apparmor: fix rlimit for posix cpu timers

[ Upstream commit 6ca56813f4a589f536adceb42882855d91fb1125 ] Posix cpu timers requires an additional step beyond setting the rlimit. Refactor the code so its clear when what code is setting the limit and conditionally update the posix cpu timers when appropriate. Fixes: baa73d9e478ff ("posix-timers: Make them configurable") Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
author: John Johansen <john.johansen@canonical.com> 2025-11-09 14:16:54 -0800
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2026-02-26 15:01:34 -0800
commit: 57d51d41b90eface809b72e0e009b50546492f1f (patch)
tree: 0fbc3c3d9d09d95c092c01372041342f128d9af0 /security
parent: d276f52ecaf854e41549311e93802afea0abab5b (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/security/apparmor/resource.c b/security/apparmor/resource.c
index 8e80db3ae21c..64212b39ba4b 100644
--- a/security/apparmor/resource.c
+++ b/security/apparmor/resource.c
@@ -196,6 +196,11 @@ void __aa_transition_rlimits(struct aa_label *old_l, struct aa_label *new_l)
 					     rules->rlimits.limits[j].rlim_max);
 			/* soft limit should not exceed hard limit */
 			rlim->rlim_cur = min(rlim->rlim_cur, rlim->rlim_max);
+			if (j == RLIMIT_CPU &&
+			    rlim->rlim_cur != RLIM_INFINITY &&
+			    IS_ENABLED(CONFIG_POSIX_TIMERS))
+				(void) update_rlimit_cpu(current->group_leader,
+							 rlim->rlim_cur);
 		}
 	}
 }
author	John Johansen <john.johansen@canonical.com>	2025-11-09 14:16:54 -0800
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2026-02-26 15:01:34 -0800
commit	57d51d41b90eface809b72e0e009b50546492f1f (patch)
tree	0fbc3c3d9d09d95c092c01372041342f128d9af0 /security
parent	d276f52ecaf854e41549311e93802afea0abab5b (diff)