svn commit: r336604 - in head: sys/security/audit tests/sys/audit
Alan Somers
asomers at FreeBSD.org
Sun Jul 22 14:11:53 UTC 2018
Author: asomers
Date: Sun Jul 22 14:11:52 2018
New Revision: 336604
URL: https://svnweb.freebsd.org/changeset/base/336604
Log:
Fix audit of chflagsat, lgetfh, and setfib
These syscalls were always supposed to have been auditted, but due to
oversights never were.
PR: 228374
Reported by: aniketp
Reviewed by: aniketp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D16388
Modified:
head/sys/security/audit/audit_bsm.c
head/tests/sys/audit/file-attribute-access.c
head/tests/sys/audit/file-attribute-modify.c
head/tests/sys/audit/network.c
Modified: head/sys/security/audit/audit_bsm.c
==============================================================================
--- head/sys/security/audit/audit_bsm.c Sun Jul 22 14:01:49 2018 (r336603)
+++ head/sys/security/audit/audit_bsm.c Sun Jul 22 14:11:52 2018 (r336604)
@@ -770,6 +770,7 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_rec
case AUE_PROFILE:
case AUE_RTPRIO:
case AUE_SEMSYS:
+ case AUE_SETFIB:
case AUE_SHMSYS:
case AUE_SETPGRP:
case AUE_SETRLIMIT:
@@ -810,6 +811,7 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_rec
case AUE_JAIL:
case AUE_LUTIMES:
case AUE_NFS_GETFH:
+ case AUE_LGETFH:
case AUE_LSTAT:
case AUE_LPATHCONF:
case AUE_PATHCONF:
@@ -851,6 +853,7 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_rec
case AUE_CHFLAGS:
case AUE_LCHFLAGS:
+ case AUE_CHFLAGSAT:
if (ARG_IS_VALID(kar, ARG_FFLAGS)) {
tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
kau_write(rec, tok);
Modified: head/tests/sys/audit/file-attribute-access.c
==============================================================================
--- head/tests/sys/audit/file-attribute-access.c Sun Jul 22 14:01:49 2018 (r336603)
+++ head/tests/sys/audit/file-attribute-access.c Sun Jul 22 14:11:52 2018 (r336604)
@@ -383,9 +383,6 @@ ATF_TC_HEAD(lgetfh_success, tc)
ATF_TC_BODY(lgetfh_success, tc)
{
- /* BSM conversion requested for unknown event 43061 */
- atf_tc_expect_fail("PR 228374: lgetfh(2) does not get audited in success mode");
-
/* Symbolic link needs to exist to get a file-handle */
ATF_REQUIRE_EQ(0, symlink("symlink", path));
const char *regex = "lgetfh.*return,success";
@@ -409,9 +406,6 @@ ATF_TC_HEAD(lgetfh_failure, tc)
ATF_TC_BODY(lgetfh_failure, tc)
{
- /* BSM conversion requested for unknown event 43061 */
- atf_tc_expect_fail("PR 228374: lgetfh(2) does not get audited in failure mode");
-
const char *regex = "lgetfh.*return,failure";
FILE *pipefd = setup(fds, "fa");
/* Failure reason: symbolic link does not exist */
Modified: head/tests/sys/audit/file-attribute-modify.c
==============================================================================
--- head/tests/sys/audit/file-attribute-modify.c Sun Jul 22 14:01:49 2018 (r336603)
+++ head/tests/sys/audit/file-attribute-modify.c Sun Jul 22 14:11:52 2018 (r336604)
@@ -701,9 +701,6 @@ ATF_TC_HEAD(chflagsat_success, tc)
ATF_TC_BODY(chflagsat_success, tc)
{
- /* BSM conversion requested for unknown event 43209 */
- atf_tc_expect_fail("PR 228374: chflagsat(2) does not get audited in success mode");
-
/* File needs to exist to call chflagsat(2) */
ATF_REQUIRE((filedesc = open(path, O_CREAT, mode)) != -1);
FILE *pipefd = setup(fds, auclass);
@@ -727,9 +724,6 @@ ATF_TC_HEAD(chflagsat_failure, tc)
ATF_TC_BODY(chflagsat_failure, tc)
{
- /* BSM conversion requested for unknown event 43209 */
- atf_tc_expect_fail("PR 228374: chflagsat(2) does not get audited in failure mode");
-
FILE *pipefd = setup(fds, auclass);
/* Failure reason: file does not exist */
ATF_REQUIRE_EQ(-1, chflagsat(AT_FDCWD, errpath, SF_IMMUTABLE, 0));
Modified: head/tests/sys/audit/network.c
==============================================================================
--- head/tests/sys/audit/network.c Sun Jul 22 14:01:49 2018 (r336603)
+++ head/tests/sys/audit/network.c Sun Jul 22 14:11:52 2018 (r336604)
@@ -1097,9 +1097,6 @@ ATF_TC_HEAD(setfib_success, tc)
ATF_TC_BODY(setfib_success, tc)
{
- /* BSM conversion requested for unknown event 43228 */
- atf_tc_expect_fail("PR 228374: setfib(2) does not get audited in success mode");
-
pid = getpid();
snprintf(extregex, sizeof(extregex), "setfib.*%d.*return,success", pid);
@@ -1123,9 +1120,6 @@ ATF_TC_HEAD(setfib_failure, tc)
ATF_TC_BODY(setfib_failure, tc)
{
- /* BSM conversion requested for unknown event 43228 */
- atf_tc_expect_fail("PR 228374: setfib(2) does not get audited in failure mode");
-
pid = getpid();
snprintf(extregex, sizeof(extregex), "setfib.*%d.*return,failure", pid);
More information about the svn-src-head
mailing list