This series of patches cleans up some usages of the audit subsystem's API by IMA. We also introduce a new record type that IMA creates while parsing policy rules. Stefan v2->v3: - reworked patch 4; pass current->audit_context rather than NULL v1->v2: - dropped several patches that extended existing messages with missing fields - Using audit_log_task_info() for new record type in last patch - rebased on security-next; new message type is now 1807 Stefan Berger (4): ima: Call audit_log_string() rather than logging it untrusted ima: Use audit_log_format() rather than audit_log_string() ima: Do not audit if CONFIG_INTEGRITY_AUDIT is not set ima: Differentiate auditing policy rules from "audit" actions include/uapi/linux/audit.h | 1 + security/integrity/ima/Kconfig | 1 + security/integrity/ima/ima_policy.c | 9 ++++++--- security/integrity/integrity.h | 15 +++++++++++++++ security/integrity/integrity_audit.c | 6 +----- 5 files changed, 24 insertions(+), 8 deletions(-) -- 2.13.6