From f751e3eacaec6f8ea7a71e2ad3e4c74acd9b0820 Mon Sep 17 00:00:00 2001
From: rwatson <rwatson@FreeBSD.org>
Date: Fri, 29 Sep 2006 22:43:30 +0000
Subject: [PATCH] Merge OpenBSM 1.0 alpha 11 + 12 into src/sys/bsm; cleanup of
 trigger types, some defines, and some new record types.

Approved by:	re (kensmith)
Obtained from:	TrustedBSD Project
---
 sys/bsm/audit.h          | 28 ++++++++++++----------------
 sys/bsm/audit_internal.h |  2 +-
 sys/bsm/audit_kevents.h  |  9 ++++++++-
 sys/bsm/audit_record.h   |  2 +-
 4 files changed, 22 insertions(+), 19 deletions(-)

diff --git a/sys/bsm/audit.h b/sys/bsm/audit.h
index 46821e866709..61686ef04134 100644
--- a/sys/bsm/audit.h
+++ b/sys/bsm/audit.h
@@ -30,7 +30,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#31 $
+ * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#34 $
  * $FreeBSD$
  */
 
@@ -59,23 +59,19 @@
  * Triggers for the audit daemon.
  */
 #define	AUDIT_TRIGGER_MIN		1
-#define	AUDIT_TRIGGER_LOW_SPACE		1
-#define	AUDIT_TRIGGER_OPEN_NEW		2
-#define	AUDIT_TRIGGER_READ_FILE		3
-#define	AUDIT_TRIGGER_CLOSE_AND_DIE	4
-#define	AUDIT_TRIGGER_NO_SPACE		5
-#define	AUDIT_TRIGGER_MAX		5
+#define	AUDIT_TRIGGER_LOW_SPACE		1	/* Below low watermark. */
+#define	AUDIT_TRIGGER_ROTATE_KERNEL	2	/* Kernel requests rotate. */
+#define	AUDIT_TRIGGER_READ_FILE		3	/* Re-read config file. */
+#define	AUDIT_TRIGGER_CLOSE_AND_DIE	4	/* Terminate audit. */
+#define	AUDIT_TRIGGER_NO_SPACE		5	/* Below min free space. */
+#define	AUDIT_TRIGGER_ROTATE_USER	6	/* User requests roate. */
+#define	AUDIT_TRIGGER_MAX		6
 
 /*
- * Special file that will be read for trigger events from the kernel
- * (FreeBSD).
- */
-#define	AUDIT_TRIGGER_FILE	"/dev/audit"
-
-/*
- * The special device filename.
+ * The special device filename (FreeBSD).
  */
 #define	AUDITDEV_FILENAME	"audit"
+#define	AUDIT_TRIGGER_FILE	("/dev/" AUDITDEV_FILENAME)
 
 /*
  * Pre-defined audit IDs
@@ -182,12 +178,12 @@
 #define	AUDIT_PERZONE	0x2000
 
 /*
- * Audit queue control parameters.
+ * Default audit queue control parameters.
  */
 #define	AQ_HIWATER	100
 #define	AQ_MAXHIGH	10000
 #define	AQ_LOWATER	10
-#define	AQ_BUFSZ	1024
+#define	AQ_BUFSZ	MAXAUDITDATA
 #define	AQ_MAXBUFSZ	1048576
 
 /*
diff --git a/sys/bsm/audit_internal.h b/sys/bsm/audit_internal.h
index 39d04c04dfe2..63e56389a20b 100644
--- a/sys/bsm/audit_internal.h
+++ b/sys/bsm/audit_internal.h
@@ -34,7 +34,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_internal.h#11 $
+ * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_internal.h#14 $
  * $FreeBSD$
  */
 
diff --git a/sys/bsm/audit_kevents.h b/sys/bsm/audit_kevents.h
index be4f10281d1d..221797110516 100644
--- a/sys/bsm/audit_kevents.h
+++ b/sys/bsm/audit_kevents.h
@@ -30,7 +30,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_kevents.h#26 $
+ * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_kevents.h#29 $
  * $FreeBSD$
  */
 
@@ -468,6 +468,13 @@
 #define	AUE_EXTATTR_SET_LINK	43111	/* FreeBSD. */
 #define	AUE_EXTATTR_LIST_LINK	43112	/* FreeBSD. */
 #define	AUE_EXTATTR_DELETE_LINK	43113	/* FreeBSD. */
+#define	AUE_KENV		43114	/* FreeBSD. */
+#define	AUE_JAIL_ATTACH		43115	/* FreeBSD. */
+#define	AUE_SYSCTL_WRITE	43116	/* FreeBSD. */
+#define	AUE_IOPERM		43117	/* Linux. */
+#define	AUE_READDIR		43118	/* Linux. */
+#define	AUE_IOPL		43119	/* Linux. */
+#define	AUE_VM86		43120	/* Linux. */
 
 /*
  * Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the
diff --git a/sys/bsm/audit_record.h b/sys/bsm/audit_record.h
index b1c975bbd137..b10bbd745c43 100644
--- a/sys/bsm/audit_record.h
+++ b/sys/bsm/audit_record.h
@@ -30,7 +30,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#19 $
+ * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#21 $
  * $FreeBSD$
  */