sandbox: record log

Closes Homebrew/homebrew#38711. Signed-off-by: Xu Cheng <xucheng@me.com>
2015-04-16 21:41:59 +08:00 · 2015-04-16 21:41:59 +08:00 · adedbb86f1
commit adedbb86f1
parent c2dcd91bd1
4 changed files with 26 additions and 0 deletions
--- a/Library/Homebrew/cmd/postinstall.rb
+++ b/Library/Homebrew/cmd/postinstall.rb
@ -18,6 +18,9 @@ module Homebrew
    Utils.safe_fork do
      if Sandbox.available? && ARGV.sandbox?
        sandbox = Sandbox.new
+        logd = HOMEBREW_LOGS/formula.name
+        logd.mkpath
+        sandbox.record_log(logd/"sandbox.postinstall.log")
        sandbox.allow_write_temp_and_cache
        sandbox.allow_write_log(formula)
        sandbox.allow_write_cellar(formula)
--- a/Library/Homebrew/cmd/test.rb
+++ b/Library/Homebrew/cmd/test.rb
@ -37,6 +37,9 @@ module Homebrew
        Utils.safe_fork do
          if Sandbox.available? && ARGV.sandbox?
            sandbox = Sandbox.new
+            logd = HOMEBREW_LOGS/f.name
+            logd.mkpath
+            sandbox.record_log(logd/"sandbox.test.log")
            sandbox.allow_write_temp_and_cache
            sandbox.allow_write_log(f)
            sandbox.exec(*args)
--- a/Library/Homebrew/formula_installer.rb
+++ b/Library/Homebrew/formula_installer.rb
@ -481,6 +481,9 @@ class FormulaInstaller
    Utils.safe_fork do
      if Sandbox.available? && ARGV.sandbox?
        sandbox = Sandbox.new
+        logd = HOMEBREW_LOGS/formula.name
+        logd.mkpath
+        sandbox.record_log(logd/"sandbox.build.log")
        sandbox.allow_write_temp_and_cache
        sandbox.allow_write_log(formula)
        sandbox.allow_write_cellar(formula)
--- a/Library/Homebrew/sandbox.rb
+++ b/Library/Homebrew/sandbox.rb
@ -12,6 +12,10 @@ class Sandbox
    @profile = SandboxProfile.new
  end

+  def record_log(file)
+    @log = file
+  end
+
  def add_rule(rule)
    @profile.add_rule(rule)
  end
@ -54,6 +58,7 @@ class Sandbox
      seatbelt = Tempfile.new(["homebrew", ".sb"], HOMEBREW_TEMP)
      seatbelt.write(@profile.dump)
      seatbelt.close
+      @start = Time.now
      safe_system SANDBOX_EXEC, "-f", seatbelt.path, *args
    rescue
      if ARGV.verbose?
@ -63,6 +68,18 @@ class Sandbox
      raise
    ensure
      seatbelt.unlink
+      unless @log.nil?
+        sleep 0.1 # wait for a bit to let syslog catch up the latest events.
+        syslog_args = %W[
+          -F '$((Time)(local))\ $(Sender)[$(PID)]:\ $Message'
+          -k Time ge #{@start.to_i.to_s}
+          -k Sender kernel
+          -o
+          -k Time ge #{@start.to_i.to_s}
+          -k Sender sandboxd
+        ]
+        quiet_system "syslog #{syslog_args * " "} | grep deny > #{@log}"
+      end
    end
  end