From: "Serge E. Hallyn" <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
To: Jean-Marc Pigeon <jmp-4qkeo2rQ0gg@public.gmane.org>
Cc: Linux Containers <containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>
Subject: Re: [PATCH 1/1] Syslog are now containerized
Date: Thu, 11 Feb 2010 11:48:43 -0600 [thread overview]
Message-ID: <20100211174843.GF6884@us.ibm.com> (raw)
In-Reply-To: <201002110552.o1B5qwbL024561-X4ZF2iejbABnc3BsFfMrZw@public.gmane.org>
Quoting Jean-Marc Pigeon (jmp-4qkeo2rQ0gg@public.gmane.org):
> Added syslog.c such container /proc/kmsg and host /proc/kmsg
> do not leak in each other.
> Running rsyslog daemon within a container won't destroy
> host kernel messages.
Thanks Jean-Marc. But this really isn't doing most of what I'd
recommended in my last emails (both public and private. In
particular:
> index cc4f453..3d0c73e 100644
> --- a/include/linux/user_namespace.h
> +++ b/include/linux/user_namespace.h
> @@ -14,6 +14,7 @@ struct user_namespace {
> struct hlist_head uidhash_table[UIDHASH_SZ];
> struct user_struct *creator;
> struct work_struct destroyer;
> + struct syslog_ns *syslog;
syslog_ns should be moved into nsproxy and unshared with a
separate clone(CLONE_SYSLOG);
> -static void emit_log_char(char c)
> +static void emit_log_char(struct syslog_ns *syslog_ns, char c)
> {
> - LOG_BUF(log_end) = c;
> - log_end++;
> - if (log_end - log_start > log_buf_len)
> - log_start = log_end - log_buf_len;
> - if (log_end - con_start > log_buf_len)
> - con_start = log_end - log_buf_len;
> - if (logged_chars < log_buf_len)
> - logged_chars++;
> + LOG_BUF(syslog_ns, sys_log_end) = c;
Taking syslog_ns from current in emit_log_char is not right.
Emit_log_char() is called from printk which (the comment above
printk warns us) can be called from any context.
That was why I suggested:
>! I think my patch is fundamentally wrong anyway: we should not
>! use current's context at vprintk like i did. We should use an
>! optional passed-in context from those callsites where we want to,
>! and default to init otherwise. That means
>!
>! 1. put the core of vprintk() into vnsprintk() which takes a syslog
>! namespace as argument
>!
>! 2. make vprintk() a wrapper around vnsprintk() which passes in
>! init_syslog_ns to vnsprintk(). printk can remain unchanged.
>!
>! 4. make nsprintk() a wrapper around vnsprintk() which takes a syslog
>! ns argument and pass it to vnsprintk()
>!
>! 3. do_syslog() can obviously be containerized the same way it
>! is now.
>!
>! 4. take a printk call like the iptables ones you want and turn
>! int into nsprintk syscall.
>!
>! The very comment above printk explains why I was an idiot to write
>! let alone send that patch.
thanks,
-serge
next prev parent reply other threads:[~2010-02-11 17:48 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-11 6:00 [PATCH 1/1] Syslog are now containerized Jean-Marc Pigeon
[not found] ` <201002110552.o1B5qwbL024561-X4ZF2iejbABnc3BsFfMrZw@public.gmane.org>
2010-02-11 17:48 ` Serge E. Hallyn [this message]
[not found] ` <20100211174843.GF6884-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2010-02-13 18:11 ` Matt Helsley
[not found] ` <20100213181158.GY3714-52DBMbEzqgQ/wnmkkaCWp/UQ3DHhIser@public.gmane.org>
2010-02-13 18:26 ` Matt Helsley
2010-02-13 19:14 ` Jean-Marc Pigeon
[not found] ` <1266088499.19130.295.camel-4BUXZ/Ty1v7iqR6jatDSCA@public.gmane.org>
2010-02-13 20:36 ` Matt Helsley
[not found] ` <20100213203610.GA3714-52DBMbEzqgQ/wnmkkaCWp/UQ3DHhIser@public.gmane.org>
2010-02-13 21:56 ` Jean-Marc Pigeon
[not found] ` <1266098176.19130.320.camel-4BUXZ/Ty1v7iqR6jatDSCA@public.gmane.org>
2010-02-13 22:33 ` Matt Helsley
[not found] ` <20100213223306.GB3714-52DBMbEzqgQ/wnmkkaCWp/UQ3DHhIser@public.gmane.org>
2010-02-14 0:51 ` Jean-Marc Pigeon
2010-02-13 15:50 ` Matt Helsley
2010-02-13 19:13 ` Eric W. Biederman
[not found] ` <m1pr49ne3y.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2010-02-17 15:01 ` Jean-Marc Pigeon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100211174843.GF6884@us.ibm.com \
--to=serue-r/jw6+rmf7hqt0dzr+alfa@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=jmp-4qkeo2rQ0gg@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.