and it will locate the vserver owning that process, enter its security context and issue the kill.
Only files are erased from /var/run at vserver build and start-up time. Sub-directories are left. Also, /var/run/utmp is created empty at start-up time.
It is created empty at vserver build time. It is ignored after that.
When entering a running vserver, the S_CAPS setting was not enabled for the shell. So if you had given the vserver some capabilities, they were not available when using "enter".
The ulimit resources for a user used to be shared across vserver. This was plain wrong since user ID N in a vserver is unrelated to user ID N in another vserver.
Contributed by Patrick Schaaf <firstname.lastname@example.org>
Note, this is unrelated to the multi-IP-per-vserver concept. A vserver normally use a single IP to listen and talk. In general, this is not a problem. But it breaks a little semantic. Most services out there simply do a bind on IP 0.0.0.0. This way, they expect to grab any incoming traffic. They also expect that talking to 127.0.0.1 is a good way (configuration less) to talk to themselves. Some services are using localhost (which is redirect to the ipv4root of the vserver) and some are using 127.0.0.1 directly.
The ctx-8 kernel now maps 127.0.0.1 to the ipv4root of the vserver on the fly. This solves some issues with samba and should also (not tested) solve the issue with PostgreSQL.
The output of netstat is now filtered by vserver. This includes /proc/net/tcp. This is not done per ipv4root but using the security context. This was contributed by Martin Josefsson <email@example.com>