Why not provide a global log level option?

[ghost]

I am writing a ccf app, when I want to use logger(LOG_DEBUG_FMT) to print some debug messages, but the -l (--host-log-level) option can't change log level in enclave, so I read the logger.h code, I found the level function

CCF/src/ds/logger.h

Line 254 in 16aaccf

static inline Level& level()

is static, when app consists of multiple compilation units, change log level for debugging will be not easy.

so why not provide a global log level option? or it existed but I did not know? and what is the best way to use logger in enclave? thank you.

[achamayou]

@svenFeng

@svenFeng today the best way to use the logger in enclave is to build with -DVERBOSE_LOGGING=ON

This limitation is deliberate, and has to do with a combination of things:

1. Debug logging is inherently risky. INFO logging is sanitised, but DEBUG typically results in a loss of confidentiality (eg. KV access are logged as TRACE for example). It's therefore important for a production network to disallow nodes that log debug to join.
2. During the join protocol, joiners are allowed on the basis of their mrenclave alone (ie. binary digest), assuming the attestation otherwise checks out. This means that all important configuration aspects must be set at build time.

So the result in practice is that an enclave has to be built for a given logging level.

While this is true today, it could be changed. In particular, if joiners sent an mrenclave and a configuration, the network could apply a policy on the configuration and decide whether it wants to let a node using debug logging join the network. This has been discussed before, and will likely happen, but it's not at the top of our priorities right now.

[ghost]

got it, thank you.