[apparmor] [PATCH 09/27] apparmor: relax the restrictions on setting rlimits
John Johansen
john.johansen at canonical.com
Wed Nov 21 17:21:10 UTC 2012
On 11/21/2012 08:09 AM, Steve Beattie wrote:
> On Tue, Nov 20, 2012 at 08:39:49PM -0800, John Johansen wrote:
>> Instead of limiting the setting of the processes limits to current,
>> relax this to tasks confined by the same profile, as the apparmor
>> controls for rlimits are at a profile level granularity.
>
> Nifty. This would allow the use of prlimit(3) on processes with the same
> profile? Or am I missing another situation where you'd be setting a
> limit on another process?
>
yes. It also plays into plans to allow controlling who you can set via
prlimit with an extended rlimit rule that will come at some point.
>> Signed-off-by: John Johansen <john.johansen at canonical.com>
> Acked-by: Steve Beattie <sbeattie at ubuntu.com>
>
>> ---
>> security/apparmor/resource.c | 15 ++++++++++++---
>> 1 file changed, 12 insertions(+), 3 deletions(-)
>>
>> diff --git a/security/apparmor/resource.c b/security/apparmor/resource.c
>> index e1f3d7e..748bf0c 100644
>
>
>
More information about the AppArmor
mailing list