audit: tie SECCOMP records to syscall

Since seccomp events are triggered by user activity, tie the SECCOMP record to the syscall record to collect all records from the same event. See: https://github.com/linux-audit/audit-kernel/issues/87 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Richard Guy Briggs <rgb@redhat.com> 2018-05-31 16:27:24 -0400
committer: Paul Moore <paul@paul-moore.com> 2018-06-19 10:26:59 -0400
commit: 9b8753fffe7b3642688135f28aa8a0a0f45fd9ab (patch)
tree: ebe063c87aa4c838d4aead0e2fedb600ab8515ee
parent: 29c1372d6a9b872acf479ba2744e4e7f043981c0 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index ceb1c4596c51..fefb9e215cd0 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -2485,7 +2485,7 @@ void audit_seccomp(unsigned long syscall, long signr, int code)
 {
 	struct audit_buffer *ab;
 
-	ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_SECCOMP);
+	ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_SECCOMP);
 	if (unlikely(!ab))
 		return;
 	audit_log_task(ab);
author	Richard Guy Briggs <rgb@redhat.com>	2018-05-31 16:27:24 -0400
committer	Paul Moore <paul@paul-moore.com>	2018-06-19 10:26:59 -0400
commit	9b8753fffe7b3642688135f28aa8a0a0f45fd9ab (patch)
tree	ebe063c87aa4c838d4aead0e2fedb600ab8515ee
parent	29c1372d6a9b872acf479ba2744e4e7f043981c0 (diff)