Date: Wed, 25 Feb 2009 12:00:15 +0000 (UTC) From: Robert Watson <rwatson@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/sys/security/audit audit_pipe.c Message-ID: <200902251200.n1PC0OD5049589@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
rwatson 2009-02-25 12:00:15 UTC FreeBSD src repository Modified files: (Branch: RELENG_7) sys/security/audit audit_pipe.c Log: SVN rev 189032 on 2009-02-25 12:00:15Z by rwatson Merge r184508 from head to stable/7: Historically, /dev/auditpipe has allows only whole records to be read via read(2), which meant that records longer than the buffer passed to read(2) were dropped. Instead take the approach of allowing partial reads to be continued across multiple system calls more in the style of streaming character device. This means retaining a record on the per-pipe queue in a partially read state, so maintain a current offset into the record. Keep the record on the queue during a read, so add a new lock, ap_sx, to serialize removal of records from the queue by either read(2) or ioctl(2) requesting a pipe flush. Modify the kqueue handler to return bytes left in the current record rather than simply the size of the current record. It is now possible to use praudit, which used the standard FILE * buffer sizes, to track much larger record sizes from /dev/auditpipe, such as very long command lines to execve(2). Sponsored by: Apple, Inc. Revision Changes Path 1.11.2.8 +86 -58 src/sys/security/audit/audit_pipe.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200902251200.n1PC0OD5049589>