From c3c1b5e62ac2d262d6de92999db45ed6a9753071 Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Mon, 19 Feb 2007 13:10:29 +0000 Subject: [PATCH] For now, reflect practical reality that Audit system calls aren't allowed in Jail: return a privilege error. --- sys/kern/kern_jail.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index c676ddc3b015..d6e65fa216af 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -542,6 +542,7 @@ prison_priv_check(struct ucred *cred, int priv) */ case PRIV_KTRACE: +#if 0 /* * Allow jailed processes to configure audit identity and * submit audit records (login, etc). In the future we may @@ -551,6 +552,7 @@ prison_priv_check(struct ucred *cred, int priv) case PRIV_AUDIT_GETAUDIT: case PRIV_AUDIT_SETAUDIT: case PRIV_AUDIT_SUBMIT: +#endif /* * Allow jailed processes to manipulate process UNIX