aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2010-09-06 13:10:20 -0400
committerJames Morris <jmorris@namei.org>2010-09-07 19:19:29 -0400
commit3a2dc8382a3e85a51ed9c6f57ea80665ea7a0c95 (patch)
tree05b289dc97bf08459911d0b5500896ed80af25c7 /security
parente819ff519b2d74373eca4a9a2b417ebf4c1e1b29 (diff)
AppArmor: Fix security_task_setrlimit logic for 2.6.36 changes
2.6.36 introduced the abilitiy to specify the task that is having its rlimits set. Update mediation to ensure that confined tasks can only set their own group_leader as expected by current policy. Add TODO note about extending policy to support setting other tasks rlimits. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r--security/apparmor/include/resource.h4
-rw-r--r--security/apparmor/lsm.c2
-rw-r--r--security/apparmor/resource.c20
3 files changed, 15 insertions, 11 deletions
diff --git a/security/apparmor/include/resource.h b/security/apparmor/include/resource.h
index 3c88be946494..02baec732bb5 100644
--- a/security/apparmor/include/resource.h
+++ b/security/apparmor/include/resource.h
@@ -33,8 +33,8 @@ struct aa_rlimit {
33}; 33};
34 34
35int aa_map_resource(int resource); 35int aa_map_resource(int resource);
36int aa_task_setrlimit(struct aa_profile *profile, unsigned int resource, 36int aa_task_setrlimit(struct aa_profile *profile, struct task_struct *,
37 struct rlimit *new_rlim); 37 unsigned int resource, struct rlimit *new_rlim);
38 38
39void __aa_transition_rlimits(struct aa_profile *old, struct aa_profile *new); 39void __aa_transition_rlimits(struct aa_profile *old, struct aa_profile *new);
40 40
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index f73e2c204218..cf1de4462ccd 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -614,7 +614,7 @@ static int apparmor_task_setrlimit(struct task_struct *task,
614 int error = 0; 614 int error = 0;
615 615
616 if (!unconfined(profile)) 616 if (!unconfined(profile))
617 error = aa_task_setrlimit(profile, resource, new_rlim); 617 error = aa_task_setrlimit(profile, task, resource, new_rlim);
618 618
619 return error; 619 return error;
620} 620}
diff --git a/security/apparmor/resource.c b/security/apparmor/resource.c
index 4a368f1fd36d..a4136c10b1c6 100644
--- a/security/apparmor/resource.c
+++ b/security/apparmor/resource.c
@@ -72,6 +72,7 @@ int aa_map_resource(int resource)
72/** 72/**
73 * aa_task_setrlimit - test permission to set an rlimit 73 * aa_task_setrlimit - test permission to set an rlimit
74 * @profile - profile confining the task (NOT NULL) 74 * @profile - profile confining the task (NOT NULL)
75 * @task - task the resource is being set on
75 * @resource - the resource being set 76 * @resource - the resource being set
76 * @new_rlim - the new resource limit (NOT NULL) 77 * @new_rlim - the new resource limit (NOT NULL)
77 * 78 *
@@ -79,18 +80,21 @@ int aa_map_resource(int resource)
79 * 80 *
80 * Returns: 0 or error code if setting resource failed 81 * Returns: 0 or error code if setting resource failed
81 */ 82 */
82int aa_task_setrlimit(struct aa_profile *profile, unsigned int resource, 83int aa_task_setrlimit(struct aa_profile *profile, struct task_struct *task,
83 struct rlimit *new_rlim) 84 unsigned int resource, struct rlimit *new_rlim)
84{ 85{
85 int error = 0; 86 int error = 0;
86 87
87 if (profile->rlimits.mask & (1 << resource) && 88 /* TODO: extend resource control to handle other (non current)
88 new_rlim->rlim_max > profile->rlimits.limits[resource].rlim_max) 89 * processes. AppArmor rules currently have the implicit assumption
89 90 * that the task is setting the resource of the current process
90 error = audit_resource(profile, resource, new_rlim->rlim_max, 91 */
91 -EACCES); 92 if ((task != current->group_leader) ||
93 (profile->rlimits.mask & (1 << resource) &&
94 new_rlim->rlim_max > profile->rlimits.limits[resource].rlim_max))
95 error = -EACCES;
92 96
93 return error; 97 return audit_resource(profile, resource, new_rlim->rlim_max, error);
94} 98}
95 99
96/** 100/**