提交 3a2dc838 编写于 作者: J John Johansen 提交者: James Morris

AppArmor: Fix security_task_setrlimit logic for 2.6.36 changes

2.6.36 introduced the abilitiy to specify the task that is having its
rlimits set.  Update mediation to ensure that confined tasks can only
set their own group_leader as expected by current policy.

Add TODO note about extending policy to support setting other tasks
rlimits.
Signed-off-by: NJohn Johansen <john.johansen@canonical.com>
Signed-off-by: NJames Morris <jmorris@namei.org>
上级 e819ff51
...@@ -33,8 +33,8 @@ struct aa_rlimit { ...@@ -33,8 +33,8 @@ struct aa_rlimit {
}; };
int aa_map_resource(int resource); int aa_map_resource(int resource);
int aa_task_setrlimit(struct aa_profile *profile, unsigned int resource, int aa_task_setrlimit(struct aa_profile *profile, struct task_struct *,
struct rlimit *new_rlim); unsigned int resource, struct rlimit *new_rlim);
void __aa_transition_rlimits(struct aa_profile *old, struct aa_profile *new); void __aa_transition_rlimits(struct aa_profile *old, struct aa_profile *new);
......
...@@ -614,7 +614,7 @@ static int apparmor_task_setrlimit(struct task_struct *task, ...@@ -614,7 +614,7 @@ static int apparmor_task_setrlimit(struct task_struct *task,
int error = 0; int error = 0;
if (!unconfined(profile)) if (!unconfined(profile))
error = aa_task_setrlimit(profile, resource, new_rlim); error = aa_task_setrlimit(profile, task, resource, new_rlim);
return error; return error;
} }
......
...@@ -72,6 +72,7 @@ int aa_map_resource(int resource) ...@@ -72,6 +72,7 @@ int aa_map_resource(int resource)
/** /**
* aa_task_setrlimit - test permission to set an rlimit * aa_task_setrlimit - test permission to set an rlimit
* @profile - profile confining the task (NOT NULL) * @profile - profile confining the task (NOT NULL)
* @task - task the resource is being set on
* @resource - the resource being set * @resource - the resource being set
* @new_rlim - the new resource limit (NOT NULL) * @new_rlim - the new resource limit (NOT NULL)
* *
...@@ -79,18 +80,21 @@ int aa_map_resource(int resource) ...@@ -79,18 +80,21 @@ int aa_map_resource(int resource)
* *
* Returns: 0 or error code if setting resource failed * Returns: 0 or error code if setting resource failed
*/ */
int aa_task_setrlimit(struct aa_profile *profile, unsigned int resource, int aa_task_setrlimit(struct aa_profile *profile, struct task_struct *task,
struct rlimit *new_rlim) unsigned int resource, struct rlimit *new_rlim)
{ {
int error = 0; int error = 0;
if (profile->rlimits.mask & (1 << resource) && /* TODO: extend resource control to handle other (non current)
new_rlim->rlim_max > profile->rlimits.limits[resource].rlim_max) * processes. AppArmor rules currently have the implicit assumption
* that the task is setting the resource of the current process
error = audit_resource(profile, resource, new_rlim->rlim_max, */
-EACCES); if ((task != current->group_leader) ||
(profile->rlimits.mask & (1 << resource) &&
new_rlim->rlim_max > profile->rlimits.limits[resource].rlim_max))
error = -EACCES;
return error; return audit_resource(profile, resource, new_rlim->rlim_max, error);
} }
/** /**
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册