__audit_inode_child(9)

July 19, 2007 - 1:23am

Submitted by Jeremy on July 19, 2007 - 1:23am.

INDEX

"__AUDIT_INODE_CHILD" "9" "July 2007" "Kernel Hackers Manual 2.6.22" "Audit Interfaces"

NAME

__audit_inode_child - collect inode info for created/removed objects

SYNOPSIS

"void __audit_inode_child(const char * " "dname" ", const struct inode * " "inode" ", const struct inode * " "parent" ");"

ARGUMENTS

dname
inode's dentry name
inode
inode being audited parent inode of dentry parent

DESCRIPTION

For syscalls that create or remove filesystem objects, audit_inode can only collect information for the filesystem object's parent. This call updates the audit context with the child's information. Syscalls that create a new filesystem object must be hooked after the object is created. Syscalls that remove a filesystem object must be hooked prior, in order to capture the target inode during unsuccessful attempts.

COPYRIGHT

Possibly related

raw nroff source of __audit_inode_child(9)

Navigation

Latest forum posts


Calling functions from system call	3 hours ago	Linux kernel
drivers for motherboard d101ggc	10 hours ago	Linux general
Tune CFS for htpc usage to decoding HD 1080p x264 video streams	21 hours ago	Linux kernel
How to write in kernel memory	23 hours ago	Linux kernel
linux_wrappers.c:306: error: unknown field ‘nopage’ specified in initializer	23 hours ago	Linux kernel
Packet Replay Check	1 day ago	FreeBSD
Cannot rdr from internal network to a squid proxy running on pf bridge firewall.	1 day ago	OpenBSD
Cannot compile kernel modules	1 day ago	Linux kernel
Intelligent enclosure (SES, SAF-TE) monitoring & configuration	3 days ago	Applications and Utilities
I/O operations	3 days ago	Linux kernel

Show all forums...

Recent Tags

more tags

Colocation donated by:

Online users

strcmp

Syndicate