table of contents
__AUDIT_LOG_BPRM_FCA(9) | Audit Interfaces | __AUDIT_LOG_BPRM_FCA(9) |
NAME¶
__audit_log_bprm_fcaps - store information about a loading bprm and relevant fcaps
SYNOPSIS¶
int __audit_log_bprm_fcaps(struct linux_binprm * bprm, const struct cred * new, const struct cred * old);
ARGUMENTS¶
bprm
pointer to the bprm being processed
new
the proposed new credentials
old
the old credentials
DESCRIPTION¶
Simply check if the proc already has the caps given by the file and if not store the priv escalation info for later auditing at the end of the syscall
-Eric
COPYRIGHT¶
May 2024 | Kernel Hackers Manual 2.6. |