#
# Linux VServer configuration
#

menu "Linux VServer"

config	VSERVER_LEGACY
	bool	"Enable Legacy Kernel API"
	default y
	help
	  This enables the legacy API used in vs1.xx, maintaining
	  compatibility with older vserver tools, and guest images
	  that are configured using the legacy method.  This is
	  probably a good idea for now, for migration purposes.

	  Note that some tools have not yet been altered to use
	  this API, so disabling this option may reduce some
	  functionality.

config	VSERVER_LEGACY_VERSION
	bool	"Show a Legacy Version ID"
	depends on VSERVER_LEGACY
	default n
	help
	  This shows a special legacy version to very old tools
	  which do not handle the current version correctly.

	  This will probably disable some features of newer tools
	  so better avoid it, unless you really, really need it
	  for backwards compatibility.

config	VSERVER_NGNET
	bool	"Disable Legacy Networking Kernel API"
	depends on EXPERIMENTAL
	default n
	help
	  This disables the legacy networking API which is required
	  by the chbind tool. Do not disable it unless you exactly
	  know what you are doing.

config	VSERVER_REMAP_SADDR
	bool	"Remap Source IP Address"
	depends on EXPERIMENTAL && !VSERVER_LEGACY
	default n
	help
	  This allows to remap the source IP address of 'local'
	  connections from 127.0.0.1 to the first assigned
	  guest IP.

config	VSERVER_PROC_SECURE
	bool	"Enable Proc Security"
	depends on PROC_FS
	default y
	help
	  This configures ProcFS security to initially hide
	  non-process entries for all contexts except the main and
	  spectator context (i.e. for all guests), which is a secure
	  default.

	  (note: on 1.2x the entries were visible by default)

config	VSERVER_HARDCPU
	bool	"Enable Hard CPU Limits"
	depends on EXPERIMENTAL
	default n
	help
	  Activate the Hard CPU Limits

	  This will compile in code that allows the Token Bucket
	  Scheduler to put processes on hold when a context's
	  tokens are depleted (provided that its per-context
	  sched_hard flag is set).

	  Processes belonging to that context will not be able
	  to consume CPU resources again until a per-context
	  configured minimum of tokens has been reached.

config	VSERVER_HARDCPU_IDLE
	bool	"Limit the IDLE task"
	depends on VSERVER_HARDCPU
	default n
	help
	  Limit the idle slices, so the the next context
	  will be scheduled as soon as possible.

	  This might improve interactivity and latency, but
	  will also marginally increase scheduling overhead.

choice
	prompt	"Persistent Inode Context Tagging"
	default	INOXID_UGID24
	help
	  This adds persistent context information to filesystems
	  mounted with the tagxid option. Tagging is a requirement
	  for per-context disk limits and per-context quota.


config	INOXID_NONE
	bool	"Disabled"
	help
	  do not store per-context information in inodes.

config	INOXID_UID16
	bool	"UID16/GID32"
	help
	  reduces UID to 16 bit, but leaves GID at 32 bit.

config	INOXID_GID16
	bool	"UID32/GID16"
	help
	  reduces GID to 16 bit, but leaves UID at 32 bit.

config	INOXID_UGID24
	bool	"UID24/GID24"
	help
	  uses the upper 8bit from UID and GID for XID tagging
	  which leaves 24bit for UID/GID each, which should be
	  more than sufficient for normal use.

config	INOXID_INTERN
	bool	"UID32/GID32"
	help
	  this uses otherwise reserved inode fields in the on
	  disk representation, which limits the use to a few
	  filesystems (currently ext2 and ext3)

config	INOXID_RUNTIME
	bool	"Runtime"
	depends on EXPERIMENTAL
	help
	  inodes are tagged when first accessed, this doesn't
	  require any persistant information, but might give
	  funny results for mixed access.

endchoice

config	XID_TAG_NFSD
	bool	"Tag NFSD User Auth and Files"
	default n
	help
	  Enable this if you do want the in-kernel NFS
	  Server to use the xid tagging specified above.
	  (will require patched clients too)

config	VSERVER_DEBUG
	bool	"VServer Debugging Code"
	default n
	help
	  Set this to yes if you want to be able to activate
	  debugging output at runtime. It adds a probably small
	  overhead to all vserver related functions and
	  increases the kernel size by about 20k.

config	VSERVER_HISTORY
	bool	"VServer History Tracing"
	depends on VSERVER_DEBUG
	default n
	help
	  Set this to yes if you want to record the history of
	  linux-vserver activities, so they can be replayed in
	  the event of a kernel panic or oops.

config	VSERVER_HISTORY_SIZE
	int "Per-CPU History Size (32-65536)"
	depends on VSERVER_HISTORY
	range 32 65536
	default 64
	help
	  This allows you to specify the number of entries in
	  the per-CPU history buffer.

endmenu


config	VSERVER
	bool
	default y

config	VSERVER_SECURITY
	bool
	depends on SECURITY
	default y
	select SECURITY_CAPABILITIES

config	VSERVER_LEGACYNET
	bool
	depends on !VSERVER_NGNET
	default y