Linux VServer is an open-source, fast, and lightweight approach to implementing virtual machines on a Linux server. It consists of a modest modification to the kernel and a small set of OS userland tools. The VServer Linux kernel manages all system resources and tasks, including process scheduling, memory, disk space, and processor time. Each virtual server is isolated from the others using Linux kernel capabilities, providing security and making it easy to set up multiple virtual machines on a single platform.
The chroot command is a UNIX or Linux command that makes the root directory (/) become something other than its default for the lifetime of the current process. It can only be run by privileged users and is used to give a process (commonly a network server such as FTP or HTTP) access to a restricted portion of the file system. This command provides file system isolation, allowing commands to only affect files that start with the defined root for that server.
The chcontext Linux utility allocates a new security context and executes commands in that context. The usual or hosted security context is context 0, which has the same privileges as the root user (UID 0). All other contexts provide complete isolation, allowing processes from one context to neither see nor interact with processes from another context.
The chbind utility executes a command and locks the resulting process and its children into using a specific IP address. This system call provides network isolation, ensuring that each virtual server uses a separate and distinct IP address.
Lastly, each virtual server is assigned a set of capabilities, which refers to a partitioning of the privileges available to a root user, providing root isolation. VServer can also set resource limits, such as the amount of virtual memory a process may use.
The general architecture of Linux VServer is shown in Figure 2.21, which shows a shared, virtualized OS image consisting of a root file system, system libraries, and kernel services. Each VM can be booted, shut down, and rebooted independently. The hosting platform includes the shared OS image and a privileged host VM, which monitors and manages other VMs. The virtual platform creates virtual machines and is the view of the system seen by the applications running on the computer system.
