You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
However, errExit is mostly only used when basic libc calls fail (as it uses perror(3p) to print the errno message); most warning/error messages are
printed manually and do not contain the file path. Example:
Error: invalid sandbox name
Proposal
So how about adding more logging macros?
Examples:
log_trace("starting foo");
// TRACE src/firejail/util.c:123 x(): starting foolog_debug("foo is %d, foo);
// DEBUG src/firejail/util.c:123 check_foo(): foo is 1log_info("Reading profile %s", profile);
log_info("firejail version 0.9.73");
// INFO profile_read(): Reading profile /etc/firejail/foo.profile// INFO profile_read(): Reading profile /etc/firejail/globals.local// [...]// INFO main(): firejail version 0.9.73log_warning("failed to open file: %s", foo);
// WARN src/firejail/util.c:123 check_foo(): failed to open file: /foo/barlog_error("invalid --foo: %s", foo);
// ERROR src/firejail/main.c:123 main(): invalid --foo: aaa-// (program exits)log_fatal("malloc"); // this is basically errExit()// FATAL src/firejail/util.c:123 check_foo(): malloc: Cannot allocate memory// (program exits)
Main differences between functions:
log_info does not include the file path (for readability)
log_error and log_fatal exit the program
log_fatal uses perror(3p) to print the reason (like errExit)
I'm not sure about the format of info and below, so the first steps would be to
replace manual warning/error messages (fprintf calls) with the log functions
so that they include the file path and function in the message; how the
functions operate internally (format, destination, etc) could be improved
later.
Also add --loglevel= to control which messages get printed:
--loglevel=[trace|debug|info|warning|error|fatal]
--quiet would map to --loglevel=error
--debug would map to --loglevel=debug or --loglevel=trace
The default would be info.
As for the last item, considering the amount of things that --debug prints
(such as the assembly dumps of seccomp filters), it seems more like a trace
option, so maybe it would make sense to change the messages that are currently
inside if (arg_debug) to use log_trace() and then deprecate --debug.
Background
This PR was opened to improve
errExit()
messages:However,
errExit
is mostly only used when basic libc calls fail (as it usesperror(3p)
to print the errno message); most warning/error messages areprinted manually and do not contain the file path. Example:
Proposal
So how about adding more logging macros?
Examples:
Main differences between functions:
log_info
does not include the file path (for readability)log_error
andlog_fatal
exit the programlog_fatal
usesperror(3p)
to print the reason (likeerrExit
)I'm not sure about the format of info and below, so the first steps would be to
replace manual warning/error messages (
fprintf
calls) with the log functionsso that they include the file path and function in the message; how the
functions operate internally (format, destination, etc) could be improved
later.
Also add
--loglevel=
to control which messages get printed:--loglevel=[trace|debug|info|warning|error|fatal]
--quiet
would map to--loglevel=error
--debug
would map to--loglevel=debug
or--loglevel=trace
The default would be
info
.As for the last item, considering the amount of things that
--debug
prints(such as the assembly dumps of seccomp filters), it seems more like a trace
option, so maybe it would make sense to change the messages that are currently
inside
if (arg_debug)
to uselog_trace()
and then deprecate--debug
.Relates to:
The text was updated successfully, but these errors were encountered: