2 # Linux VServer configuration
9 config VSERVER_SECURITY
13 select SECURITY_CAPABILITIES
15 config VSERVER_LEGACYNET
17 depends on !VSERVER_NGNET
22 config VSERVER_FILESHARING
23 bool "(PLANETLAB) Disable Hidden File Module"
26 This retains the module that when a vserver can
27 see a file, it can also stat and read it. The
28 assumption is that chroot() works and vservers
29 are contained that way.
32 bool "Enable Legacy Kernel API"
35 This enables the legacy API used in vs1.xx, maintaining
36 compatibility with older vserver tools, and guest images
37 that are configured using the legacy method. This is
38 probably a good idea for now, for migration purposes.
40 Note that some tools have not yet been altered to use
41 this API, so disabling this option may reduce some
44 config VSERVER_LEGACY_VERSION
45 bool "Show a Legacy Version ID"
46 depends on VSERVER_LEGACY
49 This shows a special legacy version to very old tools
50 which do not handle the current version correctly.
52 This will probably disable some features of newer tools
53 so better avoid it, unless you really, really need it
54 for backwards compatibility.
57 bool "Disable Legacy Networking Kernel API"
58 depends on EXPERIMENTAL
61 This disables the legacy networking API which is required
62 by the chbind tool. Do not disable it unless you exactly
63 know what you are doing.
65 config VSERVER_PROC_SECURE
66 bool "Enable Proc Security"
70 This configures ProcFS security to initially hide
71 non-process entries for all contexts except the main and
72 spectator context (i.e. for all guests), which is a secure
75 (note: on 1.2x the entries were visible by default)
77 config VSERVER_HARDCPU
78 bool "Enable Hard CPU Limits"
79 depends on EXPERIMENTAL
82 Activate the Hard CPU Limits
84 This will compile in code that allows the Token Bucket
85 Scheduler to put processes on hold when a context's
86 tokens are depleted (provided that its per-context
87 sched_hard flag is set).
89 Processes belonging to that context will not be able
90 to consume CPU resources again until a per-context
91 configured minimum of tokens has been reached.
93 config VSERVER_HARDCPU_IDLE
94 bool "Limit the IDLE task"
95 depends on VSERVER_HARDCPU
98 Limit the idle slices, so the the next context
99 will be scheduled as soon as possible.
101 This might improve interactivity and latency, but
102 will also marginally increase scheduling overhead.
104 config VSERVER_ACB_SCHED
105 bool "Guaranteed/fair share scheduler"
106 depends on VSERVER_HARDCPU
109 Andy Bavier's experimental scheduler
112 prompt "Persistent Inode Context Tagging"
113 default INOXID_UGID24
115 This adds persistent context information to filesystems
116 mounted with the tagxid option. Tagging is a requirement
117 for per-context disk limits and per-context quota.
123 do not store per-context information in inodes.
128 reduces UID to 16 bit, but leaves GID at 32 bit.
133 reduces GID to 16 bit, but leaves UID at 32 bit.
138 uses the upper 8bit from UID and GID for XID tagging
139 which leaves 24bit for UID/GID each, which should be
140 more than sufficient for normal use.
145 this uses otherwise reserved inode fields in the on
146 disk representation, which limits the use to a few
147 filesystems (currently ext2 and ext3)
149 config INOXID_RUNTIME
151 depends on EXPERIMENTAL
153 inodes are tagged when first accessed, this doesn't
154 require any persistant information, but might give
155 funny results for mixed access.
160 bool "Tag NFSD User Auth and Files"
163 Enable this if you do want the in-kernel NFS
164 Server to use the xid tagging specified above.
165 (will require patched clients too)
168 bool "VServer Debugging Code"
171 Set this to yes if you want to be able to activate
172 debugging output at runtime. It adds a probably small
173 overhead to all vserver related functions and
174 increases the kernel size by about 20k.
176 config VSERVER_HISTORY
177 bool "VServer History Tracing"
178 depends on VSERVER_DEBUG
181 Set this to yes if you want to record the history of
182 linux-vserver activities, so they can be replayed in
183 the event of a kernel panic or oops.
185 config VSERVER_HISTORY_SIZE
186 int "Per-CPU History Size (32-65536)"
187 depends on VSERVER_HISTORY
191 This allows you to specify the number of entries in
192 the per-CPU history buffer.