/*
 * Policy: log-exec.
 *
 * (c) 2002, 2003 Pawel Jakub Dawidek <nick@garage.freebsd.pl>
 *
 * $Id: log-exec.cb,v 1.10 2003/08/12 12:36:30 dawidek Exp $
 */

#include "addons.cbh"

#if CERB_VERSION < 2003032101
#error	Newer CerbNG required for this policy.
#endif


#define	LOG_EXEC_START_UID	1000u
#define	LOG_EXEC_VERBOSE	1


beginrules

REGISTER("log-exec");

#if CERB_VERSION >= 2003062901
if (INITRUN()) {
	crsysctl("log_exec");
	crsysctl("log_exec.start_uid", LOG_EXEC_START_UID);
#undef	LOG_EXEC_START_UID
#define	LOG_EXEC_START_UID	CB_SYSCTL("log_exec.start_uid")
	crsysctl("log_exec.verbose", LOG_EXEC_VERBOSE);
#undef	LOG_EXEC_VERBOSE
#define	LOG_EXEC_VERBOSE	CB_SYSCTL("log_exec.verbose")
}
#endif

ADD_SYSCALL(SYS_execve);

if (syscall == SYS_execve && ruid >= LOG_EXEC_START_UID) {
	/* We want to log all execve() activity from normal users. */
	CB_LOGEXT(LOG_EXEC_VERBOSE, LOG_INFO, "!INFO! Running %s (%s) (args: "
	    "%S).", arg[0], realpath(arg[0]), arg[1]);
}

endrules