Home
last modified time | relevance | path

Searched refs:security (Results 1 – 200 of 246) sorted by relevance

12

/linux-4.1.27/Documentation/
DSecurityBugs1 Linux kernel developers take security very seriously. As such, we'd
2 like to know when a security bug is found so that it can be fixed and
3 disclosed as quickly as possible. Please report security bugs to the
4 Linux kernel security team.
8 The Linux kernel security team can be contacted by email at
9 <security@kernel.org>. This is a private list of security officers
11 It is possible that the security team will bring in extra help from
12 area maintainers to understand and fix the security vulnerability.
22 The goal of the Linux kernel security team is to work with the
28 A disclosure date is negotiated by the security team working with the
[all …]
DSAK.txt4 An operating system's Secure Attention Key is a security tool which is
39 systems which implement C2 level security. This author does not
Dhw_random.txt29 a security-conscious person would run fitness tests on the
59 access to our RNG for use as a security feature. At this time,
Dstable_kernel_rules.txt13 security issue, or some "oh, that's not good" issue. In short, something
116 security kernel team, and not go through the normal review cycle.
117 Contact the kernel security team for more details on this procedure.
Dstable_api_nonsense.txt133 security issue is found, it is fixed in a very short amount of time. A
135 reworked to prevent the security problem from occurring. When this
137 same time, ensuring that the security problem was fixed and could not
139 were not allowed to change, fixing this kind of security problem and
Dbinfmt_misc.txt63 the credentials and security token of the new process according to
121 cause unexpected behaviour and can be a security hazard.
Dunshare.txt61 2.1 Per-security context namespaces
65 such as per-user and/or per-security context instance of /tmp, /var/tmp or
66 per-security context instance of a user's home directory, isolate user
Dmodule-signing.txt24 allows increased kernel security by disallowing the loading of unsigned modules
25 or modules signed with an invalid key. Module signing increases security by
D00-INDEX59 - procedure for reporting security bugs found in the kernel.
325 - Kernel module signing for increased security when loading modules.
404 security/
405 - directory that contains security-related info
Dxz.txt103 matter in practice all, since they don't cause security issues. But
DHOWTO131 If you feel you have found a security problem in the Linux kernel,
268 relatively small and critical fixes for security problems or significant
281 security-related problem, instead, can cause a release to happen almost
Dkernel-parameters.txt109 SECURITY Different security models are enabled.
597 See security/selinux/Kconfig help text.
1105 See security/selinux/Kconfig help text.
1121 Permit 'security.evm' to be updated regardless of
2226 'sec=sys' security flavour. In effect it is
3338 security= [SECURITY] Choose a security module to enable at boot.
3340 security module asking for security registration will be
3341 loaded. An invalid security module name will be treated
3346 See security/selinux/Kconfig help text.
3355 See security/apparmor/Kconfig help text
Dintel_txt.txt21 For more information, see http://www.intel.com/technology/security/.
/linux-4.1.27/net/rxrpc/
Dar-security.c147 conn->security = sec; in rxrpc_init_client_conn_security()
149 ret = conn->security->init_connection_security(conn); in rxrpc_init_client_conn_security()
151 rxrpc_security_put(conn->security); in rxrpc_init_client_conn_security()
152 conn->security = NULL; in rxrpc_init_client_conn_security()
217 conn->security = sec; in rxrpc_init_server_conn_security()
231 if (call->conn->security) in rxrpc_secure_packet()
232 return call->conn->security->secure_packet( in rxrpc_secure_packet()
243 if (call->conn->security) in rxrpc_verify_packet()
244 return call->conn->security->verify_packet( in rxrpc_verify_packet()
256 if (conn->security) { in rxrpc_clear_conn_security()
[all …]
Dar-connevent.c174 if (conn->security) in rxrpc_process_event()
175 return conn->security->respond_to_challenge( in rxrpc_process_event()
180 if (!conn->security) in rxrpc_process_event()
183 ret = conn->security->verify_response(conn, skb, _abort_code); in rxrpc_process_event()
187 ret = conn->security->init_connection_security(conn); in rxrpc_process_event()
191 conn->security->prime_packet_security(conn); in rxrpc_process_event()
238 ASSERT(conn->security != NULL); in rxrpc_secure_connection()
240 if (conn->security->issue_challenge(conn) < 0) { in rxrpc_secure_connection()
DKconfig33 tristate "RxRPC Kerberos security"
41 Provide kerberos 4 and AFS kaserver security handling for AF_RXRPC
DMakefile19 ar-security.o \
Dar-connection.c568 if (candidate->security) in rxrpc_connect_call()
569 candidate->security->prime_packet_security(candidate); in rxrpc_connect_call()
Dar-internal.h252 struct rxrpc_security *security; /* applied security module */ member
Dar-output.c642 if (conn->security) { in rxrpc_send_data()
Dar-input.c202 if (call->conn->security) in rxrpc_fast_process_data()
/linux-4.1.27/security/integrity/evm/
DKconfig9 EVM protects a file's security extended attributes against
35 In addition to the original security xattrs (eg. security.selinux,
36 security.SMACK64, security.capability, and security.ima) included
38 Smack xattrs: security.SMACK64EXEC, security.SMACK64TRANSMUTE and
39 security.SMACK64MMAP.
