[Lxc-users] Kernel 2.6.33-rc6, 3 bugs container specific.

Jean-Marc Pigeon jmp at safe.ca
Tue Feb 2 18:43:35 UTC 2010


> I was wondering out loud about the best design to solve his problem.
> If we try to redirect kernel-generated messages to containers, we have
> several problems, including whether we need to duplicate the messages
> to the host container.  So in one sense it seems more flexible to
> 	1. send everything to host syslog
		No, if we do that all CONTs message will reach
		the same bucket and it will be difficult to sort
		them out..
		CONT sys_admin and HOST sys_admin could be different
		"entity", so you debug CONT config and critical
		needed information reach HOST (which you do not 
		have access to).
> 	2. clamp down on syslog use by processes not in the init_user_ns
		Could give me more detail??...
> 	3. let the userspace on the host copy messages into a socket or
> 	   file so child container can pretend it has real syslog.

		So you trap printk message from CONT on the HOST and 
		redirect them on CONT but on a standard syslog channel.
		Seem OK to me, as long /proc/kmsg is not existing
		(/dev/null) in the CONT file tree.
A bientôt
Jean-Marc Pigeon                                   Internet: jmp at safe.ca
SAFE Inc.                                          Phone: (514) 493-4280
                                                   Fax:   (514) 493-1946
        Clement, 'a kiss solution' to get rid of SPAM (at last)
           Clement' Home base <"http://www.clement.safe.ca">

More information about the lxc-users mailing list