Home
last modified time | relevance | path

Searched refs:security (Results 1 – 200 of 249) sorted by relevance

12

/linux-4.4.14/net/rxrpc/
Dar-security.c147 conn->security = sec; in rxrpc_init_client_conn_security()
149 ret = conn->security->init_connection_security(conn); in rxrpc_init_client_conn_security()
151 rxrpc_security_put(conn->security); in rxrpc_init_client_conn_security()
152 conn->security = NULL; in rxrpc_init_client_conn_security()
217 conn->security = sec; in rxrpc_init_server_conn_security()
231 if (call->conn->security) in rxrpc_secure_packet()
232 return call->conn->security->secure_packet( in rxrpc_secure_packet()
243 if (call->conn->security) in rxrpc_verify_packet()
244 return call->conn->security->verify_packet( in rxrpc_verify_packet()
256 if (conn->security) { in rxrpc_clear_conn_security()
[all …]
Dar-connevent.c174 if (conn->security) in rxrpc_process_event()
175 return conn->security->respond_to_challenge( in rxrpc_process_event()
180 if (!conn->security) in rxrpc_process_event()
183 ret = conn->security->verify_response(conn, skb, _abort_code); in rxrpc_process_event()
187 ret = conn->security->init_connection_security(conn); in rxrpc_process_event()
191 conn->security->prime_packet_security(conn); in rxrpc_process_event()
238 ASSERT(conn->security != NULL); in rxrpc_secure_connection()
240 if (conn->security->issue_challenge(conn) < 0) { in rxrpc_secure_connection()
DKconfig33 tristate "RxRPC Kerberos security"
41 Provide kerberos 4 and AFS kaserver security handling for AF_RXRPC
DMakefile19 ar-security.o \
Dar-connection.c568 if (candidate->security) in rxrpc_connect_call()
569 candidate->security->prime_packet_security(candidate); in rxrpc_connect_call()
Dar-internal.h252 struct rxrpc_security *security; /* applied security module */ member
Dar-output.c642 if (conn->security) { in rxrpc_send_data()
Dar-input.c202 if (call->conn->security) in rxrpc_fast_process_data()
/linux-4.4.14/Documentation/
DSecurityBugs1 Linux kernel developers take security very seriously. As such, we'd
2 like to know when a security bug is found so that it can be fixed and
3 disclosed as quickly as possible. Please report security bugs to the
4 Linux kernel security team.
8 The Linux kernel security team can be contacted by email at
9 <security@kernel.org>. This is a private list of security officers
11 It is possible that the security team will bring in extra help from
12 area maintainers to understand and fix the security vulnerability.
22 The goal of the Linux kernel security team is to work with the
28 A disclosure date is negotiated by the security team working with the
[all …]
DSAK.txt4 An operating system's Secure Attention Key is a security tool which is
39 systems which implement C2 level security. This author does not
Dhw_random.txt29 a security-conscious person would run fitness tests on the
59 access to our RNG for use as a security feature. At this time,
Dstable_kernel_rules.txt13 security issue, or some "oh, that's not good" issue. In short, something
125 security kernel team, and not go through the normal review cycle.
126 Contact the kernel security team for more details on this procedure.
Dstable_api_nonsense.txt133 security issue is found, it is fixed in a very short amount of time. A
135 reworked to prevent the security problem from occurring. When this
137 same time, ensuring that the security problem was fixed and could not
139 were not allowed to change, fixing this kind of security problem and
Dbinfmt_misc.txt63 the credentials and security token of the new process according to
121 cause unexpected behaviour and can be a security hazard.
Dunshare.txt61 2.1 Per-security context namespaces
65 such as per-user and/or per-security context instance of /tmp, /var/tmp or
66 per-security context instance of a user's home directory, isolate user
D00-INDEX59 - procedure for reporting security bugs found in the kernel.
325 - Kernel module signing for increased security when loading modules.
404 security/
405 - directory that contains security-related info
Dmodule-signing.txt24 allows increased kernel security by disallowing the loading of unsigned modules
25 or modules signed with an invalid key. Module signing increases security by
Dxz.txt103 matter in practice all, since they don't cause security issues. But
DHOWTO131 If you feel you have found a security problem in the Linux kernel,
268 relatively small and critical fixes for security problems or significant
281 security-related problem, instead, can cause a release to happen almost
Dkernel-parameters.txt109 SECURITY Different security models are enabled.
