1<html><head><meta http-equiv="Content-Type" content="text/html; charset=ANSI_X3.4-1968"><title>Chapter 12. Audit Interfaces</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="The Linux Kernel API"><link rel="up" href="index.html" title="The Linux Kernel API"><link rel="prev" href="API-securityfs-remove.html" title="securityfs_remove"><link rel="next" href="API-audit-log-start.html" title="audit_log_start"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 12. Audit Interfaces</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="API-securityfs-remove.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="API-audit-log-start.html">Next</a></td></tr></table><hr></div><div class="chapter"><div class="titlepage"><div><div><h1 class="title"><a name="audit"></a>Chapter 12. Audit Interfaces</h1></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl class="toc"><dt><span class="refentrytitle"><a href="API-audit-log-start.html"><span class="phrase">audit_log_start</span></a></span><span class="refpurpose"> — 2 obtain an audit buffer 3 </span></dt><dt><span class="refentrytitle"><a href="API-audit-log-format.html"><span class="phrase">audit_log_format</span></a></span><span class="refpurpose"> — 4 format a message into the audit buffer. 5 </span></dt><dt><span class="refentrytitle"><a href="API-audit-log-end.html"><span class="phrase">audit_log_end</span></a></span><span class="refpurpose"> — 6 end one audit record 7 </span></dt><dt><span class="refentrytitle"><a href="API-audit-log.html"><span class="phrase">audit_log</span></a></span><span class="refpurpose"> — 8 Log an audit record 9 </span></dt><dt><span class="refentrytitle"><a href="API-audit-log-secctx.html"><span class="phrase">audit_log_secctx</span></a></span><span class="refpurpose"> — 10 Converts and logs SELinux context 11 </span></dt><dt><span class="refentrytitle"><a href="API-audit-alloc.html"><span class="phrase">audit_alloc</span></a></span><span class="refpurpose"> — 12 allocate an audit context block for a task 13 </span></dt><dt><span class="refentrytitle"><a href="API---audit-free.html"><span class="phrase">__audit_free</span></a></span><span class="refpurpose"> — 14 free a per-task audit context 15 </span></dt><dt><span class="refentrytitle"><a href="API---audit-syscall-entry.html"><span class="phrase">__audit_syscall_entry</span></a></span><span class="refpurpose"> — 16 fill in an audit record at syscall entry 17 </span></dt><dt><span class="refentrytitle"><a href="API---audit-syscall-exit.html"><span class="phrase">__audit_syscall_exit</span></a></span><span class="refpurpose"> — 18 deallocate audit context after a system call 19 </span></dt><dt><span class="refentrytitle"><a href="API---audit-reusename.html"><span class="phrase">__audit_reusename</span></a></span><span class="refpurpose"> — 20 fill out filename with info from existing entry 21 </span></dt><dt><span class="refentrytitle"><a href="API---audit-getname.html"><span class="phrase">__audit_getname</span></a></span><span class="refpurpose"> — 22 add a name to the list 23 </span></dt><dt><span class="refentrytitle"><a href="API---audit-inode.html"><span class="phrase">__audit_inode</span></a></span><span class="refpurpose"> — 24 store the inode and device from a lookup 25 </span></dt><dt><span class="refentrytitle"><a href="API-auditsc-get-stamp.html"><span class="phrase">auditsc_get_stamp</span></a></span><span class="refpurpose"> — 26 get local copies of audit_context values 27 </span></dt><dt><span class="refentrytitle"><a href="API-audit-set-loginuid.html"><span class="phrase">audit_set_loginuid</span></a></span><span class="refpurpose"> — 28 set current task's audit_context loginuid 29 </span></dt><dt><span class="refentrytitle"><a href="API---audit-mq-open.html"><span class="phrase">__audit_mq_open</span></a></span><span class="refpurpose"> — 30 record audit data for a POSIX MQ open 31 </span></dt><dt><span class="refentrytitle"><a