Date: Mon, 17 Oct 2005 14:39:04 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 85443 for review Message-ID: <200510171439.j9HEd4tW071327@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=85443 Change 85443 by rwatson@rwatson_zoo on 2005/10/17 14:38:23 Audit the pid being requested in wait4(). Solaris appears not to audit wait4(), so we don't currently model it on a standard BSM audit record. Affected files ... .. //depot/projects/trustedbsd/audit3/sys/kern/kern_exit.c#9 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_audit.c#22 edit Differences ... ==== //depot/projects/trustedbsd/audit3/sys/kern/kern_exit.c#9 (text+ko) ==== @@ -594,6 +594,8 @@ struct proc *p, *q, *t; int error, nfound; + AUDIT_ARG(pid, pid); + q = td->td_proc; if (pid == 0) { PROC_LOCK(q); ==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_audit.c#22 (text+ko) ==== @@ -1018,6 +1018,11 @@ kau_write(rec, tok); break; + case AUE_WAIT4: + tok = au_to_arg32(0, "pid", ar->ar_arg_pid); + kau_write(rec, tok); + break; + default: /* We shouldn't fall through to here. */ printf("BSM conversion requested for unknown event %d\n", ar->ar_event);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200510171439.j9HEd4tW071327>