Merge OpenBSM 1.0 alpha 11 changes into src/sys/bsm and src/sys/security;

primarily, add new event identifiers and update trigger names.

Obtained from:	TrustedBSD Project

5 files changed, 19 insertions, 20 deletions

diff --git a/sys/bsm/audit.h b/sys/bsm/audit.h
index 46821e8..61686ef 100644
--- a/sys/bsm/audit.h
+++ b/sys/bsm/audit.h
@@ -30,7 +30,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#31 $
+ * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#34 $
  * $FreeBSD$
  */
 
@@ -59,23 +59,19 @@
  * Triggers for the audit daemon.
  */
 #define	AUDIT_TRIGGER_MIN		1
-#define	AUDIT_TRIGGER_LOW_SPACE		1
-#define	AUDIT_TRIGGER_OPEN_NEW		2
-#define	AUDIT_TRIGGER_READ_FILE		3
-#define	AUDIT_TRIGGER_CLOSE_AND_DIE	4
-#define	AUDIT_TRIGGER_NO_SPACE		5
-#define	AUDIT_TRIGGER_MAX		5
+#define	AUDIT_TRIGGER_LOW_SPACE		1	/* Below low watermark. */
+#define	AUDIT_TRIGGER_ROTATE_KERNEL	2	/* Kernel requests rotate. */
+#define	AUDIT_TRIGGER_READ_FILE		3	/* Re-read config file. */
+#define	AUDIT_TRIGGER_CLOSE_AND_DIE	4	/* Terminate audit. */
+#define	AUDIT_TRIGGER_NO_SPACE		5	/* Below min free space. */
+#define	AUDIT_TRIGGER_ROTATE_USER	6	/* User requests roate. */
+#define	AUDIT_TRIGGER_MAX		6
 
 /*
- * Special file that will be read for trigger events from the kernel
- * (FreeBSD).
- */
-#define	AUDIT_TRIGGER_FILE	"/dev/audit"
-
-/*
- * The special device filename.
+ * The special device filename (FreeBSD).
  */
 #define	AUDITDEV_FILENAME	"audit"
+#define	AUDIT_TRIGGER_FILE	("/dev/" AUDITDEV_FILENAME)
 
 /*
  * Pre-defined audit IDs
@@ -182,12 +178,12 @@
 #define	AUDIT_PERZONE	0x2000
 
 /*
- * Audit queue control parameters.
+ * Default audit queue control parameters.
  */
 #define	AQ_HIWATER	100
 #define	AQ_MAXHIGH	10000
 #define	AQ_LOWATER	10
-#define	AQ_BUFSZ	1024
+#define	AQ_BUFSZ	MAXAUDITDATA
 #define	AQ_MAXBUFSZ	1048576
 
 /*
diff --git a/sys/bsm/audit_internal.h b/sys/bsm/audit_internal.h
index 39d04c0..63e5638 100644
--- a/sys/bsm/audit_internal.h
+++ b/sys/bsm/audit_internal.h
@@ -34,7 +34,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_internal.h#11 $
+ * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_internal.h#14 $
  * $FreeBSD$
  */
 
diff --git a/sys/bsm/audit_kevents.h b/sys/bsm/audit_kevents.h
index be4f102..3e60ee0 100644
--- a/sys/bsm/audit_kevents.h
+++ b/sys/bsm/audit_kevents.h
@@ -30,7 +30,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_kevents.h#26 $
+ * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_kevents.h#28 $
  * $FreeBSD$
  */
 
@@ -468,6 +468,9 @@
 #define	AUE_EXTATTR_SET_LINK	43111	/* FreeBSD. */
 #define	AUE_EXTATTR_LIST_LINK	43112	/* FreeBSD. */
 #define	AUE_EXTATTR_DELETE_LINK	43113	/* FreeBSD. */
+#define	AUE_KENV		43114	/* FreeBSD. */
+#define	AUE_JAIL_ATTACH		43115	/* FreeBSD. */
+#define	AUE_SYSCTL_WRITE	43116	/* FreeBSD. */
 
 /*
  * Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the
diff --git a/sys/bsm/audit_record.h b/sys/bsm/audit_record.h
index b1c975b..b10bbd7 100644
--- a/sys/bsm/audit_record.h
+++ b/sys/bsm/audit_record.h
@@ -30,7 +30,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#19 $
+ * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#21 $
  * $FreeBSD$
  */
 
diff --git a/sys/security/audit/audit_worker.c b/sys/security/audit/audit_worker.c
index cfe46fa..e0fbb7b 100644
--- a/sys/security/audit/audit_worker.c
+++ b/sys/security/audit/audit_worker.c
@@ -194,7 +194,7 @@ audit_record_write(struct vnode *vp, struct ucred *cred, struct thread *td,
 	    (audit_file_rotate_wait == 0) &&
 	    (vattr.va_size >= audit_fstat.af_filesz)) {
 		audit_file_rotate_wait = 1;
-		(void)send_trigger(AUDIT_TRIGGER_OPEN_NEW);
+		(void)send_trigger(AUDIT_TRIGGER_ROTATE_KERNEL);
 	}
 
 	/*