On Thu, 16 Feb 2017, Stephen Smalley wrote: > When SELinux was first added to the kernel, a process could only get > and set its own resource limits via getrlimit(2) and setrlimit(2), so no > MAC checks were required for those operations, and thus no security hooks > were defined for them. Later, SELinux introduced a hook for setlimit(2) > with a check if the hard limit was being changed in order to be able to > rely on the hard limit value as a safe reset point upon context > transitions.
[...] Queued for 4.11 at git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git#next-queue -- James Morris <jmor...@namei.org> _______________________________________________ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
