Serge Hallyn <serge.hallyn@xxxxxxxxxxxxx> writes: > Not as a separate justification admittedly, but the description was > meant to explain it: right now /dev/kmsg and sys_syslog are not safe > and useful in a container; The user namespace solves this the biggest practical problem, like it solves so many other problems of excessive privileges in a container. Since these patches are still mostly in the design proof-of-concept/design phase I am inclined to see how getting a usable user namespace affects the situation on the ground. But I do think there are issues to be solved in some fashion. We have the possibiloity of configuring firewall logging rules that are not usable in containers. Similarly reasons for mount failures and number of other cases go silent. I think it makes some sense to change where we put things in the kernel log to solve these things but it also makes sense to ask the question is there a better solution. Hopefully a little more experience with these issues and time playing with ideas can make things clear. Eric _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
