Why two AUDIT_SYSCALL_EXIT in trustedbsd-audit3?
Yuan MailList
yuan.maillist at gmail.com
Fri Dec 23 07:01:05 GMT 2005
In the entrance and exit of syscall, there are two different functions in *
trap.c*:
* AUDIT_SYSCALL_ENTER(code, td);*
error = (*callp->sy_call)(td, args);
*AUDIT_SYSCALL_EXIT(error, td);*
It is noted that the exit function *AUDIT_SYSCALL_EXIT() *is also in syscall
*exit()*. Does this cause to two different audit records for syscall exit?
or exit() will not return to *trap.c*?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freebsd.org/pipermail/trustedbsd-audit/attachments/20051223/d4f25ed0/attachment.html
More information about the trustedbsd-audit
mailing list