Home
last modified time | relevance | path

Searched refs:user_ns (Results 1 – 127 of 127) sorted by relevance

/linux-4.4.14/kernel/
Dnsproxy.c60 struct task_struct *tsk, struct user_namespace *user_ns, in create_new_namespaces() argument
70 new_nsp->mnt_ns = copy_mnt_ns(flags, tsk->nsproxy->mnt_ns, user_ns, new_fs); in create_new_namespaces()
76 new_nsp->uts_ns = copy_utsname(flags, user_ns, tsk->nsproxy->uts_ns); in create_new_namespaces()
82 new_nsp->ipc_ns = copy_ipcs(flags, user_ns, tsk->nsproxy->ipc_ns); in create_new_namespaces()
89 copy_pid_ns(flags, user_ns, tsk->nsproxy->pid_ns_for_children); in create_new_namespaces()
95 new_nsp->net_ns = copy_net_ns(flags, user_ns, tsk->nsproxy->net_ns); in create_new_namespaces()
127 struct user_namespace *user_ns = task_cred_xxx(tsk, user_ns); in copy_namespaces() local
136 if (!ns_capable(user_ns, CAP_SYS_ADMIN)) in copy_namespaces()
150 new_ns = create_new_namespaces(flags, tsk, user_ns, tsk->fs); in copy_namespaces()
179 struct user_namespace *user_ns; in unshare_nsproxy_namespaces() local
[all …]
Dutsname.c35 static struct uts_namespace *clone_uts_ns(struct user_namespace *user_ns, in clone_uts_ns() argument
55 ns->user_ns = get_user_ns(user_ns); in clone_uts_ns()
67 struct user_namespace *user_ns, struct uts_namespace *old_ns) in copy_utsname() argument
77 new_ns = clone_uts_ns(user_ns, old_ns); in copy_utsname()
88 put_user_ns(ns->user_ns); in free_uts_ns()
123 if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) || in utsns_install()
Duid16.c66 ruid = high2lowuid(from_kuid_munged(cred->user_ns, cred->uid)); in SYSCALL_DEFINE3()
67 euid = high2lowuid(from_kuid_munged(cred->user_ns, cred->euid)); in SYSCALL_DEFINE3()
68 suid = high2lowuid(from_kuid_munged(cred->user_ns, cred->suid)); in SYSCALL_DEFINE3()
90 rgid = high2lowgid(from_kgid_munged(cred->user_ns, cred->gid)); in SYSCALL_DEFINE3()
91 egid = high2lowgid(from_kgid_munged(cred->user_ns, cred->egid)); in SYSCALL_DEFINE3()
92 sgid = high2lowgid(from_kgid_munged(cred->user_ns, cred->sgid)); in SYSCALL_DEFINE3()
114 struct user_namespace *user_ns = current_user_ns(); in groups16_to_user() local
121 group = high2lowgid(from_kgid_munged(user_ns, kgid)); in groups16_to_user()
132 struct user_namespace *user_ns = current_user_ns(); in groups16_from_user() local
141 kgid = make_kgid(user_ns, low2highgid(group)); in groups16_from_user()
Dgroups.c67 struct user_namespace *user_ns = current_user_ns(); in groups_to_user() local
73 gid = from_kgid_munged(user_ns, GROUP_AT(group_info, i)); in groups_to_user()
84 struct user_namespace *user_ns = current_user_ns(); in groups_from_user() local
94 kgid = make_kgid(user_ns, gid); in groups_from_user()
216 struct user_namespace *user_ns = current_user_ns(); in may_setgroups() local
218 return ns_capable(user_ns, CAP_SETGID) && in may_setgroups()
219 userns_may_setgroups(user_ns); in may_setgroups()
Dpid_namespace.c82 static struct pid_namespace *create_pid_namespace(struct user_namespace *user_ns, in create_pid_namespace() argument
116 ns->user_ns = get_user_ns(user_ns); in create_pid_namespace()
149 put_user_ns(ns->user_ns); in destroy_pid_namespace()
154 struct user_namespace *user_ns, struct pid_namespace *old_ns) in copy_pid_ns() argument
160 return create_pid_namespace(user_ns, old_ns); in copy_pid_ns()
279 if (write && !ns_capable(pid_ns->user_ns, CAP_SYS_ADMIN)) in pid_ns_ctl_handler()
365 if (!ns_capable(new->user_ns, CAP_SYS_ADMIN) || in pidns_install()
Duser_namespace.c33 static void set_cred_user_ns(struct cred *cred, struct user_namespace *user_ns) in set_cred_user_ns() argument
49 cred->user_ns = user_ns; in set_cred_user_ns()
62 struct user_namespace *ns, *parent_ns = new->user_ns; in create_user_ns()
955 struct user_namespace *user_ns; in userns_get() local
958 user_ns = get_user_ns(__task_cred(task)->user_ns); in userns_get()
961 return user_ns ? &user_ns->ns : NULL; in userns_get()
971 struct user_namespace *user_ns = to_user_ns(ns); in userns_install() local
977 if (user_ns == current_user_ns()) in userns_install()
987 if (!ns_capable(user_ns, CAP_SYS_ADMIN)) in userns_install()
994 put_user_ns(cred->user_ns); in userns_install()
[all …]
Dsys.c142 if (ns_capable(pcred->user_ns, CAP_SYS_NICE)) in set_one_prio_perm()
215 uid = make_kuid(cred->user_ns, who); in SYSCALL_DEFINE3()
