This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages) This article relies excessively on references to primary sources. Please improve this article by adding secondary or tertiary sources. Find sources: "Linux-VServer" – news · newspapers · books · scholar · JSTOR (May 2014) (Learn how and when to remove this template message) This article includes a list of references, related reading, or external links, but its sources remain unclear because it lacks inline citations. Please help to improve this article by introducing more precise citations. (January 2014) (Learn how and when to remove this template message) (Learn how and when to remove this template message)


Developer(s)	Herbert Pötzl (Community Project)

Stable release	2.6.22.19-vs2.2.0.7 / March 14, 2008; 15 years ago (2008-03-14)
Preview release	4.9.159-vs2.3.9.8 / October 5, 2019; 4 years ago (2019-10-05)

Repository	github.com/linux-vserver/util-vserver
Operating system	Linux
Platform	x86, SPARC/64, PA-RISC, s390x, MIPS/64, ARM, PowerPC/64, Itanium
Type	OS-level virtualization
License	GNU GPL v.2
Website	linux-vserver.org

Linux-VServer is a virtual private server implementation that was created by adding operating system-level virtualization capabilities to the Linux kernel. It is developed and distributed as open-source software.

Details

The project was started by Jacques Gélinas. It is now maintained by Herbert Pötzl. It is not related to the Linux Virtual Server project, which implements network load balancing.

Linux-VServer is a jail mechanism in that it can be used to securely partition resources on a computer system (such as the file system, CPU time, network addresses and memory) in such a way that processes cannot mount a denial-of-service attack on anything outside their partition.

Each partition is called a security context, and the virtualized system within it is the virtual private server. A chroot-like utility for descending into security contexts is provided. Booting a virtual private server is then simply a matter of kickstarting init in a new security context; likewise, shutting it down simply entails killing all processes with that security context. The contexts themselves are robust enough to boot many Linux distributions unmodified, including Debian and Fedora.

Virtual private servers are commonly used in web hosting services, where they are useful for segregating customer accounts, pooling resources and containing any potential security breaches. To save space on such installations, each virtual server's file system can be created as a tree of copy-on-write hard links to a "template" file system. The hard link is marked with a special filesystem attribute and when modified, is securely and transparently replaced with a real copy of the file.

Linux-VServer provides two branches, stable (2.2.x), and devel (2.3.x) for 2.6-series kernels and a single stable branch for 2.4-series. A separate stable branch integrating the grsecurity patch set is also available.

Advantages

Virtual servers share the same system call interface and do not have any emulation overhead.
Virtual servers do not have to be backed by opaque disk images, but can share a common file system and common sets of files (through copy-on-write hard links). This makes it easier to back up a system and to pool disk space amongst virtual servers.
Processes within the virtual server run as regular processes on the host system. This is somewhat more memory-efficient and I/O-efficient than whole-system emulation, although memory ballooning and modern VMs allow returning unused memory and sharing disk cache with the host and other virtual servers.
Processes within the virtual server are queued on the same scheduler as on the host, allowing guest's processes to run concurrently on SMP systems. This is not trivial to implement with whole-system emulation.
Networking is based on isolation rather than virtualization, so there is no additional overhead for packets.
Smaller plane for security bugs. Only one kernel with small additional code-base compared to 2+ kernels and large interfaces between them.
Rich Linux scheduling features such as real-time priorities.

Disadvantages

Requires that the host kernel be patched.
No clustering or process migration capability is included, so the host kernel and host computer is still a single point of failure for all virtual servers.
Networking is based on isolation, not virtualization. This prevents each virtual server from creating its own internal routing or firewalling setup.
Some system calls (mostly hardware-related: e.g. real-time clock) and parts of the /proc and /sys filesystems are left unvirtualized.
Does not allow disk I/O bandwidth to be allocated on a per-virtual server basis.

References

External links

Virtualization software

Comparison of platform virtualization software

Hardware
(hypervisors)

Native

Adeos
CP/CMS
Hyper-V
KVM
- oVirt
- Red Hat Virtualization
LDoms / Oracle VM Server for SPARC
Logical partition (LPAR)
LynxSecure
PikeOS
Proxmox VE
QNX
SIMMON
VMware ESXi
- VMware vSphere
- vCloud
VMware Infrastructure
Xen
- Oracle VM Server for x86
- XenServer
XtratuM
z/VM

Hosted

Specialized	Basilisk II Bochs Cooperative Linux DOSBox DOSEMU PCem 86Box PikeOS SheepShaver SIMH Windows on Windows Virtual DOS machine Win4Lin
Independent	bhyve Microsoft Virtual Server Parallels Workstation (Extreme) Parallels Desktop for Mac Parallels Server for Mac PearPC QEMU VirtualBox Virtual Iron VMware Fusion VMware Server VMware Workstation (Player) Windows Virtual PC

Tools

Operating
system

OS containers	FreeBSD jail iCore Virtual Accounts Linux-VServer Linux Containers OpenVZ Solaris Containers Virtuozzo Workload Partitions
Application containers	Docker Podman lmctfy rkt
Virtual kernel architectures	Rump kernel User-mode Linux vkernel
Related kernel features	BrandZ cgroups chroot namespaces eBPF seccomp
Orchestration	Amazon ECS Kubernetes OpenShift

Desktop

Application

Network

Distributed Overlay Virtual Ethernet (DOVE)
Ethernet VPN (EVPN)
NVGRE
Open vSwitch
Virtual security switch
Virtual Extensible LAN (VXLAN)
Generic Network Virtualization Encapsulation (GENEVE)

See also

BlueStacks

Linux kernel

Organization

Kernel	Linux Foundation Linux Mark Institute Linus's law Tanenbaum–Torvalds debate Tux SCO disputes Linaro GNU GPL v2 menuconfig Supported computer architectures Kernel names Criticism
Support	Developers The Linux Programming Interface kernel.org LKML Linux conferences Users Linux User Group (LUG)

Technical

Debugging

Startup

ABIs

APIs

Kernel

System Call Interface	POSIX ioctl select open read close sync … Linux-only futex epoll splice dnotify inotify readahead …
In-kernel	ALSA Crypto API io uring DRM kernfs Memory barrier New API RCU Video4Linux IIO

Userspace

Daemons, File systems	devfs devpts debugfs FUSE procfs sysfs systemd udev Kmscon
Wrapper libraries	C standard library glibc uClibc Bionic libhybris dietlibc EGLIBC klibc musl Newlib libcgroup libdrm libalsa libevdev libusb liburing

Components

Process and I/O schedulers:
Brain Fuck Scheduler
Completely Fair Scheduler (CFS)
Earliest eligible virtual deadline first (EEVDF)
Noop scheduler
O(n) scheduler
O(1) scheduler
SCHED_DEADLINE
SCHED_FIFO
SCHED_RR

Variants

Mainline
- Linux kernel
- Linux-libre
High-performance computing
Real-time computing
- RTLinux
- RTAI
- Xenomai
- PREEMPT_RT
MMU-less
- μClinux
- PSXLinux

Virtualization	Hypervisor KVM Xen OS-level virtualization Linux-VServer Lguest LXC OpenVZ Other L4Linux ELinOS User-mode Linux MkLinux coLinux

Adoption

Range of use	Desktop Embedded Gaming Thin client: LTSP Server: LAMP LYME-LYCE Devices
Adopters	List of Linux adopters

Linux portal
Free and open-source software portal
Category