RE: [vserver] shrink wrap it

About this list Date view Thread view Subject view Author view Attachment view

From: edward_at_paradigm4.com.au
Date: Sat Feb 09 2002 - 22:11:28 EST


On Saturday, 9 February 2002 at 13:31, klavs klavsen wrote:

> I would very much like to know your purpose for using a product like
> vserver, and what makes it the best for you.

many purposes, actually:

- transparent independant virtual servers with possibly different distros on the same machine;
- sandbox environment for running untrusted binaries;
- perfect framework for IDS setup ( security+integrity tools running in the root server with no
network access and all network services inside their respective vservers )
- use your imagination...

Why do I like it so much?

- It's simple and elegant;
- It's easy to audit ( try auditing selinux sources );
- It is a complete solution, not something that relies on twitching the userland, e.g. creating
"pseudo-root admin" like freevsd;
- There is no practical performance loss ( compare this with VMware and usermode linux );
- "unify" feature provides a way for very efficient use of memory. Running 100 webservers is not
using much more RAM than running 1 webserver because the binaries and libraries are hard
linked and only loaded into memory once for all those 100 servers;
- it is as stable as the base stock kernel;
- it still has many things to be added and I can contribute some of those.

As far as I'm concerned, this is the future.
I wouldn't run any public accessible network service
unless it's under vserver.

Ed


About this list Date view Thread view Subject view Author view Attachment view

This archive was generated by hypermail 2.1.4 : Mon Aug 19 2002 - 12:01:00 EDT