When auditing unmount(2), capture FSID arguments as regular text strings

rather than as paths, which would lead to them being treated as relative
pathnames and hence confusingly converted into absolute pathnames.

Capture flags to unmount(2) via an argument token.

Approved by:	re (audit argument blanket)
MFC after:	3 days
This commit is contained in:
Robert Watson 2009-07-01 16:56:56 +00:00
parent a4c5a1c315
commit 6d5a61563a
2 changed files with 11 additions and 1 deletions

View File

@ -1113,6 +1113,7 @@ unmount(td, uap)
char *pathbuf;
int error, id0, id1;
AUDIT_ARG_VALUE(uap->flags);
if (jailed(td->td_ucred) || usermount == 0) {
error = priv_check(td, PRIV_VFS_UNMOUNT);
if (error)
@ -1125,9 +1126,9 @@ unmount(td, uap)
free(pathbuf, M_TEMP);
return (error);
}
AUDIT_ARG_UPATH(td, pathbuf, ARG_UPATH1);
mtx_lock(&Giant);
if (uap->flags & MNT_BYFSID) {
AUDIT_ARG_TEXT(pathbuf);
/* Decode the filesystem ID. */
if (sscanf(pathbuf, "FSID:%d:%d", &id0, &id1) != 2) {
mtx_unlock(&Giant);
@ -1143,6 +1144,7 @@ unmount(td, uap)
}
mtx_unlock(&mountlist_mtx);
} else {
AUDIT_ARG_UPATH(td, pathbuf, ARG_UPATH1);
mtx_lock(&mountlist_mtx);
TAILQ_FOREACH_REVERSE(mp, &mountlist, mntlist, mnt_list) {
if (strcmp(mp->mnt_stat.f_mntonname, pathbuf) == 0)

View File

@ -1070,7 +1070,15 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
break;
case AUE_UMOUNT:
if (ARG_IS_VALID(kar, ARG_VALUE)) {
tok = au_to_arg32(1, "flags", ar->ar_arg_value);
kau_write(rec, tok);
}
UPATH1_VNODE1_TOKENS;
if (ARG_IS_VALID(kar, ARG_TEXT)) {
tok = au_to_text(ar->ar_arg_text);
kau_write(rec, tok);
}
break;
case AUE_MSGCTL: