Violations of seccomp filters should always be reported, regardless
of audit context. This the minimal change version of what has been
proposed upstream: https://lkml.org/lkml/2012/3/23/332
Signed-off-by: Kees Cook <kees@ubuntu.com>
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
static inline void audit_seccomp(unsigned long syscall, long signr, int code)
{
- if (unlikely(!audit_dummy_context()))
- __audit_seccomp(syscall, signr, code);
+ __audit_seccomp(syscall, signr, code);
}
static inline void audit_ptrace(struct task_struct *t)