exec_args Token
The exec_args token records the arguments to an exec() system call. The exec_args token has two fixed fields:
-
A token ID field that identifies this token as an exec_args token
-
A count that represents the number of arguments that are passed to the exec() system call
The remainder of this token is composed of zero or more null-terminated strings. The praudit command displays the exec_args token as follows:
vi,/etc/security/audit_user |
The following figure shows the format of an exec_args token.
Figure 23–8 exec_args Token Format
Note –
The exec_args token is output only when the audit policy argv is active.
- © 2010, Oracle Corporation and/or its affiliates