Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> writes:
>>From 6bea9ec93a3596efb512292aee0ab88e219130cd Mon Sep 17 00:00:00 2001
> From: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
> Date: Mon, 30 Sep 2013 20:07:24 +0900
> Subject: [PATCH 1/4] LSM: Add security_bprm_aborting_creds() hook.
>
> Add a LSM hook which is called only when an execve operation failed after
> prepare_bprm_creds() succeeded. This hook is used by TOMOYO for synchronously
> cleaning up resources allocated during an execve operation.
>
> Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
> ---
> fs/exec.c | 1 +
> include/linux/security.h | 11 +++++++++++
> security/capability.c | 5 +++++
> security/security.c | 5 +++++
> 4 files changed, 22 insertions(+), 0 deletions(-)
>
> diff --git a/fs/exec.c b/fs/exec.c
> index 8875dd1..89f0479 100644
> --- a/fs/exec.c
> +++ b/fs/exec.c
> @@ -1172,6 +1172,7 @@ void free_bprm(struct linux_binprm *bprm)
> {
> free_arg_pages(bprm);
> if (bprm->cred) {
> + security_bprm_aborting_creds(bprm);
Can you move this look outside of the cred_guard_mutex? It looks like
you can and I expect not unnecessarily extending the scope of the mutex
would be a good idea.
> mutex_unlock(¤t->signal->cred_guard_mutex);
> abort_creds(bprm->cred);
> }
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
