| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 27 Nov 2012 21:25:56 +0800 From: Libo Chen <chenlibo.3@...il.com> To: "Serge E. Hallyn" <serge@...lyn.com> CC: lizefan@...wei.com, netdev@...r.kernel.org, containers@...ts.linux-foundation.org, "Eric W. Biederman" <ebiederm@...ssion.com>, Xiang Rui <rui.xiang@...wei.com> Subject: Re: [PATCH RFC 3/5] printk: modify printk interface for syslog_namespace From: Libo Chen <clbchenlibo.chen@...wei.com> On 2012-11-25 12:28, Serge E. Hallyn wrote: > Quoting Libo Chen (chenlibo.3@...il.com): >> On 2012/11/22 1:49, Serge E. Hallyn wrote: >> >>> I notice that you haven't made any changes to the struct cont. I >>> suspect this means that to-be-continued msgs from one ns can be >>> erroneously mixed with another ns. >>> >> Yes, I confirmed this problem. There will be erroneously mixed with another ns. >> Thank you very much. >> >>> You said you don't mind putting the syslogns into the userns. If >>> there's no reason not to do that, then we should do so as it will >>> remove a bunch of code (plus the use of a new CLONE flag) from your >>> patch, and the new syslog(NEW_NS) command from mine. >>> >> I agree with you, both are removable. >> >>> Now IMO the ideal place for syslog_ns would be in the devices ns, >>> but that does not yet exist, and may never. The bonus to that would >>> be that the consoles sort of belong there. I avoid this by not >>> having consoles in child syslog namespaces. You put the console in >>> the ns. I haven't looked closely enough to see if what you do is >>> ok (will do so soon). >>> >>> WOuld you mind looking through my patch to see if it suffices for >>> your needs? Where it does not, patches would be greatly appreciated >>> if simple enough. >> >> follow your patch, I can see inject message by "dmesg call" in container, is right? > > If I understand you right, yes. > >> I am worry that I debug or see messages from serial ports console in some embedded system, >> since console belongs to init_syslog, so the message in container can`t be printed. > > Sorry, I don't understand which way you're going with that. Could you > rephrase? You want to prevent console messages from going to a > container? (That should definately not happen) Or something else? > I reviewed your patch, and found that console could only print messages belonging to init_syslog. So the message belongs to container syslog can not be printed from console, but only "dmesg call" in user space. Is that right? For example, the messages can not be outputed automatically from serial port as a kind of consoles on some embedded system. And I am not sure if there are no other problems. thanks! >>> Note I'm not at all wedded to my patchset. I'm happy to go with >>> something else entirely. My set was just a proof of concept. > > thanks, > -serge > _______________________________________________ > Containers mailing list > Containers@...ts.linux-foundation.org > https://lists.linuxfoundation.org/mailman/listinfo/containers > > -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists