kernel/audit.c · df5ba5be7425e1df296d40c5f37a39d98ec666a2 · Tobias Schramm / linux-pinebook-pro

6 years ago

audit: connect LOGIN record to its syscall record · 73e65b88

Currently the AUDIT_LOGIN event is a standalone record that isn't
connected to any other records that may be part of its syscall event. To
avoid the confusion of generating two events, connect the records by
using its syscall context.

Please see the github issue
https://github.com/linux-audit/audit-kernel/issues/110



Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

73e65b88

History

audit: connect LOGIN record to its syscall record

Richard Guy Briggs authored 6 years ago

Currently the AUDIT_LOGIN event is a standalone record that isn't
connected to any other records that may be part of its syscall event. To
avoid the confusion of generating two events, connect the records by
using its syscall context.

Please see the github issue
https://github.com/linux-audit/audit-kernel/issues/110



Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

Code owners

Assign users and groups as approvers for specific file changes. Learn more.

Admin message