+++ /dev/null
-
- 1. [1]Introduction [new.gif]
- 1.1 [2]Who needs that [new.gif]
- 2. [3]Principles [new.gif]
- 2.1 [4]Non reversible isolation [new.gif]
- 2.2 [5]Isolation areas [new.gif]
- 2.3 [6]New system calls [new.gif]
- 2.4 [7]Limiting super-user: The capabilities system [new.gif]
- 2.5 [8]Enhancing the capability system [new.gif]
- 2.6 [9]Playing with the new system calls [new.gif]
- 2.6.1 [10]Playing with /usr/sbin/chcontext [new.gif]
- 2.6.2 [11]Playing with /usr/sbin/chcontext as root [new.gif]
- 2.6.3 [12]Playing with /usr/sbin/chbind [new.gif]
- 2.6.4 [13]Playing with /usr/sbin/reducecap [new.gif]
- 2.7 [14]Unification [new.gif]
- 3. [15]Applications [new.gif]
- 3.1 [16]Virtual server [new.gif]
- 3.2 [17]Per user fire-wall [new.gif]
- 3.3 [18]Secure server/Intrusion detection [new.gif]
- 3.4 [19]Fail over servers [new.gif]
- 4. [20]Installation [new.gif]
- 4.1 [21]The packages [new.gif]
- 4.2 [22]Setting a virtual server [new.gif]
- 4.3 [23]Basic configuration of the virtual server [new.gif]
- 4.4 [24]Entering the virtual server [new.gif]
- 4.5 [25]Configuring the services [new.gif]
- 4.6 [26]Starting/Stopping the virtual server [new.gif]
- 4.7 [27]Starting/Stopping all the virtual servers [new.gif]
- 4.8 [28]Restarting a virtual server from inside [new.gif]
- 4.9 [29]Executing tasks at vserver start/stop time [new.gif]
- 4.10 [30]Issues [new.gif]
- 4.11 [31]How real is it ? [new.gif]
- 5. [32]Features [new.gif]
- 6. [33]Future directions [new.gif]
- 6.1 [34]User controlled security box [new.gif]
- 6.2 [35]Kernel enhancements [new.gif]
- 6.2.1 [36]Per context disk quota [new.gif]
- 6.2.2 [37]Global limits [new.gif]
- 6.2.3 [38]Scheduler [new.gif]
- 6.2.4 [39]Security issues [new.gif]
- 6.2.4.1 [40]/dev/random [new.gif]
- 6.2.4.2 [41]/dev/pts [new.gif]
- 6.2.4.3 [42]Network devices [new.gif]
- 7. [43]Alternative technologies [new.gif]
- 7.1 [44]Virtual machines [new.gif]
- 7.2 [45]Partitioning [new.gif]
- 7.3 [46]Limitation of those technologies [new.gif]
- 8. [47]Conclusion [new.gif]
- 9. [48]Download [new.gif]
- 10. [49]References [new.gif]
-
- Virtual private servers and security contexts
-
- Running independent Linux servers inside a single PC is now possible.
- They offer many advantages, including higher security, flexibility and
- cost reduction.
-
- NEW
-
-Introduction
-
- Linux computers are getting faster every day. So we should probably
- end up with less, more powerful servers. Instead we are seeing more
- and more servers. While there are many reasons for this trend (more
- services offered), the major issue is more related to security and
- administrative concerns.
-
- Is it possible to split a Linux server into virtual ones with as much
- isolation as possible between each one, looking like real servers, yet
- sharing some common tasks (monitoring, backup, ups, hardware
- configuration, ...) ?
-
- We think so ... NEW
-
-Who needs that
-
- The short answer is everybody, or everybody managing a server. Here
- are some applications:
-
- * Hosting: Complete general purpose hosting (Running many
- independent servers in one box).
- * Experimentation: You are toying with a new services and do not
- want to impact the production services on the same machine.
- * Education: Each student has its own server with root password.
- * Personal security box: Run un-trusted applications with complete
- control over their interaction with the rest of the computer and
- the network.
- * Managing several "versions" of the same server/project and turning
- on/off each version independantly.
-
- Just think about all the viruses and worms out there, you end up with
- a big everybody using a computer needs this. :-) NEW
-
-Principles
-
- NEW
-
-Non reversible isolation
-
- Unix and Linux have always had the chroot() system call. This call was
- used to trap a process into a sub-directory. After the system-call,
- the process is led to believe that the sub-directory is now the root
- directory. This system call can't be reversed. In fact, the only thing
- a process can do is trap itself further and further in the file-system
- (calling chroot() again).
-
- The strategy is to introduce new system calls trapping the processes
- in other areas within the server. NEW
-
-Isolation areas
-
- A virtual server is isolated from the rest of the server in 5 areas:
-
- * File system
- The vserver is trapped into a sub-directory of the main server and
- can't escape. This is done by the standard chroot() system call
- found on all Unix and Linux boxes.
- * Processes
- The vserver can only see the processes in the same security
- context. Even the root server can't see the processes in vservers,
- making the root server less "dangerous" to use. A special
- mechanism (context number 1) exists to view all processes though
- (Limited to root in the root server).
- * Networking
- The vserver is assigned a host name and an IP number. The server
- can only use this IP number to establish services and client
- connection. Further, this restriction is transparent.
- * Super user capabilities
- The super user running in a vserver has less privileges than the
- normal Linux root user. For example, it can't reconfigure the
- networking and many aspect of the system. It can't mount devices,
- can't access block devices and so on.
- Roughly. the vserver super-user has full control over all files
- and processes in the vserver and that's pretty much it.
- * System V inter process communications
- Sysv IPC resources are private to each vserver. The security
- context is used as an extra key to select and assign resources.
-
- Those facilities are used together to create a runtime environment for
- virtual servers. But they can be used independently to achieve various
- goals. NEW
-
-New system calls
-
- The new system calls, as well as the existing chroot() system call are
- sharing one common feature: Their effect can't be reversed. Once you
- have executed one of those system call (chroot, new_s_context,
- set_ipv4root), you can't get back. This affects the current process
- and all the child processes. The parent process is not influenced.
-
- * new_s_context (int ctx)
- This system call sets a new security context for the current
- process. It will be inherited by all child processes. The security
- context is just an id, but the system call makes sure a new unused
- one is allocated.
- A process can only see other processes sharing the same security
- context. When the system boot, the original security context is 0.
- But this one is not privileged in anyway. Processes member of the
- security context 0 can only interact (and see) processes member of
- context 0.
- This system call isolates the processes space.
- * Setting the capabilities ceiling
- This is handle by the new_s_context system call as well. This
- reduces the ceiling capabilities of the current process. Even
- setuid sub-process can't grab more capabilities. The capability
- system found since Linux 2.2 is explained later in this document.
- * set_ipv4root(unsigned long ip)
- This system call locks the process (and children) into using a
- single IP when they communicate and when they installs a service.
- This system call is a one shot. Once a process have set its IPV4
- (Internet Protocol Version 4) address to something different from
- 0.0.0.0, it can't change it anymore. Children can't change it
- either.
