History log of /illumos-gate/usr/src/uts/common/c2/audit_event.c
Revision Date Author Comments
241bfedfbd27da9d3f2aa7ffaafa5da978f23afe 13-Sep-2019 Alex Wilson <alex@uq.edu.au> 11842 Want audit events for auditon(A_SETPMASK) and friends
Reviewed by: John Levon <john.levon@joyent.com>
Reviewed by: Andy Fiddaman <andy@omniosce.org>
Approved by: Robert Mustacchi <rm@fingolfin.org>
0f48f68d9e0ad95b0edf718f68736cf3635a1f79 20-Jan-2019 Toomas Soome <tsoome@me.com> 10758 c2audit: NULL pointer errors
Reviewed by: Andy Stormont <astormont@racktopsystems.com>
Reviewed by: Robert Mustacchi <rm@joyent.com>
Approved by: Dan McDonald <danmcd@joyent.com>
15c07adc1c7b828006b5e3c4d528b92229d6bd23 14-Jan-2019 John Levon <john.levon@joyent.com> 10081 smatch indenting fixes for usr/src/uts
Reviewed by: Toomas Soome <tsoome@me.com>
Reviewed by: Peter Tribble <peter.tribble@gmail.com>
Reviewed by: Andy Fiddaman <andy@omniosce.org>
Approved by: Robert Mustacchi <rm@joyent.com>
d2a70789f056fc6c9ce3ab047b52126d80b0e3da 16-Apr-2014 Richard Lowe <richlowe@richlowe.net> 7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (ASLR)
7031 noexec_user_stack should be a security-flag
7032 want a means to forbid mappings around NULL
Reviewed by: Robert Mustacchi <rm@joyent.com>
Reviewed by: Josef 'Jeff' Sipek <jeffpc@josefsipek.net>
Reviewed by: Patrick Mooney <pmooney@joyent.com>
Approved by: Dan McDonald <danmcd@omniti.com>
89b43686db1fe9681d80a7cf5662730cb9378cae 15-Sep-2011 Bayard Bell <buffer.g.overflow@gmail.com> 1073 migrate kernel modules from ancient _depends_on to true ELF dependencies
Reviewed by: Adam Leventhal <ahl@delphix.com>
Reviewed by: Garrett D'Amore <garrett@nexenta.com>
Approved by: Richard Lowe <richlowe@richlowe.net>
aeba2189ca4bd60234ae2e253b2e848decd83f79 16-Aug-2010 Marek Pospisil <Marek.Pospisil@Sun.COM> 6925149 auf_accept() may reference unintialized variable 'fd'
f89940742f5d14dde79b69b98a414dd7b7f585c7 27-Jul-2010 Jan Friedel <Jan.Friedel@Sun.COM> PSARC/2009/636 Obsolete getacinfo(3bsm)
PSARC/2009/642 audit_control(4) EOL and removal
PSARC/2010/218 Audit subsystem Rights Profiles
PSARC/2010/220 svc:/system/auditset service
6875456 Solaris Audit configuration in SMF - phase 2 (PSARC/2009/636, PSARC/2009/642)
6942035 audit_binfile(5) leaves unfinished audit logs.
6942041 auditd(1) says "auditd refreshed" on startup.
