audit: add syscall information to FEATURE_CHANGE records

Tie syscall information to FEATURE_CHANGE calls since it is a result of
user action.

See: https://github.com/linux-audit/audit-kernel/issues/80

Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
[PM: 80-char fixes]
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/kernel/audit.c b/kernel/audit.c
index 670665c6e2a651648ba55f53879a12501464b5d8..e9f9a90790e5615e0ff7e7fa9fd02657a8823383 100644 (file)
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1099,8 +1099,8 @@ static void audit_log_feature_change(int which, u32 old_feature, u32 new_feature
 
        if (audit_enabled == AUDIT_OFF)
                return;
-
-       ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_FEATURE_CHANGE);
+       ab = audit_log_start(current->audit_context,
+                            GFP_KERNEL, AUDIT_FEATURE_CHANGE);
        if (!ab)
                return;
        audit_log_task_info(ab, current);