Merge to kernel-2.6.20-1.2949.fc6.vs2.2.0.1

[linux-2.6.git] / kernel / vserver / Kconfig

#
# Linux VServer configuration
#

menu "Linux VServer"

config  VSERVER_FILESHARING
        bool    "(PLANETLAB) Disable Hidden File Module"
        default y
        help
          This retains the module that when a vserver can
          see a file, it can also stat and read it.  The
          assumption is that chroot() works and vservers
          are contained that way.

config  VSERVER_LEGACY
        bool    "Enable Legacy Kernel API"
        depends on EXPERIMENTAL
        default n
        help
          This enables the legacy API used in vs1.xx, maintaining
          compatibility with older vserver tools, and guest images
          that are configured using the legacy method.

config  VSERVER_LEGACY_VERSION
        bool    "Show a Legacy Version ID"
        depends on VSERVER_LEGACY
        default n
        help
          This shows a special legacy version to very old tools
          which do not handle the current version correctly.

          Warning: recent tools are not able to utilize the
          newer APIs when this is enabled, so some features will
          not be available. Better avoid it, unless you really,
          really need it for backwards compatibility.

config  VSERVER_DYNAMIC_IDS
        bool    "Enable dynamic context IDs"
        depends on EXPERIMENTAL && VSERVER_LEGACY
        default n
        help
          This enables support of in kernel dynamic context IDs,
          which is deprecated and will probably be removed in the
          next release.

config  VSERVER_LEGACYNET
        bool    "Enable Legacy Networking Kernel API"
        depends on EXPERIMENTAL
        default n
        help
          This enables the legacy networking API which is used
          by older tools (pre 0.30.210) to set up the network
          context (chbind).

config  VSERVER_REMAP_SADDR
        bool    "Remap Source IP Address"
        depends on EXPERIMENTAL
        default n
        help
          This allows to remap the source IP address of 'local'
          connections from 127.0.0.1 to the first assigned
          guest IP.

config  VSERVER_COWBL
        bool    "Enable COW Immutable Link Breaking"
        default y
        help
          This enables the COW (Copy-On-Write) link break code.
          It allows you to treat unified files like normal files
          when writing to them (which will implicitely break the
          link and create a copy of the unified file)

config  VSERVER_VTIME
        bool    "Enable Virtualized Guest Time"
        depends on EXPERIMENTAL
        default n
        help
          This enables per guest time offsets to allow for
          adjusting the system clock individually per guest.
          this adds some overhead to the time functions and
          therefore should not be enabled without good reason.

config  VSERVER_PROC_SECURE
        bool    "Enable Proc Security"
        depends on PROC_FS
        default y
        help
          This configures ProcFS security to initially hide
          non-process entries for all contexts except the main and
          spectator context (i.e. for all guests), which is a secure
          default.

          (note: on 1.2x the entries were visible by default)

config  VSERVER_HARDCPU
        bool    "Enable Hard CPU Limits"
        default y
        help
          Activate the Hard CPU Limits

          This will compile in code that allows the Token Bucket
          Scheduler to put processes on hold when a context's
          tokens are depleted (provided that its per-context
          sched_hard flag is set).

          Processes belonging to that context will not be able
          to consume CPU resources again until a per-context
          configured minimum of tokens has been reached.

config  VSERVER_IDLETIME
        bool    "Avoid idle CPUs by skipping Time"
        depends on VSERVER_HARDCPU
        default y
        help
          This option allows the scheduler to artificially
          advance time (per cpu) when otherwise the idle
          task would be scheduled, thus keeping the cpu
          busy and sharing the available resources among
          certain contexts.

config  VSERVER_IDLELIMIT
        bool    "Limit the IDLE task"
        depends on VSERVER_HARDCPU
        default n
        help
          Limit the idle slices, so the the next context
          will be scheduled as soon as possible.

