At first sory for my bad english and for my behaviour - english is not my
native language, and I am new to mail lists.

I'm trying to get the *FULL* path to a binary launched by the user, so
that I could use it later. I've managed to get just the binary name, OR get
the binary name from /proc, but I'd like it to be better (and don't require

This is what I've already written:

#include <sys/types.h>
#include <sys/param.h>
#include <sys/extattr.h>
#include <sys/kernel.h>
#include <sys/mount.h>
#include <sys/systm.h>
#include <sys/sysctl.h>
#include <sys/sysproto.h>
#include <sys/syslog.h>
#include <sys/imgact.h>
#include <sys/proc.h>

#include <security/mac/mac_policy.h>


SYSCTL_NODE(_security_mac, OID_AUTO, veriexec, CTLFLAG_RW, 0,
"MAC veriexec implementation");

static int veriexec_enabled = 0;
SYSCTL_INT(_security_mac_veriexec, OID_AUTO, enabled, CTLFLAG_RW,
&veriexec_enabled, 0, "Enforce mac_veriexec policy");

static int veriexec_level = 0;
SYSCTL_INT(_security_mac_veriexec, OID_AUTO, level, CTLFLAG_RW,
&veriexec_level, 0, "Veriexec security level");

static int veriexec_vnode_check_exec(struct ucred *cred, struct vnode *vp,
struct label *vplabel, struct image_params *imgp,
struct label *execlabel)
if (veriexec_enabled) {
if (cred && imgp && imgp->execpath) {
log(LOG_NOTICE, "UID %d launched PID %d, veriexec_level: %d %s\n",
cred->cr_uid, imgp->proc->p_pid, veriexec_level, imgp->execpath);
return 0;

static struct mac_policy_ops veriexec_ops =
.mpo_vnode_check_exec = veriexec_vnode_check_exec,

MAC_POLICY_SET(&veriexec_ops, mac_veriexec, "MAC veriexec implementation",

I'll be glad for any help

Jakub 'samu' Szafrański
freebsd-hackers@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"

Reply via email to