/linux-6.3-rc2/net/bridge/ |
A D | br_ioctl.c | 91 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in add_del_if() 219 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in br_dev_siocdevprivate() 226 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in br_dev_siocdevprivate() 233 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in br_dev_siocdevprivate() 240 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in br_dev_siocdevprivate() 280 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in br_dev_siocdevprivate() 287 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in br_dev_siocdevprivate() 296 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in br_dev_siocdevprivate() 310 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in br_dev_siocdevprivate() 379 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in old_deviceless() [all …]
|
/linux-6.3-rc2/include/linux/ |
A D | capability.h | 149 extern bool ns_capable(struct user_namespace *ns, int cap); 175 static inline bool ns_capable(struct user_namespace *ns, int cap) in ns_capable() function 207 return ns_capable(ns, CAP_CHECKPOINT_RESTORE) || in checkpoint_restore_ns_capable() 208 ns_capable(ns, CAP_SYS_ADMIN); in checkpoint_restore_ns_capable()
|
/linux-6.3-rc2/kernel/cgroup/ |
A D | namespace.c | 66 if (!ns_capable(user_ns, CAP_SYS_ADMIN)) in copy_cgroup_ns() 103 if (!ns_capable(nsset->cred->user_ns, CAP_SYS_ADMIN) || in cgroupns_install() 104 !ns_capable(cgroup_ns->user_ns, CAP_SYS_ADMIN)) in cgroupns_install()
|
/linux-6.3-rc2/kernel/ |
A D | capability.c | 381 bool ns_capable(struct user_namespace *ns, int cap) in ns_capable() function 385 EXPORT_SYMBOL(ns_capable); 436 return ns_capable(&init_user_ns, cap); in capable() 496 return ns_capable(ns, cap) && in capable_wrt_inode_uidgid()
|
A D | utsname.c | 145 if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) || in utsns_install() 146 !ns_capable(nsset->cred->user_ns, CAP_SYS_ADMIN)) in utsns_install()
|
A D | pid_sysctl.h | 20 if (write && !ns_capable(ns->user_ns, CAP_SYS_ADMIN)) in pid_mfd_noexec_dointvec_minmax()
|
A D | pid_namespace.c | 401 if (!ns_capable(new->user_ns, CAP_SYS_ADMIN) || in pidns_install() 402 !ns_capable(nsset->cred->user_ns, CAP_SYS_ADMIN)) in pidns_install()
|
A D | nsproxy.c | 165 } else if (!ns_capable(user_ns, CAP_SYS_ADMIN)) in copy_namespaces() 225 if (!ns_capable(user_ns, CAP_SYS_ADMIN)) in unshare_nsproxy_namespaces()
|
/linux-6.3-rc2/net/8021q/ |
A D | vlan.c | 576 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler() 586 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler() 595 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler() 604 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler() 619 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler() 626 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler()
|
/linux-6.3-rc2/security/ |
A D | commoncap.c | 150 if (ns_capable(child_cred->user_ns, CAP_SYS_PTRACE)) in cap_ptrace_access_check() 550 if (ns_capable(inode->i_sb->s_user_ns, CAP_SETFCAP)) in cap_convert_nscap() 920 if (!ns_capable(new->user_ns, CAP_SETUID) || in cap_bprm_creds_from_file() 1006 if (!ns_capable(user_ns, CAP_SYS_ADMIN)) in cap_inode_setxattr() 1050 if (!ns_capable(user_ns, CAP_SYS_ADMIN)) in cap_inode_removexattr() 1179 if (!is_subset && !ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE)) in cap_safe_nice() 1238 if (!ns_capable(current_user_ns(), CAP_SETPCAP)) in cap_prctl_drop()
|
/linux-6.3-rc2/ipc/ |
