sys_acct  [kernel/acct.c]


Enable/disable process accounting.

Arguments

eax 51
ebx A pointer to a null-terminated string that specifies the name of a file (including full path) for accounting records or NULL to shutdown accounting.
If a correct filename is specified, records for each terminating process will be appended to it .

Return values

If the system call succeeds the return value is 0.
If the system call fails the return value is one of the following errno values:

-EPERM The calling process has insufficient privilege to enable process accounting. On Linux the CAP_SYS_PACCT capability is required.
-EROFS The named file resides on a read-only file system.
-EIO An I/O error occurred while reading from or writing to the file system.
-EACCES Search permission is denied for one of the directories in the path prefix of the path.
-EISDIR ebx refers to a directory.
-EIO An I/O error occurred while reading from or writing to the file system.
-ELOOP Too many symbolic links were encountered in path resolving.
-ENAMETOOLONG Path is too long.
-ENOMEM Insufficient kernel memory was available.
-ENOENT The file does not exist.
-ENOSYS BSD process accounting has not been enabled when the operating system kernel was compiled. The kernel configuration parameter controlling this feature is CONFIG_BSD_PROCESS_ACCT.
-EUSERS There are no more free file structures or we ran out of memory.
-EFAULT Path points outside your accessible address space.

Remarks

No accounting is produced for programs running when a crash occurs. In particular, nonterminating processes are never accounted for.

Compatibility

n/a