Page MenuHomeFreeBSD
Differential D23882

Add BSM conversion logic for some jail and setlogin class events
ClosedPublic
Actions

Authored by csjp on Feb 28 2020, 6:34 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mar 10 2024, 7:47 PM
Unknown Object (File)
Feb 12 2024, 12:11 PM
Unknown Object (File)
Dec 20 2023, 4:07 AM
Unknown Object (File)
Dec 13 2023, 4:37 PM
Unknown Object (File)
Oct 9 2023, 6:39 AM
Unknown Object (File)
Sep 21 2023, 7:08 AM
Unknown Object (File)
Sep 3 2023, 12:05 PM
Unknown Object (File)
Sep 3 2023, 10:10 AM
View All 24 Files
Subscribers
bz
imp
Contributor Reviews (src)

Details

Reviewers
bz
kevans
Commits
rS358471: Currently kernel audit events for jail_set(2), jail_get(2), jail_attach(2),
Summary

Currently kernel audit events for jail_set(2), jail_get(2), jail_attach(2),
jail_remove(2) and finally setloginclass(2) are not being converted and
committed into userspace. Add the cases for these syscalls and make sure
they are being converted properly.

Test Plan

After the change I see records being converted and committed to userspace:

header,102,11,jail_set(2),0,Fri Feb 28 18:24:42 2020, + 482 msec
path,/
attribute,755,root,0,90,2,5064
subject,root,root,0,root,0,886,0,0,0.0.0.0
return,success,1
trailer,102

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

csjp created this revision.Feb 28 2020, 6:34 PM
Herald added subscribers: Contributor Reviews (src), imp. · View Herald TranscriptFeb 28 2020, 6:34 PM
Harbormaster completed remote builds in B29675: Diff 68959.Feb 28 2020, 6:34 PM
csjp edited the test plan for this revision. (Show Details)Feb 28 2020, 6:35 PM
csjp edited the test plan for this revision. (Show Details)
bz accepted this revision.Feb 28 2020, 7:46 PM
bz added a subscriber: bz.

Not my expertise of code but looks ok to me.

This revision is now accepted and ready to land.Feb 28 2020, 7:46 PM
kevans added a reviewer: kevans.Feb 28 2020, 7:48 PM
csjp updated this revision to Diff 68979.Feb 28 2020, 11:23 PM

Break out the switch case statements for the new syscalls

This revision now requires review to proceed.Feb 28 2020, 11:23 PM
Harbormaster completed remote builds in B29684: Diff 68979.Feb 28 2020, 11:23 PM
kevans accepted this revision.Feb 28 2020, 11:44 PM

+1

This revision is now accepted and ready to land.Feb 28 2020, 11:44 PM
Closed by commit rS358471: Currently kernel audit events for jail_set(2), jail_get(2), jail_attach(2), (authored by csjp). · Explain WhyFeb 29 2020, 7:17 PM
This revision was automatically updated to reflect the committed changes.
csjp added a commit: rS358471: Currently kernel audit events for jail_set(2), jail_get(2), jail_attach(2),.

Revision Contents
Changeset List

PathSize
head/
sys/
security/
audit/
16 lines

Diff 69002

View Options

head/sys/security/audit/audit_bsm.c

Loading...