--- /dev/null
+
+ 1. [1]Introduction [new.gif]
+ 1.1 [2]Who needs that [new.gif]
+ 2. [3]Principles [new.gif]
+ 2.1 [4]Non reversible isolation [new.gif]
+ 2.2 [5]Isolation areas [new.gif]
+ 2.3 [6]New system calls [new.gif]
+ 2.4 [7]Limiting super-user: The capabilities system [new.gif]
+ 2.5 [8]Enhancing the capability system [new.gif]
+ 2.6 [9]Playing with the new system calls [new.gif]
+ 2.6.1 [10]Playing with /usr/sbin/chcontext [new.gif]
+ 2.6.2 [11]Playing with /usr/sbin/chcontext as root [new.gif]
+ 2.6.3 [12]Playing with /usr/sbin/chbind [new.gif]
+ 2.6.4 [13]Playing with /usr/sbin/reducecap [new.gif]
+ 2.7 [14]Unification [new.gif]
+ 3. [15]Applications [new.gif]
+ 3.1 [16]Virtual server [new.gif]
+ 3.2 [17]Per user fire-wall [new.gif]
+ 3.3 [18]Secure server/Intrusion detection [new.gif]
+ 3.4 [19]Fail over servers [new.gif]
+ 4. [20]Installation [new.gif]
+ 4.1 [21]The packages [new.gif]
+ 4.2 [22]Setting a virtual server [new.gif]
+ 4.3 [23]Basic configuration of the virtual server [new.gif]
+ 4.4 [24]Entering the virtual server [new.gif]
+ 4.5 [25]Configuring the services [new.gif]
+ 4.6 [26]Starting/Stopping the virtual server [new.gif]
+ 4.7 [27]Starting/Stopping all the virtual servers [new.gif]
+ 4.8 [28]Restarting a virtual server from inside [new.gif]
+ 4.9 [29]Executing tasks at vserver start/stop time [new.gif]
+ 4.10 [30]Issues [new.gif]
+ 4.11 [31]How real is it ? [new.gif]
+ 5. [32]Features [new.gif]
+ 6. [33]Future directions [new.gif]
+ 6.1 [34]User controlled security box [new.gif]
+ 6.2 [35]Kernel enhancements [new.gif]
+ 6.2.1 [36]Per context disk quota [new.gif]
+ 6.2.2 [37]Global limits [new.gif]
+ 6.2.3 [38]Scheduler [new.gif]
+ 6.2.4 [39]Security issues [new.gif]
+ 6.2.4.1 [40]/dev/random [new.gif]
+ 6.2.4.2 [41]/dev/pts [new.gif]
+ 6.2.4.3 [42]Network devices [new.gif]
+ 7. [43]Alternative technologies [new.gif]
+ 7.1 [44]Virtual machines [new.gif]
+ 7.2 [45]Partitioning [new.gif]
+ 7.3 [46]Limitation of those technologies [new.gif]
+ 8. [47]Conclusion [new.gif]
+ 9. [48]Download [new.gif]
+ 10. [49]References [new.gif]
+
+ Virtual private servers and security contexts
+
+ Running independent Linux servers inside a single PC is now possible.
+ They offer many advantages, including higher security, flexibility and
+ cost reduction.
+
+ NEW
+
+Introduction
+
+ Linux computers are getting faster every day. So we should probably
+ end up with less, more powerful servers. Instead we are seeing more
+ and more servers. While there are many reasons for this trend (more
+ services offered), the major issue is more related to security and
+ administrative concerns.
+
+ Is it possible to split a Linux server into virtual ones with as much
+ isolation as possible between each one, looking like real servers, yet
+ sharing some common tasks (monitoring, backup, ups, hardware
+ configuration, ...) ?
+
+ We think so ... NEW
+
+Who needs that
+
+ The short answer is everybody, or everybody managing a server. Here
+ are some applications:
+
+ * Hosting: Complete general purpose hosting (Running many
+ independent servers in one box).
+ * Experimentation: You are toying with a new services and do not
+ want to impact the production services on the same machine.
+ * Education: Each student has its own server with root password.
+ * Personal security box: Run un-trusted applications with complete
+ control over their interaction with the rest of the computer and
+ the network.
+ * Managing several "versions" of the same server/project and turning
+ on/off each version independantly.
+
+ Just think about all the viruses and worms out there, you end up with
+ a big everybody using a computer needs this. :-) NEW
+
+Principles
+
+ NEW
+
+Non reversible isolation
+
+ Unix and Linux have always had the chroot() system call. This call was
+ used to trap a process into a sub-directory. After the system-call,
+ the process is led to believe that the sub-directory is now the root
+ directory. This system call can't be reversed. In fact, the only thing
+ a process can do is trap itself further and further in the file-system
+ (calling chroot() again).
+
+ The strategy is to introduce new system calls trapping the processes
+ in other areas within the server. NEW
+
+Isolation areas
+
+ A virtual server is isolated from the rest of the server in 5 areas:
+
+ * File system
+ The vserver is trapped into a sub-directory of the main server and
+ can't escape. This is done by the standard chroot() system call
+ found on all Unix and Linux boxes.
+ * Processes
+ The vserver can only see the processes in the same security
+ context. Even the root server can't see the processes in vservers,
+ making the root server less "dangerous" to use. A special
+ mechanism (context number 1) exists to view all processes though
+ (Limited to root in the root server).
+ * Networking
+ The vserver is assigned a host name and an IP number. The server
+ can only use this IP number to establish services and client
+ connection. Further, this restriction is transparent.
+ * Super user capabilities
+ The super user running in a vserver has less privileges than the
+ normal Linux root user. For example, it can't reconfigure the
+ networking and many aspect of the system. It can't mount devices,
+ can't access block devices and so on.
+ Roughly. the vserver super-user has full control over all files
+ and processes in the vserver and that's pretty much it.
+ * System V inter process communications
+ Sysv IPC resources are private to each vserver. The security
+ context is used as an extra key to select and assign resources.
+
+ Those facilities are used together to create a runtime environment for
+ virtual servers. But they can be used independently to achieve various
+ goals. NEW
+
+New system calls
+
+ The new system calls, as well as the existing chroot() system call are
+ sharing one common feature: Their effect can't be reversed. Once you
+ have executed one of those system call (chroot, new_s_context,
+ set_ipv4root), you can't get back. This affects the current process
+ and all the child processes. The parent process is not influenced.
+
+ * new_s_context (int ctx)
+ This system call sets a new security context for the current
+ process. It will be inherited by all child processes. The security
+ context is just an id, but the system call makes sure a new unused
+ one is allocated.
+ A process can only see other processes sharing the same security
+ context. When the system boot, the original security context is 0.
+ But this one is not privileged in anyway. Processes member of the
+ security context 0 can only interact (and see) processes member of
+ context 0.
+ This system call isolates the processes space.
+ * Setting the capabilities ceiling
+ This is handle by the new_s_context system call as well. This
+ reduces the ceiling capabilities of the current process. Even
+ setuid sub-process can't grab more capabilities. The capability
+ system found since Linux 2.2 is explained later in this document.
+ * set_ipv4root(unsigned long ip)
+ This system call locks the process (and children) into using a
+ single IP when they communicate and when they installs a service.
+ This system call is a one shot. Once a process have set its IPV4
+ (Internet Protocol Version 4) address to something different from
+ 0.0.0.0, it can't change it anymore. Children can't change it
+ either.
