From 59dfe57b9234e4af2196632d07d7c0b1a61b7cb6 Mon Sep 17 00:00:00 2001
From: Kunal Mehta <legoktm@member.fsf.org>
Date: Mon, 11 Dec 2017 11:21:38 -0800
Subject: [PATCH] shell: Add debug logging to find binaries that aren't being
 restricted

Assume the first part of the command is the binary, and include it directly
in the message to make grouping work on a per-binary basis. Includ the rest
of the params as log context just in case it is useful.

Change-Id: Ibfff7b1fee083efffae833b9bfa71ae9806c1bbd
---
 includes/shell/FirejailCommand.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/includes/shell/FirejailCommand.php b/includes/shell/FirejailCommand.php
index 0338b5325e..ec9eb09ef5 100644
--- a/includes/shell/FirejailCommand.php
+++ b/includes/shell/FirejailCommand.php
@@ -62,6 +62,11 @@ class FirejailCommand extends Command {
 	protected function buildFinalCommand( $command ) {
 		// If there are no restrictions, don't use firejail
 		if ( $this->restrictions === 0 ) {
+			$splitCommand = explode( ' ', $command, 2 );
+			$this->logger->debug(
+				"firejail: Command {$splitCommand[0]} {params} has no restrictions",
+				[ 'params' => isset( $splitCommand[1] ) ? $splitCommand[1] : '' ]
+			);
 			return parent::buildFinalCommand( $command );
 		}
 
-- 
2.20.1