diff options
| author | John Johansen <john.johansen@canonical.com> | 2013-02-18 19:07:34 -0500 |
|---|---|---|
| committer | John Johansen <john.johansen@canonical.com> | 2013-04-28 03:36:46 -0400 |
| commit | cf47aede3b9e197d3b4a028e2157bf7736665ac4 (patch) | |
| tree | efd63ec21d10530c898024ea0c386bad54dbec26 | |
| parent | 4b7c331fc2eceaa4da5ded41c0b2eca3fd924444 (diff) | |
apparmor: relax the restrictions on setting rlimits
Instead of limiting the setting of the processes limits to current,
relax this to tasks confined by the same profile, as the apparmor
controls for rlimits are at a profile level granularity.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <sbeattie@ubuntu.com>
| -rw-r--r-- | security/apparmor/resource.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/security/apparmor/resource.c b/security/apparmor/resource.c index e1f3d7ef2c54..748bf0ca6c9f 100644 --- a/security/apparmor/resource.c +++ b/security/apparmor/resource.c | |||
| @@ -15,6 +15,7 @@ | |||
| 15 | #include <linux/audit.h> | 15 | #include <linux/audit.h> |
| 16 | 16 | ||
| 17 | #include "include/audit.h" | 17 | #include "include/audit.h" |
| 18 | #include "include/context.h" | ||
| 18 | #include "include/resource.h" | 19 | #include "include/resource.h" |
| 19 | #include "include/policy.h" | 20 | #include "include/policy.h" |
| 20 | 21 | ||
| @@ -90,17 +91,25 @@ int aa_map_resource(int resource) | |||
| 90 | int aa_task_setrlimit(struct aa_profile *profile, struct task_struct *task, | 91 | int aa_task_setrlimit(struct aa_profile *profile, struct task_struct *task, |
| 91 | unsigned int resource, struct rlimit *new_rlim) | 92 | unsigned int resource, struct rlimit *new_rlim) |
| 92 | { | 93 | { |
| 94 | struct aa_profile *task_profile; | ||
| 93 | int error = 0; | 95 | int error = 0; |
| 94 | 96 | ||
| 97 | rcu_read_lock(); | ||
| 98 | task_profile = aa_get_profile(aa_cred_profile(__task_cred(task))); | ||
| 99 | rcu_read_unlock(); | ||
| 100 | |||
| 95 | /* TODO: extend resource control to handle other (non current) | 101 | /* TODO: extend resource control to handle other (non current) |
| 96 | * processes. AppArmor rules currently have the implicit assumption | 102 | * profiles. AppArmor rules currently have the implicit assumption |
| 97 | * that the task is setting the resource of the current process | 103 | * that the task is setting the resource of a task confined with |
| 104 | * the same profile. | ||
| 98 | */ | 105 | */ |
| 99 | if ((task != current->group_leader) || | 106 | if (profile != task_profile || |
| 100 | (profile->rlimits.mask & (1 << resource) && | 107 | (profile->rlimits.mask & (1 << resource) && |
| 101 | new_rlim->rlim_max > profile->rlimits.limits[resource].rlim_max)) | 108 | new_rlim->rlim_max > profile->rlimits.limits[resource].rlim_max)) |
| 102 | error = -EACCES; | 109 | error = -EACCES; |
| 103 | 110 | ||
| 111 | aa_put_profile(task_profile); | ||
| 112 | |||
| 104 | return audit_resource(profile, resource, new_rlim->rlim_max, error); | 113 | return audit_resource(profile, resource, new_rlim->rlim_max, error); |
| 105 | } | 114 | } |
| 106 | 115 | ||