FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=release%2F9.0.0 2011-03-01T13:14:28Z 2011-03-01T13:14:28Z Robert Watson rwatson@FreeBSD.org 2011-03-01T13:14:28Z urn:sha1:25122f5c5fc022baacef53ab88688fa374bec4eb constant to indicate that a system call (or perhaps an operation requested via a system call) is not permitted for a capability mode process. Submitted by: anderson Sponsored by: Google, Inc. Obtained from: Capsicum Project MFC after: 1 week 2009-09-29T21:25:59Z Robert Watson rwatson@FreeBSD.org 2009-09-29T21:25:59Z urn:sha1:b2fc0323aeee453c02a343703d689798dcec267a a future OpenBSM release. Sponsored by: Google Obtained from: TrustedBSD Project MFC after: 3 weeks 2009-07-17T14:02:20Z Robert Watson rwatson@FreeBSD.org 2009-07-17T14:02:20Z urn:sha1:597df30e62c04ff3e8d1e03f997b67427494a5cd contrib/openbsm and a subset also imported into sys/security/audit. This patch release addresses several minor issues: - Fixes to AUT_SOCKUNIX token parsing. - IPv6 support for au_to_me(3). - Improved robustness in the parsing of audit_control, especially long flags/naflags strings and whitespace in all fields. - Add missing conversion of a number of FreeBSD/Mac OS X errnos to/from BSM error number space. MFC after: 3 weeks Obtained from: TrustedBSD Project Sponsored by: Apple, Inc. Approved by: re (kib) 2009-07-17T12:18:39Z Robert Watson rwatson@FreeBSD.org 2009-07-17T12:18:39Z urn:sha1:5d171016e7ded77bb3a5eaff82d036a250f515bb since the last imported OpenBSM release: OpenBSM 1.1p1 - Fixes to AUT_SOCKUNIX token parsing. - IPv6 support for au_to_me(3). - Improved robustness in the parsing of audit_control, especially long flags/naflags strings and whitespace in all fields. - Add missing conversion of a number of FreeBSD/Mac OS X errnos to/from BSM error number space. Obtained from: TrustedBSD Project Sponsored by: Apple, Inc. 2009-07-08T15:23:18Z Edward Tomasz Napierala trasz@FreeBSD.org 2009-07-08T15:23:18Z urn:sha1:c38898116a2737ea168993b9419c4370e7280303 if the new file mode is the same as it was before; however, this optimization must be disabled for filesystems that support NFSv4 ACLs. Chmod uses pathconf(2) to determine whether this is the case - however, pathconf(2) always follows symbolic links, while the 'chmod -h' doesn't. This change adds lpathconf(3) to make it possible to solve that problem in a clean way. Reviewed by: rwatson (earlier version) Approved by: re (kib) 2009-04-19T16:17:13Z Robert Watson rwatson@FreeBSD.org 2009-04-19T16:17:13Z urn:sha1:c0020399a650364d0134f79f3fa319f84064372d OpenBSM history for imported revision below for reference. MFC after: 2 weeks Sponsored by: Apple, Inc. Obtained from: TrustedBSD Project OpenBSM 1.1 - Change auditon(2) parameters and data structures to be 32/64-bit architecture independent. Add more information to man page about auditon(2) parameters. - Add wrapper functions for auditon(2) to use legacy commands when the new commands are not supported. - Add default for 'expire-after' in audit_control to expire trail files when the audit directory is more than 10 megabytes ('10M'). - Interface to convert between local and BSM fcntl(2) command values has been added: au_bsm_to_fcntl_cmd(3) and au_fcntl_cmd_to_bsm(3), along with definitions of constants in audit_fcntl.h. - A bug, introduced in OpenBSM 1.1 alpha 4, in which AUT_RETURN32 tokens generated by audit_submit(3) were improperly encoded has been fixed. - Fix example in audit_submit(3) man page. Also, make it clear that we want the audit ID as the argument. - A new audit event class 'aa', for post-login authentication and authorization events, has been added. 