/linux-4.1.27/security/
DKconfig7 source security/keys/Kconfig
22 bool "Enable different security models"
26 This allows you to choose different security modules to be
29 If this option is not selected, the default Linux security
47 This enables the socket and networking security hooks.
48 If enabled, a security module can use these hooks to
56 This enables the XFRM (IPSec) networking security hooks.
57 If enabled, a security module can use these hooks to
69 This enables the security hooks for pathname based access control.
70 If enabled, a security module can use these hooks to
[all …]
Dsecurity.c1326 int security_tun_dev_alloc_security(void **security) in security_tun_dev_alloc_security() argument
1328 return security_ops->tun_dev_alloc_security(security); in security_tun_dev_alloc_security()
1332 void security_tun_dev_free_security(void *security) in security_tun_dev_free_security() argument
1334 security_ops->tun_dev_free_security(security); in security_tun_dev_free_security()
1344 int security_tun_dev_attach_queue(void *security) in security_tun_dev_attach_queue() argument
1346 return security_ops->tun_dev_attach_queue(security); in security_tun_dev_attach_queue()
1350 int security_tun_dev_attach(struct sock *sk, void *security) in security_tun_dev_attach() argument
1352 return security_ops->tun_dev_attach(sk, security); in security_tun_dev_attach()
1356 int security_tun_dev_open(void *security) in security_tun_dev_open() argument
1358 return security_ops->tun_dev_open(security); in security_tun_dev_open()
DMakefile17 obj-$(CONFIG_SECURITY) += security.o capability.o
Dcapability.c751 static int cap_tun_dev_alloc_security(void **security) in cap_tun_dev_alloc_security() argument
756 static void cap_tun_dev_free_security(void *security) in cap_tun_dev_free_security() argument
765 static int cap_tun_dev_attach_queue(void *security) in cap_tun_dev_attach_queue() argument
770 static int cap_tun_dev_attach(struct sock *sk, void *security) in cap_tun_dev_attach() argument
775 static int cap_tun_dev_open(void *security) in cap_tun_dev_open() argument
/linux-4.1.27/Documentation/netlabel/
Dintroduction.txt9 NetLabel is a mechanism which can be used by kernel security modules to attach
10 security attributes to outgoing network packets generated from user space
11 applications and read security attributes from incoming network packets. It
13 layer, and the kernel security module API.
18 network packet's security attributes. If any translation between the network
19 security attributes and those on the host are required then the protocol
22 the NetLabel kernel security module API described below.
38 The purpose of the NetLabel security module API is to provide a protocol
40 to protocol independence, the security module API is designed to be completely
44 Detailed information about the NetLabel security module API can be found in the
Dlsm_interface.txt9 NetLabel is a mechanism which can set and retrieve security attributes from
12 The NetLabel security module API is defined in 'include/net/netlabel.h' but a
18 it uses the concept of security attributes to refer to the packet's security
19 labels. The NetLabel security attributes are defined by the
21 NetLabel subsystem converts the security attributes to and from the correct
24 security attributes into whatever security identifiers are in use for their
38 label and the internal LSM security identifier can be time consuming. The
41 LSM has received a packet, used NetLabel to decode its security attributes,
42 and translated the security attributes into a LSM internal identifier the LSM
Dcipso_ipv4.txt22 label by using the NetLabel security module API; if the NetLabel "domain" is
31 NetLabel security module API to extract the security attributes of the packet.
37 The CIPSO/IPv4 protocol engine contains a mechanism to translate CIPSO security
42 different security attribute mapping table.
46 The NetLabel system provides a framework for caching security attribute
Ddraft-ietf-cipso-ipsecurity-01.txt35 Currently the Internet Protocol includes two security options. One of
37 IP datagrams to be labeled with security classifications. This option
38 provides sixteen security classifications and a variable number of handling
39 restrictions. To handle additional security information, such as security
40 categories or compartments, another security option (Type 133) exists and
46 mandatory access controls and multi-level security. These systems are
52 applications of a commercial security option. The BSO and ESO were
54 to support multiple security policies. This Internet Draft provides the
56 security policy. Support for additional security policies shall be
76 This option permits security related information to be passed between
[all …]
D00-INDEX10 - documentation on the NetLabel kernel security module API.
/linux-4.1.27/security/selinux/
Dxfrm.c73 return selinux_authorizable_ctx(x->security); in selinux_authorizable_xfrm()
184 if (!xp->security) in selinux_xfrm_state_pol_flow_match()
185 if (x->security) in selinux_xfrm_state_pol_flow_match()
192 if (!x->security) in selinux_xfrm_state_pol_flow_match()
200 state_sid = x->security->ctx_sid; in selinux_xfrm_state_pol_flow_match()
224 return x->security->ctx_sid; in selinux_xfrm_skb_sid_egress()
239 struct xfrm_sec_ctx *ctx = x->security; in selinux_xfrm_skb_sid_ingress()
337 return selinux_xfrm_alloc_user(&x->security, uctx, GFP_KERNEL); in selinux_xfrm_state_alloc()
374 x->security = ctx; in selinux_xfrm_state_alloc_acquire()
386 selinux_xfrm_free(x->security); in selinux_xfrm_state_free()
[all …]
Dhooks.c185 cred->security = tsec; in cred_init_security()
195 tsec = cred->security; in cred_sid()
370 const struct task_security_struct *tsec = cred->security; in may_context_mount_sb_relabel()
387 const struct task_security_struct *tsec = cred->security; in may_context_mount_inode_relabel()
1512 __tsec1 = __task_cred(tsk1)->security; sid1 = __tsec1->sid; in task_has_perm()
1513 __tsec2 = __task_cred(tsk2)->security; sid2 = __tsec2->sid; in task_has_perm()
2207 new_tsec = bprm->cred->security; in selinux_bprm_set_creds()
2285 sec = __task_cred(tracer)->security; in selinux_bprm_set_creds()
2390 new_tsec = bprm->cred->security; in selinux_bprm_committing_creds()
2735 tsec = cred->security; in selinux_dentry_init_security()
[all …]
/linux-4.1.27/Documentation/security/
Dapparmor.txt3 AppArmor is MAC style security extension for the Linux kernel. It implements
13 If AppArmor should be selected as the default security module then
19 If AppArmor is not the default security module it can be enabled by passing
20 security=apparmor on the kernel's command line.
