From acf5da1d357825978c6574d39909901e5174e4a7 Mon Sep 17 00:00:00 2001
From: rwatson <rwatson@FreeBSD.org>
Date: Mon, 25 Aug 2008 13:50:01 +0000
Subject: More fully audit fexecve(2) and its arguments.

Obtained from:	TrustedBSD Project
Sponsored by:	Google, Inc.
---
 sys/security/audit/audit_bsm.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'sys/security/audit/audit_bsm.c')

diff --git a/sys/security/audit/audit_bsm.c b/sys/security/audit/audit_bsm.c
index a7fbb21..e060727 100644
--- a/sys/security/audit/audit_bsm.c
+++ b/sys/security/audit/audit_bsm.c
@@ -762,6 +762,13 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
 		EXTATTR_TOKENS;
 		break;
 
+	case AUE_FEXECVE:
+		if (ARG_IS_VALID(kar, ARG_FD)) {
+			tok = au_to_arg32(1, "fd", ar->ar_arg_fd);
+			kau_write(rec, tok);
+		}
+		/* FALLTHROUGH */
+
 	case AUE_EXECVE:
 		if (ARG_IS_VALID(kar, ARG_ARGV)) {
 			tok = au_to_exec_args(ar->ar_arg_argv,
-- 
cgit v1.1