mirror of
https://github.com/opnsense/src.git
synced 2026-05-28 04:12:45 -04:00
26312c233e
syscallenter() has a slow path to handle syscall auditing and dtrace syscall tracing. It uses AUDIT_SYSCALL_ENTER() to check whether to take the slow path, but this macro also has side effects: it writes the audit log entry. When systrace (dtrace syscall tracing) is enabled, this would get short-circuited, and we end up not writing audit log entries. Introduce a pure macro to check whether auditing is enabled, use it in syscallenter() instead of AUDIT_SYSCALL_ENTER(). Approved by: so Security: FreeBSD-EN-25:02.audit Reviewed by: kib Reported by: Joe Duin <jd@firexfly.com> Fixes: |
||
|---|---|---|
| .. | ||
| audit.c | ||
| audit.h | ||
| audit_arg.c | ||
| audit_bsm.c | ||
| audit_bsm_db.c | ||
| audit_bsm_klib.c | ||
| audit_dtrace.c | ||
| audit_ioctl.h | ||
| audit_pipe.c | ||
| audit_private.h | ||
| audit_syscalls.c | ||
| audit_trigger.c | ||
| audit_worker.c | ||
| bsm_domain.c | ||
| bsm_errno.c | ||
| bsm_fcntl.c | ||
| bsm_socket_type.c | ||
| bsm_token.c | ||