<feed xmlns='http://www.w3.org/2005/Atom'>
<title>src/sys/security/audit, branch release/7.0.0_cvs</title>
<subtitle>FreeBSD source tree</subtitle>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/'/>
<entry>
<title>This commit was manufactured by cvs2svn to create tag</title>
<updated>2008-02-24T05:45:17+00:00</updated>
<author>
<name>cvs2svn</name>
<email>cvs2svn@FreeBSD.org</email>
</author>
<published>2008-02-24T05:45:17+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=a9c219fa3cec18ef9f30edec6fa106bf0e2d423d'/>
<id>a9c219fa3cec18ef9f30edec6fa106bf0e2d423d</id>
<content type='text'>
'RELENG_7_0_0_RELEASE'.

This commit was manufactured to restore the state of the 7.0-RELEASE image.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
'RELENG_7_0_0_RELEASE'.

This commit was manufactured to restore the state of the 7.0-RELEASE image.
</pre>
</div>
</content>
</entry>
<entry>
<title>MFC revision 1.23</title>
<updated>2008-02-05T14:36:41+00:00</updated>
<author>
<name>Christian S.J. Peron</name>
<email>csjp@FreeBSD.org</email>
</author>
<published>2008-02-05T14:36:41+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=0f93896fb469131242f98ef85404ba6da6e697aa'/>
<id>0f93896fb469131242f98ef85404ba6da6e697aa</id>
<content type='text'>
Make sure we handle listen() and eliminate console messages for unknown
event types.

Approved by:	re@ (kensmith)
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Make sure we handle listen() and eliminate console messages for unknown
event types.

Approved by:	re@ (kensmith)
</pre>
</div>
</content>
</entry>
<entry>
<title>MFC revision 1.13</title>
<updated>2007-11-04T16:44:48+00:00</updated>
<author>
<name>Christian S.J. Peron</name>
<email>csjp@FreeBSD.org</email>
</author>
<published>2007-11-04T16:44:48+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=9731ff5b8b75694564413526e3a405aee36d21a9'/>
<id>9731ff5b8b75694564413526e3a405aee36d21a9</id>
<content type='text'>
Make sure we are incrementing read counters

Approved by:	re@ (kensmith)
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Make sure we are incrementing read counters

Approved by:	re@ (kensmith)
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge audit.c:1.35, audit_bsm_klib.c:1.8 from HEAD to RELENG_7:</title>
<updated>2007-11-02T09:53:32+00:00</updated>
<author>
<name>Robert Watson</name>
<email>rwatson@FreeBSD.org</email>
</author>
<published>2007-11-02T09:53:32+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=89ee7c98a791a27c0eaaed761312aaeebfb389fb'/>
<id>89ee7c98a791a27c0eaaed761312aaeebfb389fb</id>
<content type='text'>
  Replace use of AU_NULL with 0 when no audit classes are in use; this
  supports the removal of hard-coded audit class constants in OpenBSM
  1.0.  All audit classes are now dynamically configured via the
  audit_class database.

  Obtained from:  TrustedBSD Project

Approved by:	re (kensmith)
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
  Replace use of AU_NULL with 0 when no audit classes are in use; this
  supports the removal of hard-coded audit class constants in OpenBSM
  1.0.  All audit classes are now dynamically configured via the
  audit_class database.

  Obtained from:  TrustedBSD Project

Approved by:	re (kensmith)
</pre>
</div>
</content>
</entry>
<entry>
<title>MFC revision 1.21, use extended process tokens by default</title>
<updated>2007-11-01T19:03:03+00:00</updated>
<author>
<name>Christian S.J. Peron</name>
<email>csjp@FreeBSD.org</email>
</author>
<published>2007-11-01T19:03:03+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=267c460267f9682d68b6673171dac6e3285bf108'/>
<id>267c460267f9682d68b6673171dac6e3285bf108</id>
<content type='text'>
Approved by:	re@ (kensmith)
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Approved by:	re@ (kensmith)
</pre>
</div>
</content>
</entry>
<entry>
<title>MFC audit_pipe.c revision 1.12</title>
<updated>2007-10-20T15:11:00+00:00</updated>
<author>
<name>Christian S.J. Peron</name>
<email>csjp@FreeBSD.org</email>
</author>
<published>2007-10-20T15:11:00+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=a3bcc961627a8fb0c01f258dcaa2ce8952d2db9b'/>
<id>a3bcc961627a8fb0c01f258dcaa2ce8952d2db9b</id>
<content type='text'>
Approved by:	re@ (kensmith)
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Approved by:	re@ (kensmith)
</pre>
</div>
</content>
</entry>
<entry>
<title>Remove two boot printfs generated by Audit to announce it's presence,</title>
<updated>2007-07-01T20:51:30+00:00</updated>
<author>
<name>Robert Watson</name>
<email>rwatson@FreeBSD.org</email>
</author>
<published>2007-07-01T20:51:30+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=536b4050930d88a24e8ee835c55e313dc30a0e9b'/>
<id>536b4050930d88a24e8ee835c55e313dc30a0e9b</id>
<content type='text'>
and replace with software-testable sysctl node (security.audit) that
can be used to detect kernel audit support.

