see https://bugs.gentoo.org/show_bug.cgi?id=536320
lee <l...@yagibdah.de> writes: > Hi, > > I'm trying to get fail2ban to work on the host and keep getting error > messages like: > > > ,---- > | Jan 08 21:13:04 [/etc/init.d/fail2ban] You have to create an init script > for each container: > | Jan 08 21:13:04 [/etc/init.d/fail2ban] ln -s lxc /etc/init.d/lxc.container > | Jan 08 21:13:05 [/etc/init.d/fail2ban] ERROR: fail2ban failed to start > `---- > > > After 'ln -s lxc /etc/init.d/lxc.container', it says: > > > ,---- > | Jan 08 21:17:08 [/etc/init.d/fail2ban] Unable to find a suitable > configuration file. > | Jan 08 21:17:08 [/etc/init.d/fail2ban] If you set up the container in a > non-standard > | Jan 08 21:17:08 [/etc/init.d/fail2ban] location, please set the CONFIGFILE > variable. > | Jan 08 21:17:09 [/etc/init.d/fail2ban] ERROR: fail2ban failed to start > `---- > > > Naming the link 'lxc.acheron', with 'acheron' being the name of the > container, gives the first error message again. The containers' > configuration is at the default location: > > > ,---- > | heimdali init.d # ls -la /etc/lxc/acheron/config > | -rw-r--r-- 1 root root 967 5. Jan 01:14 /etc/lxc/acheron/config > | heimdali init.d # > `---- > > > What am I missing? > > Shorewall is used on the host, exim is running in the container, and I > want fail2ban (on the host) to look into the logfile of the exim which > runs in the container: > > > ,---- > | heimdali fail2ban # cat paths-overrides.local > | exim_main_log = /etc/lxc/acheron/rootfs/var/log/exim/exim_main.log > | heimdali fail2ban # > `---- > > > I don't want to run fail2ban in the container because the container must > not mess with the firewall settings of the host. If a container can do > that, then what's the point of having containers in the first place? > > > BTW, why does Gentoo put containers under /etc? Containers aren't > configuration files ... -- Again we must be afraid of speaking of daemons for fear that daemons might swallow us. Finally, this fear has become reasonable.
