NAME audit_syscall_exit - deallocate audit context after a system call

SYNOPSIS void audit_syscall_exit(int valid, long return_code);

ARGUMENTS valid success/failure flag

return_code syscall return value

DESCRIPTION Tear down after system call. If the audit context has been marked as auditable (either because of the AUDIT_RECORD_CONTEXT state from filtering, or because some other part of the kernel write an audit message), then write out the syscall information. In call cases, free the names stored from getname.

COPYRIGHT Kernel Hackers Manual 2.6. May 2011 AUDIT_SYSCALL_EXIT(9)