From owner-p4-projects@FreeBSD.ORG Sat Feb 4 16:07:54 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 35BC816A423; Sat, 4 Feb 2006 16:07:54 +0000 (GMT) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EE09B16A420 for ; Sat, 4 Feb 2006 16:07:53 +0000 (GMT) (envelope-from wsalamon@computer.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9DBB544644 for ; Sat, 4 Feb 2006 16:07:53 +0000 (GMT) (envelope-from wsalamon@computer.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k14G7rHP021049 for ; Sat, 4 Feb 2006 16:07:53 GMT (envelope-from wsalamon@computer.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k14G7r4W021046 for perforce@freebsd.org; Sat, 4 Feb 2006 16:07:53 GMT (envelope-from wsalamon@computer.org) Date: Sat, 4 Feb 2006 16:07:53 GMT Message-Id: <200602041607.k14G7r4W021046@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to wsalamon@computer.org using -f From: Wayne Salamon To: Perforce Change Reviews Cc: Subject: PERFORCE change 91073 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Feb 2006 16:07:55 -0000 http://perforce.freebsd.org/chv.cgi?CH=91073 Change 91073 by wsalamon@gretsch on 2006/02/04 16:07:32 Update the TODO list. Some things have actually been done. Affected files ... .. //depot/projects/trustedbsd/audit3/notes/TODO_audit.txt#2 edit Differences ... ==== //depot/projects/trustedbsd/audit3/notes/TODO_audit.txt#2 (text+ko) ==== @@ -7,7 +7,7 @@ - Add a file token to the audit startup record, containing the audit log file. -- Look at what audited writes when the file is rotated. +- Look at what auditd writes when the file is rotated. - Sweep of system call tables to see if any new BSM types are needed, that all system calls have the right BSM types assigned, and so on. (See the @@ -26,8 +26,6 @@ tokens. Existing tests verify at the record level, not token level. So we have EVENT->RECORD tests, need RECORD->TOKENS tests. -- Fix up pathname lookups in kernel. [IN PROGRESS] - - MAC->Audit integration, where the audit system pulls MAC label information from policies. @@ -40,9 +38,6 @@ - Sweep of BSM event types to see what should or shouldn't be coalesced or renamed. -- Restructure sys/security/audit to even out the sizes a bit, break it down, -clean it up, etc. [IN PROGRESS] - - Review set of user space programs and libraries to identify audit-relevant events and plan out how each needs audit support. For example, login has basic support right now, but sshd, etc, don't. @@ -53,14 +48,9 @@ - Expand praudit to speak Sun's new XML output format. -- Fix licenses and copyrights, with the help of Apple [IN PROGRESS] - - Investigate Sun's enhanced audit API they've been working on, decide what if anything to do with it. -- Remove pathname lookup for file descriptor based calls as it is not -reliable. - - Write test code for converting BSM to/from text. - Write test code to make sure auditd handles triggers, rotates log files, @@ -71,3 +61,6 @@ - Add a function to the audit test library to load the kernel event->class mapping so auditd need not be run before testing. + +- Expand the subject token to include jail information. Add this informtion +for processes that are running in a jail.