Lines Matching +full:boot +full:- +full:enabled

1 .\"-
2 .\" SPDX-License-Identifier: BSD-2-Clause
8 .\" FA8650-15-C-7558 ("CADETS"), as part of the DARPA Transparent Computing
46 .Bd -literal -offset indent
50 Alternatively, to load the module at boot time, place the following line in
52 .Bd -literal -offset indent
62 provides detailed logging of a configurable set of security-relevant system
64 copied race-free as the system call proceeds.
67 provider allows DTrace scripts to selectively enable in-kernel audit-record
69 in-kernel format or BSM format (\c
72 While the in-kernel audit record data structure is subject to change as the
74 scripts than either those available via the DTrace system-call provider or the
83 probes become available only once there is an event-to-name mapping installed
86 during the boot process, if audit is enabled in
88 .Bd -literal -offset indent
94 probes are required earlier in boot -- for example, in single-user mode -- or
97 they can be preloaded in the boot loader by adding this line to
99 .Bd -literal -offset indent
105 probes fire synchronously during system-call return, giving access to two
111 in-kernel audit record.
112 Because the probe fires in system-call return, the user thread has not yet
118 probes fire asynchronously from system-call return, following BSM conversion
123 in-kernel audit record, a
131 probes are registered, corresponding in-kernel audit records will be captured
137 In-kernel audit records allocated only because of enabled
139 probes will not be unnecessarily written to the audit trail or enabled pipes.
156 .Pq FA8650-15-C-7558
166 maintains its primary event-to-name mapping database in userspace, that
172 is only able to provide access to system-call audit events, not the full