|| ||Rui Xiang <leo.ruixiang-Re5JQEeQqe8AvxtiuMwx3w-AT-public.gmane.org> |
|| ||"Serge E. Hallyn" <serge-A9i7LUbDfNHQT0dZR+AlfA-AT-public.gmane.org> |
|| ||Re: [PATCH RFC 0/5] Containerize syslog |
|| ||Wed, 21 Nov 2012 17:35:27 +0800|
"Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w-AT-public.gmane.org>, netdev-u79uwXL29TY76Z2rM5mHXA-AT-public.gmane.org|
|| ||Article, Thread
On 2012-11-19 22:37, Serge E. Hallyn wrote:
> Quoting Rui Xiang (leo.ruixiang-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org):
>> From: Xiang Rui <rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
>> In Serge's patch (http://lwn.net/Articles/525629/), syslog_namespace was tied to a user
>> namespace. We add syslog_ns tied to nsproxy instead, and implement ns_printk in
>> ip_table context.
> Since you say 'we', I'm just wondering, which project is this a part of?
Thank you for your attention.
We may use container in our company, and one of the missing part we found is syslog
isolation (though we require this feature or not is not sure at this moment), so we
made this patchset.
>> We add syslog_namespace as a part of nsproxy, and a new flag CLONE_SYSLOG to unshare
>> syslog area.
> Thanks, looks like you save me the time of having to add some users of
> nsprintk :)
> I understand that user namespaces aren't 100% usable yet, but looking
> long term, is there a reason to have the syslog namespace separate
> from user namespace?
Actually we don't have strong preference. We'll think more about it. Hope we can make
consensus with Eric.
to post comments)