Re: [PATCH] audit: consistently record PIDs with task_tgid_nr()

On Tue, Aug 30, 2016 at 5:13 PM, Paul Moore <pmoore(a)redhat.com&gt; wrote: > From: Paul Moore <paul(a)paul-moore.com&gt; > > Unfortunately we record PIDs in audit records using a variety of > methods despite the correct way being the use of task_tgid_nr(). > This patch converts all of these callers, except for the case of > AUDIT_SET in audit_receive_msg() (see the comment in the code). > > Reported-by: Jeff Vander Stoep <jeffv(a)google.com&gt; > Signed-off-by: Paul Moore <paul(a)paul-moore.com&gt; > --- > kernel/audit.c | 8 +++++++- > kernel/auditsc.c | 12 ++++++------ > security/lsm_audit.c | 4 ++-- > 3 files changed, 15 insertions(+), 9 deletions(-) I forgot to tag this with "RFC". This patch compiles but I haven't had a chance to test it yet so it isn't going into audit#next just yet; if you have any concerns, now is the time to voice them. -- paul moore security @ redhat