summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRichard Guy Briggs <rgb@redhat.com>2018-05-31 16:28:12 -0400
committerPaul Moore <paul@paul-moore.com>2018-06-19 10:30:05 -0400
commitd87de4a878e110d0061fb22726d37a54a281285d (patch)
tree086268047aedb5765b6edd9eb9e88e3091fe76ad
parent9b8753fffe7b3642688135f28aa8a0a0f45fd9ab (diff)
downloadlwn-d87de4a878e110d0061fb22726d37a54a281285d.tar.gz
lwn-d87de4a878e110d0061fb22726d37a54a281285d.zip
audit: tie ANOM_ABEND records to syscall
Since core dump events are triggered by user activity, tie the ANOM_ABEND record to the syscall record to collect all records from the same event. See: https://github.com/linux-audit/audit-kernel/issues/88 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
-rw-r--r--kernel/auditsc.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index fefb9e215cd0..5f0bd5ece578 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -2461,7 +2461,7 @@ void audit_core_dumps(long signr)
if (signr == SIGQUIT) /* don't care for those */
return;
- ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_ANOM_ABEND);
+ ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_ANOM_ABEND);
if (unlikely(!ab))
return;
audit_log_task(ab);