[Devel] Containerized syslog

Jean-Philippe Menil jean-philippe.menil at univ-nantes.fr
Wed May 12 07:58:42 PDT 2010


Hi,

I'm playing with containers under debian (squeeze, 2.6.33.3) with the 
lxc tools.
I'm really happy about all the features (attach veth on bridge, filter 
with iptables inside the containers, etc ...), and i was thinking to 
replace some of our vservers (and maybe some of our kvm) with this solution.

But actually, i experiment a problem with the iptables logs:
i've iptables on the host to filter some container, basically a squid 
proxy. I've another container who act as router, and he has his own 
iptables inside.
All the log are deported to a dedicated syslog server.
It appear that, the iptables log of the host are also deported by the 
syslog container (proxy).

Some of our guest (container, vserver, etc ) are administer by other 
sys-admin, that should not have access to theses informations.

This point is blocking me today, before going into production with 
containers.

I've seen some patch made by Jean-Marc Pigeon about this problem,
but they have not been commited.

Is there any reason for that?
Can someone advice me to circumvent this problem?

Thanks a lot.

Regards.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jean-philippe_menil.vcf
Type: text/x-vcard
Size: 433 bytes
Desc: not available
URL: <http://lists.openvz.org/pipermail/devel/attachments/20100512/301fe45f/attachment.vcf>
-------------- next part --------------
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers


More information about the Devel mailing list