On Fri, Feb 06, 2009 at 03:19:36PM +0100, Jan Safranek wrote: > LOG_NOTICE is the default log level, it logs startup/shutdown/configuration > reload and errors. > > LOG_INFO (cgrulesengd -v) shows in addition content of configuration file > (only > if logging to file is enabled) and changing cgroup of a PID. > > LOG_DEBUG (cgrulesengd -vv) show all details as it was before the patch. > > There is a little glitch - if something gets wrong with mounted hierarchies > (e.g. root unmounts them), the log gets full of "Cgroup change for PID: ... > FAILED". Maybe some suppression should be implemented? >
Sounds like a good idea. Would also be a good idea to mention how many times that message was suppressed as well. > Signed-off-by: Jan Safranek <[email protected]> > --- > > cgrulesengd.c | 111 > ++++++++++++++++++++++++++++----------------------------- > 1 files changed, 54 insertions(+), 57 deletions(-) > > diff --git a/cgrulesengd.c b/cgrulesengd.c > index 8608ad6..06727c9 100644 > --- a/cgrulesengd.c > +++ b/cgrulesengd.c > @@ -148,10 +148,10 @@ int cgre_process_event(const struct proc_event *ev, > const int type) > char *buf = NULL; > > /* UID data */ > - uid_t ruid, euid, suid, fsuid; > + uid_t ruid, euid, suid, fsuid, log_uid=0; > > /* GID data */ > - gid_t rgid, egid, sgid, fsgid; > + gid_t rgid, egid, sgid, fsgid, log_gid=0; > > /* Return codes */ > int ret = 0; > @@ -165,15 +165,15 @@ int cgre_process_event(const struct proc_event *ev, > const int type) > sprintf(path, "/proc/%d/status", ev->event_data.id.process_pid); > f = fopen(path, "r"); > if (!f) { > - flog(logfile, "Failed to open %s", path); > + flog(LOG_WARNING, "Failed to open %s", path); > goto finished; > } > > /* Now, we need to find either the eUID or the eGID of the process. */ > buf = calloc(4096, sizeof(char)); > if (!buf) { > - flog(logfile, "Failed to process event, out of" > - "memory? Error: %s\n", > + flog(LOG_WARNING, "Failed to process event, out of" > + "memory? Error: %s", > strerror(errno)); > ret = errno; > fclose(f); > @@ -203,8 +203,8 @@ int cgre_process_event(const struct proc_event *ev, const > int type) > } > break; > default: > - flog(logfile, "For some reason, we're processing a non-UID/GID" > - " event. Something is wrong!\n"); > + flog(LOG_WARNING, "For some reason, we're processing a" > + " non-UID/GID event. Something is wrong!"); > break; > } > free(buf); > @@ -216,20 +216,16 @@ int cgre_process_event(const struct proc_event *ev, > const int type) > */ > switch (type) { > case PROC_EVENT_UID: > - flog(logfile, "Attempting to change cgroup for PID: %d, " > - "UID: %d, GID: %d... ", > - ev->event_data.id.process_pid, > - ev->event_data.id.e.euid, egid); > + log_uid = ev->event_data.id.e.euid; > + log_gid = egid; > ret = cgroup_change_cgroup_uid_gid_flags( > ev->event_data.id.e.euid, > egid, ev->event_data.id.process_pid, > CGFLAG_USECACHE); > break; > case PROC_EVENT_GID: > - flog(logfile, "Attempting to change cgroup for PID: %d, " > - "UID: %d, GID: %d... ", > - ev->event_data.id.process_pid, euid, > - ev->event_data.id.e.egid); > + log_uid = euid; > + log_gid = ev->event_data.id.e.egid; > ret = cgroup_change_cgroup_uid_gid_flags(euid, > ev->event_data.id.e.egid, > ev->event_data.id.process_pid, > @@ -240,9 +236,14 @@ int cgre_process_event(const struct proc_event *ev, > const int type) > } > > if (ret) { > - flog(logfile, "FAILED!\n (Error Code: %d)\n", ret); > + flog(LOG_WARNING, "Cgroup change for PID: %d, UID: %d, GID: %d" > + " FAILED! (Error Code: %d)", > + ev->event_data.id.process_pid, log_uid, > + log_gid, ret); > } else { > - flog(logfile, "OK!