forked from Minki/linux
c97204baf8
prefixes are used for fns/data that are not static to apparmorfs.c with the prefixes being aafs - special magic apparmorfs for policy namespace data aa_sfs - for fns/data that go into securityfs aa_fs - for fns/data that may be used in the either of aafs or securityfs Signed-off-by: John Johansen <john.johansen@canonical.com> Reviewed-by: Seth Arnold <seth.arnold@canonical.com> Reviewed-by: Kees Cook <keescook@chromium.org>
51 lines
1.3 KiB
C
51 lines
1.3 KiB
C
/*
|
|
* AppArmor security module
|
|
*
|
|
* This file contains AppArmor resource limits function definitions.
|
|
*
|
|
* Copyright (C) 1998-2008 Novell/SUSE
|
|
* Copyright 2009-2010 Canonical Ltd.
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License as
|
|
* published by the Free Software Foundation, version 2 of the
|
|
* License.
|
|
*/
|
|
|
|
#ifndef __AA_RESOURCE_H
|
|
#define __AA_RESOURCE_H
|
|
|
|
#include <linux/resource.h>
|
|
#include <linux/sched.h>
|
|
|
|
#include "apparmorfs.h"
|
|
|
|
struct aa_profile;
|
|
|
|
/* struct aa_rlimit - rlimit settings for the profile
|
|
* @mask: which hard limits to set
|
|
* @limits: rlimit values that override task limits
|
|
*
|
|
* AppArmor rlimits are used to set confined task rlimits. Only the
|
|
* limits specified in @mask will be controlled by apparmor.
|
|
*/
|
|
struct aa_rlimit {
|
|
unsigned int mask;
|
|
struct rlimit limits[RLIM_NLIMITS];
|
|
};
|
|
|
|
extern struct aa_sfs_entry aa_sfs_entry_rlimit[];
|
|
|
|
int aa_map_resource(int resource);
|
|
int aa_task_setrlimit(struct aa_profile *profile, struct task_struct *,
|
|
unsigned int resource, struct rlimit *new_rlim);
|
|
|
|
void __aa_transition_rlimits(struct aa_profile *old, struct aa_profile *new);
|
|
|
|
static inline void aa_free_rlimit_rules(struct aa_rlimit *rlims)
|
|
{
|
|
/* NOP */
|
|
}
|
|
|
|
#endif /* __AA_RESOURCE_H */
|