[vserver] vserver 0.11 and kernel ctx-8 released

About this list Date view Thread view Subject view Author view Attachment view

From: Jacques Gelinas (jack_at_solucorp.qc.ca)
Date: Tue Feb 26 2002 - 14:39:30 EST


Here is the change log

  vserver 0.11
  Change log

  1. Enhancements

  1.1. /usr/sbin/vkill: new<

  This is a simple script. You do

               /usr/sbin/vkill PID

  and it will locate the vserver owning that process, enter its security
  context and issue the kill.

  1.2. /usr/sbin/vserver

  Various enhancements:

  + /var/run

     Only files are erased from /var/run at vserver build and start-up
     time. Sub-directories are left. Also, /var/run/utmp is created
     empty at start-up time.

  + /var/log/wtmp

     It is created empty at vserver build time. It is ignored after
     that.

  + 5 seconds sleep after stopping a vserver, before killing the
     remaining processes. 5 instead of 2.

  + S_CAPS not processed when entering a vserver

     When entering a running vserver, the S_CAPS setting was not enabled
     for the shell. So if you had given the vserver some capabilities,
     they were not available when using "enter".

  1.3. Dynamic system call number

  The 2 system calls used by the vserver project are not yet reserved in
  the kernel. To help people using the vserver patch with other patches,
  having conflicting system call number, the ctx-8 publish in
  /proc/self/status the system call numbers. The various utilities
  (chbind, reducecap and chcontext) are using this information on the
  fly. So you can move the system call around and the utilities keep
  working without recompile.

  1.4. kernel ctx-8

  Here is a small change log:

  + Dynamic system calls numbering

  + Per user/per context resources.

     The ulimit resources for a user used to be shared across vserver.
     This was plain wrong since user ID N in a vserver is unrelated to
     user ID N in another vserver.

     Contributed by Patrick Schaaf <bof_at_bof.de>

  + Using 127.0.0.1 in a vserver.

     Note, this is unrelated to the multi-IP-per-vserver concept. A
     vserver normally use a single IP to listen and talk. In general,
     this is not a problem. But it breaks a little semantic. Most
     services out there simply do a bind on IP 0.0.0.0. This way, they
     expect to grab any incoming traffic. They also expect that talking
     to 127.0.0.1 is a good way (configuration less) to talk to
     themselves. Some services are using localhost (which is redirect to
     the ipv4root of the vserver) and some are using 127.0.0.1 directly.

     The ctx-8 kernel now maps 127.0.0.1 to the ipv4root of the vserver
     on the fly. This solves some issues with samba and should also (not
     tested) solve the issue with PostgreSQL.

  + Per vserver network activity.

     The output of netstat is now filtered by vserver. This includes
     /proc/net/tcp. This is not done per ipv4root but using the security
     context. This was contributed (oops sorry, lost the contributor
     name).

  1.5. Man pages for most utilities

  Thanks to klavs klavsen <kl_at_vsen.dk>, we have now a man page for all
  utilities. Now, we need a man page for the 2 system calls.

---------------------------------------------------------
Jacques Gelinas <jack_at_solucorp.qc.ca>
vserver: run general purpose virtual servers on one box, full speed!
http://www.solucorp.qc.ca/miscprj/s_context.hc


About this list Date view Thread view Subject view Author view Attachment view

This archive was generated by hypermail 2.1.4 : Mon Aug 19 2002 - 12:01:01 EDT