From 91111be58cc110b1b75e23399d9275e0bb0bfca4 Mon Sep 17 00:00:00 2001
From: Xu Cheng
Date: Thu, 16 Apr 2015 21:41:59 +0800
Subject: sandbox: record log

Closes #38711.

Signed-off-by: Xu Cheng <xucheng@me.com>
---
 Library/Homebrew/cmd/postinstall.rb   |  3 +++
 Library/Homebrew/cmd/test.rb          |  3 +++
 Library/Homebrew/formula_installer.rb |  3 +++
 Library/Homebrew/sandbox.rb           | 17 +++++++++++++++++
 4 files changed, 26 insertions(+)

diff --git a/Library/Homebrew/cmd/postinstall.rb b/Library/Homebrew/cmd/postinstall.rb
index d677ecc1e..16608e773 100644
--- a/Library/Homebrew/cmd/postinstall.rb
+++ b/Library/Homebrew/cmd/postinstall.rb
@@ -18,6 +18,9 @@ module Homebrew
     Utils.safe_fork do
       if Sandbox.available? && ARGV.sandbox?
         sandbox = Sandbox.new
+        logd = HOMEBREW_LOGS/formula.name
+        logd.mkpath
+        sandbox.record_log(logd/"sandbox.postinstall.log")
         sandbox.allow_write_temp_and_cache
         sandbox.allow_write_log(formula)
         sandbox.allow_write_cellar(formula)
diff --git a/Library/Homebrew/cmd/test.rb b/Library/Homebrew/cmd/test.rb
index c4f322b60..616da440b 100644
--- a/Library/Homebrew/cmd/test.rb
+++ b/Library/Homebrew/cmd/test.rb
@@ -37,6 +37,9 @@ module Homebrew
         Utils.safe_fork do
           if Sandbox.available? && ARGV.sandbox?
             sandbox = Sandbox.new
+            logd = HOMEBREW_LOGS/f.name
+            logd.mkpath
+            sandbox.record_log(logd/"sandbox.test.log")
             sandbox.allow_write_temp_and_cache
             sandbox.allow_write_log(f)
             sandbox.exec(*args)
diff --git a/Library/Homebrew/formula_installer.rb b/Library/Homebrew/formula_installer.rb
index 3113810af..75cfa03d2 100644
--- a/Library/Homebrew/formula_installer.rb
+++ b/Library/Homebrew/formula_installer.rb
@@ -481,6 +481,9 @@ class FormulaInstaller
     Utils.safe_fork do
       if Sandbox.available? && ARGV.sandbox?
         sandbox = Sandbox.new
+        logd = HOMEBREW_LOGS/formula.name
+        logd.mkpath
+        sandbox.record_log(logd/"sandbox.build.log")
         sandbox.allow_write_temp_and_cache
         sandbox.allow_write_log(formula)
         sandbox.allow_write_cellar(formula)
diff --git a/Library/Homebrew/sandbox.rb b/Library/Homebrew/sandbox.rb
index 0fd3055e5..9ad920926 100644
--- a/Library/Homebrew/sandbox.rb
+++ b/Library/Homebrew/sandbox.rb
@@ -12,6 +12,10 @@ class Sandbox
     @profile = SandboxProfile.new
   end
 
+  def record_log(file)
+    @log = file
+  end
+
   def add_rule(rule)
     @profile.add_rule(rule)
   end
@@ -54,6 +58,7 @@ class Sandbox
       seatbelt = Tempfile.new(["homebrew", ".sb"], HOMEBREW_TEMP)
       seatbelt.write(@profile.dump)
       seatbelt.close
+      @start = Time.now
       safe_system SANDBOX_EXEC, "-f", seatbelt.path, *args
     rescue
       if ARGV.verbose?
@@ -63,6 +68,18 @@ class Sandbox
       raise
     ensure
       seatbelt.unlink
+      unless @log.nil?
+        sleep 0.1 # wait for a bit to let syslog catch up the latest events.
+        syslog_args = %W[
+          -F '$((Time)(local))\ $(Sender)[$(PID)]:\ $Message'
+          -k Time ge #{@start.to_i.to_s}
+          -k Sender kernel
+          -o
+          -k Time ge #{@start.to_i.to_s}
+          -k Sender sandboxd
+        ]
+        quiet_system "syslog #{syslog_args * " "} | grep deny > #{@log}"
+      end
     end
   end
 
-- 
cgit v1.2.3