Kernel-Level Generated Audit Records
These audit records are created by system calls which are used by the kernel. The records are sorted alphabetically by system call. The description of each record includes:
-
The name of the system call
-
A man page reference (if appropriate)
-
The audit event number
-
The audit event name
-
The audit event class
-
The mask for the event class
-
The audit record structure
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_ACCESS |
14 |
fa |
0x00000004 |
|
Format: header-token path-token[attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–6 acct(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_ACCT |
18 |
as |
0x00020000 |
|
Format (zero path): header-token argument-token (1, "accounting off", 0) [priv-token] (if privilege used or required) subject-token return-token Format (non-zero path): header-token path-token [attr-token] subject-token return-token |
|||
Table B–7 adjtime(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_ADJTIME |
50 |
as |
0x00000800 |
|
Format: header-token [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–8 audit(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_AUDIT |
211 |
no |
0x00000000 |
|
Format: header-token [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–9 auditon(2) — get current active root
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_AUDITON_GETCAR |
224 |
aa |
0x00040000 |
|
Format: header-token [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–10 auditon(2) — get event class
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_AUDITON_GETCLASS |
231 |
aa |
0x00040000 |
|
Format: header-token [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–11 auditon(2) — get audit state
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_AUDITON_GETCOND |
229 |
aa |
0x00040000 |
|
Format: header-token [priv-token] (if privilege used or required) subject-token return-token
|
|||
Table B–12 auditon(2) — get current working directory
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_AUDITON_GETCWD |
223 |
aa |
0x00040000 |
|
Format: header-token [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–13 auditon(2) — get kernel mask
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_AUDITON_GETKMASK |
221 |
aa |
0x00040000 |
|
Format: header-token [priv-token] (if privilege used or required) subject-token return-token
|
|||
Table B–14 auditon(2) — get audit statistics
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_AUDITON_GETSTAT |
225 |
aa |
0x00040000 |
|
Format: header-token [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–15 auditon(2) — GETPOLICY command
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_AUDITON_GPOLICY |
114 |
aa |
0x00040000 |
|
Format: header-token [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–16 auditon(2) — get audit queue control parameters
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_AUDITON_GQCTRL |
145 |
aa |
0x00040000 |
|
Format: header-token [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–17 auditon(2) — set event class
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_AUDITON_SETCLASS |
232 |
aa |
0x00040000 |
|
Format: header-token [argument-token] (2, "setclass:ec_event", event number) [argument-token] (3, "setclass:ec_class", class mask) [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–18 auditon(2) — set audit state
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_AUDITON_SETCOND |
230 |
aa |
0x00040000 |
|
Format: header-token [argument-token] (3, "setcond", audit state) [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–19 auditon(2) — set kernel mask
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_AUDITON_SETKMASK |
222 |
aa |
0x00040000 |
|
Format: header-token [argument-token] (2, "setkmask:as_success", kernel mask) [argument-token] (2, "setkmask:as_failure", kernel mask) [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–20 auditon(2) — set mask per session ID
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_AUDITON_SETSMASK |
228 |
aa |
0x00040000 |
|
Format: header-token [argument-token] (3, "setsmask:as_success", session ID mask) [argument-token] (3, "setsmask:as_failure", session ID mask) [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–21 auditon(2) — reset audit statistics
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_AUDITON_SETSTAT |
226 |
aa |
0x00040000 |
|
Format: header-token [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–22 auditon(2) — set mask per uid
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_AUDITON_SETUMASK |
227 |
aa |
0x00040000 |
|
Format: header-token [argument-token] (3, "setumask:as_success", audit ID mask) [argument-token] (3, "setumask:as_failure", audit ID mask) [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–23 auditon(2) — SETPOLICY command
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_AUDITON_SPOLICY |
147 |
aa |
0x00040000 |
|
Format: header-token [argument-token] (1, "policy", audit policy flags) [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–24 auditon(2) — set audit queue control parameters
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_AUDITON_SQCTRL |
146 |
aa |
0x00040000 |
|
Format: header-token [argument-token] (3,"setqctrl:aq_hiwater",queue control param.) [argument-token] (3,"setqctrl:aq_lowater",queue control param.) [argument-token] (3,"setqctrl:aq_bufsz",queue control param.) [argument-token] (3,"setqctrl:aq_delay",queue control param.) [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–25 auditpsa(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_AUDITPSA |
529 |
aa |
0x00040000 |
|
Format (valid file descriptor): header-token argument-token (1, "op", state) in_addr-token [priv-token] (if privilege used or required) subject-token slabel-token return-token |
|||
Table B–26 auditstat(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_AUDITSTAT |
150 |
aa |
0x00040000 |
|
Format: header-token [argument-token] [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–27 auditsvc(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_AUDITSVC |
136 |
aa |
0x00040000 |
|
Format (valid file descriptor): header-token [path-token] [attr-token] [priv-token] (if privilege used or required) subject-token return-token Format (invalid file descriptor): header-token argument-token (1, "no path: fd", file descriptor) [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–28 chdir(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_CHDIR |
8 |
pm |
0x00200000 |
|
Format: header-token path-token [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–29 chmod(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_CHMOD |
10 |
fm |
0x00000008 |
|
Format: header-token argument-token (2, "new file mode", mode) path-token [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–30 chown(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_CHOWN |
11 |
fm |
