From: Richard Guy Briggs <rgb@redhat.com>
Date: Thu, 31 May 2018 20:27:24 +0000 (-0400)
Subject: audit: tie SECCOMP records to syscall
X-Git-Tag: v4.19-rc1~147^2~10
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9b8753fffe7b3642688135f28aa8a0a0f45fd9ab;p=thirdparty%2Flinux.git

audit: tie SECCOMP records to syscall

Since seccomp events are triggered by user activity, tie the SECCOMP
record to the syscall record to collect all records from the same event.

See: https://github.com/linux-audit/audit-kernel/issues/87

Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---

diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index ceb1c4596c511..fefb9e215cd0b 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -2485,7 +2485,7 @@ void audit_seccomp(unsigned long syscall, long signr, int code)
 {
 	struct audit_buffer *ab;
 
-	ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_SECCOMP);
+	ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_SECCOMP);
 	if (unlikely(!ab))
 		return;
 	audit_log_task(ab);