Hi!
I put syslog errno 1 line into the /usr/share/lxc/config/common.seccomp file and it does perfect job preventing containers to see what's in dmesg:
# dmesg
dmesg: read kernel buffer failed: Operation not permitted
but i had recently found, that the kernel messages are getting to syslog, so they can be read from /var/log/syslog file anyway... Where does the rsyslog in lxc get these messages when dmesg is disabled??? Is there way to prevent this completely?
I put syslog errno 1 line into the /usr/share/lxc/config/common.seccomp file and it does perfect job preventing containers to see what's in dmesg:
# dmesg
dmesg: read kernel buffer failed: Operation not permitted
but i had recently found, that the kernel messages are getting to syslog, so they can be read from /var/log/syslog file anyway... Where does the rsyslog in lxc get these messages when dmesg is disabled??? Is there way to prevent this completely?