0x00000008 |
|
Format: header-token argument-token (2, "new file uid", uid) argument-token (3, "new file gid", gid) path-token [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–31 chroot(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_CHROOT |
24 |
pm |
0x00200000 |
|
Format: header-token path-token [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–32 chstate(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_CHSTATE |
538 |
as |
0x00000800 |
|
Format: header-token [priv-token] (if privilege used or required) subject-token slabel-token return-token |
|||
Table B–33 clock_settime(3R)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_CLOCK_SETTIME |
513 |
as |
0x00000800 |
|
Format: header-token slabel-token return-token |
|||
Table B–34 close(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_CLOSE |
112 |
cl |
0x00000040 |
|
Format: <file system object> header-token argument-token (1, "fd", file descriptor) [path-token] [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token Also for files closed on process termination. The argument-token is only present with the close() system call. It may be removed in future releases. The path-token is present only with valid file descriptors. |
|||
Table B–35 creat(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_CREAT |
4 |
fc |
0x00000010 |
|
Format header-token path-token [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–36 devpolicy(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_DRVPOLICY |
531 |
as |
0x00000800 |
|
Format: header-token [priv-token] (if privilege used or required) subject-token slabel-token return-token |
|||
Table B–37 enter prom, exit prom
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_ENTERPROM |
153 |
na |
0x00000400 |
|
AUE_EXITPROM |
154 |
na |
0x00000400 |
|
Format: header-token text-token (addr, "monitor PROM"|"kadb") [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–38 exec(2), execve(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_EXEC |
7 |
ps |
0x00100000 |
|
AUE_EXECVE |
23 |
ps |
0x00100000 |
|
Format: header-token path-token [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–39 exit(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_EXIT |
1 |
pm |
0x00200000 |
|
Format: header-token [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–40 fauditpsa(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_FAUDITPSA |
530 |
aa |
0x00040000 |
|
Format: header-token [priv-token] (if privilege used or required) subject-token slabel-token return-token |
|||
Table B–41 fchdir(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_FCHDIR |
68 |
pc |
0x00300000 |
|
Format: header-token [path-token] [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–42 fchmod(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_FCHMOD |
39 |
fm |
0x00000008 |
|
Format (valid file descriptor): header-token argument-token (2, "new file mode", mode) [path-token] [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token Format (invalid file descriptor): header-token argument-token (2, "new file mode", mode) argument-token (1, "no path: fd", file descriptor) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–43 fchown(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_FCHOWN |
38 |
fm |
0x00000008 |
|
Format (valid file descriptor): header-token argument-token (2, "new file uid", uid) argument-token (3, "new file gid", gid) [path-token] [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token Format (non-file descriptor): header-token argument-token (2, "new file uid", uid) argument-token (3, "new file gid", gid) argument-token (1, "no path: fd", file descriptor) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–44 fchroot(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_FCHROOT |
69 |
pm |
0x00200000 |
|
Format: header-token [path-token] [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–45 fcntl(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_FCNTL (cmd=F_GETLK, F_SETLK,F_SETLKW) |
30 |
fn |
0x40000000 |
|
Format (file descriptor): header-token argument-token (2, "cmd", cmd) path-token attr-token [priv-token] (if privilege used or required) subject-token return-token Format (bad file descriptor): header-token argument-token (2, "cmd", cmd) argument-token (1, "no path: fd", file descriptor) [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–46 fgetsldname(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_FGETSLDNAME |
532 |
fc |
0x00000010 |
|
Format: header-token [priv-token] (if privilege used or required) subject-token slabel-token return-token |
|||
Table B–47 fork(2), fork1(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_FORK |
2 |
ps |
0x00100000 |
|
AUE_FORK1 |
241 |
ps |
0x00100000 |
|
Format: header-token [argument-token] (0, "child PID", pid) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token The fork() and fork1() return values are undefined since each audit record is produced at the point that the child process is spawned. |
|||
Table B–48 fsetcmwlabel(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_FSETCMWLABEL |
544 |
fm |
0x00000008 |
|
Format: header-token argument-token (3, “flag”, which parts of label to set) [slabel-token] (if slabel is being set) path-token [attr-token] [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–49 fsetfattrflag(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_FSETFATTRFLAG |
523 |
fm |
0x00000008 |
|
Format: header-token argument-token (2, "which", which flags to set) argument-token (3, "attrs", flag values) path-token [attr-token] [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token |
|||
Table B–50 fstatfs(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_FSTATFS |
55 |
fa |
0x00000004 |
|
Format (file descriptor): header-token [path-token] [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token Format (non-file descriptor): header-token argument-token (1, "no path: fd", file descriptor) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–51 getaudit(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_GETAUDIT |
132 |
aa |
0x00040000 |
|
Format: header-token [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–52 getaudit_addr(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_GETAUDIT_ADDR |
267 |
aa |
0x00000800 |
|
Format: header-token subject-token return-token |
|||
Table B–53 getauid(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_GETAUID |
130 |
aa |
0x00040000 |
|
Format: header-token [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–54 getcmwfsrange(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_GETCMWFSRANGE |
545 |
fa |
0x00000004 |
|
Format: header-token path-token [attr-token] [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token |
|||
Table B–55 getcmwlabel(2), fgetcmwlabel(2), lgetcmwlabel(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_GETCMWLABEL |
546 |
fa |
0x00000004 |
|
AUE_FGETCMWLABEL |
