security/apparmor/resource.c

Source file repositories/reference/linux-study-clean/security/apparmor/resource.c

File Facts

System
Linux kernel
Corpus path
security/apparmor/resource.c
Extension
.c
Size
5848 bytes
Lines
207
Domain
Core OS
Bucket
Security And Isolation
Inferred role
Core OS: implementation source
Status
source implementation candidate

Why This File Exists

Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.

Dependency Surface

Detected Declarations

Annotated Snippet

if (rules->rlimits.mask) {
			int j;

			for (j = 0, mask = 1; j < RLIM_NLIMITS; j++,
				     mask <<= 1) {
				if (rules->rlimits.mask & mask) {
					rlim = current->signal->rlim + j;
					initrlim = init_task.signal->rlim + j;
					rlim->rlim_cur = min(rlim->rlim_max,
							    initrlim->rlim_cur);
				}
			}
		}
	}

	/* set any new hard limits as dictated by the new profile */
	label_for_each_confined(i, new_l, new) {
		struct aa_ruleset *rules = new->label.rules[0];
		int j;

		if (!rules->rlimits.mask)
			continue;
		for (j = 0, mask = 1; j < RLIM_NLIMITS; j++, mask <<= 1) {
			if (!(rules->rlimits.mask & mask))
				continue;

			rlim = current->signal->rlim + j;
			rlim->rlim_max = min(rlim->rlim_max,
					     rules->rlimits.limits[j].rlim_max);
			/* soft limit should not exceed hard limit */
			rlim->rlim_cur = min(rlim->rlim_cur, rlim->rlim_max);
			if (j == RLIMIT_CPU &&
			    rlim->rlim_cur != RLIM_INFINITY &&
			    IS_ENABLED(CONFIG_POSIX_TIMERS))
				(void) update_rlimit_cpu(current->group_leader,
							 rlim->rlim_cur);
		}
	}
}

Annotation

Implementation Notes