From: Gu Zheng <guz.fnst-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
To: Rui Xiang <rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
Cc: containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
libo.chen-hv44wF8Li93QT0dZR+AlfA@public.gmane.org,
akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org,
ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org
Subject: Re: [PATCH 0/9] Add namespace support for syslog v2
Date: Mon, 29 Jul 2013 17:33:26 +0800 [thread overview]
Message-ID: <51F636E6.3080607@cn.fujitsu.com> (raw)
In-Reply-To: <1375065080-26740-1-git-send-email-rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
Hi Rui,
On 07/29/2013 10:31 AM, Rui Xiang wrote:
> This patchset introduces a system log namespace.
>
> It is the 2nd version. The link of the 1st version is
> http://lwn.net/Articles/525728/. In that version, syslog_
> namespace was added into nsproxy and created through a new
> clone flag CLONE_SYSLOG when cloning a process.
>
> There were some discussion in last November about the 1st
> version. This version used these important advice, and
> referred to Serge's patch(http://lwn.net/Articles/525629/).
>
> Unlike the 1st version, in this patchset, syslog namespace
> is tied to a user namespace. Add we must create a new user
> ns before create a new syslog ns, because that will make
> users have full capabilities in this new userns after
> cloning a new user ns. The syslog namespace can be created
> through a new command(11) to __NR_syslog syscall. That owe
> to a new syslog flag SYSLOG_ACTION_NEW_NS.
>
> In syslog_namespace, some necessary identifiers for handling
> syslog buf are containerized. When one container creates a
> new syslog ns, individual buf will be allocated to store log
> ownned this container.
>
> A new interface ns_printk is added to print the logs which
> we want to see in the container. Through ns_printk, we can
> get more logs related to a specific net ns, for instance,
> iptables. Here we use it to report iptable logs per
> contianer.
>
> Then default printk targeted at the init_syslog_ns will
> continue to print out most kernel log to host.
>
> One task in a new syslog ns could affect only current
> container through "dmesg", "dmesg -c" and /dev/kmsg
> actions. The read/write interface such as /dev/kmsg,
> /pro/kmsg and syslog syscall continue to be useful for
> container users.
>
> This patchset is based on linus' linux tree.
Changelog details between V2 and V1 is seriously needed, the inline description
is not easy reading for other guys.
>
> Rui Xiang (9):
> syslog_ns: add syslog_namespace and put/get_syslog_ns
> syslog_ns: add syslog_ns into user_namespace
> syslog_ns: add init syslog_ns for global syslog
> syslog_ns: make syslog handling per namespace
> syslog_ns: make permisiion check per user namespace
> syslog_ns: use init syslog_ns for console action
> syslog_ns: implement function for creating syslog ns
> syslog_ns: implement ns_printk for specific syslog_ns
> netfilter: use ns_printk in iptable context
>
> fs/proc/kmsg.c | 17 +-
> include/linux/printk.h | 5 +-
> include/linux/syslog.h | 79 ++++-
> include/linux/user_namespace.h | 2 +
> include/net/netfilter/xt_log.h | 6 +-
> kernel/printk.c | 642 ++++++++++++++++++++++++-----------------
> kernel/sysctl.c | 3 +-
> kernel/user.c | 3 +
> kernel/user_namespace.c | 4 +
> net/netfilter/xt_LOG.c | 4 +-
> 10 files changed, 493 insertions(+), 272 deletions(-)
>
WARNING: multiple messages have this Message-ID (diff)
From: Gu Zheng <guz.fnst@cn.fujitsu.com>
To: Rui Xiang <rui.xiang@huawei.com>
Cc: containers@lists.linux-foundation.org,
linux-kernel@vger.kernel.org, serge.hallyn@ubuntu.com,
ebiederm@xmission.com, akpm@linux-foundation.org,
gaofeng@cn.fujitsu.com, libo.chen@huawei.com
Subject: Re: [PATCH 0/9] Add namespace support for syslog v2
Date: Mon, 29 Jul 2013 17:33:26 +0800 [thread overview]
Message-ID: <51F636E6.3080607@cn.fujitsu.com> (raw)
In-Reply-To: <1375065080-26740-1-git-send-email-rui.xiang@huawei.com>
Hi Rui,
On 07/29/2013 10:31 AM, Rui Xiang wrote:
> This patchset introduces a system log namespace.
