Author: csjp Date: Wed Mar 21 17:22:42 2018 New Revision: 331313 URL: https://svnweb.freebsd.org/changeset/base/331313
Log: Document the limitations associated with using the audit syscalls from jailed process. These might get implemented in jails in the future, but for now they are not supported. Discussed on: freebsd-security@ Reviewed by: brueffer@ MFC after: 2 weeks Modified: head/share/man/man4/audit.4 Modified: head/share/man/man4/audit.4 ============================================================================== --- head/share/man/man4/audit.4 Wed Mar 21 16:18:14 2018 (r331312) +++ head/share/man/man4/audit.4 Wed Mar 21 17:22:42 2018 (r331313) @@ -138,3 +138,11 @@ incomplete argument information. Mandatory Access Control (MAC) labels, as provided by the .Xr mac 4 facility, are not audited as part of records involving MAC decisions. +.Pp +Currently the +.Nm +syscalls are not supported for jailed processes. +However, if a process has +.Nm +session state associated with it, audit records will still be produced and a zonename token +containing the jail's ID or name will be present in the audit records. _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
