HomeFreeBSD

Introduce an audit event identifier -> audit event name mapping

Description

Introduce an audit event identifier -> audit event name mapping
database in the kernel audit implementation, similar the exist
class mapping database. This will be used by the DTrace audit
provider to map audit event identifiers originating in the
system-call table back into strings for the purposes of setting
probe names. The database is initialised and maintained by
auditd(8), which reads values in from the audit_events
configuration file, and then manages them using the A_GETEVENT
and A_SETEVENT auditon(2) operations.

Obtained from: TrustedBSD Project
Sponsored by: DARPA, AFRL
MFC after: 3 weeks

Details

Committed
rwatsonMar 27 2017, 10:38 AM
Parents
rS316017: add SMT detection for newer AMD processors
Branches
Unknown
Tags
Unknown