| /linux-4.1.27/net/bridge/ |
| D | br_ioctl.c | 92 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in add_del_if()
182 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
188 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
194 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
200 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
240 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
247 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
258 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
275 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
332 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in old_deviceless()
[all …]
|
| D | br_sysfs_br.c | 40 if (!ns_capable(dev_net(br->dev)->user_ns, CAP_NET_ADMIN)) in store_bridge_parm()
133 if (!ns_capable(dev_net(br->dev)->user_ns, CAP_NET_ADMIN)) in stp_state_store()
167 if (!ns_capable(dev_net(br->dev)->user_ns, CAP_NET_ADMIN)) in group_fwd_mask_store()
299 if (!ns_capable(dev_net(br->dev)->user_ns, CAP_NET_ADMIN)) in group_addr_store()
339 if (!ns_capable(dev_net(br->dev)->user_ns, CAP_NET_ADMIN)) in flush_store()
|
| D | br_sysfs_if.c | 245 if (!ns_capable(dev_net(p->dev)->user_ns, CAP_NET_ADMIN)) in brport_store()
|
| /linux-4.1.27/kernel/ |
| D | capability.c | 375 bool ns_capable(struct user_namespace *ns, int cap) in ns_capable() function
388 EXPORT_SYMBOL(ns_capable);
403 return ns_capable(&init_user_ns, cap); in capable()
446 return ns_capable(ns, cap) && kuid_has_mapping(ns, inode->i_uid) && in capable_wrt_inode_uidgid()
|
| D | utsname.c | 123 if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) || in utsns_install()
124 !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) in utsns_install()
|
| D | pid_namespace.c | 279 if (write && !ns_capable(pid_ns->user_ns, CAP_SYS_ADMIN)) in pid_ns_ctl_handler()
365 if (!ns_capable(new->user_ns, CAP_SYS_ADMIN) || in pidns_install()
366 !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) in pidns_install()
|
| D | sys.c | 142 if (ns_capable(pcred->user_ns, CAP_SYS_NICE)) in set_one_prio_perm()
354 ns_capable(old->user_ns, CAP_SETGID)) in SYSCALL_DEFINE2()
363 ns_capable(old->user_ns, CAP_SETGID)) in SYSCALL_DEFINE2()
404 if (ns_capable(old->user_ns, CAP_SETGID)) in SYSCALL_DEFINE1()
488 !ns_capable(old->user_ns, CAP_SETUID)) in SYSCALL_DEFINE2()
497 !ns_capable(old->user_ns, CAP_SETUID)) in SYSCALL_DEFINE2()
551 if (ns_capable(old->user_ns, CAP_SETUID)) { in SYSCALL_DEFINE1()
608 if (!ns_capable(old->user_ns, CAP_SETUID)) { in SYSCALL_DEFINE3()
692 if (!ns_capable(old->user_ns, CAP_SETGID)) { in SYSCALL_DEFINE3()
766 ns_capable(old->user_ns, CAP_SETUID)) { in SYSCALL_DEFINE1()
[all …]
|
| D | nsproxy.c | 136 if (!ns_capable(user_ns, CAP_SYS_ADMIN)) in copy_namespaces()
187 if (!ns_capable(user_ns, CAP_SYS_ADMIN)) in unshare_nsproxy_namespaces()
|
| D | reboot.c | 288 if (!ns_capable(pid_ns->user_ns, CAP_SYS_BOOT)) in SYSCALL_DEFINE4()
|
| D | groups.c | 218 return ns_capable(user_ns, CAP_SETGID) && in may_setgroups()
|
| D | user_namespace.c | 846 if (ns_capable(ns->parent, cap_setid) && in new_idmap_permitted()
986 if (!ns_capable(user_ns, CAP_SYS_ADMIN)) in userns_install()
|
| D | ptrace.c | 347 if (ns_capable(__task_cred(task)->user_ns, CAP_SYS_PTRACE)) in ptrace_attach()
|
| D | signal.c | 754 if (ns_capable(tcred->user_ns, CAP_KILL)) in kill_ok_by_cred()
|
| /linux-4.1.27/net/8021q/ |
| D | vlan.c | 539 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler()
549 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler()
558 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler()
567 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler()
583 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler()
590 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler()
|
| /linux-4.1.27/ipc/ |
| D | namespace.c | 158 if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) || in ipcns_install()
159 !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) in ipcns_install()
|
| D | util.c | 502 !ns_capable(ns->user_ns, CAP_IPC_OWNER)) in ipcperms()
708 ns_capable(ns->user_ns, CAP_SYS_ADMIN)) in ipcctl_pre_down_nolock()
|
| D | shm.c | 1027 if (!ns_capable(ns->user_ns, CAP_IPC_LOCK)) { in SYSCALL_DEFINE3()
|
| D | mqueue.c | 335 if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN)) in mqueue_mount()
|
| /linux-4.1.27/net/core/ |
| D | scm.c | 57 ns_capable(task_active_pid_ns(current)->user_ns, CAP_SYS_ADMIN)) && in scm_check_creds()
59 uid_eq(uid, cred->suid)) || ns_capable(cred->user_ns, CAP_SETUID)) && in scm_check_creds()
61 gid_eq(gid, cred->sgid)) || ns_capable(cred->user_ns, CAP_SETGID))) { in scm_check_creds()
|
| D | dev_ioctl.c | 477 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in dev_ioctl()
525 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in dev_ioctl()
|
| D | net_namespace.c | 949 if (!ns_capable(net->user_ns, CAP_SYS_ADMIN) || in netns_install()
