containerized syslog
Serge E. Hallyn
serue at us.ibm.com
Thu Feb 11 11:29:52 PST 2010
Quoting Jean-Marc Pigeon (jmp at safe.ca):
> Hello,
>
>
> >
> > Thanks Jean-Marc. But this really isn't doing most of what I'd
> > recommended in my last emails (both public and private. In
> > particular:
> [....]
> >
> > syslog_ns should be moved into nsproxy and unshared with a
> > separate clone(CLONE_SYSLOG);
> This this not a problem.
> My understanding a new clone flag was not an option
> as we are short in CLONE flag.
> No design nor arch problem if we set CLONE_SYSLOG
> to be 0x100000000 ?????
>
> If moved in nsproxy what is the hook to
> get the "current context". (used current_user_ns()
> as it was in user_namespace).
>
>
> [...]
>
> > That was why I suggested:
> [...]
> > >! 4. take a printk call like the iptables ones you want and turn
> > >! int into nsprintk syscall.
> > >!
>
> If my understanding is right you propose to use a
> special nsprintk to be used by iptable such
> we can send "packet log" in "container context"
> Right?
>
> Logic is weak.
No logic is irrefutable :) Because:
> 1)
> The way I changed printk, so far, make of it a "de facto"
> nsprintk. So when called from netfilter, nsprintk
> is still stay in HOST: context. My understanding,
No, it could be called from the context of a task in any
random container.
-serge
More information about the Containers
mailing list