6943275 audit_remote(5) leaks memory on audit service refresh
6955077 adt_get_mask_from_user() should regard _SC_GETPW_R_SIZE_MAX
6955117 $SRC/lib/libbsm/common/audit_ftpd.c shouldn't hardcode the lenght of usernames (8)
6956169 adt_audit_state() returns non-boolean values

rename : usr/src/cmd/auditconfig/auditconfig_impl.h => usr/src/lib/libbsm/common/audit_policy.h
rename : usr/src/cmd/auditconfig/audit_scf.c => usr/src/lib/libbsm/common/audit_scf.c
rename : usr/src/cmd/auditconfig/audit_scf.h => usr/src/lib/libbsm/common/audit_scf.h
c4d3e299d9d0295322679b4d484560411b6822d5 24-Jun-2010 Brent Paulson <Brent.Paulson@Oracle.COM> 6949768 fsattr(5) auditing can incorrectly record some open(2) paths as extended attribute paths
6951837 truss(1) doesn't format the output of openat(2) calls correctly in snv_135 and later
6951840 openat(2) doesn't ignore the fd argument when path argument is absolute
6952651 pathnames can be excluded from audit records for extended attribute syscalls in some scenarios
6958299 getattrat(3C) and setattrat(3C) generate audit records with duplicate pathnames
6959020 auditing of getattrat(3C) and setattrat(3C) doesn't handle absolute pathnames correctly
3e95bd4ab92abca814bd28e854607d1975c7dc88 18-Jun-2010 Anders Persson <Anders.Persson@Sun.COM> PSARC/2009/590 Socket Filter Framework
6939085 Socket Filter Framework
6802067 connect_failed kernel socket callback is not triggered
6776450 time spent in tcp_close could be reduced/deferred to a worker thread
6828586 assertion failed: family == 26, file: ../../common/fs/sockfs/socksyscalls.c, line: 1608
6802078 kernel socket 'newconn' callback is passing rcv queue size as an argument
4a0fa5460e94a33980ceffce0ba3db8802570449 14-Jun-2010 Marek Pospisil <Marek.Pospisil@Sun.COM> 6625545 auditd Generates Plethora Events due to Missing System Files (AUE_OPEN_R, AUE_OPENAT_R, AUE_EXECVE)
6631622 The tad_ctrl (PAD_) stuff is a mess
794f0adb050e571bbfde4d2a19b9f88b852079dd 08-Jul-2010 Roger A. Faulkner <Roger.Faulkner@Oracle.COM> PSARC 2010/235 POSIX 1003.1-2008 *at(2) syscalls
6910251 need support for all POSIX.1-2008 *at(2) syscalls
6964835 mknod(2) auditing omits the pathname for invalid arguments
51b433b71d8e8271ece1935d0e3696a16bb53e77 16-Mar-2010 Marek Pospisil <Marek.Pospisil@Sun.COM> 6890083 fcntl(2) should generate an additional argument token when F_SETFL is used
cb49a9fdee4ad0ac3977d55d26fad4f61caad085 08-Mar-2010 Marek Pospisil <Marek.Pospisil@Sun.COM> 6545618 exit audit records could include process return value
005d3feb53a9a10272d4a24b03991575d6a9bcb3 05-Mar-2010 Marek Pospisil <Marek.Pospisil@Sun.COM> PSARC/2009/354 Always on / no reboot Solaris Audit
6192139 Solaris auditing should be able to start collecting audit records without a reboot
8fd04b8338ed5093ec2d1e668fa620b7de44c177 01-Mar-2010 Roger A. Faulkner <Roger.Faulkner@Sun.COM> PSARC 2009/657 delete obsolete system call traps
6906485 delete obsolete system call traps

rename : usr/src/cmd/truss/xstat.c => usr/src/cmd/truss/stat.c
rename : usr/src/lib/libc/port/gen/dup2.c => usr/src/lib/libc/port/gen/dup.c
rename : usr/src/lib/libc/port/sys/libc_fcntl.c => usr/src/lib/libc/port/sys/fcntl.c
rename : usr/src/lib/libc/port/sys/libc_open.c => usr/src/lib/libc/port/sys/open.c
ddc42f882d0d14ab016a8405099fe8ad93170c00 26-Nov-2009 Marek Pospisil <Marek.Pospisil@Sun.COM> 6898247 The definition BSM_AUDITON is never used.
b2b3ca14272ffe2a6fc37bab2ab65b8f6702d750 16-Jun-2009 Sumanth Naropanth <Sumanth.Naropanth@Sun.COM> PSARC/2009/284 faccessat(2) - determine accessibility of a file using file descriptors
6536147 accessat() should become a public interface after an agreement is reached on the function name
45a9a7b1085ec7faee89aaf1367379a0bf23f50a 19-Mar-2009 Jan Friedel <Jan.Friedel@Sun.COM> 4987752 setpgrp(2) audit record seems to show failure. (fix lint)
4be8c573f2833ece9503bea367c5a10138e3b266 19-Mar-2009 Jan Friedel <Jan.Friedel@Sun.COM> 4987752 setpgrp(2) audit record seems to show failure.
ebbb03116e11041cc81cd646a4bab55f25d93c0b 19-Mar-2009 Jan Friedel <Jan.Friedel@Sun.COM> 6757391 c2audit incorrectly interprets acl(2)/ACE_GETACL as acl(2)/SETACL.
f158b2dfac781bbb8127e7b4f086f6a1141169d7 19-Mar-2009 Jan Friedel <Jan.Friedel@Sun.COM> 6785167 audit_event.c:aus_msgsys() and audit_event.c:aus_semsys() could be optimized.
