summaryrefslogtreecommitdiffstats
path: root/security/apparmor/resource.c
Commit message (Collapse)AuthorAgeFilesLines
* AppArmor: export known rlimit names/value mappings in securityfsKees Cook2012-02-271-0/+5
| | | | | | | | | Since the parser needs to know which rlimits are known to the kernel, export the list via a mask file in the "rlimit" subdirectory in the securityfs "features" directory. Signed-off-by: Kees Cook <kees@ubuntu.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
* AppArmor: Fix security_task_setrlimit logic for 2.6.36 changesJohn Johansen2010-09-081-8/+12
| | | | | | | | | | | | 2.6.36 introduced the abilitiy to specify the task that is having its rlimits set. Update mediation to ensure that confined tasks can only set their own group_leader as expected by current policy. Add TODO note about extending policy to support setting other tasks rlimits. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
* AppArmor: mediation of non file objectsJohn Johansen2010-08-021-0/+134
ipc: AppArmor ipc is currently limited to mediation done by file mediation and basic ptrace tests. Improved mediation is a wip. rlimits: AppArmor provides basic abilities to set and control rlimits at a per profile level. Only resources specified in a profile are controled or set. AppArmor rules set the hard limit to a value <= to the current hard limit (ie. they can not currently raise hard limits), and if necessary will lower the soft limit to the new hard limit value. AppArmor does not track resource limits to reset them when a profile is left so that children processes inherit the limits set by the parent even if they are not confined by the same profile. Capabilities: AppArmor provides a per profile mask of capabilities, that will further restrict. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
OpenPOWER on IntegriCloud