Function report |
Source Code:kernel\audit.c |
Create Date:2022-07-28 11:23:58 |
| Last Modify:2020-03-12 14:18:49 | Copyright©Brick |
| home page | Tree |
| Annotation kernel can get tool activity | Download SCCT | Chinese |
Name:audit_log_end - end one audit record*@ab: the audit_buffer* We can not do a netlink send inside an irq context because it blocks (last* arg, flags, is not set to MSG_DONTWAIT), so the audit buffer is placed on a* queue and a tasklet is scheduled to remove
Proto:void audit_log_end(struct audit_buffer *ab)
Type:void
Parameter:
| Type | Parameter | Name |
|---|---|---|
| struct audit_buffer * | ab |
| 2307 | If Not ab Then Return |
| 2310 | If audit_rate_check() Then |
| 2311 | skb = rmatted skb ready to send |
| 2312 | rmatted skb ready to send = NULL |
| 2321 | wake_up_interruptible( & kauditd_wait) |
| 2325 | audit_buffer_free(ab) |
| Name | Describe |
|---|---|
| audit_log_config_change | |
| audit_log_feature_change | |
| audit_receive_msg | |
| audit_log_path_denied | audit_log_path_denied - report a path restriction denial*@type: audit message type (AUDIT_ANOM_LINK, AUDIT_ANOM_CREAT, etc)*@operation: specific operation name |
| audit_log_set_loginuid | |
| audit_log | audit_log - Log an audit record*@ctx: audit context*@gfp_mask: type of allocation*@type: audit message type*@fmt: format string to use*@...: variable parameters matching the format string* This is a convenience function that calls audit_log_start, |
| audit_log_rule_change | Log rule additions and removals |
| audit_log_pid_context | |
| audit_log_execve_info | |
| show_special | |
| audit_log_name | audit_log_name - produce AUDIT_PATH record from struct audit_names*@context: audit_context for the task*@n: audit_names structure with reportable details*@path: optional path to report instead of audit_names->name*@record_num: record number to report when |
| audit_log_proctitle | |
| audit_log_exit | |
| audit_core_dumps | audit_core_dumps - record information about processes that end abnormally*@signr: signal value* If a process ends with a core dump, something fishy is going on and we* should record the event for investigation. |
| audit_seccomp | audit_seccomp - record information about a seccomp action*@syscall: syscall number*@signr: signal value*@code: the seccomp action* Record the information associated with a seccomp action. Event filtering for |
| audit_seccomp_actions_logged | |
| audit_watch_log_rule_change | |
| audit_mark_log_rule_change | |
| audit_tree_log_remove_rule | |
| selinux_setprocattr | |
| common_lsm_audit | mmon_lsm_audit - generic LSM auditing function*@a: auxiliary audit data*@pre_audit: lsm-specific pre-audit callback*@post_audit: lsm-specific post-audit callback* setup the audit buffer for common security information* uses callback to print LSM specific |
| integrity_audit_msg | |
| ima_audit_measurement | |
| ima_parse_rule |
| Source code conversion tool public plug-in interface | X |
|---|---|
| Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion |