Re: [RFC/PATCH 1/3] security: add the security_task_copy() hook

From: Tetsuo Handa
Date: Mon Feb 06 2017 - 05:50:49 EST


Djalal Harouni wrote:
> To achieve the above we add the security_task_copy() hook that allows us
> to clone the Timgad context of parent into child task_struct.
>
> The security hook can also be used by new LSMs after the child task has
> done some initialization, this way they won't clash with the major LSMs.
> The situation is not really well, this hook allows us to introduce a
> stackable LSM that can be easily used with all other LSMs.

We are already planning to revive security_task_alloc() hook (probably in Linux 4.12)
( news://news.gmane.org:119/201701101958.JAD43709.OtJSOQFVFOLHMF@xxxxxxxxxxxxxxxxxxx ).
Is security_task_alloc() called too early for your case?

(Well, we want to configure http archive like marc.info ?)