[PATCH ghak106 V1] audit: join tty records to their syscall
Richard Guy Briggs
rgb at redhat.com
Tue Feb 5 22:19:06 UTC 2019
AUDIT_TTY records were logged as seperate events from their syscall
records. Join them so they are logged as the single event that they
are.
Please see the github issue
https://github.com/linux-audit/audit-kernel/issues/106
Signed-off-by: Richard Guy Briggs <rgb at redhat.com>
---
Tested with ausearch-test-0.6 and audit-testsuite, manually inspected
for record association.
drivers/tty/tty_audit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/tty/tty_audit.c b/drivers/tty/tty_audit.c
index 28f87fd6a28e..9f906a5b8e81 100644
--- a/drivers/tty/tty_audit.c
+++ b/drivers/tty/tty_audit.c
@@ -66,7 +66,7 @@ static void tty_audit_log(const char *description, dev_t dev,
uid_t loginuid = from_kuid(&init_user_ns, audit_get_loginuid(current));
unsigned int sessionid = audit_get_sessionid(current);
- ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_TTY);
+ ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_TTY);
if (ab) {
char name[sizeof(current->comm)];
--
1.8.3.1
More information about the Linux-audit
mailing list