\n"); > + flog(LOG_INFO, "Cgroup change for PID: %d, UID: %d, GID: %d" > + " OK", ev->event_data.id.process_pid, log_uid, > + log_gid); > } > > finished: > @@ -268,18 +269,16 @@ int cgre_handle_msg(struct cn_msg *cn_hdr) > ev = (struct proc_event*)cn_hdr->data; > switch (ev->what) { > case PROC_EVENT_UID: > - flog(logfile, "UID Event:\n"); > - flog(logfile, " PID = %d, tGID = %d, rUID = %d, eUID = %d\n", > - ev->event_data.id.process_pid, > + flog(LOG_DEBUG, "UID Event: PID = %d, tGID = %d, rUID = %d," > + " eUID = %d", ev->event_data.id.process_pid, > ev->event_data.id.process_tgid, > ev->event_data.id.r.ruid, > ev->event_data.id.e.euid); > ret = cgre_process_event(ev, PROC_EVENT_UID); > break; > case PROC_EVENT_GID: > - flog(logfile, "GID Event:\n"); > - flog(logfile, " PID = %d, tGID = %d, rGID = %d, eGID = %d\n", > - ev->event_data.id.process_pid, > + flog(LOG_DEBUG, "GID Event: PID = %d, tGID = %d, rGID = %d," > + " eGID = %d", ev->event_data.id.process_pid, > ev->event_data.id.process_tgid, > ev->event_data.id.r.rgid, > ev->event_data.id.e.egid); > @@ -353,13 +352,13 @@ int cgre_create_netlink_socket_process_msg() > cn_hdr->seq = 0; > cn_hdr->ack = 0; > cn_hdr->len = sizeof(enum proc_cn_mcast_op); > - printf("sending netlink message len=%d, cn_msg len=%d\n", > + dbg("sending netlink message len=%d, cn_msg len=%d\n", > nl_hdr->nlmsg_len, (int) sizeof(struct cn_msg)); > if (send(sk_nl, nl_hdr, nl_hdr->nlmsg_len, 0) != nl_hdr->nlmsg_len) { > - printf("failed to send proc connector mcast ctl op!\n"); > + dbg("failed to send proc connector mcast ctl op!\n"); > goto close_and_exit; > } > - printf("sent\n"); > + dbg("sent\n"); > > for(memset(buff, 0, sizeof(buff)), from_nla_len = sizeof(from_nla); > ; memset(buff, 0, sizeof(buff)), from_nla_len = sizeof(from_nla)) { > @@ -368,12 +367,8 @@ int cgre_create_netlink_socket_process_msg() > recv_len = recvfrom(sk_nl, buff, BUFF_SIZE, 0, > (struct sockaddr*)&from_nla, &from_nla_len); > if (recv_len == ENOBUFS) { > - flog(logfile, "************************************" > - "***********\n" > - "!***ERROR: NETLINK BUFFER FULL, MSG " > - "DROPPED***!\n" > - "************************************" > - "***********\n"); > + flog(LOG_ERR, "ERROR: NETLINK BUFFER FULL, MSG " > + "DROPPED!"); > continue; > } > if (recv_len < 1) > @@ -455,10 +450,11 @@ static void cgre_start_log(const char* logp, int logf, > int logv) > > loglevel = loglevels[logv]; > > - flog(logfile, "CGroup Rules Engine Daemon\n"); > + flog(LOG_DEBUG, "CGroup Rules Engine Daemon log started"); > tm = time(0); > - flog(logfile, "Current time: %s", ctime(&tm)); > - flog(stdout, "Opened log file: %s\n", logp); > + flog(LOG_DEBUG, "Current time: %s", ctime(&tm)); > + flog(LOG_DEBUG, "Opened log file: %s, log facility: %d, log level: %d", > + logp, logfacility, loglevel); > } > > > @@ -486,10 +482,10 @@ int cgre_start_daemon(const char* logp, const int logf, > syslog(LOG_DAEMON|LOG_WARNING, "Failed to fork," > " error: %s", strerror(errno)); > closelog(); > - flog(stderr, "Failed to fork(), %s\n", strerror(errno)); > + fprintf(stderr, "Failed to fork(), %s\n", > + strerror(errno)); > return 1; > } else if (pid > 0) { > - flog(stdout, "Starting in daemon mode.