604 See security/selinux/Kconfig help text.
1160 See security/selinux/Kconfig help text.
1176 Permit 'security.evm' to be updated regardless of
2293 'sec=sys' security flavour. In effect it is
3458 security= [SECURITY] Choose a security module to enable at boot.
3460 security module asking for security registration will be
3461 loaded. An invalid security module name will be treated
3466 See security/selinux/Kconfig help text.
3475 See security/apparmor/Kconfig help text
Dintel_txt.txt21 For more information, see http://www.intel.com/technology/security/.
/linux-4.4.14/security/integrity/evm/
DKconfig9 EVM protects a file's security extended attributes against
35 In addition to the original security xattrs (eg. security.selinux,
36 security.SMACK64, security.capability, and security.ima) included
38 Smack xattrs: security.SMACK64EXEC, security.SMACK64TRANSMUTE and
39 security.SMACK64MMAP.
/linux-4.4.14/security/
DKconfig7 source security/keys/Kconfig
22 bool "Enable different security models"
26 This allows you to choose different security modules to be
29 If this option is not selected, the default Linux security
47 This enables the socket and networking security hooks.
48 If enabled, a security module can use these hooks to
56 This enables the XFRM (IPSec) networking security hooks.
57 If enabled, a security module can use these hooks to
69 This enables the security hooks for pathname based access control.
70 If enabled, a security module can use these hooks to
[all …]
DMakefile17 obj-$(CONFIG_SECURITY) += security.o
Dsecurity.c1355 int security_tun_dev_alloc_security(void **security) in security_tun_dev_alloc_security() argument
1357 return call_int_hook(tun_dev_alloc_security, 0, security); in security_tun_dev_alloc_security()
1361 void security_tun_dev_free_security(void *security) in security_tun_dev_free_security() argument
1363 call_void_hook(tun_dev_free_security, security); in security_tun_dev_free_security()
1373 int security_tun_dev_attach_queue(void *security) in security_tun_dev_attach_queue() argument
1375 return call_int_hook(tun_dev_attach_queue, 0, security); in security_tun_dev_attach_queue()
1379 int security_tun_dev_attach(struct sock *sk, void *security) in security_tun_dev_attach() argument
1381 return call_int_hook(tun_dev_attach, 0, sk, security); in security_tun_dev_attach()
1385 int security_tun_dev_open(void *security) in security_tun_dev_open() argument
1387 return call_int_hook(tun_dev_open, 0, security); in security_tun_dev_open()
/linux-4.4.14/Documentation/netlabel/
Dintroduction.txt9 NetLabel is a mechanism which can be used by kernel security modules to attach
10 security attributes to outgoing network packets generated from user space
11 applications and read security attributes from incoming network packets. It
13 layer, and the kernel security module API.
18 network packet's security attributes. If any translation between the network
19 security attributes and those on the host are required then the protocol
22 the NetLabel kernel security module API described below.
38 The purpose of the NetLabel security module API is to provide a protocol
40 to protocol independence, the security module API is designed to be completely
44 Detailed information about the NetLabel security module API can be found in the
Dlsm_interface.txt9 NetLabel is a mechanism which can set and retrieve security attributes from
12 The NetLabel security module API is defined in 'include/net/netlabel.h' but a
18 it uses the concept of security attributes to refer to the packet's security
19 labels. The NetLabel security attributes are defined by the
21 NetLabel subsystem converts the security attributes to and from the correct
24 security attributes into whatever security identifiers are in use for their
38 label and the internal LSM security identifier can be time consuming. The
41 LSM has received a packet, used NetLabel to decode its security attributes,
42 and translated the security attributes into a LSM internal identifier the LSM
Dcipso_ipv4.txt22 label by using the NetLabel security module API; if the NetLabel "domain" is
31 NetLabel security module API to extract the security attributes of the packet.
37 The CIPSO/IPv4 protocol engine contains a mechanism to translate CIPSO security
42 different security attribute mapping table.
46 The NetLabel system provides a framework for caching security attribute
Ddraft-ietf-cipso-ipsecurity-01.txt35 Currently the Internet Protocol includes two security options. One of
37 IP datagrams to be labeled with security classifications. This option
38 provides sixteen security classifications and a variable number of handling
39 restrictions. To handle additional security information, such as security
40 categories or compartments, another security option (Type 133) exists and
46 mandatory access controls and multi-level security. These systems are
52 applications of a commercial security option. The BSO and ESO were
54 to support multiple security policies. This Internet Draft provides the
56 security policy. Support for additional security policies shall be
76 This option permits security related information to be passed between
[all …]
D00-INDEX10 - documentation on the NetLabel kernel security module API.