118 |
fa |
0x00000004 |
|
AUE_LGETCMWLABEL |
548 |
fa |
0x00000004 |
|
Format: header-token path-token [attr-token] [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token |
|||
Table B–56 getdents(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_GETDENTS |
193 |
no |
0x00000000 |
|
Format: header-token path-token [attr-token] [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–57 getfpriv(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_GETFILEPRIV |
547 |
fa |
0x00000004 |
|
Format: header-token path-token [attr-token] [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token |
|||
Table B–58 getmldadorn(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_GETMLDADORN |
554 |
fa |
0x00000004 |
|
Format: header-token path-token [attr-token] [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token |
|||
Table B–59 getmsg(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_GETMSG |
217 |
nt |
0x00000100 |
|
Format: header-token argument-token (1, "fd", file descriptor) argument-token (4, "pri", priority) [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–60 getmsg(2) — accept, receive
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SOCKACCEPT |
247 |
nt |
0x00000100 |
|
AUE_SOCKRECEIVE |
250 |
nt |
0x00000100 |
|
Format: header-token socket-inet-token argument-token (1, "fd", file descriptor) argument-token (4, "pri", priority) [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–61 getmsgqcmwlabel(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_GETMSGQCMWLABEL |
514 |
ip |
0x00000200 |
|
Format: header-token argument-token (1, "msg ID", message ID) [argument-token] [ipc_perm-token] (of the IPC) [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token The ipc, ipc_perm, and the slabel of the ipc tokens are not included if the msg ID is invalid. |
|||
Table B–62 getpmsg(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_GETPMSG |
219 |
nt |
0x00000100 |
|
Format: header-token argument-token (1, "fd", file descriptor) [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–63 getportaudit(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_GETPORTAUDIT |
149 |
aa |
0x00040000 |
|
Format: header-token [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–64 getsemcmwlabel(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_GETSEMCMWLABEL |
515 |
ip |
0x00000200 |
|
Format: header-token argument-token (1, "sem ID", semaphore ID) [argument-token] [ipc_perm-token] (of the IPC) [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token The ipc, ipc_perm, and the slabel of the ipc tokens are not included if the sem ID is invalid. |
|||
Table B–65 getshmcmwlabel(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_GETSHMCMWLABEL |
516 |
ip |
0x00000200 |
|
Format: header-token argument-token (1, "shm ID", semaphore ID) [argument-token] [ipc_perm-token] (of the IPC) [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token The ipc, ipc_perm, and the slabel of the ipc tokens are not included if the shm ID is invalid. |
|||
Table B–66 getsldname(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_GETSLDNAME |
555 |
fa |
0x00000004 |
|
Format: header-token path-token [attr-token] [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token |
|||
Table B–67 ioctl(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_IOCTL |
158 |
io |
0x20000000 |
|
Format (good file descriptor): header-token path-token [attr-token] argument-token (2, "cmd" ioctl cmd) argument-token (3, "arg" ioctl arg) [priv-token] (if privilege used or required) subject-token return-token Format (socket): header-token [socket-token] argument-token (2, "cmd" ioctl cmd) argument-token (3, "arg" ioctl arg) [priv-token] (if privilege used or required) subject-token return-token Format (non-file file descriptor): header-token argument-token (1, "fd", file descriptor) argument-token (2, "cmd" ioctl cmd) argument-token (3, "arg" ioctl arg) [priv-token] (if privilege used or required) subject-token return-token Format (bad file name): header-token argument-token (1, "no path: fd", file descriptor) argument-token (2, "cmd" ioctl cmd) argument-token (3, "arg" ioctl arg) [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–68 kill(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_KILL |
15 |
pm |
0x00200000 |
|
Format (valid process): header-token argument-token (2, "signal", signo) [process-token] [slabel-token] (process) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token Format (zero or negative process): header-token argument-token (2, "signal", signo) argument-token (1, "process", pid) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–69 lchown(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_LCHOWN |
237 |
fm |
0x00000008 |
|
Format: header-token argument-token (2, "new file uid", uid) argument-token (3, "new file gid", gid) path-token [attr-token] [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–70 link(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_LINK |
5 |
fc |
0x00000010 |
|
Format: header-token path-token (from path) [attr-token] (from path) [slabel-token] (from path) path-token (to path) [attr-token] (to path) [slabel-token] (to path) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–71 lstat(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_LSTAT |
17 |
fa |
0x00000004 |
|
Format: header-token path-token [attr-token] [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–72 lxstat(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_LXSTAT |
236 |
fa |
0x00000004 |
|
Format: header-token path-token [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–73 memcntl(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_MEMCNTL |
238 |
ot |
0x80000000 |
|
Format: header-token argument-token (1, "base", base address) argument-token (2, "len", length) argument-token (3, "cmd", command) argument-token (4, "arg", command args) argument-token (5, "attr", command attributes) argument-token (6, "mask", 0) [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–74 mkdir(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_MKDIR |
47 |
fc |
0x00000010 |
|
Format: header-token argument-token (2, "mode", mode) path-token [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–75 mknod(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_MKNOD |
9 |
fc |
0x00000010 |
|
Format: header-token argument-token (2, "mode", mode) argument-token (3, "dev", dev) path-token [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–76 mldsetfattrflag(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_MLDSETFATTRFLAG |
524 |
fm |
0x00000008 |
|
Format: header-token argument-token (2, “which”, which flags to set) argument-token (3, “attrs”, flag values) [priv-token] (if privilege used or required) subject-token slabel-token return-token |
|||
Table B–77 mmap(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_MMAP |
210 |
no |
0x00000000 |
|