\n"); > exit(EXIT_SUCCESS); > } > > @@ -504,21 +500,19 @@ int cgre_start_daemon(const char* logp, const int logf, > > if (!daemon) { > /* We can skip the rest, since we're not becoming a daemon. */ > - flog(logfile, "Proceeding with PID %d\n\n", getpid()); > - if (logfile != stdout) > - flog(stdout, "Proceeding with PID %d\n", getpid()); > + flog(LOG_INFO, "Proceeding with PID %d", getpid()); > return 0; > } else { > /* Get a new SID for the child. */ > if (setsid() < 0) { > - flog(logfile, "Failed to get a new SID, error: %s\n", > + flog(LOG_ERR, "Failed to get a new SID, error: %s", > strerror(errno)); > return 2; > } > > /* Change to the root directory. */ > if (chdir("/") < 0) { > - flog(logfile, "Failed to chdir to /, error: %s\n", > + flog(LOG_ERR, "Failed to chdir to /, error: %s", > strerror(errno)); > return 3; > } > @@ -531,7 +525,7 @@ int cgre_start_daemon(const char* logp, const int logf, > } > > /* If we make it this far, we're a real daemon! Or we chose not to. */ > - flog(logfile, "Proceeding with PID %d\n\n", getpid()); > + flog(LOG_INFO, "Proceeding with PID %d", getpid()); > return 0; > } > > @@ -545,15 +539,17 @@ void cgre_flash_rules(int signum) > /* Current time */ > time_t tm = time(0); > > - flog(logfile, "\nReloading rules configuration.\n"); > - flog(logfile, "Current time: %s\n", ctime(&tm)); > + flog(LOG_NOTICE, "Reloading rules configuration."); > + flog(LOG_DEBUG, "Current time: %s", ctime(&tm)); > > /* Ask libcgroup to reload the rules table. */ > cgroup_reload_cached_rules(); > > /* Print the results of the new table to our log file. */ > - cgroup_print_rules_config(logfile); > - flog(logfile, "\n"); > + if (logfile && loglevel >= LOG_INFO) { > + cgroup_print_rules_config(logfile); > + fprintf(logfile, "\n"); > + } > } > > /** > @@ -566,10 +562,8 @@ void cgre_catch_term(int signum) > /* Current time */ > time_t tm = time(0); > > - flog(logfile, "\nStopped CGroup Rules Engine Daemon at %s", > + flog(LOG_NOTICE, "Stopped CGroup Rules Engine Daemon at %s", > ctime(&tm)); > - flog(logfile, "========================================"); > - flog(logfile, "========================================\n\n"); > > /* Close the log file, if we opened one */ > if (logfile && logfile != stdout) > @@ -719,7 +713,8 @@ int main(int argc, char *argv[]) > } > } > > - flog(stdout, "Log file is: %s\n", logp); > + dbg("Log file: %s, syslog facility: %d, log verbosity: %d\n", logp, > + facility, verbosity); > > /* Initialize libcgroup. */ > if ((ret = cgroup_init()) != 0) { > @@ -751,8 +746,8 @@ int main(int argc, char *argv[]) > sa.sa_restorer = NULL; > sigemptyset(&sa.sa_mask); > if ((ret = sigaction(SIGUSR2, &sa, NULL))) { > - flog(logfile, "Failed to set up signal handler for SIGUSR2." > - " Error: %s\n", strerror(errno)); > + flog(LOG_ERR, "Failed to set up signal handler for SIGUSR2." > + " Error: %s", strerror(errno)); > goto finished; > } > > @@ -764,14 +759,16 @@ int main(int argc, char *argv[]) > ret = sigaction(SIGINT, &sa, NULL); > ret |= sigaction(SIGTERM, &sa, NULL); > if (ret) { > - flog(logfile, "Failed to set up the signal handler. Error:" > - " %s\n", strerror(errno)); > + flog(LOG_ERR, "Failed to set up the signal handler. Error:" > + " %s", strerror(errno)); > goto finished; > } > > /* Print the configuration to the log file, or stdout. */ > - cgroup_print_rules_config(logfile); > - flog(logfile, "Started the CGroup Rules Engine Daemon.\n"); > + if (logfile && loglevel >= LOG_INFO) { > + cgroup_print_rules_config(logfile); > + } > + flog(LOG_NOTICE, "Started the CGroup Rules Engine Daemon."); > > /* We loop endlesly in this function, unless we encounter an error. */ > ret = cgre_create_netlink_socket_process_msg(); > > -- regards, Dhaval ------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com _______________________________________________ Libcg-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/libcg-devel
