Date: Fri, 02 Mar 2012 17:38:46 +0200 From: George Mamalakis <mamalos@eng.auth.gr> To: stable@freebsd.org Subject: audit in jail Message-ID: <4F50E986.5040406@eng.auth.gr>
next in thread | raw e-mail | index | archive | help
Hello everybody, has anyone started auditd inside a jail successfully? I allowed audit and auditpipe from devfs inside the jails (I have confirmed their existence in the jails as well...:-) ), but when I run auditd I am getting this message in my logs: Mar 2 15:20:29 myhost auditd[89494]: auditd_prevent_audit() could not set active audit session state: Function not implemented Mar 2 15:20:29 myhost mamalos: audit warning: nostart I googled it, but didn't find much. I checked the code and after some searching, I found that the problem was occurring when the setaudit system call is being called. I checked the code of audit_syscalls and found that: 584: if (jailed(td->td_ucred)) 585: return (ENOSYS); in the sys_setaudit() context...which is somewhat clear as to what it means :-). Is there anything I have omitted, or is it that clear that audit does not run in jails? And if so, are there any thoughts on implementing in the near future? Thank you all for your help and time in advance. -- George Mamalakis IT and Security Officer Electrical and Computer Engineer (Aristotle Un. of Thessaloniki), MSc (Imperial College of London) Department of Electrical and Computer Engineering Faculty of Engineering Aristotle University of Thessaloniki phone number : +30 (2310) 994379
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F50E986.5040406>