aboutsummaryrefslogtreecommitdiffstats
path: root/security/apparmor/include/resource.h (follow)
AgeCommit message (Collapse)AuthorFilesLines
2017-06-10apparmor: move resource checks to using labelsJohn Johansen1-2/+2
Signed-off-by: John Johansen <john.johansen@canonical.com>
2017-06-08apparmor: rename apparmor file fns and data to indicate useJohn Johansen1-1/+1
prefixes are used for fns/data that are not static to apparmorfs.c with the prefixes being aafs - special magic apparmorfs for policy namespace data aa_sfs - for fns/data that go into securityfs aa_fs - for fns/data that may be used in the either of aafs or securityfs Signed-off-by: John Johansen <john.johansen@canonical.com> Reviewed-by: Seth Arnold <seth.arnold@canonical.com> Reviewed-by: Kees Cook <keescook@chromium.org>
2012-02-27AppArmor: export known rlimit names/value mappings in securityfsKees Cook1-0/+4
Since the parser needs to know which rlimits are known to the kernel, export the list via a mask file in the "rlimit" subdirectory in the securityfs "features" directory. Signed-off-by: Kees Cook <kees@ubuntu.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
2010-09-08AppArmor: Fix security_task_setrlimit logic for 2.6.36 changesJohn Johansen1-2/+2
2.6.36 introduced the abilitiy to specify the task that is having its rlimits set. Update mediation to ensure that confined tasks can only set their own group_leader as expected by current policy. Add TODO note about extending policy to support setting other tasks rlimits. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
2010-08-02AppArmor: mediation of non file objectsJohn Johansen1-0/+46
ipc: AppArmor ipc is currently limited to mediation done by file mediation and basic ptrace tests. Improved mediation is a wip. rlimits: AppArmor provides basic abilities to set and control rlimits at a per profile level. Only resources specified in a profile are controled or set. AppArmor rules set the hard limit to a value <= to the current hard limit (ie. they can not currently raise hard limits), and if necessary will lower the soft limit to the new hard limit value. AppArmor does not track resource limits to reset them when a profile is left so that children processes inherit the limits set by the parent even if they are not confined by the same profile. Capabilities: AppArmor provides a per profile mask of capabilities, that will further restrict. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.