audit: join tty records to their syscall

AUDIT_TTY records were logged as seperate events from their syscall
records.  Join them so they are logged as the single event that they
are.

Please see the github issue
https://github.com/linux-audit/audit-kernel/issues/106

Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/drivers/tty/tty_audit.c b/drivers/tty/tty_audit.c
index 28f87fd6a28e0ba3aa315b7c0ab0265bcbae7064..9f906a5b8e81012b56e50adb06acd46bab5e23c1 100644 (file)
--- a/drivers/tty/tty_audit.c
+++ b/drivers/tty/tty_audit.c
@@ -66,7 +66,7 @@ static void tty_audit_log(const char *description, dev_t dev,
        uid_t loginuid = from_kuid(&init_user_ns, audit_get_loginuid(current));
        unsigned int sessionid = audit_get_sessionid(current);
 
-       ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_TTY);
+       ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_TTY);
        if (ab) {
                char name[sizeof(current->comm)];