aboutsummaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2020-10-05 16:33:09 -0400
committerDaniel J Walsh <dwalsh@redhat.com>2020-10-05 17:51:45 -0400
commit348f2df0c09e2e3b517add5271e6eee583800be3 (patch)
treeeac3576a5ea40c71de7a8390fbd772a369219d8b /libpod
parent1b16fcfd14b9e761849e53ac2b83c964ad8ac5a9 (diff)
downloadpodman-348f2df0c09e2e3b517add5271e6eee583800be3.tar.gz
podman-348f2df0c09e2e3b517add5271e6eee583800be3.tar.bz2
podman-348f2df0c09e2e3b517add5271e6eee583800be3.zip
Support max_size logoptions
Docker supports log-opt max_size and so does conmon (ALthough poorly). Adding support for this allows users to at least make sure their containers logs do not become a DOS vector. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'libpod')
-rw-r--r--libpod/container_config.go2
-rw-r--r--libpod/oci_conmon_linux.go13
-rw-r--r--libpod/options.go28
3 files changed, 25 insertions, 18 deletions
diff --git a/libpod/container_config.go b/libpod/container_config.go
index 3fc058d52..fc93140dd 100644
--- a/libpod/container_config.go
+++ b/libpod/container_config.go
@@ -287,6 +287,8 @@ type ContainerMiscConfig struct {
LogPath string `json:"logPath"`
// LogTag is the tag used for logging
LogTag string `json:"logTag"`
+ // LogSize is the tag used for logging
+ LogSize int64 `json:"logSize"`
// LogDriver driver for logs
LogDriver string `json:"logDriver"`
// File containing the conmon PID
diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go
index 1d4f33794..5e73bffe0 100644
--- a/libpod/oci_conmon_linux.go
+++ b/libpod/oci_conmon_linux.go
@@ -1352,10 +1352,6 @@ func (r *ConmonOCIRuntime) sharedConmonArgs(ctr *Container, cuuid, bundlePath, p
}
args = append(args, "-l", logDriverArg)
- if r.logSizeMax >= 0 {
- args = append(args, "--log-size-max", fmt.Sprintf("%v", r.logSizeMax))
- }
-
logLevel := logrus.GetLevel()
args = append(args, "--log-level", logLevel.String())
@@ -1363,6 +1359,15 @@ func (r *ConmonOCIRuntime) sharedConmonArgs(ctr *Container, cuuid, bundlePath, p
logrus.Debugf("%s messages will be logged to syslog", r.conmonPath)
args = append(args, "--syslog")
}
+
+ size := r.logSizeMax
+ if ctr.config.LogSize > 0 {
+ size = ctr.config.LogSize
+ }
+ if size > 0 {
+ args = append(args, "--log-size-max", fmt.Sprintf("%v", size))
+ }
+
if ociLogPath != "" {
args = append(args, "--runtime-arg", "--log-format=json", "--runtime-arg", "--log", fmt.Sprintf("--runtime-arg=%s", ociLogPath))
}
diff --git a/libpod/options.go b/libpod/options.go
index f7190d0e3..1ffb78da9 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -328,20 +328,6 @@ func WithNoStore() RuntimeOption {
}
}
-// WithMaxLogSize sets the maximum size of container logs.
-// Positive sizes are limits in bytes, -1 is unlimited.
-func WithMaxLogSize(limit int64) RuntimeOption {
- return func(rt *Runtime) error {
- if rt.valid {
- return define.ErrRuntimeFinalized
- }
-
- rt.config.Containers.LogSizeMax = limit
-
- return nil
- }
-}
-
// WithNoPivotRoot sets the runtime to use MS_MOVE instead of PIVOT_ROOT when
// starting containers.
func WithNoPivotRoot() RuntimeOption {
@@ -543,6 +529,20 @@ func WithRuntimeFlags(runtimeFlags []string) RuntimeOption {
// Container Creation Options
+// WithMaxLogSize sets the maximum size of container logs.
+// Positive sizes are limits in bytes, -1 is unlimited.
+func WithMaxLogSize(limit int64) CtrCreateOption {
+ return func(ctr *Container) error {
+ if ctr.valid {
+ return define.ErrRuntimeFinalized
+ }
+
+ ctr.config.LogSize = limit
+
+ return nil
+ }
+}
+
// WithShmDir sets the directory that should be mounted on /dev/shm.
func WithShmDir(dir string) CtrCreateOption {
return func(ctr *Container) error {