Bug 242938 - audit(4) records the wrong exit code for execve()
Summary: audit(4) records the wrong exit code for execve()
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Some People
Assignee: freebsd-audit mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-12-28 12:20 UTC by ben
Modified: 2019-12-31 02:25 UTC (History)
4 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description ben 2019-12-28 12:20:10 UTC
It seems that audit is recording an errno of EJUSTRETURN instead of 0 for calls to execve().  This makes an audit policy with +ex ineffective.

header_ex,301,11,execve(2),0,::1,Sat Dec 28 12:10:13 2019, + 102 msec
exec arg,/usr/libexec/atrun
(...)
return,failure: Unknown error: 201,4294967295

I suspect D13180/r326145, but haven't investigated further.