283 uid = make_kuid(cred->user_ns, who); in SYSCALL_DEFINE2()
354 ns_capable(old->user_ns, CAP_SETGID)) in SYSCALL_DEFINE2()
363 ns_capable(old->user_ns, CAP_SETGID)) in SYSCALL_DEFINE2()
404 if (ns_capable(old->user_ns, CAP_SETGID)) in SYSCALL_DEFINE1()
488 !ns_capable(old->user_ns, CAP_SETUID)) in SYSCALL_DEFINE2()
497 !ns_capable(old->user_ns, CAP_SETUID)) in SYSCALL_DEFINE2()
551 if (ns_capable(old->user_ns, CAP_SETUID)) { in SYSCALL_DEFINE1()
608 if (!ns_capable(old->user_ns, CAP_SETUID)) { in SYSCALL_DEFINE3()
[all …]
Dtsacct.c29 void bacct_add_tsk(struct user_namespace *user_ns, in bacct_add_tsk() argument
63 stats->ac_uid = from_kuid_munged(user_ns, tcred->uid); in bacct_add_tsk()
64 stats->ac_gid = from_kgid_munged(user_ns, tcred->gid); in bacct_add_tsk()
Dcred.c63 .user_ns = &init_user_ns,
124 put_user_ns(cred->user_ns); in put_cred_rcu()
264 get_user_ns(new->user_ns); in prepare_creds()
385 const struct user_namespace *set_ns = set->user_ns; in cred_cap_issubset()
386 const struct user_namespace *subset_ns = subset->user_ns; in cred_cap_issubset()
616 get_user_ns(new->user_ns); in prepare_kernel_cred()
Dacct.c492 ac.ac_uid = from_kuid_munged(file->f_cred->user_ns, orig_cred->uid); in do_acct_process()
493 ac.ac_gid = from_kgid_munged(file->f_cred->user_ns, orig_cred->gid); in do_acct_process()
Dreboot.c288 if (!ns_capable(pid_ns->user_ns, CAP_SYS_BOOT)) in SYSCALL_DEFINE4()
Dptrace.c267 if (ptrace_has_cap(tcred->user_ns, mode)) in __ptrace_may_access()
278 !ptrace_has_cap(__task_cred(task)->user_ns, mode)) { in __ptrace_may_access()
347 if (ns_capable(__task_cred(task)->user_ns, CAP_SYS_PTRACE)) in ptrace_attach()
Dtaskstats.c169 static void fill_stats(struct user_namespace *user_ns, in fill_stats() argument
187 bacct_add_tsk(user_ns, pid_ns, stats, tsk); in fill_stats()
Dsignal.c703 if (ns_capable(tcred->user_ns, CAP_KILL)) in kill_ok_by_cred()
954 if (current_user_ns() == task_cred_xxx(t, user_ns)) in userns_fixup_signal_uid()
961 info->si_uid = from_kuid_munged(task_cred_xxx(t, user_ns), in userns_fixup_signal_uid()
1612 info.si_uid = from_kuid_munged(task_cred_xxx(tsk->parent, user_ns), in do_notify_parent()
1698 info.si_uid = from_kuid_munged(task_cred_xxx(parent, user_ns), task_uid(tsk)); in do_notify_parent_cldstop()
Dpid.c81 .user_ns = &init_user_ns,
/linux-4.4.14/ipc/
Dnamespace.c19 static struct ipc_namespace *create_ipc_ns(struct user_namespace *user_ns, in create_ipc_ns() argument
49 ns->user_ns = get_user_ns(user_ns); in create_ipc_ns()
55 struct user_namespace *user_ns, struct ipc_namespace *ns) in copy_ipcs() argument
59 return create_ipc_ns(user_ns, ns); in copy_ipcs()
100 put_user_ns(ns->user_ns); in free_ipc_ns()
158 if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) || in ipcns_install()
Dmsg.c1043 struct user_namespace *user_ns = seq_user_ns(s); in sysvipc_msg_proc_show() local
1055 from_kuid_munged(user_ns, msq->q_perm.uid), in sysvipc_msg_proc_show()
1056 from_kgid_munged(user_ns, msq->q_perm.gid), in sysvipc_msg_proc_show()
1057 from_kuid_munged(user_ns, msq->q_perm.cuid), in sysvipc_msg_proc_show()
1058 from_kgid_munged(user_ns, msq->q_perm.cgid), in sysvipc_msg_proc_show()
Dshm.c1027 if (!ns_capable(ns->user_ns, CAP_IPC_LOCK)) { in SYSCALL_DEFINE3()
1367 struct user_namespace *user_ns = seq_user_ns(s); in sysvipc_shm_proc_show() local
1390 from_kuid_munged(user_ns, shp->shm_perm.uid), in sysvipc_shm_proc_show()
1391 from_kgid_munged(user_ns, shp->shm_perm.gid), in sysvipc_shm_proc_show()
1392 from_kuid_munged(user_ns, shp->shm_perm.cuid), in sysvipc_shm_proc_show()
1393 from_kgid_munged(user_ns, shp->shm_perm.cgid), in sysvipc_shm_proc_show()
Dmsgutil.c33 .user_ns = &init_user_ns,
Dsem.c2182 struct user_namespace *user_ns = seq_user_ns(s); in sysvipc_sem_proc_show() local
2202 from_kuid_munged(user_ns, sma->sem_perm.uid), in sysvipc_sem_proc_show()
2203 from_kgid_munged(user_ns, sma->sem_perm.gid), in sysvipc_sem_proc_show()
2204 from_kuid_munged(user_ns, sma->sem_perm.cuid), in sysvipc_sem_proc_show()
2205 from_kgid_munged(user_ns, sma->sem_perm.cgid), in sysvipc_sem_proc_show()
Dutil.c499 !ns_capable(ns->user_ns, CAP_IPC_OWNER)) in ipcperms()
708 ns_capable(ns->user_ns, CAP_SYS_ADMIN)) in ipcctl_pre_down_nolock()
Dmqueue.c334 if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN)) in mqueue_mount()
/linux-4.4.14/net/bridge/
