From: Jacques Gelinas (jack_at_solucorp.qc.ca)
Date: Fri Jul 19 2002 - 18:16:42 EDT
On Wed, 17 Jul 2002 18:44:44 -0500, Roderick A. Anderson wrote
> On Sat, 13 Jul 2002, Jacques Gelinas wrote:
>
> > > My question. Can I mount a NFS share on the main server as /vservers and
> > > have it work?
> >
> > I would say it will work. Unification won't, but the rest should.
>
> My thoughts are to use some big old monster NAS or SAN device (TeraByte
> capacity - RaidZone etc.) and don't care about the extra space used.
>
> It would be nice to have a unified NFS mount from a system that normally
> only provides the NFS services. Does vserver have to be running or
> installed for the unification process to be done? That is could I install
> only the vserver utilities without the kernel and still do all the admin
> and maintenance stuff filesystem-wise?
Unification is basically a big bunch of hard link. This part works over NFS.
The problem is that it is not secure. If you have vserver1 and vserver1 sharing
the same /bin/ls, then vserver1 is allowed to overwrite its /bin/ls with some
trojan and then take over verserv2.
So unification is done using hard links, but also using some security features
found in linux file systems, notably immutability. So if your NFS server does
support that (immutability + immutable-may-unlink), then you can use
unification safely.
---------------------------------------------------------
Jacques Gelinas <jack_at_solucorp.qc.ca>
vserver: run general purpose virtual servers on one box, full speed!
http://www.solucorp.qc.ca/miscprj/s_context.hc
This archive was generated by hypermail 2.1.4 : Mon Aug 19 2002 - 12:01:01 EDT