Re: [PATCH v19 20/23] Audit: Add new record for multiple process LSM attributes

Create a new audit record type to contain the subject information when there are multiple security modules that require such data. This record is linked with the same timestamp and serial number. The record is produced only in cases where there is more than one security module with a process "context". Before this change the only audit events that required multiple records were syscall events. Several non-syscall events include subject contexts, so the use of audit_context data has been expanded as necessary. Signed-off-by: Casey Schaufler <casey(a)schaufler-ca.com&gt; Cc: linux-audit(a)redhat.com --- diff --git a/include/net/xfrm.h b/include/net/xfrm.h index c7d213c9f9d8..930432c3912e 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -672,11 +672,13 @@ static inline struct audit_buffer *xfrm_audit_start(const char *op) if (audit_enabled == AUDIT_OFF) return NULL; + audit_stamp_context(audit_context()); audit_buf = audit_log_start(audit_context(), GFP_ATOMIC, AUDIT_MAC_IPSEC_EVENT); if (audit_buf == NULL) return NULL; audit_log_format(audit_buf, "op=%s", op); + audit_log_lsm(NULL, false);