• Home
  • History
  • Annotate
  • Raw
  • Download
  • only in /freebsd-12-stable/sys/security/audit/

Lines Matching defs:event

57  * various forms) to probes.  The model is that each event type has two
58  * probes, which use the event's name to create the probe:
71  * probe activity with the event described in the record.  The latter gives
76  * To generate names for numeric event IDs, userspace will push the contents
96  *   event class names to match broader categories of events as specified in
99  * - If we pursue that last point, we will want to pass the name of the event
123  * audit event will be the "function" portion of the probe.  All dtaudit
124  * probes therefore take the form audit:event:<event name>:commit.
126 static char	*dtaudit_module_str = "event";
146  * Because looking up entries in the event-to-name mapping is quite expensive,
158  * Check dtaudit policy for the event to see whether this is an event we would
161  * on the individual event, but also a global flag indicating that at least
164  * If the event is selected, return an evname_elem reference to be stored in
169  * Currently, we take an interest only in the 'event' argument, but in the
171  * additional probe types (e.g., event clases).
177 dtaudit_preselect(au_id_t auid, au_event_t event, au_class_t class)
188 	ene = au_evnamemap_lookup(event);
193 	 * See if either of the two probes for the audit event are enabled.
217 dtaudit_commit(struct kaudit_record *kar, au_id_t auid, au_event_t event,
262 dtaudit_bsm(struct kaudit_record *kar, au_id_t auid, au_event_t event,
307 		/* Audit event name. */
341  * Callback from the event-to-name mapping code when performing
346  * XXXRW: How do we want to handle event rename / collision issues here --
347  * e.g., if userspace was using a name to point to one event number, and then
349  * skipping event numbers that are already registered, and likewise skipping
361 	 * in-kernel event-to-name mapping table must maintain event-name case
363 	 * here, away from the fast path, to use when exposing the event name
374 	 * Don't register a new probe if this event number already has an
375 	 * associated commit probe -- or if another event has already
404 	 * Don't register a new probe if this event number already has an
405 	 * associated bsm probe -- or if another event has already