Date: Mon, 6 Feb 2006 15:59:42 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 91238 for review Message-ID: <200602061559.k16Fxg3f058271@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=91238 Change 91238 by rwatson@rwatson_peppercorn on 2006/02/06 15:59:26 Add a first cut at audit pipe support, the ability for appropriately privileged processes to register for a "tee" of the live audit record stream via a cloned special device. Unlike the commit to disk, the pipe tee is unreliable, but allows processes to unreliably track audit events via direct kernel I/O rather than going through the audit trail file. This code almost certainly doesn't work yet, but is going into the branch so it can make its way to test machines. On the todo for it is proper select/sigio/poll support, as right now it simply provides blocking read. Affected files ... .. //depot/projects/trustedbsd/audit3/sys/conf/files#13 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit.c#8 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_pipe.c#1 add .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_private.h#15 edit Differences ... ==== //depot/projects/trustedbsd/audit3/sys/conf/files#13 (text+ko) ==== @@ -1828,6 +1828,7 @@ security/audit/audit_bsm.c optional audit security/audit/audit_bsm_klib.c optional audit security/audit/audit_bsm_token.c optional audit +security/audit/audit_pipe.c optional audit security/mac/mac_inet.c optional mac inet security/mac/mac_label.c optional mac security/mac/mac_net.c optional mac ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit.c#8 (text+ko) ==== @@ -407,6 +407,11 @@ ret = EINVAL; goto out; } + + /* + * Try submitting the record to any active audit pipes. + */ + audit_pipe_submit((void *)bsm->data, bsm->len); /* * XXX ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_private.h#15 (text+ko) ==== @@ -303,4 +303,9 @@ void audit_rotate_vnode(struct ucred *cred, struct vnode *vp); +/* + * Audit pipe functions. + */ +void audit_pipe_submit(void *record, u_int record_len); + #endif /* ! _BSM_AUDIT_PRIVATE_H */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200602061559.k16Fxg3f058271>