Home
last modified time | relevance | path

Searched refs:security (Results 1 – 25 of 293) sorted by relevance

12345678910>>...12

/Linux-v4.19/drivers/memory/tegra/
Dtegra186.c26 unsigned int security; member
36 .security = 0x004,
43 .security = 0x074,
50 .security = 0x0ac,
57 .security = 0x0b4,
64 .security = 0x0e4,
71 .security = 0x0fc,
78 .security = 0x13c,
85 .security = 0x15c,
92 .security = 0x18c,
[all …]
/Linux-v4.19/Documentation/
Dlsm.txt20 implemented as its own particular kernel patch. Several other security
25 patch to support its security needs.
28 remarks that described a security framework he would be willing to
30 general framework that would provide a set of security hooks to control
31 operations on kernel objects and a set of opaque security fields in
32 kernel data structures for maintaining security attributes. This
34 desired model of security. Linus also suggested the possibility of
38 such a framework. LSM is a joint development effort by several security
44 of the framework and the example capabilities security module provided
51 security modules. In particular, the LSM framework is primarily focused
[all …]
/Linux-v4.19/Documentation/admin-guide/
Dsecurity-bugs.rst6 Linux kernel developers take security very seriously. As such, we'd
7 like to know when a security bug is found so that it can be fixed and
8 disclosed as quickly as possible. Please report security bugs to the
9 Linux kernel security team.
14 The Linux kernel security team can be contacted by email at
15 <security@kernel.org>. This is a private list of security officers
19 security team will bring in extra help from area maintainers to
20 understand and fix the security vulnerability.
32 The goal of the Linux kernel security team is to work with the bug
40 days, not weeks or months. A release date is negotiated by the security
[all …]
/Linux-v4.19/Documentation/netlabel/
Dintroduction.txt9 NetLabel is a mechanism which can be used by kernel security modules to attach
10 security attributes to outgoing network packets generated from user space
11 applications and read security attributes from incoming network packets. It
13 layer, and the kernel security module API.
18 network packet's security attributes. If any translation between the network
19 security attributes and those on the host are required then the protocol
22 the NetLabel kernel security module API described below.
38 The purpose of the NetLabel security module API is to provide a protocol
40 to protocol independence, the security module API is designed to be completely
44 Detailed information about the NetLabel security module API can be found in the
Dlsm_interface.txt9 NetLabel is a mechanism which can set and retrieve security attributes from
12 The NetLabel security module API is defined in 'include/net/netlabel.h' but a
18 it uses the concept of security attributes to refer to the packet's security
19 labels. The NetLabel security attributes are defined by the
21 NetLabel subsystem converts the security attributes to and from the correct
24 security attributes into whatever security identifiers are in use for their
38 label and the internal LSM security identifier can be time consuming. The
41 LSM has received a packet, used NetLabel to decode its security attributes,
42 and translated the security attributes into a LSM internal identifier the LSM
Dcipso_ipv4.txt22 label by using the NetLabel security module API; if the NetLabel "domain" is
31 NetLabel security module API to extract the security attributes of the packet.
37 The CIPSO/IPv4 protocol engine contains a mechanism to translate CIPSO security
42 different security attribute mapping table.
46 The NetLabel system provides a framework for caching security attribute
/Linux-v4.19/security/integrity/evm/
DKconfig10 EVM protects a file's security extended attributes against
36 In addition to the original security xattrs (eg. security.selinux,
37 security.SMACK64, security.capability, and security.ima) included
39 Smack xattrs: security.SMACK64EXEC, security.SMACK64TRANSMUTE and
40 security.SMACK64MMAP.
55 /sys/kernel/security/integrity/evm/evm_xattrs.
