[Devel] Re: [PATCH 1/1] Syslog are now containerized

Sat, 13 Feb 2010 14:00:33 -0800 

Hello,

[...]
> Tracking all of these accesses down and ensuring they are only done
> from "its container context" is difficult or impossible. It's not as
> easy as you seem to think. In some cases the same resource could be
> shared between containers. Which should we access it from then?

        How come?! ressources (a device, Iptable rules,...)
        containerized within one container could be shared by 
        another unrelated container?.

        Does this means (simple example) someone change
        iptable rules for one container that could change 
        another unrelated container behavior ?!...no way...
        This only case is a sub-container (a container
        within a container), but in such case we are 
        are in the HOST: versus CONT: situation. Device
        will be controlled by CONT: even is used by SUBCONT:
        All depends where the device is defined (where
        is the definition responsability?, that the question
        to assign syslog..., usage is another story).

> 
> >     Keep in mind, A fully containerized system can be managed
> >     by someone with full privilege BUT NOT in charge of 
> >     the host itself (IE: without host access).
> 
> Sure. (We're not there yet but I think we'd like to get
> there eventually.)
> 
> >     My proposal is a clear cut, if a ressource is containerized 
> >     report to CONT: (containerized) syslog... no question ask.
> 
> That part of the proposal is simple and makes alot of sense. The
> ramifcations of it on kernel code are not simple and often there's
> no clean way to do it.
        Well, this trouble me somewhat....
        2.6.18-128.2.1.el5.028stab064.7 (just an example, I am using
        day to day), is containerising iptables an other syslogs 
        nice way....,
        We are now 2.6.33 you are telling me what was experimented,
        learned, monthssss ago can't still be implemented 
        in current kernel main stream?.... 


-- 
A bientôt
==========================================================================
Jean-Marc Pigeon                                   Internet: j...@safe.ca
SAFE Inc.                                          Phone: (514) 493-4280
                                                   Fax:   (514) 493-1946
        Clement, 'a kiss solution' to get rid of SPAM (at last)
           Clement' Home base <"http://www.clement.safe.ca";>
==========================================================================

_______________________________________________
Containers mailing list
contain...@lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers

_______________________________________________
Devel mailing list
Devel@openvz.org
https://openvz.org/mailman/listinfo/devel

Reply via email to