A D | namespace.c | 237 if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) || in ipcns_install() 238 !ns_capable(nsset->cred->user_ns, CAP_SYS_ADMIN)) in ipcns_install()
|
A D | util.c | 568 !ns_capable(ns->user_ns, CAP_IPC_OWNER)) in ipcperms() 743 ns_capable(ns->user_ns, CAP_SYS_ADMIN)) in ipcctl_obtain_check()
|
/linux-6.3-rc2/net/core/ |
A D | scm.c | 55 ns_capable(task_active_pid_ns(current)->user_ns, CAP_SYS_ADMIN)) && in scm_check_creds() 57 uid_eq(uid, cred->suid)) || ns_capable(cred->user_ns, CAP_SETUID)) && in scm_check_creds() 59 gid_eq(gid, cred->sgid)) || ns_capable(cred->user_ns, CAP_SETGID))) { in scm_check_creds()
|
A D | dev_ioctl.c | 539 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in dev_ioctl() 581 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in dev_ioctl()
|
A D | sock_diag.c | 303 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in sock_diag_destroy()
|
/linux-6.3-rc2/fs/ |
A D | attr.c | 107 ns_capable(inode->i_sb->s_user_ns, CAP_CHOWN)) in chown_ok() 138 ns_capable(inode->i_sb->s_user_ns, CAP_CHOWN)) in chgrp_ok()
|
A D | namespace.c | 1693 if (!ns_capable(sb->s_user_ns, CAP_SYS_ADMIN)) in do_umount() 1767 return ns_capable(current->nsproxy->mnt_ns->user_ns, CAP_SYS_ADMIN); in may_mount() 2703 if (ns_capable(sb->s_user_ns, CAP_SYS_ADMIN)) { in do_remount() 2771 if (!ns_capable(from->mnt_ns->user_ns, CAP_SYS_ADMIN)) in do_set_group() 2773 if (!ns_capable(to->mnt_ns->user_ns, CAP_SYS_ADMIN)) in do_set_group() 4010 if (!ns_capable(fs_userns, CAP_SYS_ADMIN)) in can_idmap_mount() 4246 if (!ns_capable(mnt_userns, CAP_SYS_ADMIN)) { in build_mount_idmapped() 4657 if (!ns_capable(mnt_ns->user_ns, CAP_SYS_ADMIN) || in mntns_install() 4658 !ns_capable(user_ns, CAP_SYS_CHROOT) || in mntns_install() 4659 !ns_capable(user_ns, CAP_SYS_ADMIN)) in mntns_install()
|
A D | init.c | 71 if (!ns_capable(current_user_ns(), CAP_SYS_CHROOT)) in init_chroot()
|
A D | ioctl.c | 390 if (!ns_capable(sb->s_user_ns, CAP_SYS_ADMIN)) in ioctl_fsfreeze() 407 if (!ns_capable(sb->s_user_ns, CAP_SYS_ADMIN)) in ioctl_fsthaw()
|
/linux-6.3-rc2/security/yama/ |
A D | yama_lsm.c | 371 !ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE)) in yama_ptrace_access_check() 377 if (!ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE)) in yama_ptrace_access_check()
|
/linux-6.3-rc2/net/ipv4/ |
A D | ip_options.c | 396 if (!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) { in __ip_options_compile() 431 if ((!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) || opt->cipso) { in __ip_options_compile() 444 if (!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) { in __ip_options_compile()
|
/linux-6.3-rc2/kernel/time/ |
A D | namespace.c | 312 if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) || in timens_install() 313 !ns_capable(nsset->cred->user_ns, CAP_SYS_ADMIN)) in timens_install()
|
/linux-6.3-rc2/security/keys/ |
A D | persistent.c | 149 !ns_capable(ns, CAP_SETUID)) in keyctl_get_persistent()
|
/linux-6.3-rc2/net/ieee802154/ |
A D | socket.c | 907 if (!ns_capable(net->user_ns, CAP_NET_ADMIN) && in dgram_setsockopt() 908 !ns_capable(net->user_ns, CAP_NET_RAW)) { in dgram_setsockopt() 931 if (!ns_capable(net->user_ns, CAP_NET_ADMIN) && in dgram_setsockopt() 932 !ns_capable(net->user_ns, CAP_NET_RAW)) { in dgram_setsockopt()
|
/linux-6.3-rc2/net/ipv6/ |
A D | datagram.c | 876 if (!ns_capable(net->user_ns, CAP_NET_RAW)) { in ip6_datagram_send_ctl() 896 if (!ns_capable(net->user_ns, CAP_NET_RAW)) { in ip6_datagram_send_ctl() 921 if (!ns_capable(net->user_ns, CAP_NET_RAW)) { in ip6_datagram_send_ctl()
|