函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\audit.c Create Date:2022-07-27 12:25:44
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:Check for appropriate CAP_AUDIT_ capabilities on incoming audit* control messages.

函数原型:static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type)

返回类型:int

参数:

类型参数名称
struct sk_buff *skb
u16msg_type
989  err等于0
1002  如果current_user_ns()不等于userns count is 1 for root user, 1 for init_uts_ns,* and 1 for... ?则返回:负ECONNREFUSED
1006  :msg_type恒等于List syscall rules -- deprecated
1007  :msg_type恒等于Add syscall rule -- deprecated
1008  :msg_type恒等于Delete syscall rule -- deprecated
1009  返回:负EOPNOTSUPP
1010  :msg_type恒等于Get status
1011  :msg_type恒等于Set status (enable/disable/auditd)
1012  :msg_type恒等于Get which features are enabled
1013  :msg_type恒等于Turn an audit feature on or off
1014  :msg_type恒等于List syscall filtering rules
1015  :msg_type恒等于Add syscall filtering rule
1016  :msg_type恒等于Delete syscall filtering rule
1017  :msg_type恒等于Get info about sender of signal to auditd
1018  :msg_type恒等于Get TTY auditing status
1019  :msg_type恒等于Set TTY auditing status
1020  :msg_type恒等于Trim junk from watched tree
1021  :msg_type恒等于Append to watched tree
1024  如果取进程的空间不等于PID-map pages start out as NULL, they get allocated upon* first use and are never deallocated. This way a low pid_max* value does not cause lots of bitmaps to be allocated, but* the scheme scales to up to 4 million PIDs, runtime.则返回:负EPERM
1027  如果非netlink_capable(skb, Allow configuration of audit via unicast netlink socket )则err等于负EPERM
1029  退出
1030  :msg_type恒等于Message from userspace -- deprecated
1031  :msg_type == Userspace messages mostly uninteresting to kernel ...AUDIT_LAST_USER_MSG
1032  :msg_type == More user space messages ...AUDIT_LAST_USER_MSG2
1033  如果非netlink_capable(skb, Allow writing the audit log via unicast netlink socket )则err等于负EPERM
1035  退出
1036  默认
1037  err等于负EINVAL
1040  返回:err
调用者
名称描述
audit_receive_msg