Searched refs:CAP_MAC_ADMIN (Results 1 – 7 of 7) sorted by relevance
693 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_load()879 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_set_cipso()1176 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_net4addr()1436 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_net6addr()1607 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_doi()1674 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_direct()1752 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_mapped()1844 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_ambient()2015 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_onlycap()2102 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_unconfined()[all …]
768 if (!smack_privileged(CAP_MAC_ADMIN)) { in smack_set_mnt_opts()1332 if (check_priv && !smack_privileged(CAP_MAC_ADMIN)) in smack_inode_setxattr()1435 if (!smack_privileged(CAP_MAC_ADMIN)) in smack_inode_removexattr()3614 if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel)) in smack_setprocattr()3634 if (!smack_privileged(CAP_MAC_ADMIN)) { in smack_setprocattr()
351 #define CAP_MAC_ADMIN 33 macro
79 name space. A process must have ``CAP_MAC_ADMIN`` to change any of these124 reading ``/proc/self/attr/current``. A process with ``CAP_MAC_ADMIN``282 This contains labels processes must have for CAP_MAC_ADMIN311 a process with ``CAP_MAC_ADMIN`` can write a label into this interface.321 if it has ``CAP_MAC_ADMIN``. This interface allows a process without322 ``CAP_MAC_ADMIN`` to relabel itself to one of labels from predefined list.323 A process without ``CAP_MAC_ADMIN`` can change its label only once. When it619 A process with CAP_MAC_OVERRIDE or CAP_MAC_ADMIN is privileged.621 be denied otherwise. CAP_MAC_ADMIN allows a process to change
44 CAP_MAC_ADMIN, since we really are trying to lock down root.
667 bool capable = ns_capable(user_ns, CAP_MAC_ADMIN); in policy_admin_capable()
3245 if (cap_capable(cred, &init_user_ns, CAP_MAC_ADMIN, cap_audit)) in has_cap_mac_admin()3247 if (cred_has_capability(cred, CAP_MAC_ADMIN, cap_audit, true)) in has_cap_mac_admin()
