endpoint_sec_sys

Struct es_event_su_t

Source 
#[repr(C)]
pub struct es_event_su_t {
    pub success: bool,
    pub failure_message: es_string_token_t,
    pub from_uid: uid_t,
    pub from_username: es_string_token_t,
    pub has_to_uid: bool,
    pub to_uid: es_event_su_t_anon0,
    pub to_username: es_string_token_t,
    pub shell: es_string_token_t,
    pub argc: usize,
    pub argv: *mut es_string_token_t,
    pub env_count: usize,
    pub env: *mut es_string_token_t,
}
Available on macOS and crate feature macos_14_0_0 only.
Expand description

Notification for a su policy decisions events.

This event type does not support caching (notify-only). Should always emit on success but will only emit on security relevant failures. For example, Endpoint Security clients will not get an event for su being passed invalid command line arguments.

Fields§

§success: bool

True iff su was successful.

§failure_message: es_string_token_t

Optional. If success is false, a failure message is contained in this field

§from_uid: uid_t

The uid of the user who initiated the su

§from_username: es_string_token_t

The name of the user who initiated the su

§has_to_uid: bool

True iff su was successful, Describes whether or not the to_uid is interpretable

§to_uid: es_event_su_t_anon0

Optional. If success, the user ID that is going to be substituted

§to_username: es_string_token_t

Optional. If success, the user name that is going to be substituted

§shell: es_string_token_t

Optional. If success, the shell is going to execute

§argc: usize

The length of argv

§argv: *mut es_string_token_t

If success, the arguments are passed into to the shell

§env_count: usize

The length of env

§env: *mut es_string_token_t

If success, list of environment variables that is going to be substituted

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> AutoreleaseSafe for T
where T: ?Sized,