Hello,
> > I was wondering out loud about the best design to solve his problem. > > If we try to redirect kernel-generated messages to containers, we have > several problems, including whether we need to duplicate the messages > to the host container. So in one sense it seems more flexible to > 1. send everything to host syslog No, if we do that all CONTs message will reach the same bucket and it will be difficult to sort them out.. CONT sys_admin and HOST sys_admin could be different "entity", so you debug CONT config and critical needed information reach HOST (which you do not have access to). > 2. clamp down on syslog use by processes not in the init_user_ns Could give me more detail??... > 3. let the userspace on the host copy messages into a socket or > file so child container can pretend it has real syslog. So you trap printk message from CONT on the HOST and redirect them on CONT but on a standard syslog channel. Seem OK to me, as long /proc/kmsg is not existing (/dev/null) in the CONT file tree. -- A bientôt ========================================================================== Jean-Marc Pigeon Internet: j...@safe.ca SAFE Inc. Phone: (514) 493-4280 Fax: (514) 493-1946 Clement, 'a kiss solution' to get rid of SPAM (at last) Clement' Home base <"http://www.clement.safe.ca"> ========================================================================== ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users