[apparmor] [patch] mod_apparmor: fix logging
Seth Arnold
seth.arnold at canonical.com
Wed Apr 23 01:48:38 UTC 2014
On Mon, Jan 20, 2014 at 04:16:37PM -0800, Steve Beattie wrote:
> Subject: mod_apparmor: fix logging
>
> The apache2 mod_apparmor module was failing to log debugging messages
> when the apache loglevel was set to debug or lower (i.e. traceN). This
> patch fixes it by using ap_log_rerror() (for request specific messages,
> with the request passed for context) and ap_log_perror() (more general
> messages, with an apache pool for context).
>
> Also, the APLOG_USE_MODULE macro is called, to mark the log messages as
> belonging to the apparmor module, so that the apache 2.4 feature of
> enabling debug logging for just the apparmor module will work, with an
> apache configuration entry like:
>
> LogLevel apparmor:debug
>
> See
>
> http://ci.apache.org/projects/httpd/trunk/doxygen/group__APACHE__CORE__LOG.html
>
> for specific about the ap_log_*error() and APLOG_USE_MODULE functions
> and macros, and
>
> http://httpd.apache.org/docs/2.4/mod/core.html.en#loglevel
>
> for the bits about module specific logging.
>
> Signed-off-by: Steve Beattie <steve at nxnw.org>
Acked-by: Seth Arnold <seth.arnold at canonical.com>
Thanks
> ---
> changehat/mod_apparmor/mod_apparmor.c | 33 +++++++++++++++++----------------
> 1 file changed, 17 insertions(+), 16 deletions(-)
>
> Index: b/changehat/mod_apparmor/mod_apparmor.c
> ===================================================================
> --- a/changehat/mod_apparmor/mod_apparmor.c
> +++ b/changehat/mod_apparmor/mod_apparmor.c
> @@ -35,6 +35,7 @@
> #define DEFAULT_HAT "HANDLING_UNTRUSTED_INPUT"
> #define DEFAULT_URI_HAT "DEFAULT_URI"
>
> +APLOG_USE_MODULE(apparmor);
> module AP_MODULE_DECLARE_DATA apparmor_module;
>
> static unsigned int magic_token = 0;
> @@ -68,9 +69,9 @@ immunix_init (apr_pool_t *p, apr_pool_t
> apr_file_read (file, (void *) &magic_token, &size);
> apr_file_close (file);
> } else {
> - ap_log_error (APLOG_MARK, APLOG_ERR, 0, NULL, "Failed to open /dev/urandom");
> + ap_log_perror(APLOG_MARK, APLOG_ERR, 0, p, "Failed to open /dev/urandom");
> }
> - ap_log_error (APLOG_MARK, APLOG_DEBUG, 0, NULL, "Opened /dev/urandom successfully");
> + ap_log_perror(APLOG_MARK, APLOG_DEBUG, 0, p, "Opened /dev/urandom successfully");
>
> return OK;
> }
> @@ -83,11 +84,11 @@ immunix_child_init (apr_pool_t *p, serve
> {
> int ret;
>
> - ap_log_error (APLOG_MARK, APLOG_DEBUG, 0, NULL, "init: calling change_hat");
> + ap_log_perror(APLOG_MARK, APLOG_DEBUG, 0, p, "init: calling change_hat");
> ret = change_hat (DEFAULT_HAT, magic_token);
> if (ret < 0) {
> change_hat (NULL, magic_token);
> - ap_log_error (APLOG_MARK, APLOG_ERR, 0, NULL, "Failed to change_hat to '%s'",
> + ap_log_perror(APLOG_MARK, APLOG_ERR, 0, p, "Failed to change_hat to '%s'",
> DEFAULT_HAT);
> } else {
> inside_default_hat = 1;
> @@ -130,7 +131,7 @@ immunix_enter_hat (request_rec *r)
> ap_get_module_config (r->server->module_config, &apparmor_module);
>
> debug_dump_uri (&r->parsed_uri);
> - ap_log_error (APLOG_MARK, APLOG_DEBUG, 0, NULL, "in immunix_enter_hat (%s) n:0x%lx p:0x%lx main:0x%lx",
> + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "in immunix_enter_hat (%s) n:0x%lx p:0x%lx main:0x%lx",
> dcfg->path, (unsigned long) r->next, (unsigned long) r->prev,
> (unsigned long) r->main);
>
> @@ -144,7 +145,7 @@ immunix_enter_hat (request_rec *r)
> }
>
> if (dcfg != NULL && dcfg->hat_name != NULL) {
> - ap_log_error (APLOG_MARK, APLOG_DEBUG, 0, NULL, "calling change_hat [dcfg] %s", dcfg->hat_name);
> + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "calling change_hat [dcfg] %s", dcfg->hat_name);
> sd_ret = change_hat (dcfg->hat_name, magic_token);
> if (sd_ret < 0) {
> change_hat (NULL, magic_token);