+ If a process tries to bind a specific IP number, it will succeed
+ only if this corresponds to the ipv4root (if different from
+ 0.0.0.0). If the process bind to any address, it will get the
+ ipv4root.
+ Basically, once a process is locked to a given ipv4root it is
+ forced to use this IP address to establish a service and
+ communicate. The restriction on services is handy: Most service
+ (Web servers, SQL servers) are binding to address 0.0.0.0. With
+ the ipv4root sets to a given IP you can have two virtual servers
+ using the exact same general/vanilla configuration for a given
+ services and running without any conflict.
+ This system calls isolate the IP network space.
+
+ Those system calls are not privileged. Any user may issue them. NEW
+
+Limiting super-user: The capabilities system
+
+ Once you have created a virtual environment where processes have a
+ limited view of the file-system, can't see processes outside of their
+ world and can only use a single IP number, you still must limit the
+ damages those processes can do. The goal is to run virtual
+ environments and provide some root privileges.
+
+ How do you limit those root processes from taking over the system, or
+ even just re-booting it. Enter the capability system. This is not new,
+ but we suspect many people have never heard of it.
+
+ In the old Unix/Linux days, user root (user ID 0) could do things
+ other user ID could not. All over the place in the kernel, system
+ calls were denying access to some resources unless the user ID of the
+ process (effective ID in fact) was 0. Plain zero.
+
+ The only way a process with user ID 0 could loose some privileges was
+ by changing to another ID. Unfortunately this was an all or nothing
+ deal. Enter the capabilities.
+
+ Today, the difference between root and the other users is the
+ capability set. User root has all capabilities and the other users
+ have none. The user ID 0 does not mean anything special anymore. There
+ are around 30 capabilities defined currently. A process may request to
+ loose a capability forever. It won't be able to get it back.
+
+ Capabilities allows a root process to diminish its power. This is
+ exactly what we need to create custom super-user. A super-user process
+ in a virtual server would have some privileges such as binding port
+ below 1024, but would not be able to reconfigure the network or reboot
+ the machine. Check the file /usr/include/linux/capability.h to learn
+ which one are available.
+
+ Note that the new system calls (new_s_context and set_ipv4root) are
+ not controlled by capabilities. They are by nature irreversible. Once
+ a virtual server is trapped in a chroot/s_context/ipv4root box, it
+ can't escape from the parameters of this trap.
+
+ NEW
+
+Enhancing the capability system
+
+ The Linux capability system, is still a work in progress. At some
+ point, we expect to see capabilities attached to programs,
+ generalizing the setuid concept. A setuid program would become a
+ program with all capability granted.
+
+ For now, this is not available. As explained above a process may
+ request to loose capabilities and its child process will be trapped
+ with a smaller capability set.
+
+ Well, ..., it does not work that way. Unfortunately, until
+ capabilities could be assigned to program, we still need a way to get
+ back capabilities even in a child process. So the irreversible logic
+ of the capabilities is kind of short circuited in the kernel.
+
+ To solve this, we have introduced a new per-process capability ceiling
+ (cap_bset). This one represents the capability set inherited by child
+ process, including setuid root child process. Lowering this ceiling is
+ irreversible for a process and all its child.
+
+ This ceiling is handled by the new_s_context system call and the
+ reducecap and chcontext utilities (part of the vserver package).
+
+ Using this, we can setup a virtual server environment where root has
+ less capabilities, so can't reconfigure the main server.
+
+ NEW
+
+Playing with the new system calls
+
+ The vserver package provides 3 utilities to make use of the new system
+ calls. We will describe shortly how they work and provide few example.
+ We invite the reader to try those example, so it has a better feel and
+ trust.
+
+ After re-booting with a kernel implementing the new system calls, and
+ installing the vserver package, one is ready to do experiment. You do
+ not need to be root to test those new utilities. None of them is
+ setuid either. NEW
+
+Playing with /usr/sbin/chcontext
+
+ The /usr/sbin/chcontext utility is used to enter into a new security
+ context. The utility switch the security context and execute a
+ program, specified on the command line. This program is now isolated
+ and can't see the other processes running on the server.
+
+ The experiment with this, start two command windows (xterm), as the
+ same user ID. In each window execute the following commands:
+
+ xterm
+
+ Using chcontext: first window
+
+/usr/sbin/chcontext /bin/sh
+pstree
+killall xterm
+exit
+
+ Using chcontext: second window
+ In the first window, you start the xterm command (or any command you
+ like). In the second window you execute chcontext. This starts a new
+ shell. You execute pstree and see very little. You attempt to kill the
+ xterm and you fail. You exit this shell and you are back seeing all
+ processes.
+
+ Here is another example. You switch context and you get a new shell.
+ In this shell you start an xterm. Then you switch context again and
+ start another sub-shell. Now the sub-shell is again isolated.
+
+/usr/sbin/chcontext /bin/sh
+pstree
+xterm &
+pstree
+# Ok now you see your xterm
+/usr/sbin/chcontext /bin/sh
+pstree
+# the xterm is not there, killall will fail
+killall xterm
+# Now we exit the shell
+exit
+pstree
+# the xterm is there
+killall xterm
+# Ok, it is gone
+exit
+# We are back to the initial security context
+
+ Using chcontext several times
+ Processes isolated using chcontext are doubly isolated: They can't see
+ the other processes on the server, but the other processes can't see
+ them either. The original security context (0) when you boot is no
+ better than the other: It sees only process in security context 0.
+
+ While playing with chcontext, you will notice an exception. The
+ process 1 is visible from every security context. It is visible to
+ please utilities like pstree. But only root processes in security
+ context 0 are allowed to interact with it. NEW
+
+Playing with /usr/sbin/chcontext as root
+
+ The new_s_context system call has a special semantic for root
+ processes running in security context 0 and having the CAP_SYS_ADMIN
+ capability: They can switch to any context they want.
+
+ Normally, new_s_context allocates a new security context by selecting
+ an unused one. It walks all processes and find an ID (an integer) not
+ currently in use.
+
+ But root in security context 0 is allowed to select the context it
+ wants. This allow the main server to control the virtual server. The
+ chcontext utility has the --ctx option to specify the context ID you
+ want.
+
+ To help manage several virtual server, given that the security context
+ 0 can't see processes in other security context, it is a good thing
+ root in the main server (security context 0) is allowed to select a
+ specific context. Cool. But we also need a way to have a global
+ picture showing all processes in all security context. The security
+ context 1 is reserved for this. Security context 1 is allowed to see
+ all processes on the server but is not allowed to interact with them
+ (kill them).
+
+ This special feature was allocated to security context 1 and not 0
+ (the default when you boot) to isolate virtual servers from the main.
+ This way, while maintaining services on the main server, you won't
+ kill service in vservers accidentally.
+
+ Here is an example showing those concepts:
+
+# You must be root, running X
+# We start an xterm in another security context
+/usr/sbin/chcontext xterm &
+# We check, there is no xterm running, yet we can
+# see it.
+ps ax | grep xterm
+# Are we running in security context 0
+# We check the s_context line in /proc/self/status
+cat /proc/self/status
+# Ok we in security context 0
+# Try the security context 1
+/usr/sbin/chcontext --ctx 1 ps ax | grep xterm
+# Ok, we see the xterm, we try to kill it
+/usr/sbin/chcontext --ctx 1 killall xterm
+# No, security context 1 can see, but can't kill
+# let's find out in which security context this
+# xterm is running
+/usr/sbin/chcontext --ctx 1 ps ax | grep xterm
+# Ok, this is PID XX. We need the security context
+/usr/sbin/chcontext --ctx 1 cat /proc/XX/status
+# We see the s_context, this is SS.
