Make sure we convert audit records that were produced as the result of the

closefrom(2) syscall.
2010-01-31 22:31:01 +00:00 · 2010-01-31 22:31:01 +00:00 · 583450efd7
commit 583450efd7
parent ecf4b67af3
1 changed files with 7 additions and 0 deletions
--- a/sys/security/audit/audit_bsm.c
+++ b/sys/security/audit/audit_bsm.c
@ -842,6 +842,13 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
 		UPATH1_VNODE1_TOKENS;
 		break;

+	case AUE_CLOSEFROM:
+		if (ARG_IS_VALID(kar, ARG_FD)) {
+			tok = au_to_arg32(1, "fd", ar->ar_arg_fd);
+			kau_write(rec, tok);
+		}
+		break;
+
 	case AUE_CORE:
 		if (ARG_IS_VALID(kar, ARG_SIGNUM)) {
 			tok = au_to_arg32(1, "signal", ar->ar_arg_signum);