audit_alloc

Name:audit_alloc - allocate an audit context block for a task*@tsk: task* Filter on the task information and allocate a per-task audit context* if necessary. Doing so turns on system call auditing for the* specified task

Proto:int audit_alloc(struct task_struct *tsk)

Type:int

Parameter:

Type	Parameter	Name
struct task_struct *	tsk

919

char * key = NULL

921

If Value is more likely to compile time(!audit_ever_enabled) Then Return 0

924

state = At process creation time, we can determine if system-call auditing is* completely disabled for this task. Since we only have the task* structure at this point, we can only check uid and gid.

925

If state == Do not create per-task audit_context.* No syscall-specific audit records can* be generated. Then

926

clear_tsk_thread_flag(tsk, syscall auditing active )

927

Return 0

930

If Not (context = audit_alloc_context(state)) Then

931

kfree(key)

932

audit_log_lost - conditionally log lost audit message event*@message: the message stating reason for lost audit message* Emit at least 1 message per second, even if audit_rate_check is* throttling.* Always increment the lost messages counter.

933

Return -ENOMEM

935

key for rule that triggered record = key

937

audit_set_context(tsk, context)

938

Set thread flags in other task's structures.* See asm/thread_info.h for TIF_xxxx flags available:

939

Return 0

Source code conversion tool public plug-in interface	X
Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion

Function report