Linux is released about 5 times a year (plus stable updates
every week or two)
+
+
+ ...though some features aren't ready to use when they firat
+ appear in a release
+
+
For 'wheezy' we chose to freeze with Linux 3.2, which was
@@ -202,23 +209,28 @@
-
User namespaces [3.7]
+
More support for containers
- One of the last missing pieces for OpenVZ-like containers
+ Containers are lightweight VMs - run on the same kernel as host,
+ but with limited privileges and resources
+
+
+ Previously done by OpenVZ and Linux-VServer; gradually being
+ reimplemented upstream
- Each user namespace has its own root user with
- privileges over the users and processes in that namespace - but
- not the whole system
+ User namespaces (added in 3.7) support the existence of a
+ root user inside the container that is unprivileged
+ outside the container
Currently somewhat experimental, and requires filesystem
changes which haven't been done for XFS
- Make it work: send patches to upstream XFS developers (this
- one's hard)
+ Make user namespaces work: send patches to upstream XFS
+ developers (this one's hard)