Commit 6ca56813 authored by John Johansen's avatar John Johansen
Browse files

apparmor: fix rlimit for posix cpu timers 



Posix cpu timers requires an additional step beyond setting the rlimit.
Refactor the code so its clear when what code is setting the
limit and conditionally update the posix cpu timers when appropriate.

Fixes: baa73d9e ("posix-timers: Make them configurable")
Reviewed-by: default avatarGeorgia Garcia <georgia.garcia@canonical.com>
Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
parent acf2a94a

security/apparmor/resource.c

+5 −0
Original line number Diff line number Diff line
@@ -196,6 +196,11 @@ void __aa_transition_rlimits(struct aa_label *old_l, struct aa_label *new_l) 
					     rules->rlimits.limits[j].rlim_max);

			/* soft limit should not exceed hard limit */

			rlim->rlim_cur = min(rlim->rlim_cur, rlim->rlim_max);

			if (j == RLIMIT_CPU &&

			    rlim->rlim_cur != RLIM_INFINITY &&

			    IS_ENABLED(CONFIG_POSIX_TIMERS))

				(void) update_rlimit_cpu(current->group_leader,

							 rlim->rlim_cur);

		}

	}

}