On Mon, Jan 20, 2014 at 04:16:37PM -0800, Steve Beattie wrote: > Subject: mod_apparmor: fix logging > > The apache2 mod_apparmor module was failing to log debugging messages > when the apache loglevel was set to debug or lower (i.e. traceN). This > patch fixes it by using ap_log_rerror() (for request specific messages, > with the request passed for context) and ap_log_perror() (more general > messages, with an apache pool for context). > > Also, the APLOG_USE_MODULE macro is called, to mark the log messages as > belonging to the apparmor module, so that the apache 2.4 feature of > enabling debug logging for just the apparmor module will work, with an > apache configuration entry like: > > LogLevel apparmor:debug > > See > > > http://ci.apache.org/projects/httpd/trunk/doxygen/group__APACHE__CORE__LOG.html > > for specific about the ap_log_*error() and APLOG_USE_MODULE functions > and macros, and > > http://httpd.apache.org/docs/2.4/mod/core.html.en#loglevel > > for the bits about module specific logging. > > Signed-off-by: Steve Beattie <st...@nxnw.org>
Acked-by: Seth Arnold <seth.arn...@canonical.com>
Thanks
> ---
> changehat/mod_apparmor/mod_apparmor.c | 33
> +++++++++++++++++----------------
> 1 file changed, 17 insertions(+), 16 deletions(-)
>
> Index: b/changehat/mod_apparmor/mod_apparmor.c
> ===================================================================
> --- a/changehat/mod_apparmor/mod_apparmor.c
> +++ b/changehat/mod_apparmor/mod_apparmor.c
> @@ -35,6 +35,7 @@
> #define DEFAULT_HAT "HANDLING_UNTRUSTED_INPUT"
> #define DEFAULT_URI_HAT "DEFAULT_URI"
>
> +APLOG_USE_MODULE(apparmor);
> module AP_MODULE_DECLARE_DATA apparmor_module;
>
> static unsigned int magic_token = 0;
> @@ -68,9 +69,9 @@ immunix_init (apr_pool_t *p, apr_pool_t
> apr_file_read (file, (void *) &magic_token, &size);
> apr_file_close (file);
> } else {
> - ap_log_error (APLOG_MARK, APLOG_ERR, 0, NULL, "Failed to open
> /dev/urandom");
> + ap_log_perror(APLOG_MARK, APLOG_ERR, 0, p, "Failed to open
> /dev/urandom");
> }
> - ap_log_error (APLOG_MARK, APLOG_DEBUG, 0, NULL, "Opened /dev/urandom
> successfully");
> + ap_log_perror(APLOG_MARK, APLOG_DEBUG, 0, p, "Opened /dev/urandom
> successfully");
>
> return OK;
> }
> @@ -83,11 +84,11 @@ immunix_child_init (apr_pool_t *p, serve
> {
> int ret;
>
> - ap_log_error (APLOG_MARK, APLOG_DEBUG, 0, NULL, "init: calling
> change_hat");
> + ap_log_perror(APLOG_MARK, APLOG_DEBUG, 0, p, "init: calling change_hat");
> ret = change_hat (DEFAULT_HAT, magic_token);
> if (ret < 0) {
> change_hat (NULL, magic_token);
> - ap_log_error (APLOG_MARK, APLOG_ERR, 0, NULL, "Failed to change_hat
> to '%s'",
> + ap_log_perror(APLOG_MARK, APLOG_ERR, 0, p, "Failed to change_hat to
> '%s'",
> DEFAULT_HAT);
> } else {
> inside_default_hat = 1;
> @@ -130,7 +131,7 @@ immunix_enter_hat (request_rec *r)
> ap_get_module_config (r->server->module_config,
> &apparmor_module);
>
> debug_dump_uri (&r->parsed_uri);
> - ap_log_error (APLOG_MARK, APLOG_DEBUG, 0, NULL, "in immunix_enter_hat
> (%s) n:0x%lx p:0x%lx main:0x%lx",
> + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "in immunix_enter_hat (%s)
> n:0x%lx p:0x%lx main:0x%lx",
> dcfg->path, (unsigned long) r->next, (unsigned long) r->prev,
> (unsigned long) r->main);
>
> @@ -144,7 +145,7 @@ immunix_enter_hat (request_rec *r)
> }
>
> if (dcfg != NULL && dcfg->hat_name != NULL) {
> - ap_log_error (APLOG_MARK, APLOG_DEBUG, 0, NULL, "calling change_hat
> [dcfg] %s", dcfg->hat_name);
> + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "calling change_hat
> [dcfg] %s", dcfg->hat_name);
> sd_ret = change_hat (dcfg->hat_name, magic_token);
> if (sd_ret < 0) {
> change_hat (NULL, magic_token);
> @@ -153,7 +154,7 @@ immunix_enter_hat (request_rec *r)
> }
> }
>
