Re: [PATCH] audit: fix event coverage of AUDIT_ANOM_LINK

The userspace audit tools didn't like the existing formatting of the AUDIT_ANOM_LINK event. It needed to be expanded to emit an AUDIT_PATH event as well, so this implements the change. The bulk of the patch is moving code out of auditsc.c into audit.c and audit.h for general use. It expands audit_log_name to include an optional "struct path" argument for the simple case of just needing to report a pathname. This also makes audit_log_task_info available when syscall auditing is not enabled so an admin can make sense of the audit report (which would have only shown path information, not process information). Reported-by: Steve Grubb <sgrubb(a)redhat.com&gt; Signed-off-by: Kees Cook <keescook(a)chromium.org&gt;