[PATCH ghak110 V1] audit: connect LOGIN record to its syscall record
Richard Guy Briggs
rgb at redhat.com
Tue Mar 19 19:23:29 UTC 2019
Currently the AUDIT_LOGIN event is a standalone record that isn't
connected to any other records that may be part of its syscall event. To
avoid the confusion of generating two events, connect the records by
using its syscall context.
Please see the github issue
https://github.com/linux-audit/audit-kernel/issues/110
Signed-off-by: Richard Guy Briggs <rgb at redhat.com>
---
Passes audit-testsuite and ausearch-test-0.6
kernel/audit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/audit.c b/kernel/audit.c
index c89ea48c70a6..b96bf69183f4 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -2220,7 +2220,7 @@ static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid,
if (!audit_enabled)
return;
- ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_LOGIN);
+ ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_LOGIN);
if (!ab)
return;
--
1.8.3.1
More information about the Linux-audit
mailing list