diff options
| author | pjd <pjd@FreeBSD.org> | 2012-11-30 23:21:55 +0000 |
|---|---|---|
| committer | pjd <pjd@FreeBSD.org> | 2012-11-30 23:21:55 +0000 |
| commit | 24607bdcd0b65d745a2ab81695f25ba6af31d441 (patch) | |
| tree | 6aae72fa20653a6e4ae445d9b77ef0b91862f87a /sys/security | |
| parent | 632d7191a2034f3e655f731e7828c7ddd32bc0e5 (diff) | |
| download | FreeBSD-src-24607bdcd0b65d745a2ab81695f25ba6af31d441.zip FreeBSD-src-24607bdcd0b65d745a2ab81695f25ba6af31d441.tar.gz | |
IFp4 @208452:
Audit handling for missing events:
- AUE_READLINKAT
- AUE_FACCESSAT
- AUE_MKDIRAT
- AUE_MKFIFOAT
- AUE_MKNODAT
- AUE_SYMLINKAT
Sponsored by: FreeBSD Foundation (auditdistd)
MFC after: 2 weeks
Diffstat (limited to 'sys/security')
| -rw-r--r-- | sys/security/audit/audit_bsm.c | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/sys/security/audit/audit_bsm.c b/sys/security/audit/audit_bsm.c index a8fcd8f..6e49b51 100644 --- a/sys/security/audit/audit_bsm.c +++ b/sys/security/audit/audit_bsm.c @@ -724,13 +724,6 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau) */ break; - case AUE_MKFIFO: - if (ARG_IS_VALID(kar, ARG_MODE)) { - tok = au_to_arg32(2, "mode", ar->ar_arg_mode); - kau_write(rec, tok); - } - /* FALLTHROUGH */ - case AUE_CHDIR: case AUE_CHROOT: case AUE_FSTATAT: @@ -743,6 +736,7 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau) case AUE_LPATHCONF: case AUE_PATHCONF: case AUE_READLINK: + case AUE_READLINKAT: case AUE_REVOKE: case AUE_RMDIR: case AUE_SEARCHFS: @@ -762,6 +756,8 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau) case AUE_ACCESS: case AUE_EACCESS: + case AUE_FACCESSAT: + ATFD1_TOKENS(1); UPATH1_VNODE1_TOKENS; if (ARG_IS_VALID(kar, ARG_VALUE)) { tok = au_to_arg32(2, "mode", ar->ar_arg_value); @@ -1059,6 +1055,10 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau) break; case AUE_MKDIR: + case AUE_MKDIRAT: + case AUE_MKFIFO: + case AUE_MKFIFOAT: + ATFD1_TOKENS(1); if (ARG_IS_VALID(kar, ARG_MODE)) { tok = au_to_arg32(2, "mode", ar->ar_arg_mode); kau_write(rec, tok); @@ -1067,6 +1067,8 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau) break; case AUE_MKNOD: + case AUE_MKNODAT: + ATFD1_TOKENS(1); if (ARG_IS_VALID(kar, ARG_MODE)) { tok = au_to_arg32(2, "mode", ar->ar_arg_mode); kau_write(rec, tok); @@ -1546,10 +1548,12 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau) break; case AUE_SYMLINK: + case AUE_SYMLINKAT: if (ARG_IS_VALID(kar, ARG_TEXT)) { tok = au_to_text(ar->ar_arg_text); kau_write(rec, tok); } + ATFD1_TOKENS(1); UPATH1_VNODE1_TOKENS; break; |
