OpenSolaris Has Virtual-Machine Edge
Linked by Eugenia Loli on Fri 8th Jul 2005 18:56 UTC
Sun Solaris, OpenSolaris "Containers" feature allows multiple virtual machines to share a single copy of the Solaris operating system, unlike other virtual-machine technologies.
E-mail Print r 0   13 Comment(s) http://osne.ws/8lh
Order by: Score:
Add Comment Post a Comment
Awesome
by Dark Leth on Fri 8th Jul 2005 19:01 UTC
Dark Leth
Member since:
2005-07-06

This could open up some very interesting oppurtunities for testing kernel code and such.

The other nice thing about such containers is that changes in one VM, while possibly corrupting it, are not acknowledged by the rest of the system, giving you a complete sandbox mode.

Reply Score: 1

RE: Awesome
by Anonymous on Sat 9th Jul 2005 00:07 UTC in reply to "Awesome"
Anonymous Member since:
---

This could open up some very interesting oppurtunities for testing kernel code and such.

No, for kernel code development you need a real virtual machine monitor that runs a separate instance of the kernel. There is no point to use a zone/jail as you still have only one instance of the kernel and you gained exactly nothing.

Reply Score: 0

Security through OS Virtualization
by Anonymous on Fri 8th Jul 2005 19:04 UTC
Anonymous
Member since:
---

Do you think something similar to chroot jail can be created by using an OS instances for each user? Will this method give ultimate security? Any thoughts?

Reply Score: 0

Anonymous Member since:
---

Of course. vservers (http://linux-vserver.org/) already provide this kind of functionality. Generally more useful for servers (separate web, mail, dns...) but could be applied to separate users.

Reply Score: 0

errr...
by Anonymous on Fri 8th Jul 2005 19:05 UTC
Anonymous
Member since:
---

I didn't think solaris zones are virtual machines - more really heavy weight chroot's.

Also, the process of creating a container, copies files from the host, and not share the files as implied in the article.

Am I missing something, are containers something different to zones?

Reply Score: 0

RE: errr...
by eschrock on Fri 8th Jul 2005 19:19 UTC in reply to "errr..."
eschrock Member since:
2005-07-07

You can check out the following for an overview of where zones fall in the range of virtualization options:

http://blogs.sun.com/roller/page/eschrock?entry=solaris_virtualizat...

By default, the majority of files (/usr, /lib, /sbin, /platform) are shared (via read-only loopback mounts) with the global zone. Zones can also be configured in "whole root" mode, which copies files from the above directories instead of sharing them.

"Containers" are the marketing term for zones - they are the same thing.

Reply Score: 5

chroot
by Anonymous on Fri 8th Jul 2005 19:05 UTC
Anonymous
Member since:
---

This sounds like a fancy, powerful extension of chroot. Containers are a good idea.

Does each container have its own partition? Do they share programs (e.g. /usr)?

Reply Score: 0

RE: chroot
by Dark Leth on Fri 8th Jul 2005 19:16 UTC in reply to "chroot"
Dark Leth Member since:
2005-07-06

If I am correct, they create virtualizations of the original partition, utilising each file, but not actually modifying the source file, but it's own doppelganger version.

Reply Score: 1

jails
by Anonymous on Fri 8th Jul 2005 19:21 UTC
Anonymous
Member since:
---

looks like FreeBSD's jail(8)s. One kernel, many userlands.
However Solaris' implementation seems to have interesting capping capabilities for cpu cycles (or is it just nice(1)?) and memory (afair with FreeBSD you can cap only the number of processes)

Reply Score: 0

For more information
by eschrock on Fri 8th Jul 2005 19:29 UTC
eschrock
Member since:
2005-07-07

For more information on Zones (a.k.a. containers), check out the bigadmin site:

http://www.sun.com/bigadmin/content/zones/

As well as the OpenSolaris Zones community:

http://www.opensolaris.org/os/community/zones/

Reply Score: 5

containers
by Anonymous on Fri 8th Jul 2005 19:50 UTC
Anonymous
Member since:
---

I think one of the things I recall form a Solars 10 demo that Sun did is to mention how containers/zones can also be given resource limits to CPU's, memory, etc. This works really well (according to them) when you have a multi-core or multi-cpu system and want to allocate some hard resources to different projects contained within zones.

Reply Score: 2

Robert Escue
Member since:
2005-07-08

Both escrock and Anonymous discuss the use of Resource Controls with Containers and Zones. These controls can be changed dynamically, unlike previous releases of Solaris where changes usually required a reboot. On a large machine using Projects, Resource Controls, Containers and Zones gives the system administrator extremely fine grained control over a system that no other operating system I am aware of can match.

Reply Score: 4

Get Solaris 10 and setup your own Zones
by Anonymous on Sat 9th Jul 2005 16:11 UTC
Anonymous
Member since:
---

Step by Step :
http://www.blastwave.org/docs/Solaris-10-b51/DMC-0002/dmc-0002.html

Once you have a Zone running then see what Brendan Gregg has to offer here :

http://users.tpg.com.au/adsln4yb/zones.html

Dennis at Blastwave

Reply Score: 2

Add Comment Post a Comment