From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman)
To: Jean-Marc Pigeon <jmp-4qkeo2rQ0gg@public.gmane.org>
Cc: Linux Containers <containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>
Subject: Re: [PATCH 1/1] Syslog are now containerized
Date: Sat, 13 Feb 2010 11:13:21 -0800 [thread overview]
Message-ID: <m1pr49ne3y.fsf@fess.ebiederm.org> (raw)
In-Reply-To: <201002110552.o1B5qwbL024561-X4ZF2iejbABnc3BsFfMrZw@public.gmane.org> (Jean-Marc Pigeon's message of "Thu\, 11 Feb 2010 01\:00\:20 -0500")
Jean-Marc Pigeon <jmp-4qkeo2rQ0gg@public.gmane.org> writes:
> Added syslog.c such container /proc/kmsg and host /proc/kmsg
> do not leak in each other.
> Running rsyslog daemon within a container won't destroy
> host kernel messages.
If the goal is to not destroy the host kernel messages the much
simpler solution would be to simply disable /proc/kmsg in the container.
I expect we can get that for free with a some bug fixes to the user
namespace (aka if you are not in the global namespace you can't
touch /proc/kmsg).
Additionally except for the possible exception of logging firewall rules
I can't think of a case where I would want kernel printk's in anything
other than the global kernel ring buffer.
Eric
next prev parent reply other threads:[~2010-02-13 19:13 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-11 6:00 [PATCH 1/1] Syslog are now containerized Jean-Marc Pigeon
[not found] ` <201002110552.o1B5qwbL024561-X4ZF2iejbABnc3BsFfMrZw@public.gmane.org>
2010-02-11 17:48 ` Serge E. Hallyn
[not found] ` <20100211174843.GF6884-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2010-02-13 18:11 ` Matt Helsley
[not found] ` <20100213181158.GY3714-52DBMbEzqgQ/wnmkkaCWp/UQ3DHhIser@public.gmane.org>
2010-02-13 18:26 ` Matt Helsley
2010-02-13 19:14 ` Jean-Marc Pigeon
[not found] ` <1266088499.19130.295.camel-4BUXZ/Ty1v7iqR6jatDSCA@public.gmane.org>
2010-02-13 20:36 ` Matt Helsley
[not found] ` <20100213203610.GA3714-52DBMbEzqgQ/wnmkkaCWp/UQ3DHhIser@public.gmane.org>
2010-02-13 21:56 ` Jean-Marc Pigeon
[not found] ` <1266098176.19130.320.camel-4BUXZ/Ty1v7iqR6jatDSCA@public.gmane.org>
2010-02-13 22:33 ` Matt Helsley
[not found] ` <20100213223306.GB3714-52DBMbEzqgQ/wnmkkaCWp/UQ3DHhIser@public.gmane.org>
2010-02-14 0:51 ` Jean-Marc Pigeon
2010-02-13 15:50 ` Matt Helsley
2010-02-13 19:13 ` Eric W. Biederman [this message]
[not found] ` <m1pr49ne3y.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2010-02-17 15:01 ` Jean-Marc Pigeon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1pr49ne3y.fsf@fess.ebiederm.org \
--to=ebiederm-as9lmozglivwk0htik3j/w@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=jmp-4qkeo2rQ0gg@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.