1 |
see https://bugs.gentoo.org/show_bug.cgi?id=536320 |
2 |
|
3 |
|
4 |
lee <lee@××××××××.de> writes: |
5 |
|
6 |
> Hi, |
7 |
> |
8 |
> I'm trying to get fail2ban to work on the host and keep getting error |
9 |
> messages like: |
10 |
> |
11 |
> |
12 |
> ,---- |
13 |
> | Jan 08 21:13:04 [/etc/init.d/fail2ban] You have to create an init script for each container: |
14 |
> | Jan 08 21:13:04 [/etc/init.d/fail2ban] ln -s lxc /etc/init.d/lxc.container |
15 |
> | Jan 08 21:13:05 [/etc/init.d/fail2ban] ERROR: fail2ban failed to start |
16 |
> `---- |
17 |
> |
18 |
> |
19 |
> After 'ln -s lxc /etc/init.d/lxc.container', it says: |
20 |
> |
21 |
> |
22 |
> ,---- |
23 |
> | Jan 08 21:17:08 [/etc/init.d/fail2ban] Unable to find a suitable configuration file. |
24 |
> | Jan 08 21:17:08 [/etc/init.d/fail2ban] If you set up the container in a non-standard |
25 |
> | Jan 08 21:17:08 [/etc/init.d/fail2ban] location, please set the CONFIGFILE variable. |
26 |
> | Jan 08 21:17:09 [/etc/init.d/fail2ban] ERROR: fail2ban failed to start |
27 |
> `---- |
28 |
> |
29 |
> |
30 |
> Naming the link 'lxc.acheron', with 'acheron' being the name of the |
31 |
> container, gives the first error message again. The containers' |
32 |
> configuration is at the default location: |
33 |
> |
34 |
> |
35 |
> ,---- |
36 |
> | heimdali init.d # ls -la /etc/lxc/acheron/config |
37 |
> | -rw-r--r-- 1 root root 967 5. Jan 01:14 /etc/lxc/acheron/config |
38 |
> | heimdali init.d # |
39 |
> `---- |
40 |
> |
41 |
> |
42 |
> What am I missing? |
43 |
> |
44 |
> Shorewall is used on the host, exim is running in the container, and I |
45 |
> want fail2ban (on the host) to look into the logfile of the exim which |
46 |
> runs in the container: |
47 |
> |
48 |
> |
49 |
> ,---- |
50 |
> | heimdali fail2ban # cat paths-overrides.local |
51 |
> | exim_main_log = /etc/lxc/acheron/rootfs/var/log/exim/exim_main.log |
52 |
> | heimdali fail2ban # |
53 |
> `---- |
54 |
> |
55 |
> |
56 |
> I don't want to run fail2ban in the container because the container must |
57 |
> not mess with the firewall settings of the host. If a container can do |
58 |
> that, then what's the point of having containers in the first place? |
59 |
> |
60 |
> |
61 |
> BTW, why does Gentoo put containers under /etc? Containers aren't |
62 |
> configuration files ... |
63 |
|
64 |
-- |
65 |
Again we must be afraid of speaking of daemons for fear that daemons |
66 |
might swallow us. Finally, this fear has become reasonable. |