svn commit: r331313 - head/share/man/man4
Christian S.J. Peron
csjp at FreeBSD.org
Wed Mar 21 17:22:43 UTC 2018
Author: csjp
Date: Wed Mar 21 17:22:42 2018
New Revision: 331313
URL: https://svnweb.freebsd.org/changeset/base/331313
Log:
Document the limitations associated with using the audit syscalls
from jailed process. These might get implemented in jails in the
future, but for now they are not supported.
Discussed on: freebsd-security@
Reviewed by: brueffer@
MFC after: 2 weeks
Modified:
head/share/man/man4/audit.4
Modified: head/share/man/man4/audit.4
==============================================================================
--- head/share/man/man4/audit.4 Wed Mar 21 16:18:14 2018 (r331312)
+++ head/share/man/man4/audit.4 Wed Mar 21 17:22:42 2018 (r331313)
@@ -138,3 +138,11 @@ incomplete argument information.
Mandatory Access Control (MAC) labels, as provided by the
.Xr mac 4
facility, are not audited as part of records involving MAC decisions.
+.Pp
+Currently the
+.Nm
+syscalls are not supported for jailed processes.
+However, if a process has
+.Nm
+session state associated with it, audit records will still be produced and a zonename token
+containing the jail's ID or name will be present in the audit records.
More information about the svn-src-head
mailing list