/lists.openvz.org/mailman/listinfo/devel
--
A bientôt
=======
Jean-Marc PigeonE-Mail: j...@safe.ca
SAFE Inc. Phone: (514) 493-4280
Clement, 'a kiss solution' to get rid of SPAM (at l
,
waiting to hit??...).
I suppose something is wrong in dumpfile format, making the catastrophic
reboot event triggered!
Could the list give me an advice about way to trace/pinpoint the trouble
maker?
Idea? suggestion?
--
A bientôt
====
Capability to redirect iptable log, in the right containerized
syslog_ns, is now fully working.
Tried my best to have a very minimal foot-print.
BEWARE: patch not done for IPV6 (I can't test it),
you are welcome to do it.
Signed-off-by: Jean-Marc P
end;
- l1 = logged_chars - end;
+ if (sys_log_logged_chars > end) {
+ s1 = sys_log_buf + sys_log_buf_len - sys_log_logged_chars + end;
+ l1 = sys_log_logged_chars - end;
- s2 = log_buf;
+ s2 = sys_log_buf;
Hello,
Just got your Email... (Sic :-})
On Sat, 2010-02-13 at 11:13 -0800, Eric W. Biederman wrote:
> Jean-Marc Pigeon writes:
>
> > Added syslog.c such container /proc/kmsg and host /proc/kmsg
> > do not leak in each other.
> > Running rsyslog d
Containerized syslog is now part of nsproxy.
A new flag CLONE_SYSLOG allow to unshare
syslog area.
Main containerized syslog purpose is to allow
full container not to leak or compromise
hosts syslog data.
---
include/linux/init_task.h |2 +
Hello,
On Sat, 2010-02-13 at 14:33 -0800, Matt Helsley wrote:
> On Sat, Feb 13, 2010 at 04:56:16PM -0500, Jean-Marc Pigeon wrote:
> > Hello,
> >
> > [...]
>
> Yes. namespace boundaries only coincide if userspace chooses to
> make them coincide. For example, th
mple, I am using
day to day), is containerising iptables an other syslogs
nice way,
We are now 2.6.33 you are telling me what was experimented,
learned, month ago can't still be implemented
in current kernel main stream?....
-
Hello,
On Sat, 2010-02-13 at 10:11 -0800, Matt Helsley wrote:
> On Thu, Feb 11, 2010 at 11:48:43AM -0600, Serge E. Hallyn wrote:
> > Quoting Jean-Marc Pigeon (j...@safe.ca):
> > > Added syslog.c such container /proc/kmsg and host /proc/kmsg
> > > do not leak in
understanding about
what is happening?
--
A bientôt
==
Jean-Marc Pigeon Internet: j...@safe.ca
SAFE Inc. Phone: (514) 493-4280
rs > end) {
- s1 = log_buf + log_buf_len - logged_chars + end;
- l1 = logged_chars - end;
+ if (sys_log_logged_chars > end) {
+ s1 = sys_log_buf + sys_log_buf_len - sys_log_logged_chars + end;
+ l1 = sys_log_logged_chars - en
idea (duplicating&forwarding is done by tools as
rsyslogd).
>
> After we start getting flexible with syslog, the next request will be for
> audit flexibility. I don't even know how our netlink support suffices for
> that right now.
>
> (So, this all does turn into a big deal
ip filtering superset).
So CONT:printk must be writing too in the
"namespaced" ring buffer.
--
A bientôt
==
Jean-Marc Pigeon Internet: j...@safe.ca
SAFE Inc.
o me, as long /proc/kmsg is not existing
(/dev/null) in the CONT file tree.
--
A bientôt
==========
Jean-Marc Pigeon Internet: j...@safe.ca
SAFE Inc.
specific
CONT problem???
My 3 cents.
Seems to me we are very close to have a "production"
container, thanks to all contributor...
--
A bientôt
======
to container AND
iptables can log via kmsg, then message must be reported
to container (and duplicated to kmsg host?) and do not
make trouble to host.
>
> -serge
--
A bientôt
==
Jean-Marc Pigeon
right, should ALL /proc/kmsg be isolated from
each other???
How could it be done??
--
A bientôt
======
Jean-Marc Pigeon Internet: j..
with 2.6.33-rc4?? or did I missed
something? could someone confirm trouble with clone call?
Thanks.
--
A bientôt
======
Jean-Marc Pigeon Internet: j...@safe.ca
SAFE Inc.
18 matches
Mail list logo