Lines Matching +full:current +full:- +full:rotate
1 /*-
2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (c) 1999-2008 Apple Inc.
5 * Copyright (c) 2006-2008, 2016, 2018 Robert N. M. Watson
10 * contract FA8650-15-C-7558 ("CADETS"), as part of the DARPA Transparent
90 * when the kernel has delivered a trigger to auditd to rotate the trail, and
153 mp = vp->v_mount; in audit_record_write()
163 mnt_stat = &mp->mnt_stat; in audit_record_write()
175 * We handle four different space-related limits: in audit_record_write()
177 * - A fixed (hard) limit on the minimum free blocks we require on in audit_record_write()
181 * - An administrative (soft) limit, which when fallen below, results in audit_record_write()
184 * - An audit trail size limit, which when gone above, results in the in audit_record_write()
187 * - The total depth of the kernel audit record exceeding free space, in audit_record_write()
200 if (mnt_stat->f_bfree < AUDIT_HARD_LIMIT_FREE_BLOCKS) { in audit_record_write()
211 temp = mnt_stat->f_blocks / (100 / audit_qctrl.aq_minfree); in audit_record_write()
212 if (mnt_stat->f_bfree < temp) { in audit_record_write()
218 "on audit log file-system\n", in audit_record_write()
225 * If the current file is getting full, generate a rotation trigger in audit_record_write()
250 MAX_AUDIT_RECORD_SIZE) / mnt_stat->f_bsize >= in audit_record_write()
251 (unsigned long)(mnt_stat->f_bfree)) { in audit_record_write()
302 "Audit log space exhausted and fail-stop set."); in audit_record_write()
311 * We have failed to write to the file, so the current record is in audit_record_write()
345 if (((ar->k_ar_commit & AR_COMMIT_USER) && in audit_worker_process_record()
346 (ar->k_ar_commit & AR_PRESELECT_USER_TRAIL)) || in audit_worker_process_record()
347 (ar->k_ar_commit & AR_PRESELECT_TRAIL)) { in audit_worker_process_record()
357 if ((ar->k_ar_commit & AR_COMMIT_USER) && in audit_worker_process_record()
358 (ar->k_ar_commit & AR_PRESELECT_USER_TRAIL)) { in audit_worker_process_record()
360 audit_record_write(audit_vp, audit_cred, ar->k_udata, in audit_worker_process_record()
361 ar->k_ulen); in audit_worker_process_record()
364 if ((ar->k_ar_commit & AR_COMMIT_USER) && in audit_worker_process_record()
365 (ar->k_ar_commit & AR_PRESELECT_USER_PIPE)) in audit_worker_process_record()
366 audit_pipe_submit_user(ar->k_udata, ar->k_ulen); in audit_worker_process_record()
368 if (!(ar->k_ar_commit & AR_COMMIT_KERNEL) || in audit_worker_process_record()
369 ((ar->k_ar_commit & AR_PRESELECT_PIPE) == 0 && in audit_worker_process_record()
370 (ar->k_ar_commit & AR_PRESELECT_TRAIL) == 0 && in audit_worker_process_record()
371 (ar->k_ar_commit & AR_PRESELECT_DTRACE) == 0)) in audit_worker_process_record()
374 auid = ar->k_ar.ar_subj_auid; in audit_worker_process_record()
375 event = ar->k_ar.ar_event; in audit_worker_process_record()
377 if (ar->k_ar.ar_errno == 0) in audit_worker_process_record()
398 if (ar->k_ar_commit & AR_PRESELECT_TRAIL) { in audit_worker_process_record()
400 audit_record_write(audit_vp, audit_cred, bsm->data, bsm->len); in audit_worker_process_record()
403 if (ar->k_ar_commit & AR_PRESELECT_PIPE) in audit_worker_process_record()
405 ar->k_ar_commit & AR_PRESELECT_TRAIL, bsm->data, in audit_worker_process_record()
406 bsm->len); in audit_worker_process_record()
412 if (ar->k_ar_commit & AR_PRESELECT_DTRACE) { in audit_worker_process_record()
415 bsm->data, bsm->len); in audit_worker_process_record()
429 * to a thread-local work queue.
454 * transfer them to a thread-local queue and process them in audit_worker()
462 audit_q_len--; in audit_worker()
482 * de-configure auditing on a vnode. The arguments are the replacement
484 * for the current credential and vnode, if any. If either is set to NULL,
486 * disabled. Any previous cred/vnode will be closed and freed. We re-enable
509 * Rotate the vnode/cred, and clear the rotate flag so that we will in audit_rotate_vnode()
510 * send a rotate trigger if the new file fills. in audit_rotate_vnode()