- If a process tries to bind a specific IP number, it will succeed
- only if this corresponds to the ipv4root (if different from
- 0.0.0.0). If the process bind to any address, it will get the
- ipv4root.
- Basically, once a process is locked to a given ipv4root it is
- forced to use this IP address to establish a service and
- communicate. The restriction on services is handy: Most service
- (Web servers, SQL servers) are binding to address 0.0.0.0. With
- the ipv4root sets to a given IP you can have two virtual servers
- using the exact same general/vanilla configuration for a given
- services and running without any conflict.
- This system calls isolate the IP network space.
-
- Those system calls are not privileged. Any user may issue them. NEW
-
-Limiting super-user: The capabilities system
-
- Once you have created a virtual environment where processes have a
- limited view of the file-system, can't see processes outside of their
- world and can only use a single IP number, you still must limit the
- damages those processes can do. The goal is to run virtual
- environments and provide some root privileges.
-
- How do you limit those root processes from taking over the system, or
- even just re-booting it. Enter the capability system. This is not new,
- but we suspect many people have never heard of it.
-
- In the old Unix/Linux days, user root (user ID 0) could do things
- other user ID could not. All over the place in the kernel, system
- calls were denying access to some resources unless the user ID of the
- process (effective ID in fact) was 0. Plain zero.
-
- The only way a process with user ID 0 could loose some privileges was
- by changing to another ID. Unfortunately this was an all or nothing
- deal. Enter the capabilities.
-
- Today, the difference between root and the other users is the
- capability set. User root has all capabilities and the other users
- have none. The user ID 0 does not mean anything special anymore. There
- are around 30 capabilities defined currently. A process may request to
- loose a capability forever. It won't be able to get it back.
-
- Capabilities allows a root process to diminish its power. This is
- exactly what we need to create custom super-user. A super-user process
- in a virtual server would have some privileges such as binding port
- below 1024, but would not be able to reconfigure the network or reboot
- the machine. Check the file /usr/include/linux/capability.h to learn
- which one are available.
-
- Note that the new system calls (new_s_context and set_ipv4root) are
- not controlled by capabilities. They are by nature irreversible. Once
- a virtual server is trapped in a chroot/s_context/ipv4root box, it
- can't escape from the parameters of this trap.
-
- NEW
-
-Enhancing the capability system
-
- The Linux capability system, is still a work in progress. At some
- point, we expect to see capabilities attached to programs,
- generalizing the setuid concept. A setuid program would become a
- program with all capability granted.
-
- For now, this is not available. As explained above a process may
- request to loose capabilities and its child process will be trapped
- with a smaller capability set.
-
- Well, ..., it does not work that way. Unfortunately, until
- capabilities could be assigned to program, we still need a way to get
- back capabilities even in a child process. So the irreversible logic
- of the capabilities is kind of short circuited in the kernel.
-
- To solve this, we have introduced a new per-process capability ceiling
- (cap_bset). This one represents the capability set inherited by child
- process, including setuid root child process. Lowering this ceiling is
- irreversible for a process and all its child.
-
- This ceiling is handled by the new_s_context system call and the
- reducecap and chcontext utilities (part of the vserver package).
-
- Using this, we can setup a virtual server environment where root has
- less capabilities, so can't reconfigure the main server.
-
- NEW
-
-Playing with the new system calls
-
- The vserver package provides 3 utilities to make use of the new system
- calls. We will describe shortly how they work and provide few example.
- We invite the reader to try those example, so it has a better feel and
- trust.
-
- After re-booting with a kernel implementing the new system calls, and
- installing the vserver package, one is ready to do experiment. You do
- not need to be root to test those new utilities. None of them is
- setuid either. NEW
-
-Playing with /usr/sbin/chcontext
-
- The /usr/sbin/chcontext utility is used to enter into a new security
- context. The utility switch the security context and execute a
- program, specified on the command line. This program is now isolated
- and can't see the other processes running on the server.
-
- The experiment with this, start two command windows (xterm), as the
- same user ID. In each window execute the following commands:
-
- xterm
-
- Using chcontext: first window
-
-/usr/sbin/chcontext /bin/sh
-pstree
-killall xterm
-exit
-
- Using chcontext: second window
- In the first window, you start the xterm command (or any command you
- like). In the second window you execute chcontext. This starts a new
- shell. You execute pstree and see very little. You attempt to kill the
- xterm and you fail. You exit this shell and you are back seeing all
- processes.
-
- Here is another example. You switch context and you get a new shell.
- In this shell you start an xterm. Then you switch context again and
- start another sub-shell. Now the sub-shell is again isolated.
-
-/usr/sbin/chcontext /bin/sh
-pstree
-xterm &
-pstree
-# Ok now you see your xterm
-/usr/sbin/chcontext /bin/sh
-pstree
-# the xterm is not there, killall will fail
-killall xterm
-# Now we exit the shell
-exit
-pstree
-# the xterm is there
-killall xterm
-# Ok, it is gone
-exit
-# We are back to the initial security context
-
- Using chcontext several times
- Processes isolated using chcontext are doubly isolated: They can't see
- the other processes on the server, but the other processes can't see
- them either. The original security context (0) when you boot is no
- better than the other: It sees only process in security context 0.
-
- While playing with chcontext, you will notice an exception. The
- process 1 is visible from every security context. It is visible to
- please utilities like pstree. But only root processes in security
- context 0 are allowed to interact with it. NEW
-
-Playing with /usr/sbin/chcontext as root
-
- The new_s_context system call has a special semantic for root
- processes running in security context 0 and having the CAP_SYS_ADMIN
- capability: They can switch to any context they want.
-
- Normally, new_s_context allocates a new security context by selecting
- an unused one. It walks all processes and find an ID (an integer) not
- currently in use.
-
- But root in security context 0 is allowed to select the context it
- wants. This allow the main server to control the virtual server. The
- chcontext utility has the --ctx option to specify the context ID you
- want.
-
- To help manage several virtual server, given that the security context
- 0 can't see processes in other security context, it is a good thing
- root in the main server (security context 0) is allowed to select a
- specific context. Cool. But we also need a way to have a global
- picture showing all processes in all security context. The security
- context 1 is reserved for this. Security context 1 is allowed to see
- all processes on the server but is not allowed to interact with them
- (kill them).
-
- This special feature was allocated to security context 1 and not 0
- (the default when you boot) to isolate virtual servers from the main.
- This way, while maintaining services on the main server, you won't
- kill service in vservers accidentally.
-
- Here is an example showing those concepts:
-
-# You must be root, running X
-# We start an xterm in another security context
-/usr/sbin/chcontext xterm &
-# We check, there is no xterm running, yet we can
-# see it.
-ps ax | grep xterm
-# Are we running in security context 0
-# We check the s_context line in /proc/self/status
-cat /proc/self/status
-# Ok we in security context 0
-# Try the security context 1
-/usr/sbin/chcontext --ctx 1 ps ax | grep xterm
-# Ok, we see the xterm, we try to kill it
-/usr/sbin/chcontext --ctx 1 killall xterm
-# No, security context 1 can see, but can't kill
-# let's find out in which security context this
-# xterm is running
-/usr/sbin/chcontext --ctx 1 ps ax | grep xterm
-# Ok, this is PID XX. We need the security context
-/usr/sbin/chcontext --ctx 1 cat /proc/XX/status
-# We see the s_context, this is SS.
