| /linux-4.4.14/net/bridge/ |
| D | br_ioctl.c | 93 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in add_del_if()
183 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
189 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
195 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
201 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
240 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
247 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
258 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
275 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
332 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in old_deviceless()
[all …]
|
| D | br_sysfs_br.c | 40 if (!ns_capable(dev_net(br->dev)->user_ns, CAP_NET_ADMIN)) in store_bridge_parm()
140 if (!ns_capable(dev_net(br->dev)->user_ns, CAP_NET_ADMIN)) in stp_state_store()
174 if (!ns_capable(dev_net(br->dev)->user_ns, CAP_NET_ADMIN)) in group_fwd_mask_store()
306 if (!ns_capable(dev_net(br->dev)->user_ns, CAP_NET_ADMIN)) in group_addr_store()
346 if (!ns_capable(dev_net(br->dev)->user_ns, CAP_NET_ADMIN)) in flush_store()
|
| D | br_sysfs_if.c | 245 if (!ns_capable(dev_net(p->dev)->user_ns, CAP_NET_ADMIN)) in brport_store()
|
| /linux-4.4.14/kernel/ |
| D | capability.c | 375 bool ns_capable(struct user_namespace *ns, int cap) in ns_capable() function
388 EXPORT_SYMBOL(ns_capable);
403 return ns_capable(&init_user_ns, cap); in capable()
446 return ns_capable(ns, cap) && kuid_has_mapping(ns, inode->i_uid) && in capable_wrt_inode_uidgid()
|
| D | utsname.c | 123 if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) || in utsns_install()
124 !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) in utsns_install()
|
| D | pid_namespace.c | 279 if (write && !ns_capable(pid_ns->user_ns, CAP_SYS_ADMIN)) in pid_ns_ctl_handler()
365 if (!ns_capable(new->user_ns, CAP_SYS_ADMIN) || in pidns_install()
366 !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) in pidns_install()
|
| D | sys.c | 142 if (ns_capable(pcred->user_ns, CAP_SYS_NICE)) in set_one_prio_perm()
354 ns_capable(old->user_ns, CAP_SETGID)) in SYSCALL_DEFINE2()
363 ns_capable(old->user_ns, CAP_SETGID)) in SYSCALL_DEFINE2()
404 if (ns_capable(old->user_ns, CAP_SETGID)) in SYSCALL_DEFINE1()
488 !ns_capable(old->user_ns, CAP_SETUID)) in SYSCALL_DEFINE2()
497 !ns_capable(old->user_ns, CAP_SETUID)) in SYSCALL_DEFINE2()
551 if (ns_capable(old->user_ns, CAP_SETUID)) { in SYSCALL_DEFINE1()
608 if (!ns_capable(old->user_ns, CAP_SETUID)) { in SYSCALL_DEFINE3()
692 if (!ns_capable(old->user_ns, CAP_SETGID)) { in SYSCALL_DEFINE3()
766 ns_capable(old->user_ns, CAP_SETUID)) { in SYSCALL_DEFINE1()
[all …]
|
| D | nsproxy.c | 136 if (!ns_capable(user_ns, CAP_SYS_ADMIN)) in copy_namespaces()
187 if (!ns_capable(user_ns, CAP_SYS_ADMIN)) in unshare_nsproxy_namespaces()
|
| D | reboot.c | 288 if (!ns_capable(pid_ns->user_ns, CAP_SYS_BOOT)) in SYSCALL_DEFINE4()
|
| D | groups.c | 218 return ns_capable(user_ns, CAP_SETGID) && in may_setgroups()
|
| D | user_namespace.c | 847 if (ns_capable(ns->parent, cap_setid) && in new_idmap_permitted()
987 if (!ns_capable(user_ns, CAP_SYS_ADMIN)) in userns_install()
|
| D | ptrace.c | 347 if (ns_capable(__task_cred(task)->user_ns, CAP_SYS_PTRACE)) in ptrace_attach()
|
| D | signal.c | 703 if (ns_capable(tcred->user_ns, CAP_KILL)) in kill_ok_by_cred()
|
| /linux-4.4.14/ipc/ |
| D | namespace.c | 158 if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) || in ipcns_install()
159 !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) in ipcns_install()
|
| D | util.c | 499 !ns_capable(ns->user_ns, CAP_IPC_OWNER)) in ipcperms()
708 ns_capable(ns->user_ns, CAP_SYS_ADMIN)) in ipcctl_pre_down_nolock()
|
