diff options
author | 2017-05-17 11:33:46 -0400 | |
---|---|---|
committer | 2017-05-18 19:00:58 +0200 | |
commit | 132d5b9d536f0e178aa10b7544b93f6f129f65c9 (patch) | |
tree | 0ff9be9e597419aaa22080e173942f5bdda600be /policy/flask/access_vectors | |
parent | Module version bump for systemd fix from Krzysztof Nowicki. (diff) | |
download | hardened-refpolicy-132d5b9d536f0e178aa10b7544b93f6f129f65c9.tar.gz hardened-refpolicy-132d5b9d536f0e178aa10b7544b93f6f129f65c9.tar.bz2 hardened-refpolicy-132d5b9d536f0e178aa10b7544b93f6f129f65c9.zip |
refpolicy: Define getrlimit permission for class process
This permission was added to the kernel in commit 791ec491c372
("prlimit,security,selinux: add a security hook for prlimit")
circa Linux 4.12 in order to control the ability to get the resource
limits of another process. It is only checked when acting on another
process, so getrlimit permission is not required for use of getrlimit(2).
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'policy/flask/access_vectors')
-rw-r--r-- | policy/flask/access_vectors | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors index 69f69af80..6204e687f 100644 --- a/policy/flask/access_vectors +++ b/policy/flask/access_vectors @@ -383,6 +383,7 @@ class process execheap setkeycreate setsockcreate + getrlimit } |