+# We want to kill this process
+/usr/sbin/chcontext --ctx SS killall xterm
+
+ chcontext as root
+ The /usr/sbin/vpstree and /usr/sbin/vps commands are supplied by the
+ vserver package. They simply runs ps and pstree in security context 1.
+ NEW
+
+Playing with /usr/sbin/chbind
+
+ The chbind utility is used to lock a process and its children into
+ using a specific IP number. This applies to services and client
+ connection as well. Here are few examples. Execute them as root:
+
+# httpd is running
+netstat -atn | grep ":80 "
+# We see a line like this
+# tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
+# Now we restart httpd, but we lock it so it
+# uses only the main IP of eth0
+/usr/sbin/chbind --ip eth0 /etc/rc.d/init.d/httpd restart
+netstat -atn | grep ":80 "
+# Now we see a line like
+# tcp 0 192.168.1.1:80 0.0.0.0:* LISTEN
+# httpd.conf was not changed.
+# Now, restart it normally
+/etc/rc.d/init.d/httpd restart
+# Now we experiment with client socket
+# Log using telnet
+telnet localhost
+# Once logged in
+netstat -atn | grep ":23 "
+# You should see a line showing a connection from
+# 127.0.0.1 to 127.0.0.1 like this
+# tcp 0 0 127.0.0.1:23 127.0.0.1:32881 ESTABLISHED
+exit
+# Now we do the telnet again, bug forcing it to select a specific IP
+/usr/sbin/chbind --ip eth0 telnet localhost
+# Log in and then execute
+netstat -atn | grep ":23 "
+# You will get something like
+# tcp 0 0 127.0.0.1:23 192.168.3.9:32883 ESTABLISHED
+
+ Using /usr/sbin/chbind
+ NEW
+
+Playing with /usr/sbin/reducecap
+
+ The reducecap utility is used to lower the capability ceiling of a
+ process and child process. Even setuid program won't be able to grab
+ more capabilities.
+
+# You are not root now
+# What is the current capability ceiling
+cat /proc/self/status
+# The capBset line presents mostly 1s.
+/usr/sbin/reducecap --secure /bin/sh
+cat /proc/self/status
+# The capBset now shows many more 0s.
+# The capEff shows all 0s, you have no privilege now
+# We su to root
+su
+cat /proc/self/status
+# capEff is much better now, but there are still many 0s
+# Now we try to see if we are really root
+tail /var/log/messages
+# So far so good, we see the content
+/sbin/ifconfig eth0
+/sbin/ifconfig eth0 down
+# No way, we can't configure the interface. In fact
+# we have lost most privilege normally assigned to root
+exit
+
+ Using /usr/sbin/reducecap
+ NEW
+
+Unification
+
+ Installing a virtual private server copies a linux installation inside
+ a sub-directory. It is a linux inside linux. If you intend to run
+ several vservers on the same box (which you will certainly do :-) ),
+ you will end up using a lot of disk space needlessly: Each vserver is
+ made up hundreds of megabytes of the same stuff. This is a big waste
+ of disk space.
+
+ A solution is to use hard links to connect together common files.
+ Using the package information, we can tell which packages are shared
+ between various vservers, which files are configuration files and
+ which are not (binaries, libraries, resource files, ...). Non
+ configuration files may be linked together saving a huge amount of
+ disk space: A 2 GIG rh7.2 installation shrinks to 38megs.
+
+ Using hard links is cool, but may be a problem. If one vserver
+ overwrite one file, say /bin/ls, then every vserver will inherit that
+ change. Not fun! The solution is to set the immutable bit on every
+ linked file. A file with such a bit on can't be modified, even by
+ root. The only way to modify it is to turn off the bit first. But
+ within a vserver environment, even root is not allowed to perform this
+ task. So linked file, turned immutable, are now safe: They can be
+ shared between vservers without side effects: Cool!
+
+ Well, there is still another side effect. All vservers are now locked
+ with the same files. We are saving a lot of disk space, but we pay a
+ very heavy price for that: Vservers can't evolve independantly.
+
+ A solution was found. A new bit call immutable-linkage-invert was
+ added. Combined with the immutable bit, a file may not be modified,
+ but may be unlinked. Unlinking a file in Unix/Linux means
+ disconnecting the name from the data and removing the name from the
+ directory. If the data is still referenced by one or more vservers, it
+ continue to exist on disk. So doing "rm /bin/ls" on a vserver, removes
+ the file /bin/ls for that vserver and that's all. If all vservers
+ perform this task, then /bin/ls (the data) will be forgotten completly
+ and the disk space will be recovered.
+
+ Using this trick, a vserver gets back its independance. It becomes
+ possible to update packages by using the unlink/update sequence:
+ Unlink /bin/ls first and then put a new copy in place. Luckily,
+ package manager works this way.
+
+ To keep this story short (probably too late :-) ), a unified vserver:
+ * Uses little disk space
+ * Can't interfere with other vservers by changing one of its file.
+ * Can perform package update/deletion normally using standard
+ practice.
+
+ NEW
+
+Applications
+
+ NEW
+
+Virtual server
+
+ The first goal of this project is to create virtual servers sharing
+ the same machine. A virtual server operate like a normal Linux server.
+ It runs normal services such as telnet, mail servers, web servers, SQL
+ servers. In most cases, the services run using standard configuration:
+ The services are running unaware of the virtual server concept.
+
+ Normal system administration is performed with ordinary admin tool.
+ Virtual servers have users account and a root account.
+
+ Packages are installed using standard packages (RPMs for example).
+
+ There are few exceptions. Some configuration can't be done inside a
+ virtual server. Notably the network configuration and the file-system
+ (mount/umount) can't be performed from a virtual server.
+
+ NEW
+
+Per user fire-wall
+
+ The set_ipv4root() system call may be used to differentiate the
+ various users running on an application server. If you want to setup a
+ fire-wall limiting what each user is doing, you have to assign one IP
+ per user, even if they are running application on the same server. The
+ chbind utility may be used to achieve that. NEW
+
+Secure server/Intrusion detection
+
+ While it can be interesting to run several virtual servers in one box,
+ there is one concept potentially more generally useful. Imagine a
+ physical server running a single virtual server. The goal is isolate
+ the main environment from any service, any network. You boot in the
+ main environment, start very few services and then continue in the
+ virtual server. The service in the main environment could be
+
+ * Un-reachable from the network.
+ * The system log daemon. While virtual server could log messages,
+ they would be unable to change/erase the logs. So even a cracked
+ virtual server would not be able the edit the log.
+ * Some intrusion detection facilities, potentially spying the state
+ of the virtual server. For example tripwire could run there and it
+ would be impossible to circumvent its operation or trick it.
+
+ NEW
+
+Fail over servers
+
+ One key feature of a virtual server is the independence from the
+ actual hardware. Most hardware issues are irrelevant for the virtual
+ server installation. For example:
+
+ * Disk layout, partitions and the /etc/fstab configuration. The
+ virtual server has a dummy /etc/fstab.
+ * Network devices.
+ * Processor type, number of processor (kernel selection).
