From owner-soc-status@FreeBSD.ORG Sun Jul 18 18:00:19 2010 Return-Path: Delivered-To: soc-status@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7BD721065679; Sun, 18 Jul 2010 18:00:19 +0000 (UTC) (envelope-from gpf.kira@gmail.com) Received: from mail-wy0-f182.google.com (mail-wy0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id EA00A8FC23; Sun, 18 Jul 2010 18:00:17 +0000 (UTC) Received: by wyf22 with SMTP id 22so4375554wyf.13 for ; Sun, 18 Jul 2010 11:00:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=lJjO1Xc5x2/mXdPiB1A9P9snU4x5NEzZTvun+ASJNTs=; b=DgmDKQyW7UVn1dmzfERjuri2ITKrMvlwJaz3nv5Suaj9AE2q47EQ+QckPNZE7cgb2W bex5BpMtjPz9HWKC/D/yVJH+z0rbru5av5l4ELJvu+r01sDoJfOqgUqaenLKSwzTW0aO 6+wyJvaw9POnJRIa/lY/8mzmzTw1RsL67bO88= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=tLO4bkuDZ/FyzPpUzJpiJbOWJWB/OzaJo4FGG3FhlDIrIlCKpvRGDZev+OQLSE/Zg2 HOkd2uNpDxsXlYPyCP7t+eJ8W8RyxuMiMRU2lAWIeyADP8bzGeEaZ0SUFwXy2teqF6l3 HyC4sHtqNjihNWV4gokbiwBwrisf98l7EX6kk= MIME-Version: 1.0 Received: by 10.227.147.194 with SMTP id m2mr3091226wbv.115.1279476016482; Sun, 18 Jul 2010 11:00:16 -0700 (PDT) Received: by 10.216.80.203 with HTTP; Sun, 18 Jul 2010 11:00:16 -0700 (PDT) Date: Sun, 18 Jul 2010 21:00:16 +0300 Message-ID: From: Efstratios Karatzas To: soc-status@freebsd.org, trustedbsd-audit@trustedbsd.org Content-Type: text/plain; charset=UTF-8 Cc: Subject: Audit Kernel Events, weekly report #7 X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jul 2010 18:00:19 -0000 I spent this week going through my code, making notes & testing things; I spotted a few minor bugs and I just merged the fixes with perforce. More importantly, I finished the pseudo-algorithm that solves the issue of handling multiple simultaneous audit records per kernel thread. It involves handling a tree like data structure; this is a short description: Every time we come across a new sec event inside the kernel (AUDIT_something_ENTER()), the tree grows (the new kaudit record is the child of the current kaudit record), we switch the auditing flag accordingly and the thread's td_ar now points to the new kaudit_record. When the event is finished (AUDIT_something_EXIT()), the auditing flag switches back to the value of our parent sec event and td_ar now points to the parent kaudit_record. If we exited the sec event that is the root of our tree, we commit the whole tree to the auditing daemon in preorder. The only thing left to do is turn this into code. I've already begun working on this and I'm confident that it won't be long before there's a working version in perforce. Thank you -- Efstratios "GPF" Karatzas