credentials.txt - OpenGrok cross reference for /linux-4.4.14/Documentation/security/credentials.txt

Lines Matching refs:may
37      Objects are things in the system that may be acted upon directly by
63      indicates the 'objective context' of that object.  This may or may not be
78      Objects other than tasks may under some circumstances also be subjects.
79      For instance an open file may send SIGIO to a task using the UID and EUID
97      Linux has a number of actions available that a subject may perform upon an
118 	 file may supply more than one ACL.
122 	 'group' and 'other'), each of which may be granted certain privileges
132 	 The system as a whole may have one or more sets of rules that get
187      The inheritable capabilities are the ones that may get passed across
190      The bounding set limits the capabilities that may be inherited across
209      be searched for the desired key.  Each process may subscribe to a number
224      operations that a task may do.  Currently Linux supports several LSM
228      rules (policies) that say what operations a task with one label may do to
251 Files on disk or obtained over the network may have annotations that form the
253 this may include one or more of the following:
269 privilege escalation bits come into play, and may allow the resulting process
282 Once a set of credentials has been prepared and committed, it may not be
285  (1) its reference count may be changed;
287  (2) the reference count on the group_info struct it points to may be changed;
289  (3) the reference count on the security data it points to may be changed;
291  (4) the reference count on any keyrings it points to may be changed;
293  (5) any keyrings it points to may be revoked, expired or have their security
296  (6) the contents of any keyrings to which it points may be changed (the whole
305 A task may only alter its _own_ credentials; it is no longer permitted for a
310 instantiating process may need to create them.
319  (1) The reference count may be altered.
321  (2) Whilst the keyring subscriptions of a set of credentials may not be
322      changed, the keyrings subscribed to may have their contents altered.
388 Whilst a task may access its own credentials without the need for locking, the
421      get_cred() as this may race with commit_cred().
450 magic.  This may not be used for pointer members as what they point to may
457 As previously mentioned, a task may only alter its own credentials, and may not
472 the ptrace state may alter the outcome, particularly in the case of execve().
498 those credentials may _not_ be changed further.