From 1b405df8baa78dedceda6da24510b9597aad726d Mon Sep 17 00:00:00 2001
From: des <des@FreeBSD.org>
Date: Tue, 18 Oct 2011 07:28:58 +0000
Subject: Revisit the capability failure trace points.  The initial
 implementation only logged instances where an operation on a file descriptor
 required capabilities which the file descriptor did not have.  By adding a
 type enum to struct ktr_cap_fail, we can catch other types of capability
 failures as well, such as disallowed system calls or attempts to wrap a file
 descriptor with more capabilities than it had to begin with.

---
 sys/kern/kern_ktrace.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'sys/kern/kern_ktrace.c')

diff --git a/sys/kern/kern_ktrace.c b/sys/kern/kern_ktrace.c
index bf99971..3bb529f 100644
--- a/sys/kern/kern_ktrace.c
+++ b/sys/kern/kern_ktrace.c
@@ -772,7 +772,8 @@ ktrstruct(name, data, datalen)
 }
 
 void
-ktrcapfail(needed, held)
+ktrcapfail(type, needed, held)
+	enum ktr_cap_fail_type type;
 	cap_rights_t needed;
 	cap_rights_t held;
 {
@@ -784,6 +785,7 @@ ktrcapfail(needed, held)
 	if (req == NULL)
 		return;
 	kcf = &req->ktr_data.ktr_cap_fail;
+	kcf->cap_type = type;
 	kcf->cap_needed = needed;
 	kcf->cap_held = held;
 	ktr_enqueuerequest(td, req);
-- 
cgit v1.1