+
+ The main server acts as a host and takes care of all those details.
+ The virtual server is just a client and ignores all the details. As
+ such, the client can be moved to another physical server will very few
+ manipulations. For example, to move the virtual server v1 from one
+ physical one computer to another, you do
+
+ * Turn it off
+ /usr/sbin/vserver v1 stop
+ * Copy the file /etc/vservers/v1.conf to the new server.
+ * Copy all files in /vservers/v1 to the new server
+ * On the new server, start the vserver v1
+ /usr/sbin/vserver v1 start
+
+ As you see, there is no adjustment to do:
+
+ * No user account merging.
+ * No hardware configuration to fix.
+
+ This opens the door to fail over servers. Imagine a backup server
+ having a copy of many virtual servers. It can take over their tasks
+ with a single command. Various options exists for managing this backup
+ server:
+
+ * rsync to synchronize the data.
+ * Network block devices to synchronize the data in real time.
+ * Sharing the installation over a SAN (storage area network).
+ * Heartbeat for automatic monitoring/fail over.
+
+ NEW
+
+Installation
+
+ NEW
+
+The packages
+
+ * The kernel
+ We are supplying a patched 2.4.20 kernel. You will find [50]here
+ the kernel, the .config and the patch.
+ To install the kernel, just untar it. This will create a file
+ /boot/kernel-2.4.20ctx-17 (ctx stands for security context) and a
+ directory /lib/modules/2.4.20ctx-17.
+ Then, you need to update your boot loader. For lilo, you add a
+ section like this at the end of the file /etc/lilo.conf
+
+
+image=/boot/vmlinuz-2.4.20ctx-17
+ label=linux2.4.20ctx-17
+ read-only
+ root=current
+
+ lilo.conf section to add
+ Change the /dev/XXXX to your root partition. Then execute
+ /sbin/lilo.
+ Reboot and select the proper kernel. This kernel is fully
+ compatible with a normal 2.4.20 and will perform without any new
+ configuration. Note that the supplied kernel does not carry all
+ the features and modules found on the various distributions.
+ * The vserver package
+ This package provides the various utilities to make use of those
+ new system calls. The package also provides a complete solution to
+ implement virtual servers. We describe the major components here.
+ + /usr/sbin/chcontext
+ This is the utility to request a new security context. It can
+ be used to lower the capability ceiling. Execute it to learn
+ more.
+ + /usr/sbin/chbind
+ This is the utility to select one IP number and assign it to
+ a process and its children.
+ + /usr/sbin/newvserver (in vserver-admin)
+ Front-end to help create new virtual servers.
+ + /usr/sbin/reducecap
+ This utility is used to lower the capability ceiling of
+ children processes.
+ + /usr/sbin/vdu
+ A trimmed down "du" command reporting space usage of files
+ with a single link. Useful to tell how much space a unified
+ vserver is using.
+ + /usr/sbin/vkill
+ Locate the security context associated with a process, enter
+ it and kill the process. Generally used after you have
+ located a process with vtop, vpstree or vps.
+ + /usr/sbin/vps
+ Execute the ps command in security context 1 so all processes
+ in all vservers are shown. The security context and vserver
+ name are mapped inside the report.
+ + /usr/sbin/vpstree
+ Execute the pstree command in security context 1 so all
+ processes in all vservers are shown.
+ + /usr/sbin/vrpm
+ Apply an rpm command in several (or all) vservers. Useful
+ when you wish to update many vservers with the same package.
+ /usr/sbin/vrpm server1 server2 -- -Uvh /tmp/*.rpm
+ /usr/sbin/vrpm ALL -- -Uvh /tmp/*.rpm
+ After updating many packages in different vservers you may
+ want to re-unify them to recover disk space (and increase
+ cache effectivity). You can do this using the vunify command,
+ or simply by using the --unify option to the vrpm command.
+ After performing the rpm updates, vrpm will trigger the
+ vunify utility on the vservers for the updated packages.
+ /usr/sbin/vrpm --unify server1 server2 -- -Uvh /tmp/*.rpm
+ + /usr/sbin/vserver
+ This is the wrapper to start, stop and administer virtual
+ servers.
+ + /usr/sbin/vserver-stat
+ Produce a small report showing the activity in active
+ security context. The report presents the number of process
+ in each active security context as well as the name of the
+ vserver associated with this context.
+ + /usr/sbin/vtop
+ Execute the top command in security context 1 so all
+ processes in all vservers are shown.
+ + /etc/rc.d/init.d/vservers
+ This is an init script used to start all virtual servers at
+ boot time and stop them at shutdown time. Only virtual
+ servers with ONBOOT=yes are started at boot time. All
+ vservers are stopped at shutdown time.
+ + /etc/rc.d/init.d/rebootmgr
+ This is a daemon listening to requests from virtual servers.
+ It can either restart or stop a virtual server. The
+ /sbin/vreboot and /sbin/vhalt utilities are used to send
+ request to the reboot manager.
+ + /sbin/vreboot and /sbin/vhalt
+ Those utilities are copied in each virtual server. They
+ connect to the reboot manager (rebootmgr) server using the
+ /dev/reboot Unix domain socket and request either a restart
+ or a stop of the virtual server. The reboot manager issue
+ either a "/usr/sbin/vserver vserver restart" or
+ "/usr/sbin/vserver vserver stop" command. This allows the
+ virtual server administrator to test if all automatic service
+ are properly restarted at boot time.
+ + /usr/lib/vserver/vdu
+ This is a limited clone of the du command. It skips file with
+ more than one link. It is used to evaluate the disk usage of
+ an unified vserver. Using the normal du for this task is
+ misleading since it will count all unified files.
+
+ NEW
+
+Setting a virtual server
+
+ To set a virtual server, you need to copy in a sub-directory a Linux
+ installation. One way to achieve that is to copy some parts of the the
+ current server by issuing the command vserver XX build, where XX is
+ the name of the virtual server (pick one). This basically does (Well,
+ it does a little more than that, but this give you an idea):
+
+mkdir /vservers/XX
+cd /vservers/XX
+cp -ax /sbin /bin /etc /usr /var /dev /lib .
+mkdir proc tmp home
+chmod 1777 tmp
+
+ Building a virtual server
+
+ This is normally done using the command /usr/sbin/newvserver. This is
+ a text mode/graphical front-end allowing to setup the vserver runtime
+ and configure it. NEW
+
+Basic configuration of the virtual server
+
+ A virtual private server has a few settings. They are defined in the
+ file /etc/vservers/XX.conf where XX is the name of the virtual server.
+ This is a simple script like configuration. Here are the various
+ parameters:
+
+ * IPROOT
+ In general, each virtual server is tied to one IP using the new
+ set_ipv4root system call. This way several servers may run the
+ same services without conflict. Enter the IP number (a name is
+ also valid if defined in the DNS).
+ Since kernel ctx-12, you can assign more than one IP number to a
+ vserver. Enter them separated by spaces and don't forget to
+ enclose them with quotes.
+ Bu default, all IPs are configured as an IP alias on the IPROOTDEV
+ device (if defined). If you want to attach the various IP numbers
+ to different devices, specify the device as a prefix to the IP
+ number like this:
+
+IPROOT="eth0:192.168.1.2 eth1:192.168.3.1 192.168.1.4"
+
+ IPROOT using multiple devices
+ In the example above, the IP 192.168.1.4 will be installed as an
+ IP alias on the device IPROOTDEV.
