diff options
author | Richard Guy Briggs <rgb@redhat.com> | 2018-12-11 01:17:50 +0300 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2019-01-15 02:01:05 +0300 |
commit | 9e36a5d49c3a6fc4a2e0ba2dc11b27c4a8ae6303 (patch) | |
tree | a449f11eeb5c67c0ae57f9eac71a6f8b7be61091 /kernel/audit_watch.c | |
parent | 53fc7a01df51f58b317ea5ab1607a1af65d6d4cf (diff) | |
download | linux-9e36a5d49c3a6fc4a2e0ba2dc11b27c4a8ae6303.tar.xz |
audit: hand taken context to audit_kill_trees for syscall logging
Since the context is derived from the task parameter handed to
__audit_free(), hand the context to audit_kill_trees() so it can be used
to associate with a syscall record. This requires adding the context
parameter to kill_rules() rather than using the current audit_context.
The callers of trim_marked() and evict_chunk() still have their context.
The EOE record was being issued prior to the pruning of the killed_tree
list.
Move the kill_trees call before the audit_log_exit call in
__audit_free() and __audit_syscall_exit() so that any pruned trees
CONFIG_CHANGE records are included with the associated syscall event by
the user library due to the EOE record flagging the end of the event.
See: https://github.com/linux-audit/audit-kernel/issues/50
See: https://github.com/linux-audit/audit-kernel/issues/59
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
[PM: fixed merge fuzz in kernel/audit_tree.c]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'kernel/audit_watch.c')
0 files changed, 0 insertions, 0 deletions