Hello,

As part of my course I am required to look at the auditing code in the linux kernel, more specifically the part where the exec() calls are being logged. I would really appreciate any help, especially regarding where exactly that code in the whole database can be found, i.e. the part of the code that is logging the environment variables. My guess so far is that audit_log_single_execve_arg in auditsc.c is doing most part of the work.