From owner-p4-projects@FreeBSD.ORG Mon Feb 6 15:59:45 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id D7B4F16A447; Mon, 6 Feb 2006 15:59:44 +0000 (GMT) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5E82616A447 for ; Mon, 6 Feb 2006 15:59:44 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3FB1A43D5A for ; Mon, 6 Feb 2006 15:59:43 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k16Fxh8L058274 for ; Mon, 6 Feb 2006 15:59:43 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k16Fxg3f058271 for perforce@freebsd.org; Mon, 6 Feb 2006 15:59:42 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Mon, 6 Feb 2006 15:59:42 GMT Message-Id: <200602061559.k16Fxg3f058271@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 91238 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Feb 2006 15:59:46 -0000 http://perforce.freebsd.org/chv.cgi?CH=91238 Change 91238 by rwatson@rwatson_peppercorn on 2006/02/06 15:59:26 Add a first cut at audit pipe support, the ability for appropriately privileged processes to register for a "tee" of the live audit record stream via a cloned special device. Unlike the commit to disk, the pipe tee is unreliable, but allows processes to unreliably track audit events via direct kernel I/O rather than going through the audit trail file. This code almost certainly doesn't work yet, but is going into the branch so it can make its way to test machines. On the todo for it is proper select/sigio/poll support, as right now it simply provides blocking read. Affected files ... .. //depot/projects/trustedbsd/audit3/sys/conf/files#13 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit.c#8 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_pipe.c#1 add .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_private.h#15 edit Differences ... ==== //depot/projects/trustedbsd/audit3/sys/conf/files#13 (text+ko) ==== @@ -1828,6 +1828,7 @@ security/audit/audit_bsm.c optional audit security/audit/audit_bsm_klib.c optional audit security/audit/audit_bsm_token.c optional audit +security/audit/audit_pipe.c optional audit security/mac/mac_inet.c optional mac inet security/mac/mac_label.c optional mac security/mac/mac_net.c optional mac ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit.c#8 (text+ko) ==== @@ -407,6 +407,11 @@ ret = EINVAL; goto out; } + + /* + * Try submitting the record to any active audit pipes. + */ + audit_pipe_submit((void *)bsm->data, bsm->len); /* * XXX ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_private.h#15 (text+ko) ==== @@ -303,4 +303,9 @@ void audit_rotate_vnode(struct ucred *cred, struct vnode *vp); +/* + * Audit pipe functions. + */ +void audit_pipe_submit(void *record, u_int record_len); + #endif /* ! _BSM_AUDIT_PRIVATE_H */