-# We want to kill this process
-/usr/sbin/chcontext --ctx SS killall xterm
-
- chcontext as root
- The /usr/sbin/vpstree and /usr/sbin/vps commands are supplied by the
- vserver package. They simply runs ps and pstree in security context 1.
- NEW
-
-Playing with /usr/sbin/chbind
-
- The chbind utility is used to lock a process and its children into
- using a specific IP number. This applies to services and client
- connection as well. Here are few examples. Execute them as root:
-
-# httpd is running
-netstat -atn | grep ":80 "
-# We see a line like this
-# tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
-# Now we restart httpd, but we lock it so it
-# uses only the main IP of eth0
-/usr/sbin/chbind --ip eth0 /etc/rc.d/init.d/httpd restart
-netstat -atn | grep ":80 "
-# Now we see a line like
-# tcp 0 192.168.1.1:80 0.0.0.0:* LISTEN
-# httpd.conf was not changed.
-# Now, restart it normally
-/etc/rc.d/init.d/httpd restart
-# Now we experiment with client socket
-# Log using telnet
-telnet localhost
-# Once logged in
-netstat -atn | grep ":23 "
-# You should see a line showing a connection from
-# 127.0.0.1 to 127.0.0.1 like this
-# tcp 0 0 127.0.0.1:23 127.0.0.1:32881 ESTABLISHED
-exit
-# Now we do the telnet again, bug forcing it to select a specific IP
-/usr/sbin/chbind --ip eth0 telnet localhost
-# Log in and then execute
-netstat -atn | grep ":23 "
-# You will get something like
-# tcp 0 0 127.0.0.1:23 192.168.3.9:32883 ESTABLISHED
-
- Using /usr/sbin/chbind
- NEW
-
-Playing with /usr/sbin/reducecap
-
- The reducecap utility is used to lower the capability ceiling of a
- process and child process. Even setuid program won't be able to grab
- more capabilities.
-
-# You are not root now
-# What is the current capability ceiling
-cat /proc/self/status
-# The capBset line presents mostly 1s.
-/usr/sbin/reducecap --secure /bin/sh
-cat /proc/self/status
-# The capBset now shows many more 0s.
-# The capEff shows all 0s, you have no privilege now
-# We su to root
-su
-cat /proc/self/status
-# capEff is much better now, but there are still many 0s
-# Now we try to see if we are really root
-tail /var/log/messages
-# So far so good, we see the content
-/sbin/ifconfig eth0
-/sbin/ifconfig eth0 down
-# No way, we can't configure the interface. In fact
-# we have lost most privilege normally assigned to root
-exit
-
- Using /usr/sbin/reducecap
- NEW
-
-Unification
-
- Installing a virtual private server copies a linux installation inside
- a sub-directory. It is a linux inside linux. If you intend to run
- several vservers on the same box (which you will certainly do :-) ),
- you will end up using a lot of disk space needlessly: Each vserver is
- made up hundreds of megabytes of the same stuff. This is a big waste
- of disk space.
-
- A solution is to use hard links to connect together common files.
- Using the package information, we can tell which packages are shared
- between various vservers, which files are configuration files and
- which are not (binaries, libraries, resource files, ...). Non
- configuration files may be linked together saving a huge amount of
- disk space: A 2 GIG rh7.2 installation shrinks to 38megs.
-
- Using hard links is cool, but may be a problem. If one vserver
- overwrite one file, say /bin/ls, then every vserver will inherit that
- change. Not fun! The solution is to set the immutable bit on every
- linked file. A file with such a bit on can't be modified, even by
- root. The only way to modify it is to turn off the bit first. But
- within a vserver environment, even root is not allowed to perform this
- task. So linked file, turned immutable, are now safe: They can be
- shared between vservers without side effects: Cool!
-
- Well, there is still another side effect. All vservers are now locked
- with the same files. We are saving a lot of disk space, but we pay a
- very heavy price for that: Vservers can't evolve independantly.
-
- A solution was found. A new bit call immutable-linkage-invert was
- added. Combined with the immutable bit, a file may not be modified,
- but may be unlinked. Unlinking a file in Unix/Linux means
- disconnecting the name from the data and removing the name from the
- directory. If the data is still referenced by one or more vservers, it
- continue to exist on disk. So doing "rm /bin/ls" on a vserver, removes
- the file /bin/ls for that vserver and that's all. If all vservers
- perform this task, then /bin/ls (the data) will be forgotten completly
- and the disk space will be recovered.
-
- Using this trick, a vserver gets back its independance. It becomes
- possible to update packages by using the unlink/update sequence:
- Unlink /bin/ls first and then put a new copy in place. Luckily,
- package manager works this way.
-
- To keep this story short (probably too late :-) ), a unified vserver:
- * Uses little disk space
- * Can't interfere with other vservers by changing one of its file.
- * Can perform package update/deletion normally using standard
- practice.
-
- NEW
-
-Applications
-
- NEW
-
-Virtual server
-
- The first goal of this project is to create virtual servers sharing
- the same machine. A virtual server operate like a normal Linux server.
- It runs normal services such as telnet, mail servers, web servers, SQL
- servers. In most cases, the services run using standard configuration:
- The services are running unaware of the virtual server concept.
-
- Normal system administration is performed with ordinary admin tool.
- Virtual servers have users account and a root account.
-
- Packages are installed using standard packages (RPMs for example).
-
- There are few exceptions. Some configuration can't be done inside a
- virtual server. Notably the network configuration and the file-system
- (mount/umount) can't be performed from a virtual server.
-
- NEW
-
-Per user fire-wall
-
- The set_ipv4root() system call may be used to differentiate the
- various users running on an application server. If you want to setup a
- fire-wall limiting what each user is doing, you have to assign one IP
- per user, even if they are running application on the same server. The
- chbind utility may be used to achieve that. NEW
-
-Secure server/Intrusion detection
-
- While it can be interesting to run several virtual servers in one box,
- there is one concept potentially more generally useful. Imagine a
- physical server running a single virtual server. The goal is isolate
- the main environment from any service, any network. You boot in the
- main environment, start very few services and then continue in the
- virtual server. The service in the main environment could be
-
- * Un-reachable from the network.
- * The system log daemon. While virtual server could log messages,
- they would be unable to change/erase the logs. So even a cracked
- virtual server would not be able the edit the log.
- * Some intrusion detection facilities, potentially spying the state
- of the virtual server. For example tripwire could run there and it
- would be impossible to circumvent its operation or trick it.
-
- NEW
-
-Fail over servers
-
- One key feature of a virtual server is the independence from the
- actual hardware. Most hardware issues are irrelevant for the virtual
- server installation. For example:
-
- * Disk layout, partitions and the /etc/fstab configuration. The
- virtual server has a dummy /etc/fstab.
- * Network devices.
- * Processor type, number of processor (kernel selection).
