2 # Linux VServer configuration
7 config VSERVER_FILESHARING
8 bool "(PLANETLAB) Disable Hidden File Module"
11 This retains the module that when a vserver can
12 see a file, it can also stat and read it. The
13 assumption is that chroot() works and vservers
14 are contained that way.
17 bool "Enable Legacy Kernel API"
20 This enables the legacy API used in vs1.xx, maintaining
21 compatibility with older vserver tools, and guest images
22 that are configured using the legacy method. This is
23 probably a good idea for now, for migration purposes.
25 Note that some tools have not yet been altered to use
26 this API, so disabling this option may reduce some
29 config VSERVER_LEGACY_VERSION
30 bool "Show a Legacy Version ID"
31 depends on VSERVER_LEGACY
34 This shows a special legacy version to very old tools
35 which do not handle the current version correctly.
37 This will probably disable some features of newer tools
38 so better avoid it, unless you really, really need it
39 for backwards compatibility.
42 bool "Disable Legacy Networking Kernel API"
43 depends on EXPERIMENTAL
46 This disables the legacy networking API which is required
47 by the chbind tool. Do not disable it unless you exactly
48 know what you are doing.
50 config VSERVER_REMAP_SADDR
51 bool "Remap Source IP Address"
52 depends on EXPERIMENTAL && !VSERVER_LEGACY
55 This allows to remap the source IP address of 'local'
56 connections from 127.0.0.1 to the first assigned
59 config VSERVER_PROC_SECURE
60 bool "Enable Proc Security"
64 This configures ProcFS security to initially hide
65 non-process entries for all contexts except the main and
66 spectator context (i.e. for all guests), which is a secure
69 (note: on 1.2x the entries were visible by default)
71 config VSERVER_HARDCPU
72 bool "Enable Hard CPU Limits"
73 depends on EXPERIMENTAL
76 Activate the Hard CPU Limits
78 This will compile in code that allows the Token Bucket
79 Scheduler to put processes on hold when a context's
80 tokens are depleted (provided that its per-context
81 sched_hard flag is set).
83 Processes belonging to that context will not be able
84 to consume CPU resources again until a per-context
85 configured minimum of tokens has been reached.
87 config VSERVER_HARDCPU_IDLE
88 bool "Limit the IDLE task"
89 depends on VSERVER_HARDCPU
92 Limit the idle slices, so the the next context
93 will be scheduled as soon as possible.
95 This might improve interactivity and latency, but
96 will also marginally increase scheduling overhead.
98 config VSERVER_ACB_SCHED
99 bool "Guaranteed/fair share scheduler"
100 depends on VSERVER_HARDCPU
103 Andy Bavier's experimental scheduler
106 prompt "Persistent Inode Context Tagging"
107 default INOXID_UGID24
109 This adds persistent context information to filesystems
110 mounted with the tagxid option. Tagging is a requirement
111 for per-context disk limits and per-context quota.
117 do not store per-context information in inodes.
122 reduces UID to 16 bit, but leaves GID at 32 bit.
127 reduces GID to 16 bit, but leaves UID at 32 bit.
132 uses the upper 8bit from UID and GID for XID tagging
133 which leaves 24bit for UID/GID each, which should be
134 more than sufficient for normal use.
139 this uses otherwise reserved inode fields in the on
140 disk representation, which limits the use to a few
141 filesystems (currently ext2 and ext3)
143 config INOXID_RUNTIME
145 depends on EXPERIMENTAL
147 inodes are tagged when first accessed, this doesn't
148 require any persistant information, but might give
149 funny results for mixed access.
154 bool "Tag NFSD User Auth and Files"
157 Enable this if you do want the in-kernel NFS
158 Server to use the xid tagging specified above.
159 (will require patched clients too)
162 bool "VServer Debugging Code"
165 Set this to yes if you want to be able to activate
166 debugging output at runtime. It adds a probably small
167 overhead to all vserver related functions and
168 increases the kernel size by about 20k.
170 config VSERVER_HISTORY
171 bool "VServer History Tracing"
172 depends on VSERVER_DEBUG
175 Set this to yes if you want to record the history of
176 linux-vserver activities, so they can be replayed in
177 the event of a kernel panic or oops.
179 config VSERVER_HISTORY_SIZE
180 int "Per-CPU History Size (32-65536)"
181 depends on VSERVER_HISTORY
185 This allows you to specify the number of entries in
186 the per-CPU history buffer.
195 config VSERVER_SECURITY
199 select SECURITY_CAPABILITIES
201 config VSERVER_LEGACYNET
203 depends on !VSERVER_NGNET