From owner-freebsd-hackers@freebsd.org Fri Mar 3 21:15:37 2017 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7E9E4CF71FB for ; Fri, 3 Mar 2017 21:15:37 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 6E3C31ADA for ; Fri, 3 Mar 2017 21:15:37 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: by mailman.ysv.freebsd.org (Postfix) id 6ABF8CF71FA; Fri, 3 Mar 2017 21:15:37 +0000 (UTC) Delivered-To: hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6A674CF71F9 for ; Fri, 3 Mar 2017 21:15:37 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [198.74.231.69]) by mx1.freebsd.org (Postfix) with ESMTP id 4F1A71AD9; Fri, 3 Mar 2017 21:15:37 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [198.74.231.63]) by cyrus.watson.org (Postfix) with ESMTPS id 6A9B446B91; Fri, 3 Mar 2017 16:15:31 -0500 (EST) Date: Fri, 3 Mar 2017 21:15:31 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Mahdi Mokhtari cc: hackers@freebsd.org Subject: Re: Some questions about kernel stuffs (namei, and AUDIT_ARG, ...) In-Reply-To: Message-ID: References: User-Agent: Alpine 2.20 (BSF 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Mar 2017 21:15:37 -0000 Hi Mahdi: The kernel audit(4) framework captures system-call arguments and return values to include in audit records. You can read about the details in the FreeBSD D+I book. Each record can carry information about two file/socket/... arguments. AUDIT_ARG_ATFD1() optionally records the first of those arguments, and AUDIT_ARG_ATFD2() optionally records the second one. Similarly, AUDITVNODE1 records information about the first vnode, and AUDITVNODE2 the second. execveat(2) presumably takes one file-descriptor argument, so you should use AUDIT_ARG_ATFD1() to capture that single argument. Robert On Fri, 3 Mar 2017, Mahdi Mokhtari wrote: > Hi hackers@ > I'm working on implementing and completing Linuxulator syscalls > with helps of trasz@ and dchagin@ > (and learning more about it on this way ;-D). > > In middle of this way, I'm implementing execveat() natively > for FreeBSD to use it for Linuxulator (yeah dogfooding ;]]) > > I encountered to some questions and I'm told here is the place to ask :-) > I'd like to know the difference between `AUDIT_ARG_ATFD1` and > `AUDIT_ARG_ATFD2`, > when I should use which (for a syscall for example)? > > Also, Should I free the name buffer I get from `namei()` after > `NDINIT_ATRIGHTS()` myself? (like what I do on `vput(node)`)? > > P.S. Actually namei() man page is too short to explain the API very well > (at least for me, well I'm not native English speaker '':-D), > so any hints/extra resources is appreciated __/|\__ > > -- > Best regards, MMokhi. > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" >