/linux-4.4.14/security/selinux/
Dxfrm.c70 return selinux_authorizable_ctx(x->security); in selinux_authorizable_xfrm()
181 if (!xp->security) in selinux_xfrm_state_pol_flow_match()
182 if (x->security) in selinux_xfrm_state_pol_flow_match()
189 if (!x->security) in selinux_xfrm_state_pol_flow_match()
197 state_sid = x->security->ctx_sid; in selinux_xfrm_state_pol_flow_match()
221 return x->security->ctx_sid; in selinux_xfrm_skb_sid_egress()
236 struct xfrm_sec_ctx *ctx = x->security; in selinux_xfrm_skb_sid_ingress()
334 return selinux_xfrm_alloc_user(&x->security, uctx, GFP_KERNEL); in selinux_xfrm_state_alloc()
371 x->security = ctx; in selinux_xfrm_state_alloc_acquire()
383 selinux_xfrm_free(x->security); in selinux_xfrm_state_free()
[all …]
Dhooks.c186 cred->security = tsec; in cred_init_security()
196 tsec = cred->security; in cred_sid()
382 const struct task_security_struct *tsec = cred->security; in may_context_mount_sb_relabel()
399 const struct task_security_struct *tsec = cred->security; in may_context_mount_inode_relabel()
1536 __tsec1 = __task_cred(tsk1)->security; sid1 = __tsec1->sid; in task_has_perm()
1537 __tsec2 = __task_cred(tsk2)->security; sid2 = __tsec2->sid; in task_has_perm()
2219 new_tsec = bprm->cred->security; in selinux_bprm_set_creds()
2297 sec = __task_cred(tracer)->security; in selinux_bprm_set_creds()
2402 new_tsec = bprm->cred->security; in selinux_bprm_committing_creds()
3548 cred->security = tsec; in selinux_cred_alloc_blank()
[all …]
/linux-4.4.14/Documentation/security/
Dapparmor.txt3 AppArmor is MAC style security extension for the Linux kernel. It implements
13 If AppArmor should be selected as the default security module then
19 If AppArmor is not the default security module it can be enabled by passing
20 security=apparmor on the kernel's command line.
22 If AppArmor is the default security module it can be disabled by passing
23 apparmor=0, security=XXXX (where XXX is valid security module), on the
DLSM.txt5 various security checks to be hooked by new kernel extensions. The name
9 "security=..." kernel command line argument, in the case where multiple
13 (MAC) extensions which provide a comprehensive security policy. Examples
28 use it) has been appropriately documented in Documentation/security/.
34 see include/linux/security.h.
Dtomoyo.txt13 Build the kernel with CONFIG_SECURITY_TOMOYO=y and pass "security=tomoyo" on
30 TOMOYO Linux: pragmatic and manageable security for Linux
38 The role of "pathname based access control" in security.
47 We believe that inode based security and name based security are complementary
D00-INDEX6 - how to get started with the SELinux security enhancement.
12 - documentation on the AppArmor security extension.
Dcredentials.txt32 There are several parts to the security check performed by Linux when one
67 The objective context is used as part of the security calculation that is
87 is used as part of the security calculation that is carried out when a
104 (7) Rules, access control lists and security calculations.
106 When a subject acts upon an object, a security calculation is made. This
202 These are only carried by tasks. They carry and cache security tokens
206 programs having to know about security details involved.
219 For more information on using keys, see Documentation/security/keys.txt.
252 objective security context of that file. Depending on the type of filesystem,
261 (*) LSM security label;
[all …]
DSmack.txt66 objects. The attributes are stored in the extended attribute security
302 Control (MAC) was very closely associated with the Bell & LaPadula security
348 These definitions are consistent with the traditional use in the security
352 violate an aspect of the system security policy, as identified by
357 Privilege: A task that is allowed to violate the system security
532 named SMACK64 on the file. This attribute is in the security namespace. It can
658 any security decisions themselves. The utility ls(1) is one example of such a
674 len = getxattr("/", "security.SMACK64", value, sizeof (value));
680 rc = setxattr("/foo", "security.SMACK64", "Rubble", len, 0);
693 rc = fsetxattr(fd, "security.SMACK64IPOUT", "Rubble", len, 0);
[all …]
Dkeys-trusted-encrypted.txt7 of a Trusted Platform Module (TPM) chip for greater security, while Encrypted
160 'Documentation/security/keys-ecryptfs.txt'.