22 If AppArmor is the default security module it can be disabled by passing
23 apparmor=0, security=XXXX (where XXX is valid security module), on the
DLSM.txt5 various security checks to be hooked by new kernel extensions. The name
9 "security=..." kernel command line argument, in the case where multiple
13 (MAC) extensions which provide a comprehensive security policy. Examples
28 use it) has been appropriately documented in Documentation/security/.
34 see include/linux/security.h.
Dtomoyo.txt13 Build the kernel with CONFIG_SECURITY_TOMOYO=y and pass "security=tomoyo" on
30 TOMOYO Linux: pragmatic and manageable security for Linux
38 The role of "pathname based access control" in security.
47 We believe that inode based security and name based security are complementary
D00-INDEX6 - how to get started with the SELinux security enhancement.
12 - documentation on the AppArmor security extension.
Dcredentials.txt32 There are several parts to the security check performed by Linux when one
67 The objective context is used as part of the security calculation that is
87 is used as part of the security calculation that is carried out when a
104 (7) Rules, access control lists and security calculations.
106 When a subject acts upon an object, a security calculation is made. This
202 These are only carried by tasks. They carry and cache security tokens
206 programs having to know about security details involved.
219 For more information on using keys, see Documentation/security/keys.txt.
252 objective security context of that file. Depending on the type of filesystem,
261 (*) LSM security label;
[all …]
DYama.txt2 security protections that are not handled by the core kernel itself. To
3 select it at boot time, specify "security=yama" (though this will disable
DSmack.txt62 objects. The attributes are stored in the extended attribute security
267 Control (MAC) was very closely associated with the Bell & LaPadula security
313 These definitions are consistent with the traditional use in the security
317 violate an aspect of the system security policy, as identified by
322 Privilege: A task that is allowed to violate the system security
497 named SMACK64 on the file. This attribute is in the security namespace. It can
623 any security decisions themselves. The utility ls(1) is one example of such a
639 len = getxattr("/", "security.SMACK64", value, sizeof (value));
645 rc = setxattr("/foo", "security.SMACK64", "Rubble", len, 0);
658 rc = fsetxattr(fd, "security.SMACK64IPOUT", "Rubble", len, 0);
[all …]
Dkeys-trusted-encrypted.txt7 of a Trusted Platform Module (TPM) chip for greater security, while Encrypted
160 'Documentation/security/keys-ecryptfs.txt'.
Dkeys-request-key.txt6 Documentation/security/keys.txt). This document explains more fully how
106 UID, GID, groups and security info of process A as if it was process A,
Dkeys.txt256 The security class "key" has been added to SELinux so that mandatory access
265 security context, then the key will be assigned that context. Otherwise, the
269 key security class.
301 security checks are still performed, and may further filter out keys that
451 See also Documentation/security/keys-request-key.txt.
757 requester's keyrings using the requester's security label, UID, GID and
769 (*) Get the LSM security context attached to a key.
774 This function returns a string that represents the LSM security context
901 See also Documentation/security/keys-request-key.txt.
/linux-4.1.27/security/tomoyo/
Dtomoyo.c20 new->security = NULL; in tomoyo_cred_alloc_blank()
36 struct tomoyo_domain_info *domain = old->security; in tomoyo_cred_prepare()
37 new->security = domain; in tomoyo_cred_prepare()
61 struct tomoyo_domain_info *domain = cred->security; in tomoyo_cred_free()
102 bprm->cred->security)->users); in tomoyo_bprm_set_creds()
107 bprm->cred->security = NULL; in tomoyo_bprm_set_creds()
120 struct tomoyo_domain_info *domain = bprm->cred->security; in tomoyo_bprm_check_security()
555 cred->security = &tomoyo_kernel_domain; in tomoyo_init()
Dsecurityfs_if.c78 cred->security; in tomoyo_write_self()
79 cred->security = new_domain; in tomoyo_write_self()
244 if (current_cred()->security != &tomoyo_kernel_domain) in tomoyo_initerface_init()
DKconfig38 You can read the log via /sys/kernel/security/tomoyo/audit.
Dcommon.h1205 return current_cred()->security; in tomoyo_domain()
1218 return task_cred_xxx(task, security); in tomoyo_real_domain()
Ddomain.c843 bprm->cred->security = domain; in tomoyo_find_next_domain()
/linux-4.1.27/Documentation/ABI/testing/
Devm1 What: security/evm
5 EVM protects a file's security extended attributes(xattrs)
8 value as the extended attribute 'security.evm'.
15 can not create or validate the 'security.evm' xattr, but
Dsysfs-driver-sunxi-sid13 0x020 64 bit security-jtag-key (sun7i)
Dsysfs-class-uwb_rc-wusbhc23 Since this relates to security (specifically, the
Dima_policy1 What: security/ima/policy
/linux-4.1.27/Documentation/filesystems/caching/
Dcachefiles.txt23 (*) A note on security.
314 CacheFiles is implemented to deal properly with the LSM security features of
319 security context that is not appropriate for accessing the cache - either
324 The way CacheFiles works is to temporarily change the security context (fsuid,
325 fsgid and actor security label) that the process acts as - without changing the
326 security context of the process when it the target of an operation performed by
332 (1) Finds the security label attached to the root cache directory and uses
333 that as the security label with which it will create files. By default,
338 (2) Finds the security label of the process which issued the bind request
343 and asks LSM to supply a security ID as which it should act given the
[all …]
/linux-4.1.27/fs/9p/
DKconfig41 implemented by security modules like SELinux. This option
42 enables an extended attribute handler for file security
45 If you are not using a security module that requires using
46 extended attributes for file security labels, say N.