/Linux-v4.19/security/selinux/
Dxfrm.c70 return selinux_authorizable_ctx(x->security); in selinux_authorizable_xfrm()
185 if (!xp->security) in selinux_xfrm_state_pol_flow_match()
186 if (x->security) in selinux_xfrm_state_pol_flow_match()
193 if (!x->security) in selinux_xfrm_state_pol_flow_match()
201 state_sid = x->security->ctx_sid; in selinux_xfrm_state_pol_flow_match()
226 return x->security->ctx_sid; in selinux_xfrm_skb_sid_egress()
241 struct xfrm_sec_ctx *ctx = x->security; in selinux_xfrm_skb_sid_ingress()
339 return selinux_xfrm_alloc_user(&x->security, uctx, GFP_KERNEL); in selinux_xfrm_state_alloc()
377 x->security = ctx; in selinux_xfrm_state_alloc_acquire()
389 selinux_xfrm_free(x->security); in selinux_xfrm_state_free()
[all …]
/Linux-v4.19/Documentation/admin-guide/LSM/
Dapparmor.rst8 AppArmor is MAC style security extension for the Linux kernel. It implements
19 If AppArmor should be selected as the default security module then set::
26 If AppArmor is not the default security module it can be enabled by passing
27 ``security=apparmor`` on the kernel's command line.
29 If AppArmor is the default security module it can be disabled by passing
30 ``apparmor=0, security=XXXX`` (where ``XXXX`` is valid security module), on the
Dindex.rst6 various security checks to be hooked by new kernel extensions. The name
10 ``"security=..."`` kernel command line argument, in the case where multiple
14 (MAC) extensions which provide a comprehensive security policy. Examples
26 A list of the active security modules can be found by reading
27 ``/sys/kernel/security/lsm``. This is a comma separated list, and
Dtomoyo.rst21 Build the kernel with ``CONFIG_SECURITY_TOMOYO=y`` and pass ``security=tomoyo`` on
39 TOMOYO Linux: pragmatic and manageable security for Linux
47 The role of "pathname based access control" in security.
57 We believe that inode based security and name based security are complementary
/Linux-v4.19/security/
DKconfig7 source security/keys/Kconfig
22 bool "Enable different security models"
26 This allows you to choose different security modules to be
29 If this option is not selected, the default Linux security
52 This enables the socket and networking security hooks.
53 If enabled, a security module can use these hooks to
72 This enables the Infiniband security hooks.
73 If enabled, a security module can use these hooks to
81 This enables the XFRM (IPSec) networking security hooks.
82 If enabled, a security module can use these hooks to
[all …]
/Linux-v4.19/Documentation/ABI/testing/
Devm1 What: security/evm
5 EVM protects a file's security extended attributes(xattrs)
8 value as the extended attribute 'security.evm'.
10 EVM supports two classes of security.evm. The first is
49 or validate the 'security.evm' xattr, but returns
56 Documentation/security/keys/trusted-encrypted.rst. Both
61 What: security/integrity/evm/evm_xattrs
/Linux-v4.19/Documentation/filesystems/caching/
Dcachefiles.txt23 (*) A note on security.
314 CacheFiles is implemented to deal properly with the LSM security features of
319 security context that is not appropriate for accessing the cache - either
324 The way CacheFiles works is to temporarily change the security context (fsuid,
325 fsgid and actor security label) that the process acts as - without changing the
326 security context of the process when it the target of an operation performed by
332 (1) Finds the security label attached to the root cache directory and uses
333 that as the security label with which it will create files. By default,
338 (2) Finds the security label of the process which issued the bind request
343 and asks LSM to supply a security ID as which it should act given the
[all …]
/Linux-v4.19/security/tomoyo/
Dtomoyo.c21 new->security = NULL; in tomoyo_cred_alloc_blank()
37 struct tomoyo_domain_info *domain = old->security; in tomoyo_cred_prepare()
38 new->security = domain; in tomoyo_cred_prepare()
62 struct tomoyo_domain_info *domain = cred->security; in tomoyo_cred_free()
97 bprm->cred->security)->users); in tomoyo_bprm_set_creds()
102 bprm->cred->security = NULL; in tomoyo_bprm_set_creds()
115 struct tomoyo_domain_info *domain = bprm->cred->security; in tomoyo_bprm_check_security()
548 cred->security = &tomoyo_kernel_domain; in tomoyo_init()
/Linux-v4.19/fs/9p/
DKconfig38 implemented by security modules like SELinux. This option
39 enables an extended attribute handler for file security
42 If you are not using a security module that requires using
43 extended attributes for file security labels, say N.
