table of contents
other versions
- wheezy 3.2.78-1
AUDIT_SYSCALL_EXIT(9) | Audit Interfaces | AUDIT_SYSCALL_EXIT(9) |
NAME¶
audit_syscall_exit - deallocate audit context after a system callSYNOPSIS¶
void
audit_syscall_exit(int valid,
long return_code);
ARGUMENTS¶
validsuccess/failure flag
return_code
syscall return value
DESCRIPTION¶
Tear down after system call. If the audit context has been marked as auditable (either because of the AUDIT_RECORD_CONTEXT state from filtering, or because some other part of the kernel write an audit message), then write out the syscall information. In call cases, free the names stored from getname.COPYRIGHT¶
March 2016 | Kernel Hackers Manual 3.2. |