bool "Enable Legacy Kernel API"
default y
help
- This enables the legacy API used in vs1.xx, which allows
- to use older tools (for migration purposes).
+ This enables the legacy API used in vs1.xx, maintaining
+ compatibility with older vserver tools, and guest images
+ that are configured using the legacy method. This is
+ probably a good idea for now, for migration purposes.
-config PROC_SECURE
+ Note that some tools have not yet been altered to use
+ this API, so disabling this option may reduce some
+ functionality.
+
+config VSERVER_LEGACY_VERSION
+ bool "Show a Legacy Version ID"
+ depends on VSERVER_LEGACY
+ default n
+ help
+ This shows a special legacy version to very old tools
+ which do not handle the current version correctly.
+
+ This will probably disable some features of newer tools
+ so better avoid it, unless you really, really need it
+ for backwards compatibility.
+
+config VSERVER_NGNET
+ bool "Disable Legacy Networking Kernel API"
+ depends on EXPERIMENTAL
+ default n
+ help
+ This disables the legacy networking API which is required
+ by the chbind tool. Do not disable it unless you exactly
+ know what you are doing.
+
+config VSERVER_REMAP_SADDR
+ bool "Remap Source IP Address"
+ depends on EXPERIMENTAL && !VSERVER_LEGACY
+ default n
+ help
+ This allows to remap the source IP address of 'local'
+ connections from 127.0.0.1 to the first assigned
+ guest IP.
+
+config VSERVER_PROC_SECURE
bool "Enable Proc Security"
depends on PROC_FS
default y
help
- Hide proc entries by default for xid>1
+ This configures ProcFS security to initially hide
+ non-process entries for all contexts except the main and
+ spectator context (i.e. for all guests), which is a secure
+ default.
+
+ (note: on 1.2x the entries were visible by default)
config VSERVER_HARDCPU
bool "Enable Hard CPU Limits"
help
Activate the Hard CPU Limits
+ This will compile in code that allows the Token Bucket
+ Scheduler to put processes on hold when a context's
+ tokens are depleted (provided that its per-context
+ sched_hard flag is set).
+
+ Processes belonging to that context will not be able
+ to consume CPU resources again until a per-context
+ configured minimum of tokens has been reached.
+
+config VSERVER_HARDCPU_IDLE
+ bool "Limit the IDLE task"
+ depends on VSERVER_HARDCPU
+ default n
+ help
+ Limit the idle slices, so the the next context
+ will be scheduled as soon as possible.
+
+ This might improve interactivity and latency, but
+ will also marginally increase scheduling overhead.
+
choice
prompt "Persistent Inode Context Tagging"
- default INOXID_GID24
+ default INOXID_UGID24
help
This adds persistent context information to filesystems
mounted with the tagxid option. Tagging is a requirement
- for per context disk limits and per context quota.
+ for per-context disk limits and per-context quota.
config INOXID_NONE
bool "Disabled"
help
- no context information is store for inodes
+ do not store per-context information in inodes.
+
+config INOXID_UID16
+ bool "UID16/GID32"
+ help
+ reduces UID to 16 bit, but leaves GID at 32 bit.
config INOXID_GID16
bool "UID32/GID16"
help
reduces GID to 16 bit, but leaves UID at 32 bit.
-config INOXID_GID24
+config INOXID_UGID24
bool "UID24/GID24"
help
uses the upper 8bit from UID and GID for XID tagging
which leaves 24bit for UID/GID each, which should be
more than sufficient for normal use.
-config INOXID_GID32
+config INOXID_INTERN
bool "UID32/GID32"
help
this uses otherwise reserved inode fields in the on
disk representation, which limits the use to a few
filesystems (currently ext2 and ext3)
-config INOXID_MAGIC
+config INOXID_RUNTIME
bool "Runtime"
depends on EXPERIMENTAL
help
endchoice
+config XID_TAG_NFSD
+ bool "Tag NFSD User Auth and Files"
+ default n
+ help
+ Enable this if you do want the in-kernel NFS
+ Server to use the xid tagging specified above.
+ (will require patched clients too)
+
+config VSERVER_DEBUG
+ bool "VServer Debugging Code"
+ default n
+ help
+ Set this to yes if you want to be able to activate
+ debugging output at runtime. It adds a probably small
+ overhead to all vserver related functions and
+ increases the kernel size by about 20k.
+
+config VSERVER_HISTORY
+ bool "VServer History Tracing"
+ depends on VSERVER_DEBUG
+ default n
+ help
+ Set this to yes if you want to record the history of
+ linux-vserver activities, so they can be replayed in
+ the event of a kernel panic or oops.
+
+config VSERVER_HISTORY_SIZE
+ int "Per-CPU History Size (32-65536)"
+ depends on VSERVER_HISTORY
+ range 32 65536
+ default 64
+ help
+ This allows you to specify the number of entries in
+ the per-CPU history buffer.
+
endmenu
+
+config VSERVER
+ bool
+ default y
+
+config VSERVER_SECURITY
+ bool
+ depends on SECURITY
+ default y
+ select SECURITY_CAPABILITIES
+
+config VSERVER_LEGACYNET
+ bool
+ depends on !VSERVER_NGNET
+ default y
+