On Mon, Apr 18, 2022 at 11:12 AM Casey Schaufler <[email protected]> wrote: > > Replace the single skb pointer in an audit_buffer with > a list of skb pointers. Add the audit_stamp information > to the audit_buffer as there's no guarantee that there > will be an audit_context containing the stamp associated > with the event. At audit_log_end() time create auxiliary > records (none are currently defined) as have been added > to the list. > > Suggested-by: Paul Moore <[email protected]> > Signed-off-by: Casey Schaufler <[email protected]> > --- > kernel/audit.c | 62 +++++++++++++++++++++++++++++++------------------- > 1 file changed, 39 insertions(+), 23 deletions(-)
I believe the audit_buffer_aux_new() and audit_buffer_aux_end() functions from patch 26/29 belong in this patch, but otherwise it looks okay to me. Acked-by: Paul Moore <[email protected]> -- paul-moore.com -- Linux-audit mailing list [email protected] https://listman.redhat.com/mailman/listinfo/linux-audit