>
> It is the 2nd version. The link of the 1st version is
> http://lwn.net/Articles/525728/. In that version, syslog_
> namespace was added into nsproxy and created through a new
> clone flag CLONE_SYSLOG when cloning a process.
>
> There were some discussion in last November about the 1st
> version. This version used these important advice, and
> referred to Serge's patch(http://lwn.net/Articles/525629/).
>
> Unlike the 1st version, in this patchset, syslog namespace
> is tied to a user namespace. Add we must create a new user
> ns before create a new syslog ns, because that will make
> users have full capabilities in this new userns after
> cloning a new user ns. The syslog namespace can be created
> through a new command(11) to __NR_syslog syscall. That owe
> to a new syslog flag SYSLOG_ACTION_NEW_NS.
>
> In syslog_namespace, some necessary identifiers for handling
> syslog buf are containerized. When one container creates a
> new syslog ns, individual buf will be allocated to store log
> ownned this container.
>
> A new interface ns_printk is added to print the logs which
> we want to see in the container. Through ns_printk, we can
> get more logs related to a specific net ns, for instance,
> iptables. Here we use it to report iptable logs per
> contianer.
>
> Then default printk targeted at the init_syslog_ns will
> continue to print out most kernel log to host.
>
> One task in a new syslog ns could affect only current
> container through "dmesg", "dmesg -c" and /dev/kmsg
> actions. The read/write interface such as /dev/kmsg,
> /pro/kmsg and syslog syscall continue to be useful for
> container users.
>
> This patchset is based on linus' linux tree.
Changelog details between V2 and V1 is seriously needed, the inline description
is not easy reading for other guys.
>
> Rui Xiang (9):
> syslog_ns: add syslog_namespace and put/get_syslog_ns
> syslog_ns: add syslog_ns into user_namespace
> syslog_ns: add init syslog_ns for global syslog
> syslog_ns: make syslog handling per namespace
> syslog_ns: make permisiion check per user namespace
> syslog_ns: use init syslog_ns for console action
> syslog_ns: implement function for creating syslog ns
> syslog_ns: implement ns_printk for specific syslog_ns
> netfilter: use ns_printk in iptable context
>
> fs/proc/kmsg.c | 17 +-
> include/linux/printk.h | 5 +-
> include/linux/syslog.h | 79 ++++-
> include/linux/user_namespace.h | 2 +
> include/net/netfilter/xt_log.h | 6 +-
> kernel/printk.c | 642 ++++++++++++++++++++++++-----------------
> kernel/sysctl.c | 3 +-
> kernel/user.c | 3 +
> kernel/user_namespace.c | 4 +
> net/netfilter/xt_LOG.c | 4 +-
> 10 files changed, 493 insertions(+), 272 deletions(-)
>
next prev parent reply other threads:[~2013-07-29 9:33 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-29 2:31 [PATCH 0/9] Add namespace support for syslog v2 Rui Xiang
2013-07-29 2:31 ` [PATCH 1/9] syslog_ns: add syslog_namespace and put/get_syslog_ns Rui Xiang
[not found] ` <1375065080-26740-2-git-send-email-rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-29 9:40 ` Gu Zheng
2013-07-29 9:40 ` Gu Zheng
[not found] ` <51F6388B.8000308-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-07-29 11:47 ` Rui Xiang
2013-07-29 11:47 ` Rui Xiang
[not found] ` <51F65636.6080505-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-30 0:46 ` Gu Zheng
2013-07-30 0:46 ` Gu Zheng
[not found] ` <1375065080-26740-1-git-send-email-rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-29 2:31 ` Rui Xiang
2013-07-29 2:31 ` [PATCH 2/9] syslog_ns: add syslog_ns into user_namespace Rui Xiang
2013-07-29 2:31 ` Rui Xiang
[not found] ` <1375065080-26740-3-git-send-email-rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-29 9:46 ` Gu Zheng
2013-07-29 9:46 ` Gu Zheng
[not found] ` <51F639FB.304-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-07-29 9:54 ` Gao feng
