989d921f5d
I'm very pleased to announce the release of our new website and documentation using the new toolchain with Hugo and AsciiDoctor. To get more information about the new toolchain please read the FreeBSD Documentation Project Primer[1], Hugo docs[2] and AsciiDoctor docs[3]. Acknowledgment: Benedict Reuschling <bcr@> Glen Barber <gjb@> Hiroki Sato <hrs@> Li-Wen Hsu <lwhsu@> Sean Chittenden <seanc@> The FreeBSD Foundation [1] https://docs.FreeBSD.org/en/books/fdp-primer/ [2] https://gohugo.io/documentation/ [3] https://docs.asciidoctor.org/home/ Approved by: doceng, core
139 lines
3.6 KiB
Diff
139 lines
3.6 KiB
Diff
--- sys/amd64/linux/linux_machdep.c.orig
|
|
+++ sys/amd64/linux/linux_machdep.c
|
|
@@ -81,6 +81,8 @@
|
|
#include <x86/ifunc.h>
|
|
#include <x86/sysarch.h>
|
|
|
|
+#include <security/audit/audit.h>
|
|
+
|
|
#include <amd64/linux/linux.h>
|
|
#include <amd64/linux/linux_proto.h>
|
|
#include <compat/linux/linux_emul.h>
|
|
@@ -107,6 +109,7 @@
|
|
free(path, M_TEMP);
|
|
if (error == 0)
|
|
error = linux_common_execve(td, &eargs);
|
|
+ AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
|
|
return (error);
|
|
}
|
|
|
|
--- sys/amd64/linux32/linux32_machdep.c.orig
|
|
+++ sys/amd64/linux32/linux32_machdep.c
|
|
@@ -69,6 +69,8 @@
|
|
#include <vm/vm.h>
|
|
#include <vm/vm_map.h>
|
|
|
|
+#include <security/audit/audit.h>
|
|
+
|
|
#include <compat/freebsd32/freebsd32_util.h>
|
|
#include <amd64/linux32/linux.h>
|
|
#include <amd64/linux32/linux32_proto.h>
|
|
@@ -143,6 +145,7 @@
|
|
free(path, M_TEMP);
|
|
if (error == 0)
|
|
error = linux_common_execve(td, &eargs);
|
|
+ AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
|
|
return (error);
|
|
}
|
|
|
|
--- sys/arm64/linux/linux_machdep.c.orig
|
|
+++ sys/arm64/linux/linux_machdep.c
|
|
@@ -38,6 +38,8 @@
|
|
#include <sys/proc.h>
|
|
#include <sys/sdt.h>
|
|
|
|
+#include <security/audit/audit.h>
|
|
+
|
|
#include <arm64/linux/linux.h>
|
|
#include <arm64/linux/linux_proto.h>
|
|
#include <compat/linux/linux_dtrace.h>
|
|
@@ -74,6 +76,7 @@
|
|
free(path, M_TEMP);
|
|
if (error == 0)
|
|
error = linux_common_execve(td, &eargs);
|
|
+ AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
|
|
return (error);
|
|
}
|
|
|
|
--- sys/compat/freebsd32/freebsd32_misc.c.orig
|
|
+++ sys/compat/freebsd32/freebsd32_misc.c
|
|
@@ -440,6 +440,7 @@
|
|
if (error == 0)
|
|
error = kern_execve(td, &eargs, NULL);
|
|
post_execve(td, error, oldvmspace);
|
|
+ AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
|
|
return (error);
|
|
}
|
|
|
|
@@ -460,6 +461,7 @@
|
|
error = kern_execve(td, &eargs, NULL);
|
|
}
|
|
post_execve(td, error, oldvmspace);
|
|
+ AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
|
|
return (error);
|
|
}
|
|
|
|
--- sys/i386/linux/linux_machdep.c.orig
|
|
+++ sys/i386/linux/linux_machdep.c
|
|
@@ -61,6 +61,8 @@
|
|
#include <vm/vm.h>
|
|
#include <vm/vm_map.h>
|
|
|
|
+#include <security/audit/audit.h>
|
|
+
|
|
#include <i386/linux/linux.h>
|
|
#include <i386/linux/linux_proto.h>
|
|
#include <compat/linux/linux_emul.h>
|
|
@@ -116,6 +118,7 @@
|
|
free(newpath, M_TEMP);
|
|
if (error == 0)
|
|
error = linux_common_execve(td, &eargs);
|
|
+ AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
|
|
return (error);
|
|
}
|
|
|
|
--- sys/kern/kern_exec.c.orig
|
|
+++ sys/kern/kern_exec.c
|
|
@@ -224,6 +224,7 @@
|
|
if (error == 0)
|
|
error = kern_execve(td, &args, NULL);
|
|
post_execve(td, error, oldvmspace);
|
|
+ AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
|
|
return (error);
|
|
}
|
|
|
|
@@ -251,6 +252,7 @@
|
|
error = kern_execve(td, &args, NULL);
|
|
}
|
|
post_execve(td, error, oldvmspace);
|
|
+ AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
|
|
return (error);
|
|
}
|
|
|
|
@@ -279,6 +281,7 @@
|
|
if (error == 0)
|
|
error = kern_execve(td, &args, uap->mac_p);
|
|
post_execve(td, error, oldvmspace);
|
|
+ AUDIT_SYSCALL_EXIT(error == EJUSTRETURN ? 0 : error, td);
|
|
return (error);
|
|
#else
|
|
return (ENOSYS);
|
|
--- sys/kern/subr_syscall.c.orig
|
|
+++ sys/kern/subr_syscall.c
|
|
@@ -133,6 +133,16 @@
|
|
|
|
AUDIT_SYSCALL_ENTER(sa->code, td);
|
|
error = (sa->callp->sy_call)(td, sa->args);
|
|
+
|
|
+ /*
|
|
+ * Note that some syscall implementations (e.g., sys_execve)
|
|
+ * will commit the audit record just before their final return.
|
|
+ * These were done under the assumption that nothing of interest
|
|
+ * would happen between their return and here, where we would
|
|
+ * normally commit the audit record. These assumptions will
|
|
+ * need to be revisited should any substantial logic be added
|
|
+ * above.
|
|
+ */
|
|
AUDIT_SYSCALL_EXIT(error, td);
|
|
|
|
/* Save the latest error return value. */
|