| D | shm.c | 1027 if (!ns_capable(ns->user_ns, CAP_IPC_LOCK)) { in SYSCALL_DEFINE3()
|
| D | mqueue.c | 334 if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN)) in mqueue_mount()
|
| /linux-4.4.14/net/8021q/ |
| D | vlan.c | 539 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler()
549 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler()
558 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler()
567 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler()
583 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler()
590 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler()
|
| /linux-4.4.14/net/core/ |
| D | scm.c | 57 ns_capable(task_active_pid_ns(current)->user_ns, CAP_SYS_ADMIN)) && in scm_check_creds()
59 uid_eq(uid, cred->suid)) || ns_capable(cred->user_ns, CAP_SETUID)) && in scm_check_creds()
61 gid_eq(gid, cred->sgid)) || ns_capable(cred->user_ns, CAP_SETGID))) { in scm_check_creds()
|
| D | dev_ioctl.c | 477 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in dev_ioctl()
525 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in dev_ioctl()
|
| D | net_namespace.c | 990 if (!ns_capable(net->user_ns, CAP_SYS_ADMIN) || in netns_install()
991 !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) in netns_install()
|
| D | net-sysfs.c | 88 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in netdev_store()
362 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ifalias_store()
1387 return ns_capable(net->user_ns, CAP_SYS_ADMIN); in net_current_may_mount()
|
| D | sock.c | 163 ns_capable(user_ns, cap); in sk_ns_capable()
569 if (!ns_capable(net->user_ns, CAP_NET_RAW)) in sock_setbindtodevice()
813 ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in sock_setsockopt()
953 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in sock_setsockopt()
1904 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in sock_cmsg_send()
|
| D | ethtool.c | 1803 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in dev_ethtool()
|
| /linux-4.4.14/include/linux/ |
| D | capability.h | 216 extern bool ns_capable(struct user_namespace *ns, int cap);
240 static inline bool ns_capable(struct user_namespace *ns, int cap) in ns_capable() function
|
| /linux-4.4.14/security/yama/ |
| D | yama_lsm.c | 293 !ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE)) in yama_ptrace_access_check()
299 if (!ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE)) in yama_ptrace_access_check()
|
| /linux-4.4.14/net/ |
| D | sysctl_net.c | 49 if (ns_capable(net->user_ns, CAP_NET_ADMIN) || in net_ctl_permissions()
|
| /linux-4.4.14/security/keys/ |
| D | persistent.c | 149 !ns_capable(ns, CAP_SETUID)) in keyctl_get_persistent()
|
| /linux-4.4.14/security/ |
| D | commoncap.c | 152 if (ns_capable(child_cred->user_ns, CAP_SYS_PTRACE)) in cap_ptrace_access_check()
820 if (!is_subset && !ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE)) in cap_safe_nice()
873 if (!ns_capable(current_user_ns(), CAP_SETPCAP)) in cap_prctl_drop()
|
| /linux-4.4.14/net/ipv4/ |
| D | ip_options.c | 411 if (!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) { in ip_options_compile()
447 if ((!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) || opt->cipso) { in ip_options_compile()
460 if (!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) { in ip_options_compile()
|
| D | tcp_cong.c | 357 ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))) in tcp_set_congestion_control()
|
| D | ip_sockglue.c | 1131 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in do_ip_setsockopt()
1137 if (!!val && !ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW) && in do_ip_setsockopt()
1138 !ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) { in do_ip_setsockopt()
|
| D | ip_tunnel.c | 869 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ip_tunnel_ioctl()