Dbr_ioctl.c93 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in add_del_if()
183 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
189 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
195 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
201 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
240 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
247 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
258 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
275 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
332 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in old_deviceless()
[all …]
Dbr_sysfs_br.c40 if (!ns_capable(dev_net(br->dev)->user_ns, CAP_NET_ADMIN)) in store_bridge_parm()
140 if (!ns_capable(dev_net(br->dev)->user_ns, CAP_NET_ADMIN)) in stp_state_store()
174 if (!ns_capable(dev_net(br->dev)->user_ns, CAP_NET_ADMIN)) in group_fwd_mask_store()
306 if (!ns_capable(dev_net(br->dev)->user_ns, CAP_NET_ADMIN)) in group_addr_store()
346 if (!ns_capable(dev_net(br->dev)->user_ns, CAP_NET_ADMIN)) in flush_store()
Dbr_sysfs_if.c245 if (!ns_capable(dev_net(p->dev)->user_ns, CAP_NET_ADMIN)) in brport_store()
/linux-4.4.14/security/keys/
Dproc.c87 struct user_namespace *user_ns = seq_user_ns(p); in key_serial_next() local
92 if (kuid_has_mapping(user_ns, key->user->uid)) in key_serial_next()
106 struct user_namespace *user_ns = seq_user_ns(p); in find_ge_key() local
129 if (kuid_has_mapping(user_ns, minkey->user->uid)) in find_ge_key()
272 static struct rb_node *__key_user_next(struct user_namespace *user_ns, struct rb_node *n) in __key_user_next() argument
276 if (kuid_has_mapping(user_ns, user->uid)) in __key_user_next()
283 static struct rb_node *key_user_next(struct user_namespace *user_ns, struct rb_node *n) in key_user_next() argument
285 return __key_user_next(user_ns, rb_next(n)); in key_user_next()
288 static struct rb_node *key_user_first(struct user_namespace *user_ns, struct rb_root *r) in key_user_first() argument
291 return __key_user_next(user_ns, n); in key_user_first()
Dprocess_keys.c56 uid = from_kuid(cred->user_ns, user->uid); in install_user_keyrings()
845 new->user_ns = get_user_ns(old->user_ns); in key_change_session_keyring()
/linux-4.4.14/security/
Dcommoncap.c82 if (ns == cred->user_ns) in cap_capable()
93 if ((ns->parent == cred->user_ns) && uid_eq(ns->owner, cred->euid)) in cap_capable()
149 if (cred->user_ns == child_cred->user_ns && in cap_ptrace_access_check()
152 if (ns_capable(child_cred->user_ns, CAP_SYS_PTRACE)) in cap_ptrace_access_check()
181 if (cred->user_ns == child_cred->user_ns && in cap_ptrace_traceme()
184 if (has_ns_capability(parent, child_cred->user_ns, CAP_SYS_PTRACE)) in cap_ptrace_traceme()
227 if (cap_capable(current_cred(), current_cred()->user_ns, in cap_inh_is_capped()
505 root_uid = make_kuid(new->user_ns, 0); in cap_bprm_set_creds()
629 kuid_t root_uid = make_kuid(cred->user_ns, 0); in cap_bprm_secureexec()
729 kuid_t root_uid = make_kuid(old->user_ns, 0); in cap_emulate_setxuid()
[all …]
/linux-4.4.14/include/linux/
Dutsname.h26 struct user_namespace *user_ns; member
38 struct user_namespace *user_ns, struct uts_namespace *old_ns);
55 struct user_namespace *user_ns, struct uts_namespace *old_ns) in copy_utsname() argument
Dpid_namespace.h42 struct user_namespace *user_ns; member
63 struct user_namespace *user_ns, struct pid_namespace *ns);
77 struct user_namespace *user_ns, struct pid_namespace *ns) in copy_pid_ns() argument
Dipc_namespace.h60 struct user_namespace *user_ns; member
117 struct user_namespace *user_ns, struct ipc_namespace *ns);
129 struct user_namespace *user_ns, struct ipc_namespace *ns) in copy_ipcs() argument
Dtsacct_kern.h13 extern void bacct_add_tsk(struct user_namespace *user_ns,
17 static inline void bacct_add_tsk(struct user_namespace *user_ns, in bacct_add_tsk() argument
Dposix_acl_xattr.h67 struct posix_acl *posix_acl_from_xattr(struct user_namespace *user_ns,
69 int posix_acl_to_xattr(struct user_namespace *user_ns,
Dseq_file.h31 struct user_namespace *user_ns; member
150 return seq->user_ns; in seq_user_ns()
Dinet_diag.h33 struct user_namespace *user_ns,
Dcred.h153 struct user_namespace *user_ns; /* user_ns the caps and keyrings are relative to. */ member
378 #define current_user_ns() (current_cred_xxx(user_ns))
/linux-4.4.14/net/
