From owner-p4-projects@FreeBSD.ORG Fri Oct 19 12:18:12 2007 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id D0EE216A469; Fri, 19 Oct 2007 12:18:11 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7B4C716A41B; Fri, 19 Oct 2007 12:18:11 +0000 (UTC) (envelope-from arr@watson.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by mx1.freebsd.org (Postfix) with ESMTP id 480C913C4A5; Fri, 19 Oct 2007 12:18:03 +0000 (UTC) (envelope-from arr@watson.org) Received: from fledge.watson.org (localhost.watson.org [127.0.0.1]) by fledge.watson.org (8.14.1/8.14.1) with ESMTP id l9JC00cc032759; Fri, 19 Oct 2007 08:00:01 -0400 (EDT) (envelope-from arr@watson.org) Received: from localhost (arr@localhost) by fledge.watson.org (8.14.1/8.14.1/Submit) with ESMTP id l9JC004m032743; Fri, 19 Oct 2007 08:00:00 -0400 (EDT) (envelope-from arr@watson.org) X-Authentication-Warning: fledge.watson.org: arr owned process doing -bs Date: Fri, 19 Oct 2007 08:00:00 -0400 (EDT) From: "Andrew R. Reiter" To: Robert Watson In-Reply-To: <200710191100.l9JB06KB005138@repoman.freebsd.org> Message-ID: <20071019075904.F32470@fledge.watson.org> References: <200710191100.l9JB06KB005138@repoman.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (fledge.watson.org [127.0.0.1]); Fri, 19 Oct 2007 08:00:01 -0400 (EDT) Cc: Perforce Change Reviews Subject: Re: PERFORCE change 127769 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Oct 2007 12:18:12 -0000 Just curious -- how come openbsm removed AU_ class masks; isnt that needed for log analysis? or at least *better* log analysis? Cheers, Andrew -- Andrew R. Reiter arr@watson.org 858 245 3682 On Fri, 19 Oct 2007, Robert Watson wrote: > http://perforce.freebsd.org/chv.cgi?CH=127769 > > Change 127769 by rwatson@rwatson_zoo on 2007/10/19 10:59:33 > > Integrate OpenBSM changes into audit3 kernel. > > Affected files ... > > .. //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#40 integrate > > Differences ... > > ==== //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#40 (text+ko) ==== > > @@ -26,7 +26,7 @@ > * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF > * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. > * > - * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#39 $ > + * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#40 $ > * $FreeBSD: src/sys/bsm/audit.h,v 1.9 2007/07/22 12:28:12 rwatson Exp $ > */ > > @@ -75,44 +75,6 @@ > #define AU_DEFAUDITID -1 > > /* > - * Define the masks for the classes of audit events. > - */ > -#define AU_NULL 0x00000000 > -#define AU_FREAD 0x00000001 > -#define AU_FWRITE 0x00000002 > -#define AU_FACCESS 0x00000004 > -#define AU_FMODIFY 0x00000008 > -#define AU_FCREATE 0x00000010 > -#define AU_FDELETE 0x00000020 > -#define AU_CLOSE 0x00000040 > -#define AU_PROCESS 0x00000080 > -#define AU_NET 0x00000100 > -#define AU_IPC 0x00000200 > -#define AU_NONAT 0x00000400 > -#define AU_ADMIN 0x00000800 > -#define AU_LOGIN 0x00001000 > -#define AU_TFM 0x00002000 > -#define AU_APPL 0x00004000 > -#define AU_SETL 0x00008000 > -#define AU_IFLOAT 0x00010000 > -#define AU_PRIV 0x00020000 > -#define AU_MAC_RW 0x00040000 > -#define AU_XCONN 0x00080000 > -#define AU_XCREATE 0x00100000 > -#define AU_XDELETE 0x00200000 > -#define AU_XIFLOAT 0x00400000 > -#define AU_XPRIVS 0x00800000 > -#define AU_XPRIVF 0x01000000 > -#define AU_XMOVE 0x02000000 > -#define AU_XDACF 0x04000000 > -#define AU_XMACF 0x08000000 > -#define AU_XSECATTR 0x10000000 > -#define AU_IOCTL 0x20000000 > -#define AU_EXEC 0x40000000 > -#define AU_OTHER 0x80000000 > -#define AU_ALL 0xffffffff > - > -/* > * IPC types. > */ > #define AT_IPC_MSG ((u_char)1) /* Message IPC id. */ > >