Date: Wed, 25 Feb 2009 12:00:15 +0000 (UTC) From: Robert Watson <rwatson@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/sys/security/audit audit_pipe.c Message-ID: <200902251200.n1PC0OD5049589@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
rwatson 2009-02-25 12:00:15 UTC
FreeBSD src repository
Modified files: (Branch: RELENG_7)
sys/security/audit audit_pipe.c
Log:
SVN rev 189032 on 2009-02-25 12:00:15Z by rwatson
Merge r184508 from head to stable/7:
Historically, /dev/auditpipe has allows only whole records to be read via
read(2), which meant that records longer than the buffer passed to read(2)
were dropped. Instead take the approach of allowing partial reads to be
continued across multiple system calls more in the style of streaming
character device.
This means retaining a record on the per-pipe queue in a partially read
state, so maintain a current offset into the record. Keep the record on
the queue during a read, so add a new lock, ap_sx, to serialize removal
of records from the queue by either read(2) or ioctl(2) requesting a pipe
flush. Modify the kqueue handler to return bytes left in the current
record rather than simply the size of the current record.
It is now possible to use praudit, which used the standard FILE * buffer
sizes, to track much larger record sizes from /dev/auditpipe, such as
very long command lines to execve(2).
Sponsored by: Apple, Inc.
Revision Changes Path
1.11.2.8 +86 -58 src/sys/security/audit/audit_pipe.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200902251200.n1PC0OD5049589>