On 6/10/20 6:45 PM, Paul Moore wrote: Hi Paul,
I'm sorry I didn't get a chance to mention this before you posted this patch, but for the past several years we have been sticking with a policy of only adding new fields to the end of existing records; please adjust this patch accordingly. Otherwise, this looks fine to me.audit_log_untrustedstring(ab, get_task_comm(name, current)); if (fname) { audit_log_format(ab, " name="); --
Steve mentioned that since this new field "errno" is not a searchable entry, it can be added anywhere in the audit log message.
But I have no problem moving this to the end of the audit record. thanks, -lakshmi