469aa27f1ccde36ecafe2cefc4b2dd1c33d24eaf 18-Mar-2009 Jan Friedel <Jan.Friedel@Sun.COM> 6412948 There's cruft in the libbsm files that needs to be removed.
8350182d5738c2e116e01b93f3c73cb9455521bb 18-Mar-2009 Jan Friedel <Jan.Friedel@Sun.COM> 6753388 AUE_PORTFS should really be PORTFS_ASSOCIATE and PORTFS_DISSOCIATE
7e309bc254fe6171b0d38f1c1643fe6c480880df 18-Mar-2009 Jan Friedel <Jan.Friedel@Sun.COM> 6753025 port_associate_fop() generates double path/attribute token into the AUE_PORTFS audit record.
0f1702c5201310f0529cd5abb77652e5e9b241b6 01-Jan-1970 Yu Xiangning<Eric.Yu@Sun.COM> PSARC 2007/587 Volo -- Low Latency Socket Framework
PSARC 2008/694 Volo Interfaces Amendment
6765829 Integration of project Volo PSARC/2007/587
6644935 mblk cred_t reference counting limits scalability
6693633 TCP receive does not scale because of heavy refcounting of cred structures
4764841 connect/accept is slow on Solaris when compared to Linux
5105708 socket creation retains hold on accessvp
4764836 setsockopt is slow on Solaris when compared to Linux
4772191 socket close(2) is slow on Solaris when compared to Linux

rename : usr/src/uts/common/fs/sockfs/socksctp.c => usr/src/uts/common/inet/sockmods/socksctp.c
rename : usr/src/uts/common/fs/sockfs/socksctp.h => usr/src/uts/common/inet/sockmods/socksctp.h
rename : usr/src/uts/common/fs/sockfs/socksctpsubr.c => usr/src/uts/common/inet/sockmods/socksctpsubr.c
rename : usr/src/uts/common/fs/sockfs/socksdp.c => usr/src/uts/common/inet/sockmods/socksdp.c
rename : usr/src/uts/common/fs/sockfs/socksdp.h => usr/src/uts/common/inet/sockmods/socksdp.h
d0fa49b78d1f40d84ec76c363cdc38cf128511dd 30-Sep-2008 Tony Nguyen <Ton.Nguyen@Sun.COM> 1207395 au_event_t is a currently a short. It should be redefined to be a u_short
d3e710c89b603b989e3d64ee2352d71c2d97d967 21-Aug-2008 Ric Aleshire <Ric.Aleshire@Sun.COM> 6415507 audit TX code review issues
6706438 bsmrecord make will not rebuild root audit_record_attr
6724030 SYS_labelsys auditing has one or two nits which could be tidied up
6724031 au_to_in_addr_ex() mixes and matches between in_addr_t and 'struct in_addr'
6724032 /etc/name_to_sysnum should reference labelsys instead of tsolsys
61b9bf51471fe5b28dc6aa361ecb7ce1f813cd40 22-May-2008 rica <none@none> 6680957 labelsys appears to be making policy decisions, but doesn't appear to be auditable
6701744 kernel au_to_in_addr_ex() bug in handling v4-mapped addresses
f9d0e0283adad57d1a3d87289ddf6b87b92047f5 18-Mar-2008 gww <none@none> 6665631 audit_start() could be a lot smarter handling audit_s2e functions.
