Mike <deb...@good-with-numbers.com> writes:

> This has sort of been mentioned earlier on this list.
> I noticed netfilter messages getting trashed in the various 
> /var/log/messages on a system with two containers, netfilter rules on 
> the host, and each container and the host running rsyslog.  On closer 
> inspection, I realized that only every other character or so of the 
> message was appearing in a given log file.  Disabling kernel logging in 
> the containers, by commenting out "$ModLoad imklog" in 
> /etc/rsyslog.conf, straightened out the log files.

Huh.  I disabled that because (containers') rsyslog reported it couldn't
read from the kernel log.  Maybe you've accidentally left containers
with read-access to arbitrary devices?

    # These are: null zero random urandom tty* tty console
    # ptmx pts/* rtc0
    lxc.cgroup.devices.deny = a
    lxc.cgroup.devices.allow = c 1:3 rw
    lxc.cgroup.devices.allow = c 1:5 rw
    lxc.cgroup.devices.allow = c 1:8 rw
    lxc.cgroup.devices.allow = c 1:9 rw
    lxc.cgroup.devices.allow = c 4:* rw
    lxc.cgroup.devices.allow = c 5:0 rw
    lxc.cgroup.devices.allow = c 5:1 rw
    lxc.cgroup.devices.allow = c 5:2 rw
    lxc.cgroup.devices.allow = c 136:* rw
    lxc.cgroup.devices.allow = c 254:0 r

And in the container, I configure rsyslog thusly:

    cat >/etc/dhcp3/dhclient-exit-hooks.d/lxc-postinst <<EOF
    case \$reason in
      *) return;;
    exec >/dev/console 2>&1 </dev/null
    rm -f /etc/dhcp3/dhclient-exit-hooks.d/lxc-postinst #
    delete self

    # [...]

    perl -p0 -i -e 's:(.|\\\n)*/dev/xconsole\$::' /etc/rsyslog.d/50-default.conf
    sed -i '/ModLoad imklog\|KLogPath/ s/^/#/' /etc/rsyslog.conf
    etckeeper commit "Suppress noise in logs."
    sed -i '/RSYSLOG_TraditionalFileFormat/ s/^/#/' /etc/rsyslog.conf
    cat >/etc/rsyslog.d/20-to-logserv.conf <<-EOT
            # Enable RFC 3339 (ns granularity) timestamps in CC'd logs.
            \\\$ActionForwardDefaultTemplate RSYSLOG_ForwardFormat
            # CC all logs to logserv.
            *.* @logserv
    etckeeper commit "Enable RFC 3339 timestamps in logs."
    restart rsyslog

    # [...]

Protect Your Site and Customers from Malware Attacks
Learn about various malware tactics and how to avoid them. Understand 
malware threats, the impact they can have on your business, and how you 
can protect your company and customers by using code signing.
Lxc-users mailing list

Reply via email to