Skip to content

Commit

Permalink
Add syslog-style log levels support
Browse files Browse the repository at this point in the history
  • Loading branch information
@jrybar-rh
jrybar-rh committed Aug 7, 2024
1 parent 7a1cff6 commit 64f5e4d
Show file tree
Hide file tree
Showing 8 changed files with 122 additions and 4 deletions.
2 changes: 1 addition & 1 deletion data/polkit.service.in
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ BusName=org.freedesktop.PolicyKit1
CapabilityBoundingSet=CAP_SETUID CAP_SETGID
DeviceAllow=/dev/null rw
DevicePolicy=strict
ExecStart=@libprivdir@/polkitd --no-debug
ExecStart=@libprivdir@/polkitd --no-debug --log-level=err
User=@polkitd_user@
LimitMEMLOCK=0
LockPersonality=yes
Expand Down
32 changes: 31 additions & 1 deletion src/polkitbackend/polkitbackendauthority.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ enum
};

static guint signals[LAST_SIGNAL] = {0};
static guint polkit_authority_log_level = LOG_LEVEL_ERROR;

G_DEFINE_ABSTRACT_TYPE (PolkitBackendAuthority, polkit_backend_authority, G_TYPE_OBJECT);

Expand Down Expand Up @@ -1561,6 +1562,7 @@ _color_get (_Color color)

void
polkit_backend_authority_log (PolkitBackendAuthority *authority,
const guint message_log_level,
const gchar *format,
...)
{
Expand All @@ -1571,13 +1573,18 @@ polkit_backend_authority_log (PolkitBackendAuthority *authority,
gchar *message;
va_list var_args;

if (message_log_level > polkit_authority_log_level)
{
return;
}

g_return_if_fail (POLKIT_BACKEND_IS_AUTHORITY (authority));

va_start (var_args, format);
message = g_strdup_vprintf (format, var_args);
va_end (var_args);

syslog (LOG_NOTICE, "%s", message);
syslog (message_log_level, "%s", message);

g_get_current_time (&now);
now_time = (time_t) now.tv_sec;
Expand All @@ -1591,3 +1598,26 @@ polkit_backend_authority_log (PolkitBackendAuthority *authority,

g_free (message);
}

void
polkit_backend_authority_set_log_level (const gchar *level)
{
/* Match syslog names so that they are the same across journalct, systemctl
* et al, but also accept more readable aliases for abbreviated levels. */
if (g_strcmp0 (level, "debug") == 0)
polkit_authority_log_level = (guint) LOG_LEVEL_DEBUG;
else if (g_strcmp0 (level, "info") == 0)
polkit_authority_log_level = (guint) LOG_LEVEL_INFO;
else if (g_strcmp0 (level, "notice") == 0)
polkit_authority_log_level = (guint) LOG_LEVEL_NOTICE;
else if (g_strcmp0 (level, "warning") == 0)
polkit_authority_log_level = (guint) LOG_LEVEL_WARNING;
else if (g_strcmp0 (level, "err") == 0 || g_strcmp0 (level, "error") == 0)
polkit_authority_log_level = (guint) LOG_LEVEL_ERROR;
else if (g_strcmp0 (level, "crit") == 0 || g_strcmp0 (level, "critical") == 0)
polkit_authority_log_level = (guint) LOG_LEVEL_CRIT;
else if (g_strcmp0 (level, "alert") == 0)
polkit_authority_log_level = (guint) LOG_LEVEL_ALERT;
else if (g_strcmp0 (level, "emerg") == 0 || g_strcmp0 (level, "emergency") == 0)
polkit_authority_log_level = (guint) LOG_LEVEL_EMERG;
}
19 changes: 19 additions & 0 deletions src/polkitbackend/polkitbackendauthority.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,21 @@ struct _PolkitBackendAuthority
GObject parent_instance;
};

/**
* Log levels aligned with those used in syslog and LogControl
*/
enum
{
LOG_LEVEL_EMERG,
LOG_LEVEL_ALERT,
LOG_LEVEL_CRIT,
LOG_LEVEL_ERROR,
LOG_LEVEL_WARNING,
LOG_LEVEL_NOTICE,
LOG_LEVEL_INFO,
LOG_LEVEL_DEBUG
};

