Hi, Here is the Openwall RLIMITS_NPROC patch which adds enforcement of the process limit check on execve as a LSM. This module does not stack, even with the capabilities module. I've been talking to Greg K-H offline and that is the way that he wants it. (He also asked for each logical unit of the Openwall patch to be a separate module.) I plan to make it stack with capabilities and the rest of the Openwall modules when they are completed. This one if fairly trivial - there are 4 lines of Openwall code buried in there somewhere. I am also including my test program. It forks up to the limit and then execs a process. I think that the exec should fail with nproc_plug loaded, but it doesn't. If I run the test program twice, the second exec does fail. This tells me that the nproc_plug is functional. If you are bored, I would be interested to hear where my code or my logic is failing. The rest of the Openwall modules will be forthcoming, probably all together. Just wanted to get this one out today, since it was done, in celebration of having received permission to contribute. Emily -- Emily Ratliff IBM Linux Technology Center, Security
This archive was generated by hypermail 2b30 : Mon Oct 29 2001 - 16:54:20 PST