From owner-cvs-all@FreeBSD.ORG  Tue Oct 10 15:49:10 2006
Return-Path: <owner-cvs-all@FreeBSD.ORG>
X-Original-To: cvs-all@FreeBSD.org
Delivered-To: cvs-all@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E47DB16A40F;
	Tue, 10 Oct 2006 15:49:10 +0000 (UTC)
	(envelope-from csjp@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B3A0C43D7C;
	Tue, 10 Oct 2006 15:49:10 +0000 (GMT)
	(envelope-from csjp@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k9AFnAtK074571;
	Tue, 10 Oct 2006 15:49:10 GMT
	(envelope-from csjp@repoman.freebsd.org)
Received: (from csjp@localhost)
	by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k9AFnAs6074570;
	Tue, 10 Oct 2006 15:49:10 GMT (envelope-from csjp)
Message-Id: <200610101549.k9AFnAs6074570@repoman.freebsd.org>
From: "Christian S.J. Peron" <csjp@FreeBSD.org>
Date: Tue, 10 Oct 2006 15:49:10 +0000 (UTC)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Cc: 
Subject: cvs commit: src/sys/security/audit audit_syscalls.c
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Oct 2006 15:49:11 -0000

csjp        2006-10-10 15:49:10 UTC

  FreeBSD src repository

  Modified files:
    sys/security/audit   audit_syscalls.c 
  Log:
  Mark the audit system calls as being un-implemented in jails. Currently we do
  not trust jails enough to execute audit related system calls. An example of
  this is with su(1), or login(1) within prisons. So, if the syscall request
  comes from a jail return ENOSYS. This will cause these utilities to operate
  as if audit is not present in the kernel.
  
  Looking forward, this problem will be remedied by allowing non privileged
  users to maintain and their own audit streams, but the details on exactly how
  this will be implemented needs to be worked out.
  
  This change should fix situations when options AUDIT has been compiled into
  the kernel, and utilities like su(1), or login(1) fail due to audit system
  call failures within jails.
  
  This is a RELENG_6 candidate.
  
  Reported by:    Christian Brueffer
  Discussed with: rwatson
  MFC after:      3 days
  
  Revision  Changes    Path
  1.8       +19 -0     src/sys/security/audit/audit_syscalls.c