Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\auditsc.c Create Date:2022-07-28 11:27:05
Last Modify:2020-03-17 16:31:21 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:At syscall exit time, this filter is called if any audit_names have been* collected during syscall processing. We only check rules in sublists at hash* buckets applicable to the inode numbers in audit_names.

Proto:void audit_filter_inodes(struct task_struct *tsk, struct audit_context *ctx)

Type:void

Parameter:

TypeParameterName
struct task_struct *tsk
struct audit_context *ctx
835  If auditd_test_task - Check to see if a given task is an audit daemon*@task: the task to check* Description:* Return 1 if the task is a registered audit daemon, 0 otherwise. Then Return
838  _read_lock() - mark the beginning of an RCU read-side critical section* When synchronize_rcu() is invoked on one CPU while other CPUs* are within RCU read-side critical sections, then the* synchronize_rcu() is guaranteed to block until after all the other
841  If Given an audit_name check the inode hash table to see if they match.* Called holding the rcu read lock to protect the use of audit_inode_hash Then Break
844  _read_unlock() - marks the end of an RCU read-side critical section.* In most situations, rcu_read_unlock() is immune from deadlock.* However, in kernels built with CONFIG_RCU_BOOST, rcu_read_unlock()