commit a05db0e099a101ec67f6487adb80dd9097adf1fe Author: Tim Biermann <tbier@posteo.de> Date: Sat Mar 5 16:17:57 2022 +0100 sysklogd: added patch to disable kernel logging inside a LXC/LXD container diff --git a/sysklogd/.signature b/sysklogd/.signature index 0a31bb50..31836882 100644 --- a/sysklogd/.signature +++ b/sysklogd/.signature @@ -1,8 +1,9 @@ untrusted comment: verify with /etc/ports/core.pub -RWRJc1FUaeVeqqMYdTy60EFhQxP+Ad5iLEwD94xBvO88dUys13r4czw/A/Z4r9OJIHs98+jozvE7Zjvhggyz/7dQGzjJF0fruwA= -SHA256 (Pkgfile) = 721c1c92f8be59c9f24d878834ac5206ded3cc2c7841e1868e771facd183cb0f +RWRJc1FUaeVeqjpsMrfVT+MbNKilratUanJ3xyHJPQO2esqYajWEPBuuI+ODqgFgi1Jfo9YuC5sHgHWl6okZPENHEfZCXRJx2AE= +SHA256 (Pkgfile) = f480773a76b4de57020ac672fffd7f27bdfb16f8141eecac33110599db202a8d SHA256 (.footprint) = 31677d7ab33846d1a9b4a78c8570273d37f05e2ded2e784698af56586e603cd6 SHA256 (sysklogd-2.3.0.tar.gz) = 9a410b484713d9600c820d8113f2d80cb14708328c908b1a28e8b7b31fd54f57 +SHA256 (kmsg.patch) = bdfb4b39bcdf57ca1ba1b61f76e1766e30615cf7b80639d227fff06ecb686a5e SHA256 (rotatelog) = 4f51230e8c371d61018d88f6d88d1c6bf6b9aee054302fbf4285c82084bdc98f SHA256 (syslog) = fc29247aaee9baec087d29a6ffef469d8301bddef913bb7eee67151fceba7112 SHA256 (syslog.conf) = b38189cac2b80dcd7d74d8759dddcdd57a203becdbece27253d6d2ba25be95c2 diff --git a/sysklogd/Pkgfile b/sysklogd/Pkgfile index 1c97de78..57c43a83 100644 --- a/sysklogd/Pkgfile +++ b/sysklogd/Pkgfile @@ -4,13 +4,17 @@ name=sysklogd version=2.3.0 -release=1 +release=2 source=(https://github.com/troglobit/sysklogd/releases/download/v$version/$name-$ver... \ + kmsg.patch rotatelog syslog syslog.conf sysklogd) build() { cd $name-$version + # https://github.com/troglobit/sysklogd/issues/48 + patch -Np1 -i $SRC/kmsg.patch + ./configure \ --prefix=/usr \ --sysconfdir=/etc \ diff --git a/sysklogd/kmsg.patch b/sysklogd/kmsg.patch new file mode 100644 index 00000000..249fabec --- /dev/null +++ b/sysklogd/kmsg.patch @@ -0,0 +1,283 @@ +diff --git a/configure.ac b/configure.ac +index 4648eea..d6898c7 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -25,7 +25,7 @@ + # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + # SUCH DAMAGE. + +-AC_INIT([sysklogd], [2.3.0], [https://github.com/troglobit/sysklogd/issues],, ++AC_INIT([sysklogd], [2.4.0-dev], [https://github.com/troglobit/sysklogd/issues],, + [https://github.com/troglobit/sysklogd]) + AC_CONFIG_AUX_DIR(aux) + AM_INIT_AUTOMAKE([1.11 foreign subdir-objects]) +diff --git a/man/syslog.conf.5 b/man/syslog.conf.5 +index cdc131e..41fb86e 100644 +--- a/man/syslog.conf.5 ++++ b/man/syslog.conf.5 +@@ -527,7 +527,7 @@ including the main file itself and compressed files kept. The size + argument takes the same modifiers as the + .Xr syslogd 8 + command line option, +-.Fl R . ++.Fl r . + .Bd -literal -offset indent + # Log all messages, including kernel, to the messages file rotate it + # every 100 kiB and keep up to 10 aged out, and compressed, files. +diff --git a/man/syslogd.8 b/man/syslogd.8 +index 78517cd..8bb3863 100644 +--- a/man/syslogd.8 ++++ b/man/syslogd.8 +@@ -38,7 +38,7 @@ + .Nd log systems messages + .Sh SYNOPSIS + .Nm +-.Op Fl ?46AdFHKknsTv ++.Op Fl ?46AdFHKknsTtv + .Op Fl a Ar addr[/len][:port] + .Op Fl a Ar name[:port] + .Op Fl b Ar addr[:port] +@@ -256,23 +256,8 @@ and wants to monitor when and how it exits. + When logging remote messages use hostname from the message (if supplied) + instead of using address from which the message was received. + .It Fl K +-Keep (trust) kernel timestamp. +-.Pp +-On Linux systems the +-.Pa /dev/kmsg +-timestamp is