2 # Linux VServer configuration
9 config VSERVER_SECURITY
13 select SECURITY_CAPABILITIES
15 config VSERVER_LEGACYNET
17 depends on !VSERVER_NGNET
23 bool "Enable Legacy Kernel API"
26 This enables the legacy API used in vs1.xx, maintaining
27 compatibility with older vserver tools, and guest images
28 that are configured using the legacy method. This is
29 probably a good idea for now, for migration purposes.
31 Note that some tools have not yet been altered to use
32 this API, so disabling this option may reduce some
35 config VSERVER_LEGACY_VERSION
36 bool "Show a Legacy Version ID"
37 depends on VSERVER_LEGACY
40 This shows a special legacy version to very old tools
41 which do not handle the current version correctly.
43 This will probably disable some features of newer tools
44 so better avoid it, unless you really, really need it
45 for backwards compatibility.
48 bool "Disable Legacy Networking Kernel API"
49 depends on EXPERIMENTAL
52 This disables the legacy networking API which is required
53 by the chbind tool. Do not disable it unless you exactly
54 know what you are doing.
56 config VSERVER_PROC_SECURE
57 bool "Enable Proc Security"
61 This configures ProcFS security to initially hide
62 non-process entries for all contexts except the main and
63 spectator context (i.e. for all guests), which is a secure
66 (note: on 1.2x the entries were visible by default)
68 config VSERVER_HARDCPU
69 bool "Enable Hard CPU Limits"
70 depends on EXPERIMENTAL
73 Activate the Hard CPU Limits
75 This will compile in code that allows the Token Bucket
76 Scheduler to put processes on hold when a context's
77 tokens are depleted (provided that its per-context
78 sched_hard flag is set).
80 Processes belonging to that context will not be able
81 to consume CPU resources again until a per-context
82 configured minimum of tokens has been reached.
84 config VSERVER_HARDCPU_IDLE
85 bool "Limit the IDLE task"
86 depends on VSERVER_HARDCPU
89 Limit the idle slices, so the the next context
90 will be scheduled as soon as possible.
92 This might improve interactivity and latency, but
93 will also marginally increase scheduling overhead.
96 prompt "Persistent Inode Context Tagging"
99 This adds persistent context information to filesystems
100 mounted with the tagxid option. Tagging is a requirement
101 for per-context disk limits and per-context quota.
107 do not store per-context information in inodes.
112 reduces UID to 16 bit, but leaves GID at 32 bit.
117 reduces GID to 16 bit, but leaves UID at 32 bit.
122 uses the upper 8bit from UID and GID for XID tagging
123 which leaves 24bit for UID/GID each, which should be
124 more than sufficient for normal use.
129 this uses otherwise reserved inode fields in the on
130 disk representation, which limits the use to a few
131 filesystems (currently ext2 and ext3)
133 config INOXID_RUNTIME
135 depends on EXPERIMENTAL
137 inodes are tagged when first accessed, this doesn't
138 require any persistant information, but might give
139 funny results for mixed access.
144 bool "Tag NFSD User Auth and Files"
147 Enable this if you do want the in-kernel NFS
148 Server to use the xid tagging specified above.
149 (will require patched clients too)
152 bool "VServer Debugging Code"
155 Set this to yes if you want to be able to activate
156 debugging output at runtime. It adds a probably small
157 overhead to all vserver related functions and
158 increases the kernel size by about 20k.
160 config VSERVER_HISTORY
161 bool "VServer History Tracing"
162 depends on VSERVER_DEBUG
165 Set this to yes if you want to record the history of
166 linux-vserver activities, so they can be replayed in
167 the event of a kernel panic or oops.
169 config VSERVER_HISTORY_SIZE
170 int "Per-CPU History Size (32-65536)"
171 depends on VSERVER_HISTORY
175 This allows you to specify the number of entries in
176 the per-CPU history buffer.