Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> writes: >>From 6bea9ec93a3596efb512292aee0ab88e219130cd Mon Sep 17 00:00:00 2001 > From: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> > Date: Mon, 30 Sep 2013 20:07:24 +0900 > Subject: [PATCH 1/4] LSM: Add security_bprm_aborting_creds() hook. > > Add a LSM hook which is called only when an execve operation failed after > prepare_bprm_creds() succeeded. This hook is used by TOMOYO for synchronously > cleaning up resources allocated during an execve operation. > > Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> > --- > fs/exec.c | 1 + > include/linux/security.h | 11 +++++++++++ > security/capability.c | 5 +++++ > security/security.c | 5 +++++ > 4 files changed, 22 insertions(+), 0 deletions(-) > > diff --git a/fs/exec.c b/fs/exec.c > index 8875dd1..89f0479 100644 > --- a/fs/exec.c > +++ b/fs/exec.c > @@ -1172,6 +1172,7 @@ void free_bprm(struct linux_binprm *bprm) > { > free_arg_pages(bprm); > if (bprm->cred) { > + security_bprm_aborting_creds(bprm); Can you move this look outside of the cred_guard_mutex? It looks like you can and I expect not unnecessarily extending the scope of the mutex would be a good idea. > mutex_unlock(¤t->signal->cred_guard_mutex); > abort_creds(bprm->cred); > } -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html