/**
* PolkitBackendAuthorityClass:
* @parent_class: The parent class.
Expand Down Expand Up @@ -212,9 +227,13 @@ const gchar *polkit_backend_authority_get_version (PolkitBackendAut
PolkitAuthorityFeatures polkit_backend_authority_get_features (PolkitBackendAuthority *authority);

void polkit_backend_authority_log (PolkitBackendAuthority *authority,
const guint message_log_level,
const gchar *format,
...);

void
polkit_backend_authority_set_log_level (const gchar *level);

GList *polkit_backend_authority_enumerate_actions (PolkitBackendAuthority *authority,
PolkitSubject *caller,
const gchar *locale,
Expand Down
1 change: 1 addition & 0 deletions src/polkitbackend/polkitbackendcommon.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -349,6 +349,7 @@ polkit_backend_common_on_dir_monitor_changed (GFileMonitor *monitor,
event_type == G_FILE_MONITOR_EVENT_CHANGES_DONE_HINT))
{
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
LOG_LEVEL_NOTICE,
"Reloading rules");
polkit_backend_common_reload_scripts (authority);
}
Expand Down
37 changes: 37 additions & 0 deletions src/polkitbackend/polkitbackendduktapeauthority.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,7 @@ static void report_error (void *udata,
{
PolkitBackendJsAuthority *authority = udata;
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
LOG_LEVEL_ERROR,
"fatal Duktape JS backend error: %s",
(msg ? msg : "no message"));
}
Expand Down Expand Up @@ -113,6 +114,7 @@ load_scripts (PolkitBackendJsAuthority *authority)
GDir *dir = NULL;

polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
LOG_LEVEL_NOTICE,
"Loading rules from directory %s",
dir_name);

Expand All @@ -122,6 +124,7 @@ load_scripts (PolkitBackendJsAuthority *authority)
if (dir == NULL)
{
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
LOG_LEVEL_ERROR,
"Error opening rules directory: %s (%s, %d)",
error->message, g_quark_to_string (error->domain), error->code);
g_clear_error (&error);
Expand All @@ -147,9 +150,14 @@ load_scripts (PolkitBackendJsAuthority *authority)
if (!execute_script_with_runaway_killer(authority, filename))
continue;
num_scripts++;
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
LOG_LEVEL_DEBUG,
"Loaded and executed script in file %s",
filename);
}

polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
LOG_LEVEL_NOTICE,
"Finished loading, compiling and executing %d rules",
num_scripts);
g_list_free_full (files, g_free);
Expand All @@ -163,6 +171,7 @@ polkit_backend_common_reload_scripts (PolkitBackendJsAuthority *authority)
duk_set_top (cx, 0);
if (!duk_get_global_string (cx, "polkit")) {
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
LOG_LEVEL_ERROR,
"Error deleting old rules, not loading new ones");
return;
}
Expand All @@ -171,6 +180,7 @@ polkit_backend_common_reload_scripts (PolkitBackendJsAuthority *authority)
duk_call_prop (cx, 0, 0);

polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
LOG_LEVEL_NOTICE,
"Collecting garbage unconditionally...");

load_scripts (authority);
Expand Down Expand Up @@ -596,6 +606,7 @@ runaway_killer_thread_execute_js (gpointer user_data)

if ((pthread_err = pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, &oldtype))) {
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (ctx->authority),
LOG_LEVEL_ERROR,
"Error setting thread cancel type: %s",
strerror(pthread_err));
goto err;
Expand All @@ -607,6 +618,7 @@ runaway_killer_thread_execute_js (gpointer user_data)

if (!g_file_load_contents(file, NULL, &contents, &len, NULL, NULL)) {
polkit_backend_authority_log(POLKIT_BACKEND_AUTHORITY(ctx->authority),
LOG_LEVEL_ERROR,
"Error loading script %s", ctx->filename);
g_object_unref(file);
goto err;
Expand All @@ -619,6 +631,7 @@ runaway_killer_thread_execute_js (gpointer user_data)
if (duk_peval_lstring(cx, contents, len) != 0)
{
polkit_backend_authority_log(POLKIT_BACKEND_AUTHORITY(ctx->authority),
LOG_LEVEL_ERROR,
"Error compiling script %s: %s", ctx->filename,
duk_safe_to_string(cx, -1));
duk_pop(cx);
Expand All @@ -628,6 +641,7 @@ runaway_killer_thread_execute_js (gpointer user_data)

