On 11/30/18 9:54 AM, Casey Schaufler wrote: > On 11/30/2018 7:14 AM, Florian Weimer wrote: >> Is it guaranteed that tasks in the same thread group can always send >> signals to each other, irrespective of their respective credentials >> structs? > > No. An LSM may chose to disallow this based on just about any > criteria it desires. > And apparmor is in fact doing this a few limited situations, userspace has to request the profile change via an api, and regular policy enforcement based on credentials mediates the signals. Its not something we recommend but it has been used.
