Hello,
>
> I was wondering out loud about the best design to solve his problem.
>
> If we try to redirect kernel-generated messages to containers, we have
> several problems, including whether we need to duplicate the messages
> to the host container. So in one sense it seems more flexible to
> 1. send everything to host syslog
No, if we do that all CONTs message will reach
the same bucket and it will be difficult to sort
them out..
CONT sys_admin and HOST sys_admin could be different
"entity", so you debug CONT config and critical
needed information reach HOST (which you do not
have access to).
> 2. clamp down on syslog use by processes not in the init_user_ns
Could give me more detail??...
> 3. let the userspace on the host copy messages into a socket or
> file so child container can pretend it has real syslog.
So you trap printk message from CONT on the HOST and
redirect them on CONT but on a standard syslog channel.
Seem OK to me, as long /proc/kmsg is not existing
(/dev/null) in the CONT file tree.
--
A bientôt
==========================================================================
Jean-Marc Pigeon Internet: [email protected]
SAFE Inc. Phone: (514) 493-4280
Fax: (514) 493-1946
Clement, 'a kiss solution' to get rid of SPAM (at last)
Clement' Home base <"http://www.clement.safe.ca";>
==========================================================================
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Lxc-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/lxc-users
