#
# Linux VServer configuration
#

menu "Linux VServer"

config	VSERVER_LEGACY
	bool	"Enable Legacy Kernel API"
	depends on EXPERIMENTAL
	default n
	help
	  This enables the legacy API used in vs1.xx, maintaining
	  compatibility with older vserver tools, and guest images
	  that are configured using the legacy method.

config	VSERVER_LEGACY_VERSION
	bool	"Show a Legacy Version ID"
	depends on VSERVER_LEGACY
	default n
	help
	  This shows a special legacy version to very old tools
	  which do not handle the current version correctly.

	  Warning: recent tools are not able to utilize the
	  newer APIs when this is enabled, so some features will
	  not be available. Better avoid it, unless you really,
	  really need it for backwards compatibility.

config	VSERVER_DYNAMIC_IDS
	bool	"Enable dynamic context IDs"
	depends on EXPERIMENTAL && VSERVER_LEGACY
	default n
	help
	  This enables support of in kernel dynamic context IDs,
	  which is deprecated and will probably be removed in the
	  next release.

config	VSERVER_LEGACYNET
	bool	"Enable Legacy Networking Kernel API"
	depends on EXPERIMENTAL
	default n
	help
	  This enables the legacy networking API which is used
	  by older tools (pre 0.30.210) to set up the network
	  context (chbind).

config	VSERVER_REMAP_SADDR
	bool	"Remap Source IP Address"
	depends on EXPERIMENTAL
	default n
	help
	  This allows to remap the source IP address of 'local'
	  connections from 127.0.0.1 to the first assigned
	  guest IP.

config	VSERVER_COWBL
	bool	"Enable COW Immutable Link Breaking"
	default y
	help
	  This enables the COW (Copy-On-Write) link break code.
	  It allows you to treat unified files like normal files
	  when writing to them (which will implicitely break the
	  link and create a copy of the unified file)

config	VSERVER_VTIME
	bool	"Enable Virtualized Guest Time"
	depends on EXPERIMENTAL
	default n
	help
	  This enables per guest time offsets to allow for
	  adjusting the system clock individually per guest.
	  this adds some overhead to the time functions and
	  therefore should not be enabled without good reason.

config	VSERVER_PROC_SECURE
	bool	"Enable Proc Security"
	depends on PROC_FS
	default y
	help
	  This configures ProcFS security to initially hide
	  non-process entries for all contexts except the main and
	  spectator context (i.e. for all guests), which is a secure
	  default.

	  (note: on 1.2x the entries were visible by default)

config	VSERVER_HARDCPU
	bool	"Enable Hard CPU Limits"
	default y
	help
	  Activate the Hard CPU Limits

	  This will compile in code that allows the Token Bucket
	  Scheduler to put processes on hold when a context's
	  tokens are depleted (provided that its per-context
	  sched_hard flag is set).

	  Processes belonging to that context will not be able
	  to consume CPU resources again until a per-context
	  configured minimum of tokens has been reached.

config	VSERVER_IDLETIME
	bool	"Avoid idle CPUs by skipping Time"
	depends on VSERVER_HARDCPU
	default y
	help
	  This option allows the scheduler to artificially
	  advance time (per cpu) when otherwise the idle
	  task would be scheduled, thus keeping the cpu
	  busy and sharing the available resources among
	  certain contexts.

config	VSERVER_IDLELIMIT
	bool	"Limit the IDLE task"
	depends on VSERVER_HARDCPU
	default n
	help
	  Limit the idle slices, so the the next context
	  will be scheduled as soon as possible.

