| /net/netfilter/ |
| A D | xt_owner.c | 32 (current_user_ns() != net->user_ns)) in owner_check()
37 kuid_t uid_min = make_kuid(net->user_ns, info->uid_min); in owner_check()
38 kuid_t uid_max = make_kuid(net->user_ns, info->uid_max); in owner_check()
49 kgid_t gid_min = make_kgid(net->user_ns, info->gid_min); in owner_check()
50 kgid_t gid_max = make_kgid(net->user_ns, info->gid_max); in owner_check()
88 kuid_t uid_min = make_kuid(net->user_ns, info->uid_min); in owner_mt()
89 kuid_t uid_max = make_kuid(net->user_ns, info->uid_max); in owner_mt()
100 kgid_t gid_min = make_kgid(net->user_ns, info->gid_min); in owner_mt()
101 kgid_t gid_max = make_kgid(net->user_ns, info->gid_max); in owner_mt()
|
| A D | nfnetlink_log.c | 170 u32 portid, struct user_namespace *user_ns) in instance_create() argument
202 inst->peer_user_ns = user_ns; in instance_create()
618 struct user_namespace *user_ns = inst->peer_user_ns; in __build_packet_message() local
619 __be32 uid = htonl(from_kuid_munged(user_ns, cred->fsuid)); in __build_packet_message()
620 __be32 gid = htonl(from_kgid_munged(user_ns, cred->fsgid)); in __build_packet_message()
1136 root_uid = make_kuid(net->user_ns, 0); in nfnl_log_net_init()
1137 root_gid = make_kgid(net->user_ns, 0); in nfnl_log_net_init()
|
| A D | nf_conntrack_expect.c | 690 root_uid = make_kuid(net->user_ns, 0); in exp_proc_init()
691 root_gid = make_kgid(net->user_ns, 0); in exp_proc_init()
|
| /net/bridge/ |
| A D | br_ioctl.c | 91 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in add_del_if()
219 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in br_dev_siocdevprivate()
226 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in br_dev_siocdevprivate()
233 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in br_dev_siocdevprivate()
240 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in br_dev_siocdevprivate()
280 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in br_dev_siocdevprivate()
287 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in br_dev_siocdevprivate()
296 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in br_dev_siocdevprivate()
379 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in old_deviceless()
406 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in br_ioctl_stub()
[all …]
|
| /net/core/ |
| A D | net_namespace.c | 409 net->user_ns = user_ns; in preinit_net()
543 struct user_namespace *user_ns, struct net *old_net) in copy_net_ns() argument
552 ucounts = inc_net_namespaces(user_ns); in copy_net_ns()
562 preinit_net(net, user_ns); in copy_net_ns()
564 get_user_ns(user_ns); in copy_net_ns()
579 put_user_ns(user_ns); in copy_net_ns()
600 kuid_t ns_root_uid = make_kuid(net->user_ns, 0); in net_ns_get_ownership()
601 kgid_t ns_root_gid = make_kgid(net->user_ns, 0); in net_ns_get_ownership()
700 put_user_ns(net->user_ns); in cleanup_net()
1535 if (!ns_capable(net->user_ns, CAP_SYS_ADMIN) || in netns_install()
[all …]
|
| A D | scm.c | 52 kuid_t uid = make_kuid(cred->user_ns, creds->uid); in scm_check_creds()
53 kgid_t gid = make_kgid(cred->user_ns, creds->gid); in scm_check_creds()
59 ns_capable(task_active_pid_ns(current)->user_ns, CAP_SYS_ADMIN)) && in scm_check_creds()
61 uid_eq(uid, cred->suid)) || ns_capable(cred->user_ns, CAP_SETUID)) && in scm_check_creds()
63 gid_eq(gid, cred->sgid)) || ns_capable(cred->user_ns, CAP_SETGID))) { in scm_check_creds()
|
| A D | sock.c | 172 struct user_namespace *user_ns, int cap) in sk_ns_capable() argument
174 return file_ns_capable(sk->sk_socket->file, user_ns, cap) && in sk_ns_capable()
175 ns_capable(user_ns, cap); in sk_ns_capable()
205 return sk_ns_capable(sk, sock_net(sk)->user_ns, cap); in sk_net_capable()
462 sockopt_ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW) || in sk_set_prio_allowed()
463 sockopt_ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)); in sk_set_prio_allowed()
1706 struct user_namespace *user_ns = current_user_ns(); in groups_to_user() local
1710 gid_t gid = from_kgid_munged(user_ns, src->gid[i]); in groups_to_user()
3003 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW) && in __sock_cmsg_send()
3004 !ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in __sock_cmsg_send()
[all …]
|
| A D | dev_ioctl.c | 774 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in dev_ioctl()
816 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in dev_ioctl()
|
| /net/ |
| A D | sysctl_net.c | 48 if (ns_capable_noaudit(net->user_ns, CAP_NET_ADMIN)) { in net_ctl_permissions()
63 ns_root_uid = make_kuid(net->user_ns, 0); in net_ctl_set_ownership()
67 ns_root_gid = make_kgid(net->user_ns, 0); in net_ctl_set_ownership()
|
| /net/smc/ |
