2 files changed, 10 insertions, 3 deletions

diff --git a/kernel/audit.h b/kernel/audit.h
index ddfce2ea4891..bb3a4e14b7e5 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -68,6 +68,7 @@ struct audit_cap_data {
                 unsigned int    fE;             /* effective bit of file cap */
                 kernel_cap_t    effective;      /* effective set of process */
         };
+        kernel_cap_t            ambient;
 };
 
 /* When fs/namei.c:getname() is called, we store the pointer in name and bump
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index b2dcbe637b7c..5fa68d10032f 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1260,6 +1260,7 @@ static void show_special(struct audit_context *context, int *call_panic)
                 audit_log_cap(ab, "cap_pi", &context->capset.cap.inheritable);
                 audit_log_cap(ab, "cap_pp", &context->capset.cap.permitted);
                 audit_log_cap(ab, "cap_pe", &context->capset.cap.effective);
+                audit_log_cap(ab, "cap_pa", &context->capset.cap.ambient);
                 break;
         case AUDIT_MMAP:
                 audit_log_format(ab, "fd=%d flags=0x%x", context->mmap.fd,
@@ -1381,9 +1382,11 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
                         audit_log_cap(ab, "old_pp", &axs->old_pcap.permitted);
                         audit_log_cap(ab, "old_pi", &axs->old_pcap.inheritable);
                         audit_log_cap(ab, "old_pe", &axs->old_pcap.effective);
-                        audit_log_cap(ab, "new_pp", &axs->new_pcap.permitted);
-                        audit_log_cap(ab, "new_pi", &axs->new_pcap.inheritable);
-                        audit_log_cap(ab, "new_pe", &axs->new_pcap.effective);
+                        audit_log_cap(ab, "old_pa", &axs->old_pcap.ambient);
+                        audit_log_cap(ab, "pp", &axs->new_pcap.permitted);
+                        audit_log_cap(ab, "pi", &axs->new_pcap.inheritable);
+                        audit_log_cap(ab, "pe", &axs->new_pcap.effective);
+                        audit_log_cap(ab, "pa", &axs->new_pcap.ambient);
                         break; }
 
                 }
@@ -2341,10 +2344,12 @@ int __audit_log_bprm_fcaps(struct linux_binprm *bprm,
         ax->old_pcap.permitted   = old->cap_permitted;
         ax->old_pcap.inheritable = old->cap_inheritable;
         ax->old_pcap.effective   = old->cap_effective;
+        ax->old_pcap.ambient     = old->cap_ambient;
 
         ax->new_pcap.permitted   = new->cap_permitted;
         ax->new_pcap.inheritable = new->cap_inheritable;
         ax->new_pcap.effective   = new->cap_effective;
+        ax->new_pcap.ambient     = new->cap_ambient;
         return 0;
 }
 
@@ -2363,6 +2368,7 @@ void __audit_log_capset(const struct cred *new, const struct cred *old)
         context->capset.cap.effective   = new->cap_effective;
         context->capset.cap.inheritable = new->cap_effective;
         context->capset.cap.permitted   = new->cap_permitted;
+        context->capset.cap.ambient     = new->cap_ambient;
         context->type = AUDIT_CAPSET;
 }