Home
last modified time | relevance | path

Searched refs:this (Results 1 – 18 of 18) sorted by relevance

/security/landlock/
A Druleset.c227 struct landlock_rule *const this = in insert_rule() local
230 if (this->key.data != id.key.data) { in insert_rule()
232 if (this->key.data < id.key.data) in insert_rule()
249 if (WARN_ON_ONCE(this->num_layers != 1)) in insert_rule()
257 if (WARN_ON_ONCE(this->layers[0].level == 0)) in insert_rule()
264 new_rule = create_rule(id, &this->layers, this->num_layers, in insert_rule()
269 free_rule(this, id.type); in insert_rule()
595 struct landlock_rule *this = in landlock_find_rule() local
598 if (this->key.data == id.key.data) in landlock_find_rule()
599 return this; in landlock_find_rule()
[all …]
A DKconfig20 If you are unsure how to answer this question, answer N. Otherwise,
37 If you are unsure how to answer this question, answer N.
/security/selinux/
A DKconfig10 If you are unsure how to answer this question, answer N.
18 to be disabled at boot. If this option is selected, SELinux
20 command line. The purpose of this option is to allow a single
24 If you are unsure how to answer this question, answer N.
33 policies. If unsure, say Y. With this option enabled, the
68 conversion. Setting this option to 0 disables the cache completely.
78 developers, unless you know what this does in the kernel code you
79 should leave this disabled.
A Dnetif.c253 static int sel_netif_netdev_notifier_handler(struct notifier_block *this, in sel_netif_netdev_notifier_handler() argument
A Dhooks.c1311 #error New address family defined, please update this function. in socket_type_to_security_class()
/security/
A DKconfig17 If this option is not selected, no restrictions will be enforced
20 If you are unsure how to answer this question, answer N.
70 this config can't be enabled universally.
86 If you are unsure how to answer this question, answer N.
99 If you are unsure how to answer this question, answer N.
108 If you are unsure how to answer this question, answer N.
117 If you are unsure how to answer this question, answer N.
130 If you are unsure how to answer this question, answer N.
139 If you are unsure how to answer this question, answer N.
207 disabled, choose this option and then set
[all …]
A DKconfig.hardening106 are advised to test this feature on your expected workload before
136 with a stack frame size greater than or equal to this parameter.
144 If this is set, KSTACK_ERASE metrics for every task are available
147 previous syscalls. Although this information is not precise, it
204 and information exposures. Additionally, this helps reduce the
262 Select this option if the kernel should BUG when it encounters
281 If you enable this, the layouts of structures that are entirely
289 Enabling this feature will introduce some performance impact,
A Ddevice_cgroup.c532 struct list_head *this, *tmp; in revalidate_active_exceptions() local
534 list_for_each_safe(this, tmp, &devcg->exceptions) { in revalidate_active_exceptions()
535 ex = container_of(this, struct dev_exception_item, list); in revalidate_active_exceptions()
/security/tomoyo/
A DKconfig14 If you are unsure how to answer this question, answer N.
38 If you don't need audit logs, you may set this value to 0.
63 activation. You can override this setting via TOMOYO_loader= kernel
73 You can override this setting via TOMOYO_trigger= kernel command line
83 Enabling this option forces minimal built-in policy and disables
85 this option only if this kernel is built for doing fuzzing tests.
/security/smack/
A DKconfig14 If you are unsure how to answer this question, answer N.
32 If you are unsure how to answer this question, answer N.
43 If you are unsure how to answer this question, answer N.
51 receiving process. If this option is selected, the delivery
55 If you are unsure how to answer this question, answer N.
/security/yama/
A DKconfig10 Like capabilities, this security module stacks with other LSMs.
14 If you are unsure how to answer this question, answer N.
/security/keys/
A DKconfig22 If you are unsure as to whether this is required, answer N.
69 If you are unsure as to whether this is required, answer N.
80 If you are unsure as to whether this is required, answer N.
103 If you are unsure as to whether this is required, answer N.
113 If you are unsure as to whether this is required, answer N.
126 If you are unsure as to whether this is required, answer N.
/security/apparmor/
A Dlabel.c687 int result = label_cmp(label, this); in __label_insert()
697 if (__aa_get_label(this)) in __label_insert()
698 return this; in __label_insert()
700 __proxy_share(this, label); in __label_insert()
701 AA_BUG(!__label_replace(this, label)); in __label_insert()
741 int result = vec_cmp(this->vec, this->size, vec, n); in __vec_find()
748 return __aa_get_label(this); in __vec_find()
1155 return __aa_get_label(this); in __label_find_merge()
1966 if (labels_ns(this) != root_ns) in aa_labelset_destroy()
1967 __label_remove(this, in aa_labelset_destroy()
[all …]
A DKconfig16 If you are unsure how to answer this question, answer N.
/security/integrity/evm/
A DKconfig15 If you are unsure how to answer this question, answer N.
40 in the HMAC calculation, enabling this option includes newly defined
55 When this option is enabled, root can add additional xattrs to the
/security/integrity/ima/
A DKconfig26 an aggregate integrity value over this list inside the
61 Disabling this option will disregard LSM based policy rules.
177 Depending on the rules configured, this policy may require kernel
188 including the regulatory.db. If both this option and
197 Enabling this rule will require all kexec'ed kernel images to
202 kexec_load syscall. Enabling this rule will prevent its
210 Enabling this rule will require all kernel modules to be signed
214 via the finit_module syscall. Enabling this rule will prevent
222 Enabling this rule will require the IMA policy to be signed and
/security/safesetid/
A DKconfig15 If you are unsure how to answer this question, answer N.
/security/integrity/
A DKconfig123 In addition to enabling integrity auditing support, this

Completed in 33 milliseconds