| A D | smc_diag.c | 62 struct user_namespace *user_ns) in smc_diag_msg_attrs_fill() argument
67 r->diag_uid = from_kuid_munged(user_ns, sk_uid(sk)); in smc_diag_msg_attrs_fill()
79 struct user_namespace *user_ns; in __smc_diag_dump() local
97 user_ns = sk_user_ns(NETLINK_CB(cb->skb).sk); in __smc_diag_dump()
98 if (smc_diag_msg_attrs_fill(sk, skb, r, user_ns)) in __smc_diag_dump()
|
| /net/unix/ |
| A D | diag.c | 107 struct user_namespace *user_ns) in sk_diag_dump_uid() argument
109 uid_t uid = from_kuid_munged(user_ns, sk_uid(sk)); in sk_diag_dump_uid()
114 struct user_namespace *user_ns, in sk_diag_fill() argument
161 sk_diag_dump_uid(sk, skb, user_ns)) in sk_diag_fill()
|
| /net/8021q/ |
| A D | vlan.c | 600 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler()
610 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler()
619 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler()
628 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler()
643 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler()
650 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler()
|
| /net/xdp/ |
| A D | xsk_diag.c | 94 struct user_namespace *user_ns, in xsk_diag_fill() argument
122 from_kuid_munged(user_ns, sk_uid(sk)))) in xsk_diag_fill()
|
| /net/sunrpc/ |
| A D | svcauth_unix.c | 562 struct user_namespace *user_ns = m->file->f_cred->user_ns; in unix_gid_show() local
578 seq_printf(m, "%u %d:", from_kuid_munged(user_ns, ug->uid), glen); in unix_gid_show()
580 seq_printf(m, " %d", from_kgid_munged(user_ns, ug->gi->gid[i])); in unix_gid_show()
948 rqstp->rq_xprt->xpt_cred->user_ns : &init_user_ns; in svcauth_unix_accept()
|
| A D | auth_unix.c | 119 clnt->cl_cred->user_ns : &init_user_ns; in unx_marshal()
|
| A D | svcauth.c | 191 clnt->cl_cred->user_ns : &init_user_ns; in svcauth_map_clnt_to_svc_cred_local()
|
| A D | rpc_pipe.c | 1185 put_user_ns(fc->user_ns); in rpc_init_fs_context()
1186 fc->user_ns = get_user_ns(fc->net_ns->user_ns); in rpc_init_fs_context()
|
| /net/packet/ |
| A D | diag.c | 132 struct user_namespace *user_ns, in sk_diag_fill() argument
156 from_kuid_munged(user_ns, sk_uid(sk)))) in sk_diag_fill()
|
| /net/ipv4/ |
| A D | ip_options.c | 396 if (!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) { in __ip_options_compile()
431 if ((!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) || opt->cipso) { in __ip_options_compile()
444 if (!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) { in __ip_options_compile()
|
| A D | sysctl_net_ipv4.c | 167 struct user_namespace *user_ns = current_user_ns(); in ipv4_ping_group_range() local
180 urange[0] = from_kgid_munged(user_ns, low); in ipv4_ping_group_range()
181 urange[1] = from_kgid_munged(user_ns, high); in ipv4_ping_group_range()
185 low = make_kgid(user_ns, urange[0]); in ipv4_ping_group_range()
186 high = make_kgid(user_ns, urange[1]); in ipv4_ping_group_range()
|
| /net/xfrm/ |
| A D | xfrm_sysctl.c | 59 if (net->user_ns != &init_user_ns) in xfrm_sysctl_init()
|
| /net/ieee802154/ |
| A D | socket.c | 905 if (!ns_capable(net->user_ns, CAP_NET_ADMIN) && in dgram_setsockopt()
906 !ns_capable(net->user_ns, CAP_NET_RAW)) { in dgram_setsockopt()
929 if (!ns_capable(net->user_ns, CAP_NET_ADMIN) && in dgram_setsockopt()
930 !ns_capable(net->user_ns, CAP_NET_RAW)) { in dgram_setsockopt()
|
| /net/netlink/ |
| A D | af_netlink.c | 850 struct user_namespace *user_ns, int cap) in __netlink_ns_capable() argument
853 file_ns_capable(nsp->sk->sk_socket->file, user_ns, cap)) && in __netlink_ns_capable()
854 ns_capable(user_ns, cap); in __netlink_ns_capable()
869 struct user_namespace *user_ns, int cap) in netlink_ns_capable() argument
871 return __netlink_ns_capable(&NETLINK_CB(skb), user_ns, cap); in netlink_ns_capable()
902 return netlink_ns_capable(skb, sock_net(skb->sk)->user_ns, cap); in netlink_net_capable()
909 ns_capable(sock_net(sock->sk)->user_ns, CAP_NET_ADMIN); in netlink_allowed()
1444 if (!file_ns_capable(sk->sk_socket->file, p->net->user_ns, in do_one_broadcast()
1699 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_BROADCAST)) in netlink_setsockopt()
|
| /net/ipv6/ |
| A D | ipv6_sockglue.c | 309 if (optname != IPV6_RTHDR && !sockopt_ns_capable(net->user_ns, CAP_NET_RAW)) in ipv6_set_opt_hdr()
753 if (valbool && !sockopt_ns_capable(net->user_ns, CAP_NET_RAW) && in do_ipv6_setsockopt()
754 !sockopt_ns_capable(net->user_ns, CAP_NET_ADMIN)) { in do_ipv6_setsockopt()
937 if (!sockopt_ns_capable(net->user_ns, CAP_NET_ADMIN)) in do_ipv6_setsockopt()
|
| /net/sctp/ |
| A D | diag.c | 122 struct user_namespace *user_ns, in inet_sctp_diag_fill() argument
153 if (inet_diag_msg_attrs_fill(sk, skb, r, ext, user_ns, net_admin)) in inet_sctp_diag_fill()
|