> - ap_log_error (APLOG_MARK, APLOG_DEBUG, 0, NULL, "calling change_hat
> [uri] %s", r->uri);
> + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "calling change_hat [uri]
> %s", r->uri);
> sd_ret = change_hat (r->uri, magic_token);
> if (sd_ret < 0) {
> change_hat (NULL, magic_token);
> @@ -162,7 +163,7 @@ immunix_enter_hat (request_rec *r)
> }
>
> if (scfg != NULL && scfg->hat_name != NULL) {
> - ap_log_error (APLOG_MARK, APLOG_DEBUG, 0, NULL, "calling change_hat
> [scfg] %s", scfg->hat_name);
> + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "calling change_hat
> [scfg] %s", scfg->hat_name);
> sd_ret = change_hat (scfg->hat_name, magic_token);
> if (sd_ret < 0) {
> change_hat (NULL, magic_token);
> @@ -171,7 +172,7 @@ immunix_enter_hat (request_rec *r)
> }
> }
>
> - ap_log_error (APLOG_MARK, APLOG_DEBUG, 0, NULL, "calling change_hat
> DEFAULT_URI");
> + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "calling change_hat
> DEFAULT_URI");
> sd_ret = change_hat (DEFAULT_URI_HAT, magic_token);
> if (sd_ret < 0) change_hat (NULL, magic_token);
>
> @@ -186,13 +187,13 @@ immunix_exit_hat (request_rec *r)
> ap_get_module_config (r->per_dir_config, &apparmor_module);
> /* immunix_srv_cfg * scfg = (immunix_srv_cfg *)
> ap_get_module_config (r->server->module_config,
> &apparmor_module); */
> - ap_log_error (APLOG_MARK, APLOG_DEBUG, 0, NULL, "exiting change_hat -
> dir hat %s path %s", dcfg->hat_name, dcfg->path);
> + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "exiting change_hat - dir
> hat %s path %s", dcfg->hat_name, dcfg->path);
> change_hat (NULL, magic_token);
>
> sd_ret = change_hat (DEFAULT_HAT, magic_token);
> if (sd_ret < 0) {
> change_hat (NULL, magic_token);
> - ap_log_error (APLOG_MARK, APLOG_ERR, 0, NULL, "Failed to change_hat
> to '%s'",
> + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Failed to change_hat to
> '%s'",
> DEFAULT_HAT);
> } else {
> inside_default_hat = 1;
> @@ -260,9 +261,9 @@ immunix_create_dir_config (apr_pool_t *
> {
> immunix_dir_cfg * newcfg = (immunix_dir_cfg *) apr_pcalloc(p, sizeof(*
> newcfg));
>
> - ap_log_error (APLOG_MARK, APLOG_DEBUG, 0, NULL, "in immunix_create_dir
> (%s)", path ? path : ":no path:");
> + ap_log_perror(APLOG_MARK, APLOG_DEBUG, 0, p, "in immunix_create_dir
> (%s)", path ? path : ":no path:");
> if (newcfg == NULL) {
> - ap_log_error (APLOG_MARK, APLOG_ERR, 0, NULL, "immunix_create_dir:
> couldn't alloc dir config");
> + ap_log_perror(APLOG_MARK, APLOG_ERR, 0, p, "immunix_create_dir:
> couldn't alloc dir config");
> return NULL;
> }
> newcfg->path = apr_pstrdup (p, path ? path : ":no path:");
> @@ -277,7 +278,7 @@ immunix_merge_dir_config (apr_pool_t * p
> {
> immunix_dir_cfg * newcfg = (immunix_dir_cfg *) apr_pcalloc(p, sizeof(*
> newcfg));
>
> - ap_log_error (APLOG_MARK, APLOG_DEBUG, 0, NULL, "in immunix_merge_dir
> ()");
> + ap_log_perror(APLOG_MARK, APLOG_DEBUG, 0, p, "in immunix_merge_dir ()");
> if (newcfg == NULL)
> return NULL;
>
> @@ -290,9 +291,9 @@ immunix_create_srv_config (apr_pool_t *
> {
> immunix_srv_cfg * newcfg = (immunix_srv_cfg *) apr_pcalloc(p, sizeof(*
> newcfg));
>
> - ap_log_error (APLOG_MARK, APLOG_DEBUG, 0, NULL, "in immunix_create_srv");
> + ap_log_perror(APLOG_MARK, APLOG_DEBUG, 0, p, "in immunix_create_srv");
> if (newcfg == NULL) {
> - ap_log_error (APLOG_MARK, APLOG_ERR, 0, NULL, "immunix_create_srv:
> couldn't alloc srv config");
> + ap_log_perror(APLOG_MARK, APLOG_ERR, 0, p, "immunix_create_srv:
> couldn't alloc srv config");
> return NULL;
> }
>
>
> --
> Steve Beattie
> <sbeat...@ubuntu.com>
> http://NxNW.org/~steve/
> --
> AppArmor mailing list
> AppArmor@lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/apparmor
signature.asc
Description: Digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
