Mike <[email protected]> writes:
> This has sort of been mentioned earlier on this list.
>
> I noticed netfilter messages getting trashed in the various
> /var/log/messages on a system with two containers, netfilter rules on
> the host, and each container and the host running rsyslog. On closer
> inspection, I realized that only every other character or so of the
> message was appearing in a given log file. Disabling kernel logging in
> the containers, by commenting out "$ModLoad imklog" in
> /etc/rsyslog.conf, straightened out the log files.
Huh. I disabled that because (containers') rsyslog reported it couldn't
read from the kernel log. Maybe you've accidentally left containers
with read-access to arbitrary devices?
# These are: null zero random urandom tty* tty console
# ptmx pts/* rtc0
lxc.cgroup.devices.deny = a
lxc.cgroup.devices.allow = c 1:3 rw
lxc.cgroup.devices.allow = c 1:5 rw
lxc.cgroup.devices.allow = c 1:8 rw
lxc.cgroup.devices.allow = c 1:9 rw
lxc.cgroup.devices.allow = c 4:* rw
lxc.cgroup.devices.allow = c 5:0 rw
lxc.cgroup.devices.allow = c 5:1 rw
lxc.cgroup.devices.allow = c 5:2 rw
lxc.cgroup.devices.allow = c 136:* rw
lxc.cgroup.devices.allow = c 254:0 r
And in the container, I configure rsyslog thusly:
cat >/etc/dhcp3/dhclient-exit-hooks.d/lxc-postinst <<EOF
case \$reason in
BOUND|RENEW|REBIND|REBOOT) :;;
*) return;;
esac
exec >/dev/console 2>&1 </dev/null
rm -f /etc/dhcp3/dhclient-exit-hooks.d/lxc-postinst #
delete self
# [...]
perl -p0 -i -e 's:(.|\\\n)*/dev/xconsole\$::' /etc/rsyslog.d/50-default.conf
sed -i '/ModLoad imklog\|KLogPath/ s/^/#/' /etc/rsyslog.conf
etckeeper commit "Suppress noise in logs."
sed -i '/RSYSLOG_TraditionalFileFormat/ s/^/#/' /etc/rsyslog.conf
cat >/etc/rsyslog.d/20-to-logserv.conf <<-EOT
# Enable RFC 3339 (ns granularity) timestamps in CC'd logs.
\\\$ActionForwardDefaultTemplate RSYSLOG_ForwardFormat
# CC all logs to logserv.
*.* @logserv
EOT
etckeeper commit "Enable RFC 3339 timestamps in logs."
restart rsyslog
# [...]
EOF
------------------------------------------------------------------------------
Protect Your Site and Customers from Malware Attacks
Learn about various malware tactics and how to avoid them. Understand
malware threats, the impact they can have on your business, and how you
can protect your company and customers by using code signing.
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Lxc-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/lxc-users
