freebsd-dev/sys/security
Robert Watson 52267f7411 Merge OpenBSM 1.1 alpha 2 from the OpenBSM vendor branch to head, both
contrib/openbsm (svn merge) and sys/{bsm,security/audit} (manual merge).

- Add OpenBSM contrib tree to include paths for audit(8) and auditd(8).
- Merge support for new tokens, fixes to existing token generation to
  audit_bsm_token.c.
- Synchronize bsm includes and definitions.

OpenBSM history for imported revisions below for reference.

MFC after:      1 month
Sponsored by:   Apple Inc.
Obtained from:  TrustedBSD Project

--

OpenBSM 1.1 alpha 2

- Include files in OpenBSM are now broken out into two parts: library builds
  required solely for user space, and system includes, which may also be
  required for use in the kernels of systems integrating OpenBSM.  Submitted
  by Stacey Son.
- Configure option --with-native-includes allows forcing the use of native
  include for system includes, rather than the versions bundled with OpenBSM.
  This is intended specifically for platforms that ship OpenBSM, have adapted
  versions of the system includes in a kernel source tree, and will use the
  OpenBSM build infrastructure with an unmodified OpenBSM distribution,
  allowing the customized system includes to be used with the OpenBSM build.
  Submitted by Stacey Son.
- Various strcpy()'s/strcat()'s have been changed to strlcpy()'s/strlcat()'s
  or asprintf().  Added compat/strlcpy.h for Linux.
- Remove compatibility defines for old Darwin token constant names; now only
  BSM token names are provided and used.
- Add support for extended header tokens, which contain space for information
  on the host generating the record.
- Add support for setting extended host information in the kernel, which is
  used for setting host information in extended header tokens.  The
  audit_control file now supports a "host" parameter which can be used by
  auditd to set the information; if not present, the kernel parameters won't
  be set and auditd uses unextended headers for records that it generates.

OpenBSM 1.1 alpha 1

- Add option to auditreduce(1) which allows users to invert sense of
  matching, such that BSM records that do not match, are selected.
- Fix bug in audit_write() where we commit an incomplete record in the
  event there is an error writing the subject token.  This was submitted
  by Diego Giagio.
- Build support for Mac OS X 10.5.1 submitted by Eric Hall.
- Fix a bug which resulted in host XML attributes not being arguments so
  that const strings can be passed as arguments to tokens.  This patch was
  submitted by Xin LI.
- Modify the -m option so users can select more then one audit event.
- For Mac OS X, added Mach IPC support for audit trigger messages.
- Fixed a bug in getacna() which resulted in a locking problem on Mac OS X.
- Added LOG_PERROR flag to openlog when -d option is used with auditd.
- AUE events added for Mac OS X Leopard system calls.
2008-12-02 23:26:43 +00:00
..
audit Merge OpenBSM 1.1 alpha 2 from the OpenBSM vendor branch to head, both 2008-12-02 23:26:43 +00:00
mac Break out strictly credential-related portions of mac_process.c into a 2008-10-28 21:53:10 +00:00
mac_biba Introduce accmode_t. This is required for NFSv4 ACLs - it will be neccessary 2008-10-28 13:44:11 +00:00
mac_bsdextended MFp4: 2008-11-29 14:32:14 +00:00
mac_ifoff
mac_lomac Introduce accmode_t. This is required for NFSv4 ACLs - it will be neccessary 2008-10-28 13:44:11 +00:00
mac_mls Introduce accmode_t. This is required for NFSv4 ACLs - it will be neccessary 2008-10-28 13:44:11 +00:00
mac_none
mac_partition Rename three MAC entry points from _proc_ to _cred_ to reflect the fact 2008-10-28 11:33:06 +00:00
mac_portacl
mac_seeotheruids Add a mac_inpcb_check_visible implementation to all MAC policies 2008-10-17 15:11:12 +00:00
mac_stub Commit part of accmode_t changes that I missed in previous commit. 2008-10-28 21:57:32 +00:00
mac_test Introduce accmode_t. This is required for NFSv4 ACLs - it will be neccessary 2008-10-28 13:44:11 +00:00