Document the limitations associated with using the audit syscalls

from jailed process. These might get implemented in jails in the future, but for now they are not supported. Discussed on: freebsd-security@ Reviewed by: brueffer@ MFC after: 2 weeks
svn path=/head/; revision=331313
2018-03-21 17:22:42 +00:00 · 2018-03-21 17:22:42 +00:00 · 49f12e36d0 · 2020-12-20 02:59:44 +00:00
commit 49f12e36d0
parent 0e33efe4e4
1 changed files with 8 additions and 0 deletions
--- a/share/man/man4/audit.4
+++ b/share/man/man4/audit.4
@ -138,3 +138,11 @@ incomplete argument information.
 Mandatory Access Control (MAC) labels, as provided by the
 .Xr mac 4
 facility, are not audited as part of records involving MAC decisions.
+.Pp
+Currently the
+.Nm
+syscalls are not supported for jailed processes.
+However, if a process has
+.Nm
+session state associated with it, audit records will still be produced and a zonename token
+containing the jail's ID or name will be present in the audit records.