Date: Wed, 21 Mar 2018 17:22:42 +0000 (UTC) From: "Christian S.J. Peron" <csjp@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r331313 - head/share/man/man4 Message-ID: <201803211722.w2LHMgCZ074369@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: csjp Date: Wed Mar 21 17:22:42 2018 New Revision: 331313 URL: https://svnweb.freebsd.org/changeset/base/331313 Log: Document the limitations associated with using the audit syscalls from jailed process. These might get implemented in jails in the future, but for now they are not supported. Discussed on: freebsd-security@ Reviewed by: brueffer@ MFC after: 2 weeks Modified: head/share/man/man4/audit.4 Modified: head/share/man/man4/audit.4 ============================================================================== --- head/share/man/man4/audit.4 Wed Mar 21 16:18:14 2018 (r331312) +++ head/share/man/man4/audit.4 Wed Mar 21 17:22:42 2018 (r331313) @@ -138,3 +138,11 @@ incomplete argument information. Mandatory Access Control (MAC) labels, as provided by the .Xr mac 4 facility, are not audited as part of records involving MAC decisions. +.Pp +Currently the +.Nm +syscalls are not supported for jailed processes. +However, if a process has +.Nm +session state associated with it, audit records will still be produced and a zonename token +containing the jail's ID or name will be present in the audit records.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201803211722.w2LHMgCZ074369>