From owner-soc-status@FreeBSD.ORG  Tue Jul 27 14:30:14 2010
Return-Path: <owner-soc-status@FreeBSD.ORG>
Delivered-To: soc-status@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E7D9D106564A;
	Tue, 27 Jul 2010 14:30:14 +0000 (UTC)
	(envelope-from gpf.kira@gmail.com)
Received: from mail-pv0-f182.google.com (mail-pv0-f182.google.com
	[74.125.83.182])
	by mx1.freebsd.org (Postfix) with ESMTP id BA3C98FC23;
	Tue, 27 Jul 2010 14:30:14 +0000 (UTC)
Received: by pvh1 with SMTP id 1so544743pvh.13
	for <multiple recipients>; Tue, 27 Jul 2010 07:30:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:received:received:date:message-id
	:subject:from:to:content-type;
	bh=LN7ay1JJlBC/hyfV2TAVhmn5t/yaFWlGGB5QhliQJHo=;
	b=AuWuzWkBRUYoT/+pLczJM+XRIHJ+PCG4YXQCIs5qSMqudXAd8sk4YPpc8US/oMLW02
	mtSC1vYsJbzRJ1rAH8OHayvpPscmVS58yGXVWtj3bgWMv+aU88PekU5KPbdIHX3zmumQ
	LB/Usi+aQm9OF3avddYk73SHhyvYrJ3oMGsZ4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:date:message-id:subject:from:to:content-type;
	b=lppKESyDtV1aj1RQVpg3A530H8m2mnF3eV32JQAuuYVZUjtuYD+6oFh7wehz1VbYgb
	OZwmvBo0q9mKhmxPyoyFcR00oJVgqomaIy1SW3UdoldYud2ETTmMZgJ/oaTl7EupBIrX
	xauKFX91a5KrjojorulEbOvqbbT1gj06pLxzs=
MIME-Version: 1.0
Received: by 10.142.229.13 with SMTP id b13mr10446550wfh.61.1280241014006; 
	Tue, 27 Jul 2010 07:30:14 -0700 (PDT)
Received: by 10.142.125.15 with HTTP; Tue, 27 Jul 2010 07:30:13 -0700 (PDT)
Date: Tue, 27 Jul 2010 17:30:13 +0300
Message-ID: <AANLkTin7u6TTuAVQSeFOA4PewWLgxxZA4010jZqHtuiT@mail.gmail.com>
From: Efstratios Karatzas <gpf.kira@gmail.com>
To: soc-status@freebsd.org, trustedbsd-audit@trustedbsd.org
Content-Type: text/plain; charset=UTF-8
Cc: 
Subject: Audit Kernel Events, weekly report #8
X-BeenThere: soc-status@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Summer of Code Status Reports and Discussion <soc-status.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/soc-status>,
	<mailto:soc-status-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/soc-status>
List-Post: <mailto:soc-status@freebsd.org>
List-Help: <mailto:soc-status-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/soc-status>,
	<mailto:soc-status-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Jul 2010 14:30:15 -0000

Last week I implemented a method for audit to keep multiple audit
records through a tree like data structure kept with each thread. The
code is in perforce and as far as I can tell, is working just fine.
This should cover most cases, although we may have to supplement this
with a method for each kernel module to keep/update its own audit
record without messing with the thread's audit record (td_ar). The
wiki page has been updated to reflect the remaining stuff in my todo
list. I would really appreciate some feedback from any Audit dev.

http://wiki.freebsd.org/SOC2010EfstratiosKaratzas

Thank you

-- 

Efstratios "GPF" Karatzas