aboutsummaryrefslogtreecommitdiffstats
path: root/framework/src/audit/docs/audit_add_rule_data.3
diff options
context:
space:
mode:
Diffstat (limited to 'framework/src/audit/docs/audit_add_rule_data.3')
-rw-r--r--framework/src/audit/docs/audit_add_rule_data.349
1 files changed, 49 insertions, 0 deletions
diff --git a/framework/src/audit/docs/audit_add_rule_data.3 b/framework/src/audit/docs/audit_add_rule_data.3
new file mode 100644
index 00000000..2321f391
--- /dev/null
+++ b/framework/src/audit/docs/audit_add_rule_data.3
@@ -0,0 +1,49 @@
+.TH "AUDIT_ADD_RULE_DATA" "3" "Aug 2009" "Red Hat" "Linux Audit API"
+.SH NAME
+audit_add_rule_data \- Add new audit rule
+.SH "SYNOPSIS"
+.B #include <libaudit.h>
+.sp
+int audit_add_rule_data (int fd, struct audit_rule_data *rule, int flags, int action);
+
+.SH "DESCRIPTION"
+
+audit_add_rule adds an audit rule previously constructed with audit_rule_fieldpair_data(3) to one of several kernel event filters. The filter is specified by the flags argument. Possible values for flags are:
+
+.TP 3
+\(bu
+AUDIT_FILTER_USER - Apply rule to userspace generated messages.
+.TP
+\(bu
+AUDIT_FILTER_TASK - Apply rule at task creation (not syscall).
+.TP
+\(bu
+AUDIT_FILTER_EXIT - Apply rule at syscall exit.
+.TP
+\(bu
+AUDIT_FILTER_TYPE - Apply rule at audit_log_start.
+.LP
+
+.PP
+The rule's action has two possible values:
+
+.TP 3
+\(bu
+AUDIT_NEVER - Do not build context if rule matches.
+.TP
+\(bu
+AUDIT_ALWAYS - Generate audit record if rule matches.
+.LP
+
+.SH "RETURN VALUE"
+
+The return value is <= 0 on error, otherwise it is the netlink sequence id number. This function can have any error that sendto would encounter.
+
+.SH "SEE ALSO"
+
+.BR audit_rule_fieldpair_data(3),
+.BR audit_delete_rule_data (3),
+.BR auditctl (8).
+
+.SH AUTHOR
+Steve Grubb.