> this is for 2.6.x or 2.4.x with or without the rmap > patches? Primary for all RH Linux, but can be addapted to other.
> > > - procfs security > > > - uptime virtualization > > > - reboot userspace helper > > > > > Linux VServer not have > > 1) virtual network devices with bandwidth shaper > > that is correct, but similar can be done with tc > and iptables/netfilter don`t. it been more slow. ;-) > > > 2) private routing tables includes private loopback. > > 3) private routing caches > > correct > > > (2 and 3 need for correctly select packet source address.) > > hmm, well, it seems that isn't an issue anymore .. > > > 4) Correctly (rmap based) memory accounting. Herbert please try use you > > memory accounting at high load web server with apache1 or other fork > > based programs. > > will/should this change anything? what do you expect? > what did your 'test' show in this regard? start many forked childrens with shared data segments and see shared area been accounted not one. > > 5) Correctly created private namespace - not affected with any chroot > > exploit. > > this is done in experimental (with alpha tools) and > mostly in userspace (only the enter requires kernel help) but you say "it not vserver" way ? ;-) > > > 6) CAP_NET_ADMIN/CAP_SYS_RESOURCE can be used inside vps without > > security problems. > > which means? > provide private netlink stack.. and other network stack as tc .... can be start bind and other program who use manipulate get/set rlimit.. and other.. _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