Dsysctl_net.c45 kuid_t root_uid = make_kuid(net->user_ns, 0); in net_ctl_permissions()
46 kgid_t root_gid = make_kgid(net->user_ns, 0); in net_ctl_permissions()
49 if (ns_capable(net->user_ns, CAP_NET_ADMIN) || in net_ctl_permissions()
/linux-4.4.14/fs/
Dposix_acl.c639 struct user_namespace *user_ns = current_user_ns(); in posix_acl_fix_xattr_from_user() local
640 if (user_ns == &init_user_ns) in posix_acl_fix_xattr_from_user()
642 posix_acl_fix_xattr_userns(&init_user_ns, user_ns, value, size); in posix_acl_fix_xattr_from_user()
647 struct user_namespace *user_ns = current_user_ns(); in posix_acl_fix_xattr_to_user() local
648 if (user_ns == &init_user_ns) in posix_acl_fix_xattr_to_user()
650 posix_acl_fix_xattr_userns(user_ns, &init_user_ns, value, size); in posix_acl_fix_xattr_to_user()
657 posix_acl_from_xattr(struct user_namespace *user_ns, in posix_acl_from_xattr() argument
697 make_kuid(user_ns, in posix_acl_from_xattr()
704 make_kgid(user_ns, in posix_acl_from_xattr()
726 posix_acl_to_xattr(struct user_namespace *user_ns, const struct posix_acl *acl, in posix_acl_to_xattr() argument
[all …]
Dpnode.c200 static struct user_namespace *user_ns; variable
247 if (m->mnt_ns->user_ns != user_ns) in propagate_one()
289 user_ns = current->nsproxy->mnt_ns->user_ns; in propagate_mnt()
Dnamespace.c1584 return ns_capable(current->nsproxy->mnt_ns->user_ns, CAP_SYS_ADMIN); in may_mount()
2181 if ((mnt->mnt_ns->user_ns != &init_user_ns) && in do_remount()
2380 struct user_namespace *user_ns = current->nsproxy->mnt_ns->user_ns; in do_new_mount() local
2391 if (user_ns != &init_user_ns) { in do_new_mount()
2735 put_user_ns(ns->user_ns); in free_mnt_ns()
2748 static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) in alloc_mnt_ns() argument
2768 new_ns->user_ns = get_user_ns(user_ns); in alloc_mnt_ns()
2773 struct user_namespace *user_ns, struct fs_struct *new_fs) in copy_mnt_ns() argument
2791 new_ns = alloc_mnt_ns(user_ns); in copy_mnt_ns()
2798 if (user_ns != ns->user_ns) in copy_mnt_ns()
[all …]
Dmount.h12 struct user_namespace *user_ns; member
Dfcntl.c221 struct user_namespace *user_ns = current_user_ns(); in f_getowner_uids() local
227 src[0] = from_kuid(user_ns, filp->f_owner.uid); in f_getowner_uids()
228 src[1] = from_kuid(user_ns, filp->f_owner.euid); in f_getowner_uids()
Dbinfmt_elf_fdpic.c647 NEW_AUX_ENT(AT_UID, (elf_addr_t) from_kuid_munged(cred->user_ns, cred->uid)); in create_elf_fdpic_tables()
648 NEW_AUX_ENT(AT_EUID, (elf_addr_t) from_kuid_munged(cred->user_ns, cred->euid)); in create_elf_fdpic_tables()
649 NEW_AUX_ENT(AT_GID, (elf_addr_t) from_kgid_munged(cred->user_ns, cred->gid)); in create_elf_fdpic_tables()
650 NEW_AUX_ENT(AT_EGID, (elf_addr_t) from_kgid_munged(cred->user_ns, cred->egid)); in create_elf_fdpic_tables()
1437 SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid)); in fill_psinfo()
1438 SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid)); in fill_psinfo()
Dbinfmt_elf.c244 NEW_AUX_ENT(AT_UID, from_kuid_munged(cred->user_ns, cred->uid)); in create_elf_tables()
245 NEW_AUX_ENT(AT_EUID, from_kuid_munged(cred->user_ns, cred->euid)); in create_elf_tables()
246 NEW_AUX_ENT(AT_GID, from_kgid_munged(cred->user_ns, cred->gid)); in create_elf_tables()
247 NEW_AUX_ENT(AT_EGID, from_kgid_munged(cred->user_ns, cred->egid)); in create_elf_tables()
1471 SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid)); in fill_psinfo()
1472 SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid)); in fill_psinfo()
Dseq_file.c76 p->user_ns = file->f_cred->user_ns; in seq_open()
Dexec.c1319 if (!kuid_has_mapping(bprm->cred->user_ns, uid) || in bprm_fill_uid()
1320 !kgid_has_mapping(bprm->cred->user_ns, gid)) in bprm_fill_uid()
Dopen.c358 kuid_t root_uid = make_kuid(override_cred->user_ns, 0); in SYSCALL_DEFINE3()
/linux-4.4.14/arch/s390/kernel/
Dcompat_linux.c139 ruid = high2lowuid(from_kuid_munged(cred->user_ns, cred->uid)); in COMPAT_SYSCALL_DEFINE3()
140 euid = high2lowuid(from_kuid_munged(cred->user_ns, cred->euid)); in COMPAT_SYSCALL_DEFINE3()
141 suid = high2lowuid(from_kuid_munged(cred->user_ns, cred->suid)); in COMPAT_SYSCALL_DEFINE3()
163 rgid = high2lowgid(from_kgid_munged(cred->user_ns, cred->gid)); in COMPAT_SYSCALL_DEFINE3()
164 egid = high2lowgid(from_kgid_munged(cred->user_ns, cred->egid)); in COMPAT_SYSCALL_DEFINE3()
