| /linux/drivers/net/ethernet/marvell/prestera/ |
| A D | prestera_acl.c | 147 ruleset = kzalloc(sizeof(*ruleset), GFP_KERNEL); in prestera_acl_ruleset_create()
148 if (!ruleset) in prestera_acl_ruleset_create()
235 prestera_acl_vtcam_id_put(ruleset->acl, ruleset->vtcam_id); in prestera_acl_ruleset_offload()
290 if (!ruleset) in prestera_acl_ruleset_lookup()
389 if (ruleset->ingress != rule->ruleset->ingress) in prestera_acl_ruleset_prio_refresh()
445 rule->ruleset = ruleset; in prestera_acl_rule_create()
473 ruleset->prio.min = min(ruleset->prio.min, prio); in prestera_acl_ruleset_prio_update()
474 ruleset->prio.max = max(ruleset->prio.max, prio); in prestera_acl_ruleset_prio_update()
481 struct prestera_acl_ruleset *ruleset = rule->ruleset; in prestera_acl_rule_add() local
532 struct prestera_acl_ruleset *ruleset = rule->ruleset; in prestera_acl_rule_del() local
[all …]
|
| A D | prestera_flower.c | 50 if (IS_ERR(ruleset)) in prestera_flower_parse_goto_action()
51 return PTR_ERR(ruleset); in prestera_flower_parse_goto_action()
56 rule->jump_ruleset = ruleset; in prestera_flower_parse_goto_action()
410 if (IS_ERR(ruleset)) in prestera_flower_prio_get()
411 return PTR_ERR(ruleset); in prestera_flower_prio_get()
430 if (IS_ERR(ruleset)) in prestera_flower_replace()
431 return PTR_ERR(ruleset); in prestera_flower_replace()
474 if (IS_ERR(ruleset)) in prestera_flower_destroy()
526 template->ruleset = ruleset; in prestera_flower_tmplt_create()
565 if (IS_ERR(ruleset)) in prestera_flower_stats()
[all …]
|
| A D | prestera_acl.h | 130 struct prestera_acl_ruleset *ruleset; member
156 prestera_acl_rule_create(struct prestera_acl_ruleset *ruleset,
162 prestera_acl_rule_lookup(struct prestera_acl_ruleset *ruleset,
188 int prestera_acl_ruleset_keymask_set(struct prestera_acl_ruleset *ruleset,
190 bool prestera_acl_ruleset_is_offload(struct prestera_acl_ruleset *ruleset);
191 int prestera_acl_ruleset_offload(struct prestera_acl_ruleset *ruleset);
192 void prestera_acl_ruleset_put(struct prestera_acl_ruleset *ruleset);
193 int prestera_acl_ruleset_bind(struct prestera_acl_ruleset *ruleset,
195 int prestera_acl_ruleset_unbind(struct prestera_acl_ruleset *ruleset,
197 u32 prestera_acl_ruleset_index_get(const struct prestera_acl_ruleset *ruleset);
[all …]
|
| /linux/security/landlock/ |
| A D | syscalls.c | 122 landlock_put_ruleset(ruleset); in fop_ruleset_release()
226 if (IS_ERR(ruleset)) in SYSCALL_DEFINE3()
227 return PTR_ERR(ruleset); in SYSCALL_DEFINE3()
253 ruleset = ERR_PTR(-EBADFD); in get_ruleset_from_fd()
257 ruleset = ERR_PTR(-EPERM); in get_ruleset_from_fd()
262 ruleset = ERR_PTR(-EINVAL); in get_ruleset_from_fd()
269 return ruleset; in get_ruleset_from_fd()
430 if (IS_ERR(ruleset)) in SYSCALL_DEFINE4()
431 return PTR_ERR(ruleset); in SYSCALL_DEFINE4()
498 if (IS_ERR(ruleset)) in SYSCALL_DEFINE2()
[all …]
|
| A D | ruleset.h | 255 int landlock_insert_rule(struct landlock_ruleset *const ruleset,
