summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRichard Guy Briggs <rgb@redhat.com>2018-05-31 22:27:24 +0200
committerPaul Moore <paul@paul-moore.com>2018-06-19 16:26:59 +0200
commit9b8753fffe7b3642688135f28aa8a0a0f45fd9ab (patch)
treeebe063c87aa4c838d4aead0e2fedb600ab8515ee
parentaudit: allow other filter list types for AUDIT_EXE (diff)
downloadlinux-9b8753fffe7b3642688135f28aa8a0a0f45fd9ab.tar.xz
linux-9b8753fffe7b3642688135f28aa8a0a0f45fd9ab.zip
audit: tie SECCOMP records to syscall
Since seccomp events are triggered by user activity, tie the SECCOMP record to the syscall record to collect all records from the same event. See: https://github.com/linux-audit/audit-kernel/issues/87 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
-rw-r--r--kernel/auditsc.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index ceb1c4596c51..fefb9e215cd0 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -2485,7 +2485,7 @@ void audit_seccomp(unsigned long syscall, long signr, int code)
{
struct audit_buffer *ab;
- ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_SECCOMP);
+ ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_SECCOMP);
if (unlikely(!ab))
return;
audit_log_task(ab);