/linux-master/include/linux/ |
H A D | capability.h | 149 extern bool ns_capable(struct user_namespace *ns, int cap); 175 static inline bool ns_capable(struct user_namespace *ns, int cap) function 207 return ns_capable(ns, CAP_CHECKPOINT_RESTORE) || 208 ns_capable(ns, CAP_SYS_ADMIN);
|
/linux-master/net/bridge/ |
H A D | br_ioctl.c | 91 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 219 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) 226 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) 233 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) 240 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) 280 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) 287 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) 296 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) 310 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) 379 if (!ns_capable(ne [all...] |
/linux-master/kernel/cgroup/ |
H A D | namespace.c | 66 if (!ns_capable(user_ns, CAP_SYS_ADMIN)) 103 if (!ns_capable(nsset->cred->user_ns, CAP_SYS_ADMIN) || 104 !ns_capable(cgroup_ns->user_ns, CAP_SYS_ADMIN))
|
/linux-master/kernel/ |
H A D | capability.c | 371 * ns_capable - Determine if the current task has a superior capability in effect 381 bool ns_capable(struct user_namespace *ns, int cap) function 385 EXPORT_SYMBOL(ns_capable); variable 436 return ns_capable(&init_user_ns, cap); 498 return ns_capable(ns, cap) &&
|
H A D | pid_sysctl.h | 15 if (write && !ns_capable(ns->user_ns, CAP_SYS_ADMIN))
|
H A D | utsname.c | 145 if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) || 146 !ns_capable(nsset->cred->user_ns, CAP_SYS_ADMIN))
|
H A D | pid_namespace.c | 394 if (!ns_capable(new->user_ns, CAP_SYS_ADMIN) || 395 !ns_capable(nsset->cred->user_ns, CAP_SYS_ADMIN))
|
H A D | nsproxy.c | 165 } else if (!ns_capable(user_ns, CAP_SYS_ADMIN)) 225 if (!ns_capable(user_ns, CAP_SYS_ADMIN))
|
H A D | ucount.c | 48 if (ns_capable(user_ns, CAP_SYS_RESOURCE))
|
/linux-master/kernel/bpf/ |
H A D | token.c | 14 return ns_capable(ns, cap) || (cap != CAP_SYS_ADMIN && ns_capable(ns, CAP_SYS_ADMIN)); 21 /* BPF token allows ns_capable() level of capabilities */ 154 if (!ns_capable(userns, CAP_BPF)) { 200 /* remember bpffs owning userns for future ns_capable() checks */
|
/linux-master/net/8021q/ |
H A D | vlan.c | 576 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 586 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 595 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 604 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 619 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 626 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
|
/linux-master/ipc/ |
H A D | namespace.c | 237 if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) || 238 !ns_capable(nsset->cred->user_ns, CAP_SYS_ADMIN))
|
H A D | util.c | 568 !ns_capable(ns->user_ns, CAP_IPC_OWNER)) 743 ns_capable(ns->user_ns, CAP_SYS_ADMIN))
|
/linux-master/security/ |
H A D | commoncap.c | 151 if (ns_capable(child_cred->user_ns, CAP_SYS_PTRACE)) 551 if (ns_capable(inode->i_sb->s_user_ns, CAP_SETFCAP)) 921 if (!ns_capable(new->user_ns, CAP_SETUID) || 1007 if (!ns_capable(user_ns, CAP_SYS_ADMIN)) 1051 if (!ns_capable(user_ns, CAP_SYS_ADMIN)) 1180 if (!is_subset && !ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE)) 1239 if (!ns_capable(current_user_ns(), CAP_SETPCAP))
|
/linux-master/net/core/ |
H A D | scm.c | 57 ns_capable(task_active_pid_ns(current)->user_ns, CAP_SYS_ADMIN)) && 59 uid_eq(uid, cred->suid)) || ns_capable(cred->user_ns, CAP_SETUID)) && 61 gid_eq(gid, cred->sgid)) || ns_capable(cred->user_ns, CAP_SETGID))) {
|
H A D | dev_ioctl.c | 738 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 780 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
|
H A D | sock_diag.c | 319 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
|
/linux-master/security/keys/ |
H A D | persistent.c | 149 !ns_capable(ns, CAP_SETUID))
|
/linux-master/kernel/time/ |
H A D | namespace.c | 312 if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) || 313 !ns_capable(nsset->cred->user_ns, CAP_SYS_ADMIN))
|
/linux-master/fs/ |
H A D | attr.c | 106 ns_capable(inode->i_sb->s_user_ns, CAP_CHOWN)) 137 ns_capable(inode->i_sb->s_user_ns, CAP_CHOWN))
|
H A D | init.c | 71 if (!ns_capable(current_user_ns(), CAP_SYS_CHROOT))
|
/linux-master/security/yama/ |
H A D | yama_lsm.c | 372 !ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE)) 378 if (!ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE))
|
/linux-master/net/ipv4/ |
H A D | ip_options.c | 396 if (!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) { 431 if ((!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) || opt->cipso) { 444 if (!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) {
|
/linux-master/drivers/connector/ |
H A D | connector.c | 176 if (ns_capable(net->user_ns, CAP_NET_ADMIN))
|
/linux-master/net/ieee802154/ |
H A D | socket.c | 905 if (!ns_capable(net->user_ns, CAP_NET_ADMIN) && 906 !ns_capable(net->user_ns, CAP_NET_RAW)) { 929 if (!ns_capable(net->user_ns, CAP_NET_ADMIN) && 930 !ns_capable(net->user_ns, CAP_NET_RAW)) {
|