/linux-4.1.27/drivers/char/tpm/
DKconfig10 If you have a TPM security chip in your system, which
31 If you have a TPM security chip that is compliant with the
41 If you have an Atmel I2C TPM security chip say Yes and it will be
50 If you have a TPM security chip that is compliant with the
61 If you have a TPM security chip with an I2C interface from
71 If you have a TPM security chip from National Semiconductor
80 If you have a TPM security chip from Atmel say Yes and it
88 If you have a TPM security chip from Infineon Technologies
120 If you have a TPM security chip that is compliant with the
/linux-4.1.27/fs/ext2/
DKconfig39 implemented by security modules like SELinux. This option
40 enables an extended attribute handler for file security
43 If you are not using a security module that requires using
44 extended attributes for file security labels, say N.
/linux-4.1.27/fs/jfs/
DKconfig29 implemented by security modules like SELinux. This option
30 enables an extended attribute handler for file security
33 If you are not using a security module that requires using
34 extended attributes for file security labels, say N.
/linux-4.1.27/kernel/
Dcred.c269 new->security = NULL; in prepare_creds()
623 new->security = NULL; in prepare_kernel_cred()
704 if (selinux_is_enabled() && cred->security) { in creds_are_invalid()
705 if ((unsigned long) cred->security < PAGE_SIZE) in creds_are_invalid()
707 if ((*(u32 *)cred->security & 0xffffff00) == in creds_are_invalid()
743 printk(KERN_ERR "CRED: ->security is %p\n", cred->security); in dump_invalid_creds()
744 if ((unsigned long) cred->security >= PAGE_SIZE && in dump_invalid_creds()
745 (((unsigned long) cred->security & 0xffffff00) != in dump_invalid_creds()
748 ((u32*)cred->security)[0], in dump_invalid_creds()
749 ((u32*)cred->security)[1]); in dump_invalid_creds()
/linux-4.1.27/security/smack/
Dsmack_lsm.c216 struct task_smack *tsp = cred->security; in smk_bu_credfile()
390 tsp = __task_cred(tracer)->security; in smk_ptrace_rule_check()
718 struct task_smack *bsp = bprm->cred->security; in smack_bprm_set_creds()
765 struct task_smack *bsp = bprm->cred->security; in smack_bprm_committing_creds()
1638 struct smack_known *tkp = smk_of_task(tsk->cred->security); in smack_file_send_sigiotask()
1703 struct task_smack *tsp = cred->security; in smack_file_open()
1740 cred->security = tsp; in smack_cred_alloc_blank()
1753 struct task_smack *tsp = cred->security; in smack_cred_free()
1760 cred->security = NULL; in smack_cred_free()
1781 struct task_smack *old_tsp = old->security; in smack_cred_prepare()
[all …]
DKconfig12 of other mandatory security schemes.
40 This enables security marking of network packets using
Dsmack.h315 skp = smk_of_task(__task_cred(t)->security); in smk_of_task_struct()
/linux-4.1.27/security/yama/
DKconfig7 system-wide security settings beyond regular Linux discretionary
9 Further information can be found in Documentation/security/Yama.txt.
/linux-4.1.27/fs/ext3/
DKconfig40 power failure, which can be a security issue. However,
84 implemented by security modules like SELinux. This option
85 enables an extended attribute handler for file security
88 If you are not using a security module that requires using
89 extended attributes for file security labels, say N.
/linux-4.1.27/drivers/net/ethernet/toshiba/
Dps3_gelic_wireless.h89 u16 security; member
120 u16 security; member
164 __be16 security; member
Dps3_gelic_wireless.c414 pr_debug("%s: <- sec=%16x\n", __func__, scan->security); in gelic_wl_synthesize_ie()
415 switch (be16_to_cpu(scan->security) & GELIC_EURUS_SCAN_SEC_MASK) { in gelic_wl_synthesize_ie()
427 switch (be16_to_cpu(scan->security) & GELIC_EURUS_SCAN_SEC_WPA_MASK) { in gelic_wl_synthesize_ie()
1674 u16 security; in gelic_wl_find_best_bss() local
1705 security = be16_to_cpu(scan_info->hwinfo->security) & in gelic_wl_find_best_bss()
1708 if (security == GELIC_EURUS_SCAN_SEC_WPA2) in gelic_wl_find_best_bss()
1714 if (security == GELIC_EURUS_SCAN_SEC_WPA) in gelic_wl_find_best_bss()
1721 if (security == GELIC_EURUS_SCAN_SEC_WEP) in gelic_wl_find_best_bss()
1800 wep->security = cpu_to_be16(GELIC_EURUS_WEP_SEC_104BIT); in gelic_wl_do_wep_setup()
1803 wep->security = cpu_to_be16(GELIC_EURUS_WEP_SEC_40BIT); in gelic_wl_do_wep_setup()
[all …]
/linux-4.1.27/fs/ext4/
DKconfig60 implemented by security modules like SELinux. This option
61 enables an extended attribute handler for file security
64 If you are not using a security module that requires using
65 extended attributes for file security labels, say N.
/linux-4.1.27/drivers/char/tpm/st33zp24/
DKconfig17 This module adds support for the STMicroelectronics TPM security chip
27 This module adds support for the STMicroelectronics TPM security chip
/linux-4.1.27/Documentation/DocBook/
D.kernel-api.xml.cmd2 …lug_core.c drivers/firmware/dmi_scan.c drivers/firmware/edd.c security/security.c security/inode.c…
/linux-4.1.27/fs/reiserfs/
DKconfig83 implemented by security modules like SELinux. This option
84 enables an extended attribute handler for file security
87 If you are not using a security module that requires using
88 extended attributes for file security labels, say N.
