diff options
author | Daniel J Walsh <dwalsh@redhat.com> | 2020-10-05 16:33:09 -0400 |
---|---|---|
committer | Daniel J Walsh <dwalsh@redhat.com> | 2020-10-05 17:51:45 -0400 |
commit | 348f2df0c09e2e3b517add5271e6eee583800be3 (patch) | |
tree | eac3576a5ea40c71de7a8390fbd772a369219d8b /libpod | |
parent | 1b16fcfd14b9e761849e53ac2b83c964ad8ac5a9 (diff) | |
download | podman-348f2df0c09e2e3b517add5271e6eee583800be3.tar.gz podman-348f2df0c09e2e3b517add5271e6eee583800be3.tar.bz2 podman-348f2df0c09e2e3b517add5271e6eee583800be3.zip |
Support max_size logoptions
Docker supports log-opt max_size and so does conmon (ALthough poorly).
Adding support for this allows users to at least make sure their containers
logs do not become a DOS vector.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'libpod')
-rw-r--r-- | libpod/container_config.go | 2 | ||||
-rw-r--r-- | libpod/oci_conmon_linux.go | 13 | ||||
-rw-r--r-- | libpod/options.go | 28 |
3 files changed, 25 insertions, 18 deletions
diff --git a/libpod/container_config.go b/libpod/container_config.go index 3fc058d52..fc93140dd 100644 --- a/libpod/container_config.go +++ b/libpod/container_config.go @@ -287,6 +287,8 @@ type ContainerMiscConfig struct { LogPath string `json:"logPath"` // LogTag is the tag used for logging LogTag string `json:"logTag"` + // LogSize is the tag used for logging + LogSize int64 `json:"logSize"` // LogDriver driver for logs LogDriver string `json:"logDriver"` // File containing the conmon PID diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go index 1d4f33794..5e73bffe0 100644 --- a/libpod/oci_conmon_linux.go +++ b/libpod/oci_conmon_linux.go @@ -1352,10 +1352,6 @@ func (r *ConmonOCIRuntime) sharedConmonArgs(ctr *Container, cuuid, bundlePath, p } args = append(args, "-l", logDriverArg) - if r.logSizeMax >= 0 { - args = append(args, "--log-size-max", fmt.Sprintf("%v", r.logSizeMax)) - } - logLevel := logrus.GetLevel() args = append(args, "--log-level", logLevel.String()) @@ -1363,6 +1359,15 @@ func (r *ConmonOCIRuntime) sharedConmonArgs(ctr *Container, cuuid, bundlePath, p logrus.Debugf("%s messages will be logged to syslog", r.conmonPath) args = append(args, "--syslog") } + + size := r.logSizeMax + if ctr.config.LogSize > 0 { + size = ctr.config.LogSize + } + if size > 0 { + args = append(args, "--log-size-max", fmt.Sprintf("%v", size)) + } + if ociLogPath != "" { args = append(args, "--runtime-arg", "--log-format=json", "--runtime-arg", "--log", fmt.Sprintf("--runtime-arg=%s", ociLogPath)) } diff --git a/libpod/options.go b/libpod/options.go index f7190d0e3..1ffb78da9 100644 --- a/libpod/options.go +++ b/libpod/options.go @@ -328,20 +328,6 @@ func WithNoStore() RuntimeOption { } } -// WithMaxLogSize sets the maximum size of container logs. -// Positive sizes are limits in bytes, -1 is unlimited. -func WithMaxLogSize(limit int64) RuntimeOption { - return func(rt *Runtime) error { - if rt.valid { - return define.ErrRuntimeFinalized - } - - rt.config.Containers.LogSizeMax = limit - - return nil - } -} - // WithNoPivotRoot sets the runtime to use MS_MOVE instead of PIVOT_ROOT when // starting containers. func WithNoPivotRoot() RuntimeOption { @@ -543,6 +529,20 @@ func WithRuntimeFlags(runtimeFlags []string) RuntimeOption { // Container Creation Options +// WithMaxLogSize sets the maximum size of container logs. +// Positive sizes are limits in bytes, -1 is unlimited. +func WithMaxLogSize(limit int64) CtrCreateOption { + return func(ctr *Container) error { + if ctr.valid { + return define.ErrRuntimeFinalized + } + + ctr.config.LogSize = limit + + return nil + } +} + // WithShmDir sets the directory that should be mounted on /dev/shm. func WithShmDir(dir string) CtrCreateOption { return func(ctr *Container) error { |