Merge branch 'audit.b54' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current

* 'audit.b54' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current:
  [PATCH] Fix the bug of using AUDIT_STATUS_RATE_LIMIT when set fail, no error output.
  [PATCH] Fix the kernel panic of audit_filter_task when key field is set
  Re: [PATCH] the loginuid field should be output in all AUDIT_CONFIG_CHANGE audit messages
  kernel/audit.c control character detection is off-by-one
  [PATCH] Audit: Collect signal info when SIGUSR2 is sent to auditd

1 files changed, 8 insertions, 2 deletions

diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 98c50cc671b..b7d354e2b0e 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -1022,8 +1022,11 @@ static void audit_update_watch(struct audit_parent *parent,
 			struct audit_buffer *ab;
 			ab = audit_log_start(NULL, GFP_KERNEL,
 				AUDIT_CONFIG_CHANGE);
+			audit_log_format(ab, "auid=%u ses=%u",
+				audit_get_loginuid(current),
+				audit_get_sessionid(current));
 			audit_log_format(ab,
-				"op=updated rules specifying path=");
+				" op=updated rules specifying path=");
 			audit_log_untrustedstring(ab, owatch->path);
 			audit_log_format(ab, " with dev=%u ino=%lu\n",
 				 dev, ino);
@@ -1058,7 +1061,10 @@ static void audit_remove_parent_watches(struct audit_parent *parent)
 				struct audit_buffer *ab;
 				ab = audit_log_start(NULL, GFP_KERNEL,
 					AUDIT_CONFIG_CHANGE);
-				audit_log_format(ab, "op=remove rule path=");
+				audit_log_format(ab, "auid=%u ses=%u",
+					audit_get_loginuid(current),
+					audit_get_sessionid(current));
+				audit_log_format(ab, " op=remove rule path=");
 				audit_log_untrustedstring(ab, w->path);
 				if (r->filterkey) {
 					audit_log_format(ab, " key=");