summaryrefslogtreecommitdiffstats
path: root/security/apparmor/include/resource.h
diff options
context:
space:
mode:
Diffstat (limited to 'security/apparmor/include/resource.h')
-rw-r--r--security/apparmor/include/resource.h47
1 files changed, 47 insertions, 0 deletions
diff --git a/security/apparmor/include/resource.h b/security/apparmor/include/resource.h
new file mode 100644
index 000000000..ad2c0da8e
--- /dev/null
+++ b/security/apparmor/include/resource.h
@@ -0,0 +1,47 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/*
+ * AppArmor security module
+ *
+ * This file contains AppArmor resource limits function definitions.
+ *
+ * Copyright (C) 1998-2008 Novell/SUSE
+ * Copyright 2009-2010 Canonical Ltd.
+ */
+
+#ifndef __AA_RESOURCE_H
+#define __AA_RESOURCE_H
+
+#include <linux/resource.h>
+#include <linux/sched.h>
+
+#include "apparmorfs.h"
+
+struct aa_profile;
+
+/* struct aa_rlimit - rlimit settings for the profile
+ * @mask: which hard limits to set
+ * @limits: rlimit values that override task limits
+ *
+ * AppArmor rlimits are used to set confined task rlimits. Only the
+ * limits specified in @mask will be controlled by apparmor.
+ */
+struct aa_rlimit {
+ unsigned int mask;
+ struct rlimit limits[RLIM_NLIMITS];
+};
+
+extern struct aa_sfs_entry aa_sfs_entry_rlimit[];
+
+int aa_map_resource(int resource);
+int aa_task_setrlimit(const struct cred *subj_cred, struct aa_label *label,
+ struct task_struct *task,
+ unsigned int resource, struct rlimit *new_rlim);
+
+void __aa_transition_rlimits(struct aa_label *old, struct aa_label *new);
+
+static inline void aa_free_rlimit_rules(struct aa_rlimit *rlims)
+{
+ /* NOP */
+}
+
+#endif /* __AA_RESOURCE_H */