]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b8da17b) | patch
apparmor: fix mediation of prlimit
authorJohn Johansen <john.johansen@canonical.com>
Wed, 11 Apr 2018 09:03:26 +0000 (02:03 -0700)
committerJohn Johansen <john.johansen@canonical.com>
Thu, 7 Jun 2018 08:51:01 +0000 (01:51 -0700)
commitcb9379175f6726facd0c89c1621c90a695ed2ce1
tree1a436194bef21b5333ca330ff4a6100561d0c710tree | snapshot
parentb8da17bbca9b056e3c196b4bc9e6697a5d6beaf8commit | diff
apparmor: fix mediation of prlimit

For primit apparmor requires that if target confinement does not match
the setting task's confinement, the setting task requires CAP_SYS_RESOURCE.

Unfortunately this was broken when rlimit enforcement was reworked to
support labels.

Fixes: 4ffa78562052 ("apparmor: move resource checks to using labels")
Signed-off-by: John Johansen <john.johansen@canonical.com>
security/apparmor/resource.c diff | blob | history
Linux Kernel Source Tree.