freebsd-skq/sys/security/audit
Robert Watson 5a9d15cd4c Historically, /dev/auditpipe has allows only whole records to be read via
read(2), which meant that records longer than the buffer passed to read(2)
were dropped.  Instead take the approach of allowing partial reads to be
continued across multiple system calls more in the style of streaming
character device.

This means retaining a record on the per-pipe queue in a partially read
state, so maintain a current offset into the record.  Keep the record on
the queue during a read, so add a new lock, ap_sx, to serialize removal
of records from the queue by either read(2) or ioctl(2) requesting a pipe
flush.  Modify the kqueue handler to return bytes left in the current
record rather than simply the size of the current record.

It is now possible to use praudit, which used the standard FILE * buffer
sizes, to track much larger record sizes from /dev/auditpipe, such as
very long command lines to execve(2).

MFC after:	2 months
Sponsored by:	Apple, Inc.
2008-10-31 14:40:21 +00:00
..
audit_arg.c Decontextualize the couplet VOP_GETATTR / VOP_SETATTR as the passed thread 2008-08-28 15:23:18 +00:00
audit_bsm_klib.c Protect the event->class lookup database using an rwlock instead of a 2008-10-30 17:47:57 +00:00
audit_bsm_token.c Further synchronization of copyrights, licenses, white space, etc from 2008-07-31 09:54:35 +00:00
audit_bsm.c More fully audit fexecve(2) and its arguments. 2008-08-25 13:50:01 +00:00
audit_ioctl.h Don't expose #ifdef NOTYET parts to userspace via audit_ioctl.h, just 2007-04-29 16:20:32 +00:00
audit_pipe.c Historically, /dev/auditpipe has allows only whole records to be read via 2008-10-31 14:40:21 +00:00
audit_private.h Further synchronization of copyrights, licenses, white space, etc from 2008-07-31 09:54:35 +00:00
audit_syscalls.c Unbreak the build. 2008-09-04 13:06:36 +00:00
audit_trigger.c Generally avoid <space><tab> as a white space anomoly. 2008-07-22 16:44:48 +00:00
audit_worker.c Decontextualize the couplet VOP_GETATTR / VOP_SETATTR as the passed thread 2008-08-28 15:23:18 +00:00
audit.c Make sure we check the preselection masks present for all audit pipes. 2008-08-11 20:14:56 +00:00
audit.h Further synchronization of copyrights, licenses, white space, etc from 2008-07-31 09:54:35 +00:00