[systemd-devel] setroubleshoot integration.
Daniel J Walsh
dwalsh at redhat.com
Wed Jan 9 10:54:30 PST 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/09/2013 01:42 PM, Zbigniew Jędrzejewski-Szmek wrote:
> On Wed, Jan 09, 2013 at 12:31:05PM -0500, Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>
>> On 01/09/2013 11:55 AM, Zbigniew Jędrzejewski-Szmek wrote:
>>> On Wed, Jan 09, 2013 at 05:44:02PM +0100, Zbigniew Jędrzejewski-Szmek
>>> wrote:
>>>> On Wed, Jan 09, 2013 at 11:00:36AM -0500, Daniel J Walsh wrote:
>>>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>>>>
>>>>> One of my goals with setroubleshoot analysys is to get it
>>>>> integrated into the journald system.
>>>>>
>>>>> In Fedora I am adding
>>>>>
>>>>> systemd.journal.send(siginfo.format_text())
>>>>>
>>>>> Which will put the setroubleshoot info into the journal, but what
>>>>> I really need is to add a key for the process id that created the
>>>>> journal entry.
>>>>>
>>>>> We had talked about this a while ago with the goal of allowing
>>>>> something like
>>>>>
>>>>> systemctl httpd status .... SELinux is blocking httpd read access
>>>>> on /var/www/index.html setroubleshoot ... run restorecon
>>>>> /var/www/index.html
>>>>>
>>>>> The only way for systemd to know the setroubleshoot analysys is
>>>>> for httpd is to include the pid when setroubleshoot writes the
>>>>> journal.
>>>> Hi,
>>>>
>>>> the way that finding messages pertaining to a certain service works
>>>> currently is encoded in src/share/logs-show.c, function
>>>> show_journal_by_unit: - journald adds _SYSTEMD_UNIT=... when it can
>>>> to messages generated by the services themselves - systemd (PID 1)
>>>> writes messages about services with UNIT=... and journalds tags them
>>>> with _PID=1 - COREDUMP writes messages with COREDUMP_UNIT=...
>>>>
>>>> I think it would be realitively to extend show_journal_by_unit() to
>>>> check
>>> ^relatively easy
>>>> for messages with _SYSTEMD_UNIT=setroubleshootd.service (or whatever)
>>>> and UNIT=... Would this work for you? This would require
>>>> setroubleshootd to
> Probably SYSTEMD_UNIT would be better here.
>
>>>> find out the unit name on its own. Actually, this might be for the
>>>> better, since by the time that journald gets the message, the PID
>>>> might be long gone, and setroubleshootd has more knowledge.
>>> A second part would be support for multiline messages. This is another
>>> story.
>>>
>>> Zbyszek
>>>
>>
>> Well I got two problems, then. How does setroubleshoot figure out which
>> unit file is associated with a pid? (From python).
> We could either expose the C functions (sd_pid_get_session is already
> public, and it would be nice to add a Python interface,
> shortened_cgroup_path could be easily made public, cg_pid_get_unit is not
> public yet either), or create a rewrite in Python and put it in the
> systemd-python package, or even do nothing and let each user rewrite it.
>
> I think option two would be easiest, but maybe option one is worth
> pursuing. Option two would be a bit more work, but might help keep things
> synchronized in the future. Yeah, it seems best, since the combined work
> required to rewrite sd_pid_get_session, shortened_cgroup_path, and
> cg_pid_get_unit is pretty big.
>
>> And if the pid is not associated with a unit file but with a User or
>> something else (systemd itself), what should I do?
> I think just duplicate journald logic: add SYSTEMD_SESSION,
> SYSTEMD_OWNER_UID if possible, or nothing.
>
> Zbyszek
>
Sounds good, but is this something I should open a bugzilla for?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iEYEARECAAYFAlDtvOYACgkQrlYvE4MpobMsJgCgiP8/7031ZK+3+xeoK1hY5dOw
jkEAnRMa+JPe4J292ejRADWKCUB8M5tF
=hdWy
-----END PGP SIGNATURE-----
More information about the systemd-devel
mailing list