diff options
| author | bdrewery <bdrewery@FreeBSD.org> | 2016-02-24 22:30:22 +0000 |
|---|---|---|
| committer | bdrewery <bdrewery@FreeBSD.org> | 2016-02-24 22:30:22 +0000 |
| commit | ca8ffc54be838a41cfa28fee2ce0a222ce177cb7 (patch) | |
| tree | b45d3bab3ab3920531dcf1412ebbf56dd1f98317 /share | |
| parent | 266e77bc147fa578e8da09c0cc7e8b49f2acc829 (diff) | |
| download | FreeBSD-src-ca8ffc54be838a41cfa28fee2ce0a222ce177cb7.zip FreeBSD-src-ca8ffc54be838a41cfa28fee2ce0a222ce177cb7.tar.gz | |
MFC r294933,r294949,r294952,r294953,r294957,r294965,r294967,r294968,r295017,
r295026,r295027,r295029,r295030,r295649:
r294933:
Drop any previous fd when setting a new one.
r294949:
filemon_ioctl: Handle error from devfs_get_cdevpriv(9).
r294952:
filemon_ioctl: Lock the associated filemon handle before writing to it.
r294953:
filemon_comment has nothing to do with wrappers so move it out of
filemon_wrapper.c.
r294957:
filemon_dtr: Lock the associated filemon handle before writing to it.
r294965:
filemon: Use process_exit EVENTHANDLER to capture process exit.
r294967:
filemon: Trace fork via process_fork event.
r294968:
Follow-up r294967: Mark flags unused.
r295017:
filemon: Use process_exec EVENTHANDLER to capture sys_execve.
r295026:
filemon_open: Don't record a process to trace here.
r295027:
filemon: Track the process pointer rather than a pid.
r295029:
Document the purpose and non-purpose of filemon(4).
r295030:
Note the double fork behavior with filemon.
r295649:
filemon: Fix panic when fork1() is called from kproc_create().
Approved by: re (marius)
Diffstat (limited to 'share')
| -rw-r--r-- | share/man/man4/filemon.4 | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/share/man/man4/filemon.4 b/share/man/man4/filemon.4 index 585428b..fe0c430 100644 --- a/share/man/man4/filemon.4 +++ b/share/man/man4/filemon.4 @@ -31,7 +31,7 @@ .\" .\" $FreeBSD$ .\" -.Dd June 14, 2013 +.Dd January 28, 2016 .Dt FILEMON 4 .Os .Sh NAME @@ -49,6 +49,18 @@ responds to two .Xr ioctl 2 calls. .Pp +.Nm +is not intended to be a security auditing tool. +Many syscalls are not tracked and binaries of foreign ABI will not be fully +audited. +It is intended for auditing of processes for the purpose of determining its +dependencies in an efficient and easily parsable format. +An example of this is +.Xr make 1 +which uses this module with +.Sy .MAKE.MODE=meta +to handle incremental builds more smartly. +.Pp System calls are denoted using the following single letters: .Pp .Bl -tag -width indent -compact @@ -172,3 +184,12 @@ A .Nm device appeared in .Fx 9.1 . +.Sh BUGS +Loading +.Nm +may reduce system performance for the noted syscalls. +.Pp +Only children of the set process are logged. +Processes can escape being traced by double forking. +This is not seen as a problem as the intended use is build monitoring, which +does not make sense to have daemons for. |