+ Use "IPROOT=0.0.0.0" or "IPROOT=" if you do not want to tie the
+ vserver at all. It will be allowed to use any IP available on the
+ server.
+ * IPROOTDEV
+ This is the network device use to setup the IP alias defined by
+ IPROOT. This is generally eth0. If you define this variable, the
+ IP alias will be configured when you start the virtual server and
+ un-configure when you stop it.
+ * IPROOTMASK
+ Netmask used to setup the IP alias. Uses the netmask of the
+ IPROOTDEV device by default. Seldom used.
+ If you have several IPs on one vserver and want to have different
+ netmask for each, use the following syntax:
+
+IPROOT="eth0:192.168.1.2 eth1:192.168.3.1/255.255.255.192"
+
+ IPROOT using different netmask
+ 192.168.1.2 will use the netmask of eth0, while 192.168.3.1 will
+ use the specified netmask: 255.255.255.192.
+ * IPROOTBCAST
+ Broadcast address used to setup the IP alias. Uses the broadcast
+ of the IPROOTDEV device by default. Seldom used.
+ * ONBOOT
+ The vserver package supplies the vservers service. This service is
+ installed in the main server. It is used to start and stop the
+ virtual server at boot and shutdown time.
+ Virtual server with ONBOOT=yes will be started and stopped
+ properly like any other services of the main server.
+ Once a virtual server is properly configured, it is a good idea to
+ set this parameter to yes.
+ * S_CAPS
+ You enter here the various capability you want to grant to the
+ vserver. By default, a vserver is left with much less capabilities
+ than the root server. For example, a vserver is not allowed to use
+ raw socket. This explains why the ping command fails. S_CAPS lets
+ you enumerate the capability you want to keep in the vserver.
+ CAP_NET_RAW will give back ping ability for example.
+ * S_CONTEXT
+ This is optional. In general the security context ID is selected
+ by the kernel. An unused one is selected. If you select an ID (an
+ integer greater than 1), make sure you select a different one for
+ each server. Again, in most cases, you do not need to select one.
+ Leave the line commented.
+ * S_DOMAINNAME
+ A virtual server may have a different NIS domainname than the main
+ server. You set it here. If you leave the field empty, the vserver
+ will inherit the same NIS domain as the root server. Enter "none"
+ to reset the NIS domain name for this vserver.
+ * S_HOSTNAME
+ Many services (Apache for one) use the host name to setup some
+ defaults. A virtual server may have a different host name than the
+ main server. It is a good idea to fill this line.
+ * S_NICE
+ The is an optional priority level. It is an integer ranging
+ between from -20 to 19. Well it is the nice level in fact, so -20
+ means the highest priority and 19 the lowest (the highest nice
+ level). All processes in the virtual server will be locked to this
+ level (or higher niceness).
+ Event root is locked and can't get more priority.
+ Note that this has limited usefulness. The kernel does not
+ differentiate processes running in different security context for
+ scheduling (for now :-) ). This means that a virtual servers
+ running many low priority processes may nevertheless claim a large
+ share of CPU.
+ * S_FLAGS
+ This is used to set various flags. Here are the supported flags:
+ + lock
+ This flags prevents the vserver from setting new security
+ contexts.
+ + sched
+ It kind of unifies the processes in a vserver from a
+ scheduler view point. All processes are weighted as single
+ one when compared to other processes in the real server. This
+ prevents a vserver from taking to much CPU resources.
+ + nproc
+ Make the ulimit maximum user process global to the vserver.
+ + private
+ Once set on a vserver security context, no other process can
+ enter it. Even the root server is unable to enter the
+ context. It can see the process list using security context
+ 1, but can't signal or trace the process.
+ + fakeinit
+ This assigned the current process so it works like the
+ process number 1. Using this trick, a normal /sbin/init may
+ be run in a vserver. The /usr/sbin/vserver command will use
+ /sbin/init to start and stop a vserver. A properly configured
+ /etc/inittab is needed though.
+ o Processes loosing their parent are reparent to this
+ process.
+ o getppid() done by child process of this process returns
+ 1.
+ o getpid() done by this process returns 1.
+ o This process is not shown in /proc since process number
+ 1 is always shown.
+ o An "initpid" entry is available in /proc/*/status to
+ tell which process is the fake init process.
+ * ULIMIT
+ This contains the command line option to the ulimit shell command.
+ You enter here whatever parameters accepted by ulimit. Here is the
+ default when you create a new vserver:
+
+ULIMIT="-H -u 1000"
+
+ Default vserver ulimit
+ Normally ulimit settings only affects users independantly. So
+ limiting a vserver this way, limit each user processes
+ independantly in the vserver. Using special flags in the S_FLAGS
+ option, you can make those ulimit settings global to the vserver.
+ The example above used with the nproc parameter make the maximum
+ number of process global. In this case, a maximum of 1000
+ processes is available to all users in the vserver.
+
+ NEW
+
+Entering the virtual server
+
+ It is possible to enter a virtual server context from the main server
+ just by executing /usr/sbin/vserver XX enter (where XX is the virtual
+ server name).
+
+ This creates a shell. From there you can execute anything
+ administrative you normally do on a Linux server.
+
+ NEW
+
+Configuring the services
+
+ The virtual server can run pretty much any services. Many pseudo
+ services, such as network configuration are useless (the server is
+ already configured). After building the environment, enter it (without
+ starting the virtual server) using the vserver name enter command.
+ Then using a tool like Linuxconf (control/control service activity) ,
+ or ntsysv, browse all service and keep only the needed ones.
+
+ So after building the server, you enter it and you select the service
+ you need in that server. Many services such as network, and apmd are
+ either useless or won't run at all in the virtual server. They will
+ fail to start completely. NEW
+
+Starting/Stopping the virtual server
+
+ Virtual server with ONBOOT=yes will be started and stopped like any
+ other services of the main server. But you can stop and start a
+ virtual server at any time. Starting a server means that all
+ configured service will be started. Stopping it means that all
+ configured services will be stopped and then all remaining process
+ will be killed.
+
+ Oddly, starting a virtual server does not mean much. There is no
+ overhead. No monitoring process or proxy or emulator. Starting a
+ virtual server with 4 services is the same as running those 4 services
+ in the main server, at least performance wise (the service inside a
+ virtual server are locked inside the security context).
+
+ The following commands may be used to control a virtual server:
+
+ * /usr/sbin/vserver server start
+ * /usr/sbin/vserver server stop
+ * /usr/sbin/vserver server restart
+ * /usr/sbin/vserver server running
+ * /usr/sbin/vserver server enter
+ * /usr/sbin/vserver server exec some commands ...
+ * /usr/sbin/vserver server suexec user some commands ...
+ * /usr/sbin/vserver server service service-name
+ start/stop/restart/status
+ * /usr/sbin/vserver server status
+
+ The running command prints if there are any processes running in the
+ virtual server context.
+
+ Please note
+
+ The processes running in a virtual server are invisible from the main
+ server. The opposite is true. This is very important. Managing the
+ main server must not cause problems to the various virtual servers.
+ For example, doing killall httpd will kill all the httpd processes in
+ the current context ( the main server or a virtual one).
