openbsm
openbsm copied to clipboard
openbsm
Feature request: BSM support for UUID tokens
In a local extension to FreeBSD, we are adding per-object UUIDs for many kernel object types (e.g., to files) allowing them to be more reliably identified and their associated operations correlated. While our focus is on exposing those UUIDs to another in-kernel consumer (our DTrace audit provider), exporting these UUIDs via BSM would also be valuable. This is probably most usefully implemented as a new BSM token to hold a named UUID (e.g., as with other general-purpose token types, have a number identifying what argument or object it corresponds to, for cases where more than one UUID might be included). An alternative strategy would be to include a string token containing a string representation of the UUID, which would avoid compatibility issues across BSM implementations (as BSM tokens do not contain a length field, only a type field, making parsing unknown token types problematic). However, it is accomplished, a uniform and consistent approach lending itself to automated processing of the trail would be beneficial.
