diff options
| -rw-r--r-- | contrib/openbsm/etc/audit_event | 2 | ||||
| -rw-r--r-- | contrib/openbsm/sys/bsm/audit_kevents.h | 2 | ||||
| -rw-r--r-- | sys/kern/kern_descrip.c | 4 | ||||
| -rw-r--r-- | sys/security/audit/audit_bsm.c | 15 | ||||
| -rw-r--r-- | tests/sys/audit/file-close.c | 4 |
5 files changed, 25 insertions, 2 deletions
diff --git a/contrib/openbsm/etc/audit_event b/contrib/openbsm/etc/audit_event index b397674564c6..be3557597eee 100644 --- a/contrib/openbsm/etc/audit_event +++ b/contrib/openbsm/etc/audit_event @@ -614,6 +614,8 @@ 43261:AUE_LGETUUID:lgetuuid(2):ip 43262:AUE_EXECVEAT:execveat(2):pc,ex 43263:AUE_SHMRENAME:shm_rename(2):ip +43264:AUE_REALPATHAT:realpathat(2):fa +43265:AUE_CLOSERANGE:close_range(2):cl # # Solaris userspace events. # diff --git a/contrib/openbsm/sys/bsm/audit_kevents.h b/contrib/openbsm/sys/bsm/audit_kevents.h index afa8c0f37a31..ec51f501e3a7 100644 --- a/contrib/openbsm/sys/bsm/audit_kevents.h +++ b/contrib/openbsm/sys/bsm/audit_kevents.h @@ -653,6 +653,8 @@ #define AUE_LGETUUID 43261 /* CADETS. */ #define AUE_EXECVEAT 43262 /* FreeBSD/Linux. */ #define AUE_SHMRENAME 43263 /* FreeBSD-specific. */ +#define AUE_REALPATHAT 43264 /* FreeBSD-specific. */ +#define AUE_CLOSERANGE 43265 /* FreeBSD-specific. */ /* * Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the diff --git a/sys/kern/kern_descrip.c b/sys/kern/kern_descrip.c index 0813b6c8f3b8..67350f4ad71e 100644 --- a/sys/kern/kern_descrip.c +++ b/sys/kern/kern_descrip.c @@ -1422,6 +1422,10 @@ int sys_close_range(struct thread *td, struct close_range_args *uap) { + AUDIT_ARG_FD(uap->lowfd); + AUDIT_ARG_CMD(uap->highfd); + AUDIT_ARG_FFLAGS(uap->flags); + /* No flags currently defined */ if (uap->flags != 0) return (EINVAL); diff --git a/sys/security/audit/audit_bsm.c b/sys/security/audit/audit_bsm.c index 6742470c9578..d350ef3cf3c2 100644 --- a/sys/security/audit/audit_bsm.c +++ b/sys/security/audit/audit_bsm.c @@ -941,6 +941,21 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau) } break; + case AUE_CLOSERANGE: + if (ARG_IS_VALID(kar, ARG_FD)) { + tok = au_to_arg32(1, "lowfd", ar->ar_arg_fd); + kau_write(rec, tok); + } + if (ARG_IS_VALID(kar, ARG_CMD)) { + tok = au_to_arg32(2, "highfd", ar->ar_arg_cmd); + kau_write(rec, tok); + } + if (ARG_IS_VALID(kar, ARG_FFLAGS)) { + tok = au_to_arg32(3, "flags", ar->ar_arg_fflags); + kau_write(rec, tok); + } + break; + case AUE_CORE: if (ARG_IS_VALID(kar, ARG_SIGNUM)) { tok = au_to_arg32(1, "signal", ar->ar_arg_signum); diff --git a/tests/sys/audit/file-close.c b/tests/sys/audit/file-close.c index 54d0e60977e3..f85a8e39b67d 100644 --- a/tests/sys/audit/file-close.c +++ b/tests/sys/audit/file-close.c @@ -154,10 +154,10 @@ ATF_TC_HEAD(closefrom_success, tc) ATF_TC_BODY(closefrom_success, tc) { - const char *regex = "closefrom.*return,success"; + const char *regex = "close_range\\(2\\),.*,0x7fffffff,lowfd,.*" + "0xffffffff,highfd,.*return,success"; FILE *pipefd = setup(fds, auclass); - atf_tc_expect_fail("closefrom was converted to close_range"); /* closefrom(2) returns 'void' */ closefrom(INT_MAX); check_audit(fds, regex, pipefd); |