From: Rui Xiang <leo.ruixiang-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
To: serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org,
containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org
Cc: netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
"Eric W. Biederman"
<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Subject: [PATCH RFC 0/5] Containerize syslog
Date: Mon, 19 Nov 2012 16:16:24 +0800 [thread overview]
Message-ID: <50A9EAD8.9090501@gmail.com> (raw)
From: Xiang Rui <rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
In Serge's patch (http://lwn.net/Articles/525629/), syslog_namespace was tied to a user
namespace. We add syslog_ns tied to nsproxy instead, and implement ns_printk in
ip_table context.
We add syslog_namespace as a part of nsproxy, and a new flag CLONE_SYSLOG to unshare
syslog area.
In syslog_namespace, some necessary identifiers for handling syslog buf are contained.
When one container creates a new syslog namespace,containerized buf will be allocated
to store log ownned this container. Containerized identifiers such as log_first_seq
instead of global variable only affect their own buf.The buf will not be free until
syslog_namespace is destructed by host.
Printk should be re-implimented because log buf is isolated into syslog_ns. The function
include printk, /dev/kmsg, do_syslog and kmsg_dump should be realized in container. So,
to make these funtions available in container, a parameter syslog_ns is necessory for
their interfaces.
For container context, the value syslog namespace is reasonable if we use current method
to get syslog_ns when using iptable. Because the log info belong to each containers will
be printed in host.
We add a pointer in net namespace, and use it to track the syslog_ns which was created
when the log was generated in container. Then add ns_printk to provide a new interface
while using syslog_ns.
This patchset is based on the develop tree of net branch
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git.
Libo Chen (3):
printk: modify printk interface for syslog_namespace
printk: add ns_printk for specific syslog_ns
printk: use ns_printk in iptable context
Xiang Rui (2):
Syslog_ns: add syslog_namespace struct and API
Syslog_ns: add CLONE_NEWSYSLOG and create syslog_ns when copying
process
drivers/base/core.c | 4 +-
include/linux/nsproxy.h | 2 +
include/linux/printk.h | 5 +-
include/linux/syslog_namespace.h | 98 ++++++
include/net/net_namespace.h | 7 +-
include/net/netfilter/xt_log.h | 7 +-
include/uapi/linux/sched.h | 3 +-
init/Kconfig | 7 +
kernel/Makefile | 1 +
kernel/nsproxy.c | 19 +-
kernel/printk.c | 646 ++++++++++++++++++++++++--------------
kernel/syslog_namespace.c | 65 ++++
net/core/net_namespace.c | 12 +-
net/netfilter/xt_LOG.c | 4 +-
14 files changed, 623 insertions(+), 257 deletions(-)
create mode 100644 include/linux/syslog_namespace.h
create mode 100644 kernel/syslog_namespace.c
next reply other threads:[~2012-11-19 8:16 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-19 8:16 Rui Xiang [this message]
[not found] ` <50A9EAD8.9090501-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2012-11-19 9:51 ` [PATCH RFC 0/5] Containerize syslog Eric W. Biederman
[not found] ` <874nklkjjm.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-12-07 9:03 ` Andrew Morton
[not found] ` <20121207010355.c809b3f7.akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
2012-12-07 14:23 ` Serge Hallyn
2012-12-07 14:30 ` Glauber Costa
[not found] ` <50C1FD9D.5020703-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2012-12-07 18:05 ` Eric W. Biederman
2012-12-11 8:25 ` Glauber Costa
[not found] ` <50C6EDF0.5060108-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2012-12-11 18:22 ` Eric W. Biederman
2012-12-12 8:56 ` Glauber Costa
[not found] ` <50C846C7.5050904-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2012-12-12 20:08 ` Eric W. Biederman
2012-12-07 18:21 ` Eric W. Biederman
2012-11-19 14:37 ` Serge E. Hallyn
[not found] ` <20121119143702.GB4620-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2012-11-21 9:35 ` Rui Xiang
2012-11-26 15:16 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50A9EAD8.9090501@gmail.com \
--to=leo.ruixiang-re5jqeeqqe8avxtiumwx3w@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).