-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
doc: document --no-debug, which is set by default in our own systemd … #425
base: main
Are you sure you want to change the base?
Conversation
…service This can be immensely frustrating to users since there is no mention whatsoever in the documentation of why their logs are getting eaten. Fixes polkit-org#154.
<command>journalctl -b SYSLOG_FACILITY=10</command> on systemd. | ||
</para> | ||
<para> | ||
On some distributions, the flag <literal>--no-debug</literal> is passed |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hm, this is what data/polkit.service.in provides by default
https://github.com/polkit-org/polkit/blob/main/data/polkit.service.in#L11
So I find it a bit misleading to call this something distro specific.
Fwiw, I would like to see the --no-debug
flag dropped and replaced with --debug
.
The default behavious would be a reasonable non-verbose/non-debug output.
And if you want to have explicit debug output (say for a bug report), one should use --debug
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
meh, certain distributions? most of them? either way, it gets the point across that your log statements might vanish if you don't look how polkit is invoked. i still don't understand why we discard those by default at all. it seems like a huge footgun.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When everything works, system services should be silent. We should however add support for LogControl1 to dynamically change the level, I started a branch somewhere but ENOTIME
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, polkitd does produce log messages, just no debug log messages by default, e.g. I get
# journalctl -u polkitd.service
Feb 25 09:16:59 mars polkitd[993]: Started polkitd version 124
Feb 25 09:16:59 mars polkitd[993]: Loading rules from directory /etc/polkit-1/rules.d
Feb 25 09:16:59 mars polkitd[993]: Loading rules from directory /usr/share/polkit-1/rules.d
Feb 25 09:16:59 mars polkitd[993]: Finished loading, compiling and executing 11 rules
Feb 25 09:16:59 mars polkitd[993]: Acquired the name org.freedesktop.PolicyKit1 on the system bus
Feb 25 09:16:59 mars systemd[1]: Started polkit.service - Authorization Manager.
I'm not convinced we should dump debug log messages into the journal unless explicitly requested.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When everything works, system services should be silent. We should however add support for LogControl1 to dynamically change the level, I started a branch somewhere but ENOTIME
This isn't my view but I understand this view. :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
General information about polkit doesn't seem the right place for information about some binary's options, usage of which is distro-specific, no matter how many distros use it. I like switching polkitd to silent by default though and turning verbose on explicitly. I'll incorporate this idea into my plans for implementing log levels.
<filename>/var/log/secure</filename>. The | ||
<function>log()</function> method is usually only used when | ||
<filename>/var/log/secure</filename> or in | ||
<command>journalctl -b SYSLOG_FACILITY=10</command> on systemd. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why so specific? "... or in journal if systemd is present." is sufficient and all-saying.
<command>journalctl -b SYSLOG_FACILITY=10</command> on systemd. | ||
</para> | ||
<para> | ||
On some distributions, the flag <literal>--no-debug</literal> is passed |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
General information about polkit doesn't seem the right place for information about some binary's options, usage of which is distro-specific, no matter how many distros use it. I like switching polkitd to silent by default though and turning verbose on explicitly. I'll incorporate this idea into my plans for implementing log levels.
@@ -40,6 +43,12 @@ | |||
whenever an application calls into the service. | |||
</para> | |||
|
|||
<para> | |||
Passing the <option>--no-debug</option> to <command>polkitd</command> | |||
will discard the messages from usages of <literal>polkit.log()</literal> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"from usages of polkit.log()" is an unnecessary insider detail. Users do no need to know the code details.
Just saying "Do not pass debug information to logs." is sufficient and targeted on wider audience.
@lf- Friendly ping. Is there still a desire to have this merged after post-review fixes? I like the extension of the polkitd manpage. |
…service
This can be immensely frustrating to users since there is no mention whatsoever in the documentation of why their logs are getting eaten.
Fixes #154.