audit_delete_rule_data — Delete audit rule


#include <libaudit.h>

int audit_delete_rule_data (int fd, struct audit_rule_data *rule, int flags, int action);


audit_delete_rule_data is used to delete rules that are currently loaded in the kernel. To delete a rule, you must set up the rules identical to the one being deleted. See audit_add_rule_data for flag and action definitions.

Return Value

The return value is <= 0 on error, otherwise it is the netlink sequence id number. This function can have any error that sendto would encounter.

See Also

audit_add_rule_data(3), auditctl(8).


Steve Grubb

Referenced By

audit_add_rule_data(3), audit_add_watch(3), audit_request_rules_list_data(3).

Oct 2006 Red Hat Linux Audit API