auditsvc(2)
NAME
auditsvc - write audit log to specified file descriptor
SYNOPSIS
cc [ flag ... ] file... -lbsm -lsocket -lnsl -lintl [ library ... ]
#include <sys/param.h>
#include <bsm/audit.h>
int auditsvc(int fd, int limit);
DESCRIPTION
The auditsvc() function specifies the audit log file to the
kernel. The kernel writes audit records to this file until
an exceptional condition occurs and then the call returns.
The fd argument is a file descriptor that identifies the
audit file. Applications should open this file for writing
before calling auditsvc().
The limit argument specifies the number of free blocks that
must be available in the audit file system, and causes
auditsvc() to return when the free disk space on the audit
filesystem drops below this limit. Thus, the invoking pro-
gram can take action to avoid running out of disk space.
The auditsvc() function does not return until one of the
following conditions occurs:
o The process receives a signal that is not blocked or
ignored.
o An error is encountered writing to the audit log file.
o The minimum free space (as specified by limit), has
been reached.
RETURN VALUES
The auditsvc() function returns only on an error.
ERRORS
The auditsvc() function will fail if:
EAGAIN
The descriptor referred to a stream, was marked for
System V-style non-blocking I/O, and no data could be
written immediately.
EBADF The fd argument is not a valid descriptor open for
writing.
EBUSY A second process attempted to perform this call.
EFBIG An attempt was made to write a file that exceeds the
process's file size limit or the maximum file size.
EINTR The call is forced to terminate prematurely due to the
arrival of a signal whose SV_INTERRUPT bit in sv_flags
is set (see sigvec(3UCB)). The signal(3C) function
sets this bit for any signal it catches.
EINVAL
Auditing is disabled (see auditon(2)), or the fd argu-
ment does not refer to a file of an appropriate type
(regular files are always appropriate.)
EIO An I/O error occurred while reading from or writing to
the file system.
ENOSPC
The user's quota of disk blocks on the file system
containing the file has been exhausted; audit filesys-
tem space is below the specified limit; or there is no
free space remaining on the file system containing the
file.
ENXIO A hangup occurred on the stream being written to.
EPERM The process's effective user ID is not superuser.
EWOULDBLOCK
The file was marked for 4.2 BSD-style non-blocking
I/O, and no data could be written immediately.
USAGE
Only processes with an effective user ID of superuser can
execute this call successfully.
When a UFS file system is mounted with logging enabled, file
system transactions that free blocks from files might not
actually add those freed blocks to the file system's free
list until some unspecified time in the future. This
behavior improves file system performance but does not con-
form to the POSIX, Single UNIX Specification, SPARC Confor-
mance Definition, System V Application Binary Interface,
System V Interface Definition, and X/Open Portability Guide
Standards, which require that freed space be available
immediately. To enable standards conformance regarding file
deletions or to address the problem of not being able to
grow files on a relatively full UFS file system even after
files have been deleted, disable UFS logging (see
mount_ufs(1M).
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Interface Stability | Stable |
|_____________________________|_____________________________|
| MT-Level | MT-Safe |
|_____________________________|_____________________________|
SEE ALSO
auditd(1M), bsmconv(1M), mount_ufs(1M), audit(2), audi-
ton(2), sigvec(3UCB), audit.log(4), attributes(5)
NOTES
The functionality described in this man page is available
only if the Basic Security Module (BSM) has been enabled.
See bsmconv(1M) for more information.
Man(1) output converted with
man2html