10 Apr, 2012
2 commits
-
It isn't needed. If you don't set the type of the data associated with
that type it is a pretty obvious programming bug. So why waste the cycles?Signed-off-by: Eric Paris
-
Just open code it so grep on the source code works better.
Signed-off-by: Eric Paris
04 Apr, 2012
1 commit
-
Linus found that the gigantic size of the common audit data caused a big
perf hit on something as simple as running stat() in a loop. This patch
requires LSMs to declare the LSM specific portion separately rather than
doing it in a union. Thus each LSM can be responsible for shrinking their
portion and don't have to pay a penalty just because other LSMs have a
bigger space requirement.Signed-off-by: Eric Paris
Signed-off-by: Linus Torvalds
28 Feb, 2012
1 commit
-
Since the parser needs to know which rlimits are known to the kernel,
export the list via a mask file in the "rlimit" subdirectory in the
securityfs "features" directory.Signed-off-by: Kees Cook
Signed-off-by: John Johansen
08 Sep, 2010
1 commit
-
2.6.36 introduced the abilitiy to specify the task that is having its
rlimits set. Update mediation to ensure that confined tasks can only
set their own group_leader as expected by current policy.Add TODO note about extending policy to support setting other tasks
rlimits.Signed-off-by: John Johansen
Signed-off-by: James Morris
02 Aug, 2010
1 commit
-
ipc:
AppArmor ipc is currently limited to mediation done by file mediation
and basic ptrace tests. Improved mediation is a wip.rlimits:
AppArmor provides basic abilities to set and control rlimits at
a per profile level. Only resources specified in a profile are controled
or set. AppArmor rules set the hard limit to a value
Signed-off-by: James Morris