if ((pthread_err = pthread_mutex_lock(&ctx->mutex))) {
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (ctx->authority),
LOG_LEVEL_ERROR,
"Error locking mutex: %s",
strerror(pthread_err));
return NULL;
Expand All @@ -641,6 +655,7 @@ runaway_killer_thread_execute_js (gpointer user_data)
err:
if ((pthread_err = pthread_mutex_lock(&ctx->mutex))) {
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (ctx->authority),
LOG_LEVEL_ERROR,
"Error locking mutex: %s",
strerror(pthread_err));
return NULL;
Expand All @@ -649,12 +664,14 @@ runaway_killer_thread_execute_js (gpointer user_data)
end:
if ((pthread_err = pthread_cond_signal(&ctx->cond))) {
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (ctx->authority),
LOG_LEVEL_ERROR,
"Error signaling on condition variable: %s",
strerror(pthread_err));
ctx->ret = RUNAWAY_KILLER_THREAD_EXIT_STATUS_FAILURE;
}
if ((pthread_err = pthread_mutex_unlock(&ctx->mutex))) {
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (ctx->authority),
LOG_LEVEL_ERROR,
"Error unlocking mutex: %s",
strerror(pthread_err));
ctx->ret = RUNAWAY_KILLER_THREAD_EXIT_STATUS_FAILURE;
Expand All @@ -671,6 +688,7 @@ runaway_killer_thread_call_js (gpointer user_data)

if ((pthread_err = pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, &oldtype))) {
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (ctx->authority),
LOG_LEVEL_ERROR,
"Error setting thread cancel type: %s",
strerror(pthread_err));
goto err;
Expand All @@ -679,13 +697,15 @@ runaway_killer_thread_call_js (gpointer user_data)
if (duk_pcall_prop (cx, 0, 2) != DUK_EXEC_SUCCESS)
{
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (ctx->authority),
LOG_LEVEL_ERROR,
"Error evaluating admin rules: %s",
duk_safe_to_string (cx, -1));
goto err;
}

if ((pthread_err = pthread_mutex_lock(&ctx->mutex))) {
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (ctx->authority),
LOG_LEVEL_ERROR,
"Error locking mutex: %s",
strerror(pthread_err));
return NULL;
Expand All @@ -697,6 +717,7 @@ runaway_killer_thread_call_js (gpointer user_data)
err:
if ((pthread_err = pthread_mutex_lock(&ctx->mutex))) {
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (ctx->authority),
LOG_LEVEL_ERROR,
"Error locking mutex: %s",
strerror(pthread_err));
return NULL;
Expand All @@ -705,12 +726,14 @@ runaway_killer_thread_call_js (gpointer user_data)
end:
if ((pthread_err = pthread_cond_signal(&ctx->cond))) {
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (ctx->authority),
LOG_LEVEL_ERROR,
"Error signaling on condition variable: %s",
strerror(pthread_err));
ctx->ret = RUNAWAY_KILLER_THREAD_EXIT_STATUS_FAILURE;
}
if ((pthread_err = pthread_mutex_unlock(&ctx->mutex))) {
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (ctx->authority),
LOG_LEVEL_ERROR,
"Error unlocking mutex: %s",
strerror(pthread_err));
ctx->ret = RUNAWAY_KILLER_THREAD_EXIT_STATUS_FAILURE;
Expand Down Expand Up @@ -765,13 +788,15 @@ runaway_killer_common(PolkitBackendJsAuthority *authority, RunawayKillerCtx *ctx

if ((pthread_err = pthread_mutex_lock(&ctx->mutex))) {
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
LOG_LEVEL_ERROR,
"Error locking mutex: %s",
strerror(pthread_err));
goto err_clean_cond;
}

if (clock_gettime(PK_CLOCK, &abs_time)) {
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
LOG_LEVEL_ERROR,
"Error getting system's monotonic time: %s",
strerror(errno));
goto err_clean_cond;
Expand All @@ -781,6 +806,7 @@ runaway_killer_common(PolkitBackendJsAuthority *authority, RunawayKillerCtx *ctx
if ((pthread_err = pthread_create(&authority->priv->runaway_killer_thread, NULL,
js_context_cb, ctx))) {
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
LOG_LEVEL_ERROR,
"Error creating runaway JS killer thread: %s",
strerror(pthread_err));
goto err_clean_cond;
Expand All @@ -792,6 +818,7 @@ runaway_killer_common(PolkitBackendJsAuthority *authority, RunawayKillerCtx *ctx

