2 # Linux VServer configuration
9 config VSERVER_SECURITY
13 select SECURITY_CAPABILITIES
15 config VSERVER_LEGACYNET
17 depends on !VSERVER_NGNET
22 config VSERVER_FILESHARING
23 bool "(PLANETLAB) Disable Hidden File Module"
26 This retains the module that when a vserver can
27 see a file, it can also stat and read it. The
28 assumption is that chroot() works and vservers
29 are contained that way.
32 bool "Enable Legacy Kernel API"
35 This enables the legacy API used in vs1.xx, maintaining
36 compatibility with older vserver tools, and guest images
37 that are configured using the legacy method. This is
38 probably a good idea for now, for migration purposes.
40 Note that some tools have not yet been altered to use
41 this API, so disabling this option may reduce some
44 config VSERVER_LEGACY_VERSION
45 bool "Show a Legacy Version ID"
46 depends on VSERVER_LEGACY
49 This shows a special legacy version to very old tools
50 which do not handle the current version correctly.
52 This will probably disable some features of newer tools
53 so better avoid it, unless you really, really need it
54 for backwards compatibility.
57 bool "Disable Legacy Networking Kernel API"
58 depends on EXPERIMENTAL
61 This disables the legacy networking API which is required
62 by the chbind tool. Do not disable it unless you exactly
63 know what you are doing.
65 config VSERVER_PROC_SECURE
66 bool "Enable Proc Security"
70 This configures ProcFS security to initially hide
71 non-process entries for all contexts except the main and
72 spectator context (i.e. for all guests), which is a secure
75 (note: on 1.2x the entries were visible by default)
77 config VSERVER_HARDCPU
78 bool "Enable Hard CPU Limits"
79 depends on EXPERIMENTAL
82 Activate the Hard CPU Limits
84 This will compile in code that allows the Token Bucket
85 Scheduler to put processes on hold when a context's
86 tokens are depleted (provided that its per-context
87 sched_hard flag is set).
89 Processes belonging to that context will not be able
90 to consume CPU resources again until a per-context
91 configured minimum of tokens has been reached.
93 config VSERVER_HARDCPU_IDLE
94 bool "Limit the IDLE task"
95 depends on VSERVER_HARDCPU
98 Limit the idle slices, so the the next context
99 will be scheduled as soon as possible.
101 This might improve interactivity and latency, but
102 will also marginally increase scheduling overhead.
105 prompt "Persistent Inode Context Tagging"
106 default INOXID_UGID24
108 This adds persistent context information to filesystems
109 mounted with the tagxid option. Tagging is a requirement
110 for per-context disk limits and per-context quota.
116 do not store per-context information in inodes.
121 reduces UID to 16 bit, but leaves GID at 32 bit.
126 reduces GID to 16 bit, but leaves UID at 32 bit.
131 uses the upper 8bit from UID and GID for XID tagging
132 which leaves 24bit for UID/GID each, which should be
133 more than sufficient for normal use.
138 this uses otherwise reserved inode fields in the on
139 disk representation, which limits the use to a few
140 filesystems (currently ext2 and ext3)
142 config INOXID_RUNTIME
144 depends on EXPERIMENTAL
146 inodes are tagged when first accessed, this doesn't
147 require any persistant information, but might give
148 funny results for mixed access.
153 bool "Tag NFSD User Auth and Files"
156 Enable this if you do want the in-kernel NFS
157 Server to use the xid tagging specified above.
158 (will require patched clients too)
161 bool "VServer Debugging Code"
164 Set this to yes if you want to be able to activate
165 debugging output at runtime. It adds a probably small
166 overhead to all vserver related functions and
167 increases the kernel size by about 20k.
169 config VSERVER_HISTORY
170 bool "VServer History Tracing"
171 depends on VSERVER_DEBUG
174 Set this to yes if you want to record the history of
175 linux-vserver activities, so they can be replayed in
176 the event of a kernel panic or oops.
178 config VSERVER_HISTORY_SIZE
179 int "Per-CPU History Size (32-65536)"
180 depends on VSERVER_HISTORY
184 This allows you to specify the number of entries in
185 the per-CPU history buffer.