165 sgid = high2lowgid(from_kgid_munged(cred->user_ns, cred->sgid)); in COMPAT_SYSCALL_DEFINE3()
186 struct user_namespace *user_ns = current_user_ns(); in groups16_to_user() local
193 group = (u16)from_kgid_munged(user_ns, kgid); in groups16_to_user()
203 struct user_namespace *user_ns = current_user_ns(); in groups16_from_user() local
212 kgid = make_kgid(user_ns, (gid_t)group); in groups16_from_user()
/linux-4.4.14/fs/proc/
Darray.c145 struct user_namespace *user_ns = seq_user_ns(m); in task_state() local
183 from_kuid_munged(user_ns, cred->uid), in task_state()
184 from_kuid_munged(user_ns, cred->euid), in task_state()
185 from_kuid_munged(user_ns, cred->suid), in task_state()
186 from_kuid_munged(user_ns, cred->fsuid), in task_state()
187 from_kgid_munged(user_ns, cred->gid), in task_state()
188 from_kgid_munged(user_ns, cred->egid), in task_state()
189 from_kgid_munged(user_ns, cred->sgid), in task_state()
190 from_kgid_munged(user_ns, cred->fsgid), in task_state()
196 from_kgid_munged(user_ns, GROUP_AT(group_info, g))); in task_state()
Droot.c116 if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN)) in proc_mount()
Dbase.c1232 from_kuid(file->f_cred->user_ns, in proc_loginuid_read()
1266 kloginuid = make_kuid(file->f_cred->user_ns, loginuid); in proc_loginuid_write()
2596 ns = get_user_ns(task_cred_xxx(task, user_ns)); in proc_id_map_open()
2674 ns = get_user_ns(task_cred_xxx(task, user_ns)); in proc_setgroups_open()
/linux-4.4.14/net/core/
Dscm.c50 kuid_t uid = make_kuid(cred->user_ns, creds->uid); in scm_check_creds()
51 kgid_t gid = make_kgid(cred->user_ns, creds->gid); in scm_check_creds()
57 ns_capable(task_active_pid_ns(current)->user_ns, CAP_SYS_ADMIN)) && in scm_check_creds()
59 uid_eq(uid, cred->suid)) || ns_capable(cred->user_ns, CAP_SETUID)) && in scm_check_creds()
61 gid_eq(gid, cred->sgid)) || ns_capable(cred->user_ns, CAP_SETGID))) { in scm_check_creds()
Dnet_namespace.c272 static __net_init int setup_net(struct net *net, struct user_namespace *user_ns) in setup_net() argument
282 net->user_ns = user_ns; in setup_net()
352 struct user_namespace *user_ns, struct net *old_net) in copy_net_ns() argument
364 get_user_ns(user_ns); in copy_net_ns()
367 rv = setup_net(net, user_ns); in copy_net_ns()
375 put_user_ns(user_ns); in copy_net_ns()
447 put_user_ns(net->user_ns); in cleanup_net()
990 if (!ns_capable(net->user_ns, CAP_SYS_ADMIN) || in netns_install()
Ddev_ioctl.c477 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in dev_ioctl()
525 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in dev_ioctl()
Dsock.c160 struct user_namespace *user_ns, int cap) in sk_ns_capable() argument
162 return file_ns_capable(sk->sk_socket->file, user_ns, cap) && in sk_ns_capable()
163 ns_capable(user_ns, cap); in sk_ns_capable()
193 return sk_ns_capable(sk, sock_net(sk)->user_ns, cap); in sk_net_capable()
569 if (!ns_capable(net->user_ns, CAP_NET_RAW)) in sock_setbindtodevice()
813 ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in sock_setsockopt()
953 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in sock_setsockopt()
1904 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in sock_cmsg_send()
Dsysctl_net_core.c435 if (net->user_ns != &init_user_ns) { in sysctl_core_net_init()
Dnet-sysfs.c88 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in netdev_store()
362 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ifalias_store()
1387 return ns_capable(net->user_ns, CAP_SYS_ADMIN); in net_current_may_mount()
Drtnetlink.c1695 if (!netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN)) { in do_setlink()
2340 if (!netlink_ns_capable(skb, dest_net->user_ns, CAP_NET_ADMIN)) in rtnl_newlink()
2352 if (!netlink_ns_capable(skb, link_net->user_ns, CAP_NET_ADMIN)) in rtnl_newlink()
Dethtool.c1803 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in dev_ethtool()
Dneighbour.c3166 if (neigh_parms_net(p)->user_ns != &init_user_ns) in neigh_sysctl_register()
/linux-4.4.14/include/net/
Dnet_namespace.h62 struct user_namespace *user_ns; /* Owning user namespace */ member
150 struct net *copy_net_ns(unsigned long flags, struct user_namespace *user_ns,
157 struct user_namespace *user_ns, struct net *old_net) in copy_net_ns() argument
Dsock.h710 return sk->sk_socket->file->f_cred->user_ns; in sk_user_ns()
2282 struct user_namespace *user_ns, int cap);
