Sandbox2: Improve logging of syscall information.

- If --sandbox2_danger_danger_permit_all_and_log is set, we write to a logfile (passed via the flag).

- If --sandbox2_danger_danger_permit_all is set, we do not write any log information.

This change introduces a means to also see the syscall information on stderr by passing --v=1 and --alsologtostderr.

PiperOrigin-RevId: 542232271
Change-Id: Ie4d30f0d8e25bb1de7c60bb37736b27b89406336
This commit is contained in:
Oliver Kunz 2023-06-21 06:11:17 -07:00 committed by Copybara-Service
parent cf43c0f02c
commit 0463298780

View File

@ -643,18 +643,13 @@ void PtraceMonitor::ActionProcessSyscall(Regs* regs, const Syscall& syscall) {
return;
}
// TODO(wiktorg): Further clean that up, probably while doing monitor cleanup
// log_file_ not null iff FLAGS_sandbox2_danger_danger_permit_all_and_log is
// set.
if (log_file_) {
if (absl::GetFlag(FLAGS_sandbox2_danger_danger_permit_all) || log_file_) {
std::string syscall_description = syscall.GetDescription();
PCHECK(absl::FPrintF(log_file_, "PID: %d %s\n", regs->pid(),
syscall_description) >= 0);
ContinueProcess(regs->pid(), 0);
return;
}
if (absl::GetFlag(FLAGS_sandbox2_danger_danger_permit_all)) {
if (log_file_) {
PCHECK(absl::FPrintF(log_file_, "PID: %d %s\n", regs->pid(),
syscall_description) >= 0);
}
VLOG(1) << "PID: " << regs->pid() << " " << syscall_description;
ContinueProcess(regs->pid(), 0);
return;
}