summaryrefslogtreecommitdiff
path: root/kernel/audit_watch.c
diff options
context:
space:
mode:
authorRichard Guy Briggs <rgb@redhat.com>2018-12-11 01:17:50 +0300
committerPaul Moore <paul@paul-moore.com>2019-01-15 02:01:05 +0300
commit9e36a5d49c3a6fc4a2e0ba2dc11b27c4a8ae6303 (patch)
treea449f11eeb5c67c0ae57f9eac71a6f8b7be61091 /kernel/audit_watch.c
parent53fc7a01df51f58b317ea5ab1607a1af65d6d4cf (diff)
downloadlinux-9e36a5d49c3a6fc4a2e0ba2dc11b27c4a8ae6303.tar.xz
audit: hand taken context to audit_kill_trees for syscall logging
Since the context is derived from the task parameter handed to __audit_free(), hand the context to audit_kill_trees() so it can be used to associate with a syscall record. This requires adding the context parameter to kill_rules() rather than using the current audit_context. The callers of trim_marked() and evict_chunk() still have their context. The EOE record was being issued prior to the pruning of the killed_tree list. Move the kill_trees call before the audit_log_exit call in __audit_free() and __audit_syscall_exit() so that any pruned trees CONFIG_CHANGE records are included with the associated syscall event by the user library due to the EOE record flagging the end of the event. See: https://github.com/linux-audit/audit-kernel/issues/50 See: https://github.com/linux-audit/audit-kernel/issues/59 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> [PM: fixed merge fuzz in kernel/audit_tree.c] Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'kernel/audit_watch.c')
0 files changed, 0 insertions, 0 deletions