Merge tag 'audit-pr-20211101' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoor...

Pull audit updates from Paul Moore:
 "Add some additional audit logging to capture the openat2() syscall
  open_how struct info.

  Previous variations of the open()/openat() syscalls allowed audit
  admins to inspect the syscall args to get the information contained in
  the new open_how struct used in openat2()"

* tag 'audit-pr-20211101' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit:
  audit: return early if the filter rule has a lower priority
  audit: add OPENAT2 record to list "how" info
  audit: add support for the openat2 syscall
  audit: replace magic audit syscall class numbers with macros
  lsm_audit: avoid overloading the "key" audit field
  audit: Convert to SPDX identifier
  audit: rename struct node to struct audit_node to prevent future name collisions

diff --cc MAINTAINERS
Simple merge

diff --cc include/linux/audit.h
Simple merge

diff --cc include/uapi/linux/audit.h
index ecf1edd,afa2472..47e2be3
--- 1/include/uapi/linux/audit.h
--- 2/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@@ -118,7 -118,7 +118,8 @@@
  #define AUDIT_TIME_ADJNTPVAL  1333    /* NTP value adjustment */
  #define AUDIT_BPF             1334    /* BPF subsystem */
  #define AUDIT_EVENT_LISTENER  1335    /* Task joined multicast read socket */
 +#define AUDIT_URINGOP         1336    /* io_uring operation */
+ #define AUDIT_OPENAT2         1337    /* Record showing openat2 how args */
  
  #define AUDIT_AVC             1400    /* SE Linux avc denial or grant */
  #define AUDIT_SELINUX_ERR     1401    /* Internal SE Linux Errors */

diff --cc kernel/audit.h
Simple merge

diff --cc kernel/audit_tree.c
Simple merge

diff --cc kernel/auditsc.c
Simple merge