shell: Add debug logging to find binaries that aren't being restricted

Assume the first part of the command is the binary, and include it directly
in the message to make grouping work on a per-binary basis. Includ the rest
of the params as log context just in case it is useful.

Change-Id: Ibfff7b1fee083efffae833b9bfa71ae9806c1bbd

diff --git a/includes/shell/FirejailCommand.php b/includes/shell/FirejailCommand.php
index 0338b53..ec9eb09 100644 (file)
--- a/includes/shell/FirejailCommand.php
+++ b/includes/shell/FirejailCommand.php
@@ -62,6 +62,11 @@ class FirejailCommand extends Command {
        protected function buildFinalCommand( $command ) {
                // If there are no restrictions, don't use firejail
                if ( $this->restrictions === 0 ) {
+                       $splitCommand = explode( ' ', $command, 2 );
+                       $this->logger->debug(
+                               "firejail: Command {$splitCommand[0]} {params} has no restrictions",
+                               [ 'params' => isset( $splitCommand[1] ) ? $splitCommand[1] : '' ]
+                       );
                        return parent::buildFinalCommand( $command );
                }