From 3580f3cfec67c2b0dcef66329b11572017e554e2 Mon Sep 17 00:00:00 2001 From: "Christian S.J. Peron" Date: Tue, 3 Mar 2020 01:46:35 +0000 Subject: [PATCH] In r358471, we interrupted the case block that would eventually lead to the path related tokens not being processed. Restore this behavior and and move AUE_JAIL_SET in this block, as it may conditionally contain a path token. Discovered by: kevans PR: 244537 Reviewed by: kevans Differential Revision: https://reviews.freebsd.org/D23929 --- sys/security/audit/audit_bsm.c | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/sys/security/audit/audit_bsm.c b/sys/security/audit/audit_bsm.c index c5a112fcffc..fa072a12ee0 100644 --- a/sys/security/audit/audit_bsm.c +++ b/sys/security/audit/audit_bsm.c @@ -803,25 +803,26 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau) UPATH1_VNODE1_TOKENS; break; + /* + * NB: We may want to verify that the appropriate + * audit args are being processed here, but I think + * a bit analysis is required. + * + * Process AUE_JAIL_SET in the next block so we can pickup any path + * related tokens that might exist. + */ + case AUE_JAIL_GET: + case AUE_JAIL_ATTACH: + case AUE_JAIL_REMOVE: + break; + + case AUE_JAIL_SET: case AUE_CHDIR: case AUE_CHROOT: case AUE_FSTATAT: case AUE_FUTIMESAT: case AUE_GETATTRLIST: case AUE_JAIL: - break; - - /* - * NB: We may want to verify that the appropriate - * audit args are being processed here, but I think - * a bit analysis is required. - */ - case AUE_JAIL_GET: - case AUE_JAIL_SET: - case AUE_JAIL_ATTACH: - case AUE_JAIL_REMOVE: - break; - case AUE_LUTIMES: case AUE_NFS_GETFH: case AUE_LGETFH: