Add more debug/trace logs

This helped me debug a selinux regression.

Signed-off-by: Colin Walters <[email protected]>

Author: cgwalters

lib/src/cli.rs

@@ -113,18 +113,21 @@ pub(crate) enum Opt {
 pub(crate) async fn ensure_self_unshared_mount_namespace() -> Result<()> {
     let uid = cap_std_ext::rustix::process::getuid();
     if !uid.is_root() {
+        tracing::debug!("Not root, assuming no need to unshare");
         return Ok(());
     }
     let recurse_env = "_ostree_unshared";
     let ns_pid1 = std::fs::read_link("/proc/1/ns/mnt").context("Reading /proc/1/ns/mnt")?;
     let ns_self = std::fs::read_link("/proc/self/ns/mnt").context("Reading /proc/self/ns/mnt")?;
     // If we already appear to be in a mount namespace, or we're already pid1, we're done
     if ns_pid1 != ns_self {
+        tracing::debug!("Already in a mount namespace");
         return Ok(());
     }
     if std::env::var_os(recurse_env).is_some() {
         let am_pid1 = cap_std_ext::rustix::process::getpid().is_init();
         if am_pid1 {
+            tracing::debug!("We are pid 1");
             return Ok(());
         } else {
             anyhow::bail!("Failed to unshare mount namespace");

lib/src/lsm.rs

@@ -29,6 +29,8 @@ pub(crate) fn selinux_ensure_install() -> Result<()> {
         if p.exists() {
             tracing::debug!("Removing temporary file");
             std::fs::remove_file(p).context("Removing {p:?}")?;
+        } else {
+            tracing::debug!("Assuming we now have a privileged (e.g. install_t) label");
         }
         return Ok(());
     }
@@ -50,6 +52,7 @@ pub(crate) fn selinux_ensure_install() -> Result<()> {
     let mut cmd = Command::new(&tmpf);
     cmd.env(guardenv, tmpf);
     cmd.args(std::env::args_os().skip(1));
+    tracing::debug!("Re-executing");
     Err(anyhow::Error::msg(cmd.exec()).context("execve"))
 }
 

lib/src/reexec.rs

@@ -8,6 +8,7 @@ use fn_error_context::context;
 #[context("Reexec self")]
 pub(crate) fn reexec_with_guardenv(k: &str, prefix_args: &[&str]) -> Result<()> {
     if std::env::var_os(k).is_some() {
+        tracing::trace!("Skipping re-exec due to env var {k}");
         return Ok(());
     }
     let self_exe = std::fs::read_link("/proc/self/exe")?;
@@ -22,5 +23,6 @@ pub(crate) fn reexec_with_guardenv(k: &str, prefix_args: &[&str]) -> Result<()>
     };
     cmd.env(k, "1");
     cmd.args(std::env::args_os().skip(1));
+    tracing::debug!("Re-executing current process for {k}");
     Err(cmd.exec().into())
 }