| 1 | /* SPDX-License-Identifier: GPL-2.0-only */ |
|---|
| 2 | /* |
|---|
| 3 | * AppArmor security module |
|---|
| 4 | * |
|---|
| 5 | * This file contains AppArmor resource limits function definitions. |
|---|
| 6 | * |
|---|
| 7 | * Copyright (C) 1998-2008 Novell/SUSE |
|---|
| 8 | * Copyright 2009-2010 Canonical Ltd. |
|---|
| 9 | */ |
|---|
| 10 | |
|---|
| 11 | #ifndef __AA_RESOURCE_H |
|---|
| 12 | #define __AA_RESOURCE_H |
|---|
| 13 | |
|---|
| 14 | #include <linux/resource.h> |
|---|
| 15 | #include <linux/sched.h> |
|---|
| 16 | |
|---|
| 17 | #include "apparmorfs.h" |
|---|
| 18 | |
|---|
| 19 | struct aa_profile; |
|---|
| 20 | |
|---|
| 21 | /* struct aa_rlimit - rlimit settings for the profile |
|---|
| 22 | * @mask: which hard limits to set |
|---|
| 23 | * @limits: rlimit values that override task limits |
|---|
| 24 | * |
|---|
| 25 | * AppArmor rlimits are used to set confined task rlimits. Only the |
|---|
| 26 | * limits specified in @mask will be controlled by apparmor. |
|---|
| 27 | */ |
|---|
| 28 | struct aa_rlimit { |
|---|
| 29 | unsigned int mask; |
|---|
| 30 | struct rlimit limits[RLIM_NLIMITS]; |
|---|
| 31 | }; |
|---|
| 32 | |
|---|
| 33 | extern struct aa_sfs_entry aa_sfs_entry_rlimit[]; |
|---|
| 34 | |
|---|
| 35 | int aa_map_resource(int resource); |
|---|
| 36 | int aa_task_setrlimit(const struct cred *subj_cred, struct aa_label *label, |
|---|
| 37 | struct task_struct *task, |
|---|
| 38 | unsigned int resource, struct rlimit *new_rlim); |
|---|
| 39 | |
|---|
| 40 | void __aa_transition_rlimits(struct aa_label *old, struct aa_label *new); |
|---|
| 41 | |
|---|
| 42 | static inline void aa_free_rlimit_rules(struct aa_rlimit *rlims) |
|---|
| 43 | { |
|---|
| 44 | /* NOP */ |
|---|
| 45 | } |
|---|
| 46 | |
|---|
| 47 | #endif /* __AA_RESOURCE_H */ |
|---|
| 48 | |
|---|
