summaryrefslogtreecommitdiffstats
path: root/security/apparmor/match.c
diff options
context:
space:
mode:
authorJeff Mahoney <jeffm@suse.com>2015-11-06 21:17:30 +0100
committerJohn Johansen <john.johansen@canonical.com>2016-07-12 17:43:10 +0200
commitff118479a76dbece9ae1c65c7c6a3ebe9cfa73e0 (patch)
treef3c092146e85c89ed03b3cc708af9ad428593025 /security/apparmor/match.c
parentapparmor: use list_next_entry instead of list_entry_next (diff)
downloadlinux-ff118479a76dbece9ae1c65c7c6a3ebe9cfa73e0.tar.xz
linux-ff118479a76dbece9ae1c65c7c6a3ebe9cfa73e0.zip
apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another task
While using AppArmor, SYS_CAP_RESOURCE is insufficient to call prlimit on another task. The only other example of a AppArmor mediating access to another, already running, task (ignoring fork+exec) is ptrace. The AppArmor model for ptrace is that one of the following must be true: 1) The tracer is unconfined 2) The tracer is in complain mode 3) The tracer and tracee are confined by the same profile 4) The tracer is confined but has SYS_CAP_PTRACE 1), 2, and 3) are already true for setrlimit. We can match the ptrace model just by allowing CAP_SYS_RESOURCE. We still test the values of the rlimit since it can always be overridden using a value that means unlimited for a particular resource. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/match.c')
0 files changed, 0 insertions, 0 deletions