| /Linux-v4.19/net/bridge/ |
| D | br_ioctl.c | 93 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in add_del_if()
185 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
192 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
199 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
206 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
246 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
254 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
263 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
277 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
340 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in old_deviceless()
[all …]
|
| /Linux-v4.19/kernel/cgroup/ |
| D | namespace.c | 66 if (!ns_capable(user_ns, CAP_SYS_ADMIN)) in copy_cgroup_ns()
102 if (!ns_capable(current_user_ns(), CAP_SYS_ADMIN) || in cgroupns_install()
103 !ns_capable(cgroup_ns->user_ns, CAP_SYS_ADMIN)) in cgroupns_install()
|
| /Linux-v4.19/kernel/ |
| D | capability.c | 395 bool ns_capable(struct user_namespace *ns, int cap) in ns_capable() function
399 EXPORT_SYMBOL(ns_capable);
431 return ns_capable(&init_user_ns, cap); in capable()
487 return ns_capable(ns, cap) && privileged_wrt_inode_uidgid(ns, inode); in capable_wrt_inode_uidgid()
|
| D | utsname.c | 151 if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) || in utsns_install()
152 !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) in utsns_install()
|
| D | pid_namespace.c | 273 if (write && !ns_capable(pid_ns->user_ns, CAP_SYS_ADMIN)) in pid_ns_ctl_handler()
388 if (!ns_capable(new->user_ns, CAP_SYS_ADMIN) || in pidns_install()
389 !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) in pidns_install()
|
| D | sys.c | 160 if (ns_capable(pcred->user_ns, CAP_SYS_NICE)) in set_one_prio_perm()
372 ns_capable(old->user_ns, CAP_SETGID)) in __sys_setregid()
381 ns_capable(old->user_ns, CAP_SETGID)) in __sys_setregid()
427 if (ns_capable(old->user_ns, CAP_SETGID)) in __sys_setgid()
516 !ns_capable(old->user_ns, CAP_SETUID)) in __sys_setreuid()
525 !ns_capable(old->user_ns, CAP_SETUID)) in __sys_setreuid()
584 if (ns_capable(old->user_ns, CAP_SETUID)) { in __sys_setuid()
646 if (!ns_capable(old->user_ns, CAP_SETUID)) { in __sys_setresuid()
735 if (!ns_capable(old->user_ns, CAP_SETGID)) { in __sys_setresgid()
814 ns_capable(old->user_ns, CAP_SETUID)) { in __sys_setfsuid()
[all …]
|
| D | nsproxy.c | 151 if (!ns_capable(user_ns, CAP_SYS_ADMIN)) in copy_namespaces()
203 if (!ns_capable(user_ns, CAP_SYS_ADMIN)) in unshare_nsproxy_namespaces()
|
| D | groups.c | 181 return ns_capable(user_ns, CAP_SETGID) && in may_setgroups()
|
| D | reboot.c | 315 if (!ns_capable(pid_ns->user_ns, CAP_SYS_BOOT)) in SYSCALL_DEFINE4()
|
| D | ucount.c | 47 if (ns_capable(user_ns, CAP_SYS_RESOURCE)) in set_permissions()
|
| /Linux-v4.19/net/8021q/ |
| D | vlan.c | 569 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler()
579 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler()
588 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler()
597 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler()
612 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler()
619 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler()
|
| /Linux-v4.19/ipc/ |
| D | namespace.c | 183 if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) || in ipcns_install()
184 !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) in ipcns_install()
|
