From owner-cvs-all@FreeBSD.ORG Wed Sep 20 17:07:20 2006 Return-Path: X-Original-To: cvs-all@FreeBSD.org Delivered-To: cvs-all@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F39F116A492; Wed, 20 Sep 2006 17:07:19 +0000 (UTC) (envelope-from csjp@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3302A43D46; Wed, 20 Sep 2006 17:07:12 +0000 (GMT) (envelope-from csjp@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k8KH7CPr065010; Wed, 20 Sep 2006 17:07:12 GMT (envelope-from csjp@repoman.freebsd.org) Received: (from csjp@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k8KH7C7u065009; Wed, 20 Sep 2006 17:07:12 GMT (envelope-from csjp) Message-Id: <200609201707.k8KH7C7u065009@repoman.freebsd.org> From: "Christian S.J. Peron" Date: Wed, 20 Sep 2006 17:07:11 +0000 (UTC) To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org X-FreeBSD-CVS-Branch: RELENG_6 Cc: Subject: cvs commit: src/sys/security/audit audit.c audit_private.h audit_syscalls.c audit_worker.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Sep 2006 17:07:20 -0000 csjp 2006-09-20 17:07:11 UTC FreeBSD src repository Modified files: (Branch: RELENG_6) sys/security/audit audit.c audit_private.h audit_syscalls.c audit_worker.c Log: MFC audit work which fully implements processing of user supplied records Log: Correct a slight regression which was introduced with the implementation of audit pipes. If the kernel record was not selected for the trail or the pipe, any user supplied record attached to it would be tossed away, resulting in otherwise selected events being lost. - Introduce two new masks: AR_PRESELECT_USER_TRAIL AR_PRESELECT_USER_PIPE, currently we have AR_PRESELECT_TRAIL and AR_PRESELECT_PIPE, which tells the audit worker that we are interested in the kernel record, with the additional masks we can determine if either the pipe or trail is interested in seeing the kernel or user record. - In audit(2), we unconditionally set the AR_PRESELECT_USER_TRAIL and AR_PRESELECT_USER_PIPE masks under the assumption that userspace has done the preselection [1]. Currently, there is work being done that allows the kernel to parse and preselect user supplied records, so in the future preselection could occur in either layer. But there is still a few details to work out here. [1] At some point we need to teach au_preselect(3) about the interests of all the individual audit pipes. Approved by: re@ (kensmith) Revision Changes Path 1.18.2.3 +2 -2 src/sys/security/audit/audit.c 1.10.2.2 +3 -0 src/sys/security/audit/audit_private.h 1.1.2.3 +8 -0 src/sys/security/audit/audit_syscalls.c 1.9.2.2 +7 -3 src/sys/security/audit/audit_worker.c