Date: Mon, 23 Nov 2020 11:17:50 +1100 From: Dewayne Geraghty <dewayne@heuristicsystems.com.au> To: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Audit & capscicum on FreeBSD 12.2Stable Message-ID: <9824de4c-852a-28c5-eb0a-8ef4b5c6bbda@heuristicsystems.com.au>
next in thread | raw e-mail | index | archive | help
I've recently included capscium & casper in our build, but we're finding "Function not implemented" associated with the capscium audit events. header,68,11,cap_rights_limit(2),0,Mon Nov 23 10:27:51 2020, + 426 msec subject,-1,root,wheel,root,wheel,41624,0,0,0.0.0.0 return,failure : Function not implemented,4294967295 trailer,68 header,68,11,cap_ioctls_limit(2),0,Mon Nov 23 10:27:51 2020, + 426 msec subject,-1,root,wheel,root,wheel,41624,0,0,0.0.0.0 return,failure : Function not implemented,4294967295 trailer,68 header,68,11,cap_fcntls_limit(2),0,Mon Nov 23 10:27:51 2020, + 426 msec subject,-1,root,wheel,root,wheel,41624,0,0,0.0.0.0 return,failure : Function not implemented,4294967295 trailer,68 Do these mean that: the audit subsystem doesn't know how to deal with capscium; that capsicum doesn't interact with audit very well, or is there something else going on? These events are in /etc/security/audit_event audit_event:43186:AUE_CAP_NEW:cap_new(2):fm audit_event:43187:AUE_CAP_RIGHTS_GET:cap_rights_get(2):fm audit_event:43188:AUE_CAP_ENTER:cap_enter(2):pc audit_event:43189:AUE_CAP_GETMODE:cap_getmode(2):pc audit_event:43202:AUE_CAP_RIGHTS_LIMIT:cap_rights_limit(2):fm audit_event:43203:AUE_CAP_IOCTLS_LIMIT:cap_ioctls_limit(2):fm audit_event:43204:AUE_CAP_IOCTLS_GET:cap_ioctls_get(2):fm audit_event:43205:AUE_CAP_FCNTLS_LIMIT:cap_fcntls_limit(2):fm audit_event:43206:AUE_CAP_FCNTLS_GET:cap_fcntls_get(2):fm System is (from uname -aKU extract) FreeBSD 12.2-STABLE FreeBSD 12.2-STABLE #0 r367477M: Mon Nov 9 07:33:12 AEDT 2020 amd64 1202503 1202503 Regards, Dewayne
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9824de4c-852a-28c5-eb0a-8ef4b5c6bbda>