Vendor import of OpenBSM 1.0 alpha 11, with the following change history

notes since the last import:

OpenBSM 1.0 alpha 11

- Reclassify certain read/write operations as having no class rather than the
  fr/fw class; our default classes audit intent (open) not operations (read,
  write).
- Introduce AUE_SYSCTL_WRITE event so that BSD/Darwin systems can audit reads
  and writes of sysctls as separate events.  Add additional kernel
  environment and jail events for FreeBSD.
- Break AUDIT_TRIGGER_OPEN_NEW into two events, AUDIT_TRIGGER_ROTATE_USER
  (issued by the user audit(8) tool) and AUDIT_TRIGGER_ROTATE_KERNEL (issued
  by the kernel audit implementation) so that they can be distinguished.
- Disable rate limiting of rotate requests; as the kernel doesn't retransmit
  a dropped request, the log file will otherwise grow indefinitely if the
  trigger is dropped.
- Improve auditd debugging output.
- Fix a number of threading related bugs in audit_control file reading
  routines.
- Add APIs au_poltostr() and au_strtopol() to convert between text
  representations of audit_control policy flags and the flags passed to
  auditon(A_SETPOLICY) and retrieved from auditon(A_GETPOLICY).
- Add API getacpol() to return the 'policy:' entry from audit_control, an
  extension to the Solaris file format to allow specification of policy
  persistent flags.
- Update audump to print the audit_control policy field.
- Update auditd to read the audit_control policy field and set the kernel
  policy to match it when configuring/reconfiguring.  Remove the -s and -h
  arguments as these policies are now set via the configuration file.  If a
  policy line is not found in the configuration file, continue with the
  current default of setting AUDIT_CNT.
- Fix bugs in the parsing of large execve(2) arguments and environmental
  variable tokens; increase maximum parsed argument and variable count.
- configure now detects strlcat(), used by policy-related functions.
- Reference token and record sample files added to test tree.

Obtained from:	TrustedBSD Project

1 files changed, 9 insertions, 6 deletions

diff --git a/contrib/openbsm/etc/audit_event b/contrib/openbsm/etc/audit_event
index ebab4ed..346dff7 100644
--- a/contrib/openbsm/etc/audit_event
+++ b/contrib/openbsm/etc/audit_event
@@ -1,5 +1,5 @@
 #
-# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#12 $
+# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#15 $
 #
 0:AUE_NULL:indir system call:no
 1:AUE_EXIT:exit(2):pc
@@ -117,8 +117,8 @@
 113:AUE_SYSTEMBOOT:system booted:na
 114:AUE_ASYNC_DAEMON_EXIT:async_daemon(2) exited:ad
 115:AUE_NFSSVC_EXIT:nfssvc(2) exited:ad
-128:AUE_WRITEL:writel(2):fw
-129:AUE_WRITEVL:writevl(2):fw
+128:AUE_WRITEL:writel(2):no
+129:AUE_WRITEVL:writevl(2):no
 130:AUE_GETAUID:getauid(2):ad
 131:AUE_SETAUID:setauid(2):ad
 132:AUE_GETAUDIT:getaudit(2):ad
@@ -265,7 +265,7 @@
 325:AUE_DARWIN_KDEBUGTRACE:system call:pc
 326:AUE_DARWIN_FSTAT:fstat(2):fa
 327:AUE_DARWIN_FPATHCONF:fpathconf(2):fa
-328:AUE_DARWIN_GETDIRENTRIES:getdirentries(2):fr
+328:AUE_DARWIN_GETDIRENTRIES:getdirentries(2):no
 329:AUE_DARWIN_TRUNCATE:truncate(2):fw
 330:AUE_DARWIN_FTRUNCATE:ftruncate(2):fw
 331:AUE_DARWIN_SYSCTL:sysctl(3):ad
@@ -321,8 +321,8 @@
 43017:AUE_KDEBUGTRACE:system call:pc
 43018:AUE_FSTAT:fstat(2):fa
 43019:AUE_FPATHCONF:fpathconf(2):fa
-43020:AUE_GETDIRENTRIES:getdirentries(2):fr
-43021:AUE_SYSCTL:sysctl(3):ad
+43020:AUE_GETDIRENTRIES:getdirentries(2):no
+43021:AUE_SYSCTL:sysctl(3):ot
 43022:AUE_MLOCK:mlock(2):pc
 43023:AUE_MUNLOCK:munlock(2):pc
 43024:AUE_UNDELETE:undelete(2):fm
@@ -415,6 +415,9 @@
 43111:AUE_EXTATTR_SET_LINK:extattr_set_link(2):fm
 43112:AUE_EXTATTR_LIST_LINK:extattr_list_link(2):fa
 43113:AUE_EXTATTR_DELETE_LINK:extattr_delete_link(2):fm
+43114:AUE_KENV:kenv(8):ad
+43115:AUE_JAIL_ATTACH:jail_attach(2):ad
+43116:AUE_SYSCTL_WRITE:sysctl(3):ad
 #
 # User space system events.
 #