-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Move log opening to appropriate execution phase #2823
base: v2/master
Are you sure you want to change the base?
Conversation
Hello @TomasKorbar , There is at least one downside here. Current functionality means that the attempt to open the audit log file occurs at startup. If it fails -- perhaps because the chosen location is unwriteable -- then Apache will fail to start and the user can see a message like:
(As a side note, with these changes I could not see a failure message anywhere, including in Apache's error.log. Perhaps I didn't look carefully enough.) In general, it's preferable to have configuration errors identified at startup whenever possible. |
c92bbbc
to
ec87dab
Compare
Hi @martinhsv |
ec87dab
to
85e97e1
Compare
@martinhsv Hi, could we get this merged please? I can provide further help if needed. |
@martinhsv should be good now. |
@marcstern I've verified this builds correctly on a NixOS system after cherry-picking the commit to v2.7.3. I can also start an Apache/2.4.59 server loading the compiled module. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds sensible, but I wonder why it was handled differently than error logs at first. Does anybody see a potential problem with this fix?
Otherwise, I think it's the right moment to de-duplicate the code between dcfg->auditlog_name & dcfg->auditlog_name2 file opening. Can you use a static function that centralizes the common code?
Additional question (linked to code duplication):
Why do we have pipe_name = dcfg->auditlog_name + 1;
and pipe_name = ap_server_root_relative(p, dcfg->auditlog2_name + 1);
? Is this normal?
I realized this PR also will need rebased atop |
When piped logs are opened during parsing of configuration it results in unexpected situations in apache httpd and can cause hang of process which is trying to log into auditlog. Code should work as before, with the exception of one additional condition evaluation when primary audit log is not set and secondary audit log path to piped executable is now not relative to server root.
5698426
to
bec3381
Compare
Quality Gate passedIssues Measures |
@marcstern Hi, Please tell me about additional changes if necessary. |
Using a hook looks indeed cleaner and more consistent with error log. Does anybody see a potential risk with this change? |
Let me check this a bit later (probably in next few days). |
When piped logs are opened during parsing of configuration it results in unexpected situations in apache httpd and can cause hang of process which is trying to log into auditlog.
Closes #2822