Page MenuHomeFreeBSD
Files F144492378

D52572.1774956868.diff
No OneTemporary
Actions

Size
2 KB
Referenced Files
None
Subscribers
None

D52572.1774956868.diff
View Options

diff --git a/sys/security/audit/audit_syscalls.c b/sys/security/audit/audit_syscalls.c
--- a/sys/security/audit/audit_syscalls.c
+++ b/sys/security/audit/audit_syscalls.c
@@ -54,6 +54,29 @@
#ifdef AUDIT
+static int
+audit_priv_check_cred(struct ucred *cred, int priv)
+{
+ int error;
+
+ error = priv_check_cred(cred, priv);
+ if (error == EPERM && jailed(cred)) {
+ /*
+ * The audit system calls historically returned ENOSYS when
+ * invoked from within a jail, and some userspace applications
+ * handle that case specially. Thus, convert the error here.
+ */
+ error = ENOSYS;
+ }
+ return (error);
+}
+
+static int
+audit_priv_check(struct thread *td, int priv)
+{
+ return (audit_priv_check_cred(td->td_ucred, priv));
+}
+
/*
* System call to allow a user space application to submit a BSM audit record
* to the kernel for inclusion in the audit log. This function does little
@@ -592,7 +615,7 @@
{
int error;
- error = priv_check(td, PRIV_AUDIT_GETAUDIT);
+ error = audit_priv_check(td, PRIV_AUDIT_GETAUDIT);
if (error)
return (error);
return (copyout(&td->td_ucred->cr_audit.ai_auid, uap->auid,
@@ -620,7 +643,7 @@
if (error)
goto fail;
#endif
- error = priv_check_cred(oldcred, PRIV_AUDIT_SETAUDIT);
+ error = audit_priv_check_cred(oldcred, PRIV_AUDIT_SETAUDIT);
if (error)
goto fail;
newcred->cr_audit.ai_auid = id;
@@ -646,7 +669,7 @@
int error;
cred = td->td_ucred;
- error = priv_check(td, PRIV_AUDIT_GETAUDIT);
+ error = audit_priv_check(td, PRIV_AUDIT_GETAUDIT);
if (error)
return (error);
if (cred->cr_audit.ai_termid.at_type == AU_IPv6)
@@ -681,7 +704,7 @@
if (error)
goto fail;
#endif
- error = priv_check_cred(oldcred, PRIV_AUDIT_SETAUDIT);
+ error = audit_priv_check_cred(oldcred, PRIV_AUDIT_SETAUDIT);
if (error)
goto fail;
bzero(&newcred->cr_audit, sizeof(newcred->cr_audit));
@@ -709,7 +732,7 @@
if (uap->length < sizeof(*uap->auditinfo_addr))
return (EOVERFLOW);
- error = priv_check(td, PRIV_AUDIT_GETAUDIT);
+ error = audit_priv_check(td, PRIV_AUDIT_GETAUDIT);
if (error)
return (error);
return (copyout(&td->td_ucred->cr_audit, uap->auditinfo_addr,
@@ -740,7 +763,7 @@
if (error)
goto fail;
#endif
- error = priv_check_cred(oldcred, PRIV_AUDIT_SETAUDIT);
+ error = audit_priv_check_cred(oldcred, PRIV_AUDIT_SETAUDIT);
if (error)
goto fail;
newcred->cr_audit = aia;

File Metadata

Mime Type
text/plain
Expires
Tue, Mar 31, 11:34 AM (18 h, 14 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
28234554
Default Alt Text
D52572.1774956868.diff (2 KB)

Event Timeline