You and Dan both talked about user authentication and therefore the need for the zone_enter to happen "late", but I don't think that's part of the picture here at all.
Nick is trying to isolate virtual systems, not users. I've seen this problem on my personal hosting providers - my CGI scripts run as the same user as everybody else's, in the same file system. We'd better all trust each other. That's OK for cheesy little personal sites, but not so good for real businesses. It's quite possible that the IP address alone is enough to determine which zone the server should run in, in which case you could probably do the zone_enter before the listen(). Even without that, the host name (HTTP "Host:" header) is enough, so you could do the zone_enter() early in HTTP processing. I agree with Dan that the savings here are questionable over simply running separate Apaches in each zone. You'd save on all-zone-global data (which might be COW pages that never get written) but that's about it. (Note, incidentally, that the picture might be different for a Java server, where the Java byte code for the application and a bunch of overhead objects might well fall into that sharable bucket.) _______________________________________________ zones-discuss mailing list email@example.com