Lines Matching refs:audit
0 /* audit.c -- Auditing support
2 * Gateway between the kernel (e.g., selinux) and the user-space audit daemon.
27 * b) Small when syscall auditing is enabled and no audit record
33 * 3) Ability to disable syscall auditing at boot time (audit=0).
41 * Example user-space utilities: http://people.redhat.com/sgrubb/audit/
53 #include <linux/audit.h>
62 #include "audit.h"
84 * If audit records are to be written to the netlink socket, audit_pid
91 /* If audit_rate_limit is non-zero, limit the rate of sending audit records
93 * audit records being dropped. */
101 /* The identity of the user shutting down the audit system. */
121 /* The audit_freelist is a list of pre-allocated audit buffers (if more
122 * than AUDIT_MAXFREE are in use, the audit buffer is freed instead of
139 * audit records. Since printk uses a 1024 byte buffer, this buffer
147 /* The audit_buffer is used when formatting an audit record. The caller
180 printk(KERN_ERR "audit: %s\n", message);
185 panic("audit: %s\n", message);
220 * audit_log_lost - conditionally log lost audit message event
221 * @message: the message stating reason for lost audit message
252 "audit: audit_lost=%d audit_rate_limit=%d "
361 * notification and stuff. This is just nice to get audit messages during
363 * This only holds messages is audit_default is set, aka booting with audit=1
377 * audit daemon, just send it to printk.
402 printk(KERN_ERR "audit: *NO* daemon at audit_pid=%d\n", audit_pid);
546 * audit_send_reply - send an audit reply message via netlink
549 * @type: audit message type
585 * Check for appropriate CAP_AUDIT_ capabilities on incoming audit
962 /* Initialize audit support at boot time. */
970 printk(KERN_INFO "audit: initializing netlink socket (%s)\n",
994 /* Process kernel command-line parameter at boot time. audit=0 or audit=1. */
1001 printk(KERN_INFO "audit: %s", audit_default ? "enabled" : "disabled");
1016 __setup("audit=", audit_enable);
1080 * audit_serial - compute a serial number for the audit record
1082 * Compute a serial number for the audit record. Audit records are
1084 * audit record may be written in several pieces. The timestamp of the
1086 * determine which pieces belong to the same audit record. The
1091 * audit context (for those records that have a context), and emit them
1122 /* Obtain an audit buffer. This routine does locking to obtain the
1123 * audit buffer, but then no locking is required for calls to
1125 * syscall, then the syscall is marked as auditable and an audit record
1130 * audit_log_start - obtain an audit buffer
1133 * @type: audit message type
1137 * Obtain an audit buffer. This routine does locking to obtain the
1138 * audit buffer, but then no locking is required for calls to
1140 * syscall, then the syscall is marked as auditable and an audit record
1185 "audit: audit_backlog=%d > "
1203 audit_log_format(ab, "audit(%lu.%03lu:%u): ",
1209 * audit_expand - expand skb in the audit buffer
1233 * Format an audit message into the audit buffer. If there isn't enough
1234 * room in the audit buffer, more room will be allocated and vsnprint
1276 * audit_log_format - format a message into the audit buffer.
1295 * audit_log_hex - convert a buffer to hex and append it to the audit skb
1338 * Format a string of no more than slen characters into the audit buffer,
1453 * audit_log_end - end one audit record
1457 * the audit buffer is placed on a queue and a tasklet is scheduled to
1483 * audit_log - Log an audit record
1484 * @ctx: audit context
1486 * @type: audit message type