787b48eaa495c619f2cbed6175e0fead6a840516 11-Feb-2008 gww <none@none> 6638707 implement the removal of auditsvc(2) as noted in PSARC/2002/665
a7746f662862b6ac0a85751d8adbc897743a83e1 26-Oct-2007 tz204579 <none@none> 6431736 c2audit needs to add support for auditing ZFS/NFS ACLs
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0 25-Oct-2007 amw <none@none> PSARC/2007/218 caller_context_t in all VOPs
PSARC/2007/227 VFS Feature Registration and ACL on Create
PSARC/2007/244 ZFS Case-insensitive support
PSARC/2007/315 Extensible Attribute Interfaces
PSARC/2007/394 ls(1) new command line options '-/' and '-%': CIFS system attributes support
PSARC/2007/403 Modified Access Checks for CIFS
PSARC/2007/410 Add system attribute support to chmod(1)
PSARC/2007/432 CIFS system attributes support for cp(1), pack(1), unpack(1), compress(1) and uncompress(1)
PSARC/2007/444 Rescind SETTABLE Attribute
PSARC/2007/459 CIFS system attributes support for cpio(1), pax(1), tar(1)
PSARC/2007/546 Update utilities to match CIFS system attributes changes.
PSARC/2007/560 ZFS sharesmb property
4890717 want append-only files
6417428 Case-insensitive file system name lookup to support CIFS
6417435 DOS attributes and additional timestamps to support for CIFS
6417442 File system quarantined and modified attributes to support an integrated Anti-Virus service
6417453 FS boolean property for rejecting/allowing invalid UTF-8 sequences in file names
6473733 RFE: Need support for open-deny modes
6473755 RFE: Need ability to reconcile oplock and delegation conflicts
6494624 sharemgr needs to support CIFS shares better
6546705 All vnode operations need to pass caller_context_t
6546706 Need VOP_SETATTR/VOP_GETATTR to support new, optional attributes
6546893 Solaris system attribute support
6550962 ZFS ACL inheritance needs to be enhanced to support Automatic Inheritance
6553589 RFE: VFS Feature Registration facility
6553770 RFE: ZFS support for ACL-on-CREATE (PSARC 2007/227)
6565581 ls(1) should support file system attributes proposed in PSARC/2007/315
6566784 NTFS streams are not copied along with the files.
6576205 cp(1), pack(1) and compress(1) should support file system attributes proposed in PSARC/2007/315
6578875 RFE: kernel interfaces for nbmand need improvement
6578883 RFE: VOP_SHRLOCK needs additional access types
6578885 chmod(1) should support file system attributes proposed in PSARC/2007/315
6578886 RFE: disallow nbmand state to change on remount
6583349 ACL parser needs to support audit/alarm ACE types
6590347 tar(1) should support filesystem attributes proposed in PSARC/2007/315
6597357 *tar* xv@ doesn't show the hidden directory even though it is restored
6597360 *tar* should re-init xattr info if openat() fails during extraction of and extended attribute
6597368 *tar* cannot restore hard linked extended attributes
6597374 *tar* doesn't display "x " when hard linked attributes are restored
6597375 *tar* extended attribute header off by one
6614861 *cpio* incorrectly archives extended system attributes with -@
6614896 *pax* incorrectly archives extended system attributes with -@
6615225 *tar* incorrectly archives extended system attributes with -@
6617183 CIFS Service - PSARC 2006/715
745b26904e92607793a42c0c924dbfb8f221a1ee 11-Oct-2007 tz204579 <none@none> 6573175 panic in au_getsonode
6574412 audit_event.c contains cruft in socket auditing
6574480 c2/audit_event.c has nits
6574487 sockfs/socksyscalls.c has nits
df2381bfa5cf7dd654bcf30b2f5af53f34f3043a 15-Aug-2007 praks <none@none> PSARC/2007/027 File Events Notification API
6367770 RFE: add userland interface to fem (file event monitoring)

rename : deleted_files/usr/src/uts/common/fs/portfs/port_fop.c => usr/src/uts/common/fs/portfs/port_fop.c
