From: Adam H. Pendleton (fmonkey_at_fmonkey.net)
Date: Mon 16 Dec 2002 - 02:07:49 GMT
At 18:42 12/15/2002, you wrote:
>You could use "vserver nameofserver build" for this. That'll get you all
>the packages in the root server, complete with unification where disk
>partitioning allows.
How useful/safe is this operation? Assuming a disk layout like this:
/boot
swap
/
would this lead to all files being shared between virtual
servers? Wouldn't this cause all kinds of havoc in situations such as web
hosting, where you don't want your "DocumentRoot" shared? I suppose I'm
asking what "where disk partitioning allows" means, specifically.
>Vservers CANNOT talk to the kernel or otherwise make trouble unless you
>give them extra capabilities in the .conf file (S_CAPS="" is default).
>This makes it pretty safe to run less-trusted programs (and users!) in a
>vserver. iptables and ipchains won't run in a vserver. You'll get a
>message about needing to insmod, if memory serves. I've seen kudzu eat
>100% cpu in a vserver while trying to find hardware to
>detect. I'd avoid it.
I assumed as much; just wanted to make sure. Essentially I am trying to
limit the effects of the server being a virtual one, rather than the
"master". I would like to avoid as many customer complaints about a lack
of utilities/features as I can.
>You might like to have a look at http://www.paul.sladen.org/vserver/faq/ .
>Paul has some good info collected there. :)
I will do that, thanks.
ahp