261 struct landlock_ruleset *const ruleset);
269 if (ruleset) in landlock_get_ruleset()
270 refcount_inc(&ruleset->usage); in landlock_get_ruleset()
337 ruleset->access_masks[layer_level].fs |= fs_mask; in landlock_add_fs_access_mask()
349 ruleset->access_masks[layer_level].net |= net_mask; in landlock_add_net_access_mask()
353 landlock_add_scope_mask(struct landlock_ruleset *const ruleset, in landlock_add_scope_mask() argument
360 ruleset->access_masks[layer_level].scope |= mask; in landlock_add_scope_mask()
368 return ruleset->access_masks[layer_level].fs | in landlock_get_fs_access_mask()
376 return ruleset->access_masks[layer_level].net; in landlock_get_net_access_mask()
[all …]
|
| A D | ruleset.c | 145 return &ruleset->root_inode; in get_root()
149 return &ruleset->root_net_port; in get_root()
216 root = get_root(ruleset, id.type); in insert_rule()
277 ruleset->num_rules++; in insert_rule()
501 kfree(ruleset); in free_ruleset()
507 if (ruleset && refcount_dec_and_test(&ruleset->usage)) in landlock_put_ruleset()
508 free_ruleset(ruleset); in landlock_put_ruleset()
513 struct landlock_ruleset *ruleset; in free_ruleset_work() local
516 free_ruleset(ruleset); in free_ruleset_work()
521 if (ruleset && refcount_dec_and_test(&ruleset->usage)) { in landlock_put_ruleset_deferred()
[all …]
|
| A D | net.c | 20 int landlock_append_net_rule(struct landlock_ruleset *const ruleset, in landlock_append_net_rule() argument
33 ~landlock_get_net_access_mask(ruleset, 0); in landlock_append_net_rule()
35 mutex_lock(&ruleset->lock); in landlock_append_net_rule()
36 err = landlock_insert_rule(ruleset, id, access_rights); in landlock_append_net_rule()
37 mutex_unlock(&ruleset->lock); in landlock_append_net_rule()
|
| A D | net.h | 18 int landlock_append_net_rule(struct landlock_ruleset *const ruleset,
26 landlock_append_net_rule(struct landlock_ruleset *const ruleset, const u16 port, in landlock_append_net_rule() argument
|
| A D | Makefile | 3 landlock-y := setup.o syscalls.o object.o ruleset.o \
|
| A D | fs.h | 98 int landlock_append_fs_rule(struct landlock_ruleset *const ruleset,
|
| A D | fs.c | 317 int landlock_append_fs_rule(struct landlock_ruleset *const ruleset, in landlock_append_fs_rule() argument
330 if (WARN_ON_ONCE(ruleset->num_layers != 1)) in landlock_append_fs_rule()
335 ~landlock_get_fs_access_mask(ruleset, 0); in landlock_append_fs_rule()
339 mutex_lock(&ruleset->lock); in landlock_append_fs_rule()
340 err = landlock_insert_rule(ruleset, id, access_rights); in landlock_append_fs_rule()
341 mutex_unlock(&ruleset->lock); in landlock_append_fs_rule()
|
| /linux/drivers/net/ethernet/mellanox/mlxsw/ |
| A D | spectrum_acl.c | 178 if (!ruleset) in mlxsw_sp_acl_ruleset_create()
200 return ruleset; in mlxsw_sp_acl_ruleset_create()
207 kfree(ruleset); in mlxsw_sp_acl_ruleset_create()
265 if (!ruleset) in mlxsw_sp_acl_ruleset_lookup()
285 if (ruleset) { in mlxsw_sp_acl_ruleset_get()
832 rule->ruleset = ruleset; in mlxsw_sp_acl_rule_create()
