[apparmor] [PATCH v2 32/42] libapparmor: Add basic logging functionality
Steve Beattie
steve at nxnw.org
Thu Mar 26 08:13:04 UTC 2015
On Fri, Mar 06, 2015 at 03:48:48PM -0600, Tyler Hicks wrote:
> This patch adds equivalents of the parser's PDEBUG() and PERROR()
> functions to libapparmor.
>
> It does not add gettext(3) support to libapparmor since these are
> messages that only developers will see (debug builds with
> LIBAPPARMOR_DEBUG=1) or messages that go to the syslog.
>
> PDEBUG() does nothing unless libapparmor is built with --enable-debug.
> It prints to stderr if libapparmor is built with --enable-debug and the
> LIBAPPARMOR_DEBUG environment variable is set.
>
> PERROR() uses syslog(LOG_ERR, ...) by default. The message is sent to
> the syslog and to stderr if libapparmor is built with --enable-debug and
> the LIBAPPARMOR_DEBUG environment variable is set.
>
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
FYI, ubuntu 12.04 LTS (precise) builds are failing because the glibc
version does not support secure_getenv(3).
> diff --git a/libraries/libapparmor/configure.ac b/libraries/libapparmor/configure.ac
> index 4da65c1..fe6971c 100644
> --- a/libraries/libapparmor/configure.ac
> +++ b/libraries/libapparmor/configure.ac
> @@ -14,6 +14,14 @@ PKG_PROG_PKG_CONFIG
>
> AC_PATH_PROG([SWIG], [swig])
>
> +AC_MSG_CHECKING([whether the libapparmor debug output should be enabled])
> +AC_ARG_ENABLE([debug_output],
> +[AS_HELP_STRING([--enable-debug-output], [generate the libapparmor debug output [[default=no]]])],
> +[AC_MSG_RESULT([$enableval])],
> +[enable_debug_output=no]
> +[AC_MSG_RESULT([$enable_debug_output])])
> +AS_IF([test "$enable_debug_output" = "yes"], [AC_DEFINE([ENABLE_DEBUG_OUTPUT], [1], [debug output])])
> +
> AC_MSG_CHECKING([whether the libapparmor man pages should be generated])
> AC_ARG_ENABLE(man_pages,
> [AS_HELP_STRING([--enable-man-pages], [generate the libapparmor man pages [[default=yes]]])],
> @@ -71,7 +79,7 @@ AM_CONDITIONAL(HAVE_PERL, test x$with_perl = xyes)
> AM_CONDITIONAL(HAVE_RUBY, test x$with_ruby = xyes)
>
> AC_HEADER_STDC
> -AC_CHECK_HEADERS(unistd.h stdint.h)
> +AC_CHECK_HEADERS(unistd.h stdint.h syslog.h)
>
> AC_CHECK_FUNCS(asprintf)
>
> diff --git a/libraries/libapparmor/src/private.c b/libraries/libapparmor/src/private.c
> index f6f40b5..eb3c0f8 100644
> --- a/libraries/libapparmor/src/private.c
> +++ b/libraries/libapparmor/src/private.c
> @@ -14,7 +14,12 @@
> * along with this program. If not, see <http://www.gnu.org/licenses/>.
> */
>
> +#include <stdarg.h>
> +#include <stdbool.h>
> +#include <stdio.h>
> +#include <stdlib.h>
> #include <string.h>
> +#include <syslog.h>
>
> struct ignored_suffix_t {
> const char * text;
> @@ -41,6 +46,35 @@ static struct ignored_suffix_t ignored_suffixes[] = {
> { NULL, 0, 0 }
> };
>
> +#define DEBUG_ENV_VAR "LIBAPPARMOR_DEBUG"
> +
> +void print_error(bool honor_env_var, const char *ident, const char *fmt, ...)
> +{
> + va_list args;
> + int openlog_options = 0;
> +
> + if (honor_env_var && secure_getenv(DEBUG_ENV_VAR))
> + openlog_options |= LOG_PERROR;
> +
> + openlog(ident, openlog_options, LOG_ERR);
> + va_start(args, fmt);
> + vsyslog(LOG_ERR, fmt, args);
> + va_end(args);
> + closelog();
> +}
> +
> +void print_debug(const char *fmt, ...)
> +{
> + va_list args;
> +
> + if (!secure_getenv(DEBUG_ENV_VAR))
> + return;
> +
> + va_start(args, fmt);
> + vfprintf(stderr, fmt, args);
> + va_end(args);
> +}
> +
> int _aa_is_blacklisted(const char *name, const char *path)
> {
> int name_len;
> diff --git a/libraries/libapparmor/src/private.h b/libraries/libapparmor/src/private.h
> new file mode 100644
> index 0000000..a3c582d
> --- /dev/null
> +++ b/libraries/libapparmor/src/private.h
> @@ -0,0 +1,37 @@
> +/*
> + * Copyright 2014 Canonical Ltd.
> + *
> + * The libapparmor library is licensed under the terms of the GNU
> + * Lesser General Public License, version 2.1. Please see the file
> + * COPYING.LGPL.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public License
> + * along with this program. If not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#ifndef _AA_PRIVATE_H
> +#define _AA_PRIVATE_H 1
> +
> +#include <stdbool.h>
> +
> +#if ENABLE_DEBUG_OUTPUT
> +
> +#define PERROR(fmt, args...) print_error(true, "libapparmor", fmt, ## args)
> +#define PDEBUG(fmt, args...) print_debug("libapparmor: " fmt, ## args)
> +
> +#else /* ENABLE_DEBUG_OUTPUT */
> +
> +#define PERROR(fmt, args...) print_error(false, "libapparmor", fmt, ## args)
> +#define PDEBUG(fmt, args...) /* do nothing */
> +
> +#endif /* ENABLE_DEBUG_OUTPUT */
> +
> +void print_error(bool honor_env_var, const char *ident, const char *fmt, ...);
> +void print_debug(const char *fmt, ...);
> +
> +#endif /* _AA_PRIVATE_H */
> --
> 2.1.4
>
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150326/01bfd67b/attachment.pgp>
More information about the AppArmor
mailing list