<?xml version="1.0" encoding="ANSI_X3.4-1968" standalone="no"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=ANSI_X3.4-1968" /><title>Chapter 12. Audit Interfaces</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1" /><link rel="home" href="index.html" title="The Linux Kernel API" /><link rel="up" href="index.html" title="The Linux Kernel API" /><link rel="prev" href="API-securityfs-remove.html" title="securityfs_remove" /><link rel="next" href="API-audit-log-start.html" title="audit_log_start" /></head><body><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 12. Audit Interfaces</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="API-securityfs-remove.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="API-audit-log-start.html">Next</a></td></tr></table><hr /></div><div class="chapter"><div class="titlepage"><div><div><h1 class="title"><a id="audit"></a>Chapter 12. Audit Interfaces</h1></div></div></div><div class="toc"><p><strong>Table of Contents</strong></p><dl class="toc"><dt><span class="refentrytitle"><a href="API-audit-log-start.html"><span class="phrase">audit_log_start</span></a></span><span class="refpurpose"> — obtain an audit buffer </span></dt><dt><span class="refentrytitle"><a href="API-audit-log-format.html"><span class="phrase">audit_log_format</span></a></span><span class="refpurpose"> — format a message into the audit buffer. </span></dt><dt><span class="refentrytitle"><a href="API-audit-log-end.html"><span class="phrase">audit_log_end</span></a></span><span class="refpurpose"> — end one audit record </span></dt><dt><span class="refentrytitle"><a href="API-audit-log.html"><span class="phrase">audit_log</span></a></span><span class="refpurpose"> — Log an audit record </span></dt><dt><span class="refentrytitle"><a href="API-audit-log-secctx.html"><span class="phrase">audit_log_secctx</span></a></span><span class="refpurpose"> — Converts and logs SELinux context </span></dt><dt><span class="refentrytitle"><a href="API-audit-alloc.html"><span class="phrase">audit_alloc</span></a></span><span class="refpurpose"> — allocate an audit context block for a task </span></dt><dt><span class="refentrytitle"><a href="API---audit-free.html"><span class="phrase">__audit_free</span></a></span><span class="refpurpose"> — free a per-task audit context </span></dt><dt><span class="refentrytitle"><a href="API---audit-syscall-entry.html"><span class="phrase">__audit_syscall_entry</span></a></span><span class="refpurpose"> — fill in an audit record at syscall entry </span></dt><dt><span class="refentrytitle"><a href="API---audit-syscall-exit.html"><span class="phrase">__audit_syscall_exit</span></a></span><span class="refpurpose"> — deallocate audit context after a system call </span></dt><dt><span class="refentrytitle"><a href="API---audit-reusename.html"><span class="phrase">__audit_reusename</span></a></span><span class="refpurpose"> — fill out filename with info from existing entry </span></dt><dt><span class="refentrytitle"><a href="API---audit-getname.html"><span class="phrase">__audit_getname</span></a></span><span class="refpurpose"> — add a name to the list </span></dt><dt><span class="refentrytitle"><a href="API---audit-inode.html"><span class="phrase">__audit_inode</span></a></span><span class="refpurpose"> — store the inode and device from a lookup </span></dt><dt><span class="refentrytitle"><a href="API-auditsc-get-stamp.html"><span class="phrase">auditsc_get_stamp</span></a></span><span class="refpurpose"> — get local copies of audit_context values </span></dt><dt><span class="refentrytitle"><a href="API-audit-set-loginuid.html"><span class="phrase">audit_set_loginuid</span></a></span><span class="refpurpose"> — set current task's audit_context loginuid </span></dt><dt><span class="refentrytitle"><a href="API---audit-mq-open.html"><span class="phrase">__audit_mq_open</span></a></span><span class="refpurpose"> — record audit data for a POSIX MQ open </span></dt><dt><span class="refentrytitle"><a href="API---audit-mq-sendrecv.html"><span class="phrase">__audit_mq_sendrecv</span></a></span><span class="refpurpose"> — record audit data for a POSIX MQ timed send/receive </span></dt><dt><span class="refentrytitle"><a href="API---audit-mq-notify.html"><span class="phrase">__audit_mq_notify</span></a></span><span class="refpurpose"> — record audit data for a POSIX MQ notify </span></dt><dt><span class="refentrytitle"><a href="API---audit-mq-getsetattr.html"><span class="phrase">__audit_mq_getsetattr</span></a></span><span class="refpurpose"> — record audit data for a POSIX MQ get/set attribute </span></dt><dt><span class="refentrytitle"><a href="API---audit-ipc-obj.html"><span class="phrase">__audit_ipc_obj</span></a></span><span class="refpurpose"> — record audit data for ipc object </span></dt><dt><span class="refentrytitle"><a href="API---audit-ipc-set-perm.html"><span class="phrase">__audit_ipc_set_perm</span></a></span><span class="refpurpose"> — record audit data for new ipc permissions </span></dt><dt><span class="refentrytitle"><a href="API---audit-socketcall.html"><span class="phrase">__audit_socketcall</span></a></span><span class="refpurpose"> — record audit data for sys_socketcall </span></dt><dt><span class="refentrytitle"><a href="API---audit-fd-pair.html"><span class="phrase">__audit_fd_pair</span></a></span><span class="refpurpose"> — record audit data for pipe and socketpair </span></dt><dt><span class="refentrytitle"><a href="API---audit-sockaddr.html"><span class="phrase">__audit_sockaddr</span></a></span><span class="refpurpose"> — record audit data for sys_bind, sys_connect, sys_sendto </span></dt><dt><span class="refentrytitle"><a href="API---audit-signal-info.html"><span class="phrase">__audit_signal_info</span></a></span><span class="refpurpose"> — record signal info for shutting down audit subsystem </span></dt><dt><span class="refentrytitle"><a href="API---audit-log-bprm-fcaps.html"><span class="phrase">__audit_log_bprm_fcaps</span></a></span><span class="refpurpose"> — store information about a loading bprm and relevant fcaps </span></dt><dt><span class="refentrytitle"><a href="API---audit-log-capset.html"><span class="phrase">__audit_log_capset</span></a></span><span class="refpurpose"> — store information about the arguments to the capset syscall </span></dt><dt><span class="refentrytitle"><a href="API-audit-core-dumps.html"><span class="phrase">audit_core_dumps</span></a></span><span class="refpurpose"> — record information about processes that end abnormally </span></dt><dt><span class="refentrytitle"><a href="API-audit-receive-filter.html"><span class="phrase">audit_receive_filter</span></a></span><span class="refpurpose"> — apply all rules to the specified message type </span></dt><dt><span class="refentrytitle"><a href="API-parent-len.html"><span class="phrase">parent_len</span></a></span><span class="refpurpose"> — find the length of the parent portion of a pathname </span></dt><dt><span class="refentrytitle"><a href="API-audit-compare-dname-path.html"><span class="phrase">audit_compare_dname_path</span></a></span><span class="refpurpose"> — compare given dentry name with last component in given path. Return of 0 indicates a match. </span></dt></dl></div></div><div class="navfooter"><hr /><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="API-securityfs-remove.html">Prev</a> </td><td width="20%" align="center"> </td><td width="40%" align="right"> <a accesskey="n" href="API-audit-log-start.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top"><span class="phrase">securityfs_remove</span> </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> <span class="phrase">audit_log_start</span></td></tr></table></div></body></html>