Page MenuHomeFreeBSD
Differential D23882

Add BSM conversion logic for some jail and setlogin class events
ClosedPublic
Actions

Authored by csjp on Feb 28 2020, 6:34 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, May 28, 10:20 PM
Unknown Object (File)
Thu, May 15, 7:01 PM
Unknown Object (File)
Wed, May 14, 3:31 PM
Unknown Object (File)
Wed, May 7, 1:34 PM
Unknown Object (File)
Sun, May 4, 7:46 AM
Unknown Object (File)
Apr 27 2025, 4:55 PM
Unknown Object (File)
Apr 24 2025, 12:57 AM
Unknown Object (File)
Apr 22 2025, 12:26 PM
View All 80 Files
Subscribers
bz
imp
Contributor Reviews (src)

Details

Reviewers
bz
kevans
Commits
rS358471: Currently kernel audit events for jail_set(2), jail_get(2), jail_attach(2),
Summary

Currently kernel audit events for jail_set(2), jail_get(2), jail_attach(2),
jail_remove(2) and finally setloginclass(2) are not being converted and
committed into userspace. Add the cases for these syscalls and make sure
they are being converted properly.

Test Plan

After the change I see records being converted and committed to userspace:

header,102,11,jail_set(2),0,Fri Feb 28 18:24:42 2020, + 482 msec
path,/
attribute,755,root,0,90,2,5064
subject,root,root,0,root,0,886,0,0,0.0.0.0
return,success,1
trailer,102

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

csjp created this revision.Feb 28 2020, 6:34 PM
Herald added subscribers: Contributor Reviews (src), imp. · View Herald TranscriptFeb 28 2020, 6:34 PM
Harbormaster completed remote builds in B29675: Diff 68959.Feb 28 2020, 6:34 PM
csjp edited the test plan for this revision. (Show Details)Feb 28 2020, 6:35 PM
csjp edited the test plan for this revision. (Show Details)
bz accepted this revision.Feb 28 2020, 7:46 PM
bz added a subscriber: bz.

Not my expertise of code but looks ok to me.

This revision is now accepted and ready to land.Feb 28 2020, 7:46 PM
kevans added a reviewer: kevans.Feb 28 2020, 7:48 PM
csjp updated this revision to Diff 68979.Feb 28 2020, 11:23 PM

Break out the switch case statements for the new syscalls

This revision now requires review to proceed.Feb 28 2020, 11:23 PM
Harbormaster completed remote builds in B29684: Diff 68979.Feb 28 2020, 11:23 PM
kevans accepted this revision.Feb 28 2020, 11:44 PM

+1

This revision is now accepted and ready to land.Feb 28 2020, 11:44 PM
Closed by commit rS358471: Currently kernel audit events for jail_set(2), jail_get(2), jail_attach(2), (authored by csjp). · Explain WhyFeb 29 2020, 7:17 PM
This revision was automatically updated to reflect the committed changes.
csjp added a commit: rS358471: Currently kernel audit events for jail_set(2), jail_get(2), jail_attach(2),.

Revision Contents
Changeset List

PathSize
head/
sys/
security/
audit/
16 lines

Diff 69002

View Options

head/sys/security/audit/audit_bsm.c

Loading...