From 5726e5cc3da04492e9693c9a7a0bc6d7a156aced Mon Sep 17 00:00:00 2001 From: csjp Date: Wed, 21 Mar 2018 17:22:42 +0000 Subject: [PATCH] Document the limitations associated with using the audit syscalls from jailed process. These might get implemented in jails in the future, but for now they are not supported. Discussed on: freebsd-security@ Reviewed by: brueffer@ MFC after: 2 weeks --- share/man/man4/audit.4 | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/share/man/man4/audit.4 b/share/man/man4/audit.4 index 512f5c3798a7..0096dded414a 100644 --- a/share/man/man4/audit.4 +++ b/share/man/man4/audit.4 @@ -138,3 +138,11 @@ incomplete argument information. Mandatory Access Control (MAC) labels, as provided by the .Xr mac 4 facility, are not audited as part of records involving MAC decisions. +.Pp +Currently the +.Nm +syscalls are not supported for jailed processes. +However, if a process has +.Nm +session state associated with it, audit records will still be produced and a zonename token +containing the jail's ID or name will be present in the audit records.