PERFORCE change 157598 for review
Stacey Son
sson at FreeBSD.org
Thu Feb 12 08:40:52 PST 2009
http://perforce.freebsd.org/chv.cgi?CH=157598
Change 157598 by sson at sson_amd64 on 2009/02/12 16:40:16
On Mac OS X use setaudit_addr() instead of setaudit().
Affected files ...
.. //depot/projects/trustedbsd/openbsm/libauditd/auditd_lib.c#5 edit
Differences ...
==== //depot/projects/trustedbsd/openbsm/libauditd/auditd_lib.c#5 (text+ko) ====
@@ -26,7 +26,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/openbsm/libauditd/auditd_lib.c#4 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libauditd/auditd_lib.c#5 $
*/
#include <sys/param.h>
@@ -814,9 +814,31 @@
* ADE_NOERR on success,
* ADE_SETAUDIT if setaudit(2) fails.
*/
+#ifdef __APPLE__
int
auditd_prevent_audit(void)
{
+ auditinfo_addr_t aia;
+
+ /*
+ * To prevent event feedback cycles and avoid audit becoming stalled if
+ * auditing is suspended we mask this processes events from being
+ * audited. We allow the uid, tid, and mask fields to be implicitly
+ * set to zero, but do set the audit session ID to the PID.
+ *
+ * XXXRW: Is there more to it than this?
+ */
+ bzero(&aia, sizeof(aia));
+ aia.ai_asid = AU_ASSIGN_ASID;
+ aia.ai_termid.at_type = AU_IPv4;
+ if (setaudit_addr(&aia, sizeof(aia)) != 0)
+ return (ADE_SETAUDIT);
+ return (ADE_NOERR);
+}
+#else
+int
+auditd_prevent_audit(void)
+{
auditinfo_t ai;
/*
@@ -833,6 +855,7 @@
return (ADE_SETAUDIT);
return (ADE_NOERR);
}
+#endif /* __APPLE__ */
/*
* Generate and submit audit record for audit startup or shutdown. The event
More information about the p4-projects
mailing list