Dkeys-request-key.txt6 Documentation/security/keys.txt). This document explains more fully how
106 UID, GID, groups and security info of process A as if it was process A,
DYama.txt1 Yama is a Linux Security Module that collects system-wide DAC security
Dkeys.txt256 The security class "key" has been added to SELinux so that mandatory access
265 security context, then the key will be assigned that context. Otherwise, the
269 key security class.
301 security checks are still performed, and may further filter out keys that
451 See also Documentation/security/keys-request-key.txt.
757 requester's keyrings using the requester's security label, UID, GID and
769 (*) Get the LSM security context attached to a key.
774 This function returns a string that represents the LSM security context
901 See also Documentation/security/keys-request-key.txt.
/linux-4.4.14/security/yama/
DKconfig7 system-wide security settings beyond regular Linux discretionary
9 Like capabilities, this security module stacks with other LSMs.
10 Further information can be found in Documentation/security/Yama.txt.
/linux-4.4.14/security/tomoyo/
Dtomoyo.c20 new->security = NULL; in tomoyo_cred_alloc_blank()
36 struct tomoyo_domain_info *domain = old->security; in tomoyo_cred_prepare()
37 new->security = domain; in tomoyo_cred_prepare()
61 struct tomoyo_domain_info *domain = cred->security; in tomoyo_cred_free()
96 bprm->cred->security)->users); in tomoyo_bprm_set_creds()
101 bprm->cred->security = NULL; in tomoyo_bprm_set_creds()
114 struct tomoyo_domain_info *domain = bprm->cred->security; in tomoyo_bprm_check_security()
547 cred->security = &tomoyo_kernel_domain; in tomoyo_init()
Dsecurityfs_if.c78 cred->security; in tomoyo_write_self()
79 cred->security = new_domain; in tomoyo_write_self()
244 if (current_cred()->security != &tomoyo_kernel_domain) in tomoyo_initerface_init()
DKconfig38 You can read the log via /sys/kernel/security/tomoyo/audit.
Dcommon.h1205 return current_cred()->security; in tomoyo_domain()
1218 return task_cred_xxx(task, security); in tomoyo_real_domain()
Ddomain.c843 bprm->cred->security = domain; in tomoyo_find_next_domain()
/linux-4.4.14/Documentation/ABI/testing/
Devm1 What: security/evm
5 EVM protects a file's security extended attributes(xattrs)
8 value as the extended attribute 'security.evm'.
15 can not create or validate the 'security.evm' xattr, but
Dsysfs-class-uwb_rc-wusbhc23 Since this relates to security (specifically, the
Dima_policy1 What: security/ima/policy
/linux-4.4.14/Documentation/filesystems/caching/
Dcachefiles.txt23 (*) A note on security.
314 CacheFiles is implemented to deal properly with the LSM security features of
319 security context that is not appropriate for accessing the cache - either
324 The way CacheFiles works is to temporarily change the security context (fsuid,
325 fsgid and actor security label) that the process acts as - without changing the
326 security context of the process when it the target of an operation performed by
332 (1) Finds the security label attached to the root cache directory and uses
333 that as the security label with which it will create files. By default,
338 (2) Finds the security label of the process which issued the bind request
343 and asks LSM to supply a security ID as which it should act given the
[all …]
/linux-4.4.14/fs/9p/
DKconfig41 implemented by security modules like SELinux. This option
42 enables an extended attribute handler for file security
45 If you are not using a security module that requires using
46 extended attributes for file security labels, say N.
/linux-4.4.14/drivers/char/tpm/
DKconfig10 If you have a TPM security chip in your system, which
31 If you have a TPM security chip that is compliant with the
41 If you have an Atmel I2C TPM security chip say Yes and it will be
50 If you have a TPM security chip that is compliant with the
61 If you have a TPM security chip with an I2C interface from
71 If you have a TPM security chip from National Semiconductor
80 If you have a TPM security chip from Atmel say Yes and it
88 If you have a TPM security chip from Infineon Technologies
120 If you have a TPM security chip that is compliant with the
/linux-4.4.14/fs/ext2/
DKconfig39 implemented by security modules like SELinux. This option
40 enables an extended attribute handler for file security
43 If you are not using a security module that requires using
44 extended attributes for file security labels, say N.
/linux-4.4.14/fs/jfs/
DKconfig29 implemented by security modules like SELinux. This option
30 enables an extended attribute handler for file security
33 If you are not using a security module that requires using
34 extended attributes for file security labels, say N.
