libapparmor: Add basic logging functionality

This patch adds equivalents of the parser's PDEBUG() and PERROR() functions to libapparmor. It does not add gettext(3) support to libapparmor since these are messages that only developers will see (debug builds with LIBAPPARMOR_DEBUG=1) or messages that go to the syslog. PDEBUG() does nothing unless libapparmor is built with --enable-debug. It prints to stderr if libapparmor is built with --enable-debug and the LIBAPPARMOR_DEBUG environment variable is set. PERROR() uses syslog(LOG_ERR, ...) by default. The message is sent to the syslog and to stderr if libapparmor is built with --enable-debug and the LIBAPPARMOR_DEBUG environment variable is set. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: John Johansen <john.johansen@canonical.com>
2025-08-22 18:17:09 +00:00 · 2015-03-25 17:09:27 -05:00 · 2015-03-25 17:09:27 -05:00 · 6b200b6f08
commit 6b200b6f08
parent 27ac220535
3 changed files with 80 additions and 1 deletions
--- a/libraries/libapparmor/configure.ac
+++ b/libraries/libapparmor/configure.ac
@ -14,6 +14,14 @@ PKG_PROG_PKG_CONFIG

 AC_PATH_PROG([SWIG], [swig])

+AC_MSG_CHECKING([whether the libapparmor debug output should be enabled])
+AC_ARG_ENABLE([debug_output],
+[AS_HELP_STRING([--enable-debug-output], [generate the libapparmor debug output [[default=no]]])],
+[AC_MSG_RESULT([$enableval])],
+[enable_debug_output=no]
+[AC_MSG_RESULT([$enable_debug_output])])
+AS_IF([test "$enable_debug_output" = "yes"], [AC_DEFINE([ENABLE_DEBUG_OUTPUT], [1], [debug output])])
+
 AC_MSG_CHECKING([whether the libapparmor man pages should be generated])
 AC_ARG_ENABLE(man_pages,
 [AS_HELP_STRING([--enable-man-pages], [generate the libapparmor man pages [[default=yes]]])],
@ -71,7 +79,7 @@ AM_CONDITIONAL(HAVE_PERL, test x$with_perl = xyes)
 AM_CONDITIONAL(HAVE_RUBY, test x$with_ruby = xyes)

 AC_HEADER_STDC
-AC_CHECK_HEADERS(unistd.h stdint.h)
+AC_CHECK_HEADERS(unistd.h stdint.h syslog.h)

 AC_CHECK_FUNCS(asprintf)

--- a/libraries/libapparmor/src/private.c
+++ b/libraries/libapparmor/src/private.c
@ -14,7 +14,12 @@
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

+#include <stdarg.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
+#include <syslog.h>

 struct ignored_suffix_t {
 	const char * text;
@ -41,6 +46,35 @@ static struct ignored_suffix_t ignored_suffixes[] = {
 	{ NULL, 0, 0 }
 };

+#define DEBUG_ENV_VAR	"LIBAPPARMOR_DEBUG"
+
+void print_error(bool honor_env_var, const char *ident, const char *fmt, ...)
+{
+	va_list args;
+	int openlog_options = 0;
+
+	if (honor_env_var && secure_getenv(DEBUG_ENV_VAR))
+		openlog_options |= LOG_PERROR;
+
+	openlog(ident, openlog_options, LOG_ERR);
+	va_start(args, fmt);
+	vsyslog(LOG_ERR, fmt, args);
+	va_end(args);
+	closelog();
+}
+
+void print_debug(const char *fmt, ...)
+{
+	va_list args;
+
+	if (!secure_getenv(DEBUG_ENV_VAR))
+		return;
+
+	va_start(args, fmt);
+	vfprintf(stderr, fmt, args);
+	va_end(args);
+}
+
 int _aa_is_blacklisted(const char *name, const char *path)
 {
 	int name_len;
--- a/libraries/libapparmor/src/private.h
+++ b/libraries/libapparmor/src/private.h
@ -0,0 +1,37 @@
+/*
+ * Copyright 2014 Canonical Ltd.
+ *
+ * The libapparmor library is licensed under the terms of the GNU
+ * Lesser General Public License, version 2.1. Please see the file
+ * COPYING.LGPL.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _AA_PRIVATE_H
+#define _AA_PRIVATE_H 1
+
+#include <stdbool.h>
+
+#if ENABLE_DEBUG_OUTPUT
+
+#define PERROR(fmt, args...)	print_error(true, "libapparmor", fmt, ## args)
+#define PDEBUG(fmt, args...)	print_debug("libapparmor: " fmt, ## args)
+
+#else /* ENABLE_DEBUG_OUTPUT */
+
+#define PERROR(fmt, args...)	print_error(false, "libapparmor", fmt, ## args)
+#define PDEBUG(fmt, args...)	/* do nothing */
+
+#endif /* ENABLE_DEBUG_OUTPUT */
+
+void print_error(bool honor_env_var, const char *ident, const char *fmt, ...);
+void print_debug(const char *fmt, ...);
+
+#endif /* _AA_PRIVATE_H */