From b7ec793bc800e8ebcc73c3f5371a4bf478262d8f Mon Sep 17 00:00:00 2001
From: csjp <csjp@FreeBSD.org>
Date: Thu, 17 Jan 2013 21:02:53 +0000
Subject: Implement the zonename token for jailed processes.  If a process has
 an auditid/preselection masks specified, and is jailed, include the zonename
 (jailname) token as a part of the audit record.

Reviewed by:	pjd
MFC after:	2 weeks
---
 sys/security/audit/audit.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'sys/security/audit/audit.c')

diff --git a/sys/security/audit/audit.c b/sys/security/audit/audit.c
index 2063c9d..cb3406d 100644
--- a/sys/security/audit/audit.c
+++ b/sys/security/audit/audit.c
@@ -38,6 +38,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/filedesc.h>
 #include <sys/fcntl.h>
 #include <sys/ipc.h>
+#include <sys/jail.h>
 #include <sys/kernel.h>
 #include <sys/kthread.h>
 #include <sys/malloc.h>
@@ -211,6 +212,7 @@ audit_record_ctor(void *mem, int size, void *arg, int flags)
 	struct kaudit_record *ar;
 	struct thread *td;
 	struct ucred *cred;
+	struct prison *pr;
 
 	KASSERT(sizeof(*ar) == size, ("audit_record_ctor: wrong size"));
 
@@ -233,6 +235,17 @@ audit_record_ctor(void *mem, int size, void *arg, int flags)
 	ar->k_ar.ar_subj_pid = td->td_proc->p_pid;
 	ar->k_ar.ar_subj_amask = cred->cr_audit.ai_mask;
 	ar->k_ar.ar_subj_term_addr = cred->cr_audit.ai_termid;
+	/*
+	 * If this process is jailed, make sure we capture the name of the
+	 * jail so we can use it to generate a zonename token when we covert
+	 * this record to BSM.
+	 */
+	if (jailed(cred)) {
+		pr = cred->cr_prison;
+		(void) strlcpy(ar->k_ar.ar_jailname, pr->pr_name,
+		    sizeof(ar->k_ar.ar_jailname));
+	} else
+		ar->k_ar.ar_jailname[0] = '\0';
 	return (0);
 }
 
-- 
cgit v1.1