svn commit: r189037 - in stable/7/sys: . contrib/pf dev/ath/ath_hal dev/cxgb security/audit

Robert Watson rwatson at FreeBSD.org
Wed Feb 25 05:30:18 PST 2009 

Author: rwatson
Date: Wed Feb 25 13:30:17 2009
New Revision: 189037
URL: http://svn.freebsd.org/changeset/base/189037

Log:
  Merge r184544 and r184545 from head to stable/7:
  
    Remove stale comment about filtering in audit pipe ioctl routine: we do
    support filtering now, although we may want to make it more interesting
    in the future.
  
    Update introductory comment for audit pipes.
  
    Sponsored by: Apple, Inc.

Modified:
  stable/7/sys/   (props changed)
  stable/7/sys/contrib/pf/   (props changed)
  stable/7/sys/dev/ath/ath_hal/   (props changed)
  stable/7/sys/dev/cxgb/   (props changed)
  stable/7/sys/security/audit/audit_pipe.c

Modified: stable/7/sys/security/audit/audit_pipe.c
==============================================================================
--- stable/7/sys/security/audit/audit_pipe.c	Wed Feb 25 13:26:30 2009	(r189036)
+++ stable/7/sys/security/audit/audit_pipe.c	Wed Feb 25 13:30:17 2009	(r189037)
@@ -57,10 +57,10 @@ __FBSDID("$FreeBSD$");
 
 /*
  * Implementation of a clonable special device providing a live stream of BSM
- * audit data.  This is a "tee" of the data going to the file.  It provides
- * unreliable but timely access to audit events.  Consumers of this interface
- * should be very careful to avoid introducing event cycles.  Consumers may
- * express interest via a set of preselection ioctls.
+ * audit data.  Consumers receive a "tee" of the system audit trail by
+ * default, but may also define alternative event selections using ioctls.
+ * This interface provides unreliable but timely access to audit events.
+ * Consumers should be very careful to avoid introducing event cycles.
  */
 
 /*
@@ -736,9 +736,6 @@ audit_pipe_close(struct cdev *dev, int f
 /*
  * Audit pipe ioctl() routine.  Handle file descriptor and audit pipe layer
  * commands.
- *
- * Would be desirable to support filtering, although perhaps something simple
- * like an event mask, as opposed to something complicated like BPF.
  */
 static int
 audit_pipe_ioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag,

More information about the svn-src-all mailing list