PERFORCE change 64264 for review
Robert Watson
rwatson at FreeBSD.org
Thu Nov 4 22:24:57 GMT 2004
On Thu, 4 Nov 2004, Andrew R. Reiter wrote:
> http://perforce.freebsd.org/chv.cgi?CH=64264
>
> Change 64264 by arr at arr_audit3_d400laptop on 2004/11/04 22:09:20
>
> auditctl(2) should be called via syscall(2) for now until we
> add libc support for AUDIT.
I think it should be there already, assuming you rebuild world using the
audit3 tree. This is because the syscalls.master file is used to generate
assembly language stubs for the system calls that appear there
automatically. You need to add a prototype in an appropriate file so code
linking against it can do the type magic, but you shouldn't need do
anything further if the system calls implement the API exactly. In the
MAC case, we don't use the system call stubs directly, so prefix them with
_. This allows us to more easily insert user transforms. I don't see
that we need to do that with Audit, since the API is already well-defined
and flexible.
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org Principal Research Scientist, McAfee Research
>
> Affected files ...
>
> .. //depot/projects/trustedbsd/audit3/usr.sbin/auditon/auditon.c#2 edit
>
> Differences ...
>
> ==== //depot/projects/trustedbsd/audit3/usr.sbin/auditon/auditon.c#2 (text+ko) ====
>
> @@ -38,6 +38,8 @@
> #include <stdio.h>
> #include <stdlib.h>
> #include <string.h>
> +#include <sys/syscall.h>
> +#include <unistd.h>
>
> static void
> usage(void)
> @@ -59,7 +61,8 @@
> path = NULL;
> else
> path = argv[1];
> - if (auditctl(AC_SETLOGFILE, path) == -1)
> + /* if (auditctl(AC_SETLOGFILE, path) == -1) */
> + if (syscall(SYS_auditctl, AC_SETLOGFILE, path) == -1)
> errx(-1, "%s: %s", path, strerror(errno));
> exit(0);
> }
>
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-audit" in the body of the message
More information about the trustedbsd-audit
mailing list