From owner-freebsd-questions@FreeBSD.ORG Mon May 15 03:11:38 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5B15516A417 for ; Mon, 15 May 2006 03:11:38 +0000 (UTC) (envelope-from freebsd@philip.pjkh.com) Received: from bravo.pjkh.com (bravo.pjkh.com [72.36.232.219]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0ABCF43D45 for ; Mon, 15 May 2006 03:11:37 +0000 (GMT) (envelope-from freebsd@philip.pjkh.com) Received: from bravo.pjkh.com (bravo.pjkh.com [72.36.232.219]) by bravo.pjkh.com (Postfix) with ESMTP id 8A04A13C7E3; Sun, 14 May 2006 22:14:31 -0500 (CDT) Received: by bravo.pjkh.com (Postfix, from userid 1000) id 5752A13C7C9; Sun, 14 May 2006 22:14:31 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by bravo.pjkh.com (Postfix) with ESMTP id 5460A13C404; Sun, 14 May 2006 22:14:31 -0500 (CDT) Date: Sun, 14 May 2006 22:14:31 -0500 (CDT) From: Philip Hallstrom To: Andrew In-Reply-To: <1147630193.10075.33.camel@LatitudeFC5.network> Message-ID: <20060514221324.L69900@bravo.pjkh.com> References: <1147578337.10075.12.camel@LatitudeFC5.network> <20060514100121.60fce840.wmoran@collaborativefusion.com> <1147630193.10075.33.camel@LatitudeFC5.network> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: ClamAV using ClamSMTP Cc: freebsd-questions@freebsd.org, Bill Moran Subject: Re: VM and jailed processes X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 May 2006 03:11:38 -0000 >>> It's my understanding that if there is more than one instance of a >>> specific application running, then portions of the code are shared in >>> memory. I would assume that would apply to dynamically linked >>> applications as well; i.e. if two different applications are linked >>> against the same library, the given code exists in only one location in >>> memory. Is this correct? >>> >>> The second portion of my question is, how does this apply to jailed >>> processes? Looking through the architecture handbook, I did not see any >>> references to VM, which leads me to believe that the standard rules >>> apply to jails as well. So, for instance, if I was to provide a hosting >>> service with numerous instances of Apache running in individual jails, >>> could I assume that base memory usage (ie idle, not serving requests) >>> would increase at a roughly linear rate? >> >> Keep in mind that if you set up jails the cononical way, each jail instance >> will have it's own installation of Apache. Even if each of these >> installations are _identical_, they're still seperate, and the kernel >> has now way of knowing that /jail1/usr/bin/httpd and /jail2/usr/bin/httpd >> are the same execution image (Unless you're doing symlinks or hardlinks). >> >> So getting that kind of memory sharing will require some extra work on >> your part, above and beyond what is normally done for a jail. >> > > Hi Bill, > > I'm thinking of using mount_nullfs(8) to provide read-only mounts for > all the executables in each jail. I've been doing some reading, 'man > rtld(1)', and it seems that the linker will take of sharing non-writable > code between processes, even if the executables are loaded from > different mount-points/file-systems. You should also look at ezjail... it uses the same tricks to reduce the size of individual jail systems. I haven't used it, but keep meaning too (next server :) http://erdgeist.org/arts/software/ezjail/