• John Johansen's avatar
    AppArmor: mediation of non file objects · 0ed3b28a
    John Johansen authored
    ipc:
    AppArmor ipc is currently limited to mediation done by file mediation
    and basic ptrace tests.  Improved mediation is a wip.
    
    rlimits:
    AppArmor provides basic abilities to set and control rlimits at
    a per profile level.  Only resources specified in a profile are controled
    or set.  AppArmor rules set the hard limit to a value <= to the current
    hard limit (ie. they can not currently raise hard limits), and if
    necessary will lower the soft limit to the new hard limit value.
    
    AppArmor does not track resource limits to reset them when a profile
    is left so that children processes inherit the limits set by the
    parent even if they are not confined by the same profile.
    
    Capabilities:  AppArmor provides a per profile mask of capabilities,
    that will further restrict.
    Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
    Signed-off-by: default avatarJames Morris <jmorris@namei.org>
    0ed3b28a
capability.h 1.09 KB