/Linux-v4.19/fs/ext2/
DKconfig35 implemented by security modules like SELinux. This option
36 enables an extended attribute handler for file security
39 If you are not using a security module that requires using
40 extended attributes for file security labels, say N.
/Linux-v4.19/net/rxrpc/
Dsecurity.c95 conn->security = sec; in rxrpc_init_client_conn_security()
97 ret = conn->security->init_connection_security(conn); in rxrpc_init_client_conn_security()
99 conn->security = &rxrpc_no_security; in rxrpc_init_client_conn_security()
162 conn->security = sec; in rxrpc_init_server_conn_security()
/Linux-v4.19/Documentation/translations/zh_CN/
DSecurityBugs1 Chinese translated version of Documentation/admin-guide/security-bugs.rst
11 Documentation/admin-guide/security-bugs.rst 的中文翻译
30 linux内核安全团队可以通过email<security@kernel.org>来联系。这是
/Linux-v4.19/fs/jfs/
DKconfig26 implemented by security modules like SELinux. This option
27 enables an extended attribute handler for file security
30 If you are not using a security module that requires using
31 extended attributes for file security labels, say N.
/Linux-v4.19/drivers/char/tpm/
DKconfig12 If you have a TPM security chip in your system, which
51 If you have a TPM security chip that is compliant with the
62 If you have a TPM security chip which is connected to a regular,
73 If you have an Atmel I2C TPM security chip say Yes and it will be
82 If you have a TPM security chip that is compliant with the
93 If you have a TPM security chip with an I2C interface from
103 If you have a TPM security chip from National Semiconductor
112 If you have a TPM security chip from Atmel say Yes and it
120 If you have a TPM security chip from Infineon Technologies
152 If you have a TPM security chip that is compliant with the
/Linux-v4.19/Documentation/ABI/stable/
Dsysfs-hypervisor-xen7 Might return "<denied>" in case of special security settings
16 Might return "<denied>" in case of special security settings
25 Might return "<denied>" in case of special security settings
53 Might return "<denied>" in case of special security settings
70 Might return "0" in case of special security settings
102 Might return "<denied>" in case of special security settings
/Linux-v4.19/kernel/
Dcred.c275 new->security = NULL; in prepare_creds()
629 new->security = NULL; in prepare_kernel_cred()
712 if (selinux_is_enabled() && cred->security) { in creds_are_invalid()
713 if ((unsigned long) cred->security < PAGE_SIZE) in creds_are_invalid()
715 if ((*(u32 *)cred->security & 0xffffff00) == in creds_are_invalid()
751 printk(KERN_ERR "CRED: ->security is %p\n", cred->security); in dump_invalid_creds()
752 if ((unsigned long) cred->security >= PAGE_SIZE && in dump_invalid_creds()
753 (((unsigned long) cred->security & 0xffffff00) != in dump_invalid_creds()
756 ((u32*)cred->security)[0], in dump_invalid_creds()
757 ((u32*)cred->security)[1]); in dump_invalid_creds()
/Linux-v4.19/security/yama/
DKconfig7 system-wide security settings beyond regular Linux discretionary
9 Like capabilities, this security module stacks with other LSMs.
/Linux-v4.19/drivers/infiniband/core/
Dsecurity.c84 ret = security_ib_pkey_access(qp_sec->security, subnet_prefix, pkey); in enforce_qp_pkey_security()
91 ret = security_ib_pkey_access(shared_qp_sec->security, in enforce_qp_pkey_security()
320 security_ib_free_security(sec->security); in destroy_qp_security()
442 ret = security_ib_alloc_security(&qp->qp_sec->security); in ib_create_qp_security()
688 ag->smp_allowed = !security_ib_endport_manage_subnet(ag->security, in ib_mad_agent_security_change()
703 ret = security_ib_alloc_security(&agent->security); in ib_mad_agent_security_setup()
710 ret = security_ib_endport_manage_subnet(agent->security, in ib_mad_agent_security_setup()
731 security_ib_free_security(agent->security); in ib_mad_agent_security_cleanup()
750 map->agent.security); in ib_mad_enforce_security()

12345678910>>...12