openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

audit: tie SECCOMP records to syscall 

Since seccomp events are triggered by user activity, tie the SECCOMP
record to the syscall record to collect all records from the same event.

See: https://github.com/linux-audit/audit-kernel/issues/87

Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Richard Guy Briggs 2018-05-31 16:27:24 -04:00 committed by Paul Moore
parent 29c1372d6a
commit 9b8753fffe
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
kernel/auditsc.c
View File

@ -2485,7 +2485,7 @@ void audit_seccomp(unsigned long syscall, long signr, int code)
{
struct audit_buffer *ab;
ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_SECCOMP);
ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_SECCOMP);
if (unlikely(!ab))
return;
audit_log_task(ab);