mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-15 23:25:07 +00:00
0ed3b28ab8
ipc: AppArmor ipc is currently limited to mediation done by file mediation and basic ptrace tests. Improved mediation is a wip. rlimits: AppArmor provides basic abilities to set and control rlimits at a per profile level. Only resources specified in a profile are controled or set. AppArmor rules set the hard limit to a value <= to the current hard limit (ie. they can not currently raise hard limits), and if necessary will lower the soft limit to the new hard limit value. AppArmor does not track resource limits to reset them when a profile is left so that children processes inherit the limits set by the parent even if they are not confined by the same profile. Capabilities: AppArmor provides a per profile mask of capabilities, that will further restrict. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org> |
||
|---|---|---|
| .. | ||
| apparmor | ||
| integrity/ima | ||
| keys | ||
| selinux | ||
| smack | ||
| tomoyo | ||
| capability.c | ||
| commoncap.c | ||
| device_cgroup.c | ||
| inode.c | ||
| Kconfig | ||
| lsm_audit.c | ||
| Makefile | ||
| min_addr.c | ||
| security.c | ||