AUDIT_SYSCALL_ENTRY
Section: Audit Interfaces (9)
Updated: February 2011
Index
Return to Main Contents
NAME
audit_syscall_entry - fill in an audit record at syscall entry
SYNOPSIS
-
void audit_syscall_entry(int arch, int major, unsigned long a1, unsigned long a2, unsigned long a3, unsigned long a4);
ARGUMENTS
arch
-
- architecture type
major
-
major syscall type (function)
a1
-
additional syscall register 1
a2
-
additional syscall register 2
a3
-
additional syscall register 3
a4
-
additional syscall register 4
DESCRIPTION
Fill in audit context at syscall entry. This only happens if the audit context was created when the task was created and the state or filters demand the audit context be built. If the state from the per-task filter or from the per-syscall filter is AUDIT_RECORD_CONTEXT, then the record will be written at syscall exit time (otherwise, it will only be written if another part of the kernel requests that it be written).
COPYRIGHT