patch 5 debuginfod: prometheus metrics
Mon Nov 18 16:20:00 GMT 2019
On Fri, 2019-11-15 at 12:57 -0500, Frank Ch. Eigler wrote:
> Could you also add a reference to the Prometheus Exposition format. I
> > see it is already in a comment in the code. Best to also add it as See
> > also in the docs.
Thanks, that would be good.
> > > +control. The \fI/metrics\fP webapi endpoint is probably not
> > > +appropriate for disclosure to the public.
> > So, should there be an option to turn it off?
> IMHO not necessary. The security section already advises against
> exposing an unprotected debuginfod server to the public. A front-end
> reverse-proxy would easily filter requests to /metrics.
I think defense in depth is not a bad thing.
You already have local users to which it is exposed.
And it would also make the server do slightly less work.
> > > +#ifdef __linux__
> > > +#define gettid() syscall(SYS_gettid)
> > > +#else
> > > +#define gettid() pthread_self()
> > > +#endif
> > You might want to rename this since newer glibc might expose gettid().
Note that the current code defines tid () as syscall(SYS_getpid).
Should be SYS_gettid.
More information about the Elfutils-devel