Currently kernel audit events for jail_set(2), jail_get(2), jail_attach(2),

jail_remove(2) and finally setloginclass(2) are not being converted and committed into userspace. Add the cases for these syscalls and make sure they are being converted properly. Reviewed by: bz, kevans MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D23882
svn path=/head/; revision=358471
2020-02-29 19:17:24 +00:00 · 2020-02-29 19:17:24 +00:00 · 1018b2ff00 · 2020-12-20 02:59:44 +00:00
commit 1018b2ff00
parent 5aa5420ff2
1 changed files with 16 additions and 0 deletions
--- a/sys/security/audit/audit_bsm.c
+++ b/sys/security/audit/audit_bsm.c
@ -809,6 +809,19 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
 	case AUE_FUTIMESAT:
 	case AUE_GETATTRLIST:
 	case AUE_JAIL:
+		break;
+
+	/*
+	 * NB: We may want to verify that the appropriate
+	 * audit args are being processed here, but I think
+	 * a bit analysis is required.
+	 */
+	case AUE_JAIL_GET:
+	case AUE_JAIL_SET:
+	case AUE_JAIL_ATTACH:
+	case AUE_JAIL_REMOVE:
+		break;
+
 	case AUE_LUTIMES:
 	case AUE_NFS_GETFH:
 	case AUE_LGETFH:
@ -1474,6 +1487,9 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
 		}
 		break;

+	case AUE_SETLOGINCLASS:
+		break;
+
 	case AUE_SETPRIORITY:
 		if (ARG_IS_VALID(kar, ARG_CMD)) {
 			tok = au_to_arg32(1, "which", ar->ar_arg_cmd);