From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-950643-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 372D6139695
	for <garchives@archives.gentoo.org>; Thu, 18 May 2017 17:02:52 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 6616CE0F06;
	Thu, 18 May 2017 17:02:51 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 4523BE0F06
	for <gentoo-commits@lists.gentoo.org>; Thu, 18 May 2017 17:02:41 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 737B7341673
	for <gentoo-commits@lists.gentoo.org>; Thu, 18 May 2017 17:02:40 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id EDE177464
	for <gentoo-commits@lists.gentoo.org>; Thu, 18 May 2017 17:02:37 +0000 (UTC)
From: "Sven Vermeulen" <swift@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" <swift@gentoo.org>
Message-ID: <1495126858.132d5b9d536f0e178aa10b7544b93f6f129f65c9.swift@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:swift commit in: policy/flask/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/flask/access_vectors
X-VCS-Directories: policy/flask/
X-VCS-Committer: swift
X-VCS-Committer-Name: Sven Vermeulen
X-VCS-Revision: 132d5b9d536f0e178aa10b7544b93f6f129f65c9
X-VCS-Branch: swift
Date: Thu, 18 May 2017 17:02:37 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 8ce8acfc-c70e-4874-9aad-fe54193211a9
X-Archives-Hash: 9e79be6d5858148b5eaafd91d5abcaa8

commit:     132d5b9d536f0e178aa10b7544b93f6f129f65c9
Author:     Stephen Smalley <sds <AT> tycho <DOT> nsa <DOT> gov>
AuthorDate: Wed May 17 15:33:46 2017 +0000
Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Thu May 18 17:00:58 2017 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=132d5b9d

refpolicy: Define getrlimit permission for class process

This permission was added to the kernel in commit 791ec491c372
("prlimit,security,selinux: add a security hook for prlimit")
circa Linux 4.12 in order to control the ability to get the resource
limits of another process.  It is only checked when acting on another
process, so getrlimit permission is not required for use of getrlimit(2).

Signed-off-by: Stephen Smalley <sds <AT> tycho.nsa.gov>

 policy/flask/access_vectors | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
index 69f69af8..6204e687 100644
--- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors
@@ -383,6 +383,7 @@ class process
 	execheap
 	setkeycreate
 	setsockcreate
+	getrlimit
 }
 
 


From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-950662-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 0235C139694
	for <garchives@archives.gentoo.org>; Thu, 18 May 2017 17:03:53 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 1B180E0EBD;
	Thu, 18 May 2017 17:03:38 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id EB155E0EBD
	for <gentoo-commits@lists.gentoo.org>; Thu, 18 May 2017 17:03:32 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 255263416A6
	for <gentoo-commits@lists.gentoo.org>; Thu, 18 May 2017 17:03:32 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 4361D7464
	for <gentoo-commits@lists.gentoo.org>; Thu, 18 May 2017 17:03:29 +0000 (UTC)
From: "Sven Vermeulen" <swift@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" <swift@gentoo.org>
Message-ID: <1495126858.132d5b9d536f0e178aa10b7544b93f6f129f65c9.swift@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/flask/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/flask/access_vectors
X-VCS-Directories: policy/flask/
X-VCS-Committer: swift
X-VCS-Committer-Name: Sven Vermeulen
X-VCS-Revision: 132d5b9d536f0e178aa10b7544b93f6f129f65c9
X-VCS-Branch: master
Date: Thu, 18 May 2017 17:03:29 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: bf859ce0-8422-42a4-8053-f2766b3650c3
X-Archives-Hash: 936fc827b39cf08f0d6e3c5130ad1025
Message-ID: <20170518170329.xZvBVXEPA7viR66oyJcYHdCW3KbBY20d0Az7-3xLL4c@z>

commit:     132d5b9d536f0e178aa10b7544b93f6f129f65c9
Author:     Stephen Smalley <sds <AT> tycho <DOT> nsa <DOT> gov>
AuthorDate: Wed May 17 15:33:46 2017 +0000
Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Thu May 18 17:00:58 2017 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=132d5b9d

refpolicy: Define getrlimit permission for class process

This permission was added to the kernel in commit 791ec491c372
("prlimit,security,selinux: add a security hook for prlimit")
circa Linux 4.12 in order to control the ability to get the resource
limits of another process.  It is only checked when acting on another
process, so getrlimit permission is not required for use of getrlimit(2).

Signed-off-by: Stephen Smalley <sds <AT> tycho.nsa.gov>

 policy/flask/access_vectors | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
index 69f69af8..6204e687 100644
--- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors
@@ -383,6 +383,7 @@ class process
 	execheap
 	setkeycreate
 	setsockcreate
+	getrlimit
 }