On Wed, Apr 27, 2016 at 9:31 PM, Richard Guy Briggs <r...@redhat.com> wrote: > On 16/04/22, Peter Hurley wrote: >> 2. The existing usage is always tsk==current > > My understanding is that when it is called via: > > copy_process() > audit_free() > __audit_free() > audit_log_exit() > audit_log_task_info() > > then tsk != current. This appears to be the only case which appears to > force lugging around tsk. This is noted in that commit referenced > above.
In the case where copy_process() ends up calling __audit_free(), the call to audit_log_exit() is conditional on the audit context in_syscall field being true and unless I missed something, the copied process' audit context should not have in_syscall set to true. -- paul moore www.paul-moore.com