Linux-VServer

• What The News
• General information
  • When & Where
  • Tickets
  • Travel
  • FAQ
  • Thanks to ...
  • Contact
  • Forum (old site)
• Camping
  • Map of WTH
  • Weather
  • Hotels
  • Facilities
  • Campsite locations
• Participate
  • Volunteers
  • Villages
  • Projects
• Conference program
  • Schedule Day 1
  • Schedule Day 2
  • Schedule Day 3
  • Schedule Day 4
  • Events
  • Speakers
  • iCal
• Other
  • Photos
  • Press Reviews

Abstract

A soft partitioning concept based on 'Security Contexts' which allows to create many independent Virtual Private Servers (VPS), similar to normal Linux Servers, which can be run simultaneously on one box at full speed, sharing the hardware resources. All services, such as ssh, mail, Web and databases, can be started on such a VPS, without (or in special cases with only minimal) modification, just like on any real server. Each virtual server has its own user account database and root password and doesn't interfere with other virtual servers, except for the fact that they share the same hardware resources.

Description

Linux Capability System, what is it, how can it be used to improve system security, with some examples. Linux File System Attributes and Isolation Concepts. - chroot() namespace restrictions - chcontext() process space restrictions - chbind() network restrictions Kernel space implementation, including a short overview how the Linux Kernel works regarding processes, namespace and network. Impact on performance and possible changes in behaviour, especially regarding the network and the scheduler. Basic examples how to use the Core Tools to create VServer Security Contexts and Network Contexts. Further aspects of the virtualization like: - uts_name() machine/node/domain-name - uptime VPS system uptime - reboot VPS system reboot - ipc/tgid namespace separation Resource Limits - process limits - scheduler limits - memory limits - per context disk limits - per context user/group quota

Speakers

• Herbert Pötzl

Schedule

Informations