/linux-4.4.14/kernel/
Dcred.c274 new->security = NULL; in prepare_creds()
628 new->security = NULL; in prepare_kernel_cred()
709 if (selinux_is_enabled() && cred->security) { in creds_are_invalid()
710 if ((unsigned long) cred->security < PAGE_SIZE) in creds_are_invalid()
712 if ((*(u32 *)cred->security & 0xffffff00) == in creds_are_invalid()
748 printk(KERN_ERR "CRED: ->security is %p\n", cred->security); in dump_invalid_creds()
749 if ((unsigned long) cred->security >= PAGE_SIZE && in dump_invalid_creds()
750 (((unsigned long) cred->security & 0xffffff00) != in dump_invalid_creds()
753 ((u32*)cred->security)[0], in dump_invalid_creds()
754 ((u32*)cred->security)[1]); in dump_invalid_creds()
/linux-4.4.14/security/smack/
Dsmack_lsm.c226 struct task_smack *tsp = cred->security; in smk_bu_credfile()
434 tsp = __task_cred(tracer)->security; in smk_ptrace_rule_check()
909 struct task_smack *bsp = bprm->cred->security; in smack_bprm_set_creds()
952 struct task_smack *bsp = bprm->cred->security; in smack_bprm_committing_creds()
1826 struct smack_known *tkp = smk_of_task(tsk->cred->security); in smack_file_send_sigiotask()
1894 struct task_smack *tsp = cred->security; in smack_file_open()
1931 cred->security = tsp; in smack_cred_alloc_blank()
1944 struct task_smack *tsp = cred->security; in smack_cred_free()
1951 cred->security = NULL; in smack_cred_free()
1974 struct task_smack *old_tsp = old->security; in smack_cred_prepare()
[all …]
DKconfig12 of other mandatory security schemes.
40 This enables security marking of network packets using
Dsmack.h371 skp = smk_of_task(__task_cred(t)->security); in smk_of_task_struct()
/linux-4.4.14/drivers/net/ethernet/toshiba/
Dps3_gelic_wireless.h89 u16 security; member
120 u16 security; member
164 __be16 security; member
Dps3_gelic_wireless.c414 pr_debug("%s: <- sec=%16x\n", __func__, scan->security); in gelic_wl_synthesize_ie()
415 switch (be16_to_cpu(scan->security) & GELIC_EURUS_SCAN_SEC_MASK) { in gelic_wl_synthesize_ie()
427 switch (be16_to_cpu(scan->security) & GELIC_EURUS_SCAN_SEC_WPA_MASK) { in gelic_wl_synthesize_ie()
1674 u16 security; in gelic_wl_find_best_bss() local
1705 security = be16_to_cpu(scan_info->hwinfo->security) & in gelic_wl_find_best_bss()
1708 if (security == GELIC_EURUS_SCAN_SEC_WPA2) in gelic_wl_find_best_bss()
1714 if (security == GELIC_EURUS_SCAN_SEC_WPA) in gelic_wl_find_best_bss()
1721 if (security == GELIC_EURUS_SCAN_SEC_WEP) in gelic_wl_find_best_bss()
1800 wep->security = cpu_to_be16(GELIC_EURUS_WEP_SEC_104BIT); in gelic_wl_do_wep_setup()
1803 wep->security = cpu_to_be16(GELIC_EURUS_WEP_SEC_40BIT); in gelic_wl_do_wep_setup()
[all …]
/linux-4.4.14/drivers/char/tpm/st33zp24/
DKconfig17 This module adds support for the STMicroelectronics TPM security chip
27 This module adds support for the STMicroelectronics TPM security chip
/linux-4.4.14/Documentation/DocBook/
D.kernel-api.xml.cmd2 …lug_core.c drivers/firmware/dmi_scan.c drivers/firmware/edd.c security/security.c security/inode.c…
Dkernel-api.xml.db554 API-security-init
555 API-security-module-enable
/linux-4.4.14/fs/reiserfs/
DKconfig83 implemented by security modules like SELinux. This option
84 enables an extended attribute handler for file security
87 If you are not using a security module that requires using
88 extended attributes for file security labels, say N.
