There isn't a convenient place to add information about IPC objects in the audit_context. I'm reluctant to add it -- should we just add a freeform area for data instead? I note that auditing of various IPC operations is already done by avc_audit(). That lacks the actual uid/gid/permissions which the user tried to set, but could easily have them added. It also handles network syscalls, to a certain extent. I'm trying to work out how best to use if for syscall auditing too... -- dwmw2