Re: [vserver] vserver 0.11 and kernel ctx-8 released

About this list Date view Thread view Subject view Author view Attachment view

From: Andy Kwong (
Date: Tue Feb 26 2002 - 15:52:41 EST

How about including the excellent vps2 utility in the next release of
the utilities. It's great having the ctx number next to the pid in the

On Tue, 2002-02-26 at 11:39, Jacques Gelinas wrote:
> Here is the change log
> vserver 0.11
> Change log
> 1. Enhancements
> 1.1. /usr/sbin/vkill: new<
> This is a simple script. You do
> /usr/sbin/vkill PID
> and it will locate the vserver owning that process, enter its security
> context and issue the kill.
> 1.2. /usr/sbin/vserver
> Various enhancements:
> + /var/run
> Only files are erased from /var/run at vserver build and start-up
> time. Sub-directories are left. Also, /var/run/utmp is created
> empty at start-up time.
> + /var/log/wtmp
> It is created empty at vserver build time. It is ignored after
> that.
> + 5 seconds sleep after stopping a vserver, before killing the
> remaining processes. 5 instead of 2.
> + S_CAPS not processed when entering a vserver
> When entering a running vserver, the S_CAPS setting was not enabled
> for the shell. So if you had given the vserver some capabilities,
> they were not available when using "enter".
> 1.3. Dynamic system call number
> The 2 system calls used by the vserver project are not yet reserved in
> the kernel. To help people using the vserver patch with other patches,
> having conflicting system call number, the ctx-8 publish in
> /proc/self/status the system call numbers. The various utilities
> (chbind, reducecap and chcontext) are using this information on the
> fly. So you can move the system call around and the utilities keep
> working without recompile.
> 1.4. kernel ctx-8
> Here is a small change log:
> + Dynamic system calls numbering
> + Per user/per context resources.
> The ulimit resources for a user used to be shared across vserver.
> This was plain wrong since user ID N in a vserver is unrelated to
> user ID N in another vserver.
> Contributed by Patrick Schaaf <>
> + Using in a vserver.
> Note, this is unrelated to the multi-IP-per-vserver concept. A
> vserver normally use a single IP to listen and talk. In general,
> this is not a problem. But it breaks a little semantic. Most
> services out there simply do a bind on IP This way, they
> expect to grab any incoming traffic. They also expect that talking
> to is a good way (configuration less) to talk to
> themselves. Some services are using localhost (which is redirect to
> the ipv4root of the vserver) and some are using directly.
> The ctx-8 kernel now maps to the ipv4root of the vserver
> on the fly. This solves some issues with samba and should also (not
> tested) solve the issue with PostgreSQL.
> + Per vserver network activity.
> The output of netstat is now filtered by vserver. This includes
> /proc/net/tcp. This is not done per ipv4root but using the security
> context. This was contributed (oops sorry, lost the contributor
> name).
> 1.5. Man pages for most utilities
> Thanks to klavs klavsen <>, we have now a man page for all
> utilities. Now, we need a man page for the 2 system calls.
> ---------------------------------------------------------
> Jacques Gelinas <>
> vserver: run general purpose virtual servers on one box, full speed!

About this list Date view Thread view Subject view Author view Attachment view

This archive was generated by hypermail 2.1.4 : Mon Aug 19 2002 - 12:01:01 EDT