2 internal interfaces, 3 data structures, 6 kernel subsystem audit – IBM Novell 10 SP1 EAL4 User Manual

System calls are listed in the Functional Specification mapping table

6.8.1.5.2 Internal interfaces

Internal interfaces

Interfaces defined in

get_zeroed_page

Linux Device Drivers, O’Reilly, Chapter 7, 2nd Edition June 2001,
Alessandro Rubini /this document, chapter 5.5.2.1

__vmalloc

Linux Device Drivers, O’Reilly, Chapter 7, 2nd Edition June 2001,
Alessandro Rubini

vfree

Linux Device Drivers, O’Reilly, Chapter 7, 2nd Edition June 2001,
Alessandro Rubini

kmalloc

Linux Device Drivers, O’Reilly, Chapter 7, 2nd Edition June 2001,
Alessandro Rubini

kfree

Linux Device Drivers, O’Reilly, Chapter 7, 2nd Edition June 2001,
Alessandro Rubini

__ get_free_pages Linux Device Drivers, O’Reilly, Chapter 7, 2nd Edition June 2001,

Alessandro Rubini

free_pages

Linux Device Drivers, O’Reilly, Chapter 7, 2nd Edition June 2001,
Alessandro Rubini

6.8.1.5.3 Data Structures

mm_struct and include/linux/sched.h

6.8.1.6 Kernel subsystem audit

This section lists external interfaces, internal interfaces, and data structures of the audit subsystem.

6.8.1.6.1 External interfaces

There are two external interfaces to the audit subsystem.

•

Netlink socket calls, by which all kernel user-space communication takes place.

•

Communication through /proc to associate the login uid with the login session and therefore with

all tasks forked or exec’ed under the session.

6.8.1.6.2 Internal interfaces

The audit kernel provides a set of interfaces to other kernel subsystems to:

•

Format and send audit records to user space, audit_log_* functions.

•

Allocate per task audit context, audit_alloc which is called by copy_proc.

•

Audit syscalls on entry and exit, audit_syscall_exit and audit_syscall_entry.

•

Audit file system watched objects, audit_notify_watch and audit_notify_update.

•

Add additional audit information for specific audit events:

•

audit_socketcall

228