Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\audit.c Create Date:2022-07-28 11:23:58
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:audit_log_end - end one audit record*@ab: the audit_buffer* We can not do a netlink send inside an irq context because it blocks (last* arg, flags, is not set to MSG_DONTWAIT), so the audit buffer is placed on a* queue and a tasklet is scheduled to remove

Proto:void audit_log_end(struct audit_buffer *ab)

Type:void

Parameter:

TypeParameterName
struct audit_buffer *ab
2307  If Not ab Then Return
2310  If audit_rate_check() Then
2311  skb = rmatted skb ready to send
2312  rmatted skb ready to send = NULL
2316  nlh = nlmsg_hdr(skb)
2317  Length of message including header = len - NLMSG_HDRLEN
2320  queue a buffer at the list tail
2321  wake_up_interruptible( & kauditd_wait)
2322  Else audit_log_lost - conditionally log lost audit message event*@message: the message stating reason for lost audit message* Emit at least 1 message per second, even if audit_rate_check is* throttling.* Always increment the lost messages counter.
2325  audit_buffer_free(ab)
Caller
NameDescribe
audit_log_config_change
audit_log_feature_change
audit_receive_msg
audit_log_path_deniedaudit_log_path_denied - report a path restriction denial*@type: audit message type (AUDIT_ANOM_LINK, AUDIT_ANOM_CREAT, etc)*@operation: specific operation name
audit_log_set_loginuid
audit_logaudit_log - Log an audit record*@ctx: audit context*@gfp_mask: type of allocation*@type: audit message type*@fmt: format string to use*@...: variable parameters matching the format string* This is a convenience function that calls audit_log_start,
audit_log_rule_changeLog rule additions and removals
audit_log_pid_context
audit_log_execve_info
show_special
audit_log_nameaudit_log_name - produce AUDIT_PATH record from struct audit_names*@context: audit_context for the task*@n: audit_names structure with reportable details*@path: optional path to report instead of audit_names->name*@record_num: record number to report when
audit_log_proctitle
audit_log_exit
audit_core_dumpsaudit_core_dumps - record information about processes that end abnormally*@signr: signal value* If a process ends with a core dump, something fishy is going on and we* should record the event for investigation.
audit_seccompaudit_seccomp - record information about a seccomp action*@syscall: syscall number*@signr: signal value*@code: the seccomp action* Record the information associated with a seccomp action. Event filtering for
audit_seccomp_actions_logged
audit_watch_log_rule_change
audit_mark_log_rule_change
audit_tree_log_remove_rule
selinux_setprocattr
common_lsm_auditmmon_lsm_audit - generic LSM auditing function*@a: auxiliary audit data*@pre_audit: lsm-specific pre-audit callback*@post_audit: lsm-specific post-audit callback* setup the audit buffer for common security information* uses callback to print LSM specific
integrity_audit_msg
ima_audit_measurement
ima_parse_rule