Why two AUDIT_SYSCALL_EXIT in trustedbsd-audit3?

Yuan MailList yuan.maillist at gmail.com
Fri Dec 23 07:01:05 GMT 2005


In the entrance and exit of syscall, there are two different functions in *
trap.c*:

*  AUDIT_SYSCALL_ENTER(code, td);*
  error = (*callp->sy_call)(td, args);
  *AUDIT_SYSCALL_EXIT(error, td);*

It is noted that the exit function *AUDIT_SYSCALL_EXIT() *is also in syscall
*exit()*. Does this cause to two different audit records for syscall exit?
or exit() will not return to *trap.c*?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freebsd.org/pipermail/trustedbsd-audit/attachments/20051223/d4f25ed0/attachment.html


More information about the trustedbsd-audit mailing list