/linux-4.4.14/net/8021q/
Dvlan.c539 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler()
549 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler()
558 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler()
567 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler()
583 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler()
590 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vlan_ioctl_handler()
/linux-4.4.14/init/
Dversion.c37 .user_ns = &init_user_ns,
/linux-4.4.14/fs/autofs4/
Dwaitq.c149 struct user_namespace *user_ns = sbi->pipe->f_cred->user_ns; in autofs4_notify_daemon() local
159 packet->uid = from_kuid_munged(user_ns, wq->uid); in autofs4_notify_daemon()
160 packet->gid = from_kgid_munged(user_ns, wq->gid); in autofs4_notify_daemon()
/linux-4.4.14/net/unix/
Dsysctl_net_unix.c38 if (net->user_ns != &init_user_ns) in unix_sysctl_register()
/linux-4.4.14/net/ipv4/
Dsysctl_net_ipv4.c124 struct user_namespace *user_ns = current_user_ns(); in ipv4_ping_group_range() local
137 urange[0] = from_kgid_munged(user_ns, low); in ipv4_ping_group_range()
138 urange[1] = from_kgid_munged(user_ns, high); in ipv4_ping_group_range()
142 low = make_kgid(user_ns, urange[0]); in ipv4_ping_group_range()
143 high = make_kgid(user_ns, urange[1]); in ipv4_ping_group_range()
Dinet_diag.c109 struct user_namespace *user_ns, in inet_sk_diag_fill() argument
161 r->idiag_uid = from_kuid_munged(user_ns, sock_i_uid(sk)); in inet_sk_diag_fill()
257 struct user_namespace *user_ns, in inet_csk_diag_fill() argument
262 user_ns, portid, seq, nlmsg_flags, unlh); in inet_csk_diag_fill()
337 struct user_namespace *user_ns, in sk_diag_fill() argument
349 return inet_csk_diag_fill(sk, skb, r, user_ns, portid, seq, in sk_diag_fill()
Dip_options.c411 if (!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) { in ip_options_compile()
447 if ((!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) || opt->cipso) { in ip_options_compile()
460 if (!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) { in ip_options_compile()
Dtcp_cong.c357 ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))) in tcp_set_congestion_control()
Dip_sockglue.c1131 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in do_ip_setsockopt()
1137 if (!!val && !ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW) && in do_ip_setsockopt()
1138 !ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) { in do_ip_setsockopt()
Dip_tunnel.c869 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ip_tunnel_ioctl()
925 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ip_tunnel_ioctl()
Daf_inet.c312 !ns_capable(net->user_ns, CAP_NET_RAW)) in inet_create()
474 !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE)) in inet_bind()
Dip_fragment.c795 if (net->user_ns != &init_user_ns) in ip4_frags_ns_ctl_register()
Ddevinet.c964 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in devinet_ioctl()
972 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in devinet_ioctl()
Darp.c1130 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in arp_ioctl()
Dfib_frontend.c583 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ip_rt_ioctl()
Dtcp.c2267 return ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN) && in tcp_can_repair_sock()
Droute.c2785 if (net->user_ns != &init_user_ns) in sysctl_route_net_init()
Dipmr.c1288 !ns_capable(net->user_ns, CAP_NET_ADMIN)) in ip_mroute_setsockopt()
/linux-4.4.14/security/yama/
Dyama_lsm.c293 !ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE)) in yama_ptrace_access_check()
299 if (!ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE)) in yama_ptrace_access_check()
/linux-4.4.14/net/netfilter/
Dnf_conntrack_timestamp.c55 if (net->user_ns != &init_user_ns) in nf_conntrack_tstamp_init_sysctl()
Dnf_conntrack_acct.c77 if (net->user_ns != &init_user_ns) in nf_conntrack_acct_init_sysctl()
Dnfnetlink_log.c156 u32 portid, struct user_namespace *user_ns) in instance_create() argument
188 inst->peer_user_ns = user_ns; in instance_create()
559 struct user_namespace *user_ns = inst->peer_user_ns; in __build_packet_message() local
560 __be32 uid = htonl(from_kuid_munged(user_ns, cred->fsuid)); in __build_packet_message()
561 __be32 gid = htonl(from_kgid_munged(user_ns, cred->fsgid)); in __build_packet_message()
Dnf_conntrack_ecache.c277 if (net->user_ns != &init_user_ns) in nf_conntrack_event_init_sysctl()
