On Fri, Aug 12, 2005 at 02:49:36PM +0200, Francois Duchatelet wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi all vserver freaks :-), > > Since the use of the alpha tools, I see this sentence everywhere.
no basically since the first release vs1.00 the dynamic contexts are deprecated (you only use them for on-the-fly isolation and testing) > Why is this so? because certain things are connected with a context and sooner or later folks start using the shared disk limits (or similar) which involves context file tagging and *bang* you end up with all kind of strange issues ... also context creation with dynamic contexts is racy by design, and does move policy into the kernel (where it definitely doesn't belong) > Using static contexts forces us to manage them, just like ip adresses. once, when you create a guest, yes, but that's about it as benefit you get a 'stable' environment, where you always _know_ which process/file/socket belongs to what context, regardless of the guest state here an example: guest 'hansi' starts with dynamic context 49152, it then opens a few network connections and dies a horribly death, because the administrator did a vkill/shutdown but, what about the network connections? of course, they will linger around until certain timeouts are met (which is how linux systems behave) I guess you can imagine what happens if a different guest starts with xid = 49152 or the same guest (now with xid = 49153) tries to use those addresses/sockets ... > This is specially annoying for master/backup vservers running on > different machines. why? nothing stops you from using 'unique' context IDs for each guest, regardless of master or backup ... on the contrary, this would allow for a real backup guest even if you are using a shared disk or nfs volume ... best, Herbert > Cheers > > François Duchatelet, > Ariane Services > Rue du Verregat, 12 > B-1020 Brussels > TEL:+32(2)479.37.59 - FAX:+32(2)478.14.20 > Mobile:+32(486)13.07.85 - +31 (6) 47044881 > GPS: 4°19'59" E 50°54'03" N > > -----BEGIN PGP SIGNATURE----- > Version: PGP 8.0.3 > > iQA/AwUBQvya3+Xix9dFBcbpEQJ+xgCfdDYy2cgGdCg1dNCEUq4DoG6sYvoAoN0e > STPn/Z3fSVLJA75d7SyJY37i > =xVqh > -----END PGP SIGNATURE----- > > > _______________________________________________ > Vserver mailing list > [email protected] > http://list.linux-vserver.org/mailman/listinfo/vserver _______________________________________________ Vserver mailing list [email protected] http://list.linux-vserver.org/mailman/listinfo/vserver
