NAME
setaudproc() — controls process level auditing for the current process and its decendents
SYNOPSIS
#include <sys/audit.h>
int setaudproc(int aflag);
DESCRIPTION
setaudproc()
controls process level auditing
for the current process and its decendents.
It accomplishes this by setting or clearing the
u_audproc
flag in the
u
area of the calling process.
When this flag is set, the system audits the process;
when it is cleared, the process is not audited.
This call is restricted to users with the
SELFAUDIT
privilege.
One of the following flags must be used for
aflag:
- AUD_PROC
Audit the calling process and its decendents.
- AUD_CLEAR
Do not audit the calling process and its decendents.
The
u_audproc
flag is inherited by the descendents of a process.
consequently, the effect of a call to
setaudproc()
is not limited to the current process,
but propagates to all its decendents as well.
For example, if
setaudproc()
is called with the
AUD_PROC
flag, all subsequent audited system calls in the current process
and its descendents
are audited until
setaudproc()
is called with the
AUD_CLEAR
flag.
Further,
setaudproc()
performs its action regardless of whether
the user executing the process
has been selected to be audited or not.
For example, if
setaudproc()
is called with the
AUD_PROC
(or the
AUD_CLEAR)
flag, all subsequent audited system calls will be audited
(or not audited), regardless of whether the user executing the process
has been selected for auditing or not.
Due to these features,
setaudproc()
should not be used in most self-auditing applications.
audswitch()
should be used (see
audswitch(2))
when the objective is to suspend auditing within a process
without affecting its decendents or overriding the user selection aspect
of the auditing system.
Security Restrictions
Some or all of the actions associated with this system call require the
SELFAUDIT
privilege.
Processes owned by the superuser have this privilege.
Processes owned by other users may have this privilege, depending on system
configuration.
See
privileges(5)
for more information about privileged access on systems that support
fine-grained privileges.
RETURN VALUE
Upon successful completion,
setaudproc()
returns 0; otherwise, it returns -1 and sets
errno
to indicate the error.
AUTHOR
setaudproc()
was developed by HP.