Skip to content
This repository has been archived by the owner on Jul 4, 2023. It is now read-only.

sandbox: better log output #43325

Closed
wants to merge 1 commit into from
Closed

sandbox: better log output #43325

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
42 changes: 26 additions & 16 deletions Library/Homebrew/sandbox.rb
View file
Open in desktop
Expand Up @@ -32,7 +32,7 @@ def initialize
end

def record_log(file)
@log = file
@logfile = file
end

def add_rule(rule)
Expand Down Expand Up @@ -91,24 +91,34 @@ def exec(*args)
@start = Time.now
safe_system SANDBOX_EXEC, "-f", seatbelt.path, *args
rescue
if ARGV.verbose?
ohai "Sandbox profile:"
puts @profile.dump
end
@failed = true
raise
ensure
seatbelt.unlink
unless @log.nil?
sleep 0.1 # wait for a bit to let syslog catch up the latest events.
syslog_args = %W[
-F '$((Time)(local))\ $(Sender)[$(PID)]:\ $Message'
-k Time ge #{@start.to_i}
-k Sender kernel
-o
-k Time ge #{@start.to_i}
-k Sender sandboxd
]
quiet_system "syslog #{syslog_args * " "} | grep deny > #{@log}"
sleep 0.1 # wait for a bit to let syslog catch up the latest events.
syslog_args = %W[
-F $((Time)(local))\ $(Sender)[$(PID)]:\ $(Message)
-k Time ge #{@start.to_i}
-k Message S deny
-k Sender kernel
-o
-k Time ge #{@start.to_i}
-k Message S deny
-k Sender sandboxd
]
logs = Utils.popen_read("syslog", *syslog_args)
unless logs.empty?
if @logfile
log = open(@logfile, "w")
log.write logs
log.write "\nWe use time to filter sandbox log. Therefore, unrelated logs may be recorded.\n"
log.close
end

if @failed && ARGV.verbose?
ohai "Sandbox log"
puts logs
end
end
end

Expand Down