PERFORCE change 64264 for review

Andrew R. Reiter arr at watson.org
Thu Nov 4 22:24:35 GMT 2004 

On Thu, 4 Nov 2004, Robert Watson wrote:
:On Thu, 4 Nov 2004, Andrew R. Reiter wrote:
:
:> http://perforce.freebsd.org/chv.cgi?CH=64264
:>
:> Change 64264 by arr at arr_audit3_d400laptop on 2004/11/04 22:09:20
:>
:> 	auditctl(2) should be called via syscall(2) for now until we
:> 	add libc support for AUDIT.
:
:I think it should be there already, assuming you rebuild world using the
:audit3 tree.  This is because the syscalls.master file is used to generate
:assembly language stubs for the system calls that appear there
:automatically.  You need to add a prototype in an appropriate file so code
:linking against it can do the type magic, but you shouldn't need do
:anything further if the system calls implement the API exactly.  In the
:MAC case, we don't use the system call stubs directly, so prefix them with
:_.  This allows us to more easily insert user transforms.  I don't see
:that we need to do that with Audit, since the API is already well-defined
:and flexible.

Cool, thanks for the tip.  I'll fix this change and work on updating the
other userland apps to use the API calls isntead of the "work around."

Cheers,
Andrew

:
:>
:> Affected files ...
:>
:> .. //depot/projects/trustedbsd/audit3/usr.sbin/auditon/auditon.c#2 edit
:>
:> Differences ...
:>
:> ==== //depot/projects/trustedbsd/audit3/usr.sbin/auditon/auditon.c#2 (text+ko) ====
:>
:> @@ -38,6 +38,8 @@
:>  #include <stdio.h>
:>  #include <stdlib.h>
:>  #include <string.h>
:> +#include <sys/syscall.h>
:> +#include <unistd.h>
:>
:>  static void
:>  usage(void)
:> @@ -59,7 +61,8 @@
:>  		path = NULL;
:>  	else
:>  		path = argv[1];
:> -	if (auditctl(AC_SETLOGFILE, path) == -1)
:> +	/* if (auditctl(AC_SETLOGFILE, path) == -1) */
:> +	if (syscall(SYS_auditctl, AC_SETLOGFILE, path) == -1)
:>  		errx(-1, "%s: %s", path, strerror(errno));
:>  	exit(0);
:>  }
:>
:
:

--
Andrew R. Reiter
arr at watson.org
arr at FreeBSD.org
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-audit" in the body of the message

More information about the trustedbsd-audit mailing list