[syslog-ng] [PATCH (3.4)] confgen: Implement a built-in system() generator

[Gergely Nagy]

Balazs Scheidler <bazsi77 at gmail.com> writes:

> Even though I understand the merits of not having to use a separate
> script to generate the system() source, this is the wrong way to go. I
> fear the maintenance burden of keeping the two in sync is too much
> hassle.

It's not that hard, I think, but indeed, it is an extra burden to carry
two versions of the same thing.

> I'm also somewhat puzzled why it is not used by default, then. If
> someone is able to edit her scl/system/plugin.conf, she might as well
> add the required source definitions there, without executing a script. I
> imagine this was caused problems on SUSE, perhaps other distros, where
> the definitions emitted by the system() macro is fixed.

The problem wasn't that the output of system() was bad or anything, the
problem was that running a script from within syslog-ng didn't play well
with AppArmor (or was it SELinux? or something else? I don't quite
remember), so instead of 'poking a hole' on the thing, they just didn't
use system() at all.

I can relate to that, truth be told, when I'm in extra-paranoid
mood. There are quite a many things that could go wrong there, at least
in theory.

> Also, implementation wise, this shouldn't go to the confgen plugin,
> confgen was supposed to call a script and include its output. If we
> wanted to implement this in C, I'd do it as a separate system()
> plugin.

I'll do that then, and we'll see how to move forward from there.

-- 
|8]