HOME

TheInfoList



Click Here for Items Related To - Linux-VServer
OR:
Linux-VServer on:   [Wikipedia]   [Google]   [Amazon]

Linux-VServer is a virtual private server implementation that was created by adding
operating system-level virtualization OS-level virtualization is an operating system (OS) virtualization paradigm in which the Kernel (operating system), kernel allows the existence of multiple isolated user space and kernel space, user space instances, including containers (LXC, Sol ...
capabilities to the
Linux kernel The Linux kernel is a Free and open-source software, free and open source Unix-like kernel (operating system), kernel that is used in many computer systems worldwide. The kernel was created by Linus Torvalds in 1991 and was soon adopted as the k ...
. It is developed and distributed as
open-source software Open-source software (OSS) is Software, computer software that is released under a Open-source license, license in which the copyright holder grants users the rights to use, study, change, and Software distribution, distribute the software an ...
.


Details

The project was started by Jacques Gélinas. It is now maintained by Herbert Pötzl. It is not related to the Linux Virtual Server project, which implements network load balancing. Linux-VServer is a jail mechanism in that it can be used to securely partition resources on a computer system (such as the file system, CPU time, network addresses and memory) in such a way that processes cannot mount a
denial-of-service attack In computing, a denial-of-service attack (DoS attack) is a cyberattack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host co ...
on anything outside their partition. Each partition is called a ''security context'', and the virtualized system within it is the ''virtual private server''. A
chroot chroot is a shell (computer), shell command (computing), command and a system call on Unix and Unix-like operating systems that changes the apparent root directory for the current running process and its Child process, children. A program that i ...
-like utility for descending into security contexts is provided. Booting a virtual private server is then simply a matter of kickstarting
init In Unix-based computer operating systems, init (short for ''initialization'') is the first process started during booting of the operating system. Init is a daemon process that continues running until the system is shut down. It is the direc ...
in a new security context; likewise, shutting it down simply entails killing all processes with that security context. The contexts themselves are robust enough to boot many
Linux distribution A Linux distribution, often abbreviated as distro, is an operating system that includes the Linux kernel for its kernel functionality. Although the name does not imply product distribution per se, a distro—if distributed on its own—is oft ...
s unmodified, including
Debian Debian () is a free and open-source software, free and open source Linux distribution, developed by the Debian Project, which was established by Ian Murdock in August 1993. Debian is one of the oldest operating systems based on the Linux kerne ...
and Fedora. Virtual private servers are commonly used in
web hosting A web hosting service is a type of Internet hosting service that hosts websites for clients, i.e. it offers the facilities required for them to create and maintain a site and makes it accessible on the World Wide Web. Companies providing web ho ...
services, where they are useful for segregating customer accounts, pooling resources and containing any potential security breaches. To save space on such installations, each virtual server's file system can be created as a tree of
copy-on-write Copy-on-write (COW), also called implicit sharing or shadowing, is a resource-management technique used in programming to manage shared data efficiently. Instead of copying data right away when multiple programs use it, the same data is shared ...
hard link In computing, a hard link is a directory entry (in a Directory (computing), directory-based file system) that associates a name with a Computer file, file. Thus, each file must have at least one hard link. Creating additional hard links for a fil ...
s to a "template" file system. The hard link is marked with a special filesystem attribute and when modified, is securely and transparently replaced with a real copy of the file. Linux-VServer provides two branches, stable (2.2.x), and devel (2.3.x) for 2.6-series kernels and a single stable branch for 2.4-series. A separate stable branch integrating the grsecurity patch set is also available.


Advantages

* Virtual servers share the same
system call In computing, a system call (syscall) is the programmatic way in which a computer program requests a service from the operating system on which it is executed. This may include hardware-related services (for example, accessing a hard disk drive ...
interface and do not have any emulation overhead. * Virtual servers do not have to be backed by opaque
disk image A disk image is a snapshot of a storage device's content typically stored in a file on another storage device. Traditionally, a disk image was relatively large because it was a bit-by-bit copy of every storage location of a device (i.e. every ...
s, but can share a common file system and common sets of files (through copy-on-write hard links). This makes it easier to back up a system and to pool disk space amongst virtual servers. * Processes within the virtual server run as regular processes on the host system. This is somewhat more memory-efficient and I/O-efficient than whole-system emulation, although memory ballooning and modern VMs allow returning unused memory and sharing disk cache with the host and other virtual servers. * Processes within the virtual server are queued on the same scheduler as on the host, allowing guest's processes to run concurrently on SMP systems. This is not trivial to implement with whole-system emulation. * Networking is based on isolation rather than virtualization, so there is no additional overhead for packets. * Smaller plane for security bugs. Only one kernel with small additional code-base compared to 2+ kernels and large interfaces between them. * Rich Linux scheduling features such as real-time priorities.


Disadvantages

* Requires that the host kernel be patched. * No clustering or process migration capability is included, so the host kernel and host computer is still a single point of failure for all virtual servers. * Networking is based on isolation, not virtualization. This prevents each virtual server from creating its own internal routing or firewalling setup. * Some system calls (mostly hardware-related: e.g. real-time clock) and parts of the /proc and /sys filesystems are left unvirtualized. * Does not allow disk I/O bandwidth to be allocated on a per-virtual server basis.


See also

*
Comparison of platform virtualization software Platform virtualization software, specifically emulators and hypervisors, are software packages that emulate the whole physical computer machine, often providing multiple virtual machines on one physical platform. The table below compares basic ...
*
Operating system-level virtualization OS-level virtualization is an operating system (OS) virtualization paradigm in which the Kernel (operating system), kernel allows the existence of multiple isolated user space and kernel space, user space instances, including containers (LXC, Sol ...


References


External links

*
Official releases

Implementation paper
{{DEFAULTSORT:Linux-Vserver Linux security software Linux kernel features Free virtualization software Linux-only free software Virtualization software for Linux