Date: Fri, 3 Mar 2017 21:15:31 +0000 (GMT) From: Robert Watson <rwatson@FreeBSD.org> To: Mahdi Mokhtari <mmokhi@freebsd.org> Cc: hackers@freebsd.org Subject: Re: Some questions about kernel stuffs (namei, and AUDIT_ARG, ...) Message-ID: <alpine.BSF.2.20.1703032112230.71919@fledge.watson.org> In-Reply-To: <CAN9adSPfbxR4r=6LF0RUw8H6cFN8pXw0qSinTi9_3zu9-U8L_w@mail.gmail.com> References: <CAN9adSPfbxR4r=6LF0RUw8H6cFN8pXw0qSinTi9_3zu9-U8L_w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Mahdi: The kernel audit(4) framework captures system-call arguments and return values to include in audit records. You can read about the details in the FreeBSD D+I book. Each record can carry information about two file/socket/... arguments. AUDIT_ARG_ATFD1() optionally records the first of those arguments, and AUDIT_ARG_ATFD2() optionally records the second one. Similarly, AUDITVNODE1 records information about the first vnode, and AUDITVNODE2 the second. execveat(2) presumably takes one file-descriptor argument, so you should use AUDIT_ARG_ATFD1() to capture that single argument. Robert On Fri, 3 Mar 2017, Mahdi Mokhtari wrote: > Hi hackers@ > I'm working on implementing and completing Linuxulator syscalls > with helps of trasz@ and dchagin@ > (and learning more about it on this way ;-D). > > In middle of this way, I'm implementing execveat() natively > for FreeBSD to use it for Linuxulator (yeah dogfooding ;]]) > > I encountered to some questions and I'm told here is the place to ask :-) > I'd like to know the difference between `AUDIT_ARG_ATFD1` and > `AUDIT_ARG_ATFD2`, > when I should use which (for a syscall for example)? > > Also, Should I free the name buffer I get from `namei()` after > `NDINIT_ATRIGHTS()` myself? (like what I do on `vput(node)`)? > > P.S. Actually namei() man page is too short to explain the API very well > (at least for me, well I'm not native English speaker '':-D), > so any hints/extra resources is appreciated __/|\__ > > -- > Best regards, MMokhi. > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.20.1703032112230.71919>