diff options
author | Takashi Iwai <tiwai@suse.de> | 2010-09-16 07:33:21 +0200 |
---|---|---|
committer | Takashi Iwai <tiwai@suse.de> | 2010-09-16 07:33:21 +0200 |
commit | c91925db4925ba0d145478f02c093369196936e9 (patch) | |
tree | 0e5da4211de3c18b65337c3094ec15994cf2534a /security/apparmor/resource.c | |
parent | ALSA: hda - Set up COEFs for ALC269 to avoid click noises at power-saving (diff) | |
parent | ALSA: patch_nvhdmi.c: Fix supported sample rate list. (diff) | |
download | linux-dev-c91925db4925ba0d145478f02c093369196936e9.tar.xz linux-dev-c91925db4925ba0d145478f02c093369196936e9.zip |
Merge branch 'fix/hda' into topic/hda
Diffstat (limited to 'security/apparmor/resource.c')
-rw-r--r-- | security/apparmor/resource.c | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/security/apparmor/resource.c b/security/apparmor/resource.c index 4a368f1fd36d..a4136c10b1c6 100644 --- a/security/apparmor/resource.c +++ b/security/apparmor/resource.c @@ -72,6 +72,7 @@ int aa_map_resource(int resource) /** * aa_task_setrlimit - test permission to set an rlimit * @profile - profile confining the task (NOT NULL) + * @task - task the resource is being set on * @resource - the resource being set * @new_rlim - the new resource limit (NOT NULL) * @@ -79,18 +80,21 @@ int aa_map_resource(int resource) * * Returns: 0 or error code if setting resource failed */ -int aa_task_setrlimit(struct aa_profile *profile, unsigned int resource, - struct rlimit *new_rlim) +int aa_task_setrlimit(struct aa_profile *profile, struct task_struct *task, + unsigned int resource, struct rlimit *new_rlim) { int error = 0; - if (profile->rlimits.mask & (1 << resource) && - new_rlim->rlim_max > profile->rlimits.limits[resource].rlim_max) - - error = audit_resource(profile, resource, new_rlim->rlim_max, - -EACCES); + /* TODO: extend resource control to handle other (non current) + * processes. AppArmor rules currently have the implicit assumption + * that the task is setting the resource of the current process + */ + if ((task != current->group_leader) || + (profile->rlimits.mask & (1 << resource) && + new_rlim->rlim_max > profile->rlimits.limits[resource].rlim_max)) + error = -EACCES; - return error; + return audit_resource(profile, resource, new_rlim->rlim_max, error); } /** |