Format (valid file descriptor): header-token argument-token (1, "addr", segment address) argument-token (2, "len", segment length) [path-token] [attr-token] [priv-token] (if privilege used or required) subject-token return-token Format (invalid file descriptor): header-token argument-token (1, "addr", segment address) argument-token (2, "len", segment length) argument-token (1, "no path: fd", file descriptor) [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–78 modctl(2) — bind module
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_MODADDMAJ |
246 |
as |
0x00000800 |
|
Format: header-token [text-token] (driver major number) [text-token] (driver name) text-token (root dir.|"no rootdir") text-token (driver major number|"no drvname") argument-token (5, "", number of aliases) (0..n)[text-token] (aliases) [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–79 modctl(2) — configure module
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_MODCONFIG |
245 |
as |
0x00000800 |
|
Format: header-token text-token (root dir.|"no rootdir") text-token (driver major number|"no drvname") [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–80 modctl(2) — load module
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_MODLOAD |
243 |
as |
0x00020000 |
|
Format: header-token [text-token] (default path) text-token (filename path) [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–81 modctl(2) — unload module
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_MODUNLOAD |
244 |
as |
0x00020000 |
|
Format: header-token argument-token (1, "id", module ID) [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–82 mount(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_MOUNT |
62 |
ao |
0x00080000 |
|
Format (UNIX file system): header-token argument-token (3, "flags", flags) text-token (filesystem type) path-token [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token Format (NFS file system): header-token argument-token (3, "flags", flags) text-token (filesystem type) text-token (host name) argument-token (3, "internal flags", flags) path-token [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–83 msgctl(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_MSGCTL |
84 |
ip |
0x00000200 |
|
Format: header-token argument-token (1, "msg ID", message ID) [ipc-token] subject-token return-token The ipc and ipc_perm tokens are not included if the msg ID is not valid. |
|||
Table B–84 msgctl(2) — IPC_RMID command
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_MSGCTL_RMID |
85 |
ip |
0x00000200 |
|
Format: header-token argument-token (1, "msg ID", message ID) [argument-token] [ipc_perm-token] [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token The ipc, ipc_perm, and the slabel of the ipc tokens are not included if the msg ID is invalid. |
|||
Table B–85 msgctl(2) — IPC_SET command
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_MSGCTL_SET |
86 |
ip |
0x00000200 |
|
Format: header-token argument-token (1, "msg ID", message ID) [argument-token] [ipc_perm-token] (of the IPC's old values) [slabel-token] [ipc_perm-token] (of the IPC's new values) [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token subject-token return-token The ipc, ipc_perm, and the slabel of the ipc tokens are not included if the msg ID is invalid. |
|||
Table B–86 msgctl(2) — IPC_STAT command
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_MSGCTL_STAT |
87 |
ip |
0x00000200 |
|
Format: header-token argument-token (1, "msg ID", message ID) [argument-token] [ipc_perm-token] (of the IPC) [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token The ipc, ipc_perm, and the slabel of the ipc tokens are not included if the msg ID is invalid. |
|||
Table B–87 msgget(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_MSGGET |
88 |
ip |
0x00000200 |
|
Format: header-token argument-token (1, "msg key", message key) argument-token (2, "msg flag", message flags) [ipc_perm-token] (of the IPC object) [slabel-token] [argument-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token The ipc, ipc_perm, and the slabel of the ipc tokens are not included if the msg ID is invalid. |
|||
Table B–88 msggetl(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_MSGGETL |
174 |
ip |
0x00000200 |
|
Format: header-token argument-token (1, "msg key", message key) argument-token (2, "msg flag", message flags) slabel-token (desired SL) [ipc_perm-token] (of the IPC object) [slabel-token] [argument-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token The ipc, ipc_perm, and the slabel of the ipc tokens are not included if the msg ID is invalid. |
|||
Table B–89 msgrcv(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_MSGRCV |
89 |
ip |
0x00000200 |
|
AUE_MSGRCVL |
175 |
ip |
0x00000200 |
|
Format: header-token argument-token (1, "msg ID", message ID) [argument-token] [ipc_perm-token] [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token The ipc, ipc_perm, and the slabel of the ipc tokens are not included if the msg ID is invalid. |
|||
Table B–90 msgsnd(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_MSGSND |
90 |
ip |
0x00000200 |
|
Format: header-token argument-token (1, "msg ID", message ID) [argument-token] [ipc_perm-token] (of the IPC's new values) [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token The ipc, ipc_perm, and the slabel of the ipc tokens are not included if the msg ID is invalid. |
|||
Table B–91 munmap(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_MUNMAP |
214 |
cl |
0x00000040 |
|
Format: header-token argument-token (1, "addr", address of memory) argument-token (2, "len", memory segment size) [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–92 old nice(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_NICE |
203 |
pc |
0x00300000 |
|
Format: header-token [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–93 open(2) — read
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_OPEN_R |
72 |
fr |
0x00000001 |
|
Format: header-token path-token [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–94 open(2) — read,creat
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_OPEN_RC |
73 |
fc,fr |
0x00000011 |
|
Format: header-token path-token [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–95 open(2) — read,trunc,creat
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_OPEN_RTC |
75 |
fc,fd,fr |
0x00000031 |
|
Format: header-token path-token [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–96 open(2) — read,trunc
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_OPEN_RT |
74 |
fd,fr |
0x00000021 |
|
Format: header-token path-token [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–97 open(2) — read,write
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_OPEN_RW |
80 |
fr,fw |
0x00000003 |
|
Format: header-token path-token [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–98 open(2) — read,write,creat
