From 2ecf07cb25da6c93072e953c2bf103f481909741 Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Thu, 21 Sep 2006 07:27:02 +0000 Subject: [PATCH] Merge OpenBSM 1.0 alpha 11 changes into src/sys/bsm and src/sys/security; primarily, add new event identifiers and update trigger names. Obtained from: TrustedBSD Project --- sys/bsm/audit.h | 28 ++++++++++++---------------- sys/bsm/audit_internal.h | 2 +- sys/bsm/audit_kevents.h | 5 ++++- sys/bsm/audit_record.h | 2 +- sys/security/audit/audit_worker.c | 2 +- 5 files changed, 19 insertions(+), 20 deletions(-) diff --git a/sys/bsm/audit.h b/sys/bsm/audit.h index 46821e866709..61686ef04134 100644 --- a/sys/bsm/audit.h +++ b/sys/bsm/audit.h @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#31 $ + * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#34 $ * $FreeBSD$ */ @@ -59,23 +59,19 @@ * Triggers for the audit daemon. */ #define AUDIT_TRIGGER_MIN 1 -#define AUDIT_TRIGGER_LOW_SPACE 1 -#define AUDIT_TRIGGER_OPEN_NEW 2 -#define AUDIT_TRIGGER_READ_FILE 3 -#define AUDIT_TRIGGER_CLOSE_AND_DIE 4 -#define AUDIT_TRIGGER_NO_SPACE 5 -#define AUDIT_TRIGGER_MAX 5 +#define AUDIT_TRIGGER_LOW_SPACE 1 /* Below low watermark. */ +#define AUDIT_TRIGGER_ROTATE_KERNEL 2 /* Kernel requests rotate. */ +#define AUDIT_TRIGGER_READ_FILE 3 /* Re-read config file. */ +#define AUDIT_TRIGGER_CLOSE_AND_DIE 4 /* Terminate audit. */ +#define AUDIT_TRIGGER_NO_SPACE 5 /* Below min free space. */ +#define AUDIT_TRIGGER_ROTATE_USER 6 /* User requests roate. */ +#define AUDIT_TRIGGER_MAX 6 /* - * Special file that will be read for trigger events from the kernel - * (FreeBSD). - */ -#define AUDIT_TRIGGER_FILE "/dev/audit" - -/* - * The special device filename. + * The special device filename (FreeBSD). */ #define AUDITDEV_FILENAME "audit" +#define AUDIT_TRIGGER_FILE ("/dev/" AUDITDEV_FILENAME) /* * Pre-defined audit IDs @@ -182,12 +178,12 @@ #define AUDIT_PERZONE 0x2000 /* - * Audit queue control parameters. + * Default audit queue control parameters. */ #define AQ_HIWATER 100 #define AQ_MAXHIGH 10000 #define AQ_LOWATER 10 -#define AQ_BUFSZ 1024 +#define AQ_BUFSZ MAXAUDITDATA #define AQ_MAXBUFSZ 1048576 /* diff --git a/sys/bsm/audit_internal.h b/sys/bsm/audit_internal.h index 39d04c04dfe2..63e56389a20b 100644 --- a/sys/bsm/audit_internal.h +++ b/sys/bsm/audit_internal.h @@ -34,7 +34,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_internal.h#11 $ + * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_internal.h#14 $ * $FreeBSD$ */ diff --git a/sys/bsm/audit_kevents.h b/sys/bsm/audit_kevents.h index be4f10281d1d..3e60ee0e553d 100644 --- a/sys/bsm/audit_kevents.h +++ b/sys/bsm/audit_kevents.h @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_kevents.h#26 $ + * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_kevents.h#28 $ * $FreeBSD$ */ @@ -468,6 +468,9 @@ #define AUE_EXTATTR_SET_LINK 43111 /* FreeBSD. */ #define AUE_EXTATTR_LIST_LINK 43112 /* FreeBSD. */ #define AUE_EXTATTR_DELETE_LINK 43113 /* FreeBSD. */ +#define AUE_KENV 43114 /* FreeBSD. */ +#define AUE_JAIL_ATTACH 43115 /* FreeBSD. */ +#define AUE_SYSCTL_WRITE 43116 /* FreeBSD. */ /* * Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the diff --git a/sys/bsm/audit_record.h b/sys/bsm/audit_record.h index b1c975bbd137..b10bbd745c43 100644 --- a/sys/bsm/audit_record.h +++ b/sys/bsm/audit_record.h @@ -30,7 +30,7 @@ * * @APPLE_BSD_LICENSE_HEADER_END@ * - * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#19 $ + * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#21 $ * $FreeBSD$ */ diff --git a/sys/security/audit/audit_worker.c b/sys/security/audit/audit_worker.c index cfe46fa3aaf8..e0fbb7bd8659 100644 --- a/sys/security/audit/audit_worker.c +++ b/sys/security/audit/audit_worker.c @@ -194,7 +194,7 @@ audit_record_write(struct vnode *vp, struct ucred *cred, struct thread *td, (audit_file_rotate_wait == 0) && (vattr.va_size >= audit_fstat.af_filesz)) { audit_file_rotate_wait = 1; - (void)send_trigger(AUDIT_TRIGGER_OPEN_NEW); + (void)send_trigger(AUDIT_TRIGGER_ROTATE_KERNEL); } /*