925 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ip_tunnel_ioctl()
|
| D | af_inet.c | 312 !ns_capable(net->user_ns, CAP_NET_RAW)) in inet_create()
474 !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE)) in inet_bind()
|
| D | devinet.c | 964 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in devinet_ioctl()
972 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in devinet_ioctl()
|
| D | arp.c | 1130 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in arp_ioctl()
|
| D | fib_frontend.c | 583 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ip_rt_ioctl()
|
| D | tcp.c | 2267 return ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN) && in tcp_can_repair_sock()
|
| D | ipmr.c | 1288 !ns_capable(net->user_ns, CAP_NET_ADMIN)) in ip_mroute_setsockopt()
|
| /linux-4.4.14/net/ieee802154/ |
| D | socket.c | 894 if (!ns_capable(net->user_ns, CAP_NET_ADMIN) && in dgram_setsockopt()
895 !ns_capable(net->user_ns, CAP_NET_RAW)) { in dgram_setsockopt()
918 if (!ns_capable(net->user_ns, CAP_NET_ADMIN) && in dgram_setsockopt()
919 !ns_capable(net->user_ns, CAP_NET_RAW)) { in dgram_setsockopt()
|
| /linux-4.4.14/fs/proc/ |
| D | root.c | 116 if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN)) in proc_mount()
|
| D | base.c | 2683 if (!ns_capable(ns, CAP_SYS_ADMIN)) in proc_setgroups_open()
|
| /linux-4.4.14/net/ipv6/ |
| D | ipv6_sockglue.c | 368 if (valbool && !ns_capable(net->user_ns, CAP_NET_ADMIN) && in do_ipv6_setsockopt()
369 !ns_capable(net->user_ns, CAP_NET_RAW)) { in do_ipv6_setsockopt()
407 if (optname != IPV6_RTHDR && !ns_capable(net->user_ns, CAP_NET_RAW)) in do_ipv6_setsockopt()
786 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in do_ipv6_setsockopt()
|
| D | datagram.c | 790 if (!ns_capable(net->user_ns, CAP_NET_RAW)) { in ip6_datagram_send_ctl()
810 if (!ns_capable(net->user_ns, CAP_NET_RAW)) { in ip6_datagram_send_ctl()
835 if (!ns_capable(net->user_ns, CAP_NET_RAW)) { in ip6_datagram_send_ctl()
|
| D | af_inet6.c | 162 !ns_capable(net->user_ns, CAP_NET_RAW)) in inet6_create()
283 if (snum && snum < PROT_SOCK && !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE)) in inet6_bind()
|
| D | sit.c | 1187 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ipip6_tunnel_ioctl()
1235 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ipip6_tunnel_ioctl()
1266 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ipip6_tunnel_ioctl()
1293 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ipip6_tunnel_ioctl()
|
| D | anycast.c | 65 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ipv6_sock_ac_join()
|
| D | ip6_vti.c | 746 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vti6_ioctl()
778 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vti6_ioctl()
|
| D | ip6_flowlabel.c | 571 ns_capable(net->user_ns, CAP_NET_ADMIN)) { in ipv6_flowlabel_opt()
|
| D | ip6_tunnel.c | 1486 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ip6_tnl_ioctl()
1522 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ip6_tnl_ioctl()
|
| D | ip6_gre.c | 1086 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ip6gre_tunnel_ioctl()
1135 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ip6gre_tunnel_ioctl()
|
| D | ip6mr.c | 1671 if (sk != mrt->mroute6_sk && !ns_capable(net->user_ns, CAP_NET_ADMIN)) in ip6_mroute_setsockopt()
|
| D | addrconf.c | 2772 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in addrconf_add_ifaddr()
2791 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in addrconf_del_ifaddr()
|
| D | route.c | 2412 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ipv6_route_ioctl()
|
| /linux-4.4.14/net/ipv4/netfilter/ |
| D | arp_tables.c | 1444 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in compat_do_arpt_set_ctl()
