Some questions about kernel stuffs (namei, and AUDIT_ARG, ...)
Robert Watson
rwatson at FreeBSD.org
Fri Mar 3 21:15:37 UTC 2017
Hi Mahdi:
The kernel audit(4) framework captures system-call arguments and return values
to include in audit records. You can read about the details in the FreeBSD
D+I book. Each record can carry information about two file/socket/...
arguments. AUDIT_ARG_ATFD1() optionally records the first of those arguments,
and AUDIT_ARG_ATFD2() optionally records the second one. Similarly,
AUDITVNODE1 records information about the first vnode, and AUDITVNODE2 the
second. execveat(2) presumably takes one file-descriptor argument, so you
should use AUDIT_ARG_ATFD1() to capture that single argument.
Robert
On Fri, 3 Mar 2017, Mahdi Mokhtari wrote:
> Hi hackers@
> I'm working on implementing and completing Linuxulator syscalls
> with helps of trasz@ and dchagin@
> (and learning more about it on this way ;-D).
>
> In middle of this way, I'm implementing execveat() natively
> for FreeBSD to use it for Linuxulator (yeah dogfooding ;]])
>
> I encountered to some questions and I'm told here is the place to ask :-)
> I'd like to know the difference between `AUDIT_ARG_ATFD1` and
> `AUDIT_ARG_ATFD2`,
> when I should use which (for a syscall for example)?
>
> Also, Should I free the name buffer I get from `namei()` after
> `NDINIT_ATRIGHTS()` myself? (like what I do on `vput(node)`)?
>
> P.S. Actually namei() man page is too short to explain the API very well
> (at least for me, well I'm not native English speaker '':-D),
> so any hints/extra resources is appreciated __/|\__
>
> --
> Best regards, MMokhi.
> _______________________________________________
> freebsd-hackers at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
>
More information about the freebsd-hackers
mailing list