audit in jail
George Mamalakis
mamalos at eng.auth.gr
Fri Mar 2 16:02:59 UTC 2012
Hello everybody,
has anyone started auditd inside a jail successfully? I allowed audit
and auditpipe from devfs inside the jails (I have confirmed their
existence in the jails as well...:-) ), but when I run auditd I am
getting this message in my logs:
Mar 2 15:20:29 myhost auditd[89494]: auditd_prevent_audit() could not
set active audit session state: Function not implemented
Mar 2 15:20:29 myhost mamalos: audit warning: nostart
I googled it, but didn't find much. I checked the code and after some
searching, I found that the problem was occurring when the setaudit
system call is being called. I checked the code of audit_syscalls and
found that:
584: if (jailed(td->td_ucred))
585: return (ENOSYS);
in the sys_setaudit() context...which is somewhat clear as to what it
means :-).
Is there anything I have omitted, or is it that clear that audit does
not run in jails? And if so, are there any thoughts on implementing in
the near future?
Thank you all for your help and time in advance.
--
George Mamalakis
IT and Security Officer
Electrical and Computer Engineer (Aristotle Un. of Thessaloniki),
MSc (Imperial College of London)
Department of Electrical and Computer Engineering
Faculty of Engineering
Aristotle University of Thessaloniki
phone number : +30 (2310) 994379
More information about the freebsd-stable
mailing list