Refactor logging in Minijail.
That way, the syscall filtering module can log to syslog without
duplicating code. While I'm at it, make naming more consistent.
BUG=None
TEST=unit
TEST=security_Minijail0, security_Minijail_seccomp, platform_CrosDisksArchive
Change-Id: I7102ca22f49dd7e5bb56bf2997d0d83cb0507e83
Reviewed-on: https://gerrit.chromium.org/gerrit/29080
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
diff --git a/bpf.h b/bpf.h
index cff5b1a..04ece14 100644
--- a/bpf.h
+++ b/bpf.h
@@ -183,4 +183,4 @@
void dump_bpf_prog(struct sock_fprog *fprog);
void dump_bpf_filter(struct sock_filter *filter, unsigned short len);
-#endif /* _MINIJAIL_BPF_H_ */
+#endif /* BPF_H */
diff --git a/libminijail.c b/libminijail.c
index cbd31f2..13434f6 100644
--- a/libminijail.c
+++ b/libminijail.c
@@ -30,12 +30,12 @@
#include <sys/prctl.h>
#include <sys/user.h>
#include <sys/wait.h>
-#include <syslog.h>
#include <unistd.h>
#include "libminijail.h"
#include "libsyscalls.h"
#include "libminijail-private.h"
+#include "logging.h"
#include "syscall_filter.h"
@@ -52,17 +52,6 @@
# define SECCOMP_MODE_FILTER 2 /* uses user-supplied filter. */
#endif
-#define die(_msg, ...) do { \
- syslog(LOG_ERR, "libminijail: " _msg, ## __VA_ARGS__); \
- abort(); \
-} while (0)
-
-#define pdie(_msg, ...) \
- die(_msg ": %s", ## __VA_ARGS__, strerror(errno))
-
-#define warn(_msg, ...) \
- syslog(LOG_WARNING, "libminijail: " _msg, ## __VA_ARGS__)
-
struct binding {
char *src;
char *dest;
@@ -258,7 +247,7 @@
goto error;
b->writeable = writeable;
- syslog(LOG_INFO, "libminijail: bind %s -> %s", src, dest);
+ info("bind %s -> %s", src, dest);
/*
* Force vfs namespacing so the bind mounts don't leak out into the
@@ -286,12 +275,12 @@
{
FILE *file = fopen(path, "r");
if (!file) {
- pdie("failed to open seccomp filters file '%s'", path);
+ pdie("failed to open seccomp filter file '%s'", path);
}
struct sock_fprog *fprog = malloc(sizeof(struct sock_fprog));
if (compile_filter(file, fprog)) {
- die("failed to compile seccomp filters BPF program in '%s'", path);
+ die("failed to compile seccomp filter BPF program in '%s'", path);
}
j->filter_len = fprog->len;
diff --git a/logging.h b/logging.h
new file mode 100644
index 0000000..a8aa284
--- /dev/null
+++ b/logging.h
@@ -0,0 +1,26 @@
+/* Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+#ifndef _LOGGING_H_
+#define _LOGGING_H_
+
+#include <stdlib.h>
+#include <syslog.h>
+
+#define die(_msg, ...) do { \
+ syslog(LOG_ERR, "libminijail: " _msg, ## __VA_ARGS__); \
+ abort(); \
+} while (0)
+
+#define pdie(_msg, ...) \
+ die(_msg ": %s", ## __VA_ARGS__, strerror(errno))
+
+#define warn(_msg, ...) \
+ syslog(LOG_WARNING, "libminijail: " _msg, ## __VA_ARGS__)
+
+#define info(_msg, ...) \
+ syslog(LOG_INFO, "libminijail: " _msg, ## __VA_ARGS__)
+
+#endif /* _LOGGING_H_ */
diff --git a/syscall_filter.c b/syscall_filter.c
index 0908ad8..c075d66 100644
--- a/syscall_filter.c
+++ b/syscall_filter.c
@@ -10,19 +10,14 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <syslog.h>
#include "syscall_filter.h"
#include "libsyscalls.h"
+#include "logging.h"
#define MAX_LINE_LENGTH 1024
-#define error(_msg, ...) do { \
- fprintf(stderr, "minijail: error: " _msg, ## __VA_ARGS__); \
- abort(); \
-} while (0)
-
int str_to_op(const char *op_str)
{
if (!strcmp(op_str, "==")) {
@@ -41,7 +36,7 @@
{
struct sock_filter *buf = calloc(count, sizeof(struct sock_filter));
if (!buf)
- error("could not allocate BPF instruction buffer");
+ die("could not allocate BPF instruction buffer");
return buf;
}
@@ -60,7 +55,7 @@
} else {
new_last = calloc(1, sizeof(struct filter_block));
if (!new_last)
- error("could not allocate BPF filter block");
+ die("could not allocate BPF filter block");
if (head->next != NULL) {
head->last->next = new_last;
@@ -107,7 +102,7 @@
{
int label_id = bpf_label_id(labels, label_str);
if (label_id < 0)
- error("could not allocate BPF label string");
+ die("could not allocate BPF label string");
return label_id;
}