PERFORCE change 56034 for review

Wayne Salamon wsalamon at FreeBSD.org
Mon Jun 28 23:22:34 GMT 2004 

http://perforce.freebsd.org/chv.cgi?CH=56034

Change 56034 by wsalamon at wsalamon_epi on 2004/06/28 23:21:44

	Hook the audit files into the build system. Modify proc.h
	to add the audit record to the thread and proc struct.

Affected files ...

.. //depot/projects/trustedbsd/audit3/sys/conf/NOTES#2 edit
.. //depot/projects/trustedbsd/audit3/sys/conf/files#2 edit
.. //depot/projects/trustedbsd/audit3/sys/conf/options#2 edit
.. //depot/projects/trustedbsd/audit3/sys/i386/conf/AUDIT#1 add
.. //depot/projects/trustedbsd/audit3/sys/sys/proc.h#2 edit

Differences ...

==== //depot/projects/trustedbsd/audit3/sys/conf/NOTES#2 (text+ko) ====

@@ -828,6 +828,9 @@
 #####################################################################
 # SECURITY POLICY PARAMETERS
 
+# Support for BSM audit
+options		AUDIT
+
 # Support for Mandatory Access Control (MAC):
 options 	MAC
 options 	MAC_BIBA

==== //depot/projects/trustedbsd/audit3/sys/conf/files#2 (text+ko) ====

@@ -1613,6 +1613,10 @@
 posix4/p1003_1b.c	standard
 posix4/posix4_mib.c	standard
 kern/uipc_sem.c		optional p1003_1b_semaphores
+security/audit/kern_audit.c	standard
+security/audit/kern_bsm_audit.c	optional audit
+security/audit/kern_bsm_klib.c	optional audit
+security/audit/kern_bsm_token.c	optional audit
 security/mac/mac_inet.c		optional mac inet
 security/mac/mac_label.c	optional mac
 security/mac/mac_net.c		optional mac

==== //depot/projects/trustedbsd/audit3/sys/conf/options#2 (text+ko) ====

@@ -49,6 +49,7 @@
 # Miscellaneous options.
 ADAPTIVE_MUTEXES
 ALQ
+AUDIT	opt_global.h
 CODA_COMPAT_5	opt_coda.h
 COMPAT_43	opt_compat.h
 COMPAT_FREEBSD4	opt_compat.h

==== //depot/projects/trustedbsd/audit3/sys/sys/proc.h#2 (text+ko) ====

@@ -148,8 +148,10 @@
  * either lock is sufficient for read access, but both locks must be held
  * for write access.
  */
+struct auditinfo;
 struct ithd;
 struct ke_sched;
+struct kaudit_record;
 struct kg_sched;
 struct nlminfo;
 struct p_sched;
@@ -303,6 +305,7 @@
 	volatile u_int	td_generation;	/* (k) Enable detection of preemption */
 	stack_t		td_sigstk;	/* (k) Stack ptr and on-stack flag. */
 	int		td_kflags;	/* (c) Flags for KSE threading. */
+	struct kaudit_record	*td_ar;	/* (k) Active audit record, if any. */
 
 #define	td_endzero td_base_pri
 
@@ -613,6 +616,7 @@
 	void		*p_emuldata;	/* (c) Emulator state data. */
 	struct label	*p_label;	/* (*) Proc (not subject) MAC label. */
 	struct p_sched	*p_sched;	/* (*) Scheduler-specific data. */
+	struct auditinfo	*p_au;	/* (c) Process audit properties. */
 };
 
 #define	p_session	p_pgrp->pg_session
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list