2 # Linux VServer configuration
8 bool "Enable Legacy Kernel API"
11 This enables the legacy API used in vs1.xx, maintaining
12 compatibility with older vserver tools, and guest images
13 that are configured using the legacy method. This is
14 probably a good idea for now, for migration purposes.
16 Note that some tools have not yet been altered to use
17 this API, so disabling this option may reduce some
20 config VSERVER_LEGACY_VERSION
21 bool "Show a Legacy Version ID"
22 depends on VSERVER_LEGACY
25 This shows a special legacy version to very old tools
26 which do not handle the current version correctly.
28 This will probably disable some features of newer tools
29 so better avoid it, unless you really, really need it
30 for backwards compatibility.
32 config VSERVER_LEGACYNET
33 bool "Enable Legacy Networking Kernel API"
36 This enables the legacy networking API which is required
37 by the chbind tool (for util-vserver versions prior to
38 0.30.210). If you use an older version, don't disable
41 config VSERVER_REMAP_SADDR
42 bool "Remap Source IP Address"
43 depends on EXPERIMENTAL && !VSERVER_LEGACY
46 This allows to remap the source IP address of 'local'
47 connections from 127.0.0.1 to the first assigned
50 config VSERVER_PROC_SECURE
51 bool "Enable Proc Security"
55 This configures ProcFS security to initially hide
56 non-process entries for all contexts except the main and
57 spectator context (i.e. for all guests), which is a secure
60 (note: on 1.2x the entries were visible by default)
62 config VSERVER_HARDCPU
63 bool "Enable Hard CPU Limits"
64 depends on EXPERIMENTAL
67 Activate the Hard CPU Limits
69 This will compile in code that allows the Token Bucket
70 Scheduler to put processes on hold when a context's
71 tokens are depleted (provided that its per-context
72 sched_hard flag is set).
74 Processes belonging to that context will not be able
75 to consume CPU resources again until a per-context
76 configured minimum of tokens has been reached.
78 config VSERVER_HARDCPU_IDLE
79 bool "Limit the IDLE task"
80 depends on VSERVER_HARDCPU
83 Limit the idle slices, so the the next context
84 will be scheduled as soon as possible.
86 This might improve interactivity and latency, but
87 will also marginally increase scheduling overhead.
90 prompt "Persistent Inode Context Tagging"
93 This adds persistent context information to filesystems
94 mounted with the tagxid option. Tagging is a requirement
95 for per-context disk limits and per-context quota.
101 do not store per-context information in inodes.
106 reduces UID to 16 bit, but leaves GID at 32 bit.
111 reduces GID to 16 bit, but leaves UID at 32 bit.
116 uses the upper 8bit from UID and GID for XID tagging
117 which leaves 24bit for UID/GID each, which should be
118 more than sufficient for normal use.
123 this uses otherwise reserved inode fields in the on
124 disk representation, which limits the use to a few
125 filesystems (currently ext2 and ext3)
127 config INOXID_RUNTIME
129 depends on EXPERIMENTAL
131 inodes are tagged when first accessed, this doesn't
132 require any persistant information, but might give
133 funny results for mixed access.
138 bool "Tag NFSD User Auth and Files"
141 Enable this if you do want the in-kernel NFS
142 Server to use the xid tagging specified above.
143 (will require patched clients too)
146 bool "VServer Debugging Code"
149 Set this to yes if you want to be able to activate
150 debugging output at runtime. It adds a probably small
151 overhead to all vserver related functions and
152 increases the kernel size by about 20k.
154 config VSERVER_HISTORY
155 bool "VServer History Tracing"
156 depends on VSERVER_DEBUG
159 Set this to yes if you want to record the history of
160 linux-vserver activities, so they can be replayed in
161 the event of a kernel panic or oops.
163 config VSERVER_HISTORY_SIZE
164 int "Per-CPU History Size (32-65536)"
165 depends on VSERVER_HISTORY
169 This allows you to specify the number of entries in
170 the per-CPU history buffer.
179 config VSERVER_SECURITY
183 select SECURITY_CAPABILITIES
187 depends on EXPERIMENTAL && !VSERVER_LEGACYNET