Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Display file is blocked or not. #2185

Closed
wants to merge 2 commits into from
Closed

Display file is blocked or not. #2185

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f4e26e6
Display file is blocked or not.
lonicerae Dec 11, 2024
5355ddb
Updated the message a little as per Evgeny's suggestion
lonicerae Jan 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions src/OVAL/probes/probe-api.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1807,6 +1807,7 @@ bool probe_path_is_blocked(const char *path, struct oscap_list *blocked_paths)
}
}
oscap_iterator_free(it);
dD("Path:%s, res:%d", path, res);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a very generic message. I'd suggest something like

Suggested change
dD("Path:%s, res:%d", path, res);
dD("Path: %s, blocked (res): %d", path, res);

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And maybe it makes sense to only output the message if the path is blocked? Otherwise it'd be very noisy IMHO. What are you debugging actually?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @evgenyz , your modification also looks good. In practice, OpenSCAP is very easy to trigger OOM issue and make other critical processes being killed. About 80% of these issues are due to unbridled rules that accessing lots of files of unwanted folder. This debug message can help to show the paths already be blocked.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The thing is, there will be a lot of Path: /foo/bar/, blocked (res): 0 messages in the output, they will litter the log while not really helping any investigation (since these files will be processed and will popup somewhere else in the logs anyways).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As a senior support engineer I could not agree with your opinion, in fact this small patch already helped a lot clients.. But, anyway, you're the developer, perhaps real product experience not the thing you're after. Let's just close this.

return res;
}

Expand Down
Loading