Home
last modified time | relevance | path

Searched refs:CAP_MAC_ADMIN (Results 1 – 8 of 8) sorted by relevance

/linux-6.3-rc2/security/smack/
A Dsmackfs.c666 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_load()
851 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_set_cipso()
1181 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_net4addr()
1440 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_net6addr()
1611 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_doi()
1678 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_direct()
1756 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_mapped()
1848 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_ambient()
2023 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_onlycap()
2113 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_unconfined()
[all …]
A Dsmack_lsm.c768 if (!smack_privileged(CAP_MAC_ADMIN)) { in smack_set_mnt_opts()
1253 if (check_priv && !smack_privileged(CAP_MAC_ADMIN)) in smack_inode_setxattr()
1358 if (!smack_privileged(CAP_MAC_ADMIN)) in smack_inode_removexattr()
3601 if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel)) in smack_setprocattr()
3621 if (!smack_privileged(CAP_MAC_ADMIN)) { in smack_setprocattr()
4812 if (smack_privileged_cred(CAP_MAC_ADMIN, current_cred())) in smack_uring_sqpoll()
/linux-6.3-rc2/include/uapi/linux/
A Dcapability.h357 #define CAP_MAC_ADMIN 33 macro
/linux-6.3-rc2/security/safesetid/
A Dsecurityfs.c240 if (!file_ns_capable(file, &init_user_ns, CAP_MAC_ADMIN)) in safesetid_uid_file_write()
254 if (!file_ns_capable(file, &init_user_ns, CAP_MAC_ADMIN)) in safesetid_gid_file_write()
/linux-6.3-rc2/Documentation/admin-guide/LSM/
A DSmack.rst79 name space. A process must have ``CAP_MAC_ADMIN`` to change any of these
124 reading ``/proc/self/attr/current``. A process with ``CAP_MAC_ADMIN``
282 This contains labels processes must have for CAP_MAC_ADMIN
311 a process with ``CAP_MAC_ADMIN`` can write a label into this interface.
321 if it has ``CAP_MAC_ADMIN``. This interface allows a process without
322 ``CAP_MAC_ADMIN`` to relabel itself to one of labels from predefined list.
323 A process without ``CAP_MAC_ADMIN`` can change its label only once. When it
619 A process with CAP_MAC_OVERRIDE or CAP_MAC_ADMIN is privileged.
621 be denied otherwise. CAP_MAC_ADMIN allows a process to change
/linux-6.3-rc2/Documentation/admin-guide/cgroup-v1/
A Ddevices.rst49 CAP_MAC_ADMIN, since we really are trying to lock down root.
/linux-6.3-rc2/security/apparmor/
A Dpolicy.c795 bool capable = policy_ns_capable(label, user_ns, CAP_MAC_ADMIN) == 0; in aa_policy_admin_capable()
/linux-6.3-rc2/security/selinux/
A Dhooks.c3141 if (cap_capable(cred, &init_user_ns, CAP_MAC_ADMIN, opts)) in has_cap_mac_admin()
3143 if (cred_has_capability(cred, CAP_MAC_ADMIN, opts, true)) in has_cap_mac_admin()

Completed in 32 milliseconds