Date: Mon, 5 Jun 2006 15:42:05 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 98572 for review Message-ID: <200606051542.k55Fg5YZ099226@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=98572 Change 98572 by rwatson@rwatson_zoo on 2006/06/05 15:41:59 Integrate TrustedBSD base branch to loop back various audit changes: - audit.4 -> audit.4 + auditpipe.4, documentation of preselection, etc. - Some auditing of mount-related arguments (only simple ones merged). - Use uma_zfree() on audit records. Also merge: - if_le works with vmware again Affected files ... .. //depot/projects/trustedbsd/base/lib/libc/i386/gen/_ctx_start.S#4 integrate .. //depot/projects/trustedbsd/base/share/man/man4/Makefile#67 integrate .. //depot/projects/trustedbsd/base/share/man/man4/audit.4#2 integrate .. //depot/projects/trustedbsd/base/share/man/man4/auditpipe.4#1 branch .. //depot/projects/trustedbsd/base/sys/dev/le/if_le_pci.c#3 integrate .. //depot/projects/trustedbsd/base/sys/kern/vfs_mount.c#48 integrate .. //depot/projects/trustedbsd/base/sys/security/audit/audit.c#7 integrate Differences ... ==== //depot/projects/trustedbsd/base/lib/libc/i386/gen/_ctx_start.S#4 (text+ko) ==== @@ -25,7 +25,7 @@ */ #include <machine/asm.h> -__FBSDID("$FreeBSD: src/lib/libc/i386/gen/_ctx_start.S,v 1.3 2004/07/02 14:19:44 davidxu Exp $"); +__FBSDID("$FreeBSD: src/lib/libc/i386/gen/_ctx_start.S,v 1.4 2006/06/05 14:59:33 kib Exp $"); /* * _ctx_start((void *func)(int arg1, ..., argn), @@ -41,10 +41,11 @@ ENTRY(_ctx_start) popl %eax /* get start function */ call *%eax /* call start function */ + PIC_PROLOGUE movl %esi, %esp /* * setup stack for completion routine; * ucp is now at top of stack */ - call _ctx_done /* should never return */ - call abort /* fubar */ + call PIC_PLT(_ctx_done) /* should never return */ + call PIC_PLT(abort) /* fubar */ ret ==== //depot/projects/trustedbsd/base/share/man/man4/Makefile#67 (text+ko) ==== @@ -1,5 +1,5 @@ # @(#)Makefile 8.1 (Berkeley) 6/18/93 -# $FreeBSD: src/share/man/man4/Makefile,v 1.351 2006/05/20 06:21:42 brueffer Exp $ +# $FreeBSD: src/share/man/man4/Makefile,v 1.352 2006/06/05 15:26:09 rwatson Exp $ MAN= aac.4 \ acpi.4 \ @@ -29,6 +29,7 @@ atkbd.4 \ atkbdc.4 \ audit.4 \ + auditpipe.4 \ aue.4 \ awi.4 \ axe.4 \ ==== //depot/projects/trustedbsd/base/share/man/man4/audit.4#2 (text+ko) ==== @@ -22,9 +22,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $FreeBSD: src/share/man/man4/audit.4,v 1.6 2006/02/06 20:27:00 rwatson Exp $ +.\" $FreeBSD: src/share/man/man4/audit.4,v 1.7 2006/06/05 15:26:09 rwatson Exp $ .\" -.Dd February 6, 2006 +.Dd May 5, 2006 .Os .Dt AUDIT 4 .Sh NAME @@ -62,37 +62,11 @@ space conditions, and requests to terminate auditing. This device is not intended for use by applications. .Ss Audit Pipe Special Devices -While audit trail files maintained by -.Xr auditd 8 -provide a reliable long-term store for audit log information, current log -files are owned by the audit daemon until terminated making them somewhat -unwieldy for live montoring applications such as host-based intrusion -detection. -For example, the log may be cycled and new records written to a new file -without notice to applications that may be accessing the file. -.Pp -The audit facility provides an audit pipe facility for applications requiring -direct access to live BSM audit data for the purposes of real-time -monitoring. -Audit pipes are available via a clonable special device, -.Pa /dev/auditpipe , -subject to the permissions on the device node, and provide a -.Qq tee -of the audit event stream. -As the device is clonable, more than one instance of the device may be opened -at a time; each device instance will provide access to all records. -.Pp -The audit pipe device provides discreet BSM audit records; if the read buffer -passed by the application is too small to hold the next record in the -sequence, it will be dropped. -Unlike audit data written to the audit trail, the reliability of record -delivery is not guaranteed. -In particular, when an audit