Define getrlimit permission for class process
This permission was added to the kernel in commit 791ec491c372 ("prlimit,security,selinux: add a security hook for prlimit") circa Linux 4.12 in order to control the ability to get the resource limits of another process. It is only checked when acting on another process, so it is not required for getrlimit(2), only for prlimit(2) on another process. Test: Policy builds Change-Id: Ic0079a341e959f1c5a3d045974df4b756fd4ab67 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
parent
c4055f0d04
commit
91a3eeac8f
@ -316,6 +316,7 @@ class process
|
||||
execheap
|
||||
setkeycreate
|
||||
setsockcreate
|
||||
getrlimit
|
||||
}
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user