-
- The main server acts as a host and takes care of all those details.
- The virtual server is just a client and ignores all the details. As
- such, the client can be moved to another physical server will very few
- manipulations. For example, to move the virtual server v1 from one
- physical one computer to another, you do
-
- * Turn it off
- /usr/sbin/vserver v1 stop
- * Copy the file /etc/vservers/v1.conf to the new server.
- * Copy all files in /vservers/v1 to the new server
- * On the new server, start the vserver v1
- /usr/sbin/vserver v1 start
-
- As you see, there is no adjustment to do:
-
- * No user account merging.
- * No hardware configuration to fix.
-
- This opens the door to fail over servers. Imagine a backup server
- having a copy of many virtual servers. It can take over their tasks
- with a single command. Various options exists for managing this backup
- server:
-
- * rsync to synchronize the data.
- * Network block devices to synchronize the data in real time.
- * Sharing the installation over a SAN (storage area network).
- * Heartbeat for automatic monitoring/fail over.
-
- NEW
-
-Installation
-
- NEW
-
-The packages
-
- * The kernel
- We are supplying a patched 2.4.20 kernel. You will find [50]here
- the kernel, the .config and the patch.
- To install the kernel, just untar it. This will create a file
- /boot/kernel-2.4.20ctx-17 (ctx stands for security context) and a
- directory /lib/modules/2.4.20ctx-17.
- Then, you need to update your boot loader. For lilo, you add a
- section like this at the end of the file /etc/lilo.conf
-
-
-image=/boot/vmlinuz-2.4.20ctx-17
- label=linux2.4.20ctx-17
- read-only
- root=current
-
- lilo.conf section to add
- Change the /dev/XXXX to your root partition. Then execute
- /sbin/lilo.
- Reboot and select the proper kernel. This kernel is fully
- compatible with a normal 2.4.20 and will perform without any new
- configuration. Note that the supplied kernel does not carry all
- the features and modules found on the various distributions.
- * The vserver package
- This package provides the various utilities to make use of those
- new system calls. The package also provides a complete solution to
- implement virtual servers. We describe the major components here.
- + /usr/sbin/chcontext
- This is the utility to request a new security context. It can
- be used to lower the capability ceiling. Execute it to learn
- more.
- + /usr/sbin/chbind
- This is the utility to select one IP number and assign it to
- a process and its children.
- + /usr/sbin/newvserver (in vserver-admin)
- Front-end to help create new virtual servers.
- + /usr/sbin/reducecap
- This utility is used to lower the capability ceiling of
- children processes.
- + /usr/sbin/vdu
- A trimmed down "du" command reporting space usage of files
- with a single link. Useful to tell how much space a unified
- vserver is using.
- + /usr/sbin/vkill
- Locate the security context associated with a process, enter
- it and kill the process. Generally used after you have
- located a process with vtop, vpstree or vps.
- + /usr/sbin/vps
- Execute the ps command in security context 1 so all processes
- in all vservers are shown. The security context and vserver
- name are mapped inside the report.
- + /usr/sbin/vpstree
- Execute the pstree command in security context 1 so all
- processes in all vservers are shown.
- + /usr/sbin/vrpm
- Apply an rpm command in several (or all) vservers. Useful
- when you wish to update many vservers with the same package.
- /usr/sbin/vrpm server1 server2 -- -Uvh /tmp/*.rpm
- /usr/sbin/vrpm ALL -- -Uvh /tmp/*.rpm
- After updating many packages in different vservers you may
- want to re-unify them to recover disk space (and increase
- cache effectivity). You can do this using the vunify command,
- or simply by using the --unify option to the vrpm command.
- After performing the rpm updates, vrpm will trigger the
- vunify utility on the vservers for the updated packages.
- /usr/sbin/vrpm --unify server1 server2 -- -Uvh /tmp/*.rpm
- + /usr/sbin/vserver
- This is the wrapper to start, stop and administer virtual
- servers.
- + /usr/sbin/vserver-stat
- Produce a small report showing the activity in active
- security context. The report presents the number of process
- in each active security context as well as the name of the
- vserver associated with this context.
- + /usr/sbin/vtop
- Execute the top command in security context 1 so all
- processes in all vservers are shown.
- + /etc/rc.d/init.d/vservers
- This is an init script used to start all virtual servers at
- boot time and stop them at shutdown time. Only virtual
- servers with ONBOOT=yes are started at boot time. All
- vservers are stopped at shutdown time.
- + /etc/rc.d/init.d/rebootmgr
- This is a daemon listening to requests from virtual servers.
- It can either restart or stop a virtual server. The
- /sbin/vreboot and /sbin/vhalt utilities are used to send
- request to the reboot manager.
- + /sbin/vreboot and /sbin/vhalt
- Those utilities are copied in each virtual server. They
- connect to the reboot manager (rebootmgr) server using the
- /dev/reboot Unix domain socket and request either a restart
- or a stop of the virtual server. The reboot manager issue
- either a "/usr/sbin/vserver vserver restart" or
- "/usr/sbin/vserver vserver stop" command. This allows the
- virtual server administrator to test if all automatic service
- are properly restarted at boot time.
- + /usr/lib/vserver/vdu
- This is a limited clone of the du command. It skips file with
- more than one link. It is used to evaluate the disk usage of
- an unified vserver. Using the normal du for this task is
- misleading since it will count all unified files.
-
- NEW
-
-Setting a virtual server
-
- To set a virtual server, you need to copy in a sub-directory a Linux
- installation. One way to achieve that is to copy some parts of the the
- current server by issuing the command vserver XX build, where XX is
- the name of the virtual server (pick one). This basically does (Well,
- it does a little more than that, but this give you an idea):
-
-mkdir /vservers/XX
-cd /vservers/XX
-cp -ax /sbin /bin /etc /usr /var /dev /lib .
-mkdir proc tmp home
-chmod 1777 tmp
-
- Building a virtual server
-
- This is normally done using the command /usr/sbin/newvserver. This is
- a text mode/graphical front-end allowing to setup the vserver runtime
- and configure it. NEW
-
-Basic configuration of the virtual server
-
- A virtual private server has a few settings. They are defined in the
- file /etc/vservers/XX.conf where XX is the name of the virtual server.
- This is a simple script like configuration. Here are the various
- parameters:
-
- * IPROOT
- In general, each virtual server is tied to one IP using the new
- set_ipv4root system call. This way several servers may run the
- same services without conflict. Enter the IP number (a name is
- also valid if defined in the DNS).
- Since kernel ctx-12, you can assign more than one IP number to a
- vserver. Enter them separated by spaces and don't forget to
- enclose them with quotes.
- Bu default, all IPs are configured as an IP alias on the IPROOTDEV
- device (if defined). If you want to attach the various IP numbers
- to different devices, specify the device as a prefix to the IP
- number like this:
-
-IPROOT="eth0:192.168.1.2 eth1:192.168.3.1 192.168.1.4"
-
- IPROOT using multiple devices
- In the example above, the IP 192.168.1.4 will be installed as an
- IP alias on the device IPROOTDEV.
