Define getrlimit permission for class process
This permission was added to the kernel in commit 791ec491c372
("prlimit,security,selinux: add a security hook for prlimit")
circa Linux 4.12 in order to control the ability to get the resource
limits of another process. It is only checked when acting on another
process, so it is not required for getrlimit(2), only for prlimit(2)
on another process.
Test: Policy builds
Change-Id: Ic0079a341e959f1c5a3d045974df4b756fd4ab67
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
Stephen Smalley
parent
c4055f0d04
commit
91a3eeac8f
@ -316,6 +316,7 @@ class process
|
||||
execheap
|
||||
setkeycreate
|
||||
setsockcreate
|
||||
getrlimit
|
||||
}
|
||||
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user