Date: Tue, 10 Oct 2006 15:49:10 +0000 (UTC) From: "Christian S.J. Peron" <csjp@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/security/audit audit_syscalls.c Message-ID: <200610101549.k9AFnAs6074570@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
csjp 2006-10-10 15:49:10 UTC
FreeBSD src repository
Modified files:
sys/security/audit audit_syscalls.c
Log:
Mark the audit system calls as being un-implemented in jails. Currently we do
not trust jails enough to execute audit related system calls. An example of
this is with su(1), or login(1) within prisons. So, if the syscall request
comes from a jail return ENOSYS. This will cause these utilities to operate
as if audit is not present in the kernel.
Looking forward, this problem will be remedied by allowing non privileged
users to maintain and their own audit streams, but the details on exactly how
this will be implemented needs to be worked out.
This change should fix situations when options AUDIT has been compiled into
the kernel, and utilities like su(1), or login(1) fail due to audit system
call failures within jails.
This is a RELENG_6 candidate.
Reported by: Christian Brueffer
Discussed with: rwatson
MFC after: 3 days
Revision Changes Path
1.8 +19 -0 src/sys/security/audit/audit_syscalls.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200610101549.k9AFnAs6074570>