Date: Tue, 16 Aug 2016 00:18:40 +0200 From: Mateusz Piotrowski <0mp@FreeBSD.org> To: freebsd-hackers@freebsd.org, trustedbsd-audit@freebsd.org, trustedbsd-discuss@freebsd.org Cc: Konrad Witaszczyk <def@freebsd.org>, rwatson@FreeBSD.org Subject: How to bring au_to_attr(3) back to the userland? Message-ID: <83CC669E-FED9-4ABE-A5A5-376E1A743AF8@FreeBSD.org>
next in thread | raw e-mail | index | archive | help
Hello, I participate in Google Summer of Code at FreeBSD this year. My project = is about converting Linux Audit logs to the BSM format (see my wiki[0]). Recently, I've come across a problem with the libbsm(3) API. I'd like to = be able to generate an attribute token. Unfortunatelly, au_to_attr which = generates those tokens is not available in the userland (I email FreeBSD-hackers at = FreeBSD about this issue[1]). Together with my mentor we came up with a few possible solutions to this = problem but we are not sure which one is the best. This is why I'd like to = dicuss the pros and cons. Solutions: 1. The first idea is to add a userland version of the au_to_attr = function. The implementation would be similar to the one of the au_to_exec_* = functions. (See sys/security/audit/bsm_token.c[2].) 2. The second idea is to bring back the vattr structure. At the moment au_to_attr has one paramter of type `struct vnode_au_info`. = Historically, au_to_attr used `struct vattr`. A possible solution is to bring vattr = to the userland and change the parameter of au_to_attr back to `struct vattr`. At the moment `struct vattr` is included in sys/vnode.h but it lacks = the interace. (I summed up everything I know on this wiki page[3].) 3. The last idea is to make `struct vnode_au_info` and `au_to_attr` = accessible from the userland (by simply unwrapping the prototypes from the = KERNEL/_KERNEL conditional compilation macros). Cheers, -Mateusz [0]: = https://wiki.freebsd.org/SummerOfCode2016/NonBSMtoBSMConversionTools [1]: = https://lists.freebsd.org/pipermail/freebsd-hackers/2016-August/049835.htm= l [2]: = https://github.com/freebsd/freebsd/blob/af3e10e5a78d3af8cef6088748978c6c61= 2757f0/sys/security/audit/bsm_token.c#L1281-L1405 [3]: = https://github.com/0mp/freebsd/wiki/vattr(99://github.com/0mp/freebsd/wiki= /vattr(99)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?83CC669E-FED9-4ABE-A5A5-376E1A743AF8>