summaryrefslogtreecommitdiff
path: root/kernel/auditsc.c
diff options
context:
space:
mode:
authorRichard Guy Briggs <rgb@redhat.com>2018-05-31 16:27:24 -0400
committerPaul Moore <paul@paul-moore.com>2018-06-19 10:26:59 -0400
commit9b8753fffe7b3642688135f28aa8a0a0f45fd9ab (patch)
treeebe063c87aa4c838d4aead0e2fedb600ab8515ee /kernel/auditsc.c
parent29c1372d6a9b872acf479ba2744e4e7f043981c0 (diff)
downloadlinux-next-9b8753fffe7b3642688135f28aa8a0a0f45fd9ab.tar.gz
audit: tie SECCOMP records to syscall
Since seccomp events are triggered by user activity, tie the SECCOMP record to the syscall record to collect all records from the same event. See: https://github.com/linux-audit/audit-kernel/issues/87 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'kernel/auditsc.c')
-rw-r--r--kernel/auditsc.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index ceb1c4596c51..fefb9e215cd0 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -2485,7 +2485,7 @@ void audit_seccomp(unsigned long syscall, long signr, int code)
{
struct audit_buffer *ab;
- ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_SECCOMP);
+ ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_SECCOMP);
if (unlikely(!ab))
return;
audit_log_task(ab);