Lines Matching refs:that

37      Objects are things in the system that may be acted upon directly by
53      Amongst the credentials of most objects, there will be a subset that
54      indicates the ownership of that object.  This is used for resource
62      Also amongst the credentials of those objects, there will be a subset that
63      indicates the 'objective context' of that object.  This may or may not be
67      The objective context is used as part of the security calculation that is
72      A subject is an object that is acting upon another object.
80      given to it by a task that called fcntl(F_SETOWN) upon it.  In this case,
87      is used as part of the security calculation that is carried out when a
92      from the real UID and GID that normally form the objective context of the
97      Linux has a number of actions available that a subject may perform upon an
120 	 A traditional UNIX file, for example, includes a permissions mask that
128 	 that grants various permissions to arbitrary subjects.
132 	 The system as a whole may have one or more sets of rules that get
139 	 that says that this action is either granted or denied.
156      that object, with tasks being slightly different in some cases.
164      will be used as the objective.  For tasks, it should be noted that this is
175      granted piecemeal to a task that an ordinary task wouldn't otherwise have.
180      The permitted capabilities are those caps that the process might grant
184      The effective capabilities are the ones that a task is actually allowed to
187      The inheritable capabilities are the ones that may get passed across
190      The bounding set limits the capabilities that may be inherited across
191      execve(), especially when a binary is executed that will execute as UID 0.
203      that don't fit into the other standard UNIX credentials.  They are for
224      operations that a task may do.  Currently Linux supports several LSM
228      rules (policies) that say what operations a task with one label may do to
240 recorded in the file struct created.  This allows operations using that file
242 that issued the operation.  An example of this would be a file opened on a
251 Files on disk or obtained over the network may have annotations that form the
252 objective security context of that file.  Depending on the type of filesystem,
372 and functions for getting references to one of the credentials that don't
437 from that before dropping the lock.  This prevents the potentially expensive
458 alter those of another task.  This means that it doesn't need to use any
491 This function is guaranteed to return 0, so that it can be tail-called at the
494 Note that this function consumes the caller's reference to the new credentials.
506 This releases the lock on current->cred_replace_mutex that prepare_creds() got
546      that set of credentials.
550      This gets a reference on a set of credentials that is under construction
551      and is thus still mutable, returning a pointer to that set of credentials.
560 'f_uid' and 'f_gid'.  Code that used to access file->f_uid and file->f_gid
574 the VFS, and that can be done by calling into such as vfs_mkdir() with a