• Andrew Morton's avatar
    [PATCH] selinux: Add resource limit control · d99684fd
    Andrew Morton authored
    From: James Morris <jmorris@redhat.com>
    
    This patch adds controls to the SELinux module over the setting and
    inheritance of resource limits.  With these controls, the ability to set
    hard limits can be limited to specific processes such as login, and when an
    untrusted process invokes a more trusted program, soft limits can be reset,
    thereby avoiding failures in the trusted program due to malicious setting
    of the soft limit by the untrusted process.  Roland McGrath provided input
    and feedback on the patch, which was implemented by Stephen Smalley
    <sds@epoch.ncsc.mil>.
    d99684fd
av_permissions.h 31.8 KB