Dnamei.c633 struct reiserfs_security_handle security; in reiserfs_create() local
649 retval = reiserfs_security_init(dir, inode, &dentry->d_name, &security); in reiserfs_create()
665 inode, &security); in reiserfs_create()
705 struct reiserfs_security_handle security; in reiserfs_mknod() local
729 retval = reiserfs_security_init(dir, inode, &dentry->d_name, &security); in reiserfs_mknod()
745 inode, &security); in reiserfs_mknod()
788 struct reiserfs_security_handle security; in reiserfs_mkdir() local
820 retval = reiserfs_security_init(dir, inode, &dentry->d_name, &security); in reiserfs_mkdir()
843 dentry, inode, &security); in reiserfs_mkdir()
1105 struct reiserfs_security_handle security; in reiserfs_symlink() local
[all …]
Dinode.c1932 struct reiserfs_security_handle *security) in reiserfs_new_inode() argument
2121 if (security->name) { in reiserfs_new_inode()
2123 retval = reiserfs_security_write(th, inode, security); in reiserfs_new_inode()
/linux-4.4.14/Documentation/ja_JP/
Dstable_kernel_rules.txt63 きではなく、代わりに security@kernel.org のアドレスに送られる。
78 この手続きの詳細については kernel security チームに問い合わせること。
/linux-4.4.14/fs/ext4/
DKconfig94 implemented by security modules like SELinux. This option
95 enables an extended attribute handler for file security
98 If you are not using a security module that requires using
99 extended attributes for file security labels, say N.
/linux-4.4.14/scripts/selinux/
DREADME1 Please see Documentation/security/SELinux.txt for information on
/linux-4.4.14/security/integrity/
DKconfig59 source security/integrity/ima/Kconfig
60 source security/integrity/evm/Kconfig
/linux-4.4.14/include/linux/
Dipc.h23 void *security; member
Dsecurity.h1148 int security_tun_dev_alloc_security(void **security);
1149 void security_tun_dev_free_security(void *security);
1151 int security_tun_dev_attach_queue(void *security);
1152 int security_tun_dev_attach(struct sock *sk, void *security);
1153 int security_tun_dev_open(void *security);
1318 static inline int security_tun_dev_alloc_security(void **security) in security_tun_dev_alloc_security() argument
1323 static inline void security_tun_dev_free_security(void *security) in security_tun_dev_free_security() argument
1332 static inline int security_tun_dev_attach_queue(void *security) in security_tun_dev_attach_queue() argument
1337 static inline int security_tun_dev_attach(struct sock *sk, void *security) in security_tun_dev_attach() argument
1342 static inline int security_tun_dev_open(void *security) in security_tun_dev_open() argument
Dmsg.h13 void *security; member
Dcred.h150 void *security; /* subjective LSM security */ member
374 #define current_security() (current_cred_xxx(security))
Dlsm_hooks.h1567 int (*tun_dev_alloc_security)(void **security);
1568 void (*tun_dev_free_security)(void *security);
1570 int (*tun_dev_attach_queue)(void *security);
1571 int (*tun_dev_attach)(struct sock *sk, void *security);
1572 int (*tun_dev_open)(void *security);
Dkey.h146 void *security; /* security data for this key */ member
/linux-4.4.14/fs/cachefiles/
DMakefile13 security.o \
/linux-4.4.14/fs/cifs/
DKconfig27 useful performance and security features (see the description
60 bool "Support legacy servers which use weaker LANMAN security"
65 security mechanisms. These hash the password more securely
73 security mechanisms if you are on a public network. Unless you
187 In general SMB3 enables better performance, security
201 This dialect includes improved security negotiation features.
/linux-4.4.14/arch/um/
DKconfig.rest15 source "security/Kconfig"
DKconfig.net149 networking, and notes about the security of this approach.
/linux-4.4.14/net/xfrm/
DKconfig37 A feature to update locator(s) of a given IPsec security
77 locator(s) of a given IPsec security association.
