Add new fields to process-related data structures:

- td_ar to struct thread, which holds the in-progress audit record during
  a system call.

- p_au to struct proc, which holds per-process audit state, such as the
  audit identifier, audit terminal, and process audit masks.

In the earlier implementation, td_ar was added to the zero'd section of
struct thread.  In order to facilitate merging to RELENG_6, it has been
moved to the end of the data structure, requiring explicit
initalization in the thread constructor.

Much help from:	wsalamon
Obtained from:	TrustedBSD Project

2 files changed, 11 insertions, 0 deletions

diff --git a/sys/security/audit/audit.c b/sys/security/audit/audit.c
index b2f1143..1d3c3e6 100644
--- a/sys/security/audit/audit.c
+++ b/sys/security/audit/audit.c
@@ -1015,6 +1015,16 @@ audit_proc_alloc(struct proc *p)
 	//printf("audit_proc_alloc: pid %d p_au %p\n", p->p_pid, p->p_au);
 }
 
+/*
+ * Allocate storage for a new thread.
+ */
+void
+audit_thread_alloc(struct thread *td)
+{
+
+	td->td_ar = NULL;
+}
+
 /* 
  * Initialize the audit information for the a process, presumably the first 
  * process in the system.
diff --git a/sys/security/audit/audit.h b/sys/security/audit/audit.h
index 3dbabcd..f889f3b 100644
--- a/sys/security/audit/audit.h
+++ b/sys/security/audit/audit.h
@@ -180,6 +180,7 @@ void			 audit_proc_init(struct proc *p);
 void			 audit_proc_fork(struct proc *parent, 
 					 struct proc *child);
 void			 audit_proc_free(struct proc *p);
+void			 audit_thread_alloc(struct thread *td);
 
 /*
  * Define a macro to wrap the audit_arg_* calls by checking the global