[linux-2.6.git] / kernel / vserver / Kconfig

#
# Linux VServer configuration
#

config  VSERVER
        bool
        default y

config  VSERVER_SECURITY
        bool
        depends on SECURITY
        default y
        select SECURITY_CAPABILITIES

config  VSERVER_LEGACYNET
        bool
        depends on !VSERVER_NGNET
        default y

menu "Linux VServer"

config  VSERVER_FILESHARING
        bool    "(PLANETLAB) Disable Hidden File Module"
        default y
        help
          This retains the module that when a vserver can
          see a file, it can also stat and read it.  The
          assumption is that chroot() works and vservers
          are contained that way.

config  VSERVER_LEGACY
        bool    "Enable Legacy Kernel API"
        default y
        help
          This enables the legacy API used in vs1.xx, maintaining
          compatibility with older vserver tools, and guest images
          that are configured using the legacy method.  This is
          probably a good idea for now, for migration purposes.

          Note that some tools have not yet been altered to use
          this API, so disabling this option may reduce some
          functionality.

config  VSERVER_LEGACY_VERSION
        bool    "Show a Legacy Version ID"
        depends on VSERVER_LEGACY
        default n
        help
          This shows a special legacy version to very old tools
          which do not handle the current version correctly.

          This will probably disable some features of newer tools
          so better avoid it, unless you really, really need it
          for backwards compatibility.

config  VSERVER_NGNET
        bool    "Disable Legacy Networking Kernel API"
        depends on EXPERIMENTAL
        default n
        help
          This disables the legacy networking API which is required
          by the chbind tool. Do not disable it unless you exactly
          know what you are doing.

config  VSERVER_PROC_SECURE
        bool    "Enable Proc Security"
        depends on PROC_FS
        default y
        help
          This configures ProcFS security to initially hide
          non-process entries for all contexts except the main and
          spectator context (i.e. for all guests), which is a secure
          default.

          (note: on 1.2x the entries were visible by default)

config  VSERVER_HARDCPU
        bool    "Enable Hard CPU Limits"
        depends on EXPERIMENTAL
        default n
        help
          Activate the Hard CPU Limits

          This will compile in code that allows the Token Bucket
          Scheduler to put processes on hold when a context's
          tokens are depleted (provided that its per-context
          sched_hard flag is set).

          Processes belonging to that context will not be able
          to consume CPU resources again until a per-context
          configured minimum of tokens has been reached.

config  VSERVER_HARDCPU_IDLE
        bool    "Limit the IDLE task"
        depends on VSERVER_HARDCPU
        default n
        help
          Limit the idle slices, so the the next context
          will be scheduled as soon as possible.

          This might improve interactivity and latency, but
          will also marginally increase scheduling overhead.

choice
        prompt  "Persistent Inode Context Tagging"
        default INOXID_UGID24
        help
          This adds persistent context information to filesystems
          mounted with the tagxid option. Tagging is a requirement
          for per-context disk limits and per-context quota.


config  INOXID_NONE
        bool    "Disabled"
        help
          do not store per-context information in inodes.

config  INOXID_UID16
        bool    "UID16/GID32"
        help
          reduces UID to 16 bit, but leaves GID at 32 bit.

config  INOXID_GID16
        bool    "UID32/GID16"
        help
          reduces GID to 16 bit, but leaves UID at 32 bit.

config  INOXID_UGID24
        bool    "UID24/GID24"
        help
          uses the upper 8bit from UID and GID for XID tagging
          which leaves 24bit for UID/GID each, which should be
          more than sufficient for normal use.

config  INOXID_INTERN
        bool    "UID32/GID32"
        help
          this uses otherwise reserved inode fields in the on
          disk representation, which limits the use to a few
          filesystems (currently ext2 and ext3)

config  INOXID_RUNTIME
        bool    "Runtime"
        depends on EXPERIMENTAL
        help
          inodes are tagged when first accessed, this doesn't
          require any persistant information, but might give
          funny results for mixed access.

endchoice

config  XID_TAG_NFSD
        bool    "Tag NFSD User Auth and Files"
        default n
        help
          Enable this if you do want the in-kernel NFS
          Server to use the xid tagging specified above.
          (will require patched clients too)

config  VSERVER_DEBUG
        bool    "VServer Debugging Code"
        default n
        help
          Set this to yes if you want to be able to activate
          debugging output at runtime. It adds a probably small
          overhead to all vserver related functions and
          increases the kernel size by about 20k.

config  VSERVER_HISTORY
        bool    "VServer History Tracing"
        depends on VSERVER_DEBUG
        default n
        help
          Set this to yes if you want to record the history of
          linux-vserver activities, so they can be replayed in
          the event of a kernel panic or oops.

config  VSERVER_HISTORY_SIZE
        int "Per-CPU History Size (32-65536)"
        depends on VSERVER_HISTORY
        range 32 65536
        default 64
        help
          This allows you to specify the number of entries in
          the per-CPU history buffer.

endmenu