2009-04-19T15:18:16Z Robert Watson rwatson@FreeBSD.org 2009-04-19T15:18:16Z urn:sha1:a751bb747008d2d65523ad2bb7693437b6a3d185 since the last imported OpenBSM release: OpenBSM 1.1 - Change auditon(2) parameters and data structures to be 32/64-bit architecture independent. Add more information to man page about auditon(2) parameters. - Add wrapper functions for auditon(2) to use legacy commands when the new commands are not supported. - Add default for 'expire-after' in audit_control to expire trail files when the audit directory is more than 10 megabytes ('10M'). - Interface to convert between local and BSM fcntl(2) command values has been added: au_bsm_to_fcntl_cmd(3) and au_fcntl_cmd_to_bsm(3), along with definitions of constants in audit_fcntl.h. - A bug, introduced in OpenBSM 1.1 alpha 4, in which AUT_RETURN32 tokens generated by audit_submit(3) were improperly encoded has been fixed. - Fix example in audit_submit(3) man page. Also, make it clear that we want the audit ID as the argument. - A new audit event class 'aa', for post-login authentication and authorization events, has been added. Obtained from: TrustedBSD Project Sponsored by: Apple, Inc. 2009-04-19T14:53:17Z Robert Watson rwatson@FreeBSD.org 2009-04-19T14:53:17Z urn:sha1:4df4e33572998a0342707718ac8796ac3d21e33c - Add and use mapping of fcntl(2) commands to new BSM constant space. - Adopt (int) rather than (long) arguments to a number of auditon(2) commands, as has happened in Solaris, and add compatibility code to handle the old comments. Note that BSM_PF_IEEE80211 is partially but not fully removed, as the userspace OpenBSM 1.1alpha5 code still depends on it. Once userspace is updated, I'll GCC the kernel constant. MFC after: 2 weeks Sponsored by: Apple, Inc. Obtained from: TrustedBSD Project Portions submitted by: sson 2009-04-16T20:17:32Z Robert Watson rwatson@FreeBSD.org 2009-04-16T20:17:32Z urn:sha1:fe6939906918258e6c2cf78df5f5f14d893ec1a0 audit_bsm_fcntl.c contain utility routines to map local fcntl commands into BSM constants. Adaptation to the FreeBSD kernel environment will follow in a future commit. Sponsored by: Apple, Inc. Obtained from: TrustedBSD Project MFC after: 2 weeks 2009-03-02T13:29:18Z Robert Watson rwatson@FreeBSD.org 2009-03-02T13:29:18Z urn:sha1:06edd2f1e825e5a29a55208e4b35e75dc8a008e8 contrib/openbsm (svn merge) and src/sys/{bsm,security/audit} (manual merge). OpenBSM history for imported revision below for reference. MFC after: 1 month Sponsored by: Apple, Inc. Obtained from: TrustedBSD Project OpenBSM 1.1 beta 1 - The filesz parameter in audit_control(5) now accepts suffixes: 'B' for Bytes, 'K' for Kilobytes, 'M' for Megabytes, and 'G' for Gigabytes. For legacy support no suffix defaults to bytes. - Audit trail log expiration support added. It is configured in audit_control(5) with the expire-after parameter. If there is no expire-after parameter in audit_control(5), the default, then the audit trail files are not expired and removed. See audit_control(5) for more information. - Change defaults in audit_control: warn at 5% rather than 20% free for audit partitions, rotate automatically at 2mb, and set the default policy to cnt,argv rather than cnt so that execve(2) arguments are captured if AUE_EXECVE events are audited. These may provide more usable defaults for many users. - Use au_domain_to_bsm(3) and au_socket_type_to_bsm(3) to convert au_to_socket_ex(3) arguments to BSM format. - Fix error encoding AUT_IPC_PERM tokens.