# # Linux VServer configuration # menu "Linux VServer" config VSERVER_LEGACY bool "Enable Legacy Kernel API" depends on EXPERIMENTAL default n help This enables the legacy API used in vs1.xx, maintaining compatibility with older vserver tools, and guest images that are configured using the legacy method. config VSERVER_LEGACY_VERSION bool "Show a Legacy Version ID" depends on VSERVER_LEGACY default n help This shows a special legacy version to very old tools which do not handle the current version correctly. Warning: recent tools are not able to utilize the newer APIs when this is enabled, so some features will not be available. Better avoid it, unless you really, really need it for backwards compatibility. config VSERVER_DYNAMIC_IDS bool "Enable dynamic context IDs" depends on EXPERIMENTAL && VSERVER_LEGACY default n help This enables support of in kernel dynamic context IDs, which is deprecated and will probably be removed in the next release. config VSERVER_LEGACYNET bool "Enable Legacy Networking Kernel API" depends on EXPERIMENTAL default n help This enables the legacy networking API which is used by older tools (pre 0.30.210) to set up the network context (chbind). config VSERVER_REMAP_SADDR bool "Remap Source IP Address" depends on EXPERIMENTAL default n help This allows to remap the source IP address of 'local' connections from 127.0.0.1 to the first assigned guest IP. config VSERVER_COWBL bool "Enable COW Immutable Link Breaking" default y help This enables the COW (Copy-On-Write) link break code. It allows you to treat unified files like normal files when writing to them (which will implicitely break the link and create a copy of the unified file) config VSERVER_VTIME bool "Enable Virtualized Guest Time" depends on EXPERIMENTAL default n help This enables per guest time offsets to allow for adjusting the system clock individually per guest. this adds some overhead to the time functions and therefore should not be enabled without good reason. config VSERVER_PROC_SECURE bool "Enable Proc Security" depends on PROC_FS default y help This configures ProcFS security to initially hide non-process entries for all contexts except the main and spectator context (i.e. for all guests), which is a secure default. (note: on 1.2x the entries were visible by default) config VSERVER_HARDCPU bool "Enable Hard CPU Limits" default y help Activate the Hard CPU Limits This will compile in code that allows the Token Bucket Scheduler to put processes on hold when a context's tokens are depleted (provided that its per-context sched_hard flag is set). Processes belonging to that context will not be able to consume CPU resources again until a per-context configured minimum of tokens has been reached. config VSERVER_IDLETIME bool "Avoid idle CPUs by skipping Time" depends on VSERVER_HARDCPU default y help This option allows the scheduler to artificially advance time (per cpu) when otherwise the idle task would be scheduled, thus keeping the cpu busy and sharing the available resources among certain contexts. config VSERVER_IDLELIMIT bool "Limit the IDLE task" depends on VSERVER_HARDCPU default n help Limit the idle slices, so the the next context will be scheduled as soon as possible. This might improve interactivity and latency, but will also marginally increase scheduling overhead. choice prompt "Persistent Inode Tagging" default TAGGING_ID24 help This adds persistent context information to filesystems mounted with the tagxid option. Tagging is a requirement for per-context disk limits and per-context quota. config TAGGING_NONE bool "Disabled" help do not store per-context information in inodes. config TAGGING_UID16 bool "UID16/GID32" help reduces UID to 16 bit, but leaves GID at 32 bit. config TAGGING_GID16 bool "UID32/GID16" help reduces GID to 16 bit, but leaves UID at 32 bit. config TAGGING_ID24 bool "UID24/GID24" help uses the upper 8bit from UID and GID for XID tagging which leaves 24bit for UID/GID each, which should be more than sufficient for normal use. config TAGGING_INTERN bool "UID32/GID32" help this uses otherwise reserved inode fields in the on disk representation, which limits the use to a few filesystems (currently ext2 and ext3) endchoice config TAG_NFSD bool "Tag NFSD User Auth and Files" default n help Enable this if you do want the in-kernel NFS Server to use the tagging specified above. (will require patched clients too) config PROPAGATE bool "Enable Inode Tag Propagation" default n depends on EXPERIMENTAL help This allows for the tagid= mount option to specify a tagid which is to be used for the entire mount tree. config VSERVER_PRIVACY bool "Honor Privacy Aspects of Guests" default y help When enabled, most context checks will disallow access to structures assigned to a specific context, like ptys or loop devices. config VSERVER_CONTEXTS int "Maximum number of Contexts (1-65533)" if EMBEDDED range 1 65533 default "768" if 64BIT default "256" help This setting will optimize certain data structures and memory allocations according to the expected maximum. note: this is not a strict upper limit. config VSERVER_WARN bool "VServer Warnings" default y help This enables various runtime warnings, which will notify about potential manipulation attempts or resource shortage. It is generally considered to be a good idea to have that enabled. config VSERVER_DEBUG bool "VServer Debugging Code" default n help Set this to yes if you want to be able to activate debugging output at runtime. It adds a very small overhead to all vserver related functions and increases the kernel size by about 20k. config VSERVER_HISTORY bool "VServer History Tracing" depends on VSERVER_DEBUG default n help Set this to yes if you want to record the history of linux-vserver activities, so they can be replayed in the event of a kernel panic or oops. config VSERVER_HISTORY_SIZE int "Per-CPU History Size (32-65536)" depends on VSERVER_HISTORY range 32 65536 default 64 help This allows you to specify the number of entries in the per-CPU history buffer. config VSERVER_MONITOR bool "VServer Scheduling Monitor" depends on VSERVER_DEBUG default n help Set this to yes if you want to record the scheduling decisions, so that they can be relayed to userspace for detailed analysis. config VSERVER_MONITOR_SIZE int "Per-CPU Monitor Queue Size (32-65536)" depends on VSERVER_MONITOR range 32 65536 default 1024 help This allows you to specify the number of entries in the per-CPU scheduling monitor buffer. config VSERVER_MONITOR_SYNC int "Per-CPU Monitor Sync Interval (0-65536)" depends on VSERVER_MONITOR range 0 65536 default 256 help This allows you to specify the interval in ticks when a time sync entry is inserted. endmenu config VSERVER bool default y select UTS_NS select SYSVIPC select IPC_NS config VSERVER_SECURITY bool depends on SECURITY default y select SECURITY_CAPABILITIES config VSERVER_NGNET bool depends on EXPERIMENTAL && !VSERVER_LEGACYNET default y