cvs commit: src/sys/security/audit audit.c audit_private.h
audit_syscalls.c audit_worker.c
Christian S.J. Peron
csjp at FreeBSD.org
Wed Sep 20 10:07:20 PDT 2006
csjp 2006-09-20 17:07:11 UTC
FreeBSD src repository
Modified files: (Branch: RELENG_6)
sys/security/audit audit.c audit_private.h audit_syscalls.c
audit_worker.c
Log:
MFC audit work which fully implements processing of user supplied records
Log:
Correct a slight regression which was introduced with the implementation of
audit pipes. If the kernel record was not selected for the trail or the pipe,
any user supplied record attached to it would be tossed away, resulting in
otherwise selected events being lost.
- Introduce two new masks: AR_PRESELECT_USER_TRAIL AR_PRESELECT_USER_PIPE,
currently we have AR_PRESELECT_TRAIL and AR_PRESELECT_PIPE, which tells
the audit worker that we are interested in the kernel record, with
the additional masks we can determine if either the pipe or trail is
interested in seeing the kernel or user record.
- In audit(2), we unconditionally set the AR_PRESELECT_USER_TRAIL and
AR_PRESELECT_USER_PIPE masks under the assumption that userspace has
done the preselection [1].
Currently, there is work being done that allows the kernel to parse and
preselect user supplied records, so in the future preselection could occur
in either layer. But there is still a few details to work out here.
[1] At some point we need to teach au_preselect(3) about the interests of
all the individual audit pipes.
Approved by: re@ (kensmith)
Revision Changes Path
1.18.2.3 +2 -2 src/sys/security/audit/audit.c
1.10.2.2 +3 -0 src/sys/security/audit/audit_private.h
1.1.2.3 +8 -0 src/sys/security/audit/audit_syscalls.c
1.9.2.2 +7 -3 src/sys/security/audit/audit_worker.c
More information about the cvs-src
mailing list