- Use "IPROOT=0.0.0.0" or "IPROOT=" if you do not want to tie the
- vserver at all. It will be allowed to use any IP available on the
- server.
- * IPROOTDEV
- This is the network device use to setup the IP alias defined by
- IPROOT. This is generally eth0. If you define this variable, the
- IP alias will be configured when you start the virtual server and
- un-configure when you stop it.
- * IPROOTMASK
- Netmask used to setup the IP alias. Uses the netmask of the
- IPROOTDEV device by default. Seldom used.
- If you have several IPs on one vserver and want to have different
- netmask for each, use the following syntax:
-
-IPROOT="eth0:192.168.1.2 eth1:192.168.3.1/255.255.255.192"
-
- IPROOT using different netmask
- 192.168.1.2 will use the netmask of eth0, while 192.168.3.1 will
- use the specified netmask: 255.255.255.192.
- * IPROOTBCAST
- Broadcast address used to setup the IP alias. Uses the broadcast
- of the IPROOTDEV device by default. Seldom used.
- * ONBOOT
- The vserver package supplies the vservers service. This service is
- installed in the main server. It is used to start and stop the
- virtual server at boot and shutdown time.
- Virtual server with ONBOOT=yes will be started and stopped
- properly like any other services of the main server.
- Once a virtual server is properly configured, it is a good idea to
- set this parameter to yes.
- * S_CAPS
- You enter here the various capability you want to grant to the
- vserver. By default, a vserver is left with much less capabilities
- than the root server. For example, a vserver is not allowed to use
- raw socket. This explains why the ping command fails. S_CAPS lets
- you enumerate the capability you want to keep in the vserver.
- CAP_NET_RAW will give back ping ability for example.
- * S_CONTEXT
- This is optional. In general the security context ID is selected
- by the kernel. An unused one is selected. If you select an ID (an
- integer greater than 1), make sure you select a different one for
- each server. Again, in most cases, you do not need to select one.
- Leave the line commented.
- * S_DOMAINNAME
- A virtual server may have a different NIS domainname than the main
- server. You set it here. If you leave the field empty, the vserver
- will inherit the same NIS domain as the root server. Enter "none"
- to reset the NIS domain name for this vserver.
- * S_HOSTNAME
- Many services (Apache for one) use the host name to setup some
- defaults. A virtual server may have a different host name than the
- main server. It is a good idea to fill this line.
- * S_NICE
- The is an optional priority level. It is an integer ranging
- between from -20 to 19. Well it is the nice level in fact, so -20
- means the highest priority and 19 the lowest (the highest nice
- level). All processes in the virtual server will be locked to this
- level (or higher niceness).
- Event root is locked and can't get more priority.
- Note that this has limited usefulness. The kernel does not
- differentiate processes running in different security context for
- scheduling (for now :-) ). This means that a virtual servers
- running many low priority processes may nevertheless claim a large
- share of CPU.
- * S_FLAGS
- This is used to set various flags. Here are the supported flags:
- + lock
- This flags prevents the vserver from setting new security
- contexts.
- + sched
- It kind of unifies the processes in a vserver from a
- scheduler view point. All processes are weighted as single
- one when compared to other processes in the real server. This
- prevents a vserver from taking to much CPU resources.
- + nproc
- Make the ulimit maximum user process global to the vserver.
- + private
- Once set on a vserver security context, no other process can
- enter it. Even the root server is unable to enter the
- context. It can see the process list using security context
- 1, but can't signal or trace the process.
- + fakeinit
- This assigned the current process so it works like the
- process number 1. Using this trick, a normal /sbin/init may
- be run in a vserver. The /usr/sbin/vserver command will use
- /sbin/init to start and stop a vserver. A properly configured
- /etc/inittab is needed though.
- o Processes loosing their parent are reparent to this
- process.
- o getppid() done by child process of this process returns
- 1.
- o getpid() done by this process returns 1.
- o This process is not shown in /proc since process number
- 1 is always shown.
- o An "initpid" entry is available in /proc/*/status to
- tell which process is the fake init process.
- * ULIMIT
- This contains the command line option to the ulimit shell command.
- You enter here whatever parameters accepted by ulimit. Here is the
- default when you create a new vserver:
-
-ULIMIT="-H -u 1000"
-
- Default vserver ulimit
- Normally ulimit settings only affects users independantly. So
- limiting a vserver this way, limit each user processes
- independantly in the vserver. Using special flags in the S_FLAGS
- option, you can make those ulimit settings global to the vserver.
- The example above used with the nproc parameter make the maximum
- number of process global. In this case, a maximum of 1000
- processes is available to all users in the vserver.
-
- NEW
-
-Entering the virtual server
-
- It is possible to enter a virtual server context from the main server
- just by executing /usr/sbin/vserver XX enter (where XX is the virtual
- server name).
-
- This creates a shell. From there you can execute anything
- administrative you normally do on a Linux server.
-
- NEW
-
-Configuring the services
-
- The virtual server can run pretty much any services. Many pseudo
- services, such as network configuration are useless (the server is
- already configured). After building the environment, enter it (without
- starting the virtual server) using the vserver name enter command.
- Then using a tool like Linuxconf (control/control service activity) ,
- or ntsysv, browse all service and keep only the needed ones.
-
- So after building the server, you enter it and you select the service
- you need in that server. Many services such as network, and apmd are
- either useless or won't run at all in the virtual server. They will
- fail to start completely. NEW
-
-Starting/Stopping the virtual server
-
- Virtual server with ONBOOT=yes will be started and stopped like any
- other services of the main server. But you can stop and start a
- virtual server at any time. Starting a server means that all
- configured service will be started. Stopping it means that all
- configured services will be stopped and then all remaining process
- will be killed.
-
- Oddly, starting a virtual server does not mean much. There is no
- overhead. No monitoring process or proxy or emulator. Starting a
- virtual server with 4 services is the same as running those 4 services
- in the main server, at least performance wise (the service inside a
- virtual server are locked inside the security context).
-
- The following commands may be used to control a virtual server:
-
- * /usr/sbin/vserver server start
- * /usr/sbin/vserver server stop
- * /usr/sbin/vserver server restart
- * /usr/sbin/vserver server running
- * /usr/sbin/vserver server enter
- * /usr/sbin/vserver server exec some commands ...
- * /usr/sbin/vserver server suexec user some commands ...
- * /usr/sbin/vserver server service service-name
- start/stop/restart/status
- * /usr/sbin/vserver server status
-
- The running command prints if there are any processes running in the
- virtual server context.
-
- Please note
-
- The processes running in a virtual server are invisible from the main
- server. The opposite is true. This is very important. Managing the
- main server must not cause problems to the various virtual servers.
- For example, doing killall httpd will kill all the httpd processes in
- the current context ( the main server or a virtual one).
-
- NEW
-
-Starting/Stopping all the virtual servers
-
- The sysv script /etc/rc.d/init.d/vserver is used to start and stop the
- virtual server at boot and shutdown time. It may be used at any time
- to operate all virtual servers. The following commands are supported:
-
- * /etc/rc.d/init.d/vservers start
- * /etc/rc.d/init.d/vservers stop
- * /etc/rc.d/init.d/vservers restart
- * /etc/rc.d/init.d/vservers status
-
- The status command reports the running status of every virtual server.
