]> git.proxmox.com Git - mirror_ubuntu-hirsute-kernel.git/commit
projects / mirror_ubuntu-hirsute-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a4c3f89) | patch
apparmor: fix mediation of prlimit
authorJohn Johansen <john.johansen@canonical.com>
Wed, 11 Apr 2018 09:03:26 +0000 (02:03 -0700)
committerJohn Johansen <john.johansen@canonical.com>
Thu, 7 Jun 2018 08:51:01 +0000 (01:51 -0700)
commit11c92f144bf39f448f65202cccba672097a1100b
tree1a436194bef21b5333ca330ff4a6100561d0c710tree
parenta4c3f89c9b5a9fab5a8e4ea05399acd6e23072dfcommit | diff
apparmor: fix mediation of prlimit

For primit apparmor requires that if target confinement does not match
the setting task's confinement, the setting task requires CAP_SYS_RESOURCE.

Unfortunately this was broken when rlimit enforcement was reworked to
support labels.

Fixes: 86b92cb782b3 ("apparmor: move resource checks to using labels")
Signed-off-by: John Johansen <john.johansen@canonical.com>
security/apparmor/resource.c diff | blob | blame | history
Ubuntu Hirsute Linux kernel mirror