[lxc-users] Hardware log entries spread on containers

Sébastien NOBILI sebnewsletter at free.fr
Mon Dec 15 14:12:56 UTC 2014


Hi,

I'm not registered to the mailing list, so please keep me in CC.

I've installed LXC on my Debian (stable, Wheezy) server (named "serveur").

I've got some containers (named "smtp", "xmpp" and "web") on this server.

Each container's rsyslog is configured to send logs to main server.

When I plug an USB HDD on the main server, I get the following trace:

    Dec 11 18:36:56 serveur kernel: [135361.732032] usb 1-8: new high-speed USB device number 3 using ehci_hcd
    Dec 11 18:36:56 xmpp kernel: [135361.865004] usb 1-8: New USB device found, idVendor=152d, idProduct=2338
    Dec 11 18:36:56 xmpp kernel: [135361.865012] usb 1-8: New USB device strings: Mfr=1, Product=2, SerialNumber=5
    Dec 11 18:36:56 xmpp kernel: [135361.865020] usb 1-8: Manufacturer: JMicron
    Dec 11 18:36:56 xmpp kernel: [135361.865023] usb 1-8: SerialNumber: 7D2500BE6E50
    Dec 11 18:36:56 xmpp kernel: [135361.866020] scsi3 : usb-storage 1-8:1.0
    Dec 11 18:36:57 serveur kernel: [135362.884494] sd 3:0:0:0: [sdc] No Caching mode page found
    Dec 11 18:36:57 smtp kernel: [135362.881252] sd 3:0:0:0: [sdc] No Caching mode page found
    Dec 11 18:36:57 serveur kernel: [135362.937146]  sdc: sdc1 sdc2
    Dec 11 18:36:57 serveur kernel: [135362.941606] sd 3:0:0:0: [sdc] No Caching mode page found
    Dec 11 18:36:57 serveur kernel: [135362.941728] sd 3:0:0:0: [sdc] Attached SCSI disk
    Dec 11 18:36:58 xmpp kernel: [135363.124089] usb 1-8: reset high-speed USB device number 3 using ehci_hcd
    Dec 11 19:00:24 smtp kernel: [136769.064234] usb 1-8: USB disconnect, device number 3

Some events get caught by containers…

When the HDD is plugged, containers can't access it (no device node under /dev
and no way to create it using mknod), which is normal.

Why do containers "see" the device being plugged ?

Is there any security issue with this behavior (I don't want any container to be
able to mount this - or any - drive) ?

Cheers,
Sébastien


More information about the lxc-users mailing list