/* Log that we are terminating the script */
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
LOG_LEVEL_WARNING,
"Terminating runaway script after %d seconds",
RUNAWAY_KILLER_TIMEOUT);

Expand All @@ -800,6 +827,7 @@ runaway_killer_common(PolkitBackendJsAuthority *authority, RunawayKillerCtx *ctx

if ((pthread_err = pthread_mutex_unlock(&ctx->mutex))) {
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
LOG_LEVEL_ERROR,
"Error unlocking mutex: %s",
strerror(pthread_err));
goto err_clean_cond;
Expand All @@ -808,13 +836,15 @@ runaway_killer_common(PolkitBackendJsAuthority *authority, RunawayKillerCtx *ctx
if (cancel) {
if ((pthread_err = pthread_cancel (authority->priv->runaway_killer_thread))) {
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
LOG_LEVEL_ERROR,
"Error cancelling runaway JS killer thread: %s",
strerror(pthread_err));
goto err_clean_cond;
}
}
if ((pthread_err = pthread_join (authority->priv->runaway_killer_thread, NULL))) {
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
LOG_LEVEL_ERROR,
"Error joining runaway JS killer thread: %s",
strerror(pthread_err));
goto err_clean_cond;
Expand Down Expand Up @@ -884,6 +914,7 @@ polkit_backend_common_js_authority_get_admin_auth_identities (PolkitBackendInter
duk_set_top (cx, 0);
if (!duk_get_global_string (cx, "polkit")) {
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
LOG_LEVEL_ERROR,
"Error deleting old rules, not loading new ones");
goto out;
}
Expand All @@ -893,6 +924,7 @@ polkit_backend_common_js_authority_get_admin_auth_identities (PolkitBackendInter
if (!push_action_and_details (cx, action_id, details, &error))
{
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
LOG_LEVEL_ERROR,
"Error converting action and details to JS object: %s",
error->message);
g_clear_error (&error);
Expand All @@ -902,6 +934,7 @@ polkit_backend_common_js_authority_get_admin_auth_identities (PolkitBackendInter
if (!push_subject (cx, subject, user_for_subject, subject_is_local, subject_is_active, &error))
{
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
LOG_LEVEL_ERROR,
"Error converting subject to JS object: %s",
error->message);
g_clear_error (&error);
Expand All @@ -924,6 +957,7 @@ polkit_backend_common_js_authority_get_admin_auth_identities (PolkitBackendInter
if (identity == NULL)
{
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
LOG_LEVEL_WARNING,
"Identity `%s' is not valid, ignoring: %s",
identity_str, error->message);
g_clear_error (&error);
Expand Down Expand Up @@ -974,6 +1008,7 @@ polkit_backend_common_js_authority_check_authorization_sync (PolkitBackendIntera
if (!push_action_and_details (cx, action_id, details, &error))
{
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
LOG_LEVEL_ERROR,
"Error converting action and details to JS object: %s",
error->message);
g_clear_error (&error);
Expand All @@ -983,6 +1018,7 @@ polkit_backend_common_js_authority_check_authorization_sync (PolkitBackendIntera
if (!push_subject (cx, subject, user_for_subject, subject_is_local, subject_is_active, &error))
{
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
LOG_LEVEL_ERROR,
"Error converting subject to JS object: %s",
error->message);
g_clear_error (&error);
Expand All @@ -1005,6 +1041,7 @@ polkit_backend_common_js_authority_check_authorization_sync (PolkitBackendIntera
if (!polkit_implicit_authorization_from_string (ret_str, &ret))
{
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
LOG_LEVEL_WARNING,
"Returned result `%s' is not valid",
ret_str);
goto out;
Expand Down
Loading

0 comments on commit 64f5e4d

Please sign in to comment.