Searched refs:unconfined (Results 1 – 15 of 15) sorted by relevance
108 ns->unconfined = aa_alloc_profile("unconfined", NULL, GFP_KERNEL); in alloc_ns()109 if (!ns->unconfined) in alloc_ns()112 ns->unconfined->label.flags |= FLAG_IX_ON_NAME_ERROR | in alloc_ns()114 ns->unconfined->mode = APPARMOR_UNCONFINED; in alloc_ns()115 ns->unconfined->file.dfa = aa_get_dfa(nulldfa); in alloc_ns()116 ns->unconfined->policy.dfa = aa_get_dfa(nulldfa); in alloc_ns()119 ns->unconfined->ns = ns; in alloc_ns()150 ns->unconfined->ns = NULL; in aa_free_ns()151 aa_free_profile(ns->unconfined); in aa_free_ns()
157 if (!unconfined(label)) { in apparmor_capget()183 if (!unconfined(label)) in apparmor_capable()206 if (!unconfined(label)) in common_perm()342 if (!unconfined(label)) in apparmor_path_link()359 if (!unconfined(label)) { in apparmor_path_rename()418 if (!unconfined(label)) { in apparmor_file_open()535 if (!unconfined(label)) { in apparmor_sb_mount()560 if (!unconfined(label)) in apparmor_sb_umount()574 if (!unconfined(label)) in apparmor_sb_pivotroot()692 (unconfined(new_label))) in apparmor_bprm_committing_creds()[all …]
77 if (!tracer || unconfined(tracerl)) in may_change_ptraced_domain()905 if ((bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS) && !unconfined(label) && in apparmor_bprm_set_creds()938 !unconfined(label) && !aa_label_is_subset(new, ctx->nnp)) { in apparmor_bprm_set_creds()1188 if (task_no_new_privs(current) && !unconfined(label) && !ctx->nnp) in aa_change_hat()1191 if (unconfined(label)) { in aa_change_hat()1215 if (task_no_new_privs(current) && !unconfined(label) && in aa_change_hat()1236 if (task_no_new_privs(current) && !unconfined(label) && in aa_change_hat()1333 if (task_no_new_privs(current) && !unconfined(label) && !ctx->nnp) in aa_change_profile()1432 if (task_no_new_privs(current) && !unconfined(label) && in aa_change_profile()
108 label = aa_label_strn_parse(&root_ns->unconfined->label, secdata, in apparmor_secctx_to_secid()
69 if (unconfined(label) || (labels_ns(old) != labels_ns(label))) in aa_replace_current_label()
155 if (unconfined(label)) in aa_label_sk_perm()
201 rule->label = aa_label_parse(&root_ns->unconfined->label, rulestr, in aa_audit_rule_init()
86 if (profile_unconfined(tracee) || unconfined(tracer) || in profile_tracee_perm()
625 if (unconfined(label) || unconfined(flabel) || in aa_file_perm()
447 profile = aa_get_newest_profile(ns->unconfined); in aa_lookupn_profile()478 profile = aa_get_newest_profile(ns->unconfined); in aa_fqlookupn_profile()
1511 if ((flags & FLAG_SHOW_MODE) && profile != profile->ns->unconfined) { in aa_profile_snxprint()1570 profile != profile->ns->unconfined) in display_mode()1873 if (str == NULL || (*str == '=' && base != &root_ns->unconfined->label)) in aa_label_strn_parse()
67 struct aa_profile *unconfined; member85 #define ns_unconfined(NS) (&(NS)->unconfined->label)119 aa_get_profile(ns->unconfined); in aa_get_ns()133 aa_put_profile(ns->unconfined); in aa_put_ns()
150 #define unconfined(X) label_unconfined(X) macro
11 them run in an unconfined state which is equivalent to standard Linux DAC
309 unconfined852 Another feature of bringup mode is the "unconfined" option. Writing853 a label to /sys/fs/smackfs/unconfined makes subjects with that label855 all subjects. Any access that is granted because a label is unconfined
