Re: user- vs kernel-level resource sandbox for Linux?

From: Herbert Poetzl
Date: Wed Dec 01 2004 - 21:34:07 EST


On Tue, Nov 30, 2004 at 09:47:08PM +0100, Marek Habersack wrote:
> On Tue, Nov 30, 2004 at 06:48:27PM +0000, Alan Cox scribbled:
> > On Maw, 2004-11-30 at 02:39, Marek Habersack wrote:
> > > per-process isn't enough. I specifically need something to limit the memory
> > > usage on a more global scale - per user ID or per process group or a similar
> > > way of grouping related processes. That's the only way to tame processes
> > > like apache. At this point the option I'm considering is Xen, unless I can
> > > find a userland solution to the problem...
> >
> > I'd suggest playing with Xen - its very efficient and it really does
> > come close to perfect constraint for resources.
> That's my current impression. I also considered writing a simple kernel
> module to intercept sys_brk, but that seemed to be a bit clumsy. We have
> been running a test installation of Xen with 2 VMs under quite high load and
> it performs outstandingly well in "laboratory environment".
> Also, I seem to recall there used to be a patch for the linux kernel to implement
> BSD-like jail environment, which would suit my purpose too, do you know what happened
> to the project/where it can be found? It would be a great addition to the
> kernel, just like the Zones in Solaris 10 are (which are based on the BSD
> jail concept as well).

maybe this might be of interest for you:

http://linux-vserver.org/
http://linux-vserver.org/Linux-VServer-Paper

best,
Herbert

> regards,
>
> marek


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/