apparmor: fix mediation of prlimit
BugLink: http://bugs.launchpad.net/bugs/1763427
For primit apparmor requires that if target confinement does not match
the setting task's confinement, the setting task requires CAP_SYS_RESOURCE.
Unfortunately this was broken when rlimit enforcement was reworked to
support labels.
Fixes: 86b92cb782b3 ("apparmor: move resource checks to using labels")
Signed-off-by: John Johansen <john.johansen@canonical.com>
(cherry picked from commit
a4c2746f4d4b32d8557ee17821f1101fd8474f92
git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor)
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
projects / mirror_ubuntu-bionic-kernel.git / commit