On Thu, Nov 21, 2019 at 06:41:31PM -0500, Paul Moore wrote: SNIP > a common requirement for new audit functionality (link below). I'm > also fairly certain we don't want this new BPF record to look like how > you've coded it up in bpf_audit_prog(); duplicating the fields with > audit_log_task() is wrong, you've either already got them via an > associated record (which you get from passing non-NULL as the first > parameter to audit_log_start()), or you don't because there is no > associated syscall/task (which you get from passing NULL as the first ok, I'll send change that reflects this.. together with the test thanks, jirka > parameter). Please revert, un-merge, etc. this patch from bpf-next; > it should not go into Linus' tree as written. > > Audit userspace PR: > * https://github.com/linux-audit/audit-userspace/pull/104 > > Audit test suite: > * https://github.com/linux-audit/audit-testsuite > > Audit folks, here is a link to the thread in the archives: > * https://lore.kernel.org/bpf/20191120213816.8186-1-jolsa@xxxxxxxxxx/T/#u > > -- > paul moore > www.paul-moore.com >
