Hi, On Fri, 2019-11-15 at 12:57 -0500, Frank Ch. Eigler wrote: > Could you also add a reference to the Prometheus Exposition format. I > > see it is already in a comment in the code. Best to also add it as See > > also in the docs. > > OK.
Thanks, that would be good. > > > +control. The \fI/metrics\fP webapi endpoint is probably not > > > +appropriate for disclosure to the public. > > > > So, should there be an option to turn it off? > > IMHO not necessary. The security section already advises against > exposing an unprotected debuginfod server to the public. A front-end > reverse-proxy would easily filter requests to /metrics. I think defense in depth is not a bad thing. You already have local users to which it is exposed. And it would also make the server do slightly less work. > > > +#ifdef __linux__ > > > +#define gettid() syscall(SYS_gettid) > > > +#else > > > +#define gettid() pthread_self() > > > +#endif > > > > You might want to rename this since newer glibc might expose gettid(). > > OK. Note that the current code defines tid () as syscall(SYS_getpid). Should be SYS_gettid. Cheers, Mark
