if experimental_features and mount_namespaces is enabled and it is
possible to "unshare" then instead of coolforkit exec coolforkitns which
doesn't have any capabilities set and inprocess mount inside a namespace
instead of calling coolmount
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: I48bef12b9156f41c78221e750a30aacee8a737a9
of ssl.ssl_verification instead of retaining a separate
storage.ssl.ssl_verification
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: Ic132467497135ebdc17c9334274ff8950e2001a0
Setting logging.disable_server_audit to true will
disable server audit dialog, button in the menus and notification.
In that case we will receive "serveraudit: diabled" message in the
client. This doesn't disable any logging to the file.
Signed-off-by: Szymon Kłos <szymon.klos@collabora.com>
Change-Id: I47632b2b66e417166ce31d01a7b82d6190c66d04
Seems we have closed a number of the various races and problems
seen, and this can now be used.
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Change-Id: Ie3b0a1de847b9e77820d1135b4a8facdb7934707
Add logging.disabled_areas setting to coolwsd.xml with some sensible
things to ignore unless they are warnings/errors.
Kit code duplication around logging is grim; but not fixed in this
commit.
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Change-Id: I36bebb2b3c8d64a814d7b10c167d582de0baf4e5
Free CPU cycles for interactive processes.
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Change-Id: I9d8cfe5f3541c9424d51c69380e1c72920154ff4
- when COOLWSD get SIGTERM admin sends a "shutdown_received" message to
indirection server
- indirection server sends back migration messages for each document to
migrate it other available COOL server
- there is timeout associated with migration message if COOLWSD doesn't
get message we move on and close the document
- added a new option in coolwsd.xml to change the migration timeout
default is 180s
Signed-off-by: Rashesh Padia <rashesh.padia@collabora.com>
Change-Id: Id7d5eea94d1b03ea5905ca67a9dd8f6ca15952f3
They should be cheap memory wise, and save quite a bit of latency.
Keep 1 for debug mode - to make attaching to the right process easier.
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Change-Id: I230be6ae61874f36b47ffc93d888d455bea3a7d8
We no longer send LOOL-WOPI headers, unless
the configuration specifically flags for
legacy servers. But we always send COOL-WOPI
even to legacy servers, to help them upgrade
seamlessly.
Change-Id: Ifc919ed8f6665cd8f846117ef4e8b7ef09fbd563
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
The quarantine path should be an absolute path.
Unfortunately, because we had relative=true in
the path config, we couldn't detect empty configs.
This is because with relative=true the getter
would create a path based on the current directory
and the config value, which would default to
"quarantine" when empty.
This would result in /opt/cool/quarantine or
/usr/bin/quarantine when in fact the path is
really empty.
Now, the config has relative=false and
there is no default. In addition, we
warn if the path is no absolute.
Change-Id: I1b3eb5e76866a12d214b47e6556942715a210e54
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
This applies the cgroup memory limit, if set,
such that if it is lower than the configured
memproportion percentage, we do not exceed it.
Otherwise, we risk running out of our cgroup
limit and by then it is too late to do anything
but die due to OOM.
This also moves the logging of the cgroup memory
stats from COOLWSD into Admin, to avoid duplicate
logging.
Also updated the description of memproportion
config entry to account for the cgroup logic.
Change-Id: I870ae61c1260eb2b3275bd2fa1a4c48ff30957a2
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
- uses new lok_allow setting to provide such list
- for backward compatibility uses also all post_allow and storage.wopi
entries
- Used for example in: PostMessage Action_InsertGraphics,
=WEBSERVICE() function, external reference in the cell
Signed-off-by: Szymon Kłos <szymon.klos@collabora.com>
Change-Id: Ib930e0119d4ea124b9cd565f6b3683310b1b3ced
It seems large groups of people don't have a use for overwrite mode
- Would like to avoid enable it by default
This is just the first step on improving the user experience here.