1585 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in compat_do_arpt_get_ctl()
1606 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in do_arpt_set_ctl()
1630 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in do_arpt_get_ctl()
|
| D | ip_tables.c | 1716 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in compat_do_ipt_set_ctl()
1825 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in compat_do_ipt_get_ctl()
1847 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in do_ipt_set_ctl()
1872 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in do_ipt_get_ctl()
|
| /linux-4.4.14/net/ipv6/netfilter/ |
| D | ip6_tables.c | 1718 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in compat_do_ip6t_set_ctl()
1827 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in compat_do_ip6t_get_ctl()
1849 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in do_ip6t_set_ctl()
1874 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in do_ip6t_get_ctl()
|
| /linux-4.4.14/net/bridge/netfilter/ |
| D | ebtables.c | 1487 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in do_ebt_set_ctl()
1510 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in do_ebt_get_ctl()
2296 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in compat_do_ebt_set_ctl()
2320 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in compat_do_ebt_get_ctl()
|
| /linux-4.4.14/fs/ |
| D | namespace.c | 1584 return ns_capable(current->nsproxy->mnt_ns->user_ns, CAP_SYS_ADMIN); in may_mount()
3313 if (!ns_capable(mnt_ns->user_ns, CAP_SYS_ADMIN) || in mntns_install()
3314 !ns_capable(current_user_ns(), CAP_SYS_CHROOT) || in mntns_install()
3315 !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) in mntns_install()
|
| D | open.c | 484 if (!ns_capable(current_user_ns(), CAP_SYS_CHROOT)) in SYSCALL_DEFINE1()
|
| D | inode.c | 1963 if (ns_capable(ns, CAP_FOWNER) && kuid_has_mapping(ns, inode->i_uid)) in inode_owner_or_capable()
|
| /linux-4.4.14/net/netlink/ |
| D | af_netlink.c | 1400 ns_capable(user_ns, cap); in __netlink_ns_capable()
1455 ns_capable(sock_net(sock->sk)->user_ns, CAP_NET_ADMIN); in netlink_allowed()
2302 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_BROADCAST)) in netlink_setsockopt()
|
| /linux-4.4.14/drivers/net/ |
| D | tun.c | 477 !ns_capable(net->user_ns, CAP_NET_ADMIN); in tun_not_capable()
1656 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in tun_set_iff()
|
| /linux-4.4.14/net/llc/ |
| D | af_llc.c | 163 if (!ns_capable(net->user_ns, CAP_NET_RAW)) in llc_ui_create()
|
| /linux-4.4.14/net/sctp/ |
| D | socket.c | 364 !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE)) in sctp_do_bind()
1154 !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE)) { in __sctp_connect()
1818 !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE)) { in sctp_sendmsg()
|
| /linux-4.4.14/net/netfilter/ipvs/ |
| D | ip_vs_ctl.c | 2322 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in do_ip_vs_set_ctl()
2640 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in do_ip_vs_get_ctl()
|
| /linux-4.4.14/net/netfilter/ipset/ |
| D | ip_set_core.c | 1892 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ip_set_sockfn_get()
|
| /linux-4.4.14/drivers/net/bonding/ |
| D | bond_main.c | 3386 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in bond_do_ioctl()
|
| /linux-4.4.14/net/packet/ |
| D | af_packet.c | 3054 if (!ns_capable(net->user_ns, CAP_NET_RAW)) in packet_create()
|
| /linux-4.4.14/net/key/ |
| D | af_key.c | 144 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in pfkey_create()
|
| /linux-4.4.14/kernel/sched/ |
| D | core.c | 4433 if (!ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE)) { in sched_setaffinity()
|