From 710cd1aebbf0f1d83a620b7c4903b7c80539a367 Mon Sep 17 00:00:00 2001
From: David Scott <dave@recoil.org>
Date: Thu, 1 Sep 2016 11:28:14 +0100
Subject: [PATCH 1/2] iptables wrapper: write to syslog rather than
 /var/log/service-port-opener.log

This will enable proper log rotation and is simpler.

Signed-off-by: David Scott <dave.scott@docker.com>
---
 alpine/packages/iptables/Dockerfile |  4 ++--
 alpine/packages/iptables/main.ml    | 10 ++--------
 2 files changed, 4 insertions(+), 10 deletions(-)

diff --git a/alpine/packages/iptables/Dockerfile b/alpine/packages/iptables/Dockerfile
index c39b33bfe..6c6ea1b3e 100644
--- a/alpine/packages/iptables/Dockerfile
+++ b/alpine/packages/iptables/Dockerfile
@@ -1,7 +1,7 @@
 FROM ocaml/opam:alpine
 RUN sudo apk add m4
-RUN opam install ocamlfind astring -y
+RUN opam install ocamlfind astring syslog -y
 WORKDIR /app
 ADD . /app
 RUN sudo chown -R opam /app
-RUN opam config exec -- ocamlfind ocamlopt -package unix,astring -linkpkg -o iptables main.ml
+RUN opam config exec -- ocamlfind ocamlopt -package unix,astring,syslog -linkpkg -o iptables main.ml
diff --git a/alpine/packages/iptables/main.ml b/alpine/packages/iptables/main.ml
index aa9de21dc..ab8e11532 100644
--- a/alpine/packages/iptables/main.ml
+++ b/alpine/packages/iptables/main.ml
@@ -16,17 +16,11 @@ type port = {
   port:  string; (* container port *)
 }
 
-let log_fd = Unix.openfile "/var/log/service-port-opener.log" [ Unix.O_WRONLY; Unix.O_APPEND; Unix.O_CREAT ] 0o0644
+let syslog = Syslog.openlog ~facility:`LOG_SECURITY "iptables-wrapper"
 
 let logf fmt =
   Printf.ksprintf (fun s ->
-    let s = s ^ "\n" in
-    let rec loop ofs remaining =
-      if remaining > 0 then begin
-        let n = Unix.write log_fd s ofs remaining in
-        loop (ofs + n) (remaining - n)
-      end in
-    loop 0 (String.length s)
+    Syslog.syslog syslog `LOG_INFO s
   ) fmt
 
 let pid_filename { proto; dport; ip; port } =

From 7e58c709297160cd7334b107db9a344c9fadbbd0 Mon Sep 17 00:00:00 2001
From: David Scott <dave@recoil.org>
Date: Thu, 1 Sep 2016 11:28:43 +0100
Subject: [PATCH 2/2] diagnostics: no need to collect
 /var/log/service-port-opener.log

This log file has been removed and the contents are now in /var/log/messages
which we already collect.

Signed-off-by: David Scott <dave.scott@docker.com>
---
 alpine/packages/diagnostics/capture.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/alpine/packages/diagnostics/capture.go b/alpine/packages/diagnostics/capture.go
index b90ecc668..32a872269 100644
--- a/alpine/packages/diagnostics/capture.go
+++ b/alpine/packages/diagnostics/capture.go
@@ -47,7 +47,6 @@ var (
 	}
 	localCmdCaptures = []CommandCapturer{
 		{"/usr/bin/tail", []string{"-100", "/var/log/proxy-vsockd.log"}},
-		{"/usr/bin/tail", []string{"-100", "/var/log/service-port-opener.log"}},
 		{"/usr/bin/tail", []string{"-100", "/var/log/vsudd.log"}},
 	}
 	localCaptures = []Capturer{NewDatabaseCapturer()}