Anonymizing is useless with trace anyway, since no
trace log entry anonymizes, it's more useful to
disable anonymization to help troubleshoot (which is
the reason for enabling tracing in the first place).
Change-Id: I437207e7a798c2288a5d5eb33446cb16491bfbf6
Reviewed-on: https://gerrit.libreoffice.org/59534
Reviewed-by: Andras Timar <andras.timar@collabora.com>
Tested-by: Andras Timar <andras.timar@collabora.com>
(cherry picked from commit a2809fd27277fd01d0dafdc0c4f0435fdf85db36)
Also move anonymization initialization after logging is initialized.
Change-Id: I5c3753f0b11ae9c3376235e22af204eb3a57f5c8
(cherry picked from commit 02076bdb9128ffe7c26d8bcf420b659ec1d68280)
Also support anonymization of downloadas documents
and renaming of documents.
Reviewed-on: https://gerrit.libreoffice.org/57541
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
(cherry picked from commit 78248a542c9ca31bf9ad4cad9b55d78690384395)
Change-Id: I81a80e6290217659987d73f625e5f0fb81cb7ef2
This is important for when we abort with some explanation.
Often said explanation doesn't show up anywhere to be useful.
Also, issue fatal logs for abnormal exist and use SFL to log errno.
Reviewed-on: https://gerrit.libreoffice.org/57540
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
(cherry picked from commit ad7964393eadb68873b820e0a620fb40f1e1b06a)
Change-Id: Ic67064ef40ef6e93d26e5847ecd32bdd49c3cc8b
Useful for troubleshooting and other non-prod setups.
To enable, add a subnode under logging/anonymize in
loolwsd.xml called allow_logging_pii with a boolean
value of true:
<logging>
<anonymize>
<allow_logging_pii>true</allow_logging_pii>
</anonymize>
</logging>
Reviewed-on: https://gerrit.libreoffice.org/56568
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
(cherry picked from commit 829b4722817b89445701a378ffa6b597b906bb7d)
Change-Id: If74acaac0ea442ee5a7860453182180663a5108b
And inform the user of the anonymization level.
Reviewed-on: https://gerrit.libreoffice.org/56567
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
(cherry picked from commit 13f3b7848f9cd77dc7a1e82f0fba656dbd503b4c)
Change-Id: I95cf832d5c4103744207214ffbf4e85d177ff190
This prevents disabling from loolwsd.xml when
the flags to anonymize are baked in at compile time.
Change-Id: If38ad3815bc9f18ed51b6626fc8c03528e7b8327
Reviewed-on: https://gerrit.libreoffice.org/56089
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
(cherry picked from commit 8844d238f1c7a0bd71f6ddd3b59f4ea18bf3bdbb)
The first child had tracing enabled even after
initial startup is completed. This would leak
user details when anonymization is enabled.
Change-Id: I5325e02d1a1078bff6640af85f5672b556c00aeb
Check and fail to start if anonymization is enabled
and trace-level logging is requested. Since trace
may include data packets, which is hard to anonymize and
is likely to impact performance if attempted, it is best
to prevent tracing altogether.
Also, sort the default settings for better readability.
Change-Id: Ic83f1f2fda15e2146a5d970f03617fa460d9cbc7
Previously SocketPoll expected to be
running its own thread for polling.
This is unnecessary when we have a
spare thread (e.g. main) that can
(and should, for efficiency) be used
for polling rather than starting
dedicated thread.
Not starting the SocketPoll's thread
and calling SocketPoll::poll() directly
worked, the warning logs on each activity
notwithstanding.
The warnings aren't just noisy, they are
a performance drain as well, and signal
that something is wrong. The new code
now makes the API cleaner and avoids
unnecessary warning logs, while being
faster.
Change-Id: Ibf9a223c59dae6522a5fc2e5d84a8ef191b577b1
The async-signal-safe functions to get thread-id
and thread-name, which cache the results, are
faster, cleaner, and signal-safe. No reason why
we shouldn't always use them.
Especially since it appears the logic was
inverted in Log::prefix, such that the signal
un-safe calls were made during signal-handling,
and the safe ones were called otherwise!
Instead of passing the signal-safe flag to
Log::prefix, we pass the buffer size, for
improved security.
Furthermore, reduce header dependencies
and reduce clutter.
Change-Id: I697689b2f0a290b6d8cce4babc3ac1e576141da6
In loleaflet.html.m4, define a macro MOBILEAPP as true if either
IOSAPP or GTKAPP is true.
Set a window.ThisIsAMobileApp property in either case, and
window.ThisIsTheGtkApp in the GTKAPP case.
The checks for ThisIsTheiOSApp in the JS could in fact all be changed
to check for ThisIsAMobileApp instead, as they were all equally valid
for the gtk+ testbed app. For instance, sending WebKit messages to the
app code works the same way in JavaScript both for iOS and
webkit-gtk+. Which is not surprising, I guess, as the underlying
WebKit is the same.
