freebsd-skq/sys/security
rwatson 3b657094d5 Rework the logic around quick checks for auditing that take place at
system-call entry and whenever audit arguments or return values are
captured:

1. Expose a single global, audit_syscalls_enabled, which controls
   whether the audit framework is entered, rather than exposing
   components of the policy -- e.g., if the trail is enabled,
   suspended, etc.

2. Introduce a new function audit_syscalls_enabled_update(), which is
   called to update audit_syscalls_enabled whenever an aspect of the
   policy changes, so that the value can be updated.

3. Remove a check of trail enablement/suspension from audit_new() --
   at the point where this function has been entered, we believe that
   system-call auditing is already in force, or we wouldn't get here,
   so simply proceed to more expensive policy checks.

4. Use an audit-provided global, audit_dtrace_enabled, rather than a
   dtaudit-provided global, to provide policy indicating whether
   dtaudit would like system calls to be audited.

5. Do some minor cosmetic renaming to clarify what various variables
   are for.

These changes collectively arrange it so that traditional audit
(trail, pipes) or the DTrace audit provider can enable system-call
probes without the other configured.  Otherwise, dtaudit cannot
capture system-call data without auditd(8) started.

Reviewed by:		gnn
Sponsored by:		DARPA, AFRL
Approved by:		re (gjb)
Differential Revision:	https://reviews.freebsd.org/D17348
2018-10-02 15:58:17 +00:00
..
audit Rework the logic around quick checks for auditing that take place at 2018-10-02 15:58:17 +00:00
mac Require that MAC label buffers be able to store a non-empty string. 2018-08-01 03:46:07 +00:00
mac_biba
mac_bsdextended Correct bitwise test in mac_bsdextended ugidfw_rule_valid() 2017-06-13 01:17:58 +00:00
mac_ifoff
mac_lomac
mac_mls
mac_none
mac_ntpd Make it possible to run ntpd as a non-root user, add ntpd uid and gid. 2018-07-19 23:55:29 +00:00
mac_partition
mac_portacl mac_portacl(4): stop panicing INVARIANTS-enabled kernel by loading .ko 2018-02-25 23:10:13 +00:00
mac_seeotheruids
mac_stub
mac_test
mac_veriexec Add mpo_vnode_check_setmode MAC method to MAC/veriexec. 2018-07-14 17:21:16 +00:00