Audit include files
Robert Watson
rwatson at FreeBSD.org
Sat Sep 24 16:48:38 GMT 2005
I was reviewing current include files in the audit3 branch, and generated
this summary of which exist, and some recommendations on changes:
Kernel or Kernel+User include files:
security/audit/audit_klib.h Internal API for the audit subsystem to
interact with the BSM file format and
selection mechanisms.
bsm/audit.h Audit data structures/constants shared by
user and kernel space, user space system
call prototypes.
bsm/audit_internal.h Definitions internal to libbsm, which are
shared between libbsm objects.
bsm/audit_kernel.h Internal API between the kernel as a whole
and the audit subsystem -- calls to
declare
various system call arguments, syscall
enter
and exit, and so on.
bsm/audit_kevents.h Kernel audit event identifier definitions.
bsm/audit_record.h Additional APIs and definitions visible to
both kernel and user space for generating
and decoding BSM, and pertaining to the
BSM file format.
User space only:
bsm/audit_uevents.h User space audit event identifier
definitions.
bsm/libbsm.h libbsm APIs and definitions for user space
applications.
Recommendations:
security/audit/audit_klib.h becomes security/audit/audit_private.h, and is
no longer installed.
bsm/audit_kernel.h becomes security/audit/audit.h, and is no longer
installed.
Any problem with my following through on the recommendations?
Robert N M Watson
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-audit" in the body of the message
More information about the trustedbsd-audit
mailing list