From 09c9ca23f5f12e9bcffb631f233152873ea9dd30 Mon Sep 17 00:00:00 2001 From: Michael McCracken Date: Thu, 25 Jan 2018 14:41:37 -0800 Subject: [PATCH] lxc: move lxc log file out of container-visible alloc dir The LXC runtime's log file is currently written to TaskDir.LogDir, which is mounted as alloc/logs inside the containers in the task group. This file is not intended to be visible to containers, and depending on the log level, may have information about the host that a container should not be allowed to see. Signed-off-by: Michael McCracken --- client/driver/lxc.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/driver/lxc.go b/client/driver/lxc.go index fefb6f2fb..3c5c19fff 100644 --- a/client/driver/lxc.go +++ b/client/driver/lxc.go @@ -253,7 +253,7 @@ func (d *LxcDriver) Start(ctx *ExecContext, task *structs.Task) (*StartResponse, } c.SetLogLevel(logLevel) - logFile := filepath.Join(ctx.TaskDir.LogDir, fmt.Sprintf("%v-lxc.log", task.Name)) + logFile := filepath.Join(ctx.TaskDir.Dir, fmt.Sprintf("%v-lxc.log", task.Name)) c.SetLogFile(logFile) options := lxc.TemplateOptions{