On 3 Oct 2008, at 23:02, Jordan Brown wrote:
> Nicolas Williams wrote:
>> On Fri, Oct 03, 2008 at 02:37:28PM -0700, Jordan Brown wrote:
>>> Nick is trying to isolate virtual systems, not users. I've seen
>> That was, obviously, not the impression tat I got. It's trivial to
>> separate virtual systems by just running them in zones. But if I
>> misread what Nick was asking, then you're right, we should respond
>> documentation on how to setup zones and so on (that documentation
>> exists, of course, and can easily be found online; I suspect Google
>> knows all about it).
> My interpretation (and hopefully Nick will jump in here soon and
> clarify) is that he's trying to get some additional cross-zone
> over simply running a fresh Apache in each zone.
Sorry, shouldn't have posted that shortly before a near-7-hour journey.
Just digesting the replies now.
>> I think the mention of zone_enter() is what made me think take Nick's
>> question quite literally. That is, I assumed that zones newbie would
>> not have known about zone_enter(), therefore I assumed Nick is not a
Nick is a newbie to zones:-)
> Remember that "user" is a relative term. The "user" of a hosting
> company is the hosting customer, *not* the guy behind the web browser.
Exactly. The zone_enter will happen at server startup. To have it
per-request in the server would imply an enormous overhead, because
it's a complete misfit to the Apache architecture. CGI could perhaps
in a similar manner to the existing setuid wrapper, but that's a lesser
solution to a less-interesting problem.
> Note also that (with no disrespect meant to Nick) a common newbie
> behavior is to latch onto some random interface and attempt to bend it
> to solve the problem at hand, whether or not it's the intended way to
> solve that problem.
That may indeed be the case. Though I should add, my newbiedom
applies to Solaris kernel goodies, not to Apache or web-serving
(guess it's time to attach my apache book .sig:-) I'm exploring
(or, if you prefer, latching on to) the possibility of a strong solution
to a long-standing problem.
Application Development with Apache - the Apache Modules Book
zones-discuss mailing list