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_OPEN_RWC |
81 |
fr,fw,fc |
0x00000013 |
|
Format: header-token path-token [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–99 open(2) — read,write,trunc,creat
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_OPEN_RWTC |
83 |
fr,fw,fc,fd |
0x00000033 |
|
Format: header-token path-token [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–100 open(2) — read,write,trunc
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_OPEN_RWT |
82 |
fr,fw,fd |
0x00000023 |
|
Format: header-token path-token [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–101 open(2) — write
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_OPEN_W |
76 |
fw |
0x00000002 |
|
Format: header-token path-token [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–102 open(2) — write,creat
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_OPEN_WC |
77 |
fw,fc |
0x00000012 |
|
Format: header-token path-token [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–103 open(2) — write,trunc,creat
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_OPEN_WTC |
79 |
fw,fc,fd |
0x00000032 |
|
Format: header-token path-token [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–104 open(2) — write,trunc
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_OPEN_WT |
78 |
fw,fd |
0x00000022 |
|
Format: header-token path-token [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–105 pathconf(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_PATHCONF |
71 |
fa |
0x00000004 |
|
Format: header-token path-token [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–106 pipe(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_PIPE |
185 |
no |
0x00000000 |
|
Format: header-token [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–107 preadl(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_PREADL |
527 |
no |
0x00000000 |
|
Format: header-token path-token [attr-token] [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token |
|||
Table B–108 priocntl(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_PRIOCNTLSYS |
212 |
pm |
0x00200000 |
|
Format: header-token argument-token(1, "pc_version", priocntl version num.) argument-token (3,"cmd", command) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–109 processor_bind(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_PROCESSOR_BIND |
263 |
ao |
0x00080000 |
|
Format: header-token slabel-token return-token |
|||
Table B–110 privilege enable
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_PRIVENABLE |
533 |
as |
0x00020000 |
|
Format: header-token [priv-token] (if privilege used or required) subject-token slabel-token return-token |
|||
Table B–111 process dumped core
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_CORE |
111 |
fc |
0x0000010 |
|
Format: header-token path-token [attr-token] argument-token (1, "signal", signal) [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–112 putmsg(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_PUTMSG |
216 |
nt |
0x00000100 |
|
Format: header-token argument-token (1, "fd", file descriptor) argument-token (4, "pri", priority) [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–113 putmsg(2) - connect, send
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SOCKCONNECT |
248 |
nt |
0x00000100 |
|
AUE_SOCKSEND |
249 |
nt |
0x00000100 |
|
Format: header-token socket-inet-token argument-token (1, "fd", file descriptor) argument-token (4, "pri", priority) [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–114 putpmsg(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_PUTPMSG |
218 |
nt |
0x00000100 |
|
Format: header-token argument-token (1, "fd", file descriptor) [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–115 quotactl(7I)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_QUOTACTL |
60 |
ao |
0x00080000 |
|
Format: header-token subject-token return-token |
|||
Table B–116 read(2), readl(2), readvl(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_READ |
192 |
no |
0x00000000 |
|
AUE_READL |
558 |
|
|
|
AUE_READVL |
559 |
|
|
|
Format: header-token path-token) [attr-token] [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token |
|||
Table B–117 readlink(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_READLINK |
22 |
fr |
0x00000001 |
|
Format: header-token path-token [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–118 recvmsg(3SOCKET)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_RECVMSG |
190 |
nt |
0x00000100 |
|
Format: header-token sock-inet-token argument-token (3, "flags", message flags) sock-inet-token (from address) subject-token return-token The sock_inet token for a bad socket is reported as: argument-token (1, "fd", socket descriptor) |
|||
Table B–119 rename(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_RENAME |
42 |
fc,fd |
0x00000030 |
|
Format: header-token path-token (from name) [attr-token] (from name) [slabel-token] (from name) [path-token] (to name) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–120 rmdir(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_RMDIR |
48 |
fd |
0x00000020 |
|
Format: header-token path-token [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–121 semctl(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SEMCTL |
98 |
ip |
0x00000200 |
|
Format: header-token argument-token (1, "sem ID", semaphore ID) [ipc-token] subject-token return-token The ipc and ipc_perm tokens are not included if the semaphore ID is not valid. |
|||
Table B–122 semctl(2) — getall
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SEMCTL_GETALL |
105 |
ip |
0x00000200 |
|
Format: header-token argument-token (1, "sem ID", semaphore ID) [argument-token] [ipc_perm-token] [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token The ipc, ipc_perm, and the slabel of the ipc tokens are not included if the semaphore ID is invalid. |
|||
Table B–123 semctl(2) — GETNCNT command
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SEMCTL_GETNCNT |
102 |
ip |
0x00000200 |
|
Format: header-token argument-token (1, "sem ID", semaphore ID) [argument-token] [ipc_perm-token] [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token The ipc, ipc_perm, and the slabel of the ipc tokens are not included if the semaphore ID is invalid. |
|||
Table B–124 semctl(2) — GETPID command
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SEMCTL_GETPID |
103 |
ip |
0x00000200 |
|
Format: header-token argument-token (1, "sem ID", semaphore ID) [argument-token] [ipc_perm-token] [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token The ipc, ipc_perm, and the slabel of the ipc tokens are not included if the semaphore ID is invalid. |
|||
Table B–125 semctl(2) — GETVAL command
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SEMCTL_GETVAL |
104 |
ip |
0x00000200 |
|
