[apparmor] [PATCH 09/27] apparmor: relax the restrictions on setting rlimits
Steve Beattie
steve at nxnw.org
Wed Nov 21 17:28:58 UTC 2012
On Wed, Nov 21, 2012 at 09:21:10AM -0800, John Johansen wrote:
> On 11/21/2012 08:09 AM, Steve Beattie wrote:
> > On Tue, Nov 20, 2012 at 08:39:49PM -0800, John Johansen wrote:
> >> Instead of limiting the setting of the processes limits to current,
> >> relax this to tasks confined by the same profile, as the apparmor
> >> controls for rlimits are at a profile level granularity.
> >
> > Nifty. This would allow the use of prlimit(3) on processes with the same
> > profile? Or am I missing another situation where you'd be setting a
> > limit on another process?
> >
> yes. It also plays into plans to allow controlling who you can set via
> prlimit with an extended rlimit rule that will come at some point.
Yeah, that's a cool extension, too. (Though I do wonder if anything
actually uses prlimit(3) currently...)
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20121121/5e20aca9/attachment-0001.pgp>
More information about the AppArmor
mailing list