href="API---audit-mq-sendrecv.html"><span class="phrase">__audit_mq_sendrecv</span></a></span><span class="refpurpose"> — 32 record audit data for a POSIX MQ timed send/receive 33 </span></dt><dt><span class="refentrytitle"><a href="API---audit-mq-notify.html"><span class="phrase">__audit_mq_notify</span></a></span><span class="refpurpose"> — 34 record audit data for a POSIX MQ notify 35 </span></dt><dt><span class="refentrytitle"><a href="API---audit-mq-getsetattr.html"><span class="phrase">__audit_mq_getsetattr</span></a></span><span class="refpurpose"> — 36 record audit data for a POSIX MQ get/set attribute 37 </span></dt><dt><span class="refentrytitle"><a href="API---audit-ipc-obj.html"><span class="phrase">__audit_ipc_obj</span></a></span><span class="refpurpose"> — 38 record audit data for ipc object 39 </span></dt><dt><span class="refentrytitle"><a href="API---audit-ipc-set-perm.html"><span class="phrase">__audit_ipc_set_perm</span></a></span><span class="refpurpose"> — 40 record audit data for new ipc permissions 41 </span></dt><dt><span class="refentrytitle"><a href="API---audit-socketcall.html"><span class="phrase">__audit_socketcall</span></a></span><span class="refpurpose"> — 42 record audit data for sys_socketcall 43 </span></dt><dt><span class="refentrytitle"><a href="API---audit-fd-pair.html"><span class="phrase">__audit_fd_pair</span></a></span><span class="refpurpose"> — 44 record audit data for pipe and socketpair 45 </span></dt><dt><span class="refentrytitle"><a href="API---audit-sockaddr.html"><span class="phrase">__audit_sockaddr</span></a></span><span class="refpurpose"> — 46 record audit data for sys_bind, sys_connect, sys_sendto 47 </span></dt><dt><span class="refentrytitle"><a href="API---audit-signal-info.html"><span class="phrase">__audit_signal_info</span></a></span><span class="refpurpose"> — 48 record signal info for shutting down audit subsystem 49 </span></dt><dt><span class="refentrytitle"><a href="API---audit-log-bprm-fcaps.html"><span class="phrase">__audit_log_bprm_fcaps</span></a></span><span class="refpurpose"> — 50 store information about a loading bprm and relevant fcaps 51 </span></dt><dt><span class="refentrytitle"><a href="API---audit-log-capset.html"><span class="phrase">__audit_log_capset</span></a></span><span class="refpurpose"> — 52 store information about the arguments to the capset syscall 53 </span></dt><dt><span class="refentrytitle"><a href="API-audit-core-dumps.html"><span class="phrase">audit_core_dumps</span></a></span><span class="refpurpose"> — 54 record information about processes that end abnormally 55 </span></dt><dt><span class="refentrytitle"><a href="API-audit-rule-change.html"><span class="phrase">audit_rule_change</span></a></span><span class="refpurpose"> — 56 apply all rules to the specified message type 57 </span></dt><dt><span class="refentrytitle"><a href="API-audit-list-rules-send.html"><span class="phrase">audit_list_rules_send</span></a></span><span class="refpurpose"> — 58 list the audit rules 59 </span></dt><dt><span class="refentrytitle"><a href="API-parent-len.html"><span class="phrase">parent_len</span></a></span><span class="refpurpose"> — 60 find the length of the parent portion of a pathname 61 </span></dt><dt><span class="refentrytitle"><a href="API-audit-compare-dname-path.html"><span class="phrase">audit_compare_dname_path</span></a></span><span class="refpurpose"> — 62 compare given dentry name with last component in given path. Return of 0 indicates a match. 63 </span></dt></dl></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="API-securityfs-remove.html">Prev</a> </td><td width="20%" align="center"> </td><td width="40%" align="right"> <a accesskey="n" href="API-audit-log-start.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top"><span class="phrase">securityfs_remove</span> </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> <span class="phrase">audit_log_start</span></td></tr></table></div></body></html> 64