--log-opt max-size does not limit non-breaking log output #25930

domdom82 · 2016-08-22T17:29:04Z

Output of docker version:

Client:
 Version:      1.12.0
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   8eab29e
 Built:        Thu Jul 28 23:54:00 2016
 OS/Arch:      linux/amd64

Server:
 Version:      1.12.0
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   8eab29e
 Built:        Thu Jul 28 23:54:00 2016
 OS/Arch:      linux/amd64

Output of docker info:

Containers: 5
 Running: 0
 Paused: 0
 Stopped: 5
Images: 151
Server Version: 1.12.0
Storage Driver: aufs
 Root Dir: /mnt/sda1/var/lib/docker/aufs
 Backing Filesystem: extfs
 Dirs: 117
 Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge null host overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Security Options: seccomp
Kernel Version: 4.4.16-boot2docker
Operating System: Boot2Docker 1.12.0 (TCL 7.2); HEAD : e030bab - Fri Jul 29 00:29:14 UTC 2016
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 995.9 MiB
Name: whisk
ID: QHAH:SUQ4:DMEH:BASA:3E2Z:XOCG:AEQQ:GAMK:YWLF:DDU5:C4N5:O63B
Docker Root Dir: /mnt/sda1/var/lib/docker
Debug Mode (client): false
Debug Mode (server): true
 File Descriptors: 15
 Goroutines: 26
 System Time: 2016-08-22T17:21:16.832178829Z
 EventsListeners: 0
Registry: https://index.docker.io/v1/
Labels:
 provider=virtualbox
Insecure Registries:
 127.0.0.0/8

Additional environment details (AWS, VirtualBox, physical, etc.):
VirtualBox created using docker-machine
Using default JSON log driver.

Steps to reproduce the issue:

docker run --name badguy --log-opt max-size=1k --log-opt max-file=2 -d ubuntu sh -c "while true; do printf A; done"
wait for a couple of seconds
docker kill badguy

Describe the results you received:

There is a single log file in /var/lib/docker/containers/<id>
The log file is larger (>> 1k) than the limit described in --log-opt max-size=1k
The log is not rotated

Describe the results you expected:

There are two log files
All log files are not bigger than the 1k limit set using --log-opt max-size=1k
The log is rotated

Additional information you deem important (e.g. issue happens only occasionally):

The logs do get rotated if there is a line break in the log. e.g. if you replace printf with echo you get expected behaviour.

This is a potential security problem with misbehaving docker containers filling the host disk using huge single-line log statements.

The text was updated successfully, but these errors were encountered:

cpuguy83 · 2016-08-22T17:39:24Z

Thanks, this is a dup of #18057 which should be resolved by #22982 which will be included in 1.13.

Please let me know if this is still an issue on master
Closing as this should be resolved.

GordonTheTurtle added the version/1.12 label Aug 22, 2016

domdom82 mentioned this issue Aug 22, 2016

Proposal: User containers should be mounted read-only apache/openwhisk#890

Open

cpuguy83 closed this as completed Aug 22, 2016

thaJeztah added this to the 1.13.0 milestone Sep 18, 2016

thaJeztah added area/logging kind/enhancement Enhancements are not bugs or new features but can improve usability or performance. labels Sep 18, 2016

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

--log-opt max-size does not limit non-breaking log output #25930

--log-opt max-size does not limit non-breaking log output #25930

domdom82 commented Aug 22, 2016

cpuguy83 commented Aug 22, 2016

--log-opt max-size does not limit non-breaking log output #25930

--log-opt max-size does not limit non-breaking log output #25930

Comments

domdom82 commented Aug 22, 2016

cpuguy83 commented Aug 22, 2016