From d96f92f4aae1132482ce0a584c4bc3ce32c796ea Mon Sep 17 00:00:00 2001 From: Richard Guy Briggs Date: Wed, 11 Apr 2018 08:46:52 -0400 Subject: [PATCH] audit: add syscall information to FEATURE_CHANGE records Tie syscall information to FEATURE_CHANGE calls since it is a result of user action. See: https://github.com/linux-audit/audit-kernel/issues/80 Signed-off-by: Richard Guy Briggs [PM: 80-char fixes] Signed-off-by: Paul Moore --- kernel/audit.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/audit.c b/kernel/audit.c index 670665c6e2a6..e9f9a90790e5 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1099,8 +1099,8 @@ static void audit_log_feature_change(int which, u32 old_feature, u32 new_feature if (audit_enabled == AUDIT_OFF) return; - - ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_FEATURE_CHANGE); + ab = audit_log_start(current->audit_context, + GFP_KERNEL, AUDIT_FEATURE_CHANGE); if (!ab) return; audit_log_task_info(ab, current);