Re: [PATCH v35 25/29] Audit: Allow multiple records in an audit_buffer

Replace the single skb pointer in an audit_buffer with a list of skb pointers. Add the audit_stamp information to the audit_buffer as there's no guarantee that there will be an audit_context containing the stamp associated with the event. At audit_log_end() time create auxiliary records (none are currently defined) as have been added to the list. Suggested-by: Paul Moore <paul(a)paul-moore.com&gt; Signed-off-by: Casey Schaufler <casey(a)schaufler-ca.com&gt; --- kernel/audit.c | 62 +++++++++++++++++++++++++++++++------------------- 1 file changed, 39 insertions(+), 23 deletions(-)