[Lxc-users] Kernel 2.6.33-rc6, 3 bugs container specific.
Serge E. Hallyn
serue at us.ibm.com
Tue Feb 2 18:18:01 UTC 2010
Quoting Daniel Lezcano (daniel.lezcano at free.fr):
> Jean-Marc Pigeon wrote:
> > Hello,
> > On Tue, 2010-02-02 at 04:16 +0100, Michael Holzt wrote:
> >>> Tried 2.6.33-rc6 to check container, 3 bugs show up.
> >>> (test done on x86_64, Pentium(R) Dual-Core CPU E5400)
> >> I guess this should better go on the containers mailing list,
> >> as this are kernel related problems?
> > Yes, you are right....I'll do it.
> > Problem with /proc/kmsg (bug #3) is a very real
> > concern, Daniel Lezcano proposed a solution
> > (using fuse), but I think this solution is
> > just a patch (container sys-admin can override
> > it, putting the whole system in total jeopardy).
> > Seems kernel team is very reluctant to make
> > the K ring buffer virtual but I see no other
> > solution (used already in openVZ).
> Maybe I missed something, but AFAIR Serge Hallyn was willing to do this,
> no ?
> Or there was a nack from someone ?
I was wondering out loud about the best design to solve his problem.
If we try to redirect kernel-generated messages to containers, we have
several problems, including whether we need to duplicate the messages
to the host container. So in one sense it seems more flexible to
1. send everything to host syslog
2. clamp down on syslog use by processes not in the init_user_ns
3. let the userspace on the host copy messages into a socket or
file so child container can pretend it has real syslog.
More information about the lxc-users