`subject` Token

The subject token describes a subject (process). The structure is the same as the process token. The token has 9 fields: an ID that identifies this as a subject token, the invariant audit ID, the effective user ID, the effective group ID, the real user ID, the real group ID, the process ID, the audit session ID, and a terminal ID. This token is always returned as part of kernel-generated audit records for system calls. Figure A-25 shows the token.

Figure A-25 `subject` Token Format

The audit ID, user ID, group ID, process ID, and session ID are long instead of short.

Note -

The subject token fields for the session ID, the real user ID, or the real group ID might be unavailable. The entry is then set to -1.

Previous: socket-inet Token
Next: text Token

subject Token

Figure A-25 subject Token Format

`subject` Token

Figure A-25 `subject` Token Format