UBUNTU: SAUCE: security: create task_free security callback

The current LSM interface to cred_free is not sufficient for allowing an LSM to track the life and death of a task. This patch adds the task_free hook so that an LSM can clean up resources on task death. Signed-off-by: Kees Cook <kees.cook@canonical.com> Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
author: Kees Cook <kees.cook@canonical.com> 2010-06-28 22:34:04 -0700
committer: Leann Ogasawara <leann.ogasawara@canonical.com> 2010-08-11 07:42:01 -0700
commit: 58c06d53b968885e1faa24ff25a729f36b7684dc (patch)
tree: 2664ca1f07d8cb81b4a1fe6ed02b5d0a43e351ae /security/capability.c
parent: e667051aaa0f0c7e7d953a10c33b1feae69493b5 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/security/capability.c b/security/capability.c
index 8168e3ecd5b..2bcc955def9 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -354,6 +354,9 @@ static int cap_task_create(unsigned long clone_flags)
 	return 0;
 }
 
+static void cap_task_free(struct task_struct *task)
+{ }
+
 static int cap_cred_alloc_blank(struct cred *cred, gfp_t gfp)
 {
 	return 0;
@@ -937,6 +940,7 @@ void __init security_fixup_ops(struct security_operations *ops)
 	set_to_cap_if_null(ops, file_receive);
 	set_to_cap_if_null(ops, dentry_open);
 	set_to_cap_if_null(ops, task_create);
+	set_to_cap_if_null(ops, task_free);
 	set_to_cap_if_null(ops, cred_alloc_blank);
 	set_to_cap_if_null(ops, cred_free);
 	set_to_cap_if_null(ops, cred_prepare);
author	Kees Cook <kees.cook@canonical.com>	2010-06-28 22:34:04 -0700
committer	Leann Ogasawara <leann.ogasawara@canonical.com>	2010-08-11 07:42:01 -0700
commit	58c06d53b968885e1faa24ff25a729f36b7684dc (patch)
tree	2664ca1f07d8cb81b4a1fe6ed02b5d0a43e351ae /security/capability.c
parent	e667051aaa0f0c7e7d953a10c33b1feae69493b5 (diff)