From 89ae6b10a424cf0c43f7aae17b32e70f27e1e65b Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Thu, 1 Aug 2024 13:37:10 +0100
Subject: [PATCH] Add new --level-prefix option

This prepends a severity level such as <3> to each line of diagnostic
output, with numeric severity levels taken from matching syslog(3)
(such as LOG_ERR = 3), so that the diagnostic output can be parsed by
tools like `logger --prio-prefix` and `systemd-cat --level-prefix=1`
that support that encoding.

The facility (LOG_USER, etc.) is not included, since it makes little
sense to vary on a per-message basis. logger(1) supports prefixes
with or without a facility, and systemd-cat(1) only supports prefixes
without a facility, so this is compatible with both.

A future version of Steam's pressure-vessel is likely to use this to
make warnings and fatal errors from bubblewrap more visible.

Signed-off-by: Simon McVittie <smcv@collabora.com>
---
 bind-mount.c      |  3 +++
 bubblewrap.c      |  5 +++++
 bwrap.xml         | 20 ++++++++++++++++++++
 tests/test-run.sh |  4 ++++
 utils.c           |  5 +++++
 utils.h           |  2 ++
 6 files changed, 39 insertions(+)

diff --git a/bind-mount.c b/bind-mount.c
index 2757caea..84cb148b 100644
--- a/bind-mount.c
+++ b/bind-mount.c
@@ -560,6 +560,9 @@ die_with_bind_result (bind_mount_result res,
   bool want_errno = TRUE;
   char *message;
 
+  if (bwrap_level_prefix)
+    fprintf (stderr, "<%d>", LOG_ERR);
+
   fprintf (stderr, "bwrap: ");
 
   va_start (args, format);
diff --git a/bubblewrap.c b/bubblewrap.c
index aeecc653..9f87e907 100644
--- a/bubblewrap.c
+++ b/bubblewrap.c
@@ -311,6 +311,7 @@ usage (int ecode, FILE *out)
            "    --version                    Print version\n"
            "    --args FD                    Parse NUL-separated args from FD\n"
            "    --argv0 VALUE                Set argv[0] to the value VALUE before running the program\n"
+           "    --level-prefix               Prepend e.g. <3> to diagnostic messages\n"
            "    --unshare-all                Unshare every namespace we support by default\n"
            "    --share-net                  Retain the network namespace (can only combine with --unshare-all)\n"
            "    --unshare-user               Create new user namespace (may be automatically implied if not setuid)\n"
@@ -1778,6 +1779,10 @@ parse_args_recurse (int          *argcp,
           argv++;
           argc--;
         }
+      else if (strcmp (arg, "--level-prefix") == 0)
+        {
+          bwrap_level_prefix = TRUE;
+        }
       else if (strcmp (arg, "--unshare-all") == 0)
         {
           /* Keep this in order with the older (legacy) --unshare arguments,
diff --git a/bwrap.xml b/bwrap.xml
index 3bb50820..2bfca00c 100644
--- a/bwrap.xml
+++ b/bwrap.xml
@@ -96,6 +96,26 @@
       <term><option>--argv0 <arg choice="plain">VALUE</arg></option></term>
       <listitem><para>Set argv[0] to the value <arg choice="plain">VALUE</arg> before running the program</para></listitem>
     </varlistentry>
+    <varlistentry>
+      <term><option>--level-prefix</option></term>
+      <listitem>
+        <para>
+          Prefix each line of diagnostic output with a numeric severity
+          level enclosed in angle brackets.
+          The severity levels used are based on the constants used by
+          <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>:
+          for example, <literal>&lt;4&gt;</literal> indicates a warning,
+          because <literal>LOG_WARNING</literal> has numeric value 4.
+          Numbers smaller than 4 indicate fatal errors, and numbers larger
+          than 4 indicate informational messages.
+          These prefixes can be parsed by tools compatible with
+          <literal>logger --prio-prefix</literal> (see
+          <citerefentry><refentrytitle>logger</refentrytitle><manvolnum>1</manvolnum></citerefentry>)
+          or <literal>systemd-cat --level-prefix=1</literal> (see
+          <citerefentry><refentrytitle>systemd-cat</refentrytitle><manvolnum>1</manvolnum></citerefentry>).
+        </para>
+      </listitem>
+    </varlistentry>
   </variablelist>
   <para>Options related to kernel namespaces:</para>
   <variablelist>
diff --git a/tests/test-run.sh b/tests/test-run.sh
index 479e027d..c58c7e14 100755
--- a/tests/test-run.sh
+++ b/tests/test-run.sh
@@ -575,4 +575,8 @@ $RUN --chdir / --chdir / true > stdout 2>&1
 assert_file_has_content stdout '^bwrap: Only the last --chdir option will take effect$'
 ok "warning logged for redundant --chdir"
 
+$RUN --level-prefix --chdir / --chdir / true > stdout 2>&1
+assert_file_has_content stdout '^<4>bwrap: Only the last --chdir option will take effect$'
+ok "--level-prefix"
+
 done_testing
diff --git a/utils.c b/utils.c
index daab654f..1fbab91e 100644
--- a/utils.c
+++ b/utils.c
@@ -34,12 +34,17 @@
 #define security_check_context(x) security_check_context ((security_context_t) x)
 #endif
 
+bool bwrap_level_prefix = FALSE;
+
 __attribute__((format(printf, 2, 0))) static void
 bwrap_logv (int severity,
             const char *format,
             va_list args,
             const char *detail)
 {
+  if (bwrap_level_prefix)
+    fprintf (stderr, "<%d>", severity);
+
   fprintf (stderr, "bwrap: ");
   vfprintf (stderr, format, args);
 
diff --git a/utils.h b/utils.h
index 0851b840..ced43513 100644
--- a/utils.h
+++ b/utils.h
@@ -53,6 +53,8 @@ typedef int bool;
 #define PR_SET_CHILD_SUBREAPER 36
 #endif
 
+extern bool bwrap_level_prefix;
+
 void  bwrap_log (int severity,
                  const char *format,
                  ...) __attribute__((format (printf, 2, 3)));