Hi,
I followed a link to our beloved Slashdot [1] and found a discussion
about a kernel patch using the new Linux capabilities system (since 2.2)
and introducing a
new kernel call. It is called vserver [2] and was anounced on the linux
kernel mailing list on 11 Oct. 2001.
>From what I read in the vserver docs:
In short vserver introduces a new kernel call to implement isolation of
process spaces; call it a chroot for processes. Isolation is
irreversible and done in 4 areas: File System, Processes, Network and
Super User Capabilities.
File System are a well know area for this kind of thing.
Processes are kept separated and can't see nor interfere each other.
There are thwo exceptions: virtual servers are jailed in a "context".
context 0 is the master,the only from where you can switch to ever over
context, and context 1 is a context where all processes of all contexts
are seen. of course you can't escape a context. It completely looks like
a own machine.
Networking can be assigned to a context-owned IP-number which a context
is bound to. Of course context-root can use port 0-1024, but can't
change network settings. This is controlled by:
Super User Capapbilities are implemented using the capabilities system.
Capabilities controll access to various aspects of the system like
networking or devices. Again lowering capabilities is one-way and
affects the current process and all chlid processes.
Of course people at Slashdot where excited about it.
some reactions mentioned:
jail(2) and jail(8) [3] from FreeBSD 4.0, which does the same
but needs it own root filesystem. vservers seems to work
with
one common root filesystem.
some ensim [4] product doing the same (mentioned twice independant)
User Mode Linux [5], working as guest system on an other Linux
A FreeBSD "vserver" system, aka "Freedom" seems to be another
name for the FreeBS-jail system.
FreeVSD [6], a GPL'ed virtual server system for Linux. It's not
real virtual servers but some envvironment to show an system in
different "versions" by some scripts, changed binaries and
hardlinked, chroot'ed root file systems.
Being a little off-topic, Mosix [7] was mentioned. Mosix is an
extension to Linux providing transparent redirects for processes over
network. Thus it enables and administrates automatic load
distribution over several machines.
There was a lot of discussion like "imagine combinig this with Beowulf"
and the like, and some links to systems that looked like Apache virtual
servers, nothing where I could find out something about OS
personalities.
The bid disadvantage of this Virtual Servers is the kernel. Most of
them, except User Mode Linux and Mosix, use one single monolithic
kernel. They are probaly usefull for nice, friendly, stable applications
doing their job, but I don't think they are useful for developing, say,
one personality for compilation, one for testing, one for development.
If one of them crashes the kernel, all are lost.
I think it would be very Hurdish to set up a second personality, give it
a root file system capped by a shadowfs for its own modifications, give
it its own (be it a private network) IP adress and control resources
like disk and even more interesting, memory and CPU time. Personalities
could have the same rights, be created with certain rights/priorities or
controlled by some "master system". The concept of a master system would
need an administrator and make it difficult
to use the system out of the box (some day...).
I think a sub-Hurd is the Hurd's way of doing this at the moment. What
can it do for us in this direction, and more important: what is a
sub-Hurd not possible to do? How does resource sharing work? What would
change if dirvers were in user space? What about security with a
sub-Hurd? What about networking?
Are there real perspectives for running the Hurd in parallel to any
known OS?
This are just some thoughts and links about virtual servers/OS
personalities. I'm not cappable of doing any valuable work, I'm just
learning software development at hte moment. I hope do be able to do
some work on the Hurd soon. Hopefully this mail gives some new useful
aspects for further development of the Hurd.
Patrick
[1] thread at Slashdot:
http://slashdot.org/article.pl?sid=01/11/06/2034233
[2] Info about vserver: http://www.solucorp.qc.ca/miscprj/s_context.hc
[3] man page for jail:
http://www.freebsd.org/cgi/man.cgi?query=jail&manpath=FreeBSD+4.4-RELEASE&format=html
[4] Ensim products: http://www.ensim.com/solutions/overview.shtml
[5] User Mode Linux: http://user-mode-linux.sourceforge.net/
[6] FreeVSD: http://www.freevsd.org/
[7] Mosix: http://www.mosix.com/
--
Engineers motto: [ ]cheap [ ]good [ ]fast choose any two
Patrick Strasser <pstrasser at bigfoot dot de>
Student of Telematik, Techn. University Graz, Austria
_______________________________________________
Bug-hurd mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/bug-hurd
