YAMAMOTO Takashi wrote:

> can you provide one-line summary?

sure. it removes KAUTH_PROCESS_RESOURCE and adds two actions
specifically for 'nice' and 'rlimit', thus freeing up an argument
we can pass to the listeners. we use that argument to pass the
process requesting the rlimit change for the latter, allowing us
to properly enforce the security policy for both a process
changing its own rlimit and a process changing another process'
rlimits via sysctl.

-e.