diff --git a/share/man/man4/auditpipe.4 b/share/man/man4/auditpipe.4 index 9a7f208865f..9f77481a981 100644 --- a/share/man/man4/auditpipe.4 +++ b/share/man/man4/auditpipe.4 @@ -74,7 +74,7 @@ preselection parameters independent of the global audit trail parameters. .Ss Audit Pipe Queue Ioctls The following ioctls retrieve and set various audit pipe record queue properties: -.Bl -tag -width AUDITPIPE_GET_QLIMIT_MIN +.Bl -tag -width AUDITPIPE_GET_MAXAUDITDATA .It AUDITPIPE_GET_QLEN Query the current number of records available for reading on the pipe. .It AUDITPIPE_GET_QLIMIT @@ -95,6 +95,9 @@ reading on the pipe. Flush all outstanding records on the audit pipe; useful after setting initial preselection properties to delete records queued during the configuration process which may not match the interests of the user process. +.It AUDITPIPE_GET_MAXAUDITDATA +Query the maximum size of an audit record, which is a useful minimum size for +a user space buffer intended to hold audit records read from the audit pipe. .El .Ss Audit Pipe Preselection Mode Ioctls By default, the audit pipe facility configures pipes to present records diff --git a/sys/security/audit/audit_ioctl.h b/sys/security/audit/audit_ioctl.h index e80346fbce4..b68d359d905 100644 --- a/sys/security/audit/audit_ioctl.h +++ b/sys/security/audit/audit_ioctl.h @@ -73,6 +73,7 @@ struct auditpipe_ioctl_preselect { #define AUDITPIPE_GET_PRESELECT_MODE _IOR(AUDITPIPE_IOBASE, 14, int) #define AUDITPIPE_SET_PRESELECT_MODE _IOW(AUDITPIPE_IOBASE, 15, int) #define AUDITPIPE_FLUSH _IO(AUDITPIPE_IOBASE, 16) +#define AUDITPIPE_GET_MAXAUDITDATA _IOR(AUDITPIPE_IOBASE, 17, u_int) /* * Ioctls to retrieve audit pipe statistics. diff --git a/sys/security/audit/audit_pipe.c b/sys/security/audit/audit_pipe.c index 21931afbe56..6bea514d986 100644 --- a/sys/security/audit/audit_pipe.c +++ b/sys/security/audit/audit_pipe.c @@ -855,6 +855,11 @@ audit_pipe_ioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag, error = 0; break; + case AUDITPIPE_GET_MAXAUDITDATA: + *(u_int *)data = MAXAUDITDATA; + error = 0; + break; + case AUDITPIPE_GET_INSERTS: *(u_int *)data = ap->ap_inserts; error = 0;