Format: header-token argument-token (1, "sem ID", semaphore ID) [argument-token] [ipc_perm-token] [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token The ipc, ipc_perm, and the slabel of the ipc tokens are not included if the semaphore ID is invalid. |
|||
Table B–126 semctl(2) — GETZCNT command
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SEMCTL_GETZCNT |
106 |
ip |
0x00000200 |
|
Format: header-token argument-token (1, "sem ID", semaphore ID) [argument-token] [ipc_perm-token] [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token The ipc, ipc_perm, and the slabel of the ipc tokens are not included if the semaphore ID is invalid. |
|||
Table B–127 semctl(2) — IPC_RMID command
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SEMCTL_RMID |
99 |
ip |
0x00000200 |
|
Format: header-token argument-token (1, "sem ID", semaphore ID) [argument-token] [ipc_perm-token] [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token The ipc, ipc_perm, and the slabel of the ipc tokens are not included if the semaphore ID is invalid. |
|||
Table B–128 semctl(2) — IPC_SET command
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SEMCTL_SET |
100 |
ip |
0x00000200 |
|
Format: header-token argument-token (1, "sem ID", semaphore ID) [argument-token] [ipc_perm-token] (of the IPC's old values) [slabel-token] [ipc_perm-token] (of the IPC's new values) [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token The ipc, ipc_perm, and the slabel of the ipc tokens are not included if the semaphore ID is invalid. |
|||
Table B–129 semctl(2) — SETALL command
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SEMCTL_SETALL |
108 |
ip |
0x00000200 |
|
Format: header-token argument-token (1, "sem ID", semaphore ID) [argument-token] [ipc_perm-token] [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token The ipc, ipc_perm, and the slabel of the ipc tokens are not included if the semaphore ID is invalid. |
|||
Table B–130 semctl(2) — SETVAL command
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SEMCTL_SETVAL |
107 |
ip |
0x00000200 |
|
Format: header-token argument-token (1, "sem ID", semaphore ID) [argument-token] [ipc_perm-token] [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token The ipc, ipc_perm, and the slabel of the ipc tokens are not included if the semaphore ID is invalid. |
|||
Table B–131 semctl(2) — IPC_STAT command
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SEMCTL_STAT |
101 |
ip |
0x00000200 |
|
Format: header-token argument-token (1, "sem ID", semaphore ID) [argument-token] [ipc_perm-token] [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token |
|||
Table B–132 semget(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SEMGET |
109 |
ip |
0x00000200 |
|
Format: header-token argument-token (1, "sem key", semaphore key) argument-token (3, "sem flags", semaphore flags) [ipc_perm-token] [slabel-token] [argument-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token The ipc, ipc_perm, and the slabel of the ipc tokens are not included if the semaphore ID is invalid. |
|||
Table B–133 semgetl(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SEMGETL |
177 |
ip |
0x00000200 |
|
Format: header-token argument-token (1, "sem key", semaphore key) argument-token (3, "sem flags", semaphore flags) slabel-token [ipc_perm-token] [slabel-token] [argument-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token The ipc, ipc_perm, and the slabel of the ipc tokens are not included if the system call failed. |
|||
Table B–134 semop(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SEMOP |
110 |
ip |
0x00000200 |
|
Format: header-token argument-token (1, "sem ID", semaphore ID) [argument-token] [ipc_perm-token] [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token The ipc, ipc_perm, and the slabel of the ipc tokens are not included if the semaphore ID is invalid. |
|||
Table B–135 sendmsg(3SOCKET)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SENDMSG |
188 |
nt |
0x00000100 |
|
Format: header-token sock-inet-token sock-inet-token (to address) argument-token (3, "flags", message flags) subject-token return-token The sock_inet token for a bad socket is reported as: argument-token (1, "fd", socket descriptor) |
|||
Table B–136 sendto(3SOCKET)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SENDTO |
184 |
nt |
0x00000100 |
|
Format: header-token sock-inet-token argument-token (3, "len", message length) [argument-token] (4, "flags", flags) argument-token (6, "tolen", address length) sock-inet-token (to address) subject-token return-token The sock_inet token for a bad socket is reported as: argument-token (1, "fd", socket descriptor) |
|||
Table B–137 setacl(1), setfacl(1)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_ACLSET |
251 |
fm |
0x00000008 |
|
AUE_FACLSET |
252 |
fm |
0x00000008 |
|
Format: header-token argument-token (2,”cmd”, command) argument-token (3,”n_entries”, number of acl entries) acl-token … (token repeated “n_entries” times) path-token [attr-token] [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–138 setaudit(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SETAUDIT |
133 |
aa |
0x00040000 |
|
Format (valid program stack address): header-token argument-token (1, "setaudit:auid", audit user ID) argument-token (1, "setaudit:port", terminal ID) argument-token (1, "setaudit:machine", terminal ID) argument-token (1, "setaudit:as_success", preselection mask) argument-token (1, "setaudit:as_failure", preselection mask) argument-token (1, "setaudit:asid", audit session ID) [priv-token] (if privilege used or required) subject-token return-token Format (invalid program stack address): header-token subject-token return-token |
|||
Table B–139 setaudit_addr(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SETAUDIT_ADDR |
266 |
aa |
0x00000800 |
|
Format: header-token argument-token (1, "auid", audit user ID) argument-token (1, "port", terminal ID) argument-token (1, "type", machine address type) argument-token (1, "as_success", preselection mask) argument-token (1, "as_failure", preselection mask) argument-token (1, "asid", audit session ID) subject-token return-token |
|||
Table B–140 setauid(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SETAUID |
131 |
aa |
0x00040000 |
|
Format: header-token argument-token (2, "setauid", audit user ID) [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–141 setclearance(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SETCLEARANCE |
542 |
fm |
0x00000008 |
|
Format: header-token clearance-token (specified) clearance-token (old) clearance-token (new) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–142 setcmwlabel(2), lsetcmwlabel(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SETCMWLABEL |
549 |
fm |
0x00000008 |
|
AUE_LSETCMWLABEL |
525 |
fm |
0x00000008 |
|
Format: header-token argument-token (3, “flag”, which parts of label to set) [slabel-token] (if slabel is being set) [priv-token] (if privilege used or required) subject-token slabel-token return-token |
