Function report |
Source Code:kernel\audit.c |
Create Date:2022-07-28 11:23:58 |
Last Modify:2020-03-12 14:18:49 | Copyright©Brick |
home page | Tree |
Annotation kernel can get tool activity | Download SCCT | Chinese |
Name:audit_log_end - end one audit record*@ab: the audit_buffer* We can not do a netlink send inside an irq context because it blocks (last* arg, flags, is not set to MSG_DONTWAIT), so the audit buffer is placed on a* queue and a tasklet is scheduled to remove
Proto:void audit_log_end(struct audit_buffer *ab)
Type:void
Parameter:
Type | Parameter | Name |
---|---|---|
struct audit_buffer * | ab |
2307 | If Not ab Then Return |
2310 | If audit_rate_check() Then |
2311 | skb = rmatted skb ready to send |
2312 | rmatted skb ready to send = NULL |
2321 | wake_up_interruptible( & kauditd_wait) |
2325 | audit_buffer_free(ab) |
Name | Describe |
---|---|
audit_log_config_change | |
audit_log_feature_change | |
audit_receive_msg | |
audit_log_path_denied | audit_log_path_denied - report a path restriction denial*@type: audit message type (AUDIT_ANOM_LINK, AUDIT_ANOM_CREAT, etc)*@operation: specific operation name |
audit_log_set_loginuid | |
audit_log | audit_log - Log an audit record*@ctx: audit context*@gfp_mask: type of allocation*@type: audit message type*@fmt: format string to use*@...: variable parameters matching the format string* This is a convenience function that calls audit_log_start, |
audit_log_rule_change | Log rule additions and removals |
audit_log_pid_context | |
audit_log_execve_info | |
show_special | |
audit_log_name | audit_log_name - produce AUDIT_PATH record from struct audit_names*@context: audit_context for the task*@n: audit_names structure with reportable details*@path: optional path to report instead of audit_names->name*@record_num: record number to report when |
audit_log_proctitle | |
audit_log_exit | |
audit_core_dumps | audit_core_dumps - record information about processes that end abnormally*@signr: signal value* If a process ends with a core dump, something fishy is going on and we* should record the event for investigation. |
audit_seccomp | audit_seccomp - record information about a seccomp action*@syscall: syscall number*@signr: signal value*@code: the seccomp action* Record the information associated with a seccomp action. Event filtering for |
audit_seccomp_actions_logged | |
audit_watch_log_rule_change | |
audit_mark_log_rule_change | |
audit_tree_log_remove_rule | |
selinux_setprocattr | |
common_lsm_audit | mmon_lsm_audit - generic LSM auditing function*@a: auxiliary audit data*@pre_audit: lsm-specific pre-audit callback*@post_audit: lsm-specific post-audit callback* setup the audit buffer for common security information* uses callback to print LSM specific |
integrity_audit_msg | |
ima_audit_measurement | |
ima_parse_rule |
Source code conversion tool public plug-in interface | X |
---|---|
Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion |