16 Jan, 2017
1 commit
-
The aad macro can replace aad strings when it is not intended to. Switch
to a fn macro so it is only applied when intended.Also at the same time cleanup audit_data initialization by putting
common boiler plate behind a macro, and dropping the gfp_t parameter
which will become useless.Signed-off-by: John Johansen
12 Jul, 2016
1 commit
-
While using AppArmor, SYS_CAP_RESOURCE is insufficient to call prlimit
on another task. The only other example of a AppArmor mediating access to
another, already running, task (ignoring fork+exec) is ptrace.The AppArmor model for ptrace is that one of the following must be true:
1) The tracer is unconfined
2) The tracer is in complain mode
3) The tracer and tracee are confined by the same profile
4) The tracer is confined but has SYS_CAP_PTRACE1), 2, and 3) are already true for setrlimit.
We can match the ptrace model just by allowing CAP_SYS_RESOURCE.
We still test the values of the rlimit since it can always be overridden
using a value that means unlimited for a particular resource.Signed-off-by: Jeff Mahoney
Signed-off-by: John Johansen
28 Apr, 2013
1 commit
-
Instead of limiting the setting of the processes limits to current,
relax this to tasks confined by the same profile, as the apparmor
controls for rlimits are at a profile level granularity.Signed-off-by: John Johansen
Acked-by: Steve Beattie
10 Apr, 2012
2 commits
-
It isn't needed. If you don't set the type of the data associated with
that type it is a pretty obvious programming bug. So why waste the cycles?Signed-off-by: Eric Paris
-
Just open code it so grep on the source code works better.
Signed-off-by: Eric Paris
04 Apr, 2012
1 commit
-
Linus found that the gigantic size of the common audit data caused a big
perf hit on something as simple as running stat() in a loop. This patch
requires LSMs to declare the LSM specific portion separately rather than
doing it in a union. Thus each LSM can be responsible for shrinking their
portion and don't have to pay a penalty just because other LSMs have a
bigger space requirement.Signed-off-by: Eric Paris
Signed-off-by: Linus Torvalds
28 Feb, 2012
1 commit
-
Since the parser needs to know which rlimits are known to the kernel,
export the list via a mask file in the "rlimit" subdirectory in the
securityfs "features" directory.Signed-off-by: Kees Cook
Signed-off-by: John Johansen
08 Sep, 2010
1 commit
-
2.6.36 introduced the abilitiy to specify the task that is having its
rlimits set. Update mediation to ensure that confined tasks can only
set their own group_leader as expected by current policy.Add TODO note about extending policy to support setting other tasks
rlimits.Signed-off-by: John Johansen
Signed-off-by: James Morris
02 Aug, 2010
1 commit
-
ipc:
AppArmor ipc is currently limited to mediation done by file mediation
and basic ptrace tests. Improved mediation is a wip.rlimits:
AppArmor provides basic abilities to set and control rlimits at
a per profile level. Only resources specified in a profile are controled
or set. AppArmor rules set the hard limit to a value
Signed-off-by: James Morris