From owner-trustedbsd-cvs@FreeBSD.ORG Sun Nov 5 23:47:43 2006 Return-Path: X-Original-To: trustedbsd-cvs@freebsd.org Delivered-To: trustedbsd-cvs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1CB0716A530 for ; Sun, 5 Nov 2006 23:47:43 +0000 (UTC) (envelope-from owner-perforce@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id BEF7943D45 for ; Sun, 5 Nov 2006 23:47:41 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119]) by cyrus.watson.org (Postfix) with ESMTP id 22FC046CA5 for ; Sun, 5 Nov 2006 18:47:37 -0500 (EST) Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id 6DAA0D07A1; Sun, 5 Nov 2006 23:47:22 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id 57FF616A562; Sun, 5 Nov 2006 23:47:18 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DC90716A416 for ; Sun, 5 Nov 2006 23:47:17 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2D59C43D53 for ; Sun, 5 Nov 2006 23:47:17 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id kA5NlH3U012728 for ; Sun, 5 Nov 2006 23:47:17 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id kA5NlG7P012719 for perforce@freebsd.org; Sun, 5 Nov 2006 23:47:16 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Sun, 5 Nov 2006 23:47:16 GMT Message-Id: <200611052347.kA5NlG7P012719@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 109312 for review X-BeenThere: trustedbsd-cvs@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD CVS and Perforce commit message list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Nov 2006 23:47:43 -0000 http://perforce.freebsd.org/chv.cgi?CH=109312 Change 109312 by rwatson@rwatson_fledge on 2006/11/05 23:46:36 Document the format of some additional BSM tokens in audit.log.5. Submitted by: Martin Voros Affected files ... .. //depot/projects/trustedbsd/openbsm/man/audit.log.5#16 edit Differences ... ==== //depot/projects/trustedbsd/openbsm/man/audit.log.5#16 (text+ko) ==== @@ -23,9 +23,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#15 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#16 $ .\" -.Dd May 1, 2005 +.Dd November 5, 2006 .Dt AUDIT.LOG 5 .Os .Sh NAME @@ -418,7 +418,10 @@ .Ss System V IPC Token The .Dq System V IPC -token ... +token contains the System V IPC message handle, semaphore handle or shared +memory handle. +A System V IPC token may be created using ++.Xr au_to_ipc 3 . .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" @@ -481,38 +484,60 @@ .Ss System V IPC Permission Token The .Dq System V IPC permission -token ... +token contains a System V IPC access permissions. +A System V IPC permission token may be created using +.Xr au_to_ipc_perm 3 . .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" -.It XXXXX +.It Li "Owner user ID" Ta "4 bytes" Ta "User ID of IPC owner" +.It Li "Owner group ID" Ta "4 bytes" Ta "Group ID of IPC owner" +.It Li "Creator user ID" Ta "4 bytes" Ta "User ID of IPC creator" +.It Li "Creator group ID" Ta "4 bytes" Ta "Group ID of IPC creator" +.It Li "Access mode" Ta "4 bytes" Ta "Access mode" +.It Li "Sequnce number" Ta "4 bytes" Ta "Sequnce number" +.It Li "Key" Ta "4 bytes" Ta "IPC key" .El .Ss Arg Token The .Dq arg -token ... +token contains informations about arguments of the system call. +Depending on the size of the desired argument value, an Arg token may be +created using +.Xr au_to_arg32 3 +or +.Xr au_to_arg64 3 . .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" -.It XXXXX +.It Li "Argument ID" Ta "1 byte" Ta "Argument ID" +.It Li "Argument value" Ta "4/8 bytes" Ta "Argument value" +.It Li "Length" Ta "2 bytes" Ta "Length of the text" +.It Li "Text" Ta "N bytes + 1 nul" Ta "The string including nul" .El .Ss exec_args Token The .Dq exec_args -token ... +token contains informations about arguements of the exec() system call. +An exec_args token may be created using +.Xr au_to_exec_args 3 . .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" -.It XXXXX +.It Li "Count" Ta "4 bytes" Ta "Number of arguments" +.It Li "Text" Ta "* bytes" Ta "Count null-terminated strings" .El .Ss exec_env Token The .Dq exec_env -token ... +token contains current eviroment variables to an exec() system call. +An exec_args token may be created using +.Xr au_to_exec_env 3 . .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" -.It XXXXX +.It Li "Count ID" Ta "4 bytes" Ta "Number of variables" +.It Li "Text" Ta "* bytes" Ta "Count nul-terminated strings" .El .Ss Exit Token The @@ -531,11 +556,29 @@ .Ss Socket Token The .Dq socket -token ... +token contains informations about UNIX domain and Internet sockets. +Each token has four or eight fields. +Depend on type of socket a socket token may be created using +.Xr au_to_sock_unix 3 , +.Xr au_to_sock_inet32 3 or +.Xr au_to_sock_inet128 3 . +.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" +.It Sy "Field" Ta Sy Bytes Ta Sy Description +.It Li "Token ID" Ta "1 byte" Ta "Token ID" +.It Li "Socket family" Ta "2 bytes" Ta "Socket family" +.It Li "Local port" Ta "2 bytes" Ta "Local port" +.It Li "Socket address" Ta "4 bytes" Ta "Socket address" +.El .Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL" .It Sy "Field Bytes Description" .It "Token ID 1 byte Token ID" -.It XXXXX ++.It Li "Socket domain" Ta "4 bytes" Ta "Socket domain" ++.It Li "Socket family" Ta "2 bytes" Ta "Socket family" ++.It Li "Address type" Ta "1 byte" Ta "Address type (IPv4/IPv6)" ++.It Li "Local port" Ta "2 bytes" Ta "Local port" ++.It Li "Local IP address" Ta "4/16 bytes" Ta "Local IP address" ++.It Li "Remote port" Ta "2 bytes" Ta "Remote port" ++.It Li "Remote IP address" Ta "4/16 bytes" Ta "Remote IP address" .El .Ss Expanded Socket Token The