Author: dab
Date: Mon Nov 18 13:31:16 2019
New Revision: 354808
URL: https://svnweb.freebsd.org/changeset/base/354808
Log:
Jail and capability mode for shm_rename; add audit support for shm_rename
Co-mingling two things here:
* Addressing some feedback from Konstantin and Kyle re: jail,
capability mode, and a few other things
* Adding audit support as promised.
The audit support change includes a partial refresh of OpenBSM from
upstream, where the change to add shm_rename has already been
accepted. Matthew doesn't plan to work on refreshing anything else to
support audit for those new event types.
Submitted by: Matthew Bryan
Reviewed by: kib
Relnotes: Yes
Sponsored by: Dell EMC Isilon
Differential Revision:https://reviews.freebsd.org/D22083
Modified:
head/contrib/openbsm/etc/audit_event
head/contrib/openbsm/sys/bsm/audit_kevents.h
head/sys/bsm/audit_kevents.h
head/sys/compat/freebsd32/freebsd32_sysent.c
head/sys/compat/freebsd32/syscalls.master
head/sys/kern/init_sysent.c
head/sys/kern/syscalls.master
head/sys/kern/uipc_shm.c
head/sys/security/audit/audit_bsm.c
head/sys/sys/mman.h
head/sys/sys/sysproto.h
head/tests/sys/posixshm/posixshm_test.c
Modified: head/contrib/openbsm/etc/audit_event
==
--- head/contrib/openbsm/etc/audit_eventMon Nov 18 10:46:55 2019
(r354807)
+++ head/contrib/openbsm/etc/audit_eventMon Nov 18 13:31:16 2019
(r354808)
@@ -601,6 +601,19 @@
43238:AUE_SETLOGINCLASS:setloginclass(2):pc
43239:AUE_POSIX_FADVISE:posix_fadvise(2):no
43240:AUE_SCTP_GENERIC_SENDMSG_IOV:sctp_generic_sendmsg_iov(2):nt
+43241:AUE_ABORT2:abort(2):pc
+43242:AUE_SEMTIMEDWAIT:sem_timedwait(3):ip
+43243:AUE_SEMDESTROY:sem_destroy(3):ip
+43244:AUE_SEMGETVALUE:sem_getvalue(3):ip
+43245:AUE_SEMINIT:sem_init(3):ip
+43246:AUE_SEMPOST:sem_post(3):ip
+43247:AUE_SEMTRYWAIT:sem_trywait(3):ip
+43258:AUE_SEMWAIT:sem_wait(3):ip
+43259:AUE_FGETUUID:fgetuuid(2):ip
+43260:AUE_GETUUID:getuuid(2):ip
+43261:AUE_LGETUUID:lgetuuid(2):ip
+43262:AUE_EXECVEAT:execveat(2):pc,ex
+43263:AUE_SHMRENAME:shm_rename(2):ip
#
# Solaris userspace events.
#
Modified: head/contrib/openbsm/sys/bsm/audit_kevents.h
==
--- head/contrib/openbsm/sys/bsm/audit_kevents.hMon Nov 18 10:46:55
2019(r354807)
+++ head/contrib/openbsm/sys/bsm/audit_kevents.hMon Nov 18 13:31:16
2019(r354808)
@@ -640,6 +640,19 @@
#defineAUE_SETLOGINCLASS 43238 /* FreeBSD-specific. */
#defineAUE_POSIX_FADVISE 43239 /* FreeBSD-specific. */
#defineAUE_SCTP_GENERIC_SENDMSG_IOV43240 /* FreeBSD-specific. */
+#defineAUE_ABORT2 43241 /* FreeBSD-specific. */
+#defineAUE_SEMTIMEDWAIT43242 /* FreeBSD-specific. */
+#defineAUE_SEMDESTROY 43243 /* FreeBSD-specific. */
+#defineAUE_SEMGETVALUE 43244 /* FreeBSD-specific. */
+#defineAUE_SEMINIT 43245 /* FreeBSD-specific. */
+#defineAUE_SEMPOST 43246 /* FreeBSD-specific. */
+#defineAUE_SEMTRYWAIT 43247 /* FreeBSD-specific. */
+#defineAUE_SEMWAIT 43258 /* FreeBSD-specific. */
+#defineAUE_FGETUUID43259 /* CADETS. */
+#defineAUE_GETUUID 43260 /* CADETS. */
+#defineAUE_LGETUUID43261 /* CADETS. */
+#defineAUE_EXECVEAT43262 /* FreeBSD/Linux. */
+#defineAUE_SHMRENAME 43263 /* FreeBSD-specific. */
/*
* Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the
@@ -794,12 +807,6 @@
#defineAUE_REMOVEXATTR AUE_NULL
#defineAUE_SBRKAUE_NULL
#defineAUE_SELECT AUE_NULL
-#defineAUE_SEMDESTROY AUE_NULL
-#defineAUE_SEMGETVALUE AUE_NULL
-#defineAUE_SEMINIT AUE_NULL
-#defineAUE_SEMPOST AUE_NULL
-#defineAUE_SEMTRYWAIT AUE_NULL
-#defineAUE_SEMWAIT AUE_NULL
#defineAUE_SEMWAITSIGNAL AUE_NULL
#defineAUE_SETITIMER AUE_NULL
#defineAUE_SETSGROUPS AUE_NULL
Modified: head/sys/bsm/audit_kevents.h
==
--- head/sys/bsm/audit_kevents.hMon Nov 18 10:46:55 2019
(r354807)
+++ head/sys/bsm/audit_kevents.hMon Nov 18 13:31:16 2019
(r354808)
@@ -644,6 +644,19 @@
#defineAUE_SETLOGINCLASS 43238 /* FreeBSD-specific. */
#defineAUE_POSIX_FADVISE 43239 /* FreeBSD-specific. */
#defineAUE_SCTP_GENERIC_SENDMSG_IOV43240 /* FreeBSD-specific. */
+#defineAUE_ABORT2 43241
