diff options
author | Richard Guy Briggs <rgb@redhat.com> | 2018-05-31 22:28:12 +0200 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2018-06-19 16:30:05 +0200 |
commit | d87de4a878e110d0061fb22726d37a54a281285d (patch) | |
tree | 086268047aedb5765b6edd9eb9e88e3091fe76ad /kernel/auditsc.c | |
parent | audit: tie SECCOMP records to syscall (diff) | |
download | linux-d87de4a878e110d0061fb22726d37a54a281285d.tar.xz linux-d87de4a878e110d0061fb22726d37a54a281285d.zip |
audit: tie ANOM_ABEND records to syscall
Since core dump events are triggered by user activity, tie the
ANOM_ABEND record to the syscall record to collect all records from the
same event.
See: https://github.com/linux-audit/audit-kernel/issues/88
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'kernel/auditsc.c')
-rw-r--r-- | kernel/auditsc.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index fefb9e215cd0..5f0bd5ece578 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2461,7 +2461,7 @@ void audit_core_dumps(long signr) if (signr == SIGQUIT) /* don't care for those */ return; - ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_ANOM_ABEND); + ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_ANOM_ABEND); if (unlikely(!ab)) return; audit_log_task(ab); |