From: Rui Xiang <leo.ruixiang-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
To: serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org,
containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org
Cc: netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
"Eric W. Biederman"
<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Subject: [PATCH RFC 0/5] Containerize syslog
Date: Mon, 19 Nov 2012 16:16:24 +0800 [thread overview]
Message-ID: <50A9EAD8.9090501@gmail.com> (raw)
From: Xiang Rui <rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
In Serge's patch (http://lwn.net/Articles/525629/), syslog_namespace was tied to a user
namespace. We add syslog_ns tied to nsproxy instead, and implement ns_printk in
ip_table context.
We add syslog_namespace as a part of nsproxy, and a new flag CLONE_SYSLOG to unshare
syslog area.
In syslog_namespace, some necessary identifiers for handling syslog buf are contained.
When one container creates a new syslog namespace,containerized buf will be allocated
to store log ownned this container. Containerized identifiers such as log_first_seq
instead of global variable only affect their own buf.The buf will not be free until
syslog_namespace is destructed by host.
Printk should be re-implimented because log buf is isolated into syslog_ns. The function
include printk, /dev/kmsg, do_syslog and kmsg_dump should be realized in container. So,
to make these funtions available in container, a parameter syslog_ns is necessory for
their interfaces.
For container context, the value syslog namespace is reasonable if we use current method
to get syslog_ns when using iptable. Because the log info belong to each containers will
be printed in host.
We add a pointer in net namespace, and use it to track the syslog_ns which was created
when the log was generated in container. Then add ns_printk to provide a new interface
while using syslog_ns.
This patchset is based on the develop tree of net branch
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git.
Libo Chen (3):
printk: modify printk interface for syslog_namespace
printk: add ns_printk for specific syslog_ns
printk: use ns_printk in iptable context
Xiang Rui (2):
Syslog_ns: add syslog_namespace struct and API
Syslog_ns: add CLONE_NEWSYSLOG and create syslog_ns when copying
process
drivers/base/core.c | 4 +-
include/linux/nsproxy.h | 2 +
include/linux/printk.h | 5 +-
include/linux/syslog_namespace.h | 98 ++++++
include/net/net_namespace.h | 7 +-
include/net/netfilter/xt_log.h | 7 +-
include/uapi/linux/sched.h | 3 +-
init/Kconfig | 7 +
kernel/Makefile | 1 +
kernel/nsproxy.c | 19 +-
kernel/printk.c | 646 ++++++++++++++++++++++++--------------
kernel/syslog_namespace.c | 65 ++++
net/core/net_namespace.c | 12 +-
net/netfilter/xt_LOG.c | 4 +-
14 files changed, 623 insertions(+), 257 deletions(-)
create mode 100644 include/linux/syslog_namespace.h
create mode 100644 kernel/syslog_namespace.c
next reply other threads:[~2012-11-19 8:16 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-19 8:16 Rui Xiang [this message]
[not found] ` <50A9EAD8.9090501-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2012-11-19 9:51 ` [PATCH RFC 0/5] Containerize syslog Eric W. Biederman
[not found] ` <874nklkjjm.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-12-07 9:03 ` Andrew Morton
2012-12-07 9:03 ` Andrew Morton
[not found] ` <20121207010355.c809b3f7.akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
2012-12-07 14:23 ` Serge Hallyn
2012-12-07 14:30 ` Glauber Costa
[not found] ` <50C1FD9D.5020703-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2012-12-07 18:05 ` Eric W. Biederman
2012-12-11 8:25 ` Glauber Costa
[not found] ` <50C6EDF0.5060108-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2012-12-11 18:22 ` Eric W. Biederman
[not found] ` <87txrs30ur.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-12-12 8:56 ` Glauber Costa
2012-12-12 8:56 ` Glauber Costa
[not found] ` <50C846C7.5050904-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2012-12-12 20:08 ` Eric W. Biederman
[not found] ` <87r4n1buuw.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-12-11 8:25 ` Glauber Costa
2012-12-07 18:21 ` Eric W. Biederman
2012-12-07 18:21 ` Eric W. Biederman
2012-11-19 14:37 ` Serge E. Hallyn
[not found] ` <20121119143702.GB4620-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2012-11-21 9:35 ` Rui Xiang
2012-11-26 15:16 ` Eric W. Biederman
[not found] ` <50ACA05F.7080005-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2012-11-26 15:16 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50A9EAD8.9090501@gmail.com \
--to=leo.ruixiang-re5jqeeqqe8avxtiumwx3w@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.