	  This might improve interactivity and latency, but
	  will also marginally increase scheduling overhead.

choice
	prompt	"Persistent Inode Tagging"
	default	TAGGING_ID24
	help
	  This adds persistent context information to filesystems
	  mounted with the tagxid option. Tagging is a requirement
	  for per-context disk limits and per-context quota.


config	TAGGING_NONE
	bool	"Disabled"
	help
	  do not store per-context information in inodes.

config	TAGGING_UID16
	bool	"UID16/GID32"
	help
	  reduces UID to 16 bit, but leaves GID at 32 bit.

config	TAGGING_GID16
	bool	"UID32/GID16"
	help
	  reduces GID to 16 bit, but leaves UID at 32 bit.

config	TAGGING_ID24
	bool	"UID24/GID24"
	help
	  uses the upper 8bit from UID and GID for XID tagging
	  which leaves 24bit for UID/GID each, which should be
	  more than sufficient for normal use.

config	TAGGING_INTERN
	bool	"UID32/GID32"
	help
	  this uses otherwise reserved inode fields in the on
	  disk representation, which limits the use to a few
	  filesystems (currently ext2 and ext3)

endchoice

config	TAG_NFSD
	bool	"Tag NFSD User Auth and Files"
	default n
	help
	  Enable this if you do want the in-kernel NFS
	  Server to use the tagging specified above.
	  (will require patched clients too)

config	PROPAGATE
	bool	"Enable Inode Tag Propagation"
	default n
	depends on EXPERIMENTAL
	help
	  This allows for the tagid= mount option to specify
	  a tagid which is to be used for the entire mount
	  tree.

config	VSERVER_PRIVACY
	bool	"Honor Privacy Aspects of Guests"
	default y
	help
	  When enabled, most context checks will disallow
	  access to structures assigned to a specific context,
	  like ptys or loop devices.

config	VSERVER_CONTEXTS
	int	"Maximum number of Contexts (1-65533)"	if EMBEDDED
	range 1 65533
	default "768"	if 64BIT
	default "256"
	help
	  This setting will optimize certain data structures
	  and memory allocations according to the expected
	  maximum.

	  note: this is not a strict upper limit.

config	VSERVER_WARN
	bool	"VServer Warnings"
	default y
	help
	  This enables various runtime warnings, which will
	  notify about potential manipulation attempts or
	  resource shortage. It is generally considered to
	  be a good idea to have that enabled.

config	VSERVER_DEBUG
	bool	"VServer Debugging Code"
	default n
	help
	  Set this to yes if you want to be able to activate
	  debugging output at runtime. It adds a very small
	  overhead to all vserver related functions and
	  increases the kernel size by about 20k.

config	VSERVER_HISTORY
	bool	"VServer History Tracing"
	depends on VSERVER_DEBUG
	default n
	help
	  Set this to yes if you want to record the history of
	  linux-vserver activities, so they can be replayed in
	  the event of a kernel panic or oops.

config	VSERVER_HISTORY_SIZE
	int	"Per-CPU History Size (32-65536)"
	depends on VSERVER_HISTORY
	range 32 65536
	default 64
	help
	  This allows you to specify the number of entries in
	  the per-CPU history buffer.

config	VSERVER_MONITOR
	bool	"VServer Scheduling Monitor"
	depends on VSERVER_DEBUG
	default n
	help
	  Set this to yes if you want to record the scheduling
	  decisions, so that they can be relayed to userspace
	  for detailed analysis.

config	VSERVER_MONITOR_SIZE
	int	"Per-CPU Monitor Queue Size (32-65536)"
	depends on VSERVER_MONITOR
	range 32 65536
	default 1024
	help
	  This allows you to specify the number of entries in
	  the per-CPU scheduling monitor buffer.

config	VSERVER_MONITOR_SYNC
	int	"Per-CPU Monitor Sync Interval (0-65536)"
	depends on VSERVER_MONITOR
	range 0 65536
	default 256
	help
	  This allows you to specify the interval in ticks
	  when a time sync entry is inserted.

endmenu


config	VSERVER
	bool
	default y
	select UTS_NS
	select SYSVIPC
	select IPC_NS

config	VSERVER_SECURITY
	bool
	depends on SECURITY
	default y
	select SECURITY_CAPABILITIES

config	VSERVER_NGNET
	bool
	depends on EXPERIMENTAL && !VSERVER_LEGACYNET
	default y

