Balazs Scheidler <bazsi77@gmail.com> writes:
Even though I understand the merits of not having to use a separate script to generate the system() source, this is the wrong way to go. I fear the maintenance burden of keeping the two in sync is too much hassle.
It's not that hard, I think, but indeed, it is an extra burden to carry two versions of the same thing.
I'm also somewhat puzzled why it is not used by default, then. If someone is able to edit her scl/system/plugin.conf, she might as well add the required source definitions there, without executing a script. I imagine this was caused problems on SUSE, perhaps other distros, where the definitions emitted by the system() macro is fixed.
The problem wasn't that the output of system() was bad or anything, the problem was that running a script from within syslog-ng didn't play well with AppArmor (or was it SELinux? or something else? I don't quite remember), so instead of 'poking a hole' on the thing, they just didn't use system() at all. I can relate to that, truth be told, when I'm in extra-paranoid mood. There are quite a many things that could go wrong there, at least in theory.
Also, implementation wise, this shouldn't go to the confgen plugin, confgen was supposed to call a script and include its output. If we wanted to implement this in C, I'd do it as a separate system() plugin.
I'll do that then, and we'll see how to move forward from there. -- |8]