Developer: | Herbert Pötzl (Community Project) |
Latest Release Version: | 2.6.22.19-vs2.2.0.7 |
Latest Preview Version: | 4.9.159-vs2.3.9.8 |
Operating System: | Linux |
Platform: | x86, SPARC/64, PA-RISC, s390x, MIPS/64, ARM, PowerPC/64, Itanium |
Genre: | OS-level virtualization |
License: | GNU GPL v.2 |
Linux-VServer is a virtual private server implementation that was created by adding operating system-level virtualization capabilities to the Linux kernel. It is developed and distributed as open-source software.
The project was started by Jacques Gélinas. It is now maintained by Herbert Pötzl. It is not related to the Linux Virtual Server project, which implements network load balancing.
Linux-VServer is a jail mechanism in that it can be used to securely partition resources on a computer system (such as the file system, CPU time, network addresses and memory) in such a way that processes cannot mount a denial-of-service attack on anything outside their partition.
Each partition is called a security context, and the virtualized system within it is the virtual private server. A chroot-like utility for descending into security contexts is provided. Booting a virtual private server is then simply a matter of kickstarting init in a new security context; likewise, shutting it down simply entails killing all processes with that security context. The contexts themselves are robust enough to boot many Linux distributions unmodified, including Debian and Fedora.
Virtual private servers are commonly used in web hosting services, where they are useful for segregating customer accounts, pooling resources and containing any potential security breaches. To save space on such installations, each virtual server's file system can be created as a tree of copy-on-write hard links to a "template" file system. The hard link is marked with a special filesystem attribute and when modified, is securely and transparently replaced with a real copy of the file.
Linux-VServer provides two branches, stable (2.2.x), and devel (2.3.x) for 2.6-series kernels and a single stable branch for 2.4-series. A separate stable branch integrating the grsecurity patch set is also available.