Invoking the Auditing Interface
The rtld_audit interface is enabled using the runtime linker environment variable LD_AUDIT. This environment variable is set to a colon-separated list of shared objects that will be loaded by dlopen(3X). Each object is loaded onto its own audit link-map list, and each object is searched for audit routines using dlsym(3X). Audit routines that are found will be called at various stages during the applications execution.
The rtld_audit interface allows for multiple audit libraries to be supplied. Audit libraries that expect to be employed in this fashion should not alter the bindings that would normally be returned by the runtime linker; doing so can produce unexpected results from audit libraries that follow.
Secure applications (see "Security") can only obtain audit libraries from trusted directories. Presently, the only trusted directories available for audit libraries are /usr/lib and /usr/ccs/lib for 32-bit executables, or /usr/lib/sparcv9 for 64-bit SPARCV9 executables.
- © 2010, Oracle Corporation and/or its affiliates