[Devel] Re: containerized syslog

Serge E. Hallyn serue at us.ibm.com
Thu Feb 11 11:29:52 PST 2010


Quoting Jean-Marc Pigeon (jmp at safe.ca):
> Hello,
> 
> 
> > 
> > Thanks Jean-Marc.  But this really isn't doing most of what I'd
> > recommended in my last emails (both public and private.  In
> > particular:
> [....]	
> > 
> > syslog_ns should be moved into nsproxy and unshared with a
> > separate clone(CLONE_SYSLOG);
> 	This this not a problem.
> 	My understanding a new clone flag was not an option
> 	as we are short in CLONE flag.
> 	No design nor arch problem if we set  CLONE_SYSLOG
> 	to be 0x100000000  ?????
> 
> 	If moved in nsproxy what is the hook to
> 	get the "current context". (used current_user_ns()
> 	as it was in user_namespace).
> 
> 
> [...]	
> 
> > That was why I suggested:
> [...]
> > >! 4. take a printk call like the iptables ones you want and turn
> > >! int into nsprintk syscall.
> > >! 
> 
> 	If my understanding is right you propose to use a
> 	special nsprintk to be used by iptable such
> 	we can send "packet log" in "container context"
> 	Right?
> 
> 	Logic is weak.

No logic is irrefutable :)  Because:

> 	1)
> 	The way I changed printk, so far, make of it a "de facto"
> 	nsprintk. So when called from netfilter, nsprintk
> 	is still stay in HOST: context. My understanding,

No, it could be called from the context of a task in any
random container.

-serge
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers




More information about the Devel mailing list