Syslog namespace

Serge Hallyn serge.hallyn at
Fri Nov 23 17:58:35 UTC 2012


At the uds-r lxc session the syslog namespace was brought up as
something worth pushing for 13.10.  It was suggested that I send an
email describing the syslog ns to the kernel team.

A syslog namespace provides its tasks with its own in-kernel ringbuffer
and filters access through /dev/kmsg and the syslog system call to its
namespace.  Kernel messages pertaining to resources owned by the container
(such as netfilter messages) would be sent to the container.

An initial design doc is at, and the patch
was sent to the containers mailing list here: .  Another independely developed patchset
was posted a few days later (as a reply), so there is community
interest.  I'm not in-lining it here because (1) I'm not asking for
inclusion right now, and (2) there will be some changes (see below).  I
intend to ask for inclusion only if it appears definately headed into
either linux-next or into the user namespace tree.

The result of discussion on the patch submission is that the syslog
namespace will probably end up not a namespace of its own, but rather a
feature added to the user namespace.  At least, noone has yet complained
about the reduced flexibility of that approach impacting their use-case.
If it does, the syslog ns will probably go into the nsproxy.

If you have any questions, or want me to cc: the kernel team to the next
submission, please let me know.


More information about the kernel-team mailing list