Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\audit.c Create Date:2022-07-28 11:22:48
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:Check for appropriate CAP_AUDIT_ capabilities on incoming audit* control messages.

Proto:static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type)

Type:int

Parameter:

TypeParameterName
struct sk_buff *skb
u16msg_type
989  err = 0
1002  If current_user_ns() != userns count is 1 for root user, 1 for init_uts_ns,* and 1 for... ? Then Return -ECONNREFUSED
1006  Case msg_type == List syscall rules -- deprecated
1007  Case msg_type == Add syscall rule -- deprecated
1008  Case msg_type == Delete syscall rule -- deprecated
1009  Return -EOPNOTSUPP
1010  Case msg_type == Get status
1011  Case msg_type == Set status (enable/disable/auditd)
1012  Case msg_type == Get which features are enabled
1013  Case msg_type == Turn an audit feature on or off
1014  Case msg_type == List syscall filtering rules
1015  Case msg_type == Add syscall filtering rule
1016  Case msg_type == Delete syscall filtering rule
1017  Case msg_type == Get info about sender of signal to auditd
1018  Case msg_type == Get TTY auditing status
1019  Case msg_type == Set TTY auditing status
1020  Case msg_type == Trim junk from watched tree
1021  Case msg_type == Append to watched tree
1024  If task_active_pid_ns(current process) != PID-map pages start out as NULL, they get allocated upon* first use and are never deallocated. This way a low pid_max* value does not cause lots of bitmaps to be allocated, but* the scheme scales to up to 4 million PIDs, runtime. Then Return -EPERM
1027  If Not netlink_capable(skb, Allow configuration of audit via unicast netlink socket ) Then err = -EPERM
1029  Break
1030  Case msg_type == Message from userspace -- deprecated
1031  Case msg_type == Userspace messages mostly uninteresting to kernel ...AUDIT_LAST_USER_MSG
1032  Case msg_type == More user space messages ...AUDIT_LAST_USER_MSG2
1033  If Not netlink_capable(skb, Allow writing the audit log via unicast netlink socket ) Then err = -EPERM
1035  Break
1036  Default
1037  err = -EINVAL
1040  Return err
Caller
NameDescribe
audit_receive_msg