https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=292739
Bug ID: 292739
Summary: pdrfork leaves no audit trail
Product: Base System
Version: 16.0-CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: [email protected]
Reporter: [email protected]
The new pdrfork syscall leaves no audit trail, as far as I can tell. Other
related functions, like pdfork and pdwait, do.
Steps to Reproduce
==================
1) Build and install the attached patch
2) cd /usr/tests/sys/audit
3) sudo kyua debug process-control:pdrfork_succes
Looking for 'pdrfork.*0.*return,success' in 'header,77,11,exit(2),0,Mon Jan 26
17:50:14 2026, + 406 msec,exit,Error
0,0,subject,-1,root,wheel,root,wheel,59764,0,0,0.0.0.0,return,success,0,trailer,77,'
Looking for 'pdrfork.*0.*return,success' in 'header,68,11,thr_exit(2),0,Mon Jan
26 17:50:14 2026, + 651
msec,subject,-1,somers,somers,somers,somers,52024,0,0,0.0.0.0,return,success,0,trailer,68,'
Looking for 'pdrfork.*0.*return,success' in 'header,68,11,thr_exit(2),0,Mon Jan
26 17:50:14 2026, + 879
msec,subject,-1,somers,somers,somers,somers,52024,0,0,0.0.0.0,return,success,0,trailer,68,'
auditd(8) is running.
process-control:pdrfork_success -> failed: pdrfork.*0.*return,success not
found in auditpipe within the time limit
--
You are receiving this mail because:
You are the assignee for the bug.
