PERFORCE change 91238 for review

Robert Watson rwatson at FreeBSD.org
Mon Feb 6 15:59:42 GMT 2006 

http://perforce.freebsd.org/chv.cgi?CH=91238

Change 91238 by rwatson at rwatson_peppercorn on 2006/02/06 15:59:26

	Add a first cut at audit pipe support, the ability for appropriately
	privileged processes to register for a "tee" of the live audit
	record stream via a cloned special device.  Unlike the commit to
	disk, the pipe tee is unreliable, but allows processes to unreliably
	track audit events via direct kernel I/O rather than going through
	the audit trail file.
	
	This code almost certainly doesn't work yet, but is going into the
	branch so it can make its way to test machines.
	
	On the todo for it is proper select/sigio/poll support, as right now
	it simply provides blocking read.

Affected files ...

.. //depot/projects/trustedbsd/audit3/sys/conf/files#13 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit.c#8 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_pipe.c#1 add
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_private.h#15 edit

Differences ...

==== //depot/projects/trustedbsd/audit3/sys/conf/files#13 (text+ko) ====

@@ -1828,6 +1828,7 @@
 security/audit/audit_bsm.c	optional audit
 security/audit/audit_bsm_klib.c	optional audit
 security/audit/audit_bsm_token.c optional audit
+security/audit/audit_pipe.c	optional audit
 security/mac/mac_inet.c		optional mac inet
 security/mac/mac_label.c	optional mac
 security/mac/mac_net.c		optional mac

==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit.c#8 (text+ko) ====

@@ -407,6 +407,11 @@
 		ret = EINVAL;
 		goto out;
 	}
+
+	/*
+	 * Try submitting the record to any active audit pipes.
+	 */
+	audit_pipe_submit((void *)bsm->data, bsm->len);
 	
 	/*
 	 * XXX

==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_private.h#15 (text+ko) ====

@@ -303,4 +303,9 @@
 void			 audit_rotate_vnode(struct ucred *cred,
 			    struct vnode *vp);
 
+/*
+ * Audit pipe functions.
+ */
+void			 audit_pipe_submit(void *record, u_int record_len);
+
 #endif /* ! _BSM_AUDIT_PRIVATE_H */
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list