Chapter 12. Audit Interfaces

Table of Contents

audit_log_start — obtain an audit buffer

audit_log_format — format a message into the audit buffer.

audit_log_end — end one audit record

audit_log — Log an audit record

audit_log_secctx — Converts and logs SELinux context

audit_alloc — allocate an audit context block for a task

__audit_free — free a per-task audit context

__audit_syscall_entry — fill in an audit record at syscall entry

__audit_syscall_exit — deallocate audit context after a system call

__audit_reusename — fill out filename with info from existing entry

__audit_getname — add a name to the list

__audit_inode — store the inode and device from a lookup

auditsc_get_stamp — get local copies of audit_context values

audit_set_loginuid — set current task's audit_context loginuid

__audit_mq_open — record audit data for a POSIX MQ open

__audit_mq_sendrecv — record audit data for a POSIX MQ timed send/receive

__audit_mq_notify — record audit data for a POSIX MQ notify

__audit_mq_getsetattr — record audit data for a POSIX MQ get/set attribute

__audit_ipc_obj — record audit data for ipc object

__audit_ipc_set_perm — record audit data for new ipc permissions

__audit_socketcall — record audit data for sys_socketcall

__audit_fd_pair — record audit data for pipe and socketpair

__audit_sockaddr — record audit data for sys_bind, sys_connect, sys_sendto

audit_signal_info — record signal info for shutting down audit subsystem

__audit_log_bprm_fcaps — store information about a loading bprm and relevant fcaps

__audit_log_capset — store information about the arguments to the capset syscall

audit_core_dumps — record information about processes that end abnormally

audit_rule_change — apply all rules to the specified message type

audit_list_rules_send — list the audit rules

parent_len — find the length of the parent portion of a pathname

audit_compare_dname_path — compare given dentry name with last component in given path. Return of 0 indicates a match.