Dnf_conntrack_helper.c70 if (net->user_ns != &init_user_ns) in nf_conntrack_helper_init_sysctl()
Dnf_conntrack_standalone.c513 if (net->user_ns != &init_user_ns) in nf_conntrack_standalone_init_sysctl()
Dnf_conntrack_proto_dccp.c842 if (net->user_ns != &init_user_ns) in dccp_kmemdup_sysctl_table()
/linux-4.4.14/net/xfrm/
Dxfrm_sysctl.c58 if (net->user_ns != &init_user_ns) in xfrm_sysctl_init()
/linux-4.4.14/net/packet/
Ddiag.c132 struct user_namespace *user_ns, in sk_diag_fill() argument
156 from_kuid_munged(user_ns, sock_i_uid(sk)))) in sk_diag_fill()
Daf_packet.c3054 if (!ns_capable(net->user_ns, CAP_NET_RAW)) in packet_create()
/linux-4.4.14/net/ieee802154/
Dsocket.c894 if (!ns_capable(net->user_ns, CAP_NET_ADMIN) && in dgram_setsockopt()
895 !ns_capable(net->user_ns, CAP_NET_RAW)) { in dgram_setsockopt()
918 if (!ns_capable(net->user_ns, CAP_NET_ADMIN) && in dgram_setsockopt()
919 !ns_capable(net->user_ns, CAP_NET_RAW)) { in dgram_setsockopt()
/linux-4.4.14/net/ipv6/
Dipv6_sockglue.c368 if (valbool && !ns_capable(net->user_ns, CAP_NET_ADMIN) && in do_ipv6_setsockopt()
369 !ns_capable(net->user_ns, CAP_NET_RAW)) { in do_ipv6_setsockopt()
407 if (optname != IPV6_RTHDR && !ns_capable(net->user_ns, CAP_NET_RAW)) in do_ipv6_setsockopt()
786 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in do_ipv6_setsockopt()
Ddatagram.c790 if (!ns_capable(net->user_ns, CAP_NET_RAW)) { in ip6_datagram_send_ctl()
810 if (!ns_capable(net->user_ns, CAP_NET_RAW)) { in ip6_datagram_send_ctl()
835 if (!ns_capable(net->user_ns, CAP_NET_RAW)) { in ip6_datagram_send_ctl()
Daf_inet6.c162 !ns_capable(net->user_ns, CAP_NET_RAW)) in inet6_create()
283 if (snum && snum < PROT_SOCK && !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE)) in inet6_bind()
Dsit.c1187 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ipip6_tunnel_ioctl()
1235 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ipip6_tunnel_ioctl()
1266 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ipip6_tunnel_ioctl()
1293 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ipip6_tunnel_ioctl()
Danycast.c65 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ipv6_sock_ac_join()
Dip6_vti.c746 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vti6_ioctl()
778 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in vti6_ioctl()
Dreassembly.c648 if (net->user_ns != &init_user_ns) in ip6_frags_ns_sysctl_register()
Dip6_flowlabel.c571 ns_capable(net->user_ns, CAP_NET_ADMIN)) { in ipv6_flowlabel_opt()
Dip6_tunnel.c1486 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ip6_tnl_ioctl()
1522 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ip6_tnl_ioctl()
Dip6_gre.c1086 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ip6gre_tunnel_ioctl()
1135 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ip6gre_tunnel_ioctl()
Droute.c2412 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ipv6_route_ioctl()
3528 if (net->user_ns != &init_user_ns) in ipv6_route_sysctl_init()
Dip6mr.c1671 if (sk != mrt->mroute6_sk && !ns_capable(net->user_ns, CAP_NET_ADMIN)) in ip6_mroute_setsockopt()
Daddrconf.c2772 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in addrconf_add_ifaddr()
2791 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in addrconf_del_ifaddr()
/linux-4.4.14/net/sunrpc/
Dsvcauth_unix.c549 struct user_namespace *user_ns = &init_user_ns; in unix_gid_show() local
565 seq_printf(m, "%u %d:", from_kuid_munged(user_ns, ug->uid), glen); in unix_gid_show()
567 seq_printf(m, " %d", from_kgid_munged(user_ns, GROUP_AT(ug->gi, i))); in unix_gid_show()
/linux-4.4.14/net/netlink/
Daf_netlink.c1396 struct user_namespace *user_ns, int cap) in __netlink_ns_capable() argument
1399 file_ns_capable(nsp->sk->sk_socket->file, user_ns, cap)) && in __netlink_ns_capable()
1400 ns_capable(user_ns, cap); in __netlink_ns_capable()
1415 struct user_namespace *user_ns, int cap) in netlink_ns_capable() argument
1417 return __netlink_ns_capable(&NETLINK_CB(skb), user_ns, cap); in netlink_ns_capable()
1448 return netlink_ns_capable(skb, sock_net(skb->sk)->user_ns, cap); in netlink_net_capable()
1455 ns_capable(sock_net(sock->sk)->user_ns, CAP_NET_ADMIN); in netlink_allowed()
2019 if (!file_ns_capable(sk->sk_socket->file, p->net->user_ns, in do_one_broadcast()
