Re: [patch] Syscall auditing - move "name=" field to the end

This patch moves the "name=" field to the end of audit records. The original placement is bad because it cannot be properly parsed. It is impossible to tell if the name is "/bin/true" or "/bin/true inode=469634 dev=00:00" because the "inode=" and "dev=" fields can be omitted. Before: audit(1111008486.824:89346): item=0 name=/bin/true inode=469634 dev=00:00 After: audit(1111008486.824:89346): item=0 inode=469634 dev=00:00 name=/bin/true Signed-off-by: Ondrej Zary <linux(a)rainbow-software.org&gt;