2 # Linux VServer configuration
8 bool "Enable Legacy Kernel API"
9 depends on EXPERIMENTAL
12 This enables the legacy API used in vs1.xx, maintaining
13 compatibility with older vserver tools, and guest images
14 that are configured using the legacy method.
16 config VSERVER_LEGACY_VERSION
17 bool "Show a Legacy Version ID"
18 depends on VSERVER_LEGACY
21 This shows a special legacy version to very old tools
22 which do not handle the current version correctly.
24 Warning: recent tools are not able to utilize the
25 newer APIs when this is enabled, so some features will
26 not be available. Better avoid it, unless you really,
27 really need it for backwards compatibility.
29 config VSERVER_DYNAMIC_IDS
30 bool "Enable dynamic context IDs"
31 depends on EXPERIMENTAL && VSERVER_LEGACY
34 This enables support of in kernel dynamic context IDs,
35 which is deprecated and will probably be removed in the
38 config VSERVER_LEGACYNET
39 bool "Enable Legacy Networking Kernel API"
40 depends on EXPERIMENTAL
43 This enables the legacy networking API which is used
44 by older tools (pre 0.30.210) to set up the network
47 config VSERVER_REMAP_SADDR
48 bool "Remap Source IP Address"
49 depends on EXPERIMENTAL
52 This allows to remap the source IP address of 'local'
53 connections from 127.0.0.1 to the first assigned
57 bool "Enable COW Immutable Link Breaking"
60 This enables the COW (Copy-On-Write) link break code.
61 It allows you to treat unified files like normal files
62 when writing to them (which will implicitely break the
63 link and create a copy of the unified file)
66 bool "Enable Virtualized Guest Time"
67 depends on EXPERIMENTAL
70 This enables per guest time offsets to allow for
71 adjusting the system clock individually per guest.
72 this adds some overhead to the time functions and
73 therefore should not be enabled without good reason.
75 config VSERVER_PROC_SECURE
76 bool "Enable Proc Security"
80 This configures ProcFS security to initially hide
81 non-process entries for all contexts except the main and
82 spectator context (i.e. for all guests), which is a secure
85 (note: on 1.2x the entries were visible by default)
87 config VSERVER_HARDCPU
88 bool "Enable Hard CPU Limits"
91 Activate the Hard CPU Limits
93 This will compile in code that allows the Token Bucket
94 Scheduler to put processes on hold when a context's
95 tokens are depleted (provided that its per-context
96 sched_hard flag is set).
98 Processes belonging to that context will not be able
99 to consume CPU resources again until a per-context
100 configured minimum of tokens has been reached.
102 config VSERVER_IDLETIME
103 bool "Avoid idle CPUs by skipping Time"
104 depends on VSERVER_HARDCPU
107 This option allows the scheduler to artificially
108 advance time (per cpu) when otherwise the idle
109 task would be scheduled, thus keeping the cpu
110 busy and sharing the available resources among
113 config VSERVER_IDLELIMIT
114 bool "Limit the IDLE task"
115 depends on VSERVER_HARDCPU
118 Limit the idle slices, so the the next context
119 will be scheduled as soon as possible.
121 This might improve interactivity and latency, but
122 will also marginally increase scheduling overhead.
125 prompt "Persistent Inode Tagging"
128 This adds persistent context information to filesystems
129 mounted with the tagxid option. Tagging is a requirement
130 for per-context disk limits and per-context quota.
136 do not store per-context information in inodes.
141 reduces UID to 16 bit, but leaves GID at 32 bit.
146 reduces GID to 16 bit, but leaves UID at 32 bit.
151 uses the upper 8bit from UID and GID for XID tagging
152 which leaves 24bit for UID/GID each, which should be
153 more than sufficient for normal use.
155 config TAGGING_INTERN
158 this uses otherwise reserved inode fields in the on
159 disk representation, which limits the use to a few
160 filesystems (currently ext2 and ext3)
165 bool "Tag NFSD User Auth and Files"
168 Enable this if you do want the in-kernel NFS
169 Server to use the tagging specified above.
170 (will require patched clients too)
173 bool "Enable Inode Tag Propagation"
175 depends on EXPERIMENTAL
177 This allows for the tagid= mount option to specify
178 a tagid which is to be used for the entire mount
181 config VSERVER_PRIVACY
182 bool "Honor Privacy Aspects of Guests"
185 When enabled, most context checks will disallow
186 access to structures assigned to a specific context,
187 like ptys or loop devices.
189 config VSERVER_CONTEXTS
190 int "Maximum number of Contexts (1-65533)" if EMBEDDED
192 default "768" if 64BIT
195 This setting will optimize certain data structures
196 and memory allocations according to the expected
199 note: this is not a strict upper limit.
202 bool "VServer Warnings"
205 This enables various runtime warnings, which will
206 notify about potential manipulation attempts or
207 resource shortage. It is generally considered to
208 be a good idea to have that enabled.
211 bool "VServer Debugging Code"
214 Set this to yes if you want to be able to activate
215 debugging output at runtime. It adds a very small
216 overhead to all vserver related functions and
217 increases the kernel size by about 20k.
219 config VSERVER_HISTORY
220 bool "VServer History Tracing"
221 depends on VSERVER_DEBUG
224 Set this to yes if you want to record the history of
225 linux-vserver activities, so they can be replayed in
226 the event of a kernel panic or oops.
228 config VSERVER_HISTORY_SIZE
229 int "Per-CPU History Size (32-65536)"
230 depends on VSERVER_HISTORY
234 This allows you to specify the number of entries in
235 the per-CPU history buffer.
237 config VSERVER_MONITOR
238 bool "VServer Scheduling Monitor"
239 depends on VSERVER_DEBUG
242 Set this to yes if you want to record the scheduling
243 decisions, so that they can be relayed to userspace
244 for detailed analysis.
246 config VSERVER_MONITOR_SIZE
247 int "Per-CPU Monitor Queue Size (32-65536)"
248 depends on VSERVER_MONITOR
252 This allows you to specify the number of entries in
253 the per-CPU scheduling monitor buffer.
255 config VSERVER_MONITOR_SYNC
256 int "Per-CPU Monitor Sync Interval (0-65536)"
257 depends on VSERVER_MONITOR
261 This allows you to specify the interval in ticks
262 when a time sync entry is inserted.
274 config VSERVER_SECURITY
278 select SECURITY_CAPABILITIES
282 depends on EXPERIMENTAL && !VSERVER_LEGACYNET