- NEW
-
-Restarting a virtual server from inside
-
- A virtual server administrator is not allowed to reboot the machine
- (the kernel). But it is useful to restart his virtual server from
- scratch. This allow him to make sure all the services are properly
- configured to start at boot time.
-
- The /sbin/vreboot and /sbin/vhalt utilities are installed in each
- virtual server so they can request a restart or stop.
-
- The rebootmgr service must be enabled in the main server.
-
- NEW
-
-Executing tasks at vserver start/stop time
-
- You can setup a script called /etc/vservers/XX.sh where XX is the name
- of the virtual server. This script will be called four time:
-
- * Before starting the vserver
- * After starting it.
- * Before stopping it.
- * After stopping it.
-
- You generally perform tasks such as mounting file system (mapping some
- directory in the vserver root using "mount --bind").
-
- Here is an example where you map the /home directory as the vserver
- /home directory.
-
-#!/bin/sh
-case $1 in
-pre-start)
- mount --bind /home /vservers/$2/home
- ;;
-post-start)
- ;;
-pre-stop)
- ;;
-post-stop)
- umount /vservers/$2/home
- ;;
-esac
-
- /etc/vservers/XX.sh
- NEW
-
-Issues
-
- There are some common problem you may encounter. Here they are.
-
- * The main server is not tied (by default) to any ipv4root. So if
- the main server has already some service running they are probably
- binding some UDP or TCP ports using the address 0.0.0.0. Once a
- process has bound a service with the address 0.0.0.0 (see the
- LISTEN lines when executing the "netstat -a" command), no other
- process can bind the same port, even with a specific address.
- The solution is to start the services of the main server using the
- chbind utility to trap them in one ipv4root. For example
-
-/sbin/chbind --ip eth0 /etc/rc.d/init.d/httpd start
-
- Assigning on IP to a service
- will limit Apache to the IP address of the eth0 interface. without
- configuration changes (in httpd.conf). It is probably a good idea
- to start the following services in the main server this way,
- because they will be run by virtual servers as well.
-
- * httpd
- * sshd
- * xinetd
-
- To ease this, the vserver package supplies the following services:
- v_httpd, v_sshd, v_smb and v_xinetd. Disable the corresponding
- services and enable the v_ services and you will lock those services
- on a single IP.
-
- Cleanup rc.local. This is probably not doing anything useful.
-
- NEW
-
-How real is it ?
-
- The project is new. So far, experiments have shown very little
- restrictions. Service works the same in a virtual server. Further,
- performance is the same. And there is a high level of isolation
- between the various virtual servers and the main server. NEW
-
-Features
-
- There are various tricks one can use to make the virtual servers more
- secure.
-
- * Putting a fire-wall on the box and limiting access to a virtual
- services from another one.
- * Using port redirection to allow one virtual server to logically
- bind several IPs. One virtual server could run several web virtual
- host this way.
-
- NEW
-
-Future directions
-
- NEW
-
-User controlled security box
-
- By combining the capabilities, the s_context, the ipv4root and the
- AclFS (component of the [51]virtualfs package), we can produce a user
- level tool allowing controlled access to the user own resources. For
- example the user may download any program he wants and execute them
- under control. Whenever the program tries to access something not
- specified by the user, a popup is presented and the user may choose to
- terminate the program or allow the access.
-
- NEW
-
-Kernel enhancements
-
- We expect to see some wider usage of the virtual servers. As usage
- grow, we expect to see needs for more control. Here are some ideas.
-
- NEW
-
-Per context disk quota
-
- If one installs virtual servers and grant access to less trusted
- users, he may want to limit the disk space used. Since a virtual
- server may create new user accounts and run processes with any user ID
- it wants, the current kernel disk quota is not powerful enough. First,
- it can't differentiate between user ID 100 in one virtual server and
- user ID 100 in another one.
-
- Further, the main administrator may want to control disk space
- allocated to the virtual server on a server per server basis,
- unrelated to the various user ID in use in those virtual servers.
-
- The kernel has already user and group disk quota. Adding security
- context disk quota should be easily done.
-
- To differentiate between user IDs in virtual servers, the kernel could
- coin together the security context and the user id to create a unique
- ID. The kernel 2.4 now supports 32 user ID, so combining security
- context and user ID in a single 32 bits number should be acceptable.
-
- NEW
-
-Global limits
-
- The kernel has supports for user limit (memory, processes file
- handles). With virtual server, we may want to limit the resources used
- by all processes in the virtual server. The security context would be
- used as the key here. The following resources could be limited on a
- security context basis (as opposed to user or process basis)
-
- * Memory used
- * Processes number
- (Done: This is now supported with the nproc flag in the kernel
- 2.4.16ctx-4. By default a new vserver is limited to 1000 processes
- maximum, configurable).
- * File handles
-
- NEW
-
-Scheduler
-
- The scheduler may become security context aware. It could potentially
- use this to provide some fairness and control priority based on
- context. Currently the scheduler is process oriented and does not
- group process together to qualify their priorities. For example, a
- user running 10 compilations will get more CPU than another user
- running a single compilation.
-
- Currently, it is possible to raise the nice (lower priority) for all
- processes in a virtual server. This can't be reversed, so you are
- setting an upper limit on priority (Just set the S_NICE variable in
- the vserver configuration file). Note that a virtual server may still
- start many low priority processes and this can grab significant share
- of the CPU. A global per security context might be needed to really
- provide more control and fairness between the various virtual servers.
-
- Done: The sched security context flag group all process in a vserver
- so their priority is kind of unified. If you have 50 processes running
- full speed in one vserver, they will take as much CPU resource than a
- single process in the root server. A vserver can't starve the other...
- NEW
-
-Security issues
-
- The current kernel + patch provides a fair level of isolation between
- the virtual servers. User root can't take over the system: He sees
- only his processes, has only access to his area of the file system
- (chroot) and can't reconfigure the kernel. Yet there are some
- potential problems. They are fixable. As usage grows, we will know if
- they are real problems. Comments are welcome:
-
- NEW
-
-/dev/random
-
- Writing to /dev/random is not limited by any capability. Any root user
- (virtual included) is allowed to write there. Is this a problem ?
-
- (kernel expert think it is ok) NEW
-
-/dev/pts
-
- /dev/pts is a virtual file-system used to allocate pseudo-tty. It
- presents all the pseudo-tty in use on the server (including all
- virtual server). User root is allowed to read and write to any
- pseudo-tty, potentially causing problems on other vservers.
-
- Starting with the ctx-6 patch, /dev/pts is virtualised. Although the
- file numbers are allocated from a single pool, a vserver only see the
- pseudo-tty it owns. NEW
-
-Network devices
-
- Anyone can list the network devices configurations. This may inform a
- virtual user that another vserver is on the same physical server. By
- using as much resources as possible in his own vservers, a malicious
- user could slow down the other server. Modification to the scheduler
- explained above could stop this.
