svn commit: r243727 - head/sys/security/audit
Pawel Jakub Dawidek
pjd at FreeBSD.org
Fri Nov 30 23:21:56 UTC 2012
Author: pjd
Date: Fri Nov 30 23:21:55 2012
New Revision: 243727
URL: http://svnweb.freebsd.org/changeset/base/243727
Log:
IFp4 @208452:
Audit handling for missing events:
- AUE_READLINKAT
- AUE_FACCESSAT
- AUE_MKDIRAT
- AUE_MKFIFOAT
- AUE_MKNODAT
- AUE_SYMLINKAT
Sponsored by: FreeBSD Foundation (auditdistd)
MFC after: 2 weeks
Modified:
head/sys/security/audit/audit_bsm.c
Modified: head/sys/security/audit/audit_bsm.c
==============================================================================
--- head/sys/security/audit/audit_bsm.c Fri Nov 30 23:18:49 2012 (r243726)
+++ head/sys/security/audit/audit_bsm.c Fri Nov 30 23:21:55 2012 (r243727)
@@ -724,13 +724,6 @@ kaudit_to_bsm(struct kaudit_record *kar,
*/
break;
- case AUE_MKFIFO:
- if (ARG_IS_VALID(kar, ARG_MODE)) {
- tok = au_to_arg32(2, "mode", ar->ar_arg_mode);
- kau_write(rec, tok);
- }
- /* FALLTHROUGH */
-
case AUE_CHDIR:
case AUE_CHROOT:
case AUE_FSTATAT:
@@ -743,6 +736,7 @@ kaudit_to_bsm(struct kaudit_record *kar,
case AUE_LPATHCONF:
case AUE_PATHCONF:
case AUE_READLINK:
+ case AUE_READLINKAT:
case AUE_REVOKE:
case AUE_RMDIR:
case AUE_SEARCHFS:
@@ -762,6 +756,8 @@ kaudit_to_bsm(struct kaudit_record *kar,
case AUE_ACCESS:
case AUE_EACCESS:
+ case AUE_FACCESSAT:
+ ATFD1_TOKENS(1);
UPATH1_VNODE1_TOKENS;
if (ARG_IS_VALID(kar, ARG_VALUE)) {
tok = au_to_arg32(2, "mode", ar->ar_arg_value);
@@ -1059,6 +1055,10 @@ kaudit_to_bsm(struct kaudit_record *kar,
break;
case AUE_MKDIR:
+ case AUE_MKDIRAT:
+ case AUE_MKFIFO:
+ case AUE_MKFIFOAT:
+ ATFD1_TOKENS(1);
if (ARG_IS_VALID(kar, ARG_MODE)) {
tok = au_to_arg32(2, "mode", ar->ar_arg_mode);
kau_write(rec, tok);
@@ -1067,6 +1067,8 @@ kaudit_to_bsm(struct kaudit_record *kar,
break;
case AUE_MKNOD:
+ case AUE_MKNODAT:
+ ATFD1_TOKENS(1);
if (ARG_IS_VALID(kar, ARG_MODE)) {
tok = au_to_arg32(2, "mode", ar->ar_arg_mode);
kau_write(rec, tok);
@@ -1546,10 +1548,12 @@ kaudit_to_bsm(struct kaudit_record *kar,
break;
case AUE_SYMLINK:
+ case AUE_SYMLINKAT:
if (ARG_IS_VALID(kar, ARG_TEXT)) {
tok = au_to_text(ar->ar_arg_text);
kau_write(rec, tok);
}
+ ATFD1_TOKENS(1);
UPATH1_VNODE1_TOKENS;
break;
More information about the svn-src-all
mailing list