852 struct mlxsw_sp_acl_ruleset *ruleset = rule->ruleset; in mlxsw_sp_acl_rule_destroy() local
862 struct mlxsw_sp_acl_ruleset *ruleset = rule->ruleset; in mlxsw_sp_acl_rule_add() local
906 struct mlxsw_sp_acl_ruleset *ruleset = rule->ruleset; in mlxsw_sp_acl_rule_del() local
928 struct mlxsw_sp_acl_ruleset *ruleset = rule->ruleset; in mlxsw_sp_acl_rule_action_replace() local
[all …]
|
| A D | spectrum_flower.c | 131 struct mlxsw_sp_acl_ruleset *ruleset; in mlxsw_sp_flower_parse_actions() local
137 if (IS_ERR(ruleset)) in mlxsw_sp_flower_parse_actions()
138 return PTR_ERR(ruleset); in mlxsw_sp_flower_parse_actions()
746 if (IS_ERR(ruleset)) in mlxsw_sp_flower_replace()
747 return PTR_ERR(ruleset); in mlxsw_sp_flower_replace()
791 if (IS_ERR(ruleset)) in mlxsw_sp_flower_destroy()
819 if (WARN_ON(IS_ERR(ruleset))) in mlxsw_sp_flower_stats()
860 return PTR_ERR_OR_ZERO(ruleset); in mlxsw_sp_flower_tmplt_create()
872 if (IS_ERR(ruleset)) in mlxsw_sp_flower_tmplt_destroy()
889 if (IS_ERR(ruleset)) in mlxsw_sp_flower_prio_get()
[all …]
|
| A D | spectrum2_mr_tcam.c | 36 struct mlxsw_sp_acl_ruleset *ruleset) in mlxsw_sp2_mr_tcam_bind_group() argument
41 group_id = mlxsw_sp_acl_ruleset_group_id(ruleset); in mlxsw_sp2_mr_tcam_bind_group()
218 struct mlxsw_sp_acl_ruleset *ruleset; in mlxsw_sp2_mr_tcam_route_create() local
224 if (WARN_ON(!ruleset)) in mlxsw_sp2_mr_tcam_route_create()
227 rule = mlxsw_sp_acl_rule_create(mlxsw_sp, ruleset, in mlxsw_sp2_mr_tcam_route_create()
251 struct mlxsw_sp_acl_ruleset *ruleset; in mlxsw_sp2_mr_tcam_route_destroy() local
255 if (WARN_ON(!ruleset)) in mlxsw_sp2_mr_tcam_route_destroy()
258 rule = mlxsw_sp_acl_rule_lookup(mlxsw_sp, ruleset, in mlxsw_sp2_mr_tcam_route_destroy()
275 struct mlxsw_sp_acl_ruleset *ruleset; in mlxsw_sp2_mr_tcam_route_update() local
279 if (WARN_ON(!ruleset)) in mlxsw_sp2_mr_tcam_route_update()
[all …]
|
| A D | spectrum_acl_tcam.c | 1710 mlxsw_sp_acl_tcam_vgroup_del(&ruleset->vgroup); in mlxsw_sp_acl_tcam_flower_ruleset_del()
1742 return mlxsw_sp_acl_tcam_group_id(&ruleset->vgroup.group); in mlxsw_sp_acl_tcam_flower_ruleset_group_id()
1814 struct mlxsw_sp_acl_tcam_mr_ruleset *ruleset = ruleset_priv; in mlxsw_sp_acl_tcam_mr_ruleset_add() local
1831 ruleset->vchunk = mlxsw_sp_acl_tcam_vchunk_get(mlxsw_sp, in mlxsw_sp_acl_tcam_mr_ruleset_add()
1832 &ruleset->vgroup, 1, in mlxsw_sp_acl_tcam_mr_ruleset_add()
1834 if (IS_ERR(ruleset->vchunk)) { in mlxsw_sp_acl_tcam_mr_ruleset_add()
1835 err = PTR_ERR(ruleset->vchunk); in mlxsw_sp_acl_tcam_mr_ruleset_add()
1842 mlxsw_sp_acl_tcam_vgroup_del(&ruleset->vgroup); in mlxsw_sp_acl_tcam_mr_ruleset_add()
1851 mlxsw_sp_acl_tcam_vchunk_put(mlxsw_sp, ruleset->vchunk); in mlxsw_sp_acl_tcam_mr_ruleset_del()
1852 mlxsw_sp_acl_tcam_vgroup_del(&ruleset->vgroup); in mlxsw_sp_acl_tcam_mr_ruleset_del()
[all …]
|
| /linux/Documentation/userspace-api/ |
| A D | landlock.rst | 50 We first need to define the ruleset that will contain our rules.
