kernel level virtualisation requirements.

Julian Elischer julian at elischer.org
Sun Oct 14 14:04:12 PDT 2007 

Miroslav Lachman wrote:
> Alexander Leidinger wrote:
> 
>> Quoting Miroslav Lachman <000.fbsd at quip.cz> (Sat, 13 Oct 2007 12:35:05 
>> +0200):
> 
> [...]
>>> It would be nice to have something from vserver, something from 
>>> zones, from xen, from jails etc.
>>> From my point of view:
>>>
>>> CPU limits - specified as relative part of shares (container can get 
>>> more CPU power if CPU is not 100% loaded) or set to absolute 
>>> (container can't get more than specified CPU power, so one can use it 
>>> to test applications on slow CPUs etc.)
>>>
>>> Memory limits - same as CPU
>>>
>>> Disk - it would be nice if I can set how many disk space each 
>>> container can use. (with similar interface as disk quotas - soft+hard 
>>> limits and space+inodes). Maybe setting of disk I/O in similar style 
>>> as CPU and memory limits above.
>>
>>
>> You can have something like this already with zfs. Just for
>> information, it doesn't mean we don't need to talk about this point.
> 
> I did not have enough time to play with FreeBSD 7 and ZFS. It is good to 
> know we have it yet. :)
> 
>>> UIDs - independent UIDs in containers. In relation to UIDs, one can 
>>> use disk quotas inside containers.
>>
>>
>> Can you please clarify what you mean here? Are you talking about the
>> current quota support and how it handles UIDs on the host? If your disk
>> proposal above is implemented, I can imagine that the current quota
>> stuff is independent from this and wouldn't need a decoupling from UIDs
>> in a jail from the UIDs on the host.
> 
> Yes I was talking about current quota support na UIDs on host. If I have 
> UID 1001 on host and UID 1001 in two jails on same mountpoint, current 
> quotas can not be used. Or am I wrong?
> 
>>> Network bandwidth - same as CPU and memory
>>
>>
>> We have this already with dummynet and/or pf, don't we?
> 
> OK, you are right, one can do this with dummynet or pf in simple jail 
> config, but with hierarchical structer, multiple IPs etc. Will it be 
> still usable? Maybe just implement some layer/utility to wrap around 
> container (jail) settings and generate proper dummynet / pf rules will 
> be enough.

in vimage each virtual instance has its own firewalls.

> 
> Miroslav Lachman
> _______________________________________________
> freebsd-arch at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-arch
> To unsubscribe, send any mail to "freebsd-arch-unsubscribe at freebsd.org"

More information about the freebsd-arch mailing list