| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 11 Dec 2012 10:22:36 -0800 From: ebiederm@...ssion.com (Eric W. Biederman) To: Glauber Costa <glommer@...allels.com> Cc: Serge Hallyn <serge.hallyn@...onical.com>, Andrew Morton <akpm@...ux-foundation.org>, Rui Xiang <leo.ruixiang@...il.com>, <netdev@...r.kernel.org>, <containers@...ts.linux-foundation.org> Subject: Re: [PATCH RFC 0/5] Containerize syslog Glauber Costa <glommer@...allels.com> writes: > On 12/07/2012 10:05 PM, Eric W. Biederman wrote: >> Glauber Costa <glommer@...allels.com> writes: >> >>> I keep asking myself if it isn't the case of forwarding to a container >>> all messages printed in process context. That will obviously exclude all >>> messages resulting from kthreads - that will always be in the initial >>> namespace anyway, interrupts, etc. There is no harm, for instance, in >>> delivering the same message twice: one to the container, and the other >>> to the host system. >> >> Except that there is harm in double printing. One of the better >> justifications for doing something with the kernel log is that it is >> possible to overflow the kernel log with operations performed >> exclusively in a container. >> > I don't agree with you here. > > If we are double printing, we are using up more memory, but we also have > an extra buffer anyway. The messages are print on behalf of the user, > but still, by the kernel. > > So one of the following will necessarily hold: > > 1) There is no way that the process can overflow the main log, and as a > consequence, the container log, that has less messages than it. > > 2) The process will overflow the main log. But since we are not printing > anything extra to the main log compared to the scenario in which the > process lives in the main namespace, this would already be a problem > independent of namespaces. And needs to be fixed. Well mounts, brining network interfaces up and down, running packets through our own choice of firewall rules, possibly enabling debug messages on network interfaces has the potential to create messages we aren't seeing today. > IOW, double printing should not print anything *extra* to the main log. > It just prints to the container log, and leaves a copy to the box admin > to see. I think it is very reasonable to imagine that the main admin > would like to see anything the kernel has to tell him about the box. The only reason that I have seen for doing anything with printks is because we are generating messages that would not be generated in a non-container environment. At which point double printing is scary because it allows a container user to flood the kernel log ring buffer and suppress interesting messages. >> I do think the idea of process context printks going to the current >> container one worth playing with. >> > > It still leaves the problem of prinkts outside process context that > should go to a namespace open. But it is easy to extend this idea to do > both. Hmm. For printks from process context I think I can see a point where double printing makes sense, because that is a rather indiscriminate grab of printk messages. Eric -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists