Revisit the capability failure trace points. The initial implementation

only logged instances where an operation on a file descriptor required capabilities which the file descriptor did not have. By adding a type enum to struct ktr_cap_fail, we can catch other types of capability failures as well, such as disallowed system calls or attempts to wrap a file descriptor with more capabilities than it had to begin with.
author: des <des@FreeBSD.org> 2011-10-18 07:28:58 +0000
committer: des <des@FreeBSD.org> 2011-10-18 07:28:58 +0000
commit: 1b405df8baa78dedceda6da24510b9597aad726d (patch)
tree: a66a1f7a0cad9c0bdb1b03d06f7f48c643033aca /sys/kern/kern_ktrace.c
parent: 6876e3d9c139cd8d3dbaaaaf463d9a1ff2103a5e (diff)
download: FreeBSD-src-1b405df8baa78dedceda6da24510b9597aad726d.zip
FreeBSD-src-1b405df8baa78dedceda6da24510b9597aad726d.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/kern/kern_ktrace.c b/sys/kern/kern_ktrace.c
index bf99971..3bb529f 100644
--- a/sys/kern/kern_ktrace.c
+++ b/sys/kern/kern_ktrace.c
@@ -772,7 +772,8 @@ ktrstruct(name, data, datalen)
 }
 
 void
-ktrcapfail(needed, held)
+ktrcapfail(type, needed, held)
+	enum ktr_cap_fail_type type;
 	cap_rights_t needed;
 	cap_rights_t held;
 {
@@ -784,6 +785,7 @@ ktrcapfail(needed, held)
 	if (req == NULL)
 		return;
 	kcf = &req->ktr_data.ktr_cap_fail;
+	kcf->cap_type = type;
 	kcf->cap_needed = needed;
 	kcf->cap_held = held;
 	ktr_enqueuerequest(td, req);
author	des <des@FreeBSD.org>	2011-10-18 07:28:58 +0000
committer	des <des@FreeBSD.org>	2011-10-18 07:28:58 +0000
commit	1b405df8baa78dedceda6da24510b9597aad726d (patch)
tree	a66a1f7a0cad9c0bdb1b03d06f7f48c643033aca /sys/kern/kern_ktrace.c
parent	6876e3d9c139cd8d3dbaaaaf463d9a1ff2103a5e (diff)
download	FreeBSD-src-1b405df8baa78dedceda6da24510b9597aad726d.zip FreeBSD-src-1b405df8baa78dedceda6da24510b9597aad726d.tar.gz