Stdout, stdin and stderr data of docker containers is being stored in the disk (by default in /var/lib/docker/containers/{ContainerId}/{ContainerId}-json.log) and it seems that there is no way to limit this.
This means that if Docker containers run programs of untrusted users, they could fill up the disk into which Docker is installed by just flooding the stdout or stderr pipe with data.
I think it would be extremely useful if there could be a way to limit this.
I can see two different cases of handling this.
- Limit the size of logs that a container can produce (I am not sure how this would treat the user's program)
- Rotate the log file produced in the disk (this could be totally transparent for the user)
Stdout, stdin and stderr data of docker containers is being stored in the disk (by default in
/var/lib/docker/containers/{ContainerId}/{ContainerId}-json.log) and it seems that there is no way to limit this.This means that if Docker containers run programs of untrusted users, they could fill up the disk into which Docker is installed by just flooding the stdout or stderr pipe with data.
I think it would be extremely useful if there could be a way to limit this.
I can see two different cases of handling this.