From owner-freebsd-questions@freebsd.org  Fri Sep  4 22:03:19 2015
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2D44E9CA3DE
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Fri,  4 Sep 2015 22:03:19 +0000 (UTC)
 (envelope-from markham_breitbach@ssimicro.com)
Received: from smail.ssimicro.com (smail.ssimicro.com [64.247.129.42])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "smail.ssimicro.com", Issuer "test CA 1" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id E14D918E6
 for <freebsd-questions@freebsd.org>; Fri,  4 Sep 2015 22:03:18 +0000 (UTC)
 (envelope-from markham_breitbach@ssimicro.com)
Received: from markham.ssimicro.com (markham.ssimicro.com [64.247.130.99])
 (authenticated bits=0)
 by smail.ssimicro.com (8.15.1/8.14.9) with ESMTPSA id t84Lohlv090920
 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT)
 for <freebsd-questions@freebsd.org>; Fri, 4 Sep 2015 15:50:43 -0600 (MDT)
 (envelope-from markham_breitbach@ssimicro.com)
To: FreeBSD Questions <freebsd-questions@freebsd.org>
From: markham_breitbach@ssimicro.com
Subject: LD_PRELOAD
X-Enigmail-Draft-Status: N1110
Message-ID: <55EA1251.4020704@ssimicro.com>
Date: Fri, 4 Sep 2015 15:51:13 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0)
 Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Sep 2015 22:03:19 -0000

I am trying to configure the security/snoopy package as a solution for
logging shell activity within jails (I'm also open to alternative
suggestions!).  Snoopy works as an execve() wrapper that basically just
logs and passes through the calls.  For it to work though, I need to set
the LD_PRELOAD variable in the environment to force the linker to load
snoopy.so first, presumably so the snoopy execve wrapper is found before
the libc version.

If I set LD_PRELOAD=3D/usr/local/lib/snoopy.so on the command line, and
then launch a new shell, events get logged as expected, but I need to
figure out how to make that happen by default for everything in the jail.=


Thanks,

-Markham