Google Git
Sign in
kernel / pub / scm / linux / kernel / git / jj / linux-apparmor / refs/heads/fix-rlimit
commita4c2746f4d4b32d8557ee17821f1101fd8474f92[log] [tgz]
authorJohn Johansen <john.johansen@canonical.com>Wed Apr 11 02:03:26 2018 -0700
committerJohn Johansen <john.johansen@canonical.com>Wed Apr 11 13:39:16 2018 -0700
tree721952399531d8c208ac4e0219efed4a38631652
parent588558eb6d0e0b6edfa65a67e906c2ffeba63ff1 [diff]
apparmor: fix mediation of prlimit

For primit apparmor requires that if target confinement does not match
the setting task's confinement, the setting task requires CAP_SYS_RESOURCE.

Unfortunately this was broken when rlimit enforcement was reworked to
support labels.

Fixes: 86b92cb782b3 ("apparmor: move resource checks to using labels")
Signed-off-by: John Johansen <john.johansen@canonical.com>
1 file changed
tree: 721952399531d8c208ac4e0219efed4a38631652
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README