> @@ -153,7 +154,7 @@ immunix_enter_hat (request_rec *r)
> }
> }
>
> - ap_log_error (APLOG_MARK, APLOG_DEBUG, 0, NULL, "calling change_hat [uri] %s", r->uri);
> + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "calling change_hat [uri] %s", r->uri);
> sd_ret = change_hat (r->uri, magic_token);
> if (sd_ret < 0) {
> change_hat (NULL, magic_token);
> @@ -162,7 +163,7 @@ immunix_enter_hat (request_rec *r)
> }
>
> if (scfg != NULL && scfg->hat_name != NULL) {
> - ap_log_error (APLOG_MARK, APLOG_DEBUG, 0, NULL, "calling change_hat [scfg] %s", scfg->hat_name);
> + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "calling change_hat [scfg] %s", scfg->hat_name);
> sd_ret = change_hat (scfg->hat_name, magic_token);
> if (sd_ret < 0) {
> change_hat (NULL, magic_token);
> @@ -171,7 +172,7 @@ immunix_enter_hat (request_rec *r)
> }
> }
>
> - ap_log_error (APLOG_MARK, APLOG_DEBUG, 0, NULL, "calling change_hat DEFAULT_URI");
> + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "calling change_hat DEFAULT_URI");
> sd_ret = change_hat (DEFAULT_URI_HAT, magic_token);
> if (sd_ret < 0) change_hat (NULL, magic_token);
>
> @@ -186,13 +187,13 @@ immunix_exit_hat (request_rec *r)
> ap_get_module_config (r->per_dir_config, &apparmor_module);
> /* immunix_srv_cfg * scfg = (immunix_srv_cfg *)
> ap_get_module_config (r->server->module_config, &apparmor_module); */
> - ap_log_error (APLOG_MARK, APLOG_DEBUG, 0, NULL, "exiting change_hat - dir hat %s path %s", dcfg->hat_name, dcfg->path);
> + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "exiting change_hat - dir hat %s path %s", dcfg->hat_name, dcfg->path);
> change_hat (NULL, magic_token);
>
> sd_ret = change_hat (DEFAULT_HAT, magic_token);
> if (sd_ret < 0) {
> change_hat (NULL, magic_token);
> - ap_log_error (APLOG_MARK, APLOG_ERR, 0, NULL, "Failed to change_hat to '%s'",
> + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Failed to change_hat to '%s'",
> DEFAULT_HAT);
> } else {
> inside_default_hat = 1;
> @@ -260,9 +261,9 @@ immunix_create_dir_config (apr_pool_t *
> {
> immunix_dir_cfg * newcfg = (immunix_dir_cfg *) apr_pcalloc(p, sizeof(* newcfg));
>
> - ap_log_error (APLOG_MARK, APLOG_DEBUG, 0, NULL, "in immunix_create_dir (%s)", path ? path : ":no path:");
> + ap_log_perror(APLOG_MARK, APLOG_DEBUG, 0, p, "in immunix_create_dir (%s)", path ? path : ":no path:");
> if (newcfg == NULL) {
> - ap_log_error (APLOG_MARK, APLOG_ERR, 0, NULL, "immunix_create_dir: couldn't alloc dir config");
> + ap_log_perror(APLOG_MARK, APLOG_ERR, 0, p, "immunix_create_dir: couldn't alloc dir config");
> return NULL;
> }
> newcfg->path = apr_pstrdup (p, path ? path : ":no path:");
> @@ -277,7 +278,7 @@ immunix_merge_dir_config (apr_pool_t * p
> {
> immunix_dir_cfg * newcfg = (immunix_dir_cfg *) apr_pcalloc(p, sizeof(* newcfg));
>
> - ap_log_error (APLOG_MARK, APLOG_DEBUG, 0, NULL, "in immunix_merge_dir ()");
> + ap_log_perror(APLOG_MARK, APLOG_DEBUG, 0, p, "in immunix_merge_dir ()");
> if (newcfg == NULL)
> return NULL;
>
> @@ -290,9 +291,9 @@ immunix_create_srv_config (apr_pool_t *
> {
> immunix_srv_cfg * newcfg = (immunix_srv_cfg *) apr_pcalloc(p, sizeof(* newcfg));
>
> - ap_log_error (APLOG_MARK, APLOG_DEBUG, 0, NULL, "in immunix_create_srv");
> + ap_log_perror(APLOG_MARK, APLOG_DEBUG, 0, p, "in immunix_create_srv");
> if (newcfg == NULL) {
> - ap_log_error (APLOG_MARK, APLOG_ERR, 0, NULL, "immunix_create_srv: couldn't alloc srv config");
> + ap_log_perror(APLOG_MARK, APLOG_ERR, 0, p, "immunix_create_srv: couldn't alloc srv config");
> return NULL;
> }
>
>
> --
> Steve Beattie
> <sbeattie at ubuntu.com>
> http://NxNW.org/~steve/
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140422/c899638d/attachment.pgp>
More information about the AppArmor
mailing list