As I type I’m rebuilding a customized slackware 12.1 kernel in one of my chroot environments. I use it as a psuedo-cross compile environment for a SBC target. Combine that with “mount -o bind” and I can have all my development files on my native system and mount them into the chroot for building.

Here’s how I setup my chroots (slackware 11.0 and 12.1): http://slackworld.berlios.de/2007/chroot_howto.html

The same can be done for .rpm based distros or .deb based.

I have to comment on one point made in the article: “The single kernel restriction may disuade you from using this method since all of your VMs depend on that single kernel for operational stability. It is the only kernel that receives an update and you can’t experiment with alternative kernels. The shared kernel is a single point of failure for all VMs on the host system. This is a significant drawback to this virtualization technology and the seriousness shouldn’t go unrecognized.”

The linux kernel gets more testing than VMware or any other VM solution. I trust its stability more than ANY VM out there.

In addition, the Linux development process is wide open and highly optimized. Git is an amazing SCM tool. I’ve used a bunch of other SCM tools and Git spanks them all. Linux kernel developers are highly talented, have a great process and the best (I think) SCM tool made.

virtualization is a technical method to solve some things but far far far not the all in one solution and sadly but true for the most users (special all small companys) its not necessary and often not useable.

sometimes its the best solution, sometimes (more often) its not.

And do not forget. Every single instanze want to have same amount f time for management (monitoring/updates…) than a classic shared system. Most of my customers profit from our well optimzed and monitored shared systems instead of getting their own virtserver where they have to invest again much time for the management (or money to us)

shared systems (one of the biggest advantages of linux) have a huge adanvantage agianst virtualized ones. shure there are reasons for them no question

but far not that important that the industry try to sell us.

You’re right, an example would be nice but these short articles are not appropriate for that kind of detail. An article describing that level of detail would need between 2K to 3K words.

For a good look at a chrooted Apache, check this link: Apache Chroot How To

Virtualization is great for ISPs. Most large-scale use some form of virtualization since dedicating entire systems is too costly and sharing services between lots of customers is, well, not very secure.
OS-Level virtualization for ISPs is a very efficient and secure way to provide services to clients–it still offers the “shared” resources concept with a far higher level of security and partitioning.

Im sorry but i have to absolutely dissagree.
First, its not unsecure if youve done things right. Shure you cannot give shell access, youll have to setup applicationfirewalls and configure your hole system real well.

youve to monitor your filesystem and maybe use vpn solutions for directacces some services for the customers. here also profiling user activities, profiling service activities.

but at the end it can be very secure. much more than a couple of houndres virtual systems for users.

as i said bevore the update problem (special securitiy update) and monitoring problem and do not forget the management of all these

shure in the theory 2 virtual instanzes for 2 users might be more secure and for “self service” customers sometimes right. But multiply it with 100 or 200 oder 2000 and youl see youre running into big problems.

you should not forget that a user is not only a security thread for your system he may also one by his own actions.
you cannot controll all users doing only their alowed busniess, maybe some of them using some kind of filesharing tasks on their virtual machines or something like that

or is used for dos attacs or whatever. try to monitor these things on virtual machines.

shure you can secure each virtual machine in the way i mean to secure a shared one but things changing very fast so you cannot held it up to date once its delivered.

also if your main system get hacked all of your virtual hosts are in danger anyway.

and what you gonna do to supprt all of your 2000 virtual hosts?

i tell you how to support it: you give every customer a webinterface like plexk and let him do his own job (where 70% of normal customers suffer) and sorry but i dont like things like plesk for security and flexibility reasons. many of our services would run if we use these stuff

ok so you delevop your own (maybe directory driven) system. ok thats good for supporting accounts like mail and ftp ob virtual hosts. but what you gonna do with other services you cannot implement?

uhh belive me, we drive both. real secure shared and for customers who really want virtual hosts (and that a long time bevore this hype began) and it isnt that easy, smart and happy new world with virtual hosts.

it is what it is the right solution for the right problems. but not the all in one answer with big big leaks.
shure most of these leaks are system specific/service specific
so have unix/special linux the big problem of missing an standard configuration db like windows servers

if its possible to get all daemons/hosts/services/settings/logs and monitors under one central controll these might be much different

but without that youre running and many (much more than ife described) problems in praxis by betting on the virtual horse.

and dont say everything can be done by own development,… belive me you can solve some of it but far not everything and by the way the own delevelop way is ery expensive in time and money so where is the super big advantage the industry try to sell us?

virtual hosts are no new thing. in fact its a well known old horse with a fresh PR and some new inventions. and again its the right solution for the right problems. like everything in the world theres no absolute truth , no absolute way to go, youll have always to consider deeply and sometimes there maybe 2 or 3 solutions same good at the end of the pro and contra list