Dnamei.c634 struct reiserfs_security_handle security; in reiserfs_create() local
644 retval = reiserfs_security_init(dir, inode, &dentry->d_name, &security); in reiserfs_create()
660 inode, &security); in reiserfs_create()
700 struct reiserfs_security_handle security; in reiserfs_mknod() local
721 retval = reiserfs_security_init(dir, inode, &dentry->d_name, &security); in reiserfs_mknod()
737 inode, &security); in reiserfs_mknod()
780 struct reiserfs_security_handle security; in reiserfs_mkdir() local
806 retval = reiserfs_security_init(dir, inode, &dentry->d_name, &security); in reiserfs_mkdir()
829 dentry, inode, &security); in reiserfs_mkdir()
1087 struct reiserfs_security_handle security; in reiserfs_symlink() local
[all …]
Dinode.c1932 struct reiserfs_security_handle *security) in reiserfs_new_inode() argument
2121 if (security->name) { in reiserfs_new_inode()
2123 retval = reiserfs_security_write(th, inode, security); in reiserfs_new_inode()
/linux-4.1.27/Documentation/ja_JP/
Dstable_kernel_rules.txt63 きではなく、代わりに security@kernel.org のアドレスに送られる。
78 この手続きの詳細については kernel security チームに問い合わせること。
/linux-4.1.27/scripts/selinux/
DREADME1 Please see Documentation/security/SELinux.txt for information on
/linux-4.1.27/security/integrity/
DKconfig59 source security/integrity/ima/Kconfig
60 source security/integrity/evm/Kconfig
/linux-4.1.27/include/linux/
Dsecurity.h1713 int (*tun_dev_alloc_security) (void **security);
1714 void (*tun_dev_free_security) (void *security);
1716 int (*tun_dev_attach_queue) (void *security);
1717 int (*tun_dev_attach) (struct sock *sk, void *security);
1718 int (*tun_dev_open) (void *security);
2729 int security_tun_dev_alloc_security(void **security);
2730 void security_tun_dev_free_security(void *security);
2732 int security_tun_dev_attach_queue(void *security);
2733 int security_tun_dev_attach(struct sock *sk, void *security);
2734 int security_tun_dev_open(void *security);
[all …]
Dipc.h23 void *security; member
Dmsg.h13 void *security; member
Dcred.h149 void *security; /* subjective LSM security */ member
366 #define current_security() (current_cred_xxx(security))
Dkey.h141 void *security; /* security data for this key */ member
/linux-4.1.27/fs/cachefiles/
DMakefile13 security.o \
/linux-4.1.27/arch/um/
DKconfig.rest15 source "security/Kconfig"
DKconfig.net149 networking, and notes about the security of this approach.
/linux-4.1.27/net/xfrm/
DKconfig37 A feature to update locator(s) of a given IPsec security
77 locator(s) of a given IPsec security association.
Dxfrm_policy.c313 security_xfrm_policy_free(policy->security); in xfrm_policy_destroy()
763 xfrm_sec_ctx_match(pol->security, policy->security) && in xfrm_policy_insert()
829 xfrm_sec_ctx_match(ctx, pol->security)) { in xfrm_policy_bysel_ctx()
833 pol->security); in xfrm_policy_bysel_ctx()
872 pol->security); in xfrm_policy_byid()
905 err = security_xfrm_policy_delete(pol->security); in xfrm_policy_flush_secctx_check()
918 pol->security); in xfrm_policy_flush_secctx_check()
1082 ret = security_xfrm_policy_lookup(pol->security, fl->flowi_secid, in xfrm_policy_match()
1229 err = security_xfrm_policy_lookup(pol->security, in xfrm_sk_policy_lookup()
1342 if (security_xfrm_policy_clone(old->security, in clone_policy()
[all …]
Dxfrm_user.c836 if (x->security) in copy_to_user_state_extra()
837 ret = copy_sec_ctx(x->security, skb); in copy_to_user_state_extra()
1319 return security_xfrm_policy_alloc(&pol->security, uctx, GFP_KERNEL); in copy_from_user_sec_ctx()
1508 security_xfrm_policy_free(xp->security); in xfrm_add_policy()
1554 if (x->security) { in copy_to_user_state_sec_ctx()
1555 return copy_sec_ctx(x->security, skb); in copy_to_user_state_sec_ctx()
1562 if (xp->security) in copy_to_user_sec_ctx()
1563 return copy_sec_ctx(xp->security, skb); in copy_to_user_sec_ctx()
2586 if (x->security) in xfrm_sa_len()
2588 x->security->ctx_len); in xfrm_sa_len()
[all …]
/linux-4.1.27/fs/jffs2/
DKconfig96 implemented by security modules like SELinux. This option
97 enables an extended attribute handler for file security
100 If you are not using a security module that requires using
101 extended attributes for file security labels, say N.
DMakefile15 jffs2-$(CONFIG_JFFS2_FS_SECURITY) += security.o
/linux-4.1.27/drivers/usb/wusbcore/
DMakefile16 security.o \
/linux-4.1.27/fs/afs/
DMakefile22 security.o \
/linux-4.1.27/drivers/of/unittest-data/
Dtests-phandle.dtsi8 security-password = "password";
/linux-4.1.27/fs/nfsd/
DKconfig101 Say Y here if you want enable fine-grained security label attribute
102 support for NFS version 4. Security labels allow security modules like
106 If you do not wish to enable fine-grained security labels SELinux or
/linux-4.1.27/fs/cifs/
DKconfig27 useful performance and security features (see the description
60 bool "Support legacy servers which use weaker LANMAN security"
65 security mechanisms. These hash the password more securely
73 security mechanisms if you are on a public network. Unless you
187 In general SMB3 enables better performance, security
/linux-4.1.27/drivers/gpu/host1x/
DKconfig15 bool "Enable HOST1X security firewall"
/linux-4.1.27/Documentation/zh_CN/
DSecurityBugs30 linux内核安全团队可以通过email<security@kernel.org>来联系。这是
Dstable_kernel_rules.txt49 - 安全方面的补丁不要发到这个列表,应该发送到security@kernel.org。
/linux-4.1.27/fs/f2fs/
DKconfig62 security labels in the f2fs filesystem, so that it requires enabling
65 If you are not using a security module, say N.
/linux-4.1.27/Documentation/ABI/removed/
Draw13947 to implement sensible device security policies, and its low level
/linux-4.1.27/Documentation/networking/
Drxrpc.txt67 manage security on the client end. The server end must of necessity be
68 more active in security negotiations.
