1AUSYSCALL:(8)           System Administration Utilities          AUSYSCALL:(8)
2
3
4

NAME

6       ausyscall - a program that allows mapping syscall names and numbers
7

SYNOPSIS

9       ausyscall [arch] name | number | --dump | --exact
10

DESCRIPTION

12       ausyscall is a program that prints out the mapping from syscall name to
13       number and reverse for  the  given  arch.  The  arch  can  be  anything
14       returned  by  `uname -m`. If arch is not given, the program will take a
15       guess based on the running image. You may give the syscall name or num‐
16       ber  and  it  will find the opposite. You can also dump the whole table
17       with the --dump option. By default a syscall name lookup will be a sub‐
18       string  match  meaning that it will try to match all occurrences of the
19       given name with syscalls. So giving a name of  chown  will  match  both
20       fchown  and  chown as any other syscall with chown in its name. If this
21       behavior is not desired, pass the --exact flag and it will do an  exact
22       string match.
23
24       This program can be used to verify syscall numbers on a biarch platform
25       for rule optimization. For example, suppose you had an auditctl rule:
26
27       -a always, exit -S open -F exit=-EPERM -k fail-open
28
29       If you wanted to verify that both 32  and  64  bit  programs  would  be
30       audited,  run  "ausyscall  i386 open" and then "ausyscall x86_64 open".
31       Look at the returned numbers. If they are different, you will  have  to
32       write two auditctl rules to get complete coverage.
33
34       -a always,exit -F arch=b32 -S open -F exit=-EPERM -k fail-open
35       -a always,exit -F arch=b64 -S open -F exit=-EPERM -k fail-open
36
37       For  more information about a specific syscall, use the man program and
38       pass the number 2 as an argument to make sure that you get the  syscall
39       information  rather  than a shell script program or glibc function call
40       of the same name. For example, if you wanted to learn  about  the  open
41       syscall, type: man 2 open.
42

OPTIONS

44       --dump Print all syscalls for the given arch
45
46       --exact
47              Instead  of  doing a partial word match, match the given syscall
48              name exactly.
49
50

SEE ALSO

52       ausearch(8), auditctl(8).
53
54

AUTHOR

56       Steve Grubb
57
58
59
60Red Hat                            Nov 2008                      AUSYSCALL:(8)
Impressum