On Sun, Mar 06, 2005 at 05:37:24PM +0900, Digital Infra, Inc. wrote: > > Hello Vserver guys. > > Two questions. > > 1. How much isolated each virtual server is? > I mean, for example, I heard that /dev/random is shared > between vservers. The latest version still has this feature? > and how about any other problem?
I think that virtualization to some degree is really important for linux-vserver, it's just a question of finding the right balance between overhead and gained advantage (security or usability wise) for example, that /dev/random is 'not' virtualized could be solved by creating a virtualized random pool for each vserver. but what would be the advantage? we can assume that /dev/random values are random, so every random subset of those values will be random too, and that is what the vservers will get ... feeding entropy back via /dev/random is fine too, as the algorithm ensures that the entropy pool can not be compromised ... now what would be the disadvantages? - a huge data structure for each context - the need for 'proper' initialization of each entropy pool for each context - additional code to handle and separate the random values ... > Maybe you would anser like "no, it does not matter". > I agree with it. good ;) > But please think not technical but psychological ( = marketing) > aspect. when you do a vserver hosting business, customer > would ask you like "is really isolated perfectly?". well, I guess the right answer here would be: of course it's perfectly isolated, but if you want total isolation then you have to buy my dedicated server ... > and understand customer is not a specialist of Linux. sure, often the provider isn't either .. so they have to 'trust' them developers to isolate/virtualized the essential and useful parts ... what they usually do ... > 2. I suppose the biggest issue current vserver lacks is, a filesystem. well, I don't agree here, because providers already use various filesystems (ext2/3, jfs, reiserfs, xfs ...) and _another_ filesystem would not help anything ... > a filesystem like unionfs or Copy-on-Write(Cow) or now that is something different, and alternative solutions to the unification _might_ be interesting for ease o use, increased maintainability and improved resource sharing. but for sure that doesn't happen at the filesystem layer, it has to happen at the vfs layer ... > something alike is very desired but it lacks currently. > Do you have any plan to add this feature? yes, we are _planning_ to integrate something like Jörn Engel's COW links, as alternative to unification ... > BTW, I also am planning a new file system for Vserver. well, let's hear about it then ... best, Herbert > Best regards, > Okajima, Jun. Tokyo, Japan. > _______________________________________________ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver _______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
