]> asedeno.scripts.mit.edu Git - linux.git/blobdiff - include/linux/security.h
projects / linux.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
prlimit,security,selinux: add a security hook for prlimit
[linux.git] / include / linux / security.h
diff --git a/include/linux/security.h b/include/linux/security.h
index d3868f2ebada82b87ba5eb0969f239cdf9a646b2..97df7bac5b486d4c873c0b5379d3650fa8da2bfe 100644 (file)
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -133,6 +133,10 @@ extern unsigned long dac_mmap_min_addr;
 /* setfsuid or setfsgid, id0 == fsuid or fsgid */
 #define LSM_SETID_FS   8
 
+/* Flags for security_task_prlimit(). */
+#define LSM_PRLIMIT_READ  1
+#define LSM_PRLIMIT_WRITE 2
+
 /* forward declares to avoid warnings */
 struct sched_param;
 struct request_sock;
@@ -140,8 +144,7 @@ struct request_sock;
 /* bprm->unsafe reasons */
 #define LSM_UNSAFE_SHARE       1
 #define LSM_UNSAFE_PTRACE      2
-#define LSM_UNSAFE_PTRACE_CAP  4
-#define LSM_UNSAFE_NO_NEW_PRIVS        8
+#define LSM_UNSAFE_NO_NEW_PRIVS        4
 
 #ifdef CONFIG_MMU
 extern int mmap_min_addr_handler(struct ctl_table *table, int write,
@@ -325,6 +328,8 @@ void security_task_getsecid(struct task_struct *p, u32 *secid);
 int security_task_setnice(struct task_struct *p, int nice);
 int security_task_setioprio(struct task_struct *p, int ioprio);
 int security_task_getioprio(struct task_struct *p);
+int security_task_prlimit(const struct cred *cred, const struct cred *tcred,
+                         unsigned int flags);
 int security_task_setrlimit(struct task_struct *p, unsigned int resource,
                struct rlimit *new_rlim);
 int security_task_setscheduler(struct task_struct *p);
@@ -950,6 +955,13 @@ static inline int security_task_getioprio(struct task_struct *p)
        return 0;
 }
 
+static inline int security_task_prlimit(const struct cred *cred,
+                                       const struct cred *tcred,
+                                       unsigned int flags)
+{
+       return 0;
+}
+
 static inline int security_task_setrlimit(struct task_struct *p,
                                          unsigned int resource,
                                          struct rlimit *new_rlim)
local clone of linux.git