From owner-soc-status@FreeBSD.ORG Mon Jul 12 13:20:29 2010 Return-Path: Delivered-To: soc-status@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 993CE106564A; Mon, 12 Jul 2010 13:20:28 +0000 (UTC) (envelope-from gpf.kira@gmail.com) Received: from mail-wy0-f182.google.com (mail-wy0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id 091B98FC23; Mon, 12 Jul 2010 13:20:27 +0000 (UTC) Received: by wyb34 with SMTP id 34so3937503wyb.13 for ; Mon, 12 Jul 2010 06:20:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=Byqtk6KMsHng1pctYkGe3BDSuhR17XHtvvGcJQyGlCQ=; b=oU7WRORgmwAb6S9t430U7fGz7nYFoDWqssO/FVLaIn/Cjf0eGY8LitqyjesjW+bHj/ 9QMw2st6nQcKUj65MUBA104IccU6g7EBT8wp3gPHyBVJhuOWF4rCE3+ed1YqY4yVy0ho Z7np1tlB47uuSNv7trUXybvKjRnuzFRXDAa9g= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=AAJZuUidac3lpkv9Jt1lnGtFklx8wbNCCF2L0E/JVQBwyvlZj+YhUwki5mDIfEoohE vUh4Cm+qQTa2juvejoeXkEeZm9GNhBjeK3R+D21DbJYVkBZV1epheS4ETVTAjV/q77C8 pPrRIu0F15rxeDGV6pILW6vYFAwkm7GEW+i6o= MIME-Version: 1.0 Received: by 10.216.178.199 with SMTP id f49mr8598515wem.110.1278940817748; Mon, 12 Jul 2010 06:20:17 -0700 (PDT) Received: by 10.216.235.169 with HTTP; Mon, 12 Jul 2010 06:20:17 -0700 (PDT) Date: Mon, 12 Jul 2010 16:20:17 +0300 Message-ID: From: Efstratios Karatzas To: soc-status@freebsd.org, trustedbsd-audit@trustedbsd.org Content-Type: text/plain; charset=UTF-8 Cc: Subject: Audit Kernel Events, weekly report #6 X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Jul 2010 13:20:29 -0000 I spent last week working towards providing audit support for NFSv4 and I can say that it's pretty much done. In most cases we are auditing the arguments of the RPC, but not all of them; some of them just don't seem to have any real value, like sequence ids or open_stateids. In other cases, e.g. RPCs 'read' & 'write', I tried to audit the same amount of information as in the relative syscalls. In any case, it may prove useful to create a matrix of sorts in my wiki page that clearly shows what information is gathered for each individual RPC, so that others may comment freely. For now, please refer to the description field of my perforce submits. There are still things to be done such as introducing new token types so that the audit trail produced by praudit is prettier. Also, praudit needs to map return error codes to NFS errors and not errno specific errors. I'm going to postpone working on praudit because I'm mostly worried about changes in the kernel, so it's a low priority job for me. Last but not least, I'm still a bit baffled about the different ways we may combine share_access, share_deny and other NFS RPC 'open' flags. I couldn't make much sense out of the RFC in this case; I'll take another look and perhaps bother our NFS coder with an e-mail. I'm scratching NFSv4 off my todo list and I'm moving on towards the last milestone: making audit handle multiple simultaneous audit records per kernel thread. Thanks -- Efstratios "GPF" Karatzas