From 074582782ce9fdb133cf665a017b690202ecbcb8 Mon Sep 17 00:00:00 2001
From: Robert Swiecki <robert@swiecki.net>
Date: Thu, 6 Jul 2017 11:37:41 +0200
Subject: [PATCH] caps: shorter debug messages

---
 Makefile |  2 +-
 caps.c   | 21 +++++++++++++++------
 2 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/Makefile b/Makefile
index 6197c55..64dd280 100644
--- a/Makefile
+++ b/Makefile
@@ -137,7 +137,7 @@ indent:
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
 nsjail.o: nsjail.h common.h caps.h cmdline.h log.h net.h subproc.h util.h
-caps.o: caps.h common.h log.h
+caps.o: caps.h common.h log.h util.h
 cmdline.o: cmdline.h common.h caps.h config.h log.h mount.h util.h user.h
 config.o: common.h caps.h config.h log.h mount.h user.h util.h
 contain.o: contain.h common.h caps.h cgroup.h cpu.h log.h mount.h net.h pid.h
diff --git a/caps.c b/caps.c
index bd84cc6..6dfd471 100644
--- a/caps.c
+++ b/caps.c
@@ -28,6 +28,7 @@
 #include <unistd.h>
 
 #include "log.h"
+#include "util.h"
 
 #define VALSTR_STRUCT(x) { x, #x }
 
@@ -148,12 +149,14 @@ bool capsInitNs(struct nsjconf_t *nsjconf)
 	cap_t cap_orig = capsGet();
 	cap_t cap_new = capsGet();
 
+	char dbgmsg[4096];
+	dbgmsg[0] = '\0';
+
 	if (nsjconf->keep_caps) {
 		for (size_t i = 0; i < ARRAYSIZE(capNames); i++) {
 			cap_flag_value_t v = capsGetCap(cap_orig, capNames[i].val, CAP_PERMITTED);
 			if (v == CAP_SET) {
-				LOG_D("Adding '%s' capability to the inheritable set",
-				      capNames[i].name);
+				utilSSnPrintf(dbgmsg, sizeof(dbgmsg), " %s", capNames[i].name);
 			}
 			capsSetCap(cap_new, capNames[i].val, CAP_INHERITABLE, v);
 		}
@@ -168,12 +171,14 @@ bool capsInitNs(struct nsjconf_t *nsjconf)
 				capsFree(cap_new);
 				return false;
 			}
-			LOG_D("Adding '%s' capability to the inheritable set",
-			      capsValToStr(p->val));
+			utilSSnPrintf(dbgmsg, sizeof(dbgmsg), " %s", capsValToStr(p->val));
 			capsSetCap(cap_new, p->val, CAP_INHERITABLE, CAP_SET);
 		}
 	}
 
+	LOG_D("Adding the following capabilities to the inheritable set:%s", dbgmsg);
+	dbgmsg[0] = '\0';
+
 	if (cap_set_proc(cap_new) == -1) {
 		capsFree(cap_orig);
 		capsFree(cap_new);
@@ -188,27 +193,31 @@ bool capsInitNs(struct nsjconf_t *nsjconf)
 			if (capsGetCap(cap_orig, capNames[i].val, CAP_PERMITTED) != CAP_SET) {
 				continue;
 			}
-			LOG_D("Adding '%s' capability to the ambient set", capNames[i].name);
 			if (prctl
 			    (PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, (unsigned long)capNames[i].val,
 			     0UL, 0UL) == -1) {
 				PLOG_W("prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, %s)",
 				       capNames[i].name);
+			} else {
+				utilSSnPrintf(dbgmsg, sizeof(dbgmsg), " %s", capNames[i].name);
 			}
 		}
 	} else {
 		struct ints_t *p;
 		TAILQ_FOREACH(p, &nsjconf->caps, pointers) {
-			LOG_D("Adding '%s' capability to the ambient set", capsValToStr(p->val));
 			if (prctl
 			    (PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, (unsigned long)p->val, 0UL,
 			     0UL) == -1) {
 				PLOG_W("prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, %s)",
 				       capsValToStr(p->val));
+			} else {
+				utilSSnPrintf(dbgmsg, sizeof(dbgmsg), " %s", capsValToStr(p->val));
 			}
 		}
 	}
 
+	LOG_D("Added the following capabilities to the ambient set:%s", dbgmsg);
+
 	capsFree(cap_orig);
 	capsFree(cap_new);
 	return true;