a monotonic clock, in microseconds, relative to the boot of +-the system. This timestamp is, among other things, +-.Sy not +-adjusted for suspend/resume cycles, meaning the kernel logs can start to +-go out of sync with the rest of the system. This in turn can make it +-really hard to correlate events. +-.Pp +-.Nm +-by default only trusts the kernel timestamp when starting up the first +-time. As soon as the the kernel ring buffer has been emptied, +-.Nm +-uses its own current time for each received kernel log message. This +-option disables that behavior. ++Disable kernel logging. Useful in container use-cases where kernel logs ++har handled by the host system. + .It Fl k + Disable the translation of + messages received with facility +@@ -336,6 +321,24 @@ Always use the local time and date for messages received from the network, + instead of the timestamp field supplied in the message by the remote host. + This is useful if some of the originating hosts cannot keep time properly + or are unable to generate a correct timestamp. ++.It Fl t ++Keep (trust) kernel timestamp. ++.Pp ++On Linux systems the ++.Pa /dev/kmsg ++timestamp is a monotonic clock, in microseconds, relative to the boot of ++the system. This timestamp is, among other things, ++.Sy not ++adjusted for suspend/resume cycles, meaning the kernel logs can start to ++go out of sync with the rest of the system. This in turn can make it ++really hard to correlate events. ++.Pp ++.Nm ++by default only trusts the kernel timestamp when starting up the first ++time. As soon as the the kernel ring buffer has been emptied, ++.Nm ++uses its own current time for each received kernel log message. This ++option disables that behavior. + .It Fl v + Show program version and exit. + .El +diff --git a/src/syslogd.c b/src/syslogd.c +index fa4303f..02d0718 100644 +--- a/src/syslogd.c ++++ b/src/syslogd.c +@@ -140,6 +140,7 @@ static int SecureMode; /* when true, receive only unix domain socks */ + static int RemoteAddDate; /* Always set the date on remote messages */ + static int RemoteHostname; /* Log remote hostname from the message */ + ++static int KernLog = 1; /* Track kernel logs by default */ + static int KeepKernFac; /* Keep remotely logged kernel facility */ + static int KeepKernTime; /* Keep kernel timestamp, evern after initial read */ + +@@ -188,6 +189,40 @@ static int waitdaemon(int); + static void timedout(int); + + ++/* ++ * Very basic, and incomplete, check if we're running in a container. ++ * If so, we probably want to disable kernel logging. ++ */ ++static int in_container(void) ++{ ++ const char *files[] = { ++ "/run/.containerenv", ++ "/.dockerenv" ++ }; ++ const char *containers[] = { ++ "lxc", ++ "docker", ++ "kubepod" ++ }; ++ size_t i; ++ char *c; ++ ++ c = getenv("container"); ++ if (c) { ++ for (i = 0; i < NELEMS(containers); i++) { ++ if (!strcmp(containers[i], c)) ++ return 1; ++ } ++ } ++ ++ for (i = 0; i < NELEMS(files); i++) { ++ if (!access(files[i], F_OK)) ++ return 1; ++ } ++ ++ return 0; ++} ++ + static int addpeer(struct peer *pe0) + { + struct peer *pe; +@@ -255,8 +290,8 @@ static void sys_seqno_save(void) + int usage(int code) + { + printf("Usage:\n" +- " syslogd [-46AdFKknsTv?] [-a PEER] [-b NAME] [-f FILE] [-m INTERVAL]\n" +- " [-P PID_FILE] [-p SOCK_PATH] [-r SIZE[:NUM]]\n" ++ " syslogd [-46AdFKknsTtv?] [-a PEER] [-b NAME] [-f FILE] [-m INTERVAL]\n" ++ " [-P PID_FILE] [-p SOCK_PATH] [-r SIZE[:NUM]]\n" + "Options:\n" + " -4 Force IPv4 only\n" + " -6 Force IPv6 only\n" +@@ -285,8 +320,8 @@ int usage(int code) + " -d Enable debug