------
The whole plan would be to:
- 1st Follow up PR
- Where we disable the overwrite mode when enableExperimental is true
this we will be able to see if community likes that change or not before making it everywhere
- Other possible improvements
- Triger a snackbar for the first time the user press the Insert key
- If the feature is disabled we would show snackbar with timeout
"Overwrite is disabled. Please contact admin."[Dismiss]
- If the feature is enabled we would show snackbar with timeout
"Overwrite mode is now enabled" [Disable] (Disable here means the same action as pressing again the **Insert** does)
Signed-off-by: Gülşah Köse <gulsah.kose@collabora.com>
Change-Id: I060b3d2d9d1e7e29a18f5ea1d619c9349eae67c3
Signed-off-by: Pedro Pinto Silva <pedro.silva@collabora.com>
- It logs activities like when admin logged in, authenticated
metrics endpoint accessed, external monitor getting connected
and admin actions like kill the document etc
Signed-off-by: Rash419 <rashesh.padia@collabora.com>
Change-Id: I059f6b6ee0d8269aec7e3f521622773e348304a3
- Allow COOLWSD client sessions to forward messages with the prefix
'urp' to the child, and return messages with 'urp:' to the client,
communicating with binary
- Make COOLWSD child sessions use the FunctionBasedURPConnection from
https://gerrit.libreoffice.org/c/core/+/155100
(core change ID I2bda3d0b988bef7883f9b6829eeb5b7ae8075f27) to start a
new URP session
- Make COOLWSD child sessions submit messages to this URP session,
stripping and adding the 'urp' and 'urp:' prefixes so the Java client
from https://gerrit.libreoffice.org/c/core/+/154680
(core change ID I91ee52922a24688a6b94512cb7e7bc760bf25ec9) can
use the connection (and to avoid interference with any other websocket
messages)
- Add a COOLWSD option for enabling/disabling URP given the security
implications around allowing anyone to write URP (e.g. URP lets you
run shell commands so a mallicious actor can take over the child
session)
Signed-off-by: Skyler Grey <skyler.grey@collabora.com>
Change-Id: Idadfe288a78cfd72b01253dfdade150d506e3f05
- This patch only adds an option to enable this feature. It is off by
default
- This allows you to, say, have a docker container and --restart=always
to restart when you update the config
- This patch only listens for "/etc/coolwsd/", so if you specify a config
file that isn't there then you're out of luck... An improvement for a
followup patch will be make it listen to wherever your config files
actually are
- The current docker scripts only listen for modifications, so this
matches that behavior
Signed-off-by: Skyler Grey <skyler.grey@collabora.com>
Change-Id: I674756b0188893f5d192885bb436256aa827e7b5
A new section about accessibility has been appended to coolwsd.xml
config file
Signed-off-by: Marco Cecchetti <marco.cecchetti@collabora.com>
Change-Id: I086abdf73646639283eb655ae60f200fb64e495a
Previously the help root URL was defined in coolkitconfig.xcu,
but it was inconvenient to change. Now we have this setting in
coolwsd.xml, therefore it can be changed more easily. For
example a brand package can disable the Help buttons on
dialogs by executing the following command in postinstall
script:
coolconfig set help_url ""
Signed-off-by: Andras Timar <andras.timar@collabora.com>
Change-Id: I6d0bdd71ca908df3d2dd20bd321aff9e93896f52
fetch route_token from indirectionurl and add them in wopisrc
parameter
Signed-off-by: Rash419 <rashesh.padia@collabora.com>
Change-Id: I6e724d0c59e12d4f7f6c125ec076e90d20b9b3c8
Java & beanshell macros are unlikely to work, since they would
require a JVM in the Kit process.
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Change-Id: I390fb66d7aa835530dd7d2210fd8e1e89cdba325
Previously this defaulted to 'trace' - now it can be configured, but
still defaults to 'trace'.
Change-Id: I0ecf2f0b991cd8cc29dbde866dd4589be4ca7957
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