+
+ NEW
+
+Starting/Stopping all the virtual servers
+
+ The sysv script /etc/rc.d/init.d/vserver is used to start and stop the
+ virtual server at boot and shutdown time. It may be used at any time
+ to operate all virtual servers. The following commands are supported:
+
+ * /etc/rc.d/init.d/vservers start
+ * /etc/rc.d/init.d/vservers stop
+ * /etc/rc.d/init.d/vservers restart
+ * /etc/rc.d/init.d/vservers status
+
+ The status command reports the running status of every virtual server.
+ NEW
+
+Restarting a virtual server from inside
+
+ A virtual server administrator is not allowed to reboot the machine
+ (the kernel). But it is useful to restart his virtual server from
+ scratch. This allow him to make sure all the services are properly
+ configured to start at boot time.
+
+ The /sbin/vreboot and /sbin/vhalt utilities are installed in each
+ virtual server so they can request a restart or stop.
+
+ The rebootmgr service must be enabled in the main server.
+
+ NEW
+
+Executing tasks at vserver start/stop time
+
+ You can setup a script called /etc/vservers/XX.sh where XX is the name
+ of the virtual server. This script will be called four time:
+
+ * Before starting the vserver
+ * After starting it.
+ * Before stopping it.
+ * After stopping it.
+
+ You generally perform tasks such as mounting file system (mapping some
+ directory in the vserver root using "mount --bind").
+
+ Here is an example where you map the /home directory as the vserver
+ /home directory.
+
+#!/bin/sh
+case $1 in
+pre-start)
+ mount --bind /home /vservers/$2/home
+ ;;
+post-start)
+ ;;
+pre-stop)
+ ;;
+post-stop)
+ umount /vservers/$2/home
+ ;;
+esac
+
+ /etc/vservers/XX.sh
+ NEW
+
+Issues
+
+ There are some common problem you may encounter. Here they are.
+
+ * The main server is not tied (by default) to any ipv4root. So if
+ the main server has already some service running they are probably
+ binding some UDP or TCP ports using the address 0.0.0.0. Once a
+ process has bound a service with the address 0.0.0.0 (see the
+ LISTEN lines when executing the "netstat -a" command), no other
+ process can bind the same port, even with a specific address.
+ The solution is to start the services of the main server using the
+ chbind utility to trap them in one ipv4root. For example
+
+/sbin/chbind --ip eth0 /etc/rc.d/init.d/httpd start
+
+ Assigning on IP to a service
+ will limit Apache to the IP address of the eth0 interface. without
+ configuration changes (in httpd.conf). It is probably a good idea
+ to start the following services in the main server this way,
+ because they will be run by virtual servers as well.
+
+ * httpd
+ * sshd
+ * xinetd
+
+ To ease this, the vserver package supplies the following services:
+ v_httpd, v_sshd, v_smb and v_xinetd. Disable the corresponding
+ services and enable the v_ services and you will lock those services
+ on a single IP.
+
+ Cleanup rc.local. This is probably not doing anything useful.
+
+ NEW
+
+How real is it ?
+
+ The project is new. So far, experiments have shown very little
+ restrictions. Service works the same in a virtual server. Further,
+ performance is the same. And there is a high level of isolation
+ between the various virtual servers and the main server. NEW
+
+Features
+
+ There are various tricks one can use to make the virtual servers more
+ secure.
+
+ * Putting a fire-wall on the box and limiting access to a virtual
+ services from another one.
+ * Using port redirection to allow one virtual server to logically
+ bind several IPs. One virtual server could run several web virtual
+ host this way.
+
+ NEW
+
+Future directions
+
+ NEW
+
+User controlled security box
+
+ By combining the capabilities, the s_context, the ipv4root and the
+ AclFS (component of the [51]virtualfs package), we can produce a user
+ level tool allowing controlled access to the user own resources. For
+ example the user may download any program he wants and execute them
+ under control. Whenever the program tries to access something not
+ specified by the user, a popup is presented and the user may choose to
+ terminate the program or allow the access.
+
+ NEW
+
+Kernel enhancements
+
+ We expect to see some wider usage of the virtual servers. As usage
+ grow, we expect to see needs for more control. Here are some ideas.
+
+ NEW
+
+Per context disk quota
+
+ If one installs virtual servers and grant access to less trusted
+ users, he may want to limit the disk space used. Since a virtual
+ server may create new user accounts and run processes with any user ID
+ it wants, the current kernel disk quota is not powerful enough. First,
+ it can't differentiate between user ID 100 in one virtual server and
+ user ID 100 in another one.
+
+ Further, the main administrator may want to control disk space
+ allocated to the virtual server on a server per server basis,
+ unrelated to the various user ID in use in those virtual servers.
+
+ The kernel has already user and group disk quota. Adding security
+ context disk quota should be easily done.
+
+ To differentiate between user IDs in virtual servers, the kernel could
+ coin together the security context and the user id to create a unique
+ ID. The kernel 2.4 now supports 32 user ID, so combining security
+ context and user ID in a single 32 bits number should be acceptable.
+
+ NEW
+
+Global limits
+
+ The kernel has supports for user limit (memory, processes file
+ handles). With virtual server, we may want to limit the resources used
+ by all processes in the virtual server. The security context would be
+ used as the key here. The following resources could be limited on a
+ security context basis (as opposed to user or process basis)
+
+ * Memory used
+ * Processes number
+ (Done: This is now supported with the nproc flag in the kernel
+ 2.4.16ctx-4. By default a new vserver is limited to 1000 processes
+ maximum, configurable).
+ * File handles
+
+ NEW
+
+Scheduler
+
+ The scheduler may become security context aware. It could potentially
+ use this to provide some fairness and control priority based on
+ context. Currently the scheduler is process oriented and does not
+ group process together to qualify their priorities. For example, a
+ user running 10 compilations will get more CPU than another user
+ running a single compilation.
+
+ Currently, it is possible to raise the nice (lower priority) for all
+ processes in a virtual server. This can't be reversed, so you are
+ setting an upper limit on priority (Just set the S_NICE variable in
+ the vserver configuration file). Note that a virtual server may still
+ start many low priority processes and this can grab significant share
+ of the CPU. A global per security context might be needed to really
+ provide more control and fairness between the various virtual servers.
+
+ Done: The sched security context flag group all process in a vserver
+ so their priority is kind of unified. If you have 50 processes running
+ full speed in one vserver, they will take as much CPU resource than a
+ single process in the root server. A vserver can't starve the other...
+ NEW
+
+Security issues
+
+ The current kernel + patch provides a fair level of isolation between
+ the virtual servers. User root can't take over the system: He sees
+ only his processes, has only access to his area of the file system
+ (chroot) and can't reconfigure the kernel. Yet there are some
+ potential problems. They are fixable. As usage grows, we will know if
+ they are real problems. Comments are welcome:
+
+ NEW
+
+/dev/random
+
+ Writing to /dev/random is not limited by any capability. Any root user
+ (virtual included) is allowed to write there. Is this a problem ?
+
+ (kernel expert think it is ok) NEW
+
+/dev/pts
+
+ /dev/pts is a virtual file-system used to allocate pseudo-tty. It
+ presents all the pseudo-tty in use on the server (including all
+ virtual server). User root is allowed to read and write to any
+ pseudo-tty, potentially causing problems on other vservers.
+
+ Starting with the ctx-6 patch, /dev/pts is virtualised. Although the
+ file numbers are allocated from a single pool, a vserver only see the
+ pseudo-tty it owns. NEW
+
+Network devices
+
+ Anyone can list the network devices configurations. This may inform a
+ virtual user that another vserver is on the same physical server. By
+ using as much resources as possible in his own vservers, a malicious
+ user could slow down the other server. Modification to the scheduler
+ explained above could stop this.
