Date: Fri, 31 Oct 2008 14:40:21 +0000 (UTC) From: Robert Watson <rwatson@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/sys/security/audit audit_pipe.c Message-ID: <200810311440.m9VEeXwY056591@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
rwatson 2008-10-31 14:40:21 UTC
FreeBSD src repository
Modified files:
sys/security/audit audit_pipe.c
Log:
SVN rev 184508 on 2008-10-31 14:40:21Z by rwatson
Historically, /dev/auditpipe has allows only whole records to be read via
read(2), which meant that records longer than the buffer passed to read(2)
were dropped. Instead take the approach of allowing partial reads to be
continued across multiple system calls more in the style of streaming
character device.
This means retaining a record on the per-pipe queue in a partially read
state, so maintain a current offset into the record. Keep the record on
the queue during a read, so add a new lock, ap_sx, to serialize removal
of records from the queue by either read(2) or ioctl(2) requesting a pipe
flush. Modify the kqueue handler to return bytes left in the current
record rather than simply the size of the current record.
It is now possible to use praudit, which used the standard FILE * buffer
sizes, to track much larger record sizes from /dev/auditpipe, such as
very long command lines to execve(2).
MFC after: 2 months
Sponsored by: Apple, Inc.
Revision Changes Path
1.21 +86 -58 src/sys/security/audit/audit_pipe.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200810311440.m9VEeXwY056591>