summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--sys/kern/kern_exec.c2
-rw-r--r--sys/security/audit/audit_bsm.c7
2 files changed, 9 insertions, 0 deletions
diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c
index 0d1e871d4154..8ea45d5b1e13 100644
--- a/sys/kern/kern_exec.c
+++ b/sys/kern/kern_exec.c
@@ -412,11 +412,13 @@ interpret:
binvp = ndp->ni_vp;
imgp->vp = binvp;
} else {
+ AUDIT_ARG(fd, args->fd);
error = fgetvp(td, args->fd, &binvp);
if (error)
goto exec_fail;
vfslocked = VFS_LOCK_GIANT(binvp->v_mount);
vn_lock(binvp, LK_EXCLUSIVE | LK_RETRY);
+ AUDIT_ARG(vnode, binvp, ARG_VNODE1);
imgp->vp = binvp;
}
diff --git a/sys/security/audit/audit_bsm.c b/sys/security/audit/audit_bsm.c
index a7fbb210994e..e06072705248 100644
--- a/sys/security/audit/audit_bsm.c
+++ b/sys/security/audit/audit_bsm.c
@@ -762,6 +762,13 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
EXTATTR_TOKENS;
break;
+ case AUE_FEXECVE:
+ if (ARG_IS_VALID(kar, ARG_FD)) {
+ tok = au_to_arg32(1, "fd", ar->ar_arg_fd);
+ kau_write(rec, tok);
+ }
+ /* FALLTHROUGH */
+
case AUE_EXECVE:
if (ARG_IS_VALID(kar, ARG_ARGV)) {
tok = au_to_exec_args(ar->ar_arg_argv,
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-09 21:03:04 +0000