pipe queue fills, records will be dropped. -Audit pipe devices are blocking by default, but support non-blocking I/O, -asynchronous I/O using SIGIO, and support for polled operation via -.Xr select 2 -and -.Xr poll 2 . +Audit pipe special devices, discussed in +.Xr auditpipe 4 , +provide a configurable live tracking mechanism to allow applications to +tee the audit trail, as well as to configure custom preselection paramaters +to track users and events in a fine-grained manner. .Sh SEE ALSO .Xr auditreduce 1 , .Xr praudit 1 , @@ -106,6 +80,7 @@ .Xr setaudit 2 , .Xr setauid 2 , .Xr libbsm 3 , +.Xr auditpipe 4 , .Xr audit.log 5 , .Xr audit_class 5 , .Xr audit_control 5 , ==== //depot/projects/trustedbsd/base/sys/dev/le/if_le_pci.c#3 (text+ko) ==== @@ -72,7 +72,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/dev/le/if_le_pci.c,v 1.3 2006/05/16 21:04:01 marius Exp $"); +__FBSDID("$FreeBSD: src/sys/dev/le/if_le_pci.c,v 1.4 2006/06/05 15:14:14 marius Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -263,8 +263,16 @@ le_pci_hwreset(struct lance_softc *sc) { - /* Chip is stopped. Set software style to ILACC (32-bit). */ - le_pci_wrbcr(sc, LE_BCR20, LE_B20_SSTYLE_ILACC); + /* + * Chip is stopped. Set software style to PCnet-PCI (32-bit). + * Actually, am79900.c implements ILACC support (hence its + * name) but unfortunately VMware does not. As far as this + * driver is concerned that should not make a difference + * though, as the settings used have the same meaning for + * both, ILACC and PCnet-PCI (note that there would be a + * difference for the ADD_FCS/NO_FCS bit if used). + */ + le_pci_wrbcr(sc, LE_BCR20, LE_B20_SSTYLE_PCNETPCI2); } static void ==== //depot/projects/trustedbsd/base/sys/kern/vfs_mount.c#48 (text+ko) ==== @@ -35,7 +35,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/kern/vfs_mount.c,v 1.226 2006/06/02 20:29:02 pjd Exp $"); +__FBSDID("$FreeBSD: src/sys/kern/vfs_mount.c,v 1.227 2006/06/05 15:32:07 rwatson Exp $"); #include <sys/param.h> #include <sys/conf.h> @@ -63,6 +63,8 @@ #include <machine/stdarg.h> +#include <security/audit/audit.h> + #include "opt_rootdevname.h" #include "opt_ddb.h" #include "opt_mac.h" @@ -374,6 +376,8 @@ int error; u_int iovcnt; + AUDIT_ARG(fflags, uap->flags); + /* Kick out MNT_ROOTFS early as it is legal internally */ if (uap->flags & MNT_ROOTFS) return (EINVAL); @@ -733,12 +737,15 @@ struct mntarg *ma = NULL; int error; + AUDIT_ARG(fflags, uap->flags); + /* Kick out MNT_ROOTFS early as it is legal internally */ uap->flags &= ~MNT_ROOTFS; fstype = malloc(MFSNAMELEN, M_TEMP, M_WAITOK); error = copyinstr(uap->type, fstype, MFSNAMELEN, NULL); if (!error) { + AUDIT_ARG(text, fstype); mtx_lock(&Giant); /* XXX ? */ vfsp = vfs_byname_kld(fstype, td, &error); mtx_unlock(&Giant); @@ -826,7 +833,8 @@ /* * Get vnode to be covered */ - NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_SYSSPACE, fspath, td); + NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_SYSSPACE, + fspath, td); if ((error = namei(&nd)) != 0) return (error); NDFREE(&nd, NDF_ONLY_PNBUF); @@ -1054,6 +1062,7 @@ free(pathbuf, M_TEMP); return (error); } + AUDIT_ARG(upath, td, pathbuf, ARG_UPATH1); if (uap->flags & MNT_BYFSID) { /* Decode the filesystem ID. */ if (sscanf(pathbuf, "FSID:%d:%d", &id0, &id1) != 2) { ==== //depot/projects/trustedbsd/base/sys/security/audit/audit.c#7 (text) ==== @@ -27,7 +27,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $FreeBSD: src/sys/security/audit/audit.c,v 1.15 2006/06/05 14:48:17 rwatson Exp $ + * $FreeBSD: src/sys/security/audit/audit.c,v 1.16 2006/06/05 15:38:12 rwatson Exp $ */ #include <sys/param.h> @@ -395,7 +395,7 @@ mtx_lock(&audit_mtx); audit_pre_q_len--; mtx_unlock(&audit_mtx); - uma_zfree(audit_record_zone, ar); + audit_free(ar); return; } @@ -421,7 +421,7 @@ if (audit_suspended || !audit_enabled) { audit_pre_q_len--; mtx_unlock(&audit_mtx); - uma_zfree(audit_record_zone, ar); + audit_free(ar); return; }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200606051542.k55Fg5YZ099226>