LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Not a new concept

Not a new concept

Posted Nov 1, 2007 15:39 UTC (Thu) by mheily (guest, #27123)
Parent article: Notes from a container

This is a good feature that provides another layer of security. It's about time that Linux gained this functionality in the mainline kernel. The 'cgroups' concept has been successfully implemented in several other Unix systems. In FreeBSD, this type of container is called a jail and was first published in FreeBSD 4.0 almost seven years ago. In Solaris 10, it is called a zone. Why couldn't the Linux developers use one of these terms to describe their containers? Better yet, why not import the entire jail(8) subsystem from FreeBSD? This would give Linux a proven design, along with documentation, manpages, header files, and userland tools.

The "not invented here" syndrome strikes again...

(Log in to post comments)

Not a new concept

Posted Nov 1, 2007 18:50 UTC (Thu) by dowdle (subscriber, #659) [Link] 

SWsoft's Virtuozzo has been around for a little over 6 years I think... and OpenVZ is the
GPL'ed release of the kernel code and some of the userland code... and documentation, etc.
Linux-VServer has been around for as long if not longer.  Much of the code that is being
adapted into the Linux kernel regarding control groups (trying to get used to the new name)...
has been contributed by Google, IBM, OpenVZ and others... working together to get a consensus.

If they wanted to borrow from FreeBSD, they'd probably be using FreeBSD.  My guess is that
Linux and FreeBSD are different enough that adapting the existing FreeBSD jails code would
take as much work if not more as adapting any other project's code would... and having
everyone work together will hopefully lead to situation where everyone is happier than they
would have been if a single, canned solution were chosen.  It also gives them the opportunity
to take what they've already done, and improve it yet again.

Not a new concept

Posted Nov 2, 2007 1:45 UTC (Fri) by dvdeug (subscriber, #10998) [Link] 

I seriously doubt that the code from FreeBSD would be a good fit for Linux; you almost never
hear of major programs borrowing much deep code from each other. Generalizing the concept of
jails like Linux has done is interesting, and it may or not be useful. I would suspect you
could write a API-compatible implementation of BSD's jail in userspace pretty easily using
this, which is really the important thing.

Not a new concept

Posted Nov 3, 2007 15:09 UTC (Sat) by TRS-80 (subscriber, #1804) [Link]

As well as OpenVZ, Linux VServer has been around since 2003, and is one of the groups participating in the containers merging effort. In Debian Etch, using Linux VServer is as simple as apt-get installing a new kernel - you can even run VServer and Xen on the one system if you so desire.

Not a new concept

Posted Nov 6, 2007 18:39 UTC (Tue) by sayler (guest, #3164) [Link] 

Yep.  I've used Linux-Vserver for many years now (in production environments), and it's
performed great.  It *is* a shame that nothing made it into the mainline kernel before recenet
times, but my impression was that neither of the major codebases (Vserver, OpenVZ) were
particularly merge-worthy..

I'd also like to second the recommendation for Debian/etch's Linux Vserver integration.  A few
minutes of download and a reboot and you're ready to go.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds