subject Token
The subject token describes a subject (process). The structure is the same as the process token. The token has 9 fields: an ID that identifies this as a subject token, the invariant audit ID, the effective user ID, the effective group ID, the real user ID, the real group ID, the process ID, the audit session ID, and a terminal ID. This token is always returned as part of kernel-generated audit records for system calls. Figure A-25 shows the token.
Figure A-25 subject Token Format
The audit ID, user ID, group ID, process ID, and session ID are long instead of short.
Note -
The subject token fields for the session ID, the real user ID, or the real group ID might be unavailable. The entry is then set to -1.
For the Solaris 7 release, the process token can be displayed using a 64-bit device ID, in place of the 32-bit value.
For the Solaris 8 release, the terminal ID can report an IPv6 address by changing the format to use either 4 or 8 bytes to describe the device, 16 bytes to describe the type, and 16 bytes to descibe the address.
- © 2010, Oracle Corporation and/or its affiliates