-
- Starting with the ctx-6 patch, a vserver only see the device
- corresponding to its IP number. NEW
-
-Alternative technologies
-
- Using virtual servers may be a cost effective alternative to several
- independent real servers. You get the administrative independence of
- independent servers, but share some costs including operation costs.
-
- Other technologies exist offering some of the advantages talked in
- this document as well as other. Two technologies are available on
- various hardware platform: Virtual machines and partitioning, NEW
-
-Virtual machines
-
- This has been available for mainframes for a while now. You can boot
- several different OS at once on the same server. This is mainly used
- to isolate environments. For example, you can install the new version
- of an OS on the same server, even while the server is running the
- current version. This allows you to test and do a roll-out gracefully.
-
- The advantages of virtual machines are:
-
- * Total flexibility. You can run many different OS and different
- version of the same OS, all at once.
- * Robustness. You have total isolation. One OS may crash without
- affecting the other.
- * Resource management. You can effectively limit the resources taken
- by one OS.
- * Hardware Independence. The client OS is using virtual disks
- provided by the host OS.
-
- This technology is not directly available on PCs. The Intel x86
- architecture does not support visualization natively. Some products
- nevertheless have appeared and provide this. You can run Linux inside
- Linux, or this other OS (Which BTW has a logo showing a window flying
- in pieces, which quite frankly tells everything about it).
-
- The solutions available on PCs carry most of the advantages of the
- virtual machines found on mainframe, except for performance. You can't
- run that many virtual Linux's using this technology and expect it to
- fly. One example of this technology is [52]vmware, which is quite
- useful, especially if you must run this other OS... vmware may be used
- to run Linux inside Linux, even test Linux installation while running
- linux... NEW
-
-Partitioning
-
- Partitioning (domains ?) is a way to split the resources of a large
- server so you end up with independent servers. For example, you can
- take a 20 CPUs server and create 3 servers, two with 4 CPUs and one
- with 12. You can very easily re-assign CPUs to servers in case you
- need more for a given tasks.
-
- This technology provides full Independence, but much less flexibility.
- If your 12 CPUs server is not working much, the 4 CPUs one can't
- borrow some CPUs for 5 minutes. NEW
-
-Limitation of those technologies
-
- Oddly, one disadvantage of those technologies is a side effect of
- their major advantage: Total Independence. Each virtual server is
- running its own kernel. Cool. This makes the following tasks more
- difficult or impossible:
-
- * Sharing administrative tasks such as backup. The virtual servers
- are using volumes in the host server. The host server can't handle
- the files in those volumes directly without interfering with the
- client OS. It has to use some services of the client OS to access
- the file.
- The vserver solution does not have this limitation since the
- virtual servers are living in the same file-system, sharing the
- same kernel.
- * Task monitoring. The virtual servers run their own kernel. As
- such, the host OS can't spy on the tasks and check for intrusion
- for example.
- * Disk space. Virtual servers are using either volumes or full
- devices in the host server. This space is pre-allocated to the
- maximum needed by the server. You end up with a lot of wasted disk
- space. Imagine running 100 virtual servers this way and allocating
- say 10 gigs to each. You get the picture. The vserver solution is
- sharing a common file-system so the free disk space is available
- to all.
- Further, if you are running the same Linux distribution in the
- virtual servers, you can unify the disk space using hard link and
- immutable attributes. The /usr/lib/vserver/vunify was created to
- test that. Using information found in the rpm package the script
- links the files, except configuration ones.
- Testing vunify on a vserver installed with a RedHat 6.2
- distribution, unifying the packages glibc, binutils, perl, and
- bash saved 60 megs. Quite a few packages are not changing often
- and could be unified.
- Vservers do not need kernel packages and hardware configuration
- tools. This also contribute to save disk space.
- * File system sharing
- A little the same as above. You can't share file system easily
- between vservers unless you use network services (often slower).
- Using "mount --bind", it is very easy to "map" any directory of
- the root server in several vservers, providing raw speed access
- (and even sharing the disk cache).
-
- NEW
-
-Conclusion
-
- Virtual servers are interesting because they can provide a higher
- level of security while potentially reducing the administration task.
- Common operation such as backup, are shared between all servers.
- Services such as monitoring may be configured once.
-
- A Linux server can run many services at once with a high level of
- reliability. As servers are evolving, more and more services are
- added, often unrelated. Unfortunately there are few details here and
- there, making the server more complex than it is in reality. When one
- wants to move one service to another server, it is always a little
- pain: Some user accounts have to be moved and some configuration
- files. A lot of hand tweaking.
-
- By installing services in separate virtual servers, it becomes much
- easier to move services around (just by moving a directory although a
- big one).
-
- Virtual servers may become a preferred way to install common Linux
- servers. NEW
-
-Download
-
- The ftp site for this project is
- [53]ftp://ftp.solucorp.qc.ca/pub/vserver . You will find there the
- following components.
-
- * [54]kernel-2.4.20ctx-17.tar.gz
- [55]kernel-2.4.20ctxsmp-17.tar.gz
- A pre-compiled kernel for Pentium class machine and up. An SMP
- kernel is also supplied.
- * [56]vserver-0.22-1.src.rpm
- The source RPM for the vserver utilities
- * [57]vserver-0.22-1.i386.rpm
- A compiled rpm for RedHat 7.x and up. Should work on any recent
- distribution (glibc 2.2). You need a recent distribution to
- operate a kernel 2.4 anyway.
- * [58]vserver-admin-0.22-1.i386.rpm
- Contains the command /usr/sbin/newvserver. It is a GUI to create
- vservers. It requires the linuxconf-utils and linuxconf-lib
- packages. You can get them from [59]here. linuxconf itself is not
- needed though.
- * [60]vserver-0.22.src.tar.gz
- The vserver utilities source
- * [61]patch-2.4.20ctx-17.gz
- The patch against Linux 2.4.20
- * [62]patches
- The various relative patches (ctxN-ctxN+1)
-
- NEW
-
-References
-
- This project is maintained by Jacques Gelinas [63]jack@solucorp.qc.ca
-
- The vserver package is licensed under the GNU PUBLIC LICENSE.
-
- A FAQ can be found at
- [64]http://www.solucorp.qc.ca/howto.hc?projet=vserver
-
- A mailing list has been created to exchange about this project. It is
- [65]vserver@solucorp.qc.ca .You can subscribe [66]here
-
- The mailing list is archived [67]here.
-
- The change logs for the vserver package are [68]here .
