Google Git
Sign in
android-kvm / linux / 11c92f144bf39f448f65202cccba672097a1100b
commit11c92f144bf39f448f65202cccba672097a1100b[log] [tgz]
authorJohn Johansen <john.johansen@canonical.com>Wed Apr 11 02:03:26 2018 -0700
committerJohn Johansen <john.johansen@canonical.com>Thu Jun 07 01:51:01 2018 -0700
tree1a436194bef21b5333ca330ff4a6100561d0c710
parenta4c3f89c9b5a9fab5a8e4ea05399acd6e23072df [diff]
apparmor: fix mediation of prlimit

For primit apparmor requires that if target confinement does not match
the setting task's confinement, the setting task requires CAP_SYS_RESOURCE.

Unfortunately this was broken when rlimit enforcement was reworked to
support labels.

Fixes: 86b92cb782b3 ("apparmor: move resource checks to using labels")
Signed-off-by: John Johansen <john.johansen@canonical.com>
1 file changed
tree: 1a436194bef21b5333ca330ff4a6100561d0c710
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. LICENSES/
  15. mm/
  16. net/
  17. samples/
  18. scripts/
  19. security/
  20. sound/
  21. tools/
  22. usr/
  23. virt/
  24. .clang-format
  25. .cocciconfig
  26. .get_maintainer.ignore
  27. .gitattributes
  28. .gitignore
  29. .mailmap
  30. COPYING
  31. CREDITS
  32. Kbuild
  33. Kconfig
  34. MAINTAINERS
  35. Makefile
  36. README