[Lxc-users] Kernel 2.6.33-rc6, 3 bugs container specific.
Jean-Marc Pigeon
jmp at safe.ca
Wed Feb 3 15:48:10 UTC 2010
Hello,
[...]
> >
> > The prink keeps writing in the global ring buffer and the syslog(2)
> > writes to the "namespaced" ring buffer.
> >
> > Does it makes sense ?
>
> Yeah, it's a nice alternative. Though (1) there is something to be said for
> forcing a new ring buffer upon clone(CLONE_NEWUSER), and (2) assuming the
> new ring buffer is pointed to from nsproxy, it might be frowned upon to do
> an unshare/clone action in yet another way.
>
> I still think our first concern should be safety, and that we should consider
> just adding 'struct syslog_struct' to nsproxy, and making that NULL on a
> clone(CLONE_NEWUSER). any sys_syslog() or /proc/kmsg access returns -EINVAL
> after that. Then we can discuss whether and how to target printks to
> namespaces, and whether duplicates should be sent to parent namespaces.
/proc/kmsg=-EINVAL will resolve the own HOST: ring buffer corruption
not sure what sys_syslog()=-EINVAL mean???, rsyslog MUST be able to
run within CONT: right?
printk namespaces duplicate and sent to parent namespace
is not a good idea (duplicating&forwarding is done by tools as rsyslogd).
>
> After we start getting flexible with syslog, the next request will be for
> audit flexibility. I don't even know how our netlink support suffices for
> that right now.
>
> (So, this all does turn into a big deal...)
>
> -serge
--
A bientôt
==========================================================================
Jean-Marc Pigeon Internet: jmp at safe.ca
SAFE Inc. Phone: (514) 493-4280
Fax: (514) 493-1946
Clement, 'a kiss solution' to get rid of SPAM (at last)
Clement' Home base <"http://www.clement.safe.ca">
==========================================================================
More information about the lxc-users
mailing list