# Linux VServer configuration
#
+config VSERVER
+ bool
+ default y
+
+config VSERVER_SECURITY
+ bool
+ depends on SECURITY
+ default y
+ select SECURITY_CAPABILITIES
+
+config VSERVER_LEGACYNET
+ bool
+ depends on !VSERVER_NGNET
+ default y
+
menu "Linux VServer"
config VSERVER_LEGACY
bool "Enable Legacy Kernel API"
default y
help
- This enables the legacy API used in vs1.xx, which allows
- to use older tools (for migration purposes).
+ This enables the legacy API used in vs1.xx, maintaining
+ compatibility with older vserver tools, and guest images
+ that are configured using the legacy method. This is
+ probably a good idea for now, for migration purposes.
+
+ Note that some tools have not yet been altered to use
+ this API, so disabling this option may reduce some
+ functionality.
+
+config VSERVER_LEGACY_VERSION
+ bool "Show a Legacy Version ID"
+ depends on VSERVER_LEGACY
+ default n
+ help
+ This shows a special legacy version to very old tools
+ which do not handle the current version correctly.
+
+ This will probably disable some features of newer tools
+ so better avoid it, unless you really, really need it
+ for backwards compatibility.
+
+config VSERVER_NGNET
+ bool "Disable Legacy Networking Kernel API"
+ depends on EXPERIMENTAL
+ default n
+ help
+ This disables the legacy networking API which is required
+ by the chbind tool. Do not disable it unless you exactly
+ know what you are doing.
config VSERVER_PROC_SECURE
bool "Enable Proc Security"
depends on PROC_FS
default y
help
- Hide proc entries by default for xid>1
+ This configures ProcFS security to initially hide
+ non-process entries for all contexts except the main and
+ spectator context (i.e. for all guests), which is a secure
+ default.
+
+ (note: on 1.2x the entries were visible by default)
config VSERVER_HARDCPU
bool "Enable Hard CPU Limits"
help
Activate the Hard CPU Limits
+ This will compile in code that allows the Token Bucket
+ Scheduler to put processes on hold when a context's
+ tokens are depleted (provided that its per-context
+ sched_hard flag is set).
+
+ Processes belonging to that context will not be able
+ to consume CPU resources again until a per-context
+ configured minimum of tokens has been reached.
+
config VSERVER_HARDCPU_IDLE
bool "Limit the IDLE task"
depends on VSERVER_HARDCPU
help
Limit the idle slices, so the the next context
will be scheduled as soon as possible.
- might improve interactivity/latency but
- increases scheduling overhead.
+
+ This might improve interactivity and latency, but
+ will also marginally increase scheduling overhead.
choice
prompt "Persistent Inode Context Tagging"
help
This adds persistent context information to filesystems
mounted with the tagxid option. Tagging is a requirement
- for per context disk limits and per context quota.
+ for per-context disk limits and per-context quota.
config INOXID_NONE
bool "Disabled"
help
- no context information is store for inodes
+ do not store per-context information in inodes.
config INOXID_UID16
bool "UID16/GID32"
endchoice
+config XID_TAG_NFSD
+ bool "Tag NFSD User Auth and Files"
+ default n
+ help
+ Enable this if you do want the in-kernel NFS
+ Server to use the xid tagging specified above.
+ (will require patched clients too)
+
config VSERVER_DEBUG
- bool "Compile Debugging Code"
+ bool "VServer Debugging Code"
default n
help
Set this to yes if you want to be able to activate
debugging output at runtime. It adds a probably small
- overhead (~ ??%) to all vserver related functions and
+ overhead to all vserver related functions and
increases the kernel size by about 20k.
+config VSERVER_HISTORY
+ bool "VServer History Tracing"
+ depends on VSERVER_DEBUG
+ default n
+ help
+ Set this to yes if you want to record the history of
+ linux-vserver activities, so they can be replayed in
+ the event of a kernel panic or oops.
+
+config VSERVER_HISTORY_SIZE
+ int "Per-CPU History Size (32-65536)"
+ depends on VSERVER_HISTORY
+ range 32 65536
+ default 64
+ help
+ This allows you to specify the number of entries in
+ the per-CPU history buffer.
+
endmenu