PERFORCE change 91073 for review

Wayne Salamon wsalamon at FreeBSD.org
Sat Feb 4 16:07:53 GMT 2006 

http://perforce.freebsd.org/chv.cgi?CH=91073

Change 91073 by wsalamon at gretsch on 2006/02/04 16:07:32

	Update the TODO list. Some things have actually been done.

Affected files ...

.. //depot/projects/trustedbsd/audit3/notes/TODO_audit.txt#2 edit

Differences ...

==== //depot/projects/trustedbsd/audit3/notes/TODO_audit.txt#2 (text+ko) ====

@@ -7,7 +7,7 @@
 
 - Add a file token to the audit startup record, containing the audit log file.
 
-- Look at what audited writes when the file is rotated. 
+- Look at what auditd writes when the file is rotated. 
 
 - Sweep of system call tables to see if any new BSM types are needed, that 
 all system calls have the right BSM types assigned, and so on. (See the
@@ -26,8 +26,6 @@
 tokens. Existing tests verify at the record level, not token level. So we
 have EVENT->RECORD tests, need RECORD->TOKENS tests.
 
-- Fix up pathname lookups in kernel. [IN PROGRESS]
-
 - MAC->Audit integration, where the audit system pulls MAC label information 
 from policies.
 
@@ -40,9 +38,6 @@
 - Sweep of BSM event types to see what should or shouldn't be coalesced or 
 renamed.
 
-- Restructure sys/security/audit to even out the sizes a bit, break it down, 
-clean it up, etc.   [IN PROGRESS]
-
 - Review set of user space programs and libraries to identify audit-relevant 
 events and plan out how each needs audit support.  For example, login has basic 
 support right now, but sshd, etc, don't.
@@ -53,14 +48,9 @@
 
 - Expand praudit to speak Sun's new XML output format.
 
-- Fix licenses and copyrights, with the help of Apple [IN PROGRESS]
-
 - Investigate Sun's enhanced audit API they've been working on, decide what 
 if anything to do with it.
 
-- Remove pathname lookup for file descriptor based calls as it is not 
-reliable.
-
 - Write test code for converting BSM to/from text. 
 
 - Write test code to make sure auditd handles triggers, rotates log files,
@@ -71,3 +61,6 @@
 
 - Add a function to the audit test library to load the kernel event->class
 mapping so auditd need not be run before testing.
+
+- Expand the subject token to include jail information. Add this informtion
+for processes that are running in a jail.
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list