| D | util.c | 505 !ns_capable(ns->user_ns, CAP_IPC_OWNER)) in ipcperms()
680 ns_capable(ns->user_ns, CAP_SYS_ADMIN)) in ipcctl_obtain_check()
|
| /Linux-v4.19/net/core/ |
| D | scm.c | 58 ns_capable(task_active_pid_ns(current)->user_ns, CAP_SYS_ADMIN)) && in scm_check_creds()
60 uid_eq(uid, cred->suid)) || ns_capable(cred->user_ns, CAP_SETUID)) && in scm_check_creds()
62 gid_eq(gid, cred->sgid)) || ns_capable(cred->user_ns, CAP_SETGID))) { in scm_check_creds()
|
| D | dev_ioctl.c | 439 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in dev_ioctl()
481 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in dev_ioctl()
|
| /Linux-v4.19/security/ |
| D | commoncap.c | 155 if (ns_capable(child_cred->user_ns, CAP_SYS_PTRACE)) in cap_ptrace_access_check()
502 if (ns_capable(inode->i_sb->s_user_ns, CAP_SETFCAP)) in cap_convert_nscap()
849 if (!ns_capable(new->user_ns, CAP_SETUID) || in cap_bprm_set_creds()
936 if (!ns_capable(user_ns, CAP_SYS_ADMIN)) in cap_inode_setxattr()
971 if (!ns_capable(user_ns, CAP_SYS_ADMIN)) in cap_inode_removexattr()
1098 if (!is_subset && !ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE)) in cap_safe_nice()
1151 if (!ns_capable(current_user_ns(), CAP_SETPCAP)) in cap_prctl_drop()
|
| /Linux-v4.19/include/linux/ |
| D | capability.h | 210 extern bool ns_capable(struct user_namespace *ns, int cap);
235 static inline bool ns_capable(struct user_namespace *ns, int cap) in ns_capable() function
|
| /Linux-v4.19/fs/ |
| D | attr.c | 29 ns_capable(inode->i_sb->s_user_ns, CAP_CHOWN)) in chown_ok()
42 ns_capable(inode->i_sb->s_user_ns, CAP_CHOWN)) in chgrp_ok()
|
| D | ioctl.c | 553 if (!ns_capable(sb->s_user_ns, CAP_SYS_ADMIN)) in ioctl_fsfreeze()
570 if (!ns_capable(sb->s_user_ns, CAP_SYS_ADMIN)) in ioctl_fsthaw()
|
| /Linux-v4.19/security/yama/ |
| D | yama_lsm.c | 373 !ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE)) in yama_ptrace_access_check()
379 if (!ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE)) in yama_ptrace_access_check()
|
| /Linux-v4.19/net/ipv4/ |
| D | ip_options.c | 408 if (!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) { in ip_options_compile()
443 if ((!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) || opt->cipso) { in ip_options_compile()
456 if (!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) { in ip_options_compile()
|
| /Linux-v4.19/security/keys/ |
| D | persistent.c | 151 !ns_capable(ns, CAP_SETUID)) in keyctl_get_persistent()
|
| /Linux-v4.19/net/ieee802154/ |
| D | socket.c | 913 if (!ns_capable(net->user_ns, CAP_NET_ADMIN) && in dgram_setsockopt()
914 !ns_capable(net->user_ns, CAP_NET_RAW)) { in dgram_setsockopt()
937 if (!ns_capable(net->user_ns, CAP_NET_ADMIN) && in dgram_setsockopt()
938 !ns_capable(net->user_ns, CAP_NET_RAW)) { in dgram_setsockopt()
|
| /Linux-v4.19/net/ipv6/ |
| D | ipv6_sockglue.c | 368 if (valbool && !ns_capable(net->user_ns, CAP_NET_ADMIN) && in do_ipv6_setsockopt()
369 !ns_capable(net->user_ns, CAP_NET_RAW)) { in do_ipv6_setsockopt()
405 if (optname != IPV6_RTHDR && !ns_capable(net->user_ns, CAP_NET_RAW)) in do_ipv6_setsockopt()
819 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in do_ipv6_setsockopt()
|
| D | datagram.c | 853 if (!ns_capable(net->user_ns, CAP_NET_RAW)) { in ip6_datagram_send_ctl()
873 if (!ns_capable(net->user_ns, CAP_NET_RAW)) { in ip6_datagram_send_ctl()
898 if (!ns_capable(net->user_ns, CAP_NET_RAW)) { in ip6_datagram_send_ctl()
|
