[Lxc-users] note on using rsyslog in a container

Trent W. Buck twb at cybersource.com.au
Wed Jan 12 00:49:51 UTC 2011


Mike <debian at good-with-numbers.com> writes:

> This has sort of been mentioned earlier on this list.
>
> I noticed netfilter messages getting trashed in the various 
> /var/log/messages on a system with two containers, netfilter rules on 
> the host, and each container and the host running rsyslog.  On closer 
> inspection, I realized that only every other character or so of the 
> message was appearing in a given log file.  Disabling kernel logging in 
> the containers, by commenting out "$ModLoad imklog" in 
> /etc/rsyslog.conf, straightened out the log files.

Huh.  I disabled that because (containers') rsyslog reported it couldn't
read from the kernel log.  Maybe you've accidentally left containers
with read-access to arbitrary devices?

    # These are: null zero random urandom tty* tty console
    # ptmx pts/* rtc0
    lxc.cgroup.devices.deny = a
    lxc.cgroup.devices.allow = c 1:3 rw
    lxc.cgroup.devices.allow = c 1:5 rw
    lxc.cgroup.devices.allow = c 1:8 rw
    lxc.cgroup.devices.allow = c 1:9 rw
    lxc.cgroup.devices.allow = c 4:* rw
    lxc.cgroup.devices.allow = c 5:0 rw
    lxc.cgroup.devices.allow = c 5:1 rw
    lxc.cgroup.devices.allow = c 5:2 rw
    lxc.cgroup.devices.allow = c 136:* rw
    lxc.cgroup.devices.allow = c 254:0 r

And in the container, I configure rsyslog thusly:

    cat >/etc/dhcp3/dhclient-exit-hooks.d/lxc-postinst <<EOF
    case \$reason in
      BOUND|RENEW|REBIND|REBOOT) :;;
      *) return;;
    esac
    exec >/dev/console 2>&1 </dev/null
    rm -f /etc/dhcp3/dhclient-exit-hooks.d/lxc-postinst #
    delete self

    # [...]

    perl -p0 -i -e 's:(.|\\\n)*/dev/xconsole\$::' /etc/rsyslog.d/50-default.conf
    sed -i '/ModLoad imklog\|KLogPath/ s/^/#/' /etc/rsyslog.conf
    etckeeper commit "Suppress noise in logs."
    sed -i '/RSYSLOG_TraditionalFileFormat/ s/^/#/' /etc/rsyslog.conf
    cat >/etc/rsyslog.d/20-to-logserv.conf <<-EOT
            # Enable RFC 3339 (ns granularity) timestamps in CC'd logs.
            \\\$ActionForwardDefaultTemplate RSYSLOG_ForwardFormat
            # CC all logs to logserv.
            *.* @logserv
            EOT
    etckeeper commit "Enable RFC 3339 timestamps in logs."
    restart rsyslog

    # [...]
    EOF





More information about the lxc-users mailing list