Fix syscall auditing to audit based on the actual type of system
call that was made, not the type of binary that made it.
Signed-off-by: Michael Davidson <[email protected]>
---
Index: linux-2.6.26.2/arch/x86/kernel/ptrace.c
===================================================================
--- linux-2.6.26.2.orig/arch/x86/kernel/ptrace.c 2008-08-06 09:19:01.000000000 -0700
+++ linux-2.6.26.2/arch/x86/kernel/ptrace.c 2008-08-07 11:01:25.976235000 -0700
@@ -1491,7 +1491,7 @@
syscall_trace(regs);
if (unlikely(current->audit_context)) {
- if (test_thread_flag(TIF_IA32)) {
+ if (current_thread_info()->status & TS_COMPAT) {
audit_syscall_entry(AUDIT_ARCH_I386,
regs->orig_ax,
regs->bx, regs->cx,