On Thu, 16 Feb 2017, Stephen Smalley wrote: > When SELinux was first added to the kernel, a process could only get > and set its own resource limits via getrlimit(2) and setrlimit(2), so no > MAC checks were required for those operations, and thus no security hooks > were defined for them. Later, SELinux introduced a hook for setlimit(2) > with a check if the hard limit was being changed in order to be able to > rely on the hard limit value as a safe reset point upon context > transitions. [...] Queued for 4.11 at git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git#next-queue -- James Morris <jmorris@xxxxxxxxx> _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