mode, implicitly enables -F to prevent backgrounding\n" + " -F Run in foreground, required when monitored by init(1)\n" + " -f FILE Alternate .conf file, default: %s\n" ++ " -K Disable kernel logging, useful in container use-cases\n" + " -k Allow logging with facility 'kernel', otherwise remapped to 'user'\n" +- " -K Keep kernel timestamp, even after initial ring buffer emptying\n" + " -m MINS Interval between MARK messages, 0 to disable, default: 20 min\n" + " -n Disable DNS query for every request\n" + " -P FILE File to store the process ID, default: %s\n" +@@ -298,6 +333,7 @@ int usage(int code) + " -s Operate in secure mode, do not log messages from remote machines.\n" + " If specified twice, no socket at all will be opened, which also\n" + " disables support for logging to remote machines.\n" ++ " -t Keep kernel timestamp, even after initial ring buffer emptying\n" + " -T Use local time and date for messages received from remote hosts\n" + " -? Show this help text\n" + " -v Show program version and exit\n" +@@ -314,11 +350,13 @@ int usage(int code) + int main(int argc, char *argv[]) + { + pid_t ppid = 1; ++ int no_sys = 0; ++ int pflag = 0; ++ int bflag = 0; + char *ptr; +- int pflag = 0, bflag = 0; + int ch; + +- while ((ch = getopt(argc, argv, "46Aa:b:C:dHFf:Kkm:nP:p:r:sTv?")) != EOF) { ++ while ((ch = getopt(argc, argv, "46Aa:b:C:dHFf:Kkm:nP:p:r:sTtv?")) != EOF) { + switch ((char)ch) { + case '4': + family = PF_INET; +@@ -369,12 +407,12 @@ int main(int argc, char *argv[]) + RemoteHostname = 1; + break; + +- case 'k': /* keep remote kern fac */ +- KeepKernFac = 1; ++ case 'K': ++ KernLog = 0; + break; + +- case 'K': /* keep/trust kernel timestamp always */ +- KeepKernTime = 1; ++ case 'k': /* keep remote kern fac */ ++ KeepKernFac = 1; + break; + + case 'm': /* mark interval */ +@@ -414,6 +452,10 @@ int main(int argc, char *argv[]) + RemoteAddDate = 1; + break; + ++ case 't': /* keep/trust kernel timestamp always */ ++ KeepKernTime = 1; ++ break; ++ + case 'v': + printf("syslogd v%s\n", VERSION); + exit(0); +@@ -457,15 +499,24 @@ int main(int argc, char *argv[]) + * /dev/kmsg and fall back to _PROC_KLOG, which on GLIBC + * systems is /proc/kmsg, and /dev/klog on *BSD. + */ +- sys_seqno_load(); +- if (opensys("/dev/kmsg")) { +- if (opensys(_PATH_KLOG)) +- warn("Kernel logging disabled, failed opening %s", _PATH_KLOG); +- else +- kern_console_off(); +- } else +- kern_console_off(); ++ if (KernLog) { ++ if (in_container()) { ++ KernLog = 0; ++ no_sys = 1; ++ goto no_klogd; ++ } + ++ sys_seqno_load(); ++ if (opensys("/dev/kmsg")) { ++ if (opensys(_PATH_KLOG)) ++ warn("Kernel logging disabled, failed opening %s", ++ _PATH_KLOG); ++ else ++ kern_console_off(); ++ } else ++ kern_console_off(); ++ } ++no_klogd: + consfile.f_type = F_CONSOLE; + strlcpy(consfile.f_un.f_fname, ctty, sizeof(consfile.f_un.f_fname)); + +@@ -504,6 +555,10 @@ int main(int argc, char *argv[]) + if (ppid != 1) + kill(ppid, SIGALRM); + ++ /* Log if we disabled klogd */ ++ if (no_sys) ++ NOTE("Running in a container, disabling klogd."); ++ + /* Main loop begins here. */ + for (;;) { + int rc; +@@ -523,7 +578,8 @@ int main(int argc, char *argv[]) + if (rc < 0 && errno != EINTR) + ERR("select()"); + +- sys_seqno_save(); ++ if (KernLog) ++ sys_seqno_save(); + } + } + +@@ -584,8 +640,12 @@ static void kernel_cb(int fd, void *arg) + + static int opensys(const char *file) + { ++ struct stat st; + int fd; + ++ if (stat(file, &st) || !S_ISCHR(st.st_mode)) ++ return 1; ++ + fd = open(file, O_RDONLY | O_NONBLOCK | O_CLOEXEC, 0); + if (fd < 0) + return 1;