On 3 Oct 2008, at 23:02, Jordan Brown wrote:

> Nicolas Williams wrote:
>> On Fri, Oct 03, 2008 at 02:37:28PM -0700, Jordan Brown wrote:
>>> Nick is trying to isolate virtual systems, not users.  I've seen  
>>> this
>> That was, obviously, not the impression tat I got.  It's trivial to
>> separate virtual systems by just running them in zones.  But if I
>> misread what Nick was asking, then you're right, we should respond  
>> with
>> documentation on how to setup zones and so on (that documentation
>> exists, of course, and can easily be found online; I suspect Google
>> knows all about it).
> My interpretation (and hopefully Nick will jump in here soon and
> clarify) is that he's trying to get some additional cross-zone  
> sharing,
> over simply running a fresh Apache in each zone.

Sorry, shouldn't have posted that shortly before a near-7-hour journey.
Just digesting the replies now.

>> I think the mention of zone_enter() is what made me think take Nick's
>> question quite literally.  That is, I assumed that zones newbie would
>> not have known about zone_enter(), therefore I assumed Nick is not a
>> newbie.

Nick is a newbie to zones:-)

> Remember that "user" is a relative term.  The "user" of a hosting
> company is the hosting customer, *not* the guy behind the web browser.

Exactly.  The zone_enter will happen at server startup.  To have it  
per-request in the server would imply an enormous overhead, because
it's a complete misfit to the Apache architecture.  CGI could perhaps  
do it
in a similar manner to the existing setuid wrapper, but that's a lesser
solution to a less-interesting problem.

> Note also that (with no disrespect meant to Nick) a common newbie
> behavior is to latch onto some random interface and attempt to bend it
> to solve the problem at hand, whether or not it's the intended way to
> solve that problem.

That may indeed be the case.  Though I should add, my newbiedom
applies to Solaris kernel goodies, not to Apache or web-serving
(guess it's time to attach my apache book .sig:-)  I'm exploring
(or, if you prefer, latching on to) the possibility of a strong solution
to a long-standing problem.


Nick Kew

Application Development with Apache - the Apache Modules Book
zones-discuss mailing list

Reply via email to