From b78712fd30eb506d5f37abbb4416eb47c6e00955 Mon Sep 17 00:00:00 2001
From: Simon McVittie <simon.mcvittie@collabora.co.uk>
Date: Tue, 5 Jul 2016 19:28:22 +0100
Subject: [PATCH] session-lockdown: provide debug information about processes
 we look at

We're effectively asserting that all these processes are running,
so we should look at whether they, in fact, *are* running, and
if not, why not.

Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Differential Revision: https://phabricator.apertis.org/D3639
---
 apparmor/session-lockdown/no-deny | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/apparmor/session-lockdown/no-deny b/apparmor/session-lockdown/no-deny
index 358e039..3eb4bd1 100755
--- a/apparmor/session-lockdown/no-deny
+++ b/apparmor/session-lockdown/no-deny
@@ -178,6 +178,26 @@ def after_reboot():
             'pactl', 'stat')
     log_subprocess('aa-status')
 
+    log_subprocess('systemd-cgls')
+
+    log_subprocess('systemctl', '--no-pager', 'status',
+            'connman.service', may_fail=True)
+    log_subprocess('systemctl', '--no-pager', 'status',
+            'ofono.service', may_fail=True)
+
+    log_subprocess('sudo', '-u', ORDINARY_USER,
+            'env', 'XDG_RUNTIME_DIR=/run/user/{}'.format(ORDINARY_UID),
+            'systemctl', '--no-pager', '--user', 'status',
+            'pulseaudio.service', may_fail=True)
+    log_subprocess('sudo', '-u', ORDINARY_USER,
+            'env', 'XDG_RUNTIME_DIR=/run/user/{}'.format(ORDINARY_UID),
+            'systemctl', '--no-pager', '--user', 'status',
+            'tracker-miner-fs.service', may_fail=True)
+    log_subprocess('sudo', '-u', ORDINARY_USER,
+            'env', 'XDG_RUNTIME_DIR=/run/user/{}'.format(ORDINARY_UID),
+            'systemctl', '--no-pager', '--user', 'status',
+            'tracker-store.service', may_fail=True)
+
     profiles = get_profiles()
 
     for k, v in profiles.items():
-- 
GitLab