Home
last modified time | relevance | path

Searched refs:CAP_MAC_ADMIN (Results 1 – 8 of 8) sorted by relevance

/linux-4.4.14/security/apparmor/
Dlsm.c752 if (!capable(CAP_MAC_ADMIN)) in param_set_aalockpolicy()
761 if (!capable(CAP_MAC_ADMIN)) in param_get_aalockpolicy()
768 if (!capable(CAP_MAC_ADMIN)) in param_set_aabool()
775 if (!capable(CAP_MAC_ADMIN)) in param_get_aabool()
782 if (!capable(CAP_MAC_ADMIN)) in param_set_aauint()
789 if (!capable(CAP_MAC_ADMIN)) in param_get_aauint()
796 if (!capable(CAP_MAC_ADMIN)) in param_get_audit()
808 if (!capable(CAP_MAC_ADMIN)) in param_set_audit()
829 if (!capable(CAP_MAC_ADMIN)) in param_get_mode()
841 if (!capable(CAP_MAC_ADMIN)) in param_set_mode()
Dpolicy.c933 if (!capable(CAP_MAC_ADMIN)) { in aa_may_manage_policy()
/linux-4.4.14/security/smack/
Dsmackfs.c693 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_load()
879 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_set_cipso()
1183 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_net4addr()
1450 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_net6addr()
1628 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_doi()
1695 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_direct()
1773 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_mapped()
1865 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_ambient()
2041 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_onlycap()
2133 if (!smack_privileged(CAP_MAC_ADMIN)) in smk_write_unconfined()
[all …]
Dsmack_lsm.c812 if (!smack_privileged(CAP_MAC_ADMIN)) { in smack_set_mnt_opts()
1315 if (check_priv && !smack_privileged(CAP_MAC_ADMIN)) in smack_inode_setxattr()
1424 if (!smack_privileged(CAP_MAC_ADMIN)) in smack_inode_removexattr()
3603 if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel)) in smack_setprocattr()
3622 if (!smack_privileged(CAP_MAC_ADMIN)) { in smack_setprocattr()
/linux-4.4.14/include/uapi/linux/
Dcapability.h336 #define CAP_MAC_ADMIN 33 macro
/linux-4.4.14/Documentation/security/
DSmack.txt67 name space. A process must have CAP_MAC_ADMIN to change any of these
107 reading /proc/self/attr/current. A process with CAP_MAC_ADMIN
233 This contains labels processes must have for CAP_MAC_ADMIN
253 a process with CAP_MAC_ADMIN can write a label into this interface.
262 if it has CAP_MAC_ADMIN. This interface allows a process without
263 CAP_MAC_ADMIN to relabel itself to one of labels from predefined list.
264 A process without CAP_MAC_ADMIN can change its label only once. When it
537 A process with CAP_MAC_OVERRIDE or CAP_MAC_ADMIN is privileged.
539 be denied otherwise. CAP_MAC_ADMIN allows a process to change
/linux-4.4.14/Documentation/cgroups/
Ddevices.txt44 CAP_MAC_ADMIN, since we really are trying to lock down root.
/linux-4.4.14/security/selinux/
Dhooks.c3009 if (!capable(CAP_MAC_ADMIN)) { in selinux_inode_setxattr()
3132 error = cap_capable(current_cred(), &init_user_ns, CAP_MAC_ADMIN, in selinux_inode_getsecurity()
3135 error = cred_has_capability(current_cred(), CAP_MAC_ADMIN, in selinux_inode_getsecurity()
5650 if (!capable(CAP_MAC_ADMIN)) { in selinux_setprocattr()