Obtained from:	TrustedBSD Project
Approved by:	re (kensmith)
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
and replace with software-testable sysctl node (security.audit) that
can be used to detect kernel audit support.

Obtained from:	TrustedBSD Project
Approved by:	re (kensmith)
</pre>
</div>
</content>
</entry>
<entry>
<title>- Add audit_arg_audinfo_addr() for auditing the arguments for setaudit_addr(2)</title>
<updated>2007-06-27T17:01:15+00:00</updated>
<author>
<name>Christian S.J. Peron</name>
<email>csjp@FreeBSD.org</email>
</author>
<published>2007-06-27T17:01:15+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=cac465aa7f2ffef15bd286f0fe0908e4d740361b'/>
<id>cac465aa7f2ffef15bd286f0fe0908e4d740361b</id>
<content type='text'>
- In audit_bsm.c, make sure all the arguments: ARG_AUID, ARG_ASID, ARG_AMASK,
  and ARG_TERMID{_ADDR} are valid before auditing their arguments. (This is done
  for both setaudit and setaudit_addr.
- Audit the arguments passed to setaudit_addr(2)
- AF_INET6 does not equate to AU_IPv6. Change this in au_to_in_addr_ex() so the
  audit token is created with the correct type. This fixes the processing of the
  in_addr_ex token in users pace.
- Change the size of the token (as generated by the kernel) from 5*4 bytes to
  4*4 bytes (the correct size of an ip6 address)
- Correct regression from ucred work which resulted in getaudit() not returning
  E2BIG if the subject had an ip6 termid
- Correct slight regression in getaudit(2) which resulted in the size of a pointer
  being passed instead of the size of the structure. (This resulted in invalid
  auditinfo data being returned via getaudit(2))

Reviewed by:	rwatson
Approved by:	re@ (kensmith)
Obtained from:	TrustedBSD Project
MFC after:	1 month
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
- In audit_bsm.c, make sure all the arguments: ARG_AUID, ARG_ASID, ARG_AMASK,
  and ARG_TERMID{_ADDR} are valid before auditing their arguments. (This is done
  for both setaudit and setaudit_addr.
- Audit the arguments passed to setaudit_addr(2)
- AF_INET6 does not equate to AU_IPv6. Change this in au_to_in_addr_ex() so the
  audit token is created with the correct type. This fixes the processing of the
  in_addr_ex token in users pace.
- Change the size of the token (as generated by the kernel) from 5*4 bytes to
  4*4 bytes (the correct size of an ip6 address)
- Correct regression from ucred work which resulted in getaudit() not returning
  E2BIG if the subject had an ip6 termid
- Correct slight regression in getaudit(2) which resulted in the size of a pointer
  being passed instead of the size of the structure. (This resulted in invalid
  auditinfo data being returned via getaudit(2))

Reviewed by:	rwatson
Approved by:	re@ (kensmith)
Obtained from:	TrustedBSD Project
MFC after:	1 month
</pre>
</div>
</content>
</entry>
<entry>
<title>Add a new MAC framework and policy entry point,</title>
<updated>2007-06-26T14:14:01+00:00</updated>
<author>
<name>Robert Watson</name>
<email>rwatson@FreeBSD.org</email>
</author>
<published>2007-06-26T14:14:01+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=f1e8bf6dd4ae5a1dc8ab028911da059811bd3a9c'/>
<id>f1e8bf6dd4ae5a1dc8ab028911da059811bd3a9c</id>
<content type='text'>
mpo_check_proc_setaudit_addr to be used when controlling use of
setaudit_addr(), rather than mpo_check_proc_setaudit(), which takes a
different argument type.

Reviewed by:	csjp
Approved by:	re (kensmith)
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
mpo_check_proc_setaudit_addr to be used when controlling use of
setaudit_addr(), rather than mpo_check_proc_setaudit(), which takes a
different argument type.

Reviewed by:	csjp
Approved by:	re (kensmith)
</pre>
</div>
</content>
</entry>
<entry>
<title>In setaudit_addr(), drop the process lock in error cases.</title>
<updated>2007-06-15T15:20:56+00:00</updated>
<author>
<name>Robert Watson</name>
<email>rwatson@FreeBSD.org</email>
</author>
<published>2007-06-15T15:20:56+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=f640bf47676a18c65b0bdd0991ff8fa3ff5a9788'/>
<id>f640bf47676a18c65b0bdd0991ff8fa3ff5a9788</id>
<content type='text'>
Submitted by:	Peter Holm &lt;peter@holm.cc&gt; (BugMaster)
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Submitted by:	Peter Holm &lt;peter@holm.cc&gt; (BugMaster)
</pre>
</div>
</content>
</entry>
</feed>
