Quoting Jean-Marc Pigeon ([email protected]): > Hello, > > > > > > Thanks Jean-Marc. But this really isn't doing most of what I'd > > recommended in my last emails (both public and private. In > > particular: > [....] > > > > syslog_ns should be moved into nsproxy and unshared with a > > separate clone(CLONE_SYSLOG); > This this not a problem. > My understanding a new clone flag was not an option > as we are short in CLONE flag. > No design nor arch problem if we set CLONE_SYSLOG > to be 0x100000000 ????? > > If moved in nsproxy what is the hook to > get the "current context". (used current_user_ns() > as it was in user_namespace). > > > [...] > > > That was why I suggested: > [...] > > >! 4. take a printk call like the iptables ones you want and turn > > >! int into nsprintk syscall. > > >! > > If my understanding is right you propose to use a > special nsprintk to be used by iptable such > we can send "packet log" in "container context" > Right? > > Logic is weak.
No logic is irrefutable :) Because: > 1) > The way I changed printk, so far, make of it a "de facto" > nsprintk. So when called from netfilter, nsprintk > is still stay in HOST: context. My understanding, No, it could be called from the context of a task in any random container. -serge _______________________________________________ Containers mailing list [email protected] https://lists.linux-foundation.org/mailman/listinfo/containers _______________________________________________ Devel mailing list [email protected] https://openvz.org/mailman/listinfo/devel
