[Devel] Containerized syslog
Jean-Philippe Menil
jean-philippe.menil at univ-nantes.fr
Wed May 12 07:58:42 PDT 2010
Hi,
I'm playing with containers under debian (squeeze, 2.6.33.3) with the
lxc tools.
I'm really happy about all the features (attach veth on bridge, filter
with iptables inside the containers, etc ...), and i was thinking to
replace some of our vservers (and maybe some of our kvm) with this solution.
But actually, i experiment a problem with the iptables logs:
i've iptables on the host to filter some container, basically a squid
proxy. I've another container who act as router, and he has his own
iptables inside.
All the log are deported to a dedicated syslog server.
It appear that, the iptables log of the host are also deported by the
syslog container (proxy).
Some of our guest (container, vserver, etc ) are administer by other
sys-admin, that should not have access to theses informations.
This point is blocking me today, before going into production with
containers.
I've seen some patch made by Jean-Marc Pigeon about this problem,
but they have not been commited.
Is there any reason for that?
Can someone advice me to circumvent this problem?
Thanks a lot.
Regards.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jean-philippe_menil.vcf
Type: text/x-vcard
Size: 433 bytes
Desc: not available
URL: <http://lists.openvz.org/pipermail/devel/attachments/20100512/301fe45f/attachment.vcf>
-------------- next part --------------
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list