For now, reflect practical reality that Audit system calls aren't

allowed in Jail: return a privilege error.
2007-02-19 13:10:29 +00:00 · 2007-02-19 13:10:29 +00:00 · c3c1b5e62a
commit c3c1b5e62a
parent 969e5bdcd0
1 changed files with 2 additions and 0 deletions
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@ -542,6 +542,7 @@ prison_priv_check(struct ucred *cred, int priv)
 		 */
 	case PRIV_KTRACE:

+#if 0
 		/*
 		 * Allow jailed processes to configure audit identity and
 		 * submit audit records (login, etc).  In the future we may
@ -551,6 +552,7 @@ prison_priv_check(struct ucred *cred, int priv)
 	case PRIV_AUDIT_GETAUDIT:
 	case PRIV_AUDIT_SETAUDIT:
 	case PRIV_AUDIT_SUBMIT:
+#endif

 		/*
 		 * Allow jailed processes to manipulate process UNIX