From 91111be58cc110b1b75e23399d9275e0bb0bfca4 Mon Sep 17 00:00:00 2001
From: Xu Cheng
Date: Thu, 16 Apr 2015 21:41:59 +0800
Subject: sandbox: record log

Closes #38711.

Signed-off-by: Xu Cheng <xucheng@me.com>
---
 Library/Homebrew/sandbox.rb | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'Library/Homebrew/sandbox.rb')

diff --git a/Library/Homebrew/sandbox.rb b/Library/Homebrew/sandbox.rb
index 0fd3055e5..9ad920926 100644
--- a/Library/Homebrew/sandbox.rb
+++ b/Library/Homebrew/sandbox.rb
@@ -12,6 +12,10 @@ class Sandbox
     @profile = SandboxProfile.new
   end
 
+  def record_log(file)
+    @log = file
+  end
+
   def add_rule(rule)
     @profile.add_rule(rule)
   end
@@ -54,6 +58,7 @@ class Sandbox
       seatbelt = Tempfile.new(["homebrew", ".sb"], HOMEBREW_TEMP)
       seatbelt.write(@profile.dump)
       seatbelt.close
+      @start = Time.now
       safe_system SANDBOX_EXEC, "-f", seatbelt.path, *args
     rescue
       if ARGV.verbose?
@@ -63,6 +68,18 @@ class Sandbox
       raise
     ensure
       seatbelt.unlink
+      unless @log.nil?
+        sleep 0.1 # wait for a bit to let syslog catch up the latest events.
+        syslog_args = %W[
+          -F '$((Time)(local))\ $(Sender)[$(PID)]:\ $Message'
+          -k Time ge #{@start.to_i.to_s}
+          -k Sender kernel
+          -o
+          -k Time ge #{@start.to_i.to_s}
+          -k Sender sandboxd
+        ]
+        quiet_system "syslog #{syslog_args * " "} | grep deny > #{@log}"
+      end
     end
   end
 
-- 
cgit v1.2.3