2302 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_BROADCAST)) in netlink_setsockopt()
/linux-4.4.14/net/ipv4/netfilter/
Darp_tables.c1444 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in compat_do_arpt_set_ctl()
1585 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in compat_do_arpt_get_ctl()
1606 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in do_arpt_set_ctl()
1630 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in do_arpt_get_ctl()
Dip_tables.c1716 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in compat_do_ipt_set_ctl()
1825 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in compat_do_ipt_get_ctl()
1847 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in do_ipt_set_ctl()
1872 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in do_ipt_get_ctl()
/linux-4.4.14/net/ipv6/netfilter/
Dip6_tables.c1718 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in compat_do_ip6t_set_ctl()
1827 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in compat_do_ip6t_get_ctl()
1849 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in do_ip6t_set_ctl()
1874 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in do_ip6t_get_ctl()
/linux-4.4.14/net/netfilter/ipvs/
Dip_vs_lblc.c567 if (net->user_ns != &init_user_ns) in __ip_vs_lblc_init()
Dip_vs_lblcr.c753 if (net->user_ns != &init_user_ns) in __ip_vs_lblcr_init()
Dip_vs_ctl.c2322 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in do_ip_vs_set_ctl()
2640 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) in do_ip_vs_get_ctl()
3856 if (net->user_ns != &init_user_ns) in ip_vs_control_net_init_sysctl()
/linux-4.4.14/net/bridge/netfilter/
Debtables.c1487 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in do_ebt_set_ctl()
1510 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in do_ebt_get_ctl()
2296 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in compat_do_ebt_set_ctl()
2320 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in compat_do_ebt_get_ctl()
/linux-4.4.14/net/sched/
Dsch_api.c1122 !netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN)) in tc_get_qdisc()
1189 if (!netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN)) in tc_modify_qdisc()
1537 !netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN)) in tc_ctl_tclass()
Dcls_api.c143 !netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN)) in tc_ctl_tfilter()
/linux-4.4.14/arch/x86/kvm/
Dx86.c3949 struct kvm_clock_data user_ns; in kvm_arch_vm_ioctl() local
3954 if (copy_from_user(&user_ns, argp, sizeof(user_ns))) in kvm_arch_vm_ioctl()
3958 if (user_ns.flags) in kvm_arch_vm_ioctl()
3964 delta = user_ns.clock - now_ns; in kvm_arch_vm_ioctl()
3971 struct kvm_clock_data user_ns; in kvm_arch_vm_ioctl() local
3976 user_ns.clock = kvm->arch.kvmclock_offset + now_ns; in kvm_arch_vm_ioctl()
3978 user_ns.flags = 0; in kvm_arch_vm_ioctl()
3979 memset(&user_ns.pad, 0, sizeof(user_ns.pad)); in kvm_arch_vm_ioctl()
3982 if (copy_to_user(argp, &user_ns, sizeof(user_ns))) in kvm_arch_vm_ioctl()
/linux-4.4.14/net/ieee802154/6lowpan/
Dreassembly.c515 if (net->user_ns != &init_user_ns) in lowpan_frags_ns_sysctl_register()
/linux-4.4.14/drivers/net/
Dtun.c477 !ns_capable(net->user_ns, CAP_NET_ADMIN); in tun_not_capable()
1656 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in tun_set_iff()
/linux-4.4.14/net/llc/
Daf_llc.c163 if (!ns_capable(net->user_ns, CAP_NET_RAW)) in llc_ui_create()
/linux-4.4.14/fs/fuse/
Ddev.c2256 old->f_cred->user_ns == file->f_cred->user_ns) in fuse_dev_ioctl()
Dinode.c1071 (file->f_cred->user_ns != &init_user_ns)) in fuse_fill_super()
/linux-4.4.14/net/sctp/
Dsocket.c364 !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE)) in sctp_do_bind()
1154 !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE)) { in __sctp_connect()
1818 !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE)) { in sctp_sendmsg()
/linux-4.4.14/net/netfilter/ipset/
Dip_set_core.c1892 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in ip_set_sockfn_get()
/linux-4.4.14/drivers/net/bonding/
Dbond_main.c3386 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in bond_do_ioctl()
/linux-4.4.14/net/key/
Daf_key.c144 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in pfkey_create()
/linux-4.4.14/kernel/sched/
Dcore.c4433 if (!ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE)) { in sched_setaffinity()