04f11621df
when allocating the record in the first place, allocate the final buffer when closing the BSM record. At that point, more size information is available, so a sufficiently large buffer can be allocated. This allows the kernel to generate audit records in excess of MAXAUDITDATA bytes, but is consistent with Solaris's behavior. This only comes up when auditing command line arguments, in which case we presume the administrator really does want the data as they have specified the policy flag to gather them. Obtained from: TrustedBSD Project MFC after: 3 days |
||
|---|---|---|
| .. | ||
| audit_arg.c | ||
| audit_bsm_klib.c | ||
| audit_bsm_token.c | ||
| audit_bsm.c | ||
| audit_ioctl.h | ||
| audit_pipe.c | ||
| audit_private.h | ||
| audit_syscalls.c | ||
| audit_trigger.c | ||
| audit_worker.c | ||
| audit.c | ||
| audit.h | ||