LXC: Disabled dmesg, syslog still sees kernel messages


Apr 5, 2017

I put syslog errno 1 line into the /usr/share/lxc/config/common.seccomp file and it does perfect job preventing containers to see what's in dmesg:
# dmesg
dmesg: read kernel buffer failed: Operation not permitted

but i had recently found, that the kernel messages are getting to syslog, so they can be read from /var/log/syslog file anyway... Where does the rsyslog in lxc get these messages when dmesg is disabled??? Is there way to prevent this completely?


The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!