|||
Table B–143 setcmwplabel(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SETCMWPLABEL |
541 |
fm |
0x00000008 |
|
Format (setting flag == SETCL_ALL): header-token slabel-token (SL from input argument) slabel-token (original SL) argument-token (2, “flag”, value) slabel-token (new SL) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token Format (setting flag == SETCL_SL): header-token slabel-token (SL from input argument) slabel-token (SL of subject before) argument-token (2, “flag”, value) slabel-token (SL of subject after) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token Format (setting flag == SETCL_IL): header-token argument-token (2, “flag”, value) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–144 setegid(2), old setgid(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SETEGID |
214 |
pm |
0x00200000 |
|
AUE_SETGID |
205 |
pm |
0x00200000 |
|
Format: header-token argument-token (1, "gid", group ID) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–145 seteuid(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SETEUID |
215 |
pm |
0x00200000 |
|
Format: header-token argument-token (1, "gid", user ID) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–146 setfattrflag(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SETFATTRFLAG |
522 |
fm |
0x00000008 |
|
Format: header-token argument-token (2, "which", which flags to set) argument-token (3, "attrs", flag values) [priv-token] (if privilege used or required) subject-token slabel-token return-token |
|||
Table B–147 setfpriv(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SETFILEPRIV |
550 |
fm |
0x00000008 |
|
Format: header-token argument-token (4, "privilege type", privilege set type) privilege-token [priv-token] (if privilege used or required) subject-token slabel-token return-token |
|||
Table B–148 setgroups(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SETGROUPS |
26 |
pm |
0x00200000 |
|
Format: header-token [argument-token] (1, "setgroups", group ID) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token One argument-token for each group set. |
|||
Table B–149 setpattr(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SETPATTR |
526 |
ps |
0x00100000 |
|
Format: header-token argument-token (1, “type”, type of attribute to set) argument-token (2, “value”, value of attribute) [priv-token] (if privilege used or required) subject-token slabel-token return-token |
|||
Table B–150 setpgrp(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SETPGRP |
27 |
pm |
0x00200000 |
|
Format: header-token [priv-token] (if privilege used or required) subject-token slabel-token return-token |
|||
Table B–151 setppriv(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SETPROCPRIV |
127 |
fm |
0x00000008 |
|
Format: header-token argument-token (3, “type”, privilege set type) argument-token (4, “op”, operation to perform) privilege-token (specified) privilege-token (old) [priv-token] (if privilege used or required) subject-token slabel-token return-token |
|||
Table B–152 setregid(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SETREGID |
41 |
pm |
0x00200000 |
|
Format: header-token argument-token (1, "rgid", real group ID) argument-token (1, "egid", effective group ID) [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–153 setreuid(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SETREUID |
40 |
pm |
0x00200000 |
|
Format: header-token argument-token (1, "ruid", real user ID) argument-token (1, "euid", effective user ID) [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–154 setrlimit(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SETRLIMIT |
51 |
as |
0x00020000 |
|
Format: header-token [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–155 setsockopt(3SOCKET)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SETSOCKOPT |
35 |
nt |
0x00000100 |
|
Format: header-token sock-inet-token argument-token (2, "level", protocol level) [argument-token] (3, "optname", option name) argument-token (4, "val", option value) argument-token (5, "optlen", option length) subject-token return-token The sock_inet token for a non-socket operation is reported as: argument-token (1, "fd", file descriptor) |
|||
Table B–156 old setuid(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_OSETUID |
200 |
pm |
0x00200000 |
|
Format: header-token argument-token (1, "uid", user ID) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–157 shmat(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SHMAT |
96 |
ip |
0x00000200 |
|
Format: header-token argument-token (1, "shm ID", shared memory ID) argument-token (2, "shm adr", shared mem addr) [argument-token] [ipc_perm-token] [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token The ipc, ipc_perm, and slabel tokens are not included if the shared memory segment ID is invalid. |
|||
Table B–158 shmctl(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SHMCTL |
91 |
ip |
0x00000200 |
|
Format: header-token argument-token (1, "shmid", shared memory ID) [ipc-token] subject-token return-token The ipc and ipc_perm tokens are not included if the shared memory segment ID is not valid. |
|||
Table B–159 shmctl(2) — IPC_RMID command
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SHMCTL_RMID |
92 |
ip |
0x00000200 |
|
Format: header-token argument-token (1, "shm ID", shared memory ID) [argument-token] [ipc_perm-token] [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token The ipc, ipc_perm, and slabel tokens are not included if the shared memory segment ID is invalid. |
|||
Table B–160 shmctl(2) — IPC_SET command
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SHMCTL_SET |
93 |
ip |
0x00000200 |
|
Format: header-token argument-token (1, "shm ID", shared memory ID) [argument-token] [ipc_perm-token] (of the IPC's old values) [slabel-token] [ipc_perm-token] (of the IPC's new values) [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token The ipc, ipc_perm, and slabel tokens are not included if the shared memory segment ID is invalid. |
|||
Table B–161 shmctl(2) — IPC_STAT command
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SHMCTL_STAT |
94 |
ip |
0x00000200 |
|
Format: header-token argument-token (1, "shm ID", shared memory ID) [argument-token] [ipc_perm-token] [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token The ipc, ipc_perm, and slabel tokens are not included if the shared memory segment ID is invalid. |
|||
Table B–162 shmdt(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SHMDT |
97 |
ip |
0x00000200 |
|
Format: header-token argument-token (1, "shm adr", shared mem addr) [priv-token] (if privilege used or required) subject-token slabel-token return-token |
|||
Table B–163 shmget(2)
|
Event Name |
Event ID |
EventClass |
Mask |
|---|---|---|---|
|
AUE_SHMGET |
95 |
ip |
0x00000200 |
|
