diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2020-03-31 15:04:17 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2020-03-31 15:04:17 -0700 |
commit | 674d85eb2d7dc6ef436f46f770f7ab3f1b9c6669 (patch) | |
tree | caa893017dd4e9271da551cd1c059e8200f75420 /kernel/audit.c | |
parent | 645c248d6fc4350562766fefd8ba1d7defe4b5e7 (diff) | |
parent | 1320a4052ea11eb2879eb7361da15a106a780972 (diff) | |
download | linux-674d85eb2d7dc6ef436f46f770f7ab3f1b9c6669.tar.gz linux-674d85eb2d7dc6ef436f46f770f7ab3f1b9c6669.tar.bz2 linux-674d85eb2d7dc6ef436f46f770f7ab3f1b9c6669.zip |
Merge tag 'audit-pr-20200330' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit
Pull audit updates from Paul Moore:
"We've got two audit patches for the v5.7 merge window with a stellar
14 lines changed between the two patches. The patch descriptions are
far more lengthy than the patches themselves, which is a very good
thing for patches this size IMHO. The patches pass our test suites and
a quick summary is below:
- Stop logging inode information when updating an audit file watch.
Since we are not changing the inode, or the fact that we are
watching the associated file, the inode information is just noise
that we can do without.
- Fix a problem where mandatory audit records were missing their
accompanying audit records (e.g. SYSCALL records were missing).
The missing records often meant that we didn't have the necessary
context to understand what was going on when the event occurred"
* tag 'audit-pr-20200330' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit:
audit: trigger accompanying records when no rules present
audit: CONFIG_CHANGE don't log internal bookkeeping as an event
Diffstat (limited to 'kernel/audit.c')
-rw-r--r-- | kernel/audit.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index 9ddfe2aa6671..b69c8b460341 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1800,6 +1800,7 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, } audit_get_stamp(ab->ctx, &t, &serial); + audit_clear_dummy(ab->ctx); audit_log_format(ab, "audit(%llu.%03lu:%u): ", (unsigned long long)t.tv_sec, t.tv_nsec/1000000, serial); |