[Bug 1111012] New: cri-o writes log files to /tmp
http://bugzilla.suse.com/show_bug.cgi?id=1111012 Bug ID: 1111012 Summary: cri-o writes log files to /tmp Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Kubic Assignee: vrothberg@suse.com Reporter: kukuk@suse.com QA Contact: qa-bugs@suse.de CC: kubic-bugs@opensuse.org Found By: --- Blocker: --- cri-o seems to write log files to /tmp. This should never be done, as the name seems to be guessable, it could be a security problem, too. As cri-o is creating several files, I think best would be an own directory /var/log/cri-o -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1111012
http://bugzilla.suse.com/show_bug.cgi?id=1111012#c1
--- Comment #1 from Valentin Rothberg
http://bugzilla.suse.com/show_bug.cgi?id=1111012
http://bugzilla.suse.com/show_bug.cgi?id=1111012#c2
Richard Brown
I guess we can achieve this by changing the crio.conf in our package.
See `man crio`: --log="": Set the log file path where internal debug information is written
Does that mean the docs need updating - there's no mention of a log param in the crio.conf man page AFAICS https://github.com/kubernetes-sigs/cri-o/blob/9246d35b40666132a27b89bfd2c5b9... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1111012
http://bugzilla.suse.com/show_bug.cgi?id=1111012#c3
--- Comment #3 from Valentin Rothberg
(In reply to Valentin Rothberg from comment #1)
I guess we can achieve this by changing the crio.conf in our package.
See `man crio`: --log="": Set the log file path where internal debug information is written
Does that mean the docs need updating - there's no mention of a log param in the crio.conf man page AFAICS
https://github.com/kubernetes-sigs/cri-o/blob/ 9246d35b40666132a27b89bfd2c5b9e3eef55a8b/docs/crio.conf.5.md
Looks like, yes. The conf manpage was quite outdated, so it seems likely that this option was forgotten. Let's check if it works with --log (and setting it in crio.conf) and open a PR upstream. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1111012
http://bugzilla.suse.com/show_bug.cgi?id=1111012#c4
--- Comment #4 from Richard Brown
Looks like, yes. The conf manpage was quite outdated, so it seems likely that this option was forgotten. Let's check if it works with --log (and setting it in crio.conf) and open a PR upstream.
--log works when set to a full filepath. It produces a fatal error if set to a directory. However, the contents of that log seems to have no relation to the contents of the logs produced by crio in /tmp. --log seems to record notices you'd typically expect in a journal, eg "error updating cni config: Missing CNI default network" with journal style timestamps The logs in /tmp have a very different format, with a header that includes "Log file created at:... Running on machine: ... Binary: Built with gc go1.10.3 for linux/amd64 Log line format: ...." and THEN log errors, which seem to be go specific error messages, eg. "hostport_manager.go:64] The binary conntrack is not installed, this can cause failures in network connection cleanup" Therefore I'm convinced that --log has no impact on the logs this bug is related to We need to find a way of getting those logs from /tmp into somewhere more sensible. log= in crio.conf seems to have zero effect if set to a full filepath or to a directory -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1111012
http://bugzilla.suse.com/show_bug.cgi?id=1111012#c5
Valentin Rothberg
http://bugzilla.suse.com/show_bug.cgi?id=1111012
http://bugzilla.suse.com/show_bug.cgi?id=1111012#c6
Valentin Rothberg
participants (1)
-
bugzilla_noreply@novell.com