vserver 0.7 changes log

vserver 0.7 changes log

previous versions: 0.6
Change log index

Enhancements

/usr/sbin/vserver enhancements

The utility now handles the following enhancements in the vserver configuration file:

When starting a vserver, the /var/run directory was not cleared. In some situation, the various startup script were failing because a bogus PID file was left there from a previous run.

chcontext: --cap option

The --cap option was added to help configure capabilities. The --secure option was too restrictive. --secure is used to remove critical capabilities and --cap is used to invert the effect by adding back some capabilities. This is used by the /usr/sbin/vserver front-end to handle the new S_CAPS /etc/vservers/*.conf configuration files.

chcontext: new --flag values

Two new flags are now handled by chcontext (and reducecap). Those flags are nproc and private. The nproc flag establish a hard limit on the number of processes run-able in a virtual server. It makes the original ulimit (-u) setting global to the vserver instead of just per user.

The private flag is a little weird. Once a security context has this flag set, it is not possible to join it. Even root in the root server with all capabilities is not allowed. This makes the virtual server fairly private. Security context 1 can still see which processes are executing in the vserver, but can't interfere.

kernel-2.4.16ctx-4

A new kernel is available as well. The changes are minimal this time (the old vserver utilities are still compatible). Here they are:

Bug fixes

chbind: identifying network device

chbind had a bad habit of probing the kernel for any value of the --ip command line option. Even if it was not a network device at all. This was triggering error message from modprobe. It now checks in /proc/net/dev first.