On 3/3/2022 2:27 PM, Paul Moore wrote:
On Wed, Mar 2, 2022 at 5:32 PM Casey Schaufler <ca...@schaufler-ca.com> wrote:
On 2/2/2022 3:53 PM, Casey Schaufler wrote:
Add a list for auxiliary record data to the audit_buffer structure.
Add the audit_stamp information to the audit_buffer as there's no
guarantee that there will be an audit_context containing the stamp
associated with the event. At audit_log_end() time create auxiliary
records (none are currently defined) as have been added to the list.
Signed-off-by: Casey Schaufler <ca...@schaufler-ca.com>
I'm really hoping for either Acks or feedback on this approach.
The only callers that make use of this functionality in this patchset
is in kernel/audit*.c in patches 25/28 and 26/28, yes?
Yes.
I think that the container ID record could use it as well.
I haven't looked deeply, but it should be usable for any aux record type.
--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit
