6f79887fc5
read(2), which meant that records longer than the buffer passed to read(2) were dropped. Instead take the approach of allowing partial reads to be continued across multiple system calls more in the style of streaming character device. This means retaining a record on the per-pipe queue in a partially read state, so maintain a current offset into the record. Keep the record on the queue during a read, so add a new lock, ap_sx, to serialize removal of records from the queue by either read(2) or ioctl(2) requesting a pipe flush. Modify the kqueue handler to return bytes left in the current record rather than simply the size of the current record. It is now possible to use praudit, which used the standard FILE * buffer sizes, to track much larger record sizes from /dev/auditpipe, such as very long command lines to execve(2). MFC after: 2 months Sponsored by: Apple, Inc. |
||
---|---|---|
.. | ||
audit | ||
mac | ||
mac_biba | ||
mac_bsdextended | ||
mac_ifoff | ||
mac_lomac | ||
mac_mls | ||
mac_none | ||
mac_partition | ||
mac_portacl | ||
mac_seeotheruids | ||
mac_stub | ||
mac_test |