Linux-VServer is a jail mechansim in that it can be used to securely partition resources on a computer system (such as the file-system CPU time, network addresses and memory) in such a way that processes cannot mount a DDoS Attack on anything outside their partition.
Each partition is called a security context and the virtualized system within it is the virtual private server. A chroot like utility for descending into security contexts is provided. Booting a virtual private server is then simply a matter of kickstarting in it in a new security context; likewise, shutting it down simply entails killing all processes with that security context. The contexts themselves are robust enough to boot many Linux distribution unmodified, including Debian and Fedora.Virtual private servers are commonly used in web hosting services, where they are useful for segregating customer accounts, pooling resources and containing any potential security breaches.
Virtual servers share the same system call interface and do not have any emulation overhead. Virtual servers do not have to be backed by opaque disk images, but can share a common file system and common sets of files (through copy-on-write hard links). This makes it easier to back up a system and to pool disk space amongst virtual servers. Networking is based on isolation rather than virtualization, so there is no additional overhead for packets.
Processes within the virtual server run as regular processes on the host system. This is somewhat more memory-efficient and I/O-efficient than whole-system emulation, although memory ballooning and modern VMs allow returning unused memory and sharing disk cache with the host and other virtual servers. Requires that the host kernel be patched. No clustering or process migration capability is included, so the host kernel and host computer is still a single point of failure for all virtual servers.
