Add a new trace point, KTRFAC_CAPFAIL, which traces capability check

failures. It is included in the default set for ktrace(1) and kdump(1).
author: des <des@FreeBSD.org> 2011-10-11 20:37:10 +0000
committer: des <des@FreeBSD.org> 2011-10-11 20:37:10 +0000
commit: 9b8d9b3ed18d6b0c6f881baf309e3935335bc7b1 (patch)
tree: e9843d4ebf0bc386f58afa84935ecf276f03447c /sys/kern/sys_capability.c
parent: 42aa10a9a139809533ee7832f9cdecc8bead877d (diff)
download: FreeBSD-src-9b8d9b3ed18d6b0c6f881baf309e3935335bc7b1.zip
FreeBSD-src-9b8d9b3ed18d6b0c6f881baf309e3935335bc7b1.tar.gz
1 files changed, 9 insertions, 1 deletions
diff --git a/sys/kern/sys_capability.c b/sys/kern/sys_capability.c
index 2318b12..b22cfb2 100644
--- a/sys/kern/sys_capability.c
+++ b/sys/kern/sys_capability.c
@@ -52,6 +52,7 @@
  */
 
 #include "opt_capsicum.h"
+#include "opt_ktrace.h"
 
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
@@ -68,6 +69,8 @@ __FBSDID("$FreeBSD$");
 #include <sys/sysctl.h>
 #include <sys/systm.h>
 #include <sys/ucred.h>
+#include <sys/uio.h>
+#include <sys/ktrace.h>
 
 #include <security/audit/audit.h>
 
@@ -212,8 +215,13 @@ static int
 cap_check(struct capability *c, cap_rights_t rights)
 {
 
-	if ((c->cap_rights | rights) != c->cap_rights)
+	if ((c->cap_rights | rights) != c->cap_rights) {
+#ifdef KTRACE
+		if (KTRPOINT(curthread, KTR_CAPFAIL))
+			ktrcapfail(rights, c->cap_rights);
+#endif
 		return (ENOTCAPABLE);
+	}
 	return (0);
 }
author	des <des@FreeBSD.org>	2011-10-11 20:37:10 +0000
committer	des <des@FreeBSD.org>	2011-10-11 20:37:10 +0000
commit	9b8d9b3ed18d6b0c6f881baf309e3935335bc7b1 (patch)
tree	e9843d4ebf0bc386f58afa84935ecf276f03447c /sys/kern/sys_capability.c
parent	42aa10a9a139809533ee7832f9cdecc8bead877d (diff)
download	FreeBSD-src-9b8d9b3ed18d6b0c6f881baf309e3935335bc7b1.zip FreeBSD-src-9b8d9b3ed18d6b0c6f881baf309e3935335bc7b1.tar.gz