Page MenuHomeFreeBSD
Files F153333881

D28388.id.diff
No OneTemporary
Actions

D28388.id.diff
View Options

diff --git a/contrib/openbsm/etc/audit_event b/contrib/openbsm/etc/audit_event
--- a/contrib/openbsm/etc/audit_event
+++ b/contrib/openbsm/etc/audit_event
@@ -614,6 +614,8 @@
43261:AUE_LGETUUID:lgetuuid(2):ip
43262:AUE_EXECVEAT:execveat(2):pc,ex
43263:AUE_SHMRENAME:shm_rename(2):ip
+43264:AUE_REALPATHAT:realpathat(2):fa
+43265:AUE_CLOSERANGE:close_range(2):cl
#
# Solaris userspace events.
#
diff --git a/contrib/openbsm/sys/bsm/audit_kevents.h b/contrib/openbsm/sys/bsm/audit_kevents.h
--- a/contrib/openbsm/sys/bsm/audit_kevents.h
+++ b/contrib/openbsm/sys/bsm/audit_kevents.h
@@ -653,6 +653,8 @@
#define AUE_LGETUUID 43261 /* CADETS. */
#define AUE_EXECVEAT 43262 /* FreeBSD/Linux. */
#define AUE_SHMRENAME 43263 /* FreeBSD-specific. */
+#define AUE_REALPATHAT 43264 /* FreeBSD-specific. */
+#define AUE_CLOSERANGE 43265 /* FreeBSD-specific. */
/*
* Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the
diff --git a/sys/kern/kern_descrip.c b/sys/kern/kern_descrip.c
--- a/sys/kern/kern_descrip.c
+++ b/sys/kern/kern_descrip.c
@@ -1422,6 +1422,10 @@
sys_close_range(struct thread *td, struct close_range_args *uap)
{
+ AUDIT_ARG_FD(uap->lowfd);
+ AUDIT_ARG_CMD(uap->highfd);
+ AUDIT_ARG_FFLAGS(uap->flags);
+
/* No flags currently defined */
if (uap->flags != 0)
return (EINVAL);
diff --git a/sys/security/audit/audit_bsm.c b/sys/security/audit/audit_bsm.c
--- a/sys/security/audit/audit_bsm.c
+++ b/sys/security/audit/audit_bsm.c
@@ -941,6 +941,21 @@
}
break;
+ case AUE_CLOSERANGE:
+ if (ARG_IS_VALID(kar, ARG_FD)) {
+ tok = au_to_arg32(1, "lowfd", ar->ar_arg_fd);
+ kau_write(rec, tok);
+ }
+ if (ARG_IS_VALID(kar, ARG_CMD)) {
+ tok = au_to_arg32(2, "highfd", ar->ar_arg_cmd);
+ kau_write(rec, tok);
+ }
+ if (ARG_IS_VALID(kar, ARG_FFLAGS)) {
+ tok = au_to_arg32(3, "flags", ar->ar_arg_fflags);
+ kau_write(rec, tok);
+ }
+ break;
+
case AUE_CORE:
if (ARG_IS_VALID(kar, ARG_SIGNUM)) {
tok = au_to_arg32(1, "signal", ar->ar_arg_signum);
diff --git a/tests/sys/audit/file-close.c b/tests/sys/audit/file-close.c
--- a/tests/sys/audit/file-close.c
+++ b/tests/sys/audit/file-close.c
@@ -154,10 +154,10 @@
ATF_TC_BODY(closefrom_success, tc)
{
- const char *regex = "closefrom.*return,success";
+ const char *regex = "close_range\\(2\\),.*,0x7fffffff,lowfd,.*"
+ "0xffffffff,highfd,.*return,success";
FILE *pipefd = setup(fds, auclass);
- atf_tc_expect_fail("closefrom was converted to close_range");
/* closefrom(2) returns 'void' */
closefrom(INT_MAX);
check_audit(fds, regex, pipefd);

File Metadata

Mime Type
text/plain
Expires
Tue, Apr 21, 1:23 PM (9 h, 16 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
31912838
Default Alt Text
D28388.id.diff (2 KB)

Event Timeline