138 initiated by the first data packet on it arriving. If security is
140 replies with a "response". If the response is successful, the security is
142 upon it use that same security. In the event that the server lets a
143 connection lapse before the client, the security will be renegotiated if
191 the same key struct describing their security (and assuming the calls
273 secret keys corresponding to the security types it permits. When a secure
277 the packet and either aborts the connection or sets up the security.
418 This is used to specify the minimum security level required for calls on
[all …]
Dsecid.txt13 If this is an inbound flow, the label is derived from the IPSec security
Dipsec.txt32 security path. Such naked packet will not eventually make it to upper layer.
Dnetdev-FAQ.txt193 Q: I found a bug that might have possible security implications or similar.
198 that, then perhaps consider mailing "security@kernel.org" or reading about
199 http://oss-security.openwall.org/wiki/mailing-lists/distros
Ddns_resolver.txt146 See <file:Documentation/security/keys-request-key.txt> for further
Dieee802154.txt129 octets of actual MAC payload once security is turned on, on a wireless link
Dnetlink_mmap.txt203 allocated buffer due to unresolved security concerns.
Dfilter.txt826 may not be bounded by security considerations, since generated internal BPF code
1091 seccomp vs socket filters have different security restrictions for classic BPF.
1292 to give potential BPF hackers or security auditors a better overview of
/linux-4.1.27/Documentation/cgroups/
D00-INDEX12 - Device Whitelist Controller; description, interface and security.
/linux-4.1.27/Documentation/devicetree/bindings/clock/
Dprima2-clock.txt22 security 7
/linux-4.1.27/security/apparmor/include/
Dcontext.h24 #define cred_cxt(X) (X)->security
/linux-4.1.27/arch/score/
DKconfig99 source "security/Kconfig"
/linux-4.1.27/tools/scripts/
DMakefile.include24 EXTRA_WARNINGS += -Wformat-security
/linux-4.1.27/fs/coda/
DKconfig10 replication, security model for authentication and encryption,
/linux-4.1.27/security/apparmor/
DKconfig10 This enables the AppArmor security module.
/linux-4.1.27/drivers/misc/eeprom/
DKconfig100 tristate "Allwinner sunxi security ID support"
103 This is a driver for the 'security ID' available on various Allwinner
/linux-4.1.27/arch/arm/crypto/
DKconfig66 security against collision attacks.
69 of security against collision attacks.
/linux-4.1.27/security/integrity/ima/
DKconfig116 It requires the system to be labeled with a security extended
118 the security extended attributes from offline attack, enable
/linux-4.1.27/Documentation/devicetree/bindings/dma/
Dqcom_adm.txt18 - qcom,ee: indicates the security domain identifier used in the secure world.
/linux-4.1.27/fs/ncpfs/
DKconfig29 NCP allows packets to be signed for stronger security. If you want
30 security, say Y. Normal users can leave it off. To be able to use
/linux-4.1.27/drivers/clk/sirf/
Dclk-prima2.c62 rtc, osc, pll1, pll2, pll3, mem, sys, security, dsp, gps, enumerator
Dclk-atlas6.c63 rtc, osc, pll1, pll2, pll3, mem, sys, security, dsp, gps, enumerator
/linux-4.1.27/ipc/
Dmsgutil.c63 msg->security = NULL; in alloc_msg()
Dmsg.c133 msq->q_perm.security = NULL; in newque()
/linux-4.1.27/arch/s390/include/uapi/asm/
Dvtoc.h45 __u8 security; /* security byte */ member
/linux-4.1.27/drivers/net/wireless/rtlwifi/rtl8192cu/
Dmac.h113 u32 security:3; member
/linux-4.1.27/drivers/net/
Dtun.c205 void *security; member
552 err = security_tun_dev_attach(tfile->socket.sk, tun->security); in tun_attach()
1401 security_tun_dev_free_security(tun->security); in tun_free_netdev()
1589 err = security_tun_dev_open(tun->security); in tun_set_iff()
1655 err = security_tun_dev_alloc_security(&tun->security); in tun_set_iff()
1700 security_tun_dev_free_security(tun->security); in tun_set_iff()
1812 ret = security_tun_dev_attach_queue(tun->security); in tun_set_queue()
/linux-4.1.27/Documentation/sysctl/
Dfs.txt164 A long-standing class of security issues is the hardlink-based
184 A long-standing class of security issues is the symlink-based
210 owned by the current user and no security is applied. This is
/linux-4.1.27/fs/
DKconfig156 security.* namespaces.
