NAME¶

audit_syscall_exit - deallocate audit context after a system call

SYNOPSIS¶

void audit_syscall_exit(int valid, long return_code);

ARGUMENTS¶

valid

success/failure flag

return_code

syscall return value

DESCRIPTION¶

Tear down after system call. If the audit context has been marked as auditable (either because of the AUDIT_RECORD_CONTEXT state from filtering, or because some other part of the kernel write an audit message), then write out the syscall information. In call cases, free the names stored from getname.

COPYRIGHT¶

March 2016

Kernel Hackers Manual 3.2.

Source file:	audit_syscall_exit.9.en.gz (from linux-manual-3.2 3.2.78-1)
Source last updated:	2016-03-07T03:22:33Z
Converted to HTML:	2017-06-07T16:54:03Z