This commit was generated by cvs2svn to compensate for changes in r162503,

which included commits to RCS files with non-trunk default branches.

2 files changed, 59 insertions, 3 deletions

diff --git a/contrib/openbsm/man/audit_control.5 b/contrib/openbsm/man/audit_control.5
index dd39afc..edd38bb 100644
--- a/contrib/openbsm/man/audit_control.5
+++ b/contrib/openbsm/man/audit_control.5
@@ -25,7 +25,7 @@
 .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#9 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#11 $
 .\"
 .Dd January 4, 2006
 .Dt AUDIT_CONTROL 5
@@ -63,6 +63,9 @@ an action cannot be attributed to a specific user.
 The minimum free space required on the file system audit logs are being written to.
 When the free space falls below this limit a warning will be issued.
 Not currently used as the value of 20 percent is chosen by the kernel.
+.It Va policy
+A list of global audit policy flags specifying various behaviors, such as
+fail stop, auditing of paths and arguments, etc.
 .El
 .Sh AUDIT FLAGS
 Audit flags are a comma-delimited list of audit classes as defined in the
@@ -86,6 +89,53 @@ Do not record successful events
 .It ^-
 Do not record failed events
 .El
+.Sh AUDIT POLICY FLAGS
+The policy flags field is a comma-delimited list of policy flags from the
+following list:
+.Pp
+.Bl -tag -width zonename -compact -offset indent
+.It cnt
+Allow processes to continue running even though events are not being audited.
+If not set, processes will be suspended when the audit store space is
+exhausted.
+Currently, this is not a recoverable state.
+.It ahlt
+Fail stop the system if unable to audit an event--this consists of first
+draining pending records to disk, and then halting the operating system.
+.It argv
+Audit command line arguments to
+.Xr execve 2 .
+.It arge
+Audit environmental variable arguments to
+.Xr execve 2 .
+.It seq
+Include a unique audit sequence number token in generated audit records (not
+implemented on FreeBSD or Darwin).
+.It group
+Include supplementary groups list in generated audit records (not implemented
+on FreeBSD or Darwin; supplementary groups are never included in records on
+these systems).
+.It trail
+Append a trailer token to each audit record (not implemented on FreeBSD or
+Darwin; trailers are always included in records on these systems).
+.It path
+Include secondary file paths in audit records (not implemented on FreeBSD or
+Darwin; secondary paths are never included in records on these systems).
+.It zonename
+Include a zone ID token with each audit record (not implemented on FreeBSD or
+Darwin; FreeBSD audit records do not currently include the jail ID or name.)
+.It perzone
+Enable auditing for each local zone (not implemented on FreeBSD or Darwin; on
+FreeBSD, audit records are collected from all jails and placed in a single
+global trail, and only limited audit controls are permitted within a jail.)
+.El
+.Pp
+It is recommended that installations set the
+.Dv cnt
+flag but not
+.Dv ahlt
+flag unless it is intended that audit logs exceeding available disk space
+halt the system.
 .Sh DEFAULT
 The following settings appear in the default
 .Nm
@@ -95,12 +145,18 @@ dir:/var/audit
 flags:lo
 minfree:20
 naflags:lo
+policy:cnt
 .Ed
 .Pp
 The
 .Va flags
 parameter above specifies the system-wide mask corresponding to login/logout
 events.
+The
+.Va policy
+parameter specifies that the system should neither fail stop nor suspend
+processes when the audit store fills.
+will be audited.
 .Sh FILES
 .Bl -tag -width "/etc/security/audit_control" -compact
 .It Pa /etc/security/audit_control
diff --git a/contrib/openbsm/man/auditon.2 b/contrib/openbsm/man/auditon.2
index 9dedbba..04eb775 100644
--- a/contrib/openbsm/man/auditon.2
+++ b/contrib/openbsm/man/auditon.2
@@ -25,7 +25,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#7 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#8 $
 .\"
 .Dd April 19, 2005
 .Dt AUDITON 2
@@ -192,7 +192,7 @@ structure. The
 field will be set to the maximum audit log file size.
 A value of 0 indicates no limit to the size.
 The
-.Ft af_filesz
+.Ft af_currsz
 will be set to the current audit log file size.
 .It Dv A_GETCWD
 .\" [COMMENTED OUT]: Valid description, not yet implemented.