2013-07-29 9:54 ` Gao feng
[not found] ` <51F63BD2.6090902-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-07-29 9:56 ` Gu Zheng
2013-07-29 9:56 ` Gu Zheng
2013-07-29 2:31 ` [PATCH 3/9] syslog_ns: add init syslog_ns for global syslog Rui Xiang
2013-07-29 2:31 ` [PATCH 4/9] syslog_ns: make syslog handling per namespace Rui Xiang
2013-07-29 2:31 ` [PATCH 5/9] syslog_ns: make permisiion check per user namespace Rui Xiang
2013-07-29 2:31 ` [PATCH 6/9] syslog_ns: use init syslog_ns for console action Rui Xiang
2013-07-29 2:31 ` [PATCH 7/9] syslog_ns: implement function for creating syslog ns Rui Xiang
2013-07-29 2:31 ` Rui Xiang
[not found] ` <1375065080-26740-8-git-send-email-rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-29 10:25 ` Gu Zheng
2013-07-29 10:25 ` Gu Zheng
[not found] ` <51F64313.4010700-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-07-30 3:39 ` Rui Xiang
2013-07-30 3:39 ` Rui Xiang
[not found] ` <51F73555.1020204-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-30 3:42 ` Gu Zheng
2013-07-30 3:42 ` Gu Zheng
2013-07-29 10:39 ` Gao feng
2013-07-29 10:39 ` Gao feng
2013-07-29 2:31 ` [PATCH 8/9] syslog_ns: implement ns_printk for specific syslog_ns Rui Xiang
2013-07-29 2:31 ` [PATCH 9/9] netfilter: use ns_printk in iptable context Rui Xiang
2013-07-29 9:33 ` Gu Zheng [this message]
2013-07-29 9:33 ` [PATCH 0/9] Add namespace support for syslog v2 Gu Zheng
2013-07-29 18:58 ` Eric W. Biederman
2013-07-29 18:58 ` Eric W. Biederman
[not found] ` <87wqo9urao.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-07-30 2:11 ` Rui Xiang
2013-07-30 2:11 ` Rui Xiang
2013-07-30 6:05 ` Bruno Prémont
2013-07-30 6:05 ` Bruno Prémont
2013-07-29 2:31 ` [PATCH 3/9] syslog_ns: add init syslog_ns for global syslog Rui Xiang
2013-07-29 2:31 ` [PATCH 4/9] syslog_ns: make syslog handling per namespace Rui Xiang
[not found] ` <1375065080-26740-5-git-send-email-rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-29 9:50 ` Gu Zheng
2013-07-29 9:50 ` Gu Zheng
2013-08-01 1:36 ` Gao feng
2013-08-01 1:36 ` Gao feng
[not found] ` <51F9BBAB.1080306-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-08-01 3:10 ` Rui Xiang
2013-08-01 3:10 ` Rui Xiang
[not found] ` <51F9D1A2.406-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-08-01 5:38 ` Gao feng
2013-08-01 5:38 ` Gao feng
[not found] ` <51F9F452.9060308-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-08-01 6:29 ` Rui Xiang
2013-08-01 6:29 ` Rui Xiang
2013-07-29 2:31 ` [PATCH 5/9] syslog_ns: make permisiion check per user namespace Rui Xiang
2013-07-29 2:31 ` [PATCH 6/9] syslog_ns: use init syslog_ns for console action Rui Xiang
2013-07-29 2:31 ` [PATCH 8/9] syslog_ns: implement ns_printk for specific syslog_ns Rui Xiang
[not found] ` <1375065080-26740-9-git-send-email-rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-29 10:37 ` Gu Zheng
2013-07-29 10:37 ` Gu Zheng
[not found] ` <51F645E4.9070507-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-07-29 12:17 ` Rui Xiang
2013-07-29 12:17 ` Rui Xiang
2013-07-29 2:31 ` [PATCH 9/9] netfilter: use ns_printk in iptable context Rui Xiang
[not found] ` <1375065080-26740-10-git-send-email-rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-29 9:48 ` Gao feng
2013-07-29 9:48 ` Gao feng
[not found] ` <51F63A88.4090405-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-07-29 12:37 ` Rui Xiang
2013-07-29 12:37 ` Rui Xiang
-- strict thread matches above, loose matches on Subject: below --
2013-07-29 2:31 [PATCH 0/9] Add namespace support for syslog v2 Rui Xiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51F636E6.3080607@cn.fujitsu.com \
--to=guz.fnst-bthxqxjhjhxqfuhtdcdx3a@public.gmane.org \
--cc=akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=libo.chen-hv44wF8Li93QT0dZR+AlfA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org \
--cc=serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.