Merge OpenBSM 1.2-alpha5 from vendor branch to FreeBSD -CURRENT:

- Add a new "qsize" parameter in audit_control and the getacqsize(3) API to query it, allowing to set the kernel's maximum audit queue length. - Add support to push a mapping between audit event names and event numbers into the kernel (where supported) using new A_GETEVENT and A_SETEVENT auditon(2) operations. - Add audit event identifiers for a number of new (and not-so-new) FreeBSD system calls including those for asynchronous I/O, thread management, SCTP, jails, multi-FIB support, and misc. POSIX interfaces such as posix_fallocate(2) and posix_fadvise(2). - On operating systems supporting Capsicum, auditreduce(1) and praudit(1) now run sandboxed. - Empty "flags" and "naflags" fields are now permitted in audit_control(5). Many thanks to Christian Brueffer for producing the OpenBSM release and importing/tagging it in the vendor branch. This release will allow improved auditing of a range of new FreeBSD functionality, as well as non-traditional events (e.g., fine-grained I/O auditing) not required by the Orange Book or Common Criteria. Obtained from: TrustedBSD Project Sponsored by: DARPA, AFRL MFC after: 3 weeks
jakesfreeland · Mar 26, 2017 · 5e38659 · 5e38659
2 parents cb53322 + 4719229
commit 5e38659
Show file tree

Hide file tree

Showing 62 changed files with 11,035 additions and 15,024 deletions.
diff --git a/contrib/openbsm/.travis.yml b/contrib/openbsm/.travis.yml
@@ -14,5 +14,7 @@ before_install:
       sudo apt-get -qq install byacc flex;
     elif [ $TRAVIS_OS_NAME == "osx" ]; then
       brew update;
-      brew install byacc flex;
+      brew install byacc flex openssl;
+      export CFLAGS="-I/usr/local/opt/openssl/include $CFLAGS";
+      export LDFLAGS="-L/usr/local/opt/openssl/lib $LDFLAGS";
     fi
diff --git a/contrib/openbsm/CREDITS b/contrib/openbsm/CREDITS
@@ -35,6 +35,7 @@ the development of OpenBSM:
     Joel Dahl
     Ryan Steinmetz
     The FreeBSD Foundation
+    Brooks Davis
 
 In addition, Coverity, Inc.'s Prevent(tm) static analysis tool and Gimpel
 Software's FlexeLint tool were used to identify a number of bugs in the

diff --git a/contrib/openbsm/INSTALL b/contrib/openbsm/INSTALL
@@ -8,18 +8,23 @@ support is found.  Typical builds will be performed using:
     ./configure
     make
 
-If doing development work on OpenBSM with gcc, the following invocation of
-configure is preferred in order to generate full compiler warnings and force
-the compile to fail if a warning is found:
-
-    CFLAGS="-Wall -Werror" ./configure
-
 On Linux systems, OpenSSL headers may have to be installed to support
 encryption of on-the-wire audit streams using auditdistd; the following
 appears to work on Ubuntu:
 
     sudo apt-get install libssl-dev
 
+Similarly, Mac OS X systems will require OpenSSL support:
+
+    brew install openssl
+
+Mac OS X systems will similarly require setting CFLAGS and LDFLAGS to notify
+configure of the location of the OpenSSL headers and library:
+
+    CFLAGS=-I/usr/local/opt/openssl/include			\
+    LDFLAGS=-L/usr/local/opt/openssl/lib			\
+    configure
+
 To install the library, binaries, and man pages, use:
 
     make install

diff --git a/contrib/openbsm/LICENSE b/contrib/openbsm/LICENSE
@@ -1,13 +1,13 @@
 OpenBSM Copyrights and Licensing
 
-OpenBSM is covered by a number of copyrights, with licenses being either two
-or three clause BSD licenses.  Individual file headers should be consulted
+OpenBSM is covered by a number of copyrights, with licenses being either two-
+or three-clause BSD licenses.  Individual file headers should be consulted
 for copyrights on specific elements of the distribution.
 
 The following copyright and license are asserted over the OpenBSM distribution
 as a whole:
 
-  Copyright (c) 2005-2012 Robert N.M. Watson
+  Copyright (c) 2005-2016 Robert N.M. Watson
   All rights reserved.
 
   Redistribution and use in source and binary forms, with or without