We will later want to just to a disk space check for the file system a
file is on, without registering that file system for periodic checks.
Adapt callers to keep working like before.
Monitor the disk space on important file systems: The ones where
cached tiles are stored and where the chroot jails are created. Those
might be the same file system of course, the code checks and doesn't
do needless work.
The check is done whenever a new loolkit process is taken into use and
a new chroot jail it constructed, and whenever a new client session
connects to a document. We don't check more often than once a minute,
though.
Still need to add code to guard against running out of diska space
when saving documents back to where they were opened from. For that
presumably need to enhance the Storage abstraction.
Instead of trying to inform the sysadmin (which we did not yet try to
do in any meaningful way), inform all connected clients (even those
editing other documents).
We use 'error: cmd=internal kind=diskfull' as the message to the
clients. The loleaflet code needs to be updated to handle that
carefully by displaying a very prominent message that tells the user
that all bets are off.
Also add a unit test for the functionality.
Document the new protocol details.
The code for this alert functionalty became a bit less elegant than I
like because of the way we include Util.cpp in the unit test 'test'
program.
Still need to add code to check for disk full in more places, not just
when saving a cached tile or font. Probably we should even actually
check for disk space on the file system(s) we use getting alarmingly
low, not just check for file writing operations that fail. Later.
Introduce new API in our Util namespace to save data to a file
safely. The data is written to a temporary file in the same directory
and after that has succeeded, it is renamed atomicaly to the intended
name. If any step of the saving fails, neither the temporay file or
the intended target (if one exists before) is left behind.
Also add an API intended to alert the sysadmin in cases where their
attention and action are required. This is not yet properly
implemented. See FIXME comment for discussion.
Util::createRandomDirectory now uses /dev/urandom
(and a complex pseudo-random generator where missing)
to generate 64-byte long, Base64-encoded, names.
This should provide ample security compared to 64-bit
pseudo-random numbers hex-encoded, as was the case.
Change-Id: I714810a9fb03b5dcdbad7a15305940bf7457149e
Reviewed-on: https://gerrit.libreoffice.org/25696
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
A source file (.cpp) must include its own header first.
This insures that the header is self-contained and
doesn't depend on arbitrary (and accidental) includes
before it to compile.
Furthermore, system headers should go next, followed by
C then C++ headers, then libraries (Poco, etc) and, finally,
project headers come last.
This makes sure that headers and included in the same dependency
order to avoid side-effects. For example, Poco should never rely on
anything from our project in the same way that a C header should
never rely on anything in C++, Poco, or project headers.
Also, includes ought to be sorted where possible, to improve
readability and avoid accidental duplicates (of which there
were a few).
Change-Id: I62cc1343e4a091d69195e37ed659dba20cfcb1ef
Reviewed-on: https://gerrit.libreoffice.org/25262
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Presumably it is only developers that are interested in signals, and
terms like SEGV or ABRT are more precise than their textual
descriptions like "Segmentation violation" or "Aborted".
Poco::Channel is reference counted, but the initial refcount is 1, so we
need to release channel in order to have it deleted when Poco::Logger
releases it.
Calls to Poco::Logger::shutdown() are still missing though (from
forkit/kit/wsd).
Change-Id: I12ab32047d32e55902c60639d71eb6ef30ffa3bd
Much better than assuming that errno would be relevant at all
Log::error() calls (or alternatively, having to remember to append a
false parameter to the Log::error() call, which had not been done a
single time anyway.)
Call log::syserror() right after a system call has returned an
error. Don't call it otherwise.
Admin no longer needs a pipe as it's notified
from WSD. It is now a singleton with improved
locking.
The tracking of documents and views still needs
improvement and corrections.
Change-Id: If614331de6dd595c6dd4443f480d4ab588ca4551
Reviewed-on: https://gerrit.libreoffice.org/23860
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Don't embed newlines in "lines" written to the log. When logging stuff
read from or written to the fifos, translate newlines to " / " for
clarity.
(If we would want complete, exact verbose logging, we should be really
pedantic and log all non-printable bytes in hex anyway, etc, so
displaying newlines as space-separated slashes should be OK. It isn't
as if there would be totally arbitary data passed through the fifos
anyway.)
It is desirable to have colored logs when running loolwsd
in a terminal, but not redirecting its output to a file.
Outputting to a terminal is now detected and colored logs
are automatically enabled.
To force colored logs in files as well, define
LOOL_LOGCOLOR in the environ. The output color codes
can then be processed using, f.e., `less -r`.
Change-Id: I09fbee4441f210d814ac5ad23dd99d1c33b560b7
Reviewed-on: https://gerrit.libreoffice.org/23080
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Further changes/refactoring to make it possible:
* Add broker pid to Admin class
* Move getMemoryUsage for process to Util
* Change variable name to accurately reflect *active* items
_nViews -> _nActiveViews, etc.
Change-Id: I4c9206c49ab829b73ebfe226874bfbbcc8f95342
Reviewed-on: https://gerrit.libreoffice.org/22989
Reviewed-by: Tor Lillqvist <tml@collabora.com>
Tested-by: Tor Lillqvist <tml@collabora.com>
Much simpler.
Also, don't duplicate the code informing that LD_BIND_NOW or
LOK_VIEW_CALLBACK are not set. Not that I understand why we need to
inform about that? If the "normal" thing should be that they are set,
why don't make it so by default then?
