Re: [PATCH] audit: use audit_log_task_info in audit_core_dumps and __audit_seccomp

We have a helper function which writes out all of the interesting identity information about tasks, audit_log_task_info(). We then have a second helper, audit_log_task(), which is only used by audit_core_dumps() and __audit_seccomp(). It is a light weight and only outputs some of the information about the task. There does not appear to be rational for its existence except audit_core_dumps() originally did it this way. At the time audit_log_task_info() did not exist. When __audit_seccomp came along audit_core_dumps() was split into this helper and reused. But there was a better helper in audit.c. This does reorder the records for audit_core_dumps() and __audit_seccomp(). The new record order is below. The number in () is the order in the old record. Entries without a () do not exist in the old record. audit_log_task_info: ppid pid (6) auid (1) uid (2) gid (3) euid suid fsuid egid sgid fsgid tty ses (4) comm (7) exe (8) subj (5) audit_log_task: auid uid gid ses subj pid comm exe It seems that reusing the task info pattern throughout records should allow for faster simpler more streamlined userspace records parsing, but changing order like this might be a deal breaker. Signed-off-by: Eric Paris <eparis(a)redhat.com&gt;