#!/bin/sh -efu

AUDITCTL=/sbin/auditctl
SYSCALLS='execve exit_group'

prefix="$1"
wdir="$2"
slot="$3"
stamp="${4:-}"

arch="${prefix##*.}"
case "$arch" in
    armh)
        arch='arm'
        ;;
esac

prefix="$prefix${stamp:+.$stamp}"

USER="${USER:-$(id -un)}"

username="${USER}_b$slot"

if ! id "$username" 1>/dev/null 2>&1; then
    echo "[$prefix] ERROR: User $username not found." >&2
    exit 1
fi

"$AUDITCTL" -D -k "$prefix"

ret=0
for syscall in $SYSCALLS; do
    "$AUDITCTL" -a always,exit -F arch="$arch" -F uid="$username" -S "$syscall" -k "$prefix" || ret=$?
    if [ $ret -ne 0 ]; then
        "$AUDITCTL" -D -k "$prefix"
        exit $ret
    fi
done

echo "[$prefix]: Audit is turned on." >&2
