PERFORCE change 109312 for review

Sun Nov 5 23:47:43 UTC 2006

http://perforce.freebsd.org/chv.cgi?CH=109312

Change 109312 by rwatson at rwatson_fledge on 2006/11/05 23:46:36

	Document the format of some additional BSM tokens in audit.log.5.
	
	Submitted by:	Martin Voros <martin_voros at yahoo dot com>

Affected files ...

.. //depot/projects/trustedbsd/openbsm/man/audit.log.5#16 edit

Differences ...

==== //depot/projects/trustedbsd/openbsm/man/audit.log.5#16 (text+ko) ====

@@ -23,9 +23,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#15 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#16 $
 .\"
-.Dd May 1, 2005
+.Dd November 5, 2006
 .Dt AUDIT.LOG 5
 .Os
 .Sh NAME
@@ -418,7 +418,10 @@
 .Ss System V IPC Token
 The
 .Dq System V IPC
-token ...
+token contains the System V IPC message handle, semaphore handle or shared
+memory handle.
+A System V IPC token may be created using
++.Xr au_to_ipc 3 .
 .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL"
 .It Sy "Field	Bytes	Description"
 .It "Token ID	1 byte	Token ID"
@@ -481,38 +484,60 @@
 .Ss System V IPC Permission Token
 The
 .Dq System V IPC permission
-token ...
+token contains a System V IPC access permissions.
+A System V IPC permission token may be created using
+.Xr au_to_ipc_perm 3 .
 .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL"
 .It Sy "Field	Bytes	Description"
 .It "Token ID	1 byte	Token ID"
-.It XXXXX
+.It Li "Owner user ID" Ta "4 bytes" Ta "User ID of IPC owner"
+.It Li "Owner group ID" Ta "4 bytes" Ta "Group ID of IPC owner"
+.It Li "Creator user ID" Ta "4 bytes" Ta "User ID of IPC creator"
+.It Li "Creator group ID" Ta "4 bytes" Ta "Group ID of IPC creator"
+.It Li "Access mode" Ta "4 bytes" Ta "Access mode"
+.It Li "Sequnce number" Ta "4 bytes" Ta "Sequnce number"
+.It Li "Key" Ta "4 bytes" Ta "IPC key"
 .El
 .Ss Arg Token
 The
 .Dq arg
-token ...
+token contains informations about arguments of the system call.
+Depending on the size of the desired argument value, an Arg token may be
+created using
+.Xr au_to_arg32 3
+or
+.Xr au_to_arg64 3 .
 .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL"
 .It Sy "Field	Bytes	Description"
 .It "Token ID	1 byte	Token ID"
-.It XXXXX
+.It Li "Argument ID" Ta "1 byte" Ta "Argument ID"
+.It Li "Argument value" Ta "4/8 bytes" Ta "Argument value"
+.It Li "Length" Ta "2 bytes" Ta "Length of the text"
+.It Li "Text" Ta "N bytes + 1 nul" Ta "The string including nul"
 .El
 .Ss exec_args Token
 The
 .Dq exec_args
-token ...
+token contains informations about arguements of the exec() system call.
+An exec_args token may be created using
+.Xr au_to_exec_args 3 .
 .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL"
 .It Sy "Field	Bytes	Description"
 .It "Token ID	1 byte	Token ID"
-.It XXXXX
+.It Li "Count" Ta "4 bytes" Ta "Number of arguments"
+.It Li "Text" Ta "* bytes" Ta "Count null-terminated strings"
 .El
 .Ss exec_env Token
 The
 .Dq exec_env
-token ...
+token contains current eviroment variables to an exec() system call.
+An exec_args token may be created using
+.Xr au_to_exec_env 3 .
 .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL"
 .It Sy "Field	Bytes	Description"
 .It "Token ID	1 byte	Token ID"
-.It XXXXX
+.It Li "Count ID" Ta "4 bytes" Ta "Number of variables"
+.It Li "Text" Ta "* bytes" Ta "Count nul-terminated strings"
 .El
 .Ss Exit Token
 The
@@ -531,11 +556,29 @@
 .Ss Socket Token
 The
 .Dq socket
-token ...
+token contains informations about UNIX domain and Internet sockets.
+Each token has four or eight fields.
+Depend on type of socket a socket token may be created using
+.Xr au_to_sock_unix 3 ,
+.Xr au_to_sock_inet32 3 or
+.Xr au_to_sock_inet128 3 .
+.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
+.It Sy "Field" Ta Sy Bytes Ta Sy Description
+.It Li "Token ID" Ta "1 byte" Ta "Token ID"
+.It Li "Socket family" Ta "2 bytes" Ta "Socket family"
+.It Li "Local port" Ta "2 bytes" Ta "Local port"
+.It Li "Socket address" Ta "4 bytes" Ta "Socket address"
+.El
 .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL"
 .It Sy "Field	Bytes	Description"
 .It "Token ID	1 byte	Token ID"
-.It XXXXX
++.It Li "Socket domain" Ta "4 bytes" Ta "Socket domain"
++.It Li "Socket family" Ta "2 bytes" Ta "Socket family"
++.It Li "Address type" Ta "1 byte" Ta "Address type (IPv4/IPv6)"
++.It Li "Local port" Ta "2 bytes" Ta "Local port"
++.It Li "Local IP address" Ta "4/16 bytes" Ta "Local IP address"
++.It Li "Remote port" Ta "2 bytes" Ta "Remote port"
++.It Li "Remote IP address" Ta "4/16 bytes" Ta "Remote IP address"
 .El
 .Ss Expanded Socket Token
 The