Dxfrm_policy.c310 security_xfrm_policy_free(policy->security); in xfrm_policy_destroy_rcu()
764 xfrm_sec_ctx_match(pol->security, policy->security) && in xfrm_policy_insert()
830 xfrm_sec_ctx_match(ctx, pol->security)) { in xfrm_policy_bysel_ctx()
834 pol->security); in xfrm_policy_bysel_ctx()
873 pol->security); in xfrm_policy_byid()
906 err = security_xfrm_policy_delete(pol->security); in xfrm_policy_flush_secctx_check()
919 pol->security); in xfrm_policy_flush_secctx_check()
1085 ret = security_xfrm_policy_lookup(pol->security, fl->flowi_secid, in xfrm_policy_match()
1237 err = security_xfrm_policy_lookup(pol->security, in xfrm_sk_policy_lookup()
1352 if (security_xfrm_policy_clone(old->security, in clone_policy()
[all …]
Dxfrm_user.c861 if (x->security) in copy_to_user_state_extra()
862 ret = copy_sec_ctx(x->security, skb); in copy_to_user_state_extra()
1342 return security_xfrm_policy_alloc(&pol->security, uctx, GFP_KERNEL); in copy_from_user_sec_ctx()
1531 security_xfrm_policy_free(xp->security); in xfrm_add_policy()
1577 if (x->security) { in copy_to_user_state_sec_ctx()
1578 return copy_sec_ctx(x->security, skb); in copy_to_user_state_sec_ctx()
1585 if (xp->security) in copy_to_user_sec_ctx()
1586 return copy_sec_ctx(xp->security, skb); in copy_to_user_sec_ctx()
2611 if (x->security) in xfrm_sa_len()
2613 x->security->ctx_len); in xfrm_sa_len()
[all …]
/linux-4.4.14/fs/jffs2/
DKconfig96 implemented by security modules like SELinux. This option
97 enables an extended attribute handler for file security
100 If you are not using a security module that requires using
101 extended attributes for file security labels, say N.
DMakefile15 jffs2-$(CONFIG_JFFS2_FS_SECURITY) += security.o
/linux-4.4.14/drivers/usb/wusbcore/
DMakefile16 security.o \
/linux-4.4.14/fs/afs/
DMakefile22 security.o \
/linux-4.4.14/fs/nfsd/
DKconfig101 Say Y here if you want enable fine-grained security label attribute
102 support for NFS version 4. Security labels allow security modules like
106 If you do not wish to enable fine-grained security labels SELinux or
/linux-4.4.14/drivers/of/unittest-data/
Dtests-phandle.dtsi8 security-password = "password";
/linux-4.4.14/drivers/gpu/host1x/
DKconfig15 bool "Enable HOST1X security firewall"
/linux-4.4.14/Documentation/zh_CN/
DSecurityBugs30 linux内核安全团队可以通过email<security@kernel.org>来联系。这是
Dstable_kernel_rules.txt49 - 安全方面的补丁不要发到这个列表,应该发送到security@kernel.org。
/linux-4.4.14/Documentation/ABI/removed/
Draw13947 to implement sensible device security policies, and its low level
/linux-4.4.14/Documentation/networking/
Drxrpc.txt67 manage security on the client end. The server end must of necessity be
68 more active in security negotiations.
138 initiated by the first data packet on it arriving. If security is
140 replies with a "response". If the response is successful, the security is
142 upon it use that same security. In the event that the server lets a
143 connection lapse before the client, the security will be renegotiated if
191 the same key struct describing their security (and assuming the calls
273 secret keys corresponding to the security types it permits. When a secure
277 the packet and either aborts the connection or sets up the security.
418 This is used to specify the minimum security level required for calls on
[all …]
Dsecid.txt13 If this is an inbound flow, the label is derived from the IPSec security
Dipsec.txt32 security path. Such naked packet will not eventually make it to upper layer.
Dnetdev-FAQ.txt193 Q: I found a bug that might have possible security implications or similar.
198 that, then perhaps consider mailing "security@kernel.org" or reading about
199 http://oss-security.openwall.org/wiki/mailing-lists/distros
Dieee802154.txt118 octets of actual MAC payload once security is turned on, on a wireless link
Ddns_resolver.txt146 See <file:Documentation/security/keys-request-key.txt> for further
Dnetlink_mmap.txt203 allocated buffer due to unresolved security concerns.
/linux-4.4.14/arch/h8300/
DKconfig73 source "security/Kconfig"
/linux-4.4.14/fs/f2fs/
DKconfig62 security labels in the f2fs filesystem, so that it requires enabling
65 If you are not using a security module, say N.
/linux-4.4.14/Documentation/cgroups/
D00-INDEX12 - Device Whitelist Controller; description, interface and security.
/linux-4.4.14/Documentation/devicetree/bindings/clock/
Dprima2-clock.txt22 security 7
/linux-4.4.14/security/apparmor/include/
Dcontext.h24 #define cred_cxt(X) (X)->security
/linux-4.4.14/arch/score/
DKconfig99 source "security/Kconfig"
/linux-4.4.14/tools/scripts/
DMakefile.include24 EXTRA_WARNINGS += -Wformat-security
/linux-4.4.14/fs/coda/
DKconfig10 replication, security model for authentication and encryption,
/linux-4.4.14/security/apparmor/
DKconfig10 This enables the AppArmor security module.