+
+ Starting with the ctx-6 patch, a vserver only see the device
+ corresponding to its IP number. NEW
+
+Alternative technologies
+
+ Using virtual servers may be a cost effective alternative to several
+ independent real servers. You get the administrative independence of
+ independent servers, but share some costs including operation costs.
+
+ Other technologies exist offering some of the advantages talked in
+ this document as well as other. Two technologies are available on
+ various hardware platform: Virtual machines and partitioning, NEW
+
+Virtual machines
+
+ This has been available for mainframes for a while now. You can boot
+ several different OS at once on the same server. This is mainly used
+ to isolate environments. For example, you can install the new version
+ of an OS on the same server, even while the server is running the
+ current version. This allows you to test and do a roll-out gracefully.
+
+ The advantages of virtual machines are:
+
+ * Total flexibility. You can run many different OS and different
+ version of the same OS, all at once.
+ * Robustness. You have total isolation. One OS may crash without
+ affecting the other.
+ * Resource management. You can effectively limit the resources taken
+ by one OS.
+ * Hardware Independence. The client OS is using virtual disks
+ provided by the host OS.
+
+ This technology is not directly available on PCs. The Intel x86
+ architecture does not support visualization natively. Some products
+ nevertheless have appeared and provide this. You can run Linux inside
+ Linux, or this other OS (Which BTW has a logo showing a window flying
+ in pieces, which quite frankly tells everything about it).
+
+ The solutions available on PCs carry most of the advantages of the
+ virtual machines found on mainframe, except for performance. You can't
+ run that many virtual Linux's using this technology and expect it to
+ fly. One example of this technology is [52]vmware, which is quite
+ useful, especially if you must run this other OS... vmware may be used
+ to run Linux inside Linux, even test Linux installation while running
+ linux... NEW
+
+Partitioning
+
+ Partitioning (domains ?) is a way to split the resources of a large
+ server so you end up with independent servers. For example, you can
+ take a 20 CPUs server and create 3 servers, two with 4 CPUs and one
+ with 12. You can very easily re-assign CPUs to servers in case you
+ need more for a given tasks.
+
+ This technology provides full Independence, but much less flexibility.
+ If your 12 CPUs server is not working much, the 4 CPUs one can't
+ borrow some CPUs for 5 minutes. NEW
+
+Limitation of those technologies
+
+ Oddly, one disadvantage of those technologies is a side effect of
+ their major advantage: Total Independence. Each virtual server is
+ running its own kernel. Cool. This makes the following tasks more
+ difficult or impossible:
+
+ * Sharing administrative tasks such as backup. The virtual servers
+ are using volumes in the host server. The host server can't handle
+ the files in those volumes directly without interfering with the
+ client OS. It has to use some services of the client OS to access
+ the file.
+ The vserver solution does not have this limitation since the
+ virtual servers are living in the same file-system, sharing the
+ same kernel.
+ * Task monitoring. The virtual servers run their own kernel. As
+ such, the host OS can't spy on the tasks and check for intrusion
+ for example.
+ * Disk space. Virtual servers are using either volumes or full
+ devices in the host server. This space is pre-allocated to the
+ maximum needed by the server. You end up with a lot of wasted disk
+ space. Imagine running 100 virtual servers this way and allocating
+ say 10 gigs to each. You get the picture. The vserver solution is
+ sharing a common file-system so the free disk space is available
+ to all.
+ Further, if you are running the same Linux distribution in the
+ virtual servers, you can unify the disk space using hard link and
+ immutable attributes. The /usr/lib/vserver/vunify was created to
+ test that. Using information found in the rpm package the script
+ links the files, except configuration ones.
+ Testing vunify on a vserver installed with a RedHat 6.2
+ distribution, unifying the packages glibc, binutils, perl, and
+ bash saved 60 megs. Quite a few packages are not changing often
+ and could be unified.
+ Vservers do not need kernel packages and hardware configuration
+ tools. This also contribute to save disk space.
+ * File system sharing
+ A little the same as above. You can't share file system easily
+ between vservers unless you use network services (often slower).
+ Using "mount --bind", it is very easy to "map" any directory of
+ the root server in several vservers, providing raw speed access
+ (and even sharing the disk cache).
+
+ NEW
+
+Conclusion
+
+ Virtual servers are interesting because they can provide a higher
+ level of security while potentially reducing the administration task.
+ Common operation such as backup, are shared between all servers.
+ Services such as monitoring may be configured once.
+
+ A Linux server can run many services at once with a high level of
+ reliability. As servers are evolving, more and more services are
+ added, often unrelated. Unfortunately there are few details here and
+ there, making the server more complex than it is in reality. When one
+ wants to move one service to another server, it is always a little
+ pain: Some user accounts have to be moved and some configuration
+ files. A lot of hand tweaking.
+
+ By installing services in separate virtual servers, it becomes much
+ easier to move services around (just by moving a directory although a
+ big one).
+
+ Virtual servers may become a preferred way to install common Linux
+ servers. NEW
+
+Download
+
+ The ftp site for this project is
+ [53]ftp://ftp.solucorp.qc.ca/pub/vserver . You will find there the
+ following components.
+
+ * [54]kernel-2.4.20ctx-17.tar.gz
+ [55]kernel-2.4.20ctxsmp-17.tar.gz
+ A pre-compiled kernel for Pentium class machine and up. An SMP
+ kernel is also supplied.
+ * [56]vserver-0.22-1.src.rpm
+ The source RPM for the vserver utilities
+ * [57]vserver-0.22-1.i386.rpm
+ A compiled rpm for RedHat 7.x and up. Should work on any recent
+ distribution (glibc 2.2). You need a recent distribution to
+ operate a kernel 2.4 anyway.
+ * [58]vserver-admin-0.22-1.i386.rpm
+ Contains the command /usr/sbin/newvserver. It is a GUI to create
+ vservers. It requires the linuxconf-utils and linuxconf-lib
+ packages. You can get them from [59]here. linuxconf itself is not
+ needed though.
+ * [60]vserver-0.22.src.tar.gz
+ The vserver utilities source
+ * [61]patch-2.4.20ctx-17.gz
+ The patch against Linux 2.4.20
+ * [62]patches
+ The various relative patches (ctxN-ctxN+1)
+
+ NEW
+
+References
+
+ This project is maintained by Jacques Gelinas [63]jack@solucorp.qc.ca
+
+ The vserver package is licensed under the GNU PUBLIC LICENSE.
+
+ A FAQ can be found at
+ [64]http://www.solucorp.qc.ca/howto.hc?projet=vserver
+
+ A mailing list has been created to exchange about this project. It is
+ [65]vserver@solucorp.qc.ca .You can subscribe [66]here
+
+ The mailing list is archived [67]here.
+
+ The change logs for the vserver package are [68]here .