Format: header-token argument-token (1, "shm ID", shared memory ID) argument-token (3, "shm flag", shared memory flags) [argument-token] [slabel-token] [ipc_perm-token] (of the IPC's old values) [slabel-token] [ipc_perm-token] (of the IPC's new values) [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token subject-token The ipc, ipc_perm, and slabel tokens are not included for failed events. |
|||
Table B–164 shmgetl(2)
|
Event Name |
Event ID |
EventClass |
Mask |
|---|---|---|---|
|
AUE_SHMGETL |
178 |
ip |
0x00000200 |
|
Format: header-token argument-token (1, "shm ID", shared memory ID) argument-token (3, "shm flag", shared memory flags) slabel-token [ipc_perm-token] (of the IPC's old values) [slabel-token] [ipc_perm-token] (of the IPC's new values) [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token subject-token The ipc, ipc_perm, and slabel tokens are not included for failed events. |
|||
Table B–165 sockconfig()
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SOCKCONFIG |
265 |
nt |
0x00000100 |
|
Format:
header-token
argument-token (1, "domain", socket domain)
[argument-token] (2, "type", socket type)
argument-token (3, "protocol", socket protocol)
text-token
subject-token
return-token
|
|||
Table B–166 socket(3SOCKET)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SOCKET |
183 |
nt |
0x00000100 |
|
Format:
header-token
argument-token (1, "domain", socket domain)
[argument-token] (2, "type", socket type)
argument-token (3, "protocol", socket protocol)
subject-token
return-token
|
|||
Table B–167 stat(2), statfs(2), statvfs(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_STAT |
16 |
fa |
0x00000004 |
|
AUE_STATFS |
54 |
fa |
0x00000004 |
|
AUE_STATVFS |
234 |
fa |
0x00000004 |
|
Format: header-token path-token [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–168 stime(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_STIME |
201 |
as |
0x00020000 |
|
Format: header-token [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–169 symlink(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SYMLINK |
21 |
fc |
0x00000010 |
|
Format: header-token text-token (symbolic link string) path-token [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–170 sysinfo(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SYSINFO |
39 |
as |
0x00020000 |
|
Format: header-token argument-token (1, "cmd", command) text-token (name) [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–171 system booted
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SYSTEMBOOT |
113 |
na |
0x00000400 |
|
Format:
header-token
text-token ("booting kernel")
return-token
|
|||
Table B–172 tnif(2), tnrh(2), tnrhtp(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_TNIF |
534 |
nt |
0x00000100 |
|
AUE_TNRH |
535 |
|
|
|
AUE_TNRHTP |
536 |
|
|
|
Format: header-token [priv-token] (if privilege used or required) subject-token slabel-token return-token |
|||
Table B–173 tokmapper(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_TOKMAPPER |
537 |
nt |
0x00000100 |
|
Format: header-token argument-token (1, “op”, state) in_addr-token [priv-token] (if privilege used or required) subject-token slabel-token return-token |
|||
Table B–174 uadmin(2) - system freeze
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_FREEZE |
539 |
ss |
0x00010000 |
|
Format: header-token [priv-token] (if privilege used or required) subject-token slabel-token return-token |
|||
Table B–175 uadmin(2) - system reboot
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_REBOOT |
561 |
ss |
0x00010000 |
|
Format: header-token [priv-token] (if privilege used or required) subject-token slabel-token return-token |
|||
Table B–176 uadmin(2) - system remount
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_REMOUNT |
540 |
as |
0x00020000 |
|
Format: header-token [priv-token] (if privilege used or required) subject-token slabel-token return-token |
|||
Table B–177 uadmin(2) - system shutdown
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_SHUTDOWN |
560 |
ss |
0x00010000 |
|
Format: header-token [priv-token] (if privilege used or required) subject-token slabel-token return-token |
|||
Table B–178 umount(2) — old version
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_UMOUNT |
12 |
ao |
0x00080000 |
|
Format: header-token path-token [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–179 umount(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_UMOUNT2 |
268 |
ao |
0x00080000 |
|
Format: header-token path-token [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–180 unlink(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_UNLINK |
6 |
fd |
0x00000020 |
|
Format: header-token path-token [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–181 old utime(2), utimes(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_UTIME |
202 |
fm |
0x00000008 |
|
AUE_UTIMES |
49 |
fm |
0x00000008 |
|
Format: header-token path-token [attr-token] [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–182 utssys(2) — fusers
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_UTSSYS |
233 |
ao |
0x00080000 |
|
Format: header-token path-token [attr-token] [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–183 vfork(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_VFORK |
25 |
ps |
0x00100000 |
|
Format: header-token argument-token (0, "child PID", pid) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token The fork return values are undefined since the audit record is produced at the point that the child process is spawned. |
|||
Table B–184 vtrace(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_VTRACE |
36 |
pm |
0x00200000 |
|
Format: header-token [priv-token] (if privilege used or required) subject-token return-token |
|||
Table B–185 write(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_WRITE |
195 |
no |
0x00000000 |
|
Format: header-token slabel-token (from label specified in syscall args) path-token) [attr-token] [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token |
|||
Table B–186 writel(2), pwritel(2), writevl(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_PWRITEL |
528 |
no |
0x00000000 |
|
AUE_WRITEL |
552 |
fm |
0x00000008 |
|
AUE_WRITEVL |
553 |
fm |
0x00000008 |
|
Format: header-token slabel-token (from label specified in syscall args) path-token) [attr-token] [slabel-token] [priv-token] (if privilege used or required) subject-token slabel-token return-token |
|||
Table B–187 xmknod(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_XMKNOD |
240 |
fc |
0x00000010 |
|
Format: header-token path-token [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
Table B–188 xstat(2)
|
Event Name |
Event ID |
Event Class |
Mask |
|---|---|---|---|
|
AUE_XSTAT |
235 |
fa |
0x00000004 |
|
Format: header-token path-token [attr-token] [slabel-token] (object) [priv-token] (if privilege used or required) subject-token slabel-token (subject) return-token |
|||
- © 2010, Oracle Corporation and/or its affiliates