aboutsummaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorKees Cook <kees.cook@canonical.com>2010-06-28 22:34:04 -0700
committerJohn Rigby <john.rigby@linaro.org>2011-11-16 14:24:23 -0700
commit0c948fba39cbbfe73e72f1b6bfd991caa583c60d (patch)
tree08045bcd2ce194743ec84e8d82d6ea9d3e81cac5 /security
parenta530aa9d98ce6fcb8dc6c1721ee743ba0cdc8fd2 (diff)
downloadlinux-linaro-precise-0c948fba39cbbfe73e72f1b6bfd991caa583c60d.tar.gz
UBUNTU: ubuntu: Yama - create task_free security callback
The current LSM interface to cred_free is not sufficient for allowing an LSM to track the life and death of a task. This patch adds the task_free hook so that an LSM can clean up resources on task death. Signed-off-by: Kees Cook <kees.cook@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Diffstat (limited to 'security')
-rw-r--r--security/capability.c4
-rw-r--r--security/security.c5
2 files changed, 9 insertions, 0 deletions
diff --git a/security/capability.c b/security/capability.c
index 2984ea4f776..e4206b5bd87 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -359,6 +359,9 @@ static int cap_task_create(unsigned long clone_flags)
return 0;
}
+static void cap_task_free(struct task_struct *task)
+{ }
+
static int cap_cred_alloc_blank(struct cred *cred, gfp_t gfp)
{
return 0;
@@ -955,6 +958,7 @@ void __init security_fixup_ops(struct security_operations *ops)
set_to_cap_if_null(ops, file_receive);
set_to_cap_if_null(ops, dentry_open);
set_to_cap_if_null(ops, task_create);
+ set_to_cap_if_null(ops, task_free);
set_to_cap_if_null(ops, cred_alloc_blank);
set_to_cap_if_null(ops, cred_free);
set_to_cap_if_null(ops, cred_prepare);
diff --git a/security/security.c b/security/security.c
index 466ee5c734b..70e8f750d98 100644
--- a/security/security.c
+++ b/security/security.c
@@ -705,6 +705,11 @@ int security_task_create(unsigned long clone_flags)
return security_ops->task_create(clone_flags);
}
+void security_task_free(struct task_struct *task)
+{
+ security_ops->task_free(task);
+}
+
int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
{
return security_ops->cred_alloc_blank(cred, gfp);