] reference-server new-vservers

  + --testShow what will be done, do not do it.(not completed)

  + --debugPrints some debugging messages.

  + --noflagsDo not put any immutable flags on the file

  + --immutableSet the immutable_file bit on the files.

  + --immutable-mayunlinkSets the immutable_link flag on files.

  + --statsProduce statistics on the number of file linked copied and
     so on.

  By default, the immutable_file and immutable_link flags are set
  on the files. So if you want no immutable flags, you must use
  --noflags. If you want a single flag, you must use --noflags first,
  then the --immutable or --immutable-mayunlink flag.

  1.3. New vtop utility

  vtop is a simple shell script, executing the top utility in security
  context 1, so it can see all processes.

  1.4. vunify rewrite

  The /usr/lib/vserver/vunify utility has been rewritten. It uses
  roughly the same syntax with few more options.

  vunify [ options ] reference-server vservers ... -- packages

  + --testShow what will be done, do not do it.

  + --undoPut back the file in place, using copies from the reference
     server.

  + --debugPrints some debugging messages.

  + --noflagsDo not put any immutable flags on the file.

  + --immutableSet the immutable_file bit on the files.

  + --immutable-mayunlinkSets the immutable_link flag on files.

  By default, the immutable_file and immutable_link flags are set on the
  files. So if you want no immutable flags, you must use --noflags. If
  you want a single flag, you must use --noflags first, then the
  --immutable or --immutable-mayunlink flag.

  If packages is ALL, then all common package with the reference server
  will be unified. The new vunify makes sure this is the same package
  version before unifying.

  2. Changes

  2.1. System call renumbering

  The system call we had chosen was already assigned to other projects
  so we picked new number. This make the old vserver package
  incompatible with the newer kernel 2.4.13ctx-3.

  If you have already some vserver running and want to upgrade to the
  new kernel, here is the update sequence:

               # Stop all vservers
               /etc/rc.d/init.d/vservers stop
               # Disable the vservers service
               /sbin/chkconfig vservers off
               # Install the new kernel in LILO
               # reboot
               # Update to the new vserver package
               rpm -Uvh vserver-0.6-1.i386.rpm
               # Enable the vservers package
               /sbin/chkconfig vservers on
               # Start the vservers
               /etc/rc.d/init.d/vservers start

---------------------------------------------------------
Jacques Gelinas <jack_at_solucorp.qc.ca>
vserver: run general purpose virtual servers on one box, full speed!
http://www.solucorp.qc.ca/miscprj/s_context.hc


About this list Date view Thread view Subject view Author view Attachment view

This archive was generated by hypermail 2.1.4 : Mon Aug 19 2002 - 12:01:00 EDT