cvs commit: src/sys/security/audit audit_syscalls.c

Christian S.J. Peron csjp at FreeBSD.org
Tue Oct 10 08:49:11 PDT 2006


csjp        2006-10-10 15:49:10 UTC

  FreeBSD src repository

  Modified files:
    sys/security/audit   audit_syscalls.c 
  Log:
  Mark the audit system calls as being un-implemented in jails. Currently we do
  not trust jails enough to execute audit related system calls. An example of
  this is with su(1), or login(1) within prisons. So, if the syscall request
  comes from a jail return ENOSYS. This will cause these utilities to operate
  as if audit is not present in the kernel.
  
  Looking forward, this problem will be remedied by allowing non privileged
  users to maintain and their own audit streams, but the details on exactly how
  this will be implemented needs to be worked out.
  
  This change should fix situations when options AUDIT has been compiled into
  the kernel, and utilities like su(1), or login(1) fail due to audit system
  call failures within jails.
  
  This is a RELENG_6 candidate.
  
  Reported by:    Christian Brueffer
  Discussed with: rwatson
  MFC after:      3 days
  
  Revision  Changes    Path
  1.8       +19 -0     src/sys/security/audit/audit_syscalls.c


More information about the cvs-src mailing list