vserver 0.7 change log

About this list Date view Thread view Subject view Author view Attachment view

From: Jacques Gelinas (jack_at_solucorp.qc.ca)
Date: Wed Nov 28 2001 - 08:44:09 EST

  vserver 0.7
  Change log

  1. Enhancements

  1.1. /usr/sbin/vserver enhancements

  The utility now handles the following enhancements in the vserver
  configuration file:


     This setting defines ulimit settings passed to the vserver when it
     is started.

  + S_CAPS

     This contains a set of capability available to vserver. For
     example, if you want a vserver to be able to do some pings, put the
     CAP_NET_RAW capability there.

  When starting a vserver, the /var/run directory was not cleared. In
  some situation, the various startup script were failing because a
  bogus PID file was left there from a previous run.

  1.2. chcontext: --cap option

  The --cap option was added to help configure capabilities. The
  --secure option was too restrictive. --secure is used to remove
  critical capabilities and --cap is used to invert the effect by adding
  back some capabilities. This is used by the /usr/sbin/vserver front-
  end to handle the new S_CAPS /etc/vservers/*.conf configuration files.

  1.3. chcontext: new --flag values

  Two new flags are now handled by chcontext (and reducecap). Those
  flags are nproc and private. The nproc flag establish a hard limit on
  the number of processes run-able in a virtual server. It makes the
  original ulimit (-u) setting global to the vserver instead of just per

  The private flag is a little weird. Once a security context has this
  flag set, it is not possible to join it. Even root in the root server
  with all capabilities is not allowed. This makes the virtual server
  fairly private. Security context 1 can still see which processes are
  executing in the vserver, but can't interfere.

  1.4. kernel-2.4.16ctx-4

  A new kernel is available as well. The changes are minimal this time
  (the old vserver utilities are still compatible). Here they are:

  + ext3 file system

     Since ext3 is now part of 2.4.16, it has been modified to support
     the IMMUTABLE_LINKAGE feature.

  + ext3,ext2 and reiserfs are compiled (not as module) so they can be
     easily used as root file system.

  + The nproc and private security context flag have been added. nproc
     is especially useful to limit the total number of process in a
     vserver. Fork bomb are not possible anymore.

  + A little bug fix. It was possible to produce a oops with the
     new_s_context system call, when called by a non root user in the
     root server.

     I am also supplying the patch against 2.4.13 (without the ext3
     stuff) for those who wants it.

  1.5. The vservers service

  This sysv init script is used to start and stop all virtual private
  server. It only starts the vservers with the ONBOOT flag set to yes.
  It used to only end vservers with ONBOOT=yes as well. This was not
  really helpful. So now it starts the vservers with ONBOOT=yes, but
  stops any vservers.

  1.6. vserver-stat: new utility

  The /usr/sbin/vserver-stat was contributed by Guillaum Dallaire. It
  produces a report showing a summary of the different vservers. You see
  the number of process per vservers for example.

  2. Bug fixes

  2.1. chbind: identifying network device

  chbind had a bad habit of probing the kernel for any value of the --ip
  command line option. Even if it was not a network device at all. This
  was triggering error message from modprobe. It now checks in
  /proc/net/dev first.

Jacques Gelinas <jack_at_solucorp.qc.ca>
vserver: run general purpose virtual servers on one box, full speed!

About this list Date view Thread view Subject view Author view Attachment view

This archive was generated by hypermail 2.1.4 : Mon Aug 19 2002 - 12:01:00 EDT