[ale] Anyone checked out Slackware 12 yet?

Michael B. Trausch michael.trausch at gmail.com
Thu Jul 5 13:26:06 EDT 2007


On Wed, 2007-07-04 at 15:05 -0400, Jim wrote:

> I don't know what you are wanting jails for, so this might not be of 
> interest.  After trying XEN, Vmware and some others, I finally
> settled 
> on OpenVZ.  It just seems to work.  Vmware is very slow unless you
> pay 
> and Xen support (forum) is monitored by a group of hot shots who
> delight 
> in shooting down anyone they detect is starting from scratch.  There
> are 
> a few helpful folks, but they are usually shouted down by the scum.
> The 
> help I've gotten on the OpenVZ forum has been superb. 


I will check out OpenVZ.  I had tried Xen on the server and was quite
overwhelmed by its complexity when it came to trying to use systems like
the BSD family underneath it with a Linux host.  (My goal there was to
have my server actually run Linux, FreeBSD, NetBSD, and OpenBSD at the
same time as testbed operating systems, so that I could try different
things and see how they each reacted to all of them.  I like doing
things like that.)

In the end, though, what I need the server to do is provide separate
VM-like environments that will allow me to separate the main server from
environments where I have potentially untrusted users lurking.  In this
way, nothing can break out of the system and into the main host, and if
I wanted to, I could write a script that would regenerate the jailed
environment every evening or something.  In reality, it's easy enough to
regenerate the environment that I can do it on demand, and use something
like Subversion for tracking of the /etc directory so that if I have to
"reinstall" a jail, I just remove all its files, build it from source
(make installworld DESTDIR=/jail/outside) and then check out the
SVN /etc tree.

It also lets me separate various roles out into subsystems of the main
server, like hosting the database in a different jail, etc.  It is like
virtualization, but it is limited to a single operating system kernel.
However, this can be very useful for testbed stuff, too, when you want
to try things like removing parts of the core system to figure out what
is truly necessary, etc. without putting the server itself in any
danger.  Also, since the server itself doesn't have a new enough CPU to
support hardware-assisted virtualization, lightweight (no-emulation)
jails like this can be wonderful things, if you don't need to run
multiple operating systems.  They don't get a disk "device", per s?, so
there is no emulation overhead there, either.  You just export a subset
of /dev from the main system, and use that to hide access to things like
the system's USB or other hardware that you don't want the jail having
access to.

What, I think, would be really cool would be to be able to use KVM in a
non-QEMU like way.  I don't know if that can be done yet, but if it
could be, that would be pretty nifty.  The only downside to that is that
it would still require a hardware upgrade on the server.

    --- Mike

--
Michael B. Trausch
                                Web:
              http://www.trausch.us/
Phone: (404) 592-5746
                    Jabber IM/Email:
           michael.trausch at gmail.com
Demand Freedom!  Use open and free protocols, standards, and software!
Support free speech---it is the most valuable freedom we have!
-------------- next part --------------
An HTML attachment was scrubbed...

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part




More information about the Ale mailing list