diff --git a/libraries/libapparmor/configure.ac b/libraries/libapparmor/configure.ac
index 4da65c120..fe6971cc1 100644
--- a/libraries/libapparmor/configure.ac
+++ b/libraries/libapparmor/configure.ac
@@ -14,6 +14,14 @@ PKG_PROG_PKG_CONFIG
AC_PATH_PROG([SWIG], [swig])
+AC_MSG_CHECKING([whether the libapparmor debug output should be enabled])
+AC_ARG_ENABLE([debug_output],
+[AS_HELP_STRING([--enable-debug-output], [generate the libapparmor debug output [[default=no]]])],
+[AC_MSG_RESULT([$enableval])],
+[enable_debug_output=no]
+[AC_MSG_RESULT([$enable_debug_output])])
+AS_IF([test "$enable_debug_output" = "yes"], [AC_DEFINE([ENABLE_DEBUG_OUTPUT], [1], [debug output])])
+
AC_MSG_CHECKING([whether the libapparmor man pages should be generated])
AC_ARG_ENABLE(man_pages,
[AS_HELP_STRING([--enable-man-pages], [generate the libapparmor man pages [[default=yes]]])],
@@ -71,7 +79,7 @@ AM_CONDITIONAL(HAVE_PERL, test x$with_perl = xyes)
AM_CONDITIONAL(HAVE_RUBY, test x$with_ruby = xyes)
AC_HEADER_STDC
-AC_CHECK_HEADERS(unistd.h stdint.h)
+AC_CHECK_HEADERS(unistd.h stdint.h syslog.h)
AC_CHECK_FUNCS(asprintf)
diff --git a/libraries/libapparmor/src/private.c b/libraries/libapparmor/src/private.c
index f6f40b52e..eb3c0f8f0 100644
--- a/libraries/libapparmor/src/private.c
+++ b/libraries/libapparmor/src/private.c
@@ -14,7 +14,12 @@
* along with this program. If not, see .
*/
+#include
+#include
+#include
+#include
#include
+#include
struct ignored_suffix_t {
const char * text;
@@ -41,6 +46,35 @@ static struct ignored_suffix_t ignored_suffixes[] = {
{ NULL, 0, 0 }
};
+#define DEBUG_ENV_VAR "LIBAPPARMOR_DEBUG"
+
+void print_error(bool honor_env_var, const char *ident, const char *fmt, ...)
+{
+ va_list args;
+ int openlog_options = 0;
+
+ if (honor_env_var && secure_getenv(DEBUG_ENV_VAR))
+ openlog_options |= LOG_PERROR;
+
+ openlog(ident, openlog_options, LOG_ERR);
+ va_start(args, fmt);
+ vsyslog(LOG_ERR, fmt, args);
+ va_end(args);
+ closelog();
+}
+
+void print_debug(const char *fmt, ...)
+{
+ va_list args;
+
+ if (!secure_getenv(DEBUG_ENV_VAR))
+ return;
+
+ va_start(args, fmt);
+ vfprintf(stderr, fmt, args);
+ va_end(args);
+}
+
int _aa_is_blacklisted(const char *name, const char *path)
{
int name_len;
diff --git a/libraries/libapparmor/src/private.h b/libraries/libapparmor/src/private.h
new file mode 100644
index 000000000..a3c582df6
--- /dev/null
+++ b/libraries/libapparmor/src/private.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2014 Canonical Ltd.
+ *
+ * The libapparmor library is licensed under the terms of the GNU
+ * Lesser General Public License, version 2.1. Please see the file
+ * COPYING.LGPL.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see .
+ */
+
+#ifndef _AA_PRIVATE_H
+#define _AA_PRIVATE_H 1
+
+#include
+
+#if ENABLE_DEBUG_OUTPUT
+
+#define PERROR(fmt, args...) print_error(true, "libapparmor", fmt, ## args)
+#define PDEBUG(fmt, args...) print_debug("libapparmor: " fmt, ## args)
+
+#else /* ENABLE_DEBUG_OUTPUT */
+
+#define PERROR(fmt, args...) print_error(false, "libapparmor", fmt, ## args)
+#define PDEBUG(fmt, args...) /* do nothing */
+
+#endif /* ENABLE_DEBUG_OUTPUT */
+
+void print_error(bool honor_env_var, const char *ident, const char *fmt, ...);
+void print_debug(const char *fmt, ...);
+
+#endif /* _AA_PRIVATE_H */