upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-03 22:02:58 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Document the limitations associated with using the audit syscalls

Browse source 
from jailed process.  These might get implemented in jails in the
future, but for now they are not supported.

Discussed on:   freebsd-security@
Reviewed by:    brueffer@
MFC after:      2 weeks
This commit is contained in:
Christian S.J. Peron 2018-03-21 17:22:42 +00:00
parent 0e33efe4e4
commit 49f12e36d0
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
share/man/man4/audit.4
View file

@ -138,3 +138,11 @@ incomplete argument information.
Mandatory Access Control (MAC) labels, as provided by the
.Xr mac 4
facility, are not audited as part of records involving MAC decisions.
.Pp
Currently the
.Nm
syscalls are not supported for jailed processes.
However, if a process has
.Nm
session state associated with it, audit records will still be produced and a zonename token
containing the jail's ID or name will be present in the audit records.