Quoting Jean-Marc Pigeon ([email protected]): > Hello, > > > I have containerized syslog, such each container has its > own syslog. > > Container can have their own set of iptables rules. > > I was expecting CONT: iptables log report to be > send to the CONT: syslog, which is not the case, > they are rather sent to HOST: syslog. > > This means to me, iptables rules are containerized, > but the execution is NOT (CONT: rules are checked > within the HOST: context, not the CONT: context). > > Could somebody give me hint where I should look > in the code, to have a better understanding about > what is happening?
Again, printk can be called from any context, so you can't rely on 'current'. But you are relying on current in emit_log_char() to get the syslog_ns. That is why you're getting that. You're going to have to keep a separate container_printk (nsprintk) which is called with a syslog_ns. Then in functions where you know you can determine the syslog_ns, you can call that fn instead of printk and pass the ns. Note that since iptables printks are happening out of context, this means yet another problem: you'll need to have a way to get the syslog_ns from the netns, which I suspect is the only thing can track at that point. -serge _______________________________________________ Containers mailing list [email protected] https://lists.linux-foundation.org/mailman/listinfo/containers _______________________________________________ Devel mailing list [email protected] https://openvz.org/mailman/listinfo/devel
