2 # Linux VServer configuration
7 config VSERVER_FILESHARING
8 bool "(PLANETLAB) Disable Hidden File Module"
11 This retains the module that when a vserver can
12 see a file, it can also stat and read it. The
13 assumption is that chroot() works and vservers
14 are contained that way.
17 bool "Enable Legacy Kernel API"
18 depends on EXPERIMENTAL
21 This enables the legacy API used in vs1.xx, maintaining
22 compatibility with older vserver tools, and guest images
23 that are configured using the legacy method.
25 config VSERVER_LEGACY_VERSION
26 bool "Show a Legacy Version ID"
27 depends on VSERVER_LEGACY
30 This shows a special legacy version to very old tools
31 which do not handle the current version correctly.
33 Warning: recent tools are not able to utilize the
34 newer APIs when this is enabled, so some features will
35 not be available. Better avoid it, unless you really,
36 really need it for backwards compatibility.
38 config VSERVER_DYNAMIC_IDS
39 bool "Enable dynamic context IDs"
40 depends on EXPERIMENTAL && VSERVER_LEGACY
43 This enables support of in kernel dynamic context IDs,
44 which is deprecated and will probably be removed in the
47 config VSERVER_LEGACYNET
48 bool "Enable Legacy Networking Kernel API"
49 depends on EXPERIMENTAL
52 This enables the legacy networking API which is used
53 by older tools (pre 0.30.210) to set up the network
56 config VSERVER_REMAP_SADDR
57 bool "Remap Source IP Address"
58 depends on EXPERIMENTAL
61 This allows to remap the source IP address of 'local'
62 connections from 127.0.0.1 to the first assigned
66 bool "Enable COW Immutable Link Breaking"
69 This enables the COW (Copy-On-Write) link break code.
70 It allows you to treat unified files like normal files
71 when writing to them (which will implicitely break the
72 link and create a copy of the unified file)
75 bool "Enable Virtualized Guest Time"
76 depends on EXPERIMENTAL
79 This enables per guest time offsets to allow for
80 adjusting the system clock individually per guest.
81 this adds some overhead to the time functions and
82 therefore should not be enabled without good reason.
84 config VSERVER_PROC_SECURE
85 bool "Enable Proc Security"
89 This configures ProcFS security to initially hide
90 non-process entries for all contexts except the main and
91 spectator context (i.e. for all guests), which is a secure
94 (note: on 1.2x the entries were visible by default)
96 config VSERVER_HARDCPU
97 bool "Enable Hard CPU Limits"
100 Activate the Hard CPU Limits
102 This will compile in code that allows the Token Bucket
103 Scheduler to put processes on hold when a context's
104 tokens are depleted (provided that its per-context
105 sched_hard flag is set).
107 Processes belonging to that context will not be able
108 to consume CPU resources again until a per-context
109 configured minimum of tokens has been reached.
111 config VSERVER_IDLETIME
112 bool "Avoid idle CPUs by skipping Time"
113 depends on VSERVER_HARDCPU
116 This option allows the scheduler to artificially
117 advance time (per cpu) when otherwise the idle
118 task would be scheduled, thus keeping the cpu
119 busy and sharing the available resources among
122 config VSERVER_IDLELIMIT
123 bool "Limit the IDLE task"
124 depends on VSERVER_HARDCPU
127 Limit the idle slices, so the the next context
128 will be scheduled as soon as possible.
130 This might improve interactivity and latency, but
131 will also marginally increase scheduling overhead.
134 prompt "Persistent Inode Tagging"
137 This adds persistent context information to filesystems
138 mounted with the tagxid option. Tagging is a requirement
139 for per-context disk limits and per-context quota.
145 do not store per-context information in inodes.
150 reduces UID to 16 bit, but leaves GID at 32 bit.
155 reduces GID to 16 bit, but leaves UID at 32 bit.
160 uses the upper 8bit from UID and GID for XID tagging
161 which leaves 24bit for UID/GID each, which should be
162 more than sufficient for normal use.
164 config TAGGING_INTERN
167 this uses otherwise reserved inode fields in the on
168 disk representation, which limits the use to a few
169 filesystems (currently ext2 and ext3)
174 bool "Tag NFSD User Auth and Files"
177 Enable this if you do want the in-kernel NFS
178 Server to use the tagging specified above.
179 (will require patched clients too)
182 bool "Enable Inode Tag Propagation"
184 depends on EXPERIMENTAL
186 This allows for the tagid= mount option to specify
187 a tagid which is to be used for the entire mount
190 config VSERVER_PRIVACY
191 bool "Honor Privacy Aspects of Guests"
194 When enabled, most context checks will disallow
195 access to structures assigned to a specific context,
196 like ptys or loop devices.
198 config VSERVER_CONTEXTS
199 int "Maximum number of Contexts (1-65533)" if EMBEDDED
201 default "768" if 64BIT
204 This setting will optimize certain data structures
205 and memory allocations according to the expected
208 note: this is not a strict upper limit.
211 bool "VServer Warnings"
214 This enables various runtime warnings, which will
215 notify about potential manipulation attempts or
216 resource shortage. It is generally considered to
217 be a good idea to have that enabled.
220 bool "VServer Debugging Code"
223 Set this to yes if you want to be able to activate
224 debugging output at runtime. It adds a very small
225 overhead to all vserver related functions and
226 increases the kernel size by about 20k.
228 config VSERVER_HISTORY
229 bool "VServer History Tracing"
230 depends on VSERVER_DEBUG
233 Set this to yes if you want to record the history of
234 linux-vserver activities, so they can be replayed in
235 the event of a kernel panic or oops.
237 config VSERVER_HISTORY_SIZE
238 int "Per-CPU History Size (32-65536)"
239 depends on VSERVER_HISTORY
243 This allows you to specify the number of entries in
244 the per-CPU history buffer.
246 config VSERVER_MONITOR
247 bool "VServer Scheduling Monitor"
248 depends on VSERVER_DEBUG
251 Set this to yes if you want to record the scheduling
252 decisions, so that they can be relayed to userspace
253 for detailed analysis.
255 config VSERVER_MONITOR_SIZE
256 int "Per-CPU Monitor Queue Size (32-65536)"
257 depends on VSERVER_MONITOR
261 This allows you to specify the number of entries in
262 the per-CPU scheduling monitor buffer.
264 config VSERVER_MONITOR_SYNC
265 int "Per-CPU Monitor Sync Interval (0-65536)"
266 depends on VSERVER_MONITOR
270 This allows you to specify the interval in ticks
271 when a time sync entry is inserted.
283 config VSERVER_SECURITY
287 select SECURITY_CAPABILITIES
291 depends on EXPERIMENTAL && !VSERVER_LEGACYNET