tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: src/tests/net/icmp

On 11.07.2010 17:46, Antti Kantee wrote:
> "perform"?  Are you using that term for execution speed, or was it
> accidentally bundled with the rest of the paragraph?

execution speed (could be incorrect wording, I am no native speaker)

>>> Even so, rump is about virtualizing the kernel, not the user interface
>>> layer.  Given that jails/zones is a well-understood technology with at
>>> least some sort of NetBSD implementation already done, why not go the
>>> obvious route and finish that off?
>> I think he was referring to using a rump kernel as a "syscall proxy
>> server" rather than having in-kernel virtualization like jails/zones.
>> That would make sense, you already have proxy-like feature with rump.
> I'm not so sure.  That would require a lot of "kernel help" to make
> everything work correctly.

What kernel? rump or "host"?

Per see, most of the syscalls would go to the proxy, only "privileged"
operations like memory allocations/device multiplexing would need
special handling by the host kernel.

> The first example is mmap: you run into it
> pretty fast when you start work on a syscall server ;)
> That's not to say there is not synergy.  For example, a jail networking
> stack virtualized this way would avoid having to go over all the code, and
> "reboot" would be as simple as kill $serverpid.  Plus, more obviously,
> it would not require every jail to share the same code, i.e. you can
> have text optimized in various ways for various applications.

You also gain the advantage about resource control, as the proxy kernel
is, by itself, a process. Buggy kernel code would only crash the server
also, without putting too much of the host kernel at risk.

However, this design is very close to the one I envisioned with Xen and
"multiple small dom0's": with Xen, you may consider the "proxy server"
as the domU kernel, and the application running within the domain is the
jailed one. The difference being that the containers are handled just
like any other process, whereas for Xen, they are domains.

The jails/containers approach is more lightweight, you just have one
instance of the kernel; IMHO, they could be compared to chroot, with
many, many improvements. Each solution has its advantages/inconvenients.

Jean-Yves Migeon

Home | Main Index | Thread Index | Old Index