          This might improve interactivity and latency, but
          will also marginally increase scheduling overhead.

choice
        prompt  "Persistent Inode Tagging"
        default TAGGING_ID24
        help
          This adds persistent context information to filesystems
          mounted with the tagxid option. Tagging is a requirement
          for per-context disk limits and per-context quota.


config  TAGGING_NONE
        bool    "Disabled"
        help
          do not store per-context information in inodes.

config  TAGGING_UID16
        bool    "UID16/GID32"
        help
          reduces UID to 16 bit, but leaves GID at 32 bit.

config  TAGGING_GID16
        bool    "UID32/GID16"
        help
          reduces GID to 16 bit, but leaves UID at 32 bit.

config  TAGGING_ID24
        bool    "UID24/GID24"
        help
          uses the upper 8bit from UID and GID for XID tagging
          which leaves 24bit for UID/GID each, which should be
          more than sufficient for normal use.

config  TAGGING_INTERN
        bool    "UID32/GID32"
        help
          this uses otherwise reserved inode fields in the on
          disk representation, which limits the use to a few
          filesystems (currently ext2 and ext3)

endchoice

config  TAG_NFSD
        bool    "Tag NFSD User Auth and Files"
        default n
        help
          Enable this if you do want the in-kernel NFS
          Server to use the tagging specified above.
          (will require patched clients too)

config  PROPAGATE
        bool    "Enable Inode Tag Propagation"
        default n
        depends on EXPERIMENTAL
        help
          This allows for the tagid= mount option to specify
          a tagid which is to be used for the entire mount
          tree.

config  VSERVER_PRIVACY
        bool    "Honor Privacy Aspects of Guests"
        default y
        help
          When enabled, most context checks will disallow
          access to structures assigned to a specific context,
          like ptys or loop devices.

config  VSERVER_CONTEXTS
        int     "Maximum number of Contexts (1-65533)"  if EMBEDDED
        range 1 65533
        default "768"   if 64BIT
        default "256"
        help
          This setting will optimize certain data structures
          and memory allocations according to the expected
          maximum.

          note: this is not a strict upper limit.

config  VSERVER_WARN
        bool    "VServer Warnings"
        default y
        help
          This enables various runtime warnings, which will
          notify about potential manipulation attempts or
          resource shortage. It is generally considered to
          be a good idea to have that enabled.

config  VSERVER_DEBUG
        bool    "VServer Debugging Code"
        default n
        help
          Set this to yes if you want to be able to activate
          debugging output at runtime. It adds a very small
          overhead to all vserver related functions and
          increases the kernel size by about 20k.

config  VSERVER_HISTORY
        bool    "VServer History Tracing"
        depends on VSERVER_DEBUG
        default n
        help
          Set this to yes if you want to record the history of
          linux-vserver activities, so they can be replayed in
          the event of a kernel panic or oops.

config  VSERVER_HISTORY_SIZE
        int     "Per-CPU History Size (32-65536)"
        depends on VSERVER_HISTORY
        range 32 65536
        default 64
        help
          This allows you to specify the number of entries in
          the per-CPU history buffer.

config  VSERVER_MONITOR
        bool    "VServer Scheduling Monitor"
        depends on VSERVER_DEBUG
        default n
        help
          Set this to yes if you want to record the scheduling
          decisions, so that they can be relayed to userspace
          for detailed analysis.

config  VSERVER_MONITOR_SIZE
        int     "Per-CPU Monitor Queue Size (32-65536)"
        depends on VSERVER_MONITOR
        range 32 65536
        default 1024
        help
          This allows you to specify the number of entries in
          the per-CPU scheduling monitor buffer.

config  VSERVER_MONITOR_SYNC
        int     "Per-CPU Monitor Sync Interval (0-65536)"
        depends on VSERVER_MONITOR
        range 0 65536
        default 256
        help
          This allows you to specify the interval in ticks
          when a time sync entry is inserted.

endmenu


config  VSERVER
        bool
        default y
        select UTS_NS
        select SYSVIPC
        select IPC_NS

config  VSERVER_SECURITY
        bool
        depends on SECURITY
        default y
        select SECURITY_CAPABILITIES

config  VSERVER_NGNET
        bool
        depends on EXPERIMENTAL && !VSERVER_LEGACYNET
        default y