From 1de75ad21857644b75695328e9f190df5f884876 Mon Sep 17 00:00:00 2001 From: Qi Zheng Date: Tue, 29 Aug 2023 16:26:57 +0800 Subject: [PATCH] [readthedocs] Description for Occlum log config option --- docs/readthedocs/docs/source/how_to_debug.md | 4 +++- docs/readthedocs/docs/source/occlum_configuration.md | 9 ++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/docs/readthedocs/docs/source/how_to_debug.md b/docs/readthedocs/docs/source/how_to_debug.md index 693f85c6..cb132dea 100644 --- a/docs/readthedocs/docs/source/how_to_debug.md +++ b/docs/readthedocs/docs/source/how_to_debug.md @@ -4,4 +4,6 @@ To debug an app running upon Occlum, one can harness Occlum's builtin support fo Meanwhile, one can use `occlum mount` command to access and manipulate the secure filesystem for debug purpose. -If the cause of a problem does not seem to be the app but Occlum itself, then one can take a glimpse into the inner workings of Occlum by checking out its log. Occlum's log level can be adjusted through `OCCLUM_LOG_LEVEL` environment variable. It has six levels: `off`, `error`, `warn`, `debug`, `info`, and `trace`. The default value is `off`, i.e., showing no log messages at all. The most verbose level is `trace`. \ No newline at end of file +If the cause of a problem does not seem to be the app but Occlum itself, then one can take a glimpse into the inner workings of Occlum by checking out its log. Occlum's log level can be adjusted through `OCCLUM_LOG_LEVEL` environment variable. It has six levels: `off`, `error`, `warn`, `debug`, `info`, and `trace`. The default value is `off`, i.e., showing no log messages at all. The most verbose level is `trace`. + +The Occlum log output could be disabled totally for better security by setting `metadata.disable_log=true` in `Occlum.json` before building the Occlum instance. For detail please refer [Occlum Configuration](https://occlum.readthedocs.io/en/latest/occlum_configuration.html). diff --git a/docs/readthedocs/docs/source/occlum_configuration.md b/docs/readthedocs/docs/source/occlum_configuration.md index fa590db2..b0a96f8a 100644 --- a/docs/readthedocs/docs/source/occlum_configuration.md +++ b/docs/readthedocs/docs/source/occlum_configuration.md @@ -61,7 +61,14 @@ The template of `Occlum.json` is shown below. "version_number": 0, // Whether the enclave is debuggable through special SGX instructions. // For production enclave, it is IMPORTANT to set this value to false. - "debuggable": true + "debuggable": true, + // Whether the enclave is allowable to print Occlum log. + // Optional, if not set, in default it is false for debuggable enclave + // but true for production/release enclave for better security. + // Production/release enclave could explicitly set it false to have log + // output for debugging purpose. In this case, error log level is the + // only allowed log level. + "disable_log": false, }, // Features "feature": {