freebsd-nq/sys/security/audit
Pawel Jakub Dawidek 7493f24ee6 - Implement two new system calls:
int bindat(int fd, int s, const struct sockaddr *addr, socklen_t addrlen);
	int connectat(int fd, int s, const struct sockaddr *name, socklen_t namelen);

  which allow to bind and connect respectively to a UNIX domain socket with a
  path relative to the directory associated with the given file descriptor 'fd'.

- Add manual pages for the new syscalls.

- Make the new syscalls available for processes in capability mode sandbox.

- Add capability rights CAP_BINDAT and CAP_CONNECTAT that has to be present on
  the directory descriptor for the syscalls to work.

- Update audit(4) to support those two new syscalls and to handle path
  in sockaddr_un structure relative to the given directory descriptor.

- Update procstat(1) to recognize the new capability rights.

- Document the new capability rights in cap_rights_limit(2).

Sponsored by:	The FreeBSD Foundation
Discussed with:	rwatson, jilles, kib, des
2013-03-02 21:11:30 +00:00
..
audit_arg.c - Implement two new system calls: 2013-03-02 21:11:30 +00:00
audit_bsm_klib.c IFp4 @219811: 2012-12-01 08:51:40 +00:00
audit_bsm.c - Implement two new system calls: 2013-03-02 21:11:30 +00:00
audit_ioctl.h
audit_pipe.c
audit_private.h Merge Capsicum overhaul: 2013-03-02 00:53:12 +00:00
audit_syscalls.c Remove the support for using non-mpsafe filesystem modules. 2012-10-22 17:50:54 +00:00
audit_trigger.c
audit_worker.c IFp4 @208383: 2012-11-30 23:03:51 +00:00
audit.c Implement the zonename token for jailed processes. If 2013-01-17 21:02:53 +00:00
audit.h - Implement two new system calls: 2013-03-02 21:11:30 +00:00
bsm_domain.c Four .c files from OpenBSM are used, in modified form, by the kernel to 2012-12-15 15:21:09 +00:00
bsm_errno.c Four .c files from OpenBSM are used, in modified form, by the kernel to 2012-12-15 15:21:09 +00:00
bsm_fcntl.c Four .c files from OpenBSM are used, in modified form, by the kernel to 2012-12-15 15:21:09 +00:00
bsm_socket_type.c Four .c files from OpenBSM are used, in modified form, by the kernel to 2012-12-15 15:21:09 +00:00
bsm_token.c Four .c files from OpenBSM are used, in modified form, by the kernel to 2012-12-15 15:21:09 +00:00