From patchwork Thu Aug 11 19:59:46 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [1/3] AppArmor: Relax the restrictions on setting rlimits Date: Thu, 11 Aug 2011 09:59:46 -0000 From: John Johansen X-Patchwork-Id: 109678 Message-Id: <1313092788-31164-2-git-send-email-john.johansen@canonical.com> To: kernel-team@lists.ubuntu.com Instead of limiting the setting of the processes limits to current, relax this to tasks confined by the same profile, as the apparmor controls for rlimits are at a profile level granularity. Signed-off-by: John Johansen --- security/apparmor/resource.c | 15 ++++++++++++--- 1 files changed, 12 insertions(+), 3 deletions(-) diff --git a/security/apparmor/resource.c b/security/apparmor/resource.c index a4136c1..ef9e1d5 100644 --- a/security/apparmor/resource.c +++ b/security/apparmor/resource.c @@ -15,6 +15,7 @@ #include #include "include/audit.h" +#include "include/context.h" #include "include/resource.h" #include "include/policy.h" @@ -83,17 +84,25 @@ int aa_map_resource(int resource) int aa_task_setrlimit(struct aa_profile *profile, struct task_struct *task, unsigned int resource, struct rlimit *new_rlim) { + struct aa_profile *task_profile; int error = 0; + rcu_read_lock(); + task_profile = aa_get_profile(aa_cred_profile(__task_cred(task))); + rcu_read_unlock(); + /* TODO: extend resource control to handle other (non current) - * processes. AppArmor rules currently have the implicit assumption - * that the task is setting the resource of the current process + * profiles. AppArmor rules currently have the implicit assumption + * that the task is setting the resource of a task confined with + * the same profile. */ - if ((task != current->group_leader) || + if (profile != task_profile || (profile->rlimits.mask & (1 << resource) && new_rlim->rlim_max > profile->rlimits.limits[resource].rlim_max)) error = -EACCES; + aa_put_profile(task_profile); + return audit_resource(profile, resource, new_rlim->rlim_max, error); }