getfauditflags() generates a process audit state by combining the audit masks passed as parameters with the system audit masks specified in the audit_control(4) file. getfauditflags() obtains the system audit value by calling getacflg() (see getacinfo(3BSM)).

usremasks points to au_mask_t fields which contains two values. The first value defines which events are always to be audited when they succeed. The second value defines which events are always to be audited when they fail.

usrdmasks also points to au_mask_t fields which contains two values. The first value defines which events are never to be audited when they succeed. The second value defines which events are never to be audited when they fail.

The structures pointed to by usremasks and usrdmasks may be obtained from the audit_user(4) file by calling getauusernam() which returns a pointer to a strucure containing all audit_user(4) fields for a user.

The output of this function is stored in lastmasks which is a pointer of type au_mask_t as well. The first value defines which events are to be audited when they succeed and the second defines which events are to be audited when they fail.

Both usremasks and usrdmasks override the values in the system audit values.

-1 is returned on error and 0 on success.

See attributes(5) for descriptions of the following attributes:

bsmconv(1M), getacinfo(3BSM), getauditflags(3BSM), getauusernam(3BSM), audit.log(4), audit_control(4), audit_user(4), attributes(5)

The functionality described in this man page is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for more information.