You and Dan both talked about user authentication and therefore the need
for the zone_enter to happen "late", but I don't think that's part of
the picture here at all.
Nick is trying to isolate virtual systems, not users. I've seen this
problem on my personal hosting providers - my CGI scripts run as the
same user as everybody else's, in the same file system. We'd better all
trust each other. That's OK for cheesy little personal sites, but not
so good for real businesses.
It's quite possible that the IP address alone is enough to determine
which zone the server should run in, in which case you could probably do
the zone_enter before the listen(). Even without that, the host name
(HTTP "Host:" header) is enough, so you could do the zone_enter() early
in HTTP processing.
I agree with Dan that the savings here are questionable over simply
running separate Apaches in each zone. You'd save on all-zone-global
data (which might be COW pages that never get written) but that's about
it. (Note, incidentally, that the picture might be different for a Java
server, where the Java byte code for the application and a bunch of
overhead objects might well fall into that sharable bucket.)
zones-discuss mailing list