[apparmor] [PATCH v2 32/42] libapparmor: Add basic logging functionality

John Johansen john.johansen at canonical.com
Thu Mar 12 11:52:48 UTC 2015 

On 03/06/2015 01:48 PM, Tyler Hicks wrote:
> This patch adds equivalents of the parser's PDEBUG() and PERROR()
> functions to libapparmor.
> 
> It does not add gettext(3) support to libapparmor since these are
> messages that only developers will see (debug builds with
> LIBAPPARMOR_DEBUG=1) or messages that go to the syslog.
> 
> PDEBUG() does nothing unless libapparmor is built with --enable-debug.
> It prints to stderr if libapparmor is built with --enable-debug and the
> LIBAPPARMOR_DEBUG environment variable is set.
> 
> PERROR() uses syslog(LOG_ERR, ...) by default. The message is sent to
> the syslog and to stderr if libapparmor is built with --enable-debug and
> the LIBAPPARMOR_DEBUG environment variable is set.
> 
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Acked-by: John Johansen <john.johansen at canonical.com>

> ---
>  libraries/libapparmor/configure.ac  | 10 +++++++++-
>  libraries/libapparmor/src/private.c | 34 ++++++++++++++++++++++++++++++++++
>  libraries/libapparmor/src/private.h | 37 +++++++++++++++++++++++++++++++++++++
>  3 files changed, 80 insertions(+), 1 deletion(-)
>  create mode 100644 libraries/libapparmor/src/private.h
> 
> diff --git a/libraries/libapparmor/configure.ac b/libraries/libapparmor/configure.ac
> index 4da65c1..fe6971c 100644
> --- a/libraries/libapparmor/configure.ac
> +++ b/libraries/libapparmor/configure.ac
> @@ -14,6 +14,14 @@ PKG_PROG_PKG_CONFIG
>  
>  AC_PATH_PROG([SWIG], [swig])
>  
> +AC_MSG_CHECKING([whether the libapparmor debug output should be enabled])
> +AC_ARG_ENABLE([debug_output],
> +[AS_HELP_STRING([--enable-debug-output], [generate the libapparmor debug output [[default=no]]])],
> +[AC_MSG_RESULT([$enableval])],
> +[enable_debug_output=no]
> +[AC_MSG_RESULT([$enable_debug_output])])
> +AS_IF([test "$enable_debug_output" = "yes"], [AC_DEFINE([ENABLE_DEBUG_OUTPUT], [1], [debug output])])
> +
>  AC_MSG_CHECKING([whether the libapparmor man pages should be generated])
>  AC_ARG_ENABLE(man_pages,
>  [AS_HELP_STRING([--enable-man-pages], [generate the libapparmor man pages [[default=yes]]])],
> @@ -71,7 +79,7 @@ AM_CONDITIONAL(HAVE_PERL, test x$with_perl = xyes)
>  AM_CONDITIONAL(HAVE_RUBY, test x$with_ruby = xyes)
>  
>  AC_HEADER_STDC
> -AC_CHECK_HEADERS(unistd.h stdint.h)
> +AC_CHECK_HEADERS(unistd.h stdint.h syslog.h)
>  
>  AC_CHECK_FUNCS(asprintf)
>  
> diff --git a/libraries/libapparmor/src/private.c b/libraries/libapparmor/src/private.c
> index f6f40b5..eb3c0f8 100644
> --- a/libraries/libapparmor/src/private.c
> +++ b/libraries/libapparmor/src/private.c
> @@ -14,7 +14,12 @@
>   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
>   */
>  
> +#include <stdarg.h>
> +#include <stdbool.h>
> +#include <stdio.h>
> +#include <stdlib.h>
>  #include <string.h>
> +#include <syslog.h>
>  
>  struct ignored_suffix_t {
>  	const char * text;
> @@ -41,6 +46,35 @@ static struct ignored_suffix_t ignored_suffixes[] = {
>  	{ NULL, 0, 0 }
>  };
>  
> +#define DEBUG_ENV_VAR	"LIBAPPARMOR_DEBUG"
> +
> +void print_error(bool honor_env_var, const char *ident, const char *fmt, ...)
> +{
> +	va_list args;
> +	int openlog_options = 0;
> +
> +	if (honor_env_var && secure_getenv(DEBUG_ENV_VAR))
> +		openlog_options |= LOG_PERROR;
> +
> +	openlog(ident, openlog_options, LOG_ERR);
> +	va_start(args, fmt);
> +	vsyslog(LOG_ERR, fmt, args);
> +	va_end(args);
> +	closelog();
> +}
> +
> +void print_debug(const char *fmt, ...)
> +{
> +	va_list args;
> +
> +	if (!secure_getenv(DEBUG_ENV_VAR))
> +		return;
> +
> +	va_start(args, fmt);
> +	vfprintf(stderr, fmt, args);
> +	va_end(args);
> +}
> +
>  int _aa_is_blacklisted(const char *name, const char *path)
>  {
>  	int name_len;
> diff --git a/libraries/libapparmor/src/private.h b/libraries/libapparmor/src/private.h
> new file mode 100644
> index 0000000..a3c582d
> --- /dev/null
> +++ b/libraries/libapparmor/src/private.h
> @@ -0,0 +1,37 @@
> +/*
> + * Copyright 2014 Canonical Ltd.
> + *
> + * The libapparmor library is licensed under the terms of the GNU
> + * Lesser General Public License, version 2.1. Please see the file
> + * COPYING.LGPL.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + * GNU Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public License
> + * along with this program.  If not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#ifndef _AA_PRIVATE_H
> +#define _AA_PRIVATE_H 1
> +
> +#include <stdbool.h>
> +
> +#if ENABLE_DEBUG_OUTPUT
> +
> +#define PERROR(fmt, args...)	print_error(true, "libapparmor", fmt, ## args)
> +#define PDEBUG(fmt, args...)	print_debug("libapparmor: " fmt, ## args)
> +
> +#else /* ENABLE_DEBUG_OUTPUT */
> +
> +#define PERROR(fmt, args...)	print_error(false, "libapparmor", fmt, ## args)
> +#define PDEBUG(fmt, args...)	/* do nothing */
> +
> +#endif /* ENABLE_DEBUG_OUTPUT */
> +
> +void print_error(bool honor_env_var, const char *ident, const char *fmt, ...);
> +void print_debug(const char *fmt, ...);
> +
> +#endif /* _AA_PRIVATE_H */
>

More information about the AppArmor mailing list