[systemd-devel] FYI setroubleshoot has better integration with journald in F20

Daniel J Walsh dwalsh at redhat.com
Fri Aug 2 11:50:02 PDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/02/2013 11:49 AM, Zbigniew Jędrzejewski-Szmek wrote:
> On Fri, Aug 02, 2013 at 04:36:15PM +0200, Tomasz Torcz wrote:
>> On Fri, Aug 02, 2013 at 10:14:50AM -0400, Daniel J Walsh wrote:
>>> http://danwalsh.livejournal.com/65777.html
>>> 
>>> I think we need  a
>>> 
>>> systemctl status -verbose httpd
> --full is not enough? journalctl has recently learned to output properly
> indented multiline messages...
> 
>> SELinux hints look like perfect fit for existing ”-x” switch.
> Not really, because setroubleshoot crafts a specific message for each AVC.
> It *could* be done, by outputting separate structured messages from each of
> the setroubleshoot plugins, and adding the message template from each
> plugin to the catalog, so that then journalctl could fill them in. But that
> would tie setroubleshoot very closely to journalctl, and I'm not sure what
> the gain would be.
> 
> Zbyszek
> 
Well I am looking for the user to see the entire multi-line message when running

systemctl status UNITFILE

Since this is where we want them to look first.

Maybe have a comment at the bottom of systemctl status UNITFILE, that says

run

systemctl status --full UNITFILE

to see full message.

In the future when we eliminate the setroubleshoot.xml file and fully use the
journal as our backing store, we can talk about that.  The biggest thing would
be for setroubleshoot to know if it saw the message before.  Basically have a
signature that it could look up.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlH7/1oACgkQrlYvE4MpobO99ACdEyHvkUbJ+WCSF/5JMi8haFkl
zpQAnjRuv23cZtrLUtbLUJWcrwDIt/ua
=Wyqu
-----END PGP SIGNATURE-----


More information about the systemd-devel mailing list