Page MenuHomeFreeBSD

audit(4): Syscalls concerned with modifying file 'flags'
ClosedPublic

Authored by aniketp on Jun 16 2018, 5:14 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Oct 12, 3:07 AM
Unknown Object (File)
Fri, Oct 10, 12:01 AM
Unknown Object (File)
Tue, Oct 7, 6:11 AM
Unknown Object (File)
Tue, Sep 30, 6:48 PM
Unknown Object (File)
Fri, Sep 26, 10:36 AM
Unknown Object (File)
Sep 10 2025, 10:24 AM
Unknown Object (File)
Sep 10 2025, 4:16 AM
Unknown Object (File)
Sep 9 2025, 6:42 PM
Subscribers

Details

Summary

This revision introduces auditability tests for 3 syscalls within file-attribute-modify
audit class.
The system calls are:

  • chflags(2)
  • lchflags(2)
  • fchflags(2)
Test Plan

Execute make install from usr.sbin/praudit/tests.
Execute kyua test from /usr/test/usr.sbin/praudit. The test case should succeed.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

Add auclass in lchflags(2) test cases

asomers requested changes to this revision.Jun 16 2018, 6:48 PM

What about chflagsat ?

tests/sys/audit/file-attribute-modify.c
565 ↗(On Diff #43910)

Setting this flag will cause cleanup to fail, if the securelevel > 0. Can you pick another flag? How about one that has no special meaning, like UF_OFFLINE?

This revision now requires changes to proceed.Jun 16 2018, 6:48 PM

Use UF_OFFLINE instead of SF_IMMUTABLE for easy cleanup

This revision was not accepted when it landed; it landed in state Needs Review.Jun 17 2018, 3:10 AM
This revision was automatically updated to reflect the committed changes.