950 !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) in netns_install()
|
| D | net-sysfs.c | 89 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in netdev_store()
363 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ifalias_store()
1370 return ns_capable(net->user_ns, CAP_SYS_ADMIN); in net_current_may_mount()
|
| D | sock.c | 162 ns_capable(user_ns, cap); in sk_ns_capable()
556 if (!ns_capable(net->user_ns, CAP_NET_RAW)) in sock_setbindtodevice()
800 ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in sock_setsockopt()
940 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in sock_setsockopt()
|
| D | ethtool.c | 1792 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in dev_ethtool()
|
| /linux-4.1.27/include/linux/ |
| D | capability.h | 216 extern bool ns_capable(struct user_namespace *ns, int cap);
240 static inline bool ns_capable(struct user_namespace *ns, int cap) in ns_capable() function
|
| /linux-4.1.27/security/yama/ |
| D | yama_lsm.c | 304 !ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE)) in yama_ptrace_access_check()
310 if (!ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE)) in yama_ptrace_access_check()
|
| /linux-4.1.27/net/ |
| D | sysctl_net.c | 49 if (ns_capable(net->user_ns, CAP_NET_ADMIN) || in net_ctl_permissions()
|
| /linux-4.1.27/security/ |
| D | commoncap.c | 157 if (ns_capable(child_cred->user_ns, CAP_SYS_PTRACE)) in cap_ptrace_access_check()
780 if (!is_subset && !ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE)) in cap_safe_nice()
833 if (!ns_capable(current_user_ns(), CAP_SETPCAP)) in cap_prctl_drop()
|
| /linux-4.1.27/security/keys/ |
| D | persistent.c | 149 !ns_capable(ns, CAP_SETUID)) in keyctl_get_persistent()
|
| /linux-4.1.27/net/ipv4/ |
| D | ip_options.c | 411 if (!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) { in ip_options_compile()
447 if ((!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) || opt->cipso) { in ip_options_compile()
460 if (!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) { in ip_options_compile()
|
| D | tcp_cong.c | 346 ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))) in tcp_set_congestion_control()
|
| D | ip_sockglue.c | 1127 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in do_ip_setsockopt()
1133 if (!!val && !ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW) && in do_ip_setsockopt()
1134 !ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) { in do_ip_setsockopt()
|
| D | ip_tunnel.c | 857 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ip_tunnel_ioctl()
913 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ip_tunnel_ioctl()
|
| D | af_inet.c | 314 !ns_capable(net->user_ns, CAP_NET_RAW)) in inet_create()
474 !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE)) in inet_bind()
|
| D | arp.c | 1097 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in arp_ioctl()
|
| D | devinet.c | 961 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in devinet_ioctl()
969 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in devinet_ioctl()
|
| D | fib_frontend.c | 549 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ip_rt_ioctl()
|
| D | tcp.c | 2240 return ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN) && in tcp_can_repair_sock()
|
| D | ipmr.c | 1297 !ns_capable(net->user_ns, CAP_NET_ADMIN)) in ip_mroute_setsockopt()
|
| /linux-4.1.27/net/ieee802154/ |
| D | socket.c | 902 if (!ns_capable(net->user_ns, CAP_NET_ADMIN) && in dgram_setsockopt()
903 !ns_capable(net->user_ns, CAP_NET_RAW)) { in dgram_setsockopt()
926 if (!ns_capable(net->user_ns, CAP_NET_ADMIN) && in dgram_setsockopt()
927 !ns_capable(net->user_ns, CAP_NET_RAW)) { in dgram_setsockopt()
|
| /linux-4.1.27/fs/proc/ |
| D | root.c | 116 if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN)) in proc_mount()
|
| D | base.c | 2497 if (!ns_capable(ns, CAP_SYS_ADMIN)) in proc_setgroups_open()
|
| /linux-4.1.27/net/ipv6/ |
| D | ipv6_sockglue.c | 368 if (valbool && !ns_capable(net->user_ns, CAP_NET_ADMIN) && in do_ipv6_setsockopt()
369 !ns_capable(net->user_ns, CAP_NET_RAW)) { in do_ipv6_setsockopt()
407 if (optname != IPV6_RTHDR && !ns_capable(net->user_ns, CAP_NET_RAW)) in do_ipv6_setsockopt()
786 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in do_ipv6_setsockopt()
|
| D | datagram.c | 790 if (!ns_capable(net->user_ns, CAP_NET_RAW)) { in ip6_datagram_send_ctl()
810 if (!ns_capable(net->user_ns, CAP_NET_RAW)) { in ip6_datagram_send_ctl()
835 if (!ns_capable(net->user_ns, CAP_NET_RAW)) { in ip6_datagram_send_ctl()
|
| D | af_inet6.c | 162 !ns_capable(net->user_ns, CAP_NET_RAW)) in inet6_create()
282 if (snum && snum < PROT_SOCK && !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE)) in inet6_bind()
|
| D | sit.c | 1187 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ipip6_tunnel_ioctl()
1235 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ipip6_tunnel_ioctl()
1266 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ipip6_tunnel_ioctl()