140 perror("Failed to create a ruleset");
147 denied by the ruleset. To add ``/usr`` to the ruleset, we open it with the
171 perror("Failed to update ruleset");
212 perror("Failed to enforce ruleset");
223 with the new ruleset.
448 Creating a new ruleset
457 Extending a ruleset
467 Enforcing a ruleset
495 restrict such paths with dedicated ruleset flags.
[all …]
|
| /linux/Documentation/security/ |
| A D | landlock.rst | 42 * Computation related to Landlock operations (e.g. enforcing a ruleset) shall
112 A domain is a read-only ruleset tied to a set of subjects (i.e. tasks'
113 credentials). Each time a ruleset is enforced on a task, the current domain is
114 duplicated and the ruleset is imported as a new layer of rules in the new
119 of a ruleset provided by the task.
124 .. kernel-doc:: security/landlock/ruleset.h
|
| /linux/tools/testing/selftests/net/netfilter/ |
| A D | nft_queue.sh | 254 ip netns exec "$nsrouter" nft list ruleset
317 flush ruleset
362 flush ruleset
388 ip netns exec "$ns1" nft list ruleset
423 flush ruleset
500 flush ruleset
569 flush ruleset
585 ip netns exec "$ns1" nft flush ruleset
633 ip netns exec "$ns1" nft flush ruleset
|
| A D | conntrack_vrf.sh | 133 ip netns exec "$ns0" nft list ruleset
152 flush ruleset
199 flush ruleset
225 flush ruleset
|
| A D | nft_fib.sh | 201 ip netns exec "$ns1" nft flush ruleset
202 ip netns exec "$ns2" nft flush ruleset
203 ip netns exec "$nsrouter" nft flush ruleset
228 ip -net "$nsrouter" nft list ruleset
|
| A D | nft_flowtable.sh | 464 ip netns exec "$nsr1" nft list ruleset
499 ip netns exec "$nsr1" nft list ruleset
519 ip netns exec "$nsr1" nft list ruleset
557 ip netns exec "$nsr1" nft list ruleset
581 ip netns exec "$nsr1" nft list ruleset
651 ip netns exec "$nsr1" nft list ruleset 1>&2
|
| A D | br_netfilter.sh | 33 ip netns exec "$ns0" nft list ruleset
50 ip netns exec "$ns0" nft list ruleset
|
| /linux/include/linux/crush/ |
| A D | mapper.h | 14 extern int crush_find_rule(const struct crush_map *map, int ruleset, int type, int size);
|
| /linux/security/safesetid/ |
| A D | securityfs.c | 264 … size_t len, loff_t *ppos, struct mutex *policy_update_lock, struct __rcu setid_ruleset* ruleset) in safesetid_file_read() argument
271 pol = rcu_dereference_protected(ruleset, lockdep_is_held(policy_update_lock)); in safesetid_file_read()
|
| /linux/tools/testing/selftests/net/mptcp/ |
| A D | mptcp_connect.sh | 696 flush ruleset
722 ip netns exec "$listener_ns" nft flush ruleset
730 ip netns exec "$listener_ns" nft flush ruleset
746 ip netns exec "$listener_ns" nft flush ruleset
|