Searched refs:CAP_MAC_ADMIN (Results 1 – 8 of 8) sorted by relevance
765 if (!capable(CAP_MAC_ADMIN)) in param_set_aalockpolicy()774 if (!capable(CAP_MAC_ADMIN)) in param_get_aalockpolicy()781 if (!capable(CAP_MAC_ADMIN)) in param_set_aabool()788 if (!capable(CAP_MAC_ADMIN)) in param_get_aabool()795 if (!capable(CAP_MAC_ADMIN)) in param_set_aauint()802 if (!capable(CAP_MAC_ADMIN)) in param_get_aauint()809 if (!capable(CAP_MAC_ADMIN)) in param_get_audit()821 if (!capable(CAP_MAC_ADMIN)) in param_set_audit()842 if (!capable(CAP_MAC_ADMIN)) in param_get_mode()854 if (!capable(CAP_MAC_ADMIN)) in param_set_mode()
933 if (!capable(CAP_MAC_ADMIN)) { in aa_may_manage_policy()
706 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_load()892 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_set_cipso()1195 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_netlbladdr()1372 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_doi()1439 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_direct()1517 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_mapped()1609 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_ambient()1692 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_onlycap()1778 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_unconfined()1849 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_logging()[all …]
653 if (!smack_privileged(CAP_MAC_ADMIN)) { in smack_sb_kern_mount()1129 if (check_priv && !smack_privileged(CAP_MAC_ADMIN)) in smack_inode_setxattr()1236 if (!smack_privileged(CAP_MAC_ADMIN)) in smack_inode_removexattr()3320 if (!smack_privileged(CAP_MAC_ADMIN)) in smack_setprocattr()
336 #define CAP_MAC_ADMIN 33 macro
63 name space. A process must have CAP_MAC_ADMIN to change any of these103 reading /proc/self/attr/current. A process with CAP_MAC_ADMIN209 This contains the label processes must have for CAP_MAC_ADMIN229 a process with CAP_MAC_ADMIN can write a label into this interface.502 A process with CAP_MAC_OVERRIDE or CAP_MAC_ADMIN is privileged.504 be denied otherwise. CAP_MAC_ADMIN allows a process to change
44 CAP_MAC_ADMIN, since we really are trying to lock down root.
3013 if (!capable(CAP_MAC_ADMIN)) { in selinux_inode_setxattr()3136 error = selinux_capable(current_cred(), &init_user_ns, CAP_MAC_ADMIN, in selinux_inode_getsecurity()5636 if (!capable(CAP_MAC_ADMIN)) { in selinux_setprocattr()