You and Dan both talked about user authentication and therefore the need 
for the zone_enter to happen "late", but I don't think that's part of 
the picture here at all.

Nick is trying to isolate virtual systems, not users.  I've seen this 
problem on my personal hosting providers - my CGI scripts run as the 
same user as everybody else's, in the same file system.  We'd better all 
trust each other.  That's OK for cheesy little personal sites, but not 
so good for real businesses.

It's quite possible that the IP address alone is enough to determine 
which zone the server should run in, in which case you could probably do 
the zone_enter before the listen().  Even without that, the host name 
(HTTP "Host:" header) is enough, so you could do the zone_enter() early 
in HTTP processing.

I agree with Dan that the savings here are questionable over simply 
running separate Apaches in each zone.  You'd save on all-zone-global 
data (which  might be COW pages that never get written) but that's about 
it.  (Note, incidentally, that the picture might be different for a Java 
server, where the Java byte code for the application and a bunch of 
overhead objects might well fall into that sharable bucket.)
zones-discuss mailing list

Reply via email to