Date: Tue, 19 Sep 2006 12:59:25 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 106338 for review Message-ID: <200609191259.k8JCxPtG049276@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=106338 Change 106338 by rwatson@rwatson_zoo on 2006/09/19 12:59:20 Provide a little backward compatibility safety for old audit_control files that don't contain a policy statement: set the policy to AUDIT_CNT if we can't load or parse the policy from the file. Affected files ... .. //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#21 edit Differences ... ==== //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#21 (text+ko) ==== @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#20 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#21 $ */ #include <sys/types.h> @@ -789,12 +789,22 @@ syslog(LOG_ERR, "Failed to obtain non-attributable event mask."); + /* + * If a policy is configured in audit_control(5), implement the + * policy. However, if one isn't defined, set AUDIT_CNT to avoid + * leaving the system in a fragile state. + */ if ((getacpol(polstr, POL_STR_SIZE) == 0) && (au_strtopol(polstr, &policy) == 0)) { if (auditon(A_SETPOLICY, &policy, sizeof(policy))) - syslog(LOG_ERR, "Failed to set audit policy."); - } else - syslog(LOG_ERR, "Failed to obtain policy flags."); + syslog(LOG_ERR, "Failed to set audit policy: %m"); + } else { + syslog(LOG_ERR, "Failed to obtain policy flags: %m"); + policy = AUDIT_CNT; + if (auditon(A_SETPOLICY, &policy, sizeof(policy))) + syslog(LOG_ERR, + "Failed to set default audit policy: %m"); + } return (0); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200609191259.k8JCxPtG049276>