233 RPCSEC security modules.
/linux-4.1.27/Documentation/usb/
Dauthorization.txt65 security verification you can make (or the best, for someone willing
/linux-4.1.27/Documentation/filesystems/
Dcramfs.txt25 mkcramfs simply truncates to 8 bits, which is a potential security
Dafs.txt45 CONFIG_RXKAD - The RxRPC Kerberos security handler
76 The second module is the kerberos RxRPC security driver, and the third module
D9p.txt114 afid security channel - used by Plan 9 authentication protocols
Dmandatory-locking.txt75 a setgid file is written to. This is a security measure. The kernel has been
Dlogfs.txt202 there may be a security concern if a malicious user has write access
/linux-4.1.27/arch/hexagon/
DKconfig168 source "security/Kconfig"
/linux-4.1.27/Documentation/misc-devices/
Dc2port.txt71 However, for security reasons, the in-system flash access in not
/linux-4.1.27/arch/m68k/
DKconfig166 source "security/Kconfig"
/linux-4.1.27/Documentation/devicetree/bindings/iommu/
Dsamsung,sysmmu.txt9 permissions, shareability and security protection. In addition, System MMU has
/linux-4.1.27/arch/openrisc/
DKconfig166 source "security/Kconfig"
/linux-4.1.27/arch/c6x/
DKconfig132 source "security/Kconfig"
/linux-4.1.27/Documentation/device-mapper/
Ddm-crypt.txt60 WARNING: Assess the specific security risks carefully before enabling this
/linux-4.1.27/drivers/staging/rtl8723au/hal/
Drtl8723au_recv.c165 pattrib->encrypt = (u8)prxreport->security; in update_recvframe_attrib()
/linux-4.1.27/
DREPORTING-BUGS56 If it is a security bug, please copy the Security Contact listed in the
166 The exceptions to this rule are regressions, kernel crashes, security holes,
DMakefile403 -Wno-format-security \
888 core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/
DMAINTAINERS63 7. When sending security related changes or reports to a maintainer
64 please Cc: security@kernel.org, especially if the maintainer
2426 L: linux-security-module@vger.kernel.org
2430 F: security/commoncap.c
3916 L: linux-security-module@vger.kernel.org
3918 F: security/integrity/evm/
5044 L: linux-security-module@vger.kernel.org
5046 F: security/integrity/ima/
5731 F: Documentation/security/keys.txt
5735 F: security/keys/
[all …]
/linux-4.1.27/Documentation/filesystems/nfs/
Didmapper.txt58 See <file:Documentation/security/keys-request-key.txt> for more information
/linux-4.1.27/arch/unicore32/
DKconfig249 source "security/Kconfig"
/linux-4.1.27/drivers/scsi/bfa/
Dbfa_fc.h295 security:1, member
315 security:1, member
/linux-4.1.27/net/ipv6/netfilter/
DKconfig271 # security table for MAC policy
277 This option adds a `security' table to iptables, for use
/linux-4.1.27/arch/arm/boot/dts/
Datlas6.dtsi794 security@b00f0000 {
795 compatible = "sirf,prima2-security";
Dprima2.dtsi832 security@b00f0000 {
833 compatible = "sirf,prima2-security";
/linux-4.1.27/crypto/
DKconfig501 longer hash-results, without needing a larger security level
513 longer hash-results, without needing a larger security level
612 security against collision attacks.
615 of security against collision attacks.
651 security against collision attacks.
654 of security against collision attacks.
1271 many rounds for security. It is very fast and uses
/linux-4.1.27/Documentation/virtual/kvm/devices/
Darm-vgic.txt78 implementation without the security extensions" which we present to the
/linux-4.1.27/Documentation/filesystems/cifs/
DTODO47 k) implement support for security and trusted categories of xattrs
DREADME369 greater security.
545 mode also will be emulated using queries of the security
616 SecurityFlags Flags which control security negotiation and
631 enabling lanman authentication in the security flags
644 may use Kerberos security 0x00008
719 Enabling Kerberos (extended security) works but requires version 1.2 or later
723 require this helper. Note that NTLMv2 security (which does not require the
DCHANGES51 flag to be set to 2, and mount must enable krb5 to turn on extended security).
57 Improve support for multiple security contexts to the same server. We
63 established security contexts. fsync now sends SMB Flush operation
259 Allow override of global cifs security flags on mount via "sec=" option(s).
282 Fix NTLMv2 security (can be enabled in /proc/fs/cifs) so customers can
298 directio. Recognize share mode security and send NTLM encrypted password
755 NTLM security case. This should help Windows 2003
/linux-4.1.27/Documentation/ABI/
DREADME25 errors or security problems are found in them. Userspace
/linux-4.1.27/net/mac80211/
Dmesh.c671 sdata->u.mesh.security ? WLAN_CAPABILITY_PRIVACY : 0); in ieee80211_mesh_build_beacon()
1034 (elems.rsn && sdata->u.mesh.security == IEEE80211_MESH_SEC_NONE) || in ieee80211_mesh_rx_bcn_presp()
1035 (!elems.rsn && sdata->u.mesh.security != IEEE80211_MESH_SEC_NONE)) in ieee80211_mesh_rx_bcn_presp()
Dmesh_plink.c455 sdata->u.mesh.security & IEEE80211_MESH_SEC_AUTHED) in mesh_sta_info_alloc()
1018 sdata->u.mesh.security == IEEE80211_MESH_SEC_NONE) { in mesh_process_plink_frame()
Dcfg.c228 if (sdata->u.mesh.security != IEEE80211_MESH_SEC_NONE) in ieee80211_add_key()
1670 ifmsh->security = IEEE80211_MESH_SEC_NONE; in copy_mesh_setup()
1672 ifmsh->security |= IEEE80211_MESH_SEC_AUTHED; in copy_mesh_setup()
1674 ifmsh->security |= IEEE80211_MESH_SEC_SECURED; in copy_mesh_setup()
/linux-4.1.27/drivers/staging/rtl8723au/include/
Drtl8723a_hal.h415 u32 security:3; member
/linux-4.1.27/arch/nios2/
DKconfig211 source "security/Kconfig"
/linux-4.1.27/net/ipv4/netfilter/
DKconfig360 # security table for MAC policy
366 This option adds a `security' table to iptables, for use
/linux-4.1.27/Documentation/powerpc/
Dhvcs.txt268 As a security feature to prevent the delivery of stale data to an
414 Q: What are the security concerns involving hvcs?
416 A: There are three main security concerns:
423 2. To provide network security when grabbing the console it is
/linux-4.1.27/arch/avr32/
DKconfig282 source "security/Kconfig"
/linux-4.1.27/Documentation/development-process/
D3.Early-stage26 To the audio developers, this security module was sufficient to solve their
111 - The AppArmor security module made use of internal virtual filesystem
D7.AdvancedTopics168 security issues, duplication of code found elsewhere, adequate
/linux-4.1.27/Documentation/devicetree/bindings/crypto/
Dfsl-sec4.txt290 monitors security state information & reports
291 security violations.