+
+ The official copy of this document is found at
+ [69]http://www.solucorp.qc.ca/miscprj/s_context.hc
+
+ This document was produced using the [70]TLMP documentation system
+
+ [71]Top
+ [72]Back to project page
+ [73]About tlmpdoc and cookies
+ Document maintained by Jacques Gélinas ([74]jack@solucorp.qc.ca)
+ Last update: Wed Apr 16 11:22:22 2003
+
+Références
+
+ 1. http://remtk/solucor/miscprj/s_context.hc?s1=1&s2=0&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 2. http://remtk/solucor/miscprj/s_context.hc?s1=1&s2=1&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 3. http://remtk/solucor/miscprj/s_context.hc?s1=2&s2=0&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 4. http://remtk/solucor/miscprj/s_context.hc?s1=2&s2=1&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 5. http://remtk/solucor/miscprj/s_context.hc?s1=2&s2=2&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 6. http://remtk/solucor/miscprj/s_context.hc?s1=2&s2=3&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 7. http://remtk/solucor/miscprj/s_context.hc?s1=2&s2=4&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 8. http://remtk/solucor/miscprj/s_context.hc?s1=2&s2=5&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 9. http://remtk/solucor/miscprj/s_context.hc?s1=2&s2=6&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 10. http://remtk/solucor/miscprj/s_context.hc?s1=2&s2=6&s3=1&s4=0&full=0&prjstate=1&nodoc=0
+ 11. http://remtk/solucor/miscprj/s_context.hc?s1=2&s2=6&s3=2&s4=0&full=0&prjstate=1&nodoc=0
+ 12. http://remtk/solucor/miscprj/s_context.hc?s1=2&s2=6&s3=3&s4=0&full=0&prjstate=1&nodoc=0
+ 13. http://remtk/solucor/miscprj/s_context.hc?s1=2&s2=6&s3=4&s4=0&full=0&prjstate=1&nodoc=0
+ 14. http://remtk/solucor/miscprj/s_context.hc?s1=2&s2=7&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 15. http://remtk/solucor/miscprj/s_context.hc?s1=3&s2=0&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 16. http://remtk/solucor/miscprj/s_context.hc?s1=3&s2=1&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 17. http://remtk/solucor/miscprj/s_context.hc?s1=3&s2=2&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 18. http://remtk/solucor/miscprj/s_context.hc?s1=3&s2=3&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 19. http://remtk/solucor/miscprj/s_context.hc?s1=3&s2=4&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 20. http://remtk/solucor/miscprj/s_context.hc?s1=4&s2=0&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 21. http://remtk/solucor/miscprj/s_context.hc?s1=4&s2=1&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 22. http://remtk/solucor/miscprj/s_context.hc?s1=4&s2=2&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 23. http://remtk/solucor/miscprj/s_context.hc?s1=4&s2=3&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 24. http://remtk/solucor/miscprj/s_context.hc?s1=4&s2=4&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 25. http://remtk/solucor/miscprj/s_context.hc?s1=4&s2=5&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 26. http://remtk/solucor/miscprj/s_context.hc?s1=4&s2=6&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 27. http://remtk/solucor/miscprj/s_context.hc?s1=4&s2=7&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 28. http://remtk/solucor/miscprj/s_context.hc?s1=4&s2=8&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 29. http://remtk/solucor/miscprj/s_context.hc?s1=4&s2=9&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 30. http://remtk/solucor/miscprj/s_context.hc?s1=4&s2=10&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 31. http://remtk/solucor/miscprj/s_context.hc?s1=4&s2=11&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 32. http://remtk/solucor/miscprj/s_context.hc?s1=5&s2=0&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 33. http://remtk/solucor/miscprj/s_context.hc?s1=6&s2=0&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 34. http://remtk/solucor/miscprj/s_context.hc?s1=6&s2=1&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 35. http://remtk/solucor/miscprj/s_context.hc?s1=6&s2=2&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 36. http://remtk/solucor/miscprj/s_context.hc?s1=6&s2=2&s3=1&s4=0&full=0&prjstate=1&nodoc=0
+ 37. http://remtk/solucor/miscprj/s_context.hc?s1=6&s2=2&s3=2&s4=0&full=0&prjstate=1&nodoc=0
+ 38. http://remtk/solucor/miscprj/s_context.hc?s1=6&s2=2&s3=3&s4=0&full=0&prjstate=1&nodoc=0
+ 39. http://remtk/solucor/miscprj/s_context.hc?s1=6&s2=2&s3=4&s4=0&full=0&prjstate=1&nodoc=0
+ 40. http://remtk/solucor/miscprj/s_context.hc?s1=6&s2=2&s3=4&s4=1&full=0&prjstate=1&nodoc=0
+ 41. http://remtk/solucor/miscprj/s_context.hc?s1=6&s2=2&s3=4&s4=2&full=0&prjstate=1&nodoc=0
+ 42. http://remtk/solucor/miscprj/s_context.hc?s1=6&s2=2&s3=4&s4=3&full=0&prjstate=1&nodoc=0
+ 43. http://remtk/solucor/miscprj/s_context.hc?s1=7&s2=0&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 44. http://remtk/solucor/miscprj/s_context.hc?s1=7&s2=1&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 45. http://remtk/solucor/miscprj/s_context.hc?s1=7&s2=2&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 46. http://remtk/solucor/miscprj/s_context.hc?s1=7&s2=3&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 47. http://remtk/solucor/miscprj/s_context.hc?s1=8&s2=0&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 48. http://remtk/solucor/miscprj/s_context.hc?s1=9&s2=0&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 49. http://remtk/solucor/miscprj/s_context.hc?s1=10&s2=0&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 50. ftp://ftp.solucorp.qc.ca/pub/vserver
+ 51. http://www.solucorp.qc.ca/virtualfs
+ 52. http://www.vmware.com/
+ 53. ftp://ftp.solucorp.qc.ca/pub/vserver
+ 54. ftp://ftp.solucorp.qc.ca/pub/vserver/kernel-2.4.20ctx-17.tar.gz
+ 55. ftp://ftp.solucorp.qc.ca/pub/vserver/kernel-2.4.20ctxsmp-17.tar.gz
+ 56. ftp://ftp.solucorp.qc.ca/pub/vserver/vserver-0.22-1.src.rpm
+ 57. ftp://ftp.solucorp.qc.ca/pub/vserver/vserver-0.22-1.i386.rpm
+ 58. ftp://ftp.solucorp.qc.ca/pub/vserver/vserver-admin-0.22-1.i386.rpm
+ 59. http://www.solucorp.qc.ca/linuxconf/download.hc
+ 60. ftp://ftp.solucorp.qc.ca/pub/vserver/vserver-0.22.src.tar.gz
+ 61. ftp://ftp.solucorp.qc.ca/pub/vserver/patch-2.4.20ctx-17.gz
+ 62. ftp://ftp.solucorp.qc.ca/pub/vserver/patches
+ 63. mailto:jack@solucorp.qc.ca
+ 64. http://www.solucorp.qc.ca/howto.hc?projet=vserver
+ 65. mailto:vserver@solucorp.qc.ca
+ 66. http://www.solucorp.qc.ca/mlist/index.hc?list=vserver
+ 67. http://www.paul.sladen.org/vserver/archives/
+ 68. http://www.solucorp.qc.ca/changes.hc?projet=vserver
+ 69. http://www.solucorp.qc.ca/miscprj/s_context.hc
+ 70. http://www.solucorp.qc.ca/tlmp
+ 71. http://remtk/solucor/miscprj/s_context.hc?s1=0&s2=0&s3=0&s4=0&full=0&prjstate=1&nodoc=0
+ 72. http://remtk/solucor/miscprj/s_context.hc
+ 73. http://www.solucorp.qc.ca/tlmp/tlmpdoc.hc
+ 74. mailto:jack@solucorp.qc.ca