Editing Linux-VServer

{{Short description|OS-level virtualisation}}
{{multiple|
{{primary sources|date=May 2014}}
{{Citations|date=January 2014}}
}}
{{Infobox software
| name = 
| logo = [[Image:Linux-VServer-logo.png|Linux-VServer]]
| screenshot = 
| caption = 
| developer = Herbert Pötzl (Community Project)
| latest release version = 2.6.22.19-vs2.2.0.7
| latest release date = {{start date and age|2008|03|14}}
| latest preview version = 4.9.159-vs2.3.9.8
| latest preview date = {{start date and age|2019|10|05}}
| operating_system = [[Linux]]
| platform = [[x86]], [[SPARC|SPARC/64]], [[PA-RISC]], [[z/Architecture|s390x]], [[MIPS architecture|MIPS/64]], [[ARM architecture|ARM]], [[PowerPC|PowerPC/64]], [[Itanium]]
| genre = [[Operating system-level virtualization|OS-level virtualization]]
| license = [[GNU General Public License|GNU GPL]] v.2
| website = {{URL|linux-vserver.org/}}
}}

'''Linux-VServer''' is a [[virtual private server]] implementation that was created by adding [[operating system-level virtualization]] capabilities to the [[Linux kernel]]. It is developed and distributed as [[open-source software]].

==Details==
The project was started by [[Jacques Gélinas]].  It is now maintained by Herbert Pötzl. It is not related to the [[Linux Virtual Server]] project, which implements network [[Load balancing (computing)|load balancing]].

Linux-VServer is a [[Operating-system-level virtualization|jail mechanism]] in that it can be used to securely partition resources on a computer system (such as the [[file system]], CPU time, network addresses and memory) in such a way that [[process (computing)|processes]] cannot mount a [[denial-of-service attack]] on anything outside their partition.

Each partition is called a ''security context'', and the virtualized system within it is the ''virtual private server''.  A [[chroot]]-like utility for descending into security contexts is provided.  Booting a virtual private server is then simply a matter of kickstarting [[init]] in a new security context;  likewise, shutting it down simply entails killing all processes with that security context.  The contexts themselves are robust enough to boot many [[Linux distribution]]s unmodified, including [[Debian]] and [[Fedora (operating system)|Fedora]].

Virtual private servers are commonly used in [[web hosting]] services, where they are useful for segregating customer accounts, pooling resources and containing any potential security breaches.  To save space on such installations, each virtual server's file system can be created as a tree of [[copy-on-write]] [[hard link]]s to a "template" file system.  The hard link is marked with a special filesystem attribute and when modified, is securely and transparently replaced with a real copy of the file.

Linux-VServer provides two branches, stable (2.2.x), and devel (2.3.x) for 2.6-series kernels and a single stable branch for 2.4-series.  A separate stable branch integrating the [[grsecurity]] patch set is also available.

==Advantages==
* Virtual servers share the same [[system call]] interface and do not have any [[emulator|emulation]] overhead.
* Virtual servers do not have to be backed by opaque [[disk image]]s, but can share a common file system and common sets of files (through copy-on-write hard links).  This makes it easier to back up a system and to pool disk space amongst virtual servers.
* Processes within the virtual server run as regular processes on the host system.  This is somewhat more memory-efficient and I/O-efficient than whole-system emulation, although memory ballooning and modern VMs allow returning unused memory and sharing disk cache with the host and other virtual servers.
* Processes within the virtual server are queued on the same scheduler as on the host, allowing guest's processes to run concurrently on [[Symmetric multiprocessing|SMP]] systems.  This is not trivial to implement with whole-system emulation.
* Networking is based on isolation rather than virtualization, so there is no additional overhead for packets.
* Smaller plane for security bugs. Only one kernel with small additional code-base compared to 2+ kernels and large interfaces between them.
* Rich Linux scheduling features such as real-time priorities.

==Disadvantages==
* Requires that the host kernel be patched.
* No [[computer cluster|clustering]] or [[process migration]] capability is included, so the host kernel and host computer is still a single point of failure for all virtual servers.
* Networking is based on isolation, not virtualization. This prevents each virtual server from creating its own internal routing or firewalling setup.
* Some system calls (mostly hardware-related: e.g. [[real-time clock]]) and parts of the [[procfs|/proc]] and [[sysfs|/sys]] filesystems are left unvirtualized.
* Does not allow disk I/O bandwidth to be allocated on a per-virtual server basis.

==See also==
{{Portal|Free and open-source software}}
* [[Comparison of platform virtualization software]]
* [[Operating system-level virtualization]]

==References==
{{Reflist}}

==External links==
* {{Official website}}
* [http://www.13thfloor.at/vserver/project/ Official releases]
* [http://linux-vserver.org/Linux-VServer-Paper Implementation paper]

{{Virtualization software}}
{{Linux kernel}}

{{DEFAULTSORT:Linux-Vserver}}
[[Category:Linux security software]]
[[Category:Linux kernel features]]
[[Category:Free virtualization software]]
[[Category:Linux-only free software]]
[[Category:Virtualization software for Linux]]