« back to all changes in this revision
Viewing changes to doc/dev/architecture.rst
- browse files at revision 1326
- compare with another revision
- compare with revision 1833
- download diff
- download tarball
- view history from revision 1326
- Committer: Matt Giuca
- Date: 2009-12-01 07:33:56 UTC
- Revision ID: matt.giuca@gmail.com-20091201073356-y03yaqtkxlsmvns4
doc/dev/architecture: Reword Mounting Home Directories section (lots of minor edits). Note section reworded as past-tense.
- files modified:
- doc/dev/architecture.rst
added
removed
doc/dev/architecture.rst
128
128
To give the appearance of a private file system we need to merge together a
129
129
user's local home directory with the base image.
130
130
To achieve this, IVLE uses the *bind mount* feature of Linux, which allows
131
directories to be accessible from another location in the
132
file system. By carefully read-only bind mounting the jail image and then bind
133
mounting the user's :file:`/home` and :file:`/tmp` directory data over the top
134
we can create a jail with only three bind mounts and at virtually no
135
filesystem overhead.
131
directories to be accessible from another location in the file system. By
132
carefully bind-mounting the jail image as read-only and then bind-mounting the
133
user's :file:`/home` and :file:`/tmp` directory data over the top, we create a
134
jail with only three bind mounts and at virtually no filesystem overhead.
136
135
137
136
.. note::
138
137
IVLE has historically used numerous solutions to this problem, which are
139
138
chronicled here to avoid the same mistakes being made again.
140
139
141
In the first release of IVLE this was done off-line by hardlinking all the
142
files into the target directory, but for more than a handful of users this
143
process could take several hours and also ran the risk of exhausting inodes
144
on the underlying file system.
140
In the first release of IVLE this was done offline by hard-linking all the
141
files into the target directory, but for a large number of users, this
142
process can take several hours, and also runs the risk of exhausting
143
the number of inodes on the underlying file system.
145
144
146
The first solution was to use `AUFS <http://aufs.sourceforge.net/>`_ to
145
The second solution was to use `AUFS <http://aufs.sourceforge.net/>`_ to
147
146
mount the user's home directory over a read-only version of the base on
148
147
demand. This was implemented as part of ``trampoline`` and used a secondary
149
program ``timount`` (see :file:`bin/timount/timount.c`) run at regular
150
intervals to unmount unused jails. This uses the :const:`MNT_EXPIRE` flag
148
program ``timount`` (see :file:`bin/timount/timount.c`), run at regular
149
intervals, to unmount unused jails. This used the :const:`MNT_EXPIRE` flag
151
150
for :manpage:`umount(2)` (available since Linux 2.6.8) that only unmounts a
152
151
directory if it hasn't been accessed since the previous call with
153
152
:const:`MNT_EXPIRE`.
154
153
155
While quite effective, AUFS appears to cause NFS caching issues when IVLE
156
is run as a cluster as well as questionable inclusion status in newer
157
distributions. This is why the current system uses the much older bind
158
mount feature to achieve the same ends.
154
While quite effective, AUFS appeared to cause NFS caching issues when IVLE
155
was run as a cluster, and as its inclusion status in future Linux
156
distributions is questionable, the developers elected to use the much older
157
bind mount feature instead.
159
158
160
159
Entering the Jail
161
160
-----------------
Loggerhead is a web-based interface for Breezy
Version: 2.0.1