From: Jean-Marc Pigeon <jmp-4qkeo2rQ0gg@public.gmane.org>
To: "Serge E. Hallyn" <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Cc: Linux Containers
<containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>,
lxc-users-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
Subject: Re: Kernel 2.6.33-rc6, 3 bugs container specific.
Date: Wed, 03 Feb 2010 10:48:10 -0500 [thread overview]
Message-ID: <1265212090.6260.284.camel@Mercier.safe.ca> (raw)
In-Reply-To: <20100203150350.GA7146-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Hello,
[...]
> >
> > The prink keeps writing in the global ring buffer and the syslog(2)
> > writes to the "namespaced" ring buffer.
> >
> > Does it makes sense ?
>
> Yeah, it's a nice alternative. Though (1) there is something to be said for
> forcing a new ring buffer upon clone(CLONE_NEWUSER), and (2) assuming the
> new ring buffer is pointed to from nsproxy, it might be frowned upon to do
> an unshare/clone action in yet another way.
>
> I still think our first concern should be safety, and that we should consider
> just adding 'struct syslog_struct' to nsproxy, and making that NULL on a
> clone(CLONE_NEWUSER). any sys_syslog() or /proc/kmsg access returns -EINVAL
> after that. Then we can discuss whether and how to target printks to
> namespaces, and whether duplicates should be sent to parent namespaces.
/proc/kmsg=-EINVAL will resolve the own HOST: ring buffer corruption
not sure what sys_syslog()=-EINVAL mean???, rsyslog MUST be able to
run within CONT: right?
printk namespaces duplicate and sent to parent namespace
is not a good idea (duplicating&forwarding is done by tools as rsyslogd).
>
> After we start getting flexible with syslog, the next request will be for
> audit flexibility. I don't even know how our netlink support suffices for
> that right now.
>
> (So, this all does turn into a big deal...)
>
> -serge
--
A bientôt
==========================================================================
Jean-Marc Pigeon Internet: jmp@safe.ca
SAFE Inc. Phone: (514) 493-4280
Fax: (514) 493-1946
Clement, 'a kiss solution' to get rid of SPAM (at last)
Clement' Home base <"http://www.clement.safe.ca">
==========================================================================
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
next prev parent reply other threads:[~2010-02-03 15:48 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1265074676.6260.212.camel@Mercier.safe.ca>
[not found] ` <20100202031647.GA14318@fqdn.org>
[not found] ` <1265121846.6260.231.camel@Mercier.safe.ca>
[not found] ` <4B68649D.2000503@free.fr>
[not found] ` <4B68649D.2000503-GANU6spQydw@public.gmane.org>
2010-02-02 18:18 ` Kernel 2.6.33-rc6, 3 bugs container specific Serge E. Hallyn
[not found] ` <20100202181801.GA28412-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2010-02-02 18:43 ` Jean-Marc Pigeon
[not found] ` <1265136215.6260.261.camel-4BUXZ/Ty1v7iqR6jatDSCA@public.gmane.org>
2010-02-02 21:32 ` Serge E. Hallyn
[not found] ` <20100202213254.GH32305-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2010-02-03 10:51 ` Daniel Lezcano
[not found] ` <4B695535.7020301-GANU6spQydw@public.gmane.org>
2010-02-03 13:24 ` Jean-Marc Pigeon
2010-02-03 15:03 ` Serge E. Hallyn
[not found] ` <20100203150350.GA7146-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2010-02-03 15:48 ` Jean-Marc Pigeon [this message]
[not found] ` <1265212090.6260.284.camel-4BUXZ/Ty1v7iqR6jatDSCA@public.gmane.org>
2010-02-03 16:21 ` Serge E. Hallyn
2010-02-04 9:33 ` Daniel Lezcano
[not found] ` <4B6A9461.1010309-GANU6spQydw@public.gmane.org>
2010-02-04 15:19 ` [Lxc-users] " Serge E. Hallyn
[not found] ` <20100204151927.GA7556-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2010-02-04 16:02 ` Cedric Le Goater
2010-02-02 14:46 Jean-Marc Pigeon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1265212090.6260.284.camel@Mercier.safe.ca \
--to=jmp-4qkeo2rq0gg@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=lxc-users-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org \
--cc=serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox