AUDIT_LOG_START(9)                       Audit Interfaces                      AUDIT_LOG_START(9)



NAME
       audit_log_start - obtain an audit buffer

SYNOPSIS
       struct audit_buffer * audit_log_start(struct audit_context * ctx, gfp_t gfp_mask,
                                             int type);

ARGUMENTS
       ctx
           audit_context (may be NULL)

       gfp_mask
           type of allocation

       type
           audit message type

DESCRIPTION
       Returns audit_buffer pointer on success or NULL on error.

       Obtain an audit buffer. This routine does locking to obtain the audit buffer, but then no
       locking is required for calls to audit_log_*format. If the task (ctx) is a task that is
       currently in a syscall, then the syscall is marked as auditable and an audit record will
       be written at syscall exit. If there is no associated task, then task context (ctx) should
       be NULL.

COPYRIGHT
Kernel Hackers Manual 4.8.                 January 2017                        AUDIT_LOG_START(9)