Re: [PATCH v20 20/23] Audit: Add new record for multiple process LSM attributes

On Wed, 26 Aug 2020, Casey Schaufler wrote: > Create a new audit record type to contain the subject information > when there are multiple security modules that require such data. > This record is linked with the same timestamp and serial number. > The record is produced only in cases where there is more than one > security module with a process "context". > > Before this change the only audit events that required multiple > records were syscall events. Several non-syscall events include > subject contexts, so the use of audit_context data has been expanded > as necessary. > > Signed-off-by: Casey Schaufler <casey(a)schaufler-ca.com&gt; > Cc: linux-audit(a)redhat.com Paul, can you review/ack the audit changes?