diff --git a/include/linux/hck/lite_hck_ced.h b/include/linux/hck/lite_hck_ced.h
index e5c9526df66f99986726705cc8fa284500a63a86..9d1ffb7ccef360504d458c47962ad4b71b112d5a 100644
--- a/include/linux/hck/lite_hck_ced.h
+++ b/include/linux/hck/lite_hck_ced.h
@@ -18,6 +18,10 @@
 #undef REGISTER_HCK_LITE_DATA_HOOK
 #define REGISTER_HCK_LITE_DATA_HOOK(name, probe, data)
 #else
+DECLARE_HCK_LITE_HOOK(ced_setattr_insert_lhck,
+	TP_PROTO(struct task_struct *task),
+	TP_ARGS(task));
+
 DECLARE_HCK_LITE_HOOK(ced_switch_task_namespaces_lhck,
 	TP_PROTO(const struct nsproxy *new),
 	TP_ARGS(new));
@@ -26,10 +30,21 @@ DECLARE_HCK_LITE_HOOK(ced_detection_lhck,
 	TP_PROTO(struct task_struct *task),
 	TP_ARGS(task));
 
+DECLARE_HCK_LITE_HOOK(ced_exit_lhck,
+	TP_PROTO(struct task_struct *task),
+	TP_ARGS(task));
+
+DECLARE_HCK_LITE_HOOK(ced_kernel_clone_lhck,
+	TP_PROTO(struct task_struct *task),
+	TP_ARGS(task));
+
 DECLARE_HCK_LITE_HOOK(ced_commit_creds_lhck,
 	TP_PROTO(const struct cred *new),
 	TP_ARGS(new));
 
+DECLARE_HCK_LITE_HOOK(ced_switch_task_namespaces_permission_lhck,
+	TP_PROTO(const struct nsproxy *new, int *ret),
+	TP_ARGS(new, ret));
 #endif /* CONFIG_HCK */
 
 #endif /* _LITE_HCK_CED_H */
diff --git a/kernel/exit.c b/kernel/exit.c
index d788d34dc0aba8cf975b418a12e4f11eb6f97346..195a697d5ed475812b24e85216fc10c45c12b979 100644
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -75,6 +75,8 @@
 #include <asm/unistd.h>
 #include <asm/mmu_context.h>
 
+#include <linux/hck/lite_hck_ced.h>
+
 /*
  * The default value should be high enough to not crash a system that randomly
  * crashes its kernel from time to time, but low enough to at least not permit
@@ -886,6 +888,7 @@ void __noreturn do_exit(long code)
 
 	exit_tasks_rcu_start();
 	exit_notify(tsk, group_dead);
+	CALL_HCK_LITE_HOOK(ced_exit_lhck, tsk);
 	proc_exit_connector(tsk);
 	mpol_put_task_policy(tsk);
 #ifdef CONFIG_FUTEX
diff --git a/kernel/fork.c b/kernel/fork.c
index e431e1f472550edde41a35a2fe28f778fb605948..dd0375e4644bd5edc8f0f914afafee1d2aa94f03 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -2543,7 +2543,7 @@ pid_t kernel_clone(struct kernel_clone_args *args)
 		get_task_struct(p);
 	}
 
-	CALL_HCK_LITE_HOOK(ced_detection_lhck, p);
+	CALL_HCK_LITE_HOOK(ced_kernel_clone_lhck, p);
 	wake_up_new_task(p);
 
 	/* forking complete and child started to run, tell ptracer */
diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
index a75aa2db3bca47d13b8a39293cbb4978d403ace8..37f570812af22afe8875deb8b32e0aa998d559e0 100644
--- a/kernel/nsproxy.c
+++ b/kernel/nsproxy.c
@@ -243,7 +243,12 @@ int unshare_nsproxy_namespaces(unsigned long unshare_flags,
 void switch_task_namespaces(struct task_struct *p, struct nsproxy *new)
 {
 	struct nsproxy *ns;
+	int ret = 0;
 	CALL_HCK_LITE_HOOK(ced_switch_task_namespaces_lhck, new);
+	CALL_HCK_LITE_HOOK(ced_switch_task_namespaces_permission_lhck, new, &ret);
+	if (ret)
+		return;
+
 	might_sleep();
 
 	task_lock(p);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 662f7b4a9516d1629495a4a077a1654465ca238a..3c3e3a4c9e01685798e3e951c2ef89d4ba1695b1 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -93,6 +93,8 @@
 #include <linux/fsnotify.h>
 #include <linux/fanotify.h>
 
+#include <linux/hck/lite_hck_ced.h>
+
 #include "avc.h"
 #include "objsec.h"
 #include "netif.h"
@@ -6483,6 +6485,7 @@ static int selinux_setprocattr(const char *name, void *value, size_t size)
 	}
 
 	commit_creds(new);
+	CALL_HCK_LITE_HOOK(ced_setattr_insert_lhck, current);
 	return size;
 
 abort_change: