[PATCH v24 21/25] audit: add support for non-syscall auxiliary records

Paul Moore paul at paul-moore.com
Tue Jan 26 20:05:32 UTC 2021

On Tue, Jan 26, 2021 at 1:58 PM Casey Schaufler <casey at schaufler-ca.com> wrote:
> On 1/26/2021 10:42 AM, Richard Guy Briggs wrote:
> > On 2021-01-26 08:41, Casey Schaufler wrote:
> >> Standalone audit records have the timestamp and serial number generated
> >> on the fly and as such are unique, making them standalone.  This new
> >> function audit_alloc_local() generates a local audit context that will
> >> be used only for a standalone record and its auxiliary record(s).  The
> >> context is discarded immediately after the local associated records are
> >> produced.
> >>
> >> Signed-off-by: Richard Guy Briggs <rgb at redhat.com>
> >> Signed-off-by: Casey Schaufler <casey at schaufler-ca.com>
> >> Cc: linux-audit at redhat.com
> >> To: Richard Guy Briggs <rgb at redhat.com>
> > This has been minorly bothering me for several revisions...  Is there a
> > way for the development/authorship to be accurately reflected
> > if/when this patch is merged before the contid patch set?
> I don't know the right way to do that because I had to pull
> some of what was in the original patch out. Any way you would
> like it done is fine with me.

I'm not sure if there is one perfect way.  I typically see either a
"From: " line if the author is different from the submitter, or in
more complex cases such as this it seems like a simple note giving
credit in the description might be the best option.

paul moore

More information about the Linux-security-module-archive mailing list