NAME
setaudproc — controls process level auditing for the current process and its decendents
SYNOPSIS
#include <sys/audit.h>
int setaudproc(int aflag);
DESCRIPTION
setaudproc()
controls process level auditing
for the current process and its decendents.
It accomplishes this by setting or clearing the
u_audproc
flag in the
u
area of the calling process.
When this flag is set, the system audits the process;
when it is cleared, the process is not audited.
This call is restricted to super-users.
One of the following
aflags
must be used:
- AUD_PROC
Audit the calling process and its decendents.
- AUD_CLEAR
Do not audit the calling process and its decendents.
The
u_audproc
flag is inherited by the descendents of a process.
consequently, the effect of a call to
setaudproc()
is not limited to the current process,
but propagates to all its decendents as well.
For example, if
setaudproc()
is called with the
AUD_PROC
flag, all subsequent audited system calls in the current process
and its descendents
are audited until
setaudproc()
is called with the
AUD_CLEAR
flag.
Further,
setaudproc()
performs its action regardless of whether
the user executing the process
has been selected to be audited or not.
For example, if
setaudproc()
is called with the
AUD_PROC
(or the
AUD_CLEAR)
flag, all subsequent audited system calls will be audited
(or not audited), regardless of whether the user executing the process
has been selected for auditing or not.
Due to these features,
setaudproc()
should not be used in most self-auditing applications.
audswitch()
should be used (see
audswitch(2))
when the objective is to suspend auditing within a process
without affecting its decendents or overriding the user selection aspect
of the auditing system.
RETURN VALUE
Upon successful completion,
setaudproc()
returns 0; otherwise, it returns -1 and sets
errno
to indicate the error.
AUTHOR
setaudproc()
was developed by HP.