NAME¶

audit_log_start - obtain an audit buffer

SYNOPSIS¶

struct audit_buffer * audit_log_start(struct audit_context * ctx, gfp_t gfp_mask, int type);

ARGUMENTS¶

ctx

audit_context (may be NULL)

gfp_mask

type of allocation

type

audit message type

DESCRIPTION¶

Returns audit_buffer pointer on success or NULL on error.

Obtain an audit buffer. This routine does locking to obtain the audit buffer, but then no locking is required for calls to audit_log_*format. If the task (ctx) is a task that is currently in a syscall, then the syscall is marked as auditable and an audit record will be written at syscall exit. If there is no associated task, then task context (ctx) should be NULL.

COPYRIGHT¶

April 2019

Kernel Hackers Manual 4.9.

Source file:	audit_log_start.9.en.gz (from linux-manual-4.9 4.9.168-1)
Source last updated:	2019-04-12T13:52:49Z
Converted to HTML:	2019-06-03T08:15:40Z