Home
last modified time | relevance | path

Searched refs:CAP_MAC_ADMIN (Results 1 – 8 of 8) sorted by relevance

/Linux-v6.6/security/smack/
Dsmackfs.c666 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_load()
851 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_set_cipso()
1181 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_net4addr()
1440 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_net6addr()
1611 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_doi()
1678 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_direct()
1756 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_mapped()
1848 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_ambient()
2023 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_onlycap()
2113 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_unconfined()
[all …]
Dsmack_lsm.c811 if (!smack_privileged(CAP_MAC_ADMIN)) { in smack_set_mnt_opts()
1321 if (check_priv && !smack_privileged(CAP_MAC_ADMIN)) in smack_inode_setxattr()
1426 if (!smack_privileged(CAP_MAC_ADMIN)) in smack_inode_removexattr()
3675 if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel)) in smack_setprocattr()
3695 if (!smack_privileged(CAP_MAC_ADMIN)) { in smack_setprocattr()
4888 if (smack_privileged_cred(CAP_MAC_ADMIN, current_cred())) in smack_uring_sqpoll()
/Linux-v6.6/include/uapi/linux/
Dcapability.h358 #define CAP_MAC_ADMIN 33 macro
/Linux-v6.6/security/safesetid/
Dsecurityfs.c240 if (!file_ns_capable(file, &init_user_ns, CAP_MAC_ADMIN)) in safesetid_uid_file_write()
254 if (!file_ns_capable(file, &init_user_ns, CAP_MAC_ADMIN)) in safesetid_gid_file_write()
/Linux-v6.6/Documentation/admin-guide/LSM/
DSmack.rst79 name space. A process must have ``CAP_MAC_ADMIN`` to change any of these
124 reading ``/proc/self/attr/current``. A process with ``CAP_MAC_ADMIN``
282 This contains labels processes must have for CAP_MAC_ADMIN
311 a process with ``CAP_MAC_ADMIN`` can write a label into this interface.
321 if it has ``CAP_MAC_ADMIN``. This interface allows a process without
322 ``CAP_MAC_ADMIN`` to relabel itself to one of labels from predefined list.
323 A process without ``CAP_MAC_ADMIN`` can change its label only once. When it
619 A process with CAP_MAC_OVERRIDE or CAP_MAC_ADMIN is privileged.
621 be denied otherwise. CAP_MAC_ADMIN allows a process to change
/Linux-v6.6/Documentation/admin-guide/cgroup-v1/
Ddevices.rst49 CAP_MAC_ADMIN, since we really are trying to lock down root.
/Linux-v6.6/security/apparmor/
Dpolicy.c806 bool capable = policy_ns_capable(label, user_ns, CAP_MAC_ADMIN) == 0; in aa_policy_admin_capable()
/Linux-v6.6/security/selinux/
Dhooks.c3168 if (cap_capable(cred, &init_user_ns, CAP_MAC_ADMIN, opts)) in has_cap_mac_admin()
3170 if (cred_has_capability(cred, CAP_MAC_ADMIN, opts, true)) in has_cap_mac_admin()