/linux-4.1.27/net/
DKconfig89 This enables security marking of network packets, similar
90 to nfmark, but designated for security purposes.
/linux-4.1.27/drivers/net/wireless/ipw2x00/
Dipw2100.c5181 struct security_info_params *security = in ipw2100_set_security_information() local
5184 memset(security, 0, sizeof(*security)); in ipw2100_set_security_information()
5190 security->auth_mode = auth_mode; in ipw2100_set_security_information()
5191 security->unicast_using_group = unicast_using_group; in ipw2100_set_security_information()
5196 security->allowed_ciphers = IPW_NONE_CIPHER; in ipw2100_set_security_information()
5199 security->allowed_ciphers = IPW_WEP40_CIPHER | in ipw2100_set_security_information()
5203 security->allowed_ciphers = IPW_WEP40_CIPHER | in ipw2100_set_security_information()
5207 security->allowed_ciphers = IPW_WEP40_CIPHER | in ipw2100_set_security_information()
5211 security->allowed_ciphers = IPW_WEP40_CIPHER | in ipw2100_set_security_information()
5218 security->auth_mode, security->allowed_ciphers, security_level); in ipw2100_set_security_information()
[all …]
/linux-4.1.27/drivers/input/
DKconfig157 a security threat - your keypresses include your passwords, of
/linux-4.1.27/Documentation/aoe/
Daoe.txt48 untrusted networks should be ignored as a matter of security. See
/linux-4.1.27/drivers/gpu/drm/
DKconfig19 These modules provide support for synchronization, security, and
/linux-4.1.27/drivers/acpi/
DKconfig359 NOTE: This option is security sensitive, because it allows arbitrary
361 to bypass certain security measures (e.g. if root is not allowed to
/linux-4.1.27/net/netfilter/
DKconfig64 bool 'Connection tracking security mark support'
68 This option enables security markings to be applied to
661 The CONNSECMARK target copies security markings from packets
662 to connections, and restores security markings from connections
898 The SECMARK target allows security marking of network
899 packets, for use with security subsystems.
/linux-4.1.27/arch/metag/
DKconfig282 source "security/Kconfig"
/linux-4.1.27/arch/microblaze/
DKconfig293 source "security/Kconfig"
/linux-4.1.27/net/key/
Daf_key.c756 if ((xfrm_ctx = x->security)) { in __pfkey_xfrm_state2msg()
1958 struct xfrm_sec_ctx *xfrm_ctx = xp->security; in pfkey_xfrm_policy2sec_ctx_size()
2140 if ((xfrm_ctx = xp->security)) { in pfkey_xfrm_policy2msg()
2249 err = security_xfrm_policy_alloc(&xp->security, uctx, GFP_KERNEL); in pfkey_spdadd()
3104 if ((xfrm_ctx = x->security)) { in pfkey_send_acquire()
3259 *dir = security_xfrm_policy_alloc(&xp->security, uctx, GFP_ATOMIC); in pfkey_compile_policy()
/linux-4.1.27/arch/parisc/
DKconfig341 source "security/Kconfig"
/linux-4.1.27/Documentation/spi/
Dspidev55 security issues; udev/mdev should already be configured securely.
/linux-4.1.27/arch/x86/syscalls/
Dsyscall_64.tbl194 185 common security
/linux-4.1.27/drivers/net/wireless/rtlwifi/rtl8723be/
Dtrx.h550 u32 security:3; member
/linux-4.1.27/arch/frv/
DKconfig376 source "security/Kconfig"
/linux-4.1.27/drivers/net/wireless/mwifiex/
DREADME56 bssid and the security related parameters can be specified while joining/creating
/linux-4.1.27/arch/m32r/
DKconfig407 source "security/Kconfig"
/linux-4.1.27/drivers/net/wireless/rtlwifi/rtl8821ae/
Dtrx.h545 u32 security:3; member
/linux-4.1.27/Documentation/scsi/
DFlashPoint.txt49 enhance CPU utilization, optimize I/O performance, and ensure data security
/linux-4.1.27/arch/arc/
DKconfig428 source "security/Kconfig"
/linux-4.1.27/include/net/
Dxfrm.h227 struct xfrm_sec_ctx *security; member
547 struct xfrm_sec_ctx *security; member
/linux-4.1.27/Documentation/prctl/
Dseccomp_filter.txt200 emulation security checks, making resuming the syscall mostly
/linux-4.1.27/drivers/net/wireless/rtlwifi/rtl8192ce/
Dtrx.h660 u32 security:3; member
/linux-4.1.27/arch/mn10300/
DKconfig489 source "security/Kconfig"
/linux-4.1.27/drivers/net/wireless/rtlwifi/rtl8723ae/
Dtrx.h645 u32 security:3; member
/linux-4.1.27/drivers/net/wireless/rtlwifi/rtl8192de/
Dtrx.h677 u32 security:3; member
/linux-4.1.27/drivers/char/hw_random/
DKconfig277 found in the security function of some PowerPC 4xx SoCs.
/linux-4.1.27/drivers/net/wireless/rtlwifi/rtl8188ee/
Dtrx.h720 u32 security:3; member
/linux-4.1.27/arch/tile/
DKconfig467 source "security/Kconfig"
/linux-4.1.27/arch/cris/
DKconfig573 source "security/Kconfig"
/linux-4.1.27/drivers/net/wireless/rtlwifi/rtl8192ee/
Dtrx.h777 u32 security:3; member
/linux-4.1.27/Documentation/crypto/
Dasymmetric-keys.txt268 Documentation/security/keys.txt].
/linux-4.1.27/arch/xtensa/
DKconfig483 source "security/Kconfig"
/linux-4.1.27/Documentation/ia64/
Dfsys.txt38 security-sensitive kernel-level state is leaked back to

12