-
- The official copy of this document is found at
- [69]http://www.solucorp.qc.ca/miscprj/s_context.hc
-
- This document was produced using the [70]TLMP documentation system
-
- [71]Top
- [72]Back to project page
- [73]About tlmpdoc and cookies
- Document maintained by Jacques Gélinas ([74]jack@solucorp.qc.ca)
- Last update: Wed Apr 16 11:22:22 2003
-
-Références
-
- 1. http://remtk/solucor/miscprj/s_context.hc?s1=1&s2=0&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 2. http://remtk/solucor/miscprj/s_context.hc?s1=1&s2=1&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 3. http://remtk/solucor/miscprj/s_context.hc?s1=2&s2=0&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 4. http://remtk/solucor/miscprj/s_context.hc?s1=2&s2=1&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 5. http://remtk/solucor/miscprj/s_context.hc?s1=2&s2=2&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 6. http://remtk/solucor/miscprj/s_context.hc?s1=2&s2=3&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 7. http://remtk/solucor/miscprj/s_context.hc?s1=2&s2=4&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 8. http://remtk/solucor/miscprj/s_context.hc?s1=2&s2=5&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 9. http://remtk/solucor/miscprj/s_context.hc?s1=2&s2=6&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 10. http://remtk/solucor/miscprj/s_context.hc?s1=2&s2=6&s3=1&s4=0&full=0&prjstate=1&nodoc=0
- 11. http://remtk/solucor/miscprj/s_context.hc?s1=2&s2=6&s3=2&s4=0&full=0&prjstate=1&nodoc=0
- 12. http://remtk/solucor/miscprj/s_context.hc?s1=2&s2=6&s3=3&s4=0&full=0&prjstate=1&nodoc=0
- 13. http://remtk/solucor/miscprj/s_context.hc?s1=2&s2=6&s3=4&s4=0&full=0&prjstate=1&nodoc=0
- 14. http://remtk/solucor/miscprj/s_context.hc?s1=2&s2=7&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 15. http://remtk/solucor/miscprj/s_context.hc?s1=3&s2=0&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 16. http://remtk/solucor/miscprj/s_context.hc?s1=3&s2=1&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 17. http://remtk/solucor/miscprj/s_context.hc?s1=3&s2=2&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 18. http://remtk/solucor/miscprj/s_context.hc?s1=3&s2=3&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 19. http://remtk/solucor/miscprj/s_context.hc?s1=3&s2=4&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 20. http://remtk/solucor/miscprj/s_context.hc?s1=4&s2=0&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 21. http://remtk/solucor/miscprj/s_context.hc?s1=4&s2=1&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 22. http://remtk/solucor/miscprj/s_context.hc?s1=4&s2=2&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 23. http://remtk/solucor/miscprj/s_context.hc?s1=4&s2=3&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 24. http://remtk/solucor/miscprj/s_context.hc?s1=4&s2=4&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 25. http://remtk/solucor/miscprj/s_context.hc?s1=4&s2=5&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 26. http://remtk/solucor/miscprj/s_context.hc?s1=4&s2=6&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 27. http://remtk/solucor/miscprj/s_context.hc?s1=4&s2=7&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 28. http://remtk/solucor/miscprj/s_context.hc?s1=4&s2=8&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 29. http://remtk/solucor/miscprj/s_context.hc?s1=4&s2=9&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 30. http://remtk/solucor/miscprj/s_context.hc?s1=4&s2=10&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 31. http://remtk/solucor/miscprj/s_context.hc?s1=4&s2=11&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 32. http://remtk/solucor/miscprj/s_context.hc?s1=5&s2=0&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 33. http://remtk/solucor/miscprj/s_context.hc?s1=6&s2=0&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 34. http://remtk/solucor/miscprj/s_context.hc?s1=6&s2=1&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 35. http://remtk/solucor/miscprj/s_context.hc?s1=6&s2=2&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 36. http://remtk/solucor/miscprj/s_context.hc?s1=6&s2=2&s3=1&s4=0&full=0&prjstate=1&nodoc=0
- 37. http://remtk/solucor/miscprj/s_context.hc?s1=6&s2=2&s3=2&s4=0&full=0&prjstate=1&nodoc=0
- 38. http://remtk/solucor/miscprj/s_context.hc?s1=6&s2=2&s3=3&s4=0&full=0&prjstate=1&nodoc=0
- 39. http://remtk/solucor/miscprj/s_context.hc?s1=6&s2=2&s3=4&s4=0&full=0&prjstate=1&nodoc=0
- 40. http://remtk/solucor/miscprj/s_context.hc?s1=6&s2=2&s3=4&s4=1&full=0&prjstate=1&nodoc=0
- 41. http://remtk/solucor/miscprj/s_context.hc?s1=6&s2=2&s3=4&s4=2&full=0&prjstate=1&nodoc=0
- 42. http://remtk/solucor/miscprj/s_context.hc?s1=6&s2=2&s3=4&s4=3&full=0&prjstate=1&nodoc=0
- 43. http://remtk/solucor/miscprj/s_context.hc?s1=7&s2=0&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 44. http://remtk/solucor/miscprj/s_context.hc?s1=7&s2=1&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 45. http://remtk/solucor/miscprj/s_context.hc?s1=7&s2=2&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 46. http://remtk/solucor/miscprj/s_context.hc?s1=7&s2=3&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 47. http://remtk/solucor/miscprj/s_context.hc?s1=8&s2=0&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 48. http://remtk/solucor/miscprj/s_context.hc?s1=9&s2=0&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 49. http://remtk/solucor/miscprj/s_context.hc?s1=10&s2=0&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 50. ftp://ftp.solucorp.qc.ca/pub/vserver
- 51. http://www.solucorp.qc.ca/virtualfs
- 52. http://www.vmware.com/
- 53. ftp://ftp.solucorp.qc.ca/pub/vserver
- 54. ftp://ftp.solucorp.qc.ca/pub/vserver/kernel-2.4.20ctx-17.tar.gz
- 55. ftp://ftp.solucorp.qc.ca/pub/vserver/kernel-2.4.20ctxsmp-17.tar.gz
- 56. ftp://ftp.solucorp.qc.ca/pub/vserver/vserver-0.22-1.src.rpm
- 57. ftp://ftp.solucorp.qc.ca/pub/vserver/vserver-0.22-1.i386.rpm
- 58. ftp://ftp.solucorp.qc.ca/pub/vserver/vserver-admin-0.22-1.i386.rpm
- 59. http://www.solucorp.qc.ca/linuxconf/download.hc
- 60. ftp://ftp.solucorp.qc.ca/pub/vserver/vserver-0.22.src.tar.gz
- 61. ftp://ftp.solucorp.qc.ca/pub/vserver/patch-2.4.20ctx-17.gz
- 62. ftp://ftp.solucorp.qc.ca/pub/vserver/patches
- 63. mailto:jack@solucorp.qc.ca
- 64. http://www.solucorp.qc.ca/howto.hc?projet=vserver
- 65. mailto:vserver@solucorp.qc.ca
- 66. http://www.solucorp.qc.ca/mlist/index.hc?list=vserver
- 67. http://www.paul.sladen.org/vserver/archives/
- 68. http://www.solucorp.qc.ca/changes.hc?projet=vserver
- 69. http://www.solucorp.qc.ca/miscprj/s_context.hc
- 70. http://www.solucorp.qc.ca/tlmp
- 71. http://remtk/solucor/miscprj/s_context.hc?s1=0&s2=0&s3=0&s4=0&full=0&prjstate=1&nodoc=0
- 72. http://remtk/solucor/miscprj/s_context.hc
- 73. http://www.solucorp.qc.ca/tlmp/tlmpdoc.hc
- 74. mailto:jack@solucorp.qc.ca