ffc349ab772a8ab3ac82d192827e2777ab45d0be 07-Aug-2007 dm120769 <none@none> backout 6367770/6588702/6588839: needs work

rename : usr/src/uts/common/fs/portfs/port_fop.c => deleted_files/usr/src/uts/common/fs/portfs/port_fop.c
31ceb98b622e1a310256f4c4a1472beb92046db3 31-Jul-2007 praks <none@none> PSARC/2007/027 File Events Notification API
6367770 RFE: add userland interface to fem (file event monitoring)
883492d5a933deb34cd27521e7f2756773cd27af 29-Jun-2007 raf <none@none> PSARC 2007/285 robust locks revisited
6296770 process robust mutexes should be much faster
f2fcf18c7252da2ec0d5b9412aca6bce12a511de 30-May-2007 tz204579 <none@none> 6558641 setauid(2) should audit correct audit id not the argument address
f48205be61a214698b763ff550ab9e657525104c 25-May-2007 casper <none@none> PSARC 2007/064 Unified POSIX and Windows Credentials for Solaris
4994017 data structure sharing between rpcbind and libnsl leads to accidents
6549510 Need the ability to store SIDs in the Solaris cred_t
6549515 PSARC 2007/064: uid_t and gid_t to become unsigned
9e9e6ab82d4247028c312ff50a65b8a05a194b33 10-May-2007 paulson <none@none> 6388077 audit_{start,finish} call zone_getspecific() every time which is expensive
657b1f3d64bcf8eaa2385dba72a6047f089433b2 13-Dec-2006 raf <none@none> PSARC 2006/659 fork extensions
6497356 fork extensions

rename : usr/src/lib/libc/amd64/sys/forkall.s => usr/src/lib/libc/amd64/sys/forkallx.s
rename : usr/src/lib/libc/amd64/sys/fork1.s => usr/src/lib/libc/amd64/sys/forkx.s
rename : usr/src/lib/libc/amd64/sys/vfork.s => usr/src/lib/libc/amd64/sys/vforkx.s
rename : usr/src/lib/libc/i386/sys/forkall.s => usr/src/lib/libc/i386/sys/forkallx.s
rename : usr/src/lib/libc/i386/sys/fork1.s => usr/src/lib/libc/i386/sys/forkx.s
rename : usr/src/lib/libc/i386/sys/vfork.s => usr/src/lib/libc/i386/sys/vforkx.s
rename : usr/src/lib/libc/sparc/sys/forkall.s => usr/src/lib/libc/sparc/sys/forkallx.s
rename : usr/src/lib/libc/sparc/sys/fork1.s => usr/src/lib/libc/sparc/sys/forkx.s
rename : usr/src/lib/libc/sparc/sys/vfork.s => usr/src/lib/libc/sparc/sys/vforkx.s
9acbbeaf2a1ffe5c14b244867d427714fab43c5c 12-Sep-2006 nn35248 <none@none> PSARC/2005/471 BrandZ: Support for non-native zones
6374606 ::nm -D without an object may not work on processes in zones
6409350 BrandZ project integration into Solaris
6455289 pthread_setschedparam() should return EPERM rather than panic libc
6455591 setpriority(3C) gets errno wrong for deficient privileges failure
6458178 fifofs doesn't support lofs mounts of fifos
6460380 Attempted open() of a symlink with the O_NOFOLLOW flag set returns EINVAL, not ELOOP
6463857 renice(1) errors erroneously

rename : usr/src/lib/libzonecfg/zones/SUNWblank.xml => usr/src/lib/brand/native/zone/SUNWblank.xml
rename : usr/src/lib/libzonecfg/zones/SUNWdefault.xml => usr/src/lib/brand/native/zone/SUNWdefault.xml
45916cd2fec6e79bca5dee0421bd39e3c2910d1e 24-Mar-2006 jpk <none@none> PSARC/2002/762 Layered Trusted Solaris
PSARC/2005/060 TSNET: Trusted Networking with Security Labels
PSARC/2005/259 Layered Trusted Solaris Label Interfaces
PSARC/2005/573 Solaris Trusted Extensions for Printing
PSARC/2005/691 Trusted Extensions for Device Allocation
PSARC/2005/723 Solaris Trusted Extensions Filesystem Labeling
PSARC/2006/009 Labeled Auditing
PSARC/2006/155 Trusted Extensions RBAC Changes
PSARC/2006/191 is_system_labeled
6293271 Zone processes should use zone_kcred instead of kcred
6394554 integrate Solaris Trusted Extensions

rename : usr/src/cmd/dminfo/Makefile => deleted_files/usr/src/cmd/dminfo/Makefile
rename : usr/src/cmd/dminfo/dminfo.c => usr/src/cmd/allocate/dminfo.c
7c478bd95313f5f23a4c958a745db2134aa03244 14-Jun-2005 stevel@tonic-gate <none@none> OpenSolaris Launch