[systemd-devel] Client logging to journald without libsystemd-journal.so

Daniel P. Berrange berrange at redhat.com
Thu Nov 8 08:38:54 PST 2012 

On Thu, Nov 08, 2012 at 11:22:43AM -0500, Colin Walters wrote:
> On Thu, 2012-11-08 at 16:59 +0100, Daniel P. Berrange wrote:
> 
> > The problem is that when libvirt does fork() to create client processes,
> > one of the things it does is to iterate from 0 -> sysconf(_SC_OPEN_MAX),
> > closing every file descriptor, except those in its whitelist.
> 
> You could iterate over the fds and just set them CLOEXEC, rather than
> actually closing them at that point.  That's what we do in GLib:
> http://git.gnome.org/browse/glib/tree/glib/gspawn.c?id=a9eb1907a6451cdfe68f5924b138cfbeebc4dcf1#n1164

Hmm, yes, that may well work. I'll investigate that option.

> 
> As a general rule, your project isn't using a standard framework like
> APR or GLib, and is in the process of slowly growing its own Unix API
> damage control layer + Windows abstraction, usually worth looking at how
> they approach problems.

Yeah, we've looked at & borrowed code from GLib in a few cases
now, notably threads and atomic ops. I've previously looked at
GLib's process spawning code, but didn't notice this particular
item. Originally we did have an API fairly similar to the
g_spawn_async_with_pipes API, but it is proved fairly cumbersome
to use, so we've put together a much more flexible API now [1].

> > Not least because traditional UNIX APIs
> > don't allow for atomically creating an FD with O_CLOEXEC set
> 
> Yeah, but it's not too hard to make portable wrappers for
> most cases:
> http://git.gnome.org/browse/glib/tree/glib/glib-unix.c?id=a9eb1907a6451cdfe68f5924b138cfbeebc4dcf1#n60
> http://git.gnome.org/browse/glib/tree/gio/gsocket.c?id=a9eb1907a6451cdfe68f5924b138cfbeebc4dcf1#n521
> 
> > The second blocker problem was figuring out a way to send log messages
> > using only APIs declared async-signal safe. Again this is so that we
> > can safely send log messages inbetween fork() and execve() which only
> > permits async signal safe APIs. The sd_journal_send() API can't be
> > used since it relies on vasprintf() which can allocate using malloc.
> 
> The other approach is to use a pipe to write error messages back
> to the parent, and have it log them.  That's probably what I'm going
> to change GLib to do.

Possible, though I feel it is a little nasty, not least because when
when journald then uses SCM_CREDS to find out the sender identity it
will be getting the wrong pid and potentially wrong uid/gid too.

Regards,
Daniel

[1] http://libvirt.org/internals/command.html
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

More information about the systemd-devel mailing list