Re: user- vs kernel-level resource sandbox for Linux?

[Marek Habersack]

On Tue, Nov 30, 2004 at 06:48:27PM +0000, Alan Cox scribbled:
> On Maw, 2004-11-30 at 02:39, Marek Habersack wrote:
> > per-process isn't enough. I specifically need something to limit the memory
> > usage on a more global scale - per user ID or per process group or a similar
> > way of grouping related processes. That's the only way to tame processes
> > like apache. At this point the option I'm considering is Xen, unless I can
> > find a userland solution to the problem...
> 
> I'd suggest playing with Xen - its very efficient and it really does
> come close to perfect constraint for resources.
That's my current impression. I also considered writing a simple kernel
module to intercept sys_brk, but that seemed to be a bit clumsy. We have
been running a test installation of Xen with 2 VMs under quite high load and
it performs outstandingly well in "laboratory environment".
Also, I seem to recall there used to be a patch for the linux kernel to implement 
BSD-like jail environment, which would suit my purpose too, do you know what happened
to the project/where it can be found? It would be a great addition to the
kernel, just like the Zones in Solaris 10 are (which are based on the BSD
jail concept as well).

regards,

marek

Attachment: signature.asc
Description: Digital signature