diff options
| author | csjp <csjp@FreeBSD.org> | 2006-10-10 15:49:10 +0000 |
|---|---|---|
| committer | csjp <csjp@FreeBSD.org> | 2006-10-10 15:49:10 +0000 |
| commit | fde20b9adccd0af04ae987e489b4c562ce554edf (patch) | |
| tree | e51e0af71d3615b8d3c472718b07e1ca868fb1ac | |
| parent | e4e060fa9e549de7822c3931c1919f5b2ac44b6e (diff) | |
| download | FreeBSD-src-fde20b9adccd0af04ae987e489b4c562ce554edf.zip FreeBSD-src-fde20b9adccd0af04ae987e489b4c562ce554edf.tar.gz | |
Mark the audit system calls as being un-implemented in jails. Currently we do
not trust jails enough to execute audit related system calls. An example of
this is with su(1), or login(1) within prisons. So, if the syscall request
comes from a jail return ENOSYS. This will cause these utilities to operate
as if audit is not present in the kernel.
Looking forward, this problem will be remedied by allowing non privileged
users to maintain and their own audit streams, but the details on exactly how
this will be implemented needs to be worked out.
This change should fix situations when options AUDIT has been compiled into
the kernel, and utilities like su(1), or login(1) fail due to audit system
call failures within jails.
This is a RELENG_6 candidate.
Reported by: Christian Brueffer
Discussed with: rwatson
MFC after: 3 days
| -rw-r--r-- | sys/security/audit/audit_syscalls.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/sys/security/audit/audit_syscalls.c b/sys/security/audit/audit_syscalls.c index da894fd..fb55511 100644 --- a/sys/security/audit/audit_syscalls.c +++ b/sys/security/audit/audit_syscalls.c @@ -36,6 +36,7 @@ #include <sys/sysproto.h> #include <sys/systm.h> #include <sys/vnode.h> +#include <sys/jail.h> #include <bsm/audit.h> #include <bsm/audit_kevents.h> @@ -63,6 +64,8 @@ audit(struct thread *td, struct audit_args *uap) void * rec; struct kaudit_record *ar; + if (jailed(td->td_ucred)) + return (ENOSYS); error = suser(td); if (error) return (error); @@ -150,6 +153,8 @@ auditon(struct thread *td, struct auditon_args *uap) union auditon_udata udata; struct proc *tp; + if (jailed(td->td_ucred)) + return (ENOSYS); AUDIT_ARG(cmd, uap->cmd); error = suser(td); if (error) @@ -397,6 +402,8 @@ getauid(struct thread *td, struct getauid_args *uap) int error; au_id_t id; + if (jailed(td->td_ucred)) + return (ENOSYS); error = suser(td); if (error) return (error); @@ -419,6 +426,8 @@ setauid(struct thread *td, struct setauid_args *uap) int error; au_id_t id; + if (jailed(td->td_ucred)) + return (ENOSYS); error = suser(td); if (error) return (error); @@ -457,6 +466,8 @@ getaudit(struct thread *td, struct getaudit_args *uap) struct auditinfo ai; int error; + if (jailed(td->td_ucred)) + return (ENOSYS); error = suser(td); if (error) return (error); @@ -476,6 +487,8 @@ setaudit(struct thread *td, struct setaudit_args *uap) struct auditinfo ai; int error; + if (jailed(td->td_ucred)) + return (ENOSYS); error = suser(td); if (error) return (error); @@ -503,6 +516,8 @@ getaudit_addr(struct thread *td, struct getaudit_addr_args *uap) { int error; + if (jailed(td->td_ucred)) + return (ENOSYS); error = suser(td); if (error) return (error); @@ -516,6 +531,8 @@ setaudit_addr(struct thread *td, struct setaudit_addr_args *uap) { int error; + if (jailed(td->td_ucred)) + return (ENOSYS); error = suser(td); if (error) return (error); @@ -538,6 +555,8 @@ auditctl(struct thread *td, struct auditctl_args *uap) int error = 0; int flags, vfslocked; + if (jailed(td->td_ucred)) + return (ENOSYS); error = suser(td); if (error) return (error); |