1293 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ipip6_tunnel_ioctl()
|
| D | anycast.c | 65 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ipv6_sock_ac_join()
|
| D | ip6_vti.c | 746 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vti6_ioctl()
778 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vti6_ioctl()
|
| D | ip6_flowlabel.c | 571 ns_capable(net->user_ns, CAP_NET_ADMIN)) { in ipv6_flowlabel_opt()
|
| D | ip6_gre.c | 1089 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ip6gre_tunnel_ioctl()
1138 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ip6gre_tunnel_ioctl()
|
| D | ip6_tunnel.c | 1428 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ip6_tnl_ioctl()
1464 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ip6_tnl_ioctl()
|
| D | ip6mr.c | 1676 if (sk != mrt->mroute6_sk && !ns_capable(net->user_ns, CAP_NET_ADMIN)) in ip6_mroute_setsockopt()
|
| D | addrconf.c | 2703 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in addrconf_add_ifaddr()
2722 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in addrconf_del_ifaddr()
|
| D | route.c | 2149 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ipv6_route_ioctl()
|
| /linux-4.1.27/net/ipv4/netfilter/ |
| D | arp_tables.c | 1549 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in compat_do_arpt_set_ctl()
1693 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in compat_do_arpt_get_ctl()
1714 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in do_arpt_set_ctl()
1738 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in do_arpt_get_ctl()
|
| D | ip_tables.c | 1861 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in compat_do_ipt_set_ctl()
1976 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in compat_do_ipt_get_ctl()
1998 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in do_ipt_set_ctl()
2023 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in do_ipt_get_ctl()
|
| /linux-4.1.27/net/ipv6/netfilter/ |
| D | ip6_tables.c | 1874 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in compat_do_ip6t_set_ctl()
1989 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in compat_do_ip6t_get_ctl()
2011 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in do_ip6t_set_ctl()
2036 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in do_ip6t_get_ctl()
|
| /linux-4.1.27/net/bridge/netfilter/ |
| D | ebtables.c | 1485 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in do_ebt_set_ctl()
1508 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in do_ebt_get_ctl()
2294 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in compat_do_ebt_set_ctl()
2318 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in compat_do_ebt_get_ctl()
|
| /linux-4.1.27/fs/ |
| D | namespace.c | 1573 return ns_capable(current->nsproxy->mnt_ns->user_ns, CAP_SYS_ADMIN); in may_mount()
3287 if (!ns_capable(mnt_ns->user_ns, CAP_SYS_ADMIN) || in mntns_install()
3288 !ns_capable(current_user_ns(), CAP_SYS_CHROOT) || in mntns_install()
3289 !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) in mntns_install()
|
| D | open.c | 482 if (!ns_capable(current_user_ns(), CAP_SYS_CHROOT)) in SYSCALL_DEFINE1()
|
| D | inode.c | 1909 if (ns_capable(ns, CAP_FOWNER) && kuid_has_mapping(ns, inode->i_uid)) in inode_owner_or_capable()
|
| /linux-4.1.27/drivers/net/ |
| D | tun.c | 423 !ns_capable(net->user_ns, CAP_NET_ADMIN); in tun_not_capable()
1611 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in tun_set_iff()
|
| /linux-4.1.27/net/llc/ |
| D | af_llc.c | 163 if (!ns_capable(net->user_ns, CAP_NET_RAW)) in llc_ui_create()
|
| /linux-4.1.27/net/netlink/ |
| D | af_netlink.c | 1381 ns_capable(user_ns, cap); in __netlink_ns_capable()
1436 ns_capable(sock_net(sock->sk)->user_ns, CAP_NET_ADMIN); in netlink_allowed()
|
| /linux-4.1.27/net/sctp/ |
| D | socket.c | 364 !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE)) in sctp_do_bind()
1154 !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE)) { in __sctp_connect()
1815 !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE)) { in sctp_sendmsg()
|
| /linux-4.1.27/net/netfilter/ipvs/ |
| D | ip_vs_ctl.c | 2316 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in do_ip_vs_set_ctl()
2624 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in do_ip_vs_get_ctl()
|
| /linux-4.1.27/net/netfilter/ipset/ |
| D | ip_set_core.c | 1847 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ip_set_sockfn_get()
|
| /linux-4.1.27/drivers/net/bonding/ |
| D | bond_main.c | 3368 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in bond_do_ioctl()
|
| /linux-4.1.27/net/packet/ |
| D | af_packet.c | 2834 if (!ns_capable(net->user_ns, CAP_NET_RAW)) in packet_create()
|
| /linux-4.1.27/net/key/ |
| D | af_key.c | 144 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in pfkey_create()
|
| /linux-4.1.27/kernel/sched/ |
| D | core.c | 4050 if (!ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE)) { in sched_setaffinity()
|