Initiates an audit record for a system call.
The audit_svcstart kernel service initiates auditing for a system call event. It dynamically allocates a buffer to contain event information. The arguments to the system call (which should be specified as parameters to this kernel service) are automatically added to the buffer, as is the internal number of the event. You can use the audit_svcbcopy service to add additional information that cannot be passed by value.
The system call commits this record with the audit_svcfinis kernel service. The system call should call the audit_svcfinis kernel service before calling another system call.
The audit_svcstart kernel service can be called from the process environment only.
Nonzero | Indicates that auditing is on for this routine. |
0 | Indicates that auditing is off for this routine. |
svccrash(int x, int y, int z) { static int eventnum; if (audit_svcstart("crashed", &eventnum, 2, x, y)) { audit_svcfinis(); } body of svccrash }
The preceding example allocates an audit event record buffer for the crashed event and copies the first and second arguments into it. The third argument is unnecessary and not copied.
This kernel service is part of Base Operating System (BOS) Runtime.
The audit_svcbcopy kernel service, audit_svcfinis kernel service.
Security Kernel Services in AIX Version 4.3 Kernel Extensions and Device Support Programming Concepts.