d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Document the limitations associated with using the audit syscalls

Browse Source 
from jailed process.  These might get implemented in jails in the
future, but for now they are not supported.

Discussed on:   freebsd-security@
Reviewed by:    brueffer@
MFC after:      2 weeks
This commit is contained in:
csjp 2018-03-21 17:22:42 +00:00
parent f5c5ebb133
commit 5726e5cc3d
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
share/man/man4/audit.4
View File

@ -138,3 +138,11 @@ incomplete argument information.
Mandatory Access Control (MAC) labels, as provided by the
.Xr mac 4
facility, are not audited as part of records involving MAC decisions.
.Pp
Currently the
.Nm
syscalls are not supported for jailed processes.
However, if a process has
.Nm
session state associated with it, audit records will still be produced and a zonename token
containing the jail's ID or name will be present in the audit records.