/linux-4.4.14/security/integrity/ima/
DKconfig116 It requires the system to be labeled with a security extended
118 the security extended attributes from offline attack, enable
/linux-4.4.14/drivers/net/wireless/realtek/rtlwifi/rtl8192cu/
Dmac.h100 u32 security:3; member
/linux-4.4.14/Documentation/devicetree/bindings/dma/
Dqcom_adm.txt18 - qcom,ee: indicates the security domain identifier used in the secure world.
/linux-4.4.14/fs/ncpfs/
DKconfig29 NCP allows packets to be signed for stronger security. If you want
30 security, say Y. Normal users can leave it off. To be able to use
/linux-4.4.14/drivers/clk/sirf/
Dclk-prima2.c61 rtc, osc, pll1, pll2, pll3, mem, sys, security, dsp, gps, enumerator
Dclk-atlas6.c62 rtc, osc, pll1, pll2, pll3, mem, sys, security, dsp, gps, enumerator
/linux-4.4.14/ipc/
Dmsgutil.c63 msg->security = NULL; in alloc_msg()
Dmsg.c133 msq->q_perm.security = NULL; in newque()
/linux-4.4.14/arch/s390/include/uapi/asm/
Dvtoc.h45 __u8 security; /* security byte */ member
/linux-4.4.14/drivers/nvmem/
DKconfig65 This is a driver for the 'security ID' available on various Allwinner
/linux-4.4.14/drivers/net/
Dtun.c205 void *security; member
605 err = security_tun_dev_attach(tfile->socket.sk, tun->security); in tun_attach()
1452 security_tun_dev_free_security(tun->security); in tun_free_netdev()
1634 err = security_tun_dev_open(tun->security); in tun_set_iff()
1700 err = security_tun_dev_alloc_security(&tun->security); in tun_set_iff()
1745 security_tun_dev_free_security(tun->security); in tun_set_iff()
1858 ret = security_tun_dev_attach_queue(tun->security); in tun_set_queue()
/linux-4.4.14/drivers/net/wireless/realtek/rtl8xxxu/
Drtl8xxxu.h70 u32 security:3; member
137 u32 security:3;
/linux-4.4.14/arch/x86/kvm/
DKconfig98 better security.
/linux-4.4.14/fs/
DKconfig159 security.* namespaces.
236 RPCSEC security modules.
/linux-4.4.14/Documentation/filesystems/
Dcramfs.txt25 mkcramfs simply truncates to 8 bits, which is a potential security
Dafs.txt45 CONFIG_RXKAD - The RxRPC Kerberos security handler
76 The second module is the kerberos RxRPC security driver, and the third module
D9p.txt114 afid security channel - used by Plan 9 authentication protocols
Dmandatory-locking.txt75 a setgid file is written to. This is a security measure. The kernel has been
Dlogfs.txt202 there may be a security concern if a malicious user has write access
/linux-4.4.14/arch/hexagon/
DKconfig168 source "security/Kconfig"
/linux-4.4.14/Documentation/misc-devices/
Dc2port.txt71 However, for security reasons, the in-system flash access in not
/linux-4.4.14/arch/m68k/
DKconfig167 source "security/Kconfig"
/linux-4.4.14/Documentation/sysctl/
Dfs.txt187 A long-standing class of security issues is the hardlink-based
207 A long-standing class of security issues is the symlink-based
233 owned by the current user and no security is applied. This is
/linux-4.4.14/arch/openrisc/
DKconfig166 source "security/Kconfig"
/linux-4.4.14/Documentation/devicetree/bindings/iommu/
Dsamsung,sysmmu.txt9 permissions, shareability and security protection. In addition, System MMU has
/linux-4.4.14/Documentation/device-mapper/
Ddm-crypt.txt60 WARNING: Assess the specific security risks carefully before enabling this
/linux-4.4.14/drivers/staging/rtl8723au/hal/
Drtl8723au_recv.c165 pattrib->encrypt = (u8)prxreport->security; in update_recvframe_attrib()
/linux-4.4.14/arch/c6x/
DKconfig132 source "security/Kconfig"
/linux-4.4.14/
DREPORTING-BUGS56 If it is a security bug, please copy the Security Contact listed in the
166 The exceptions to this rule are regressions, kernel crashes, security holes,
DMakefile393 -Wno-format-security \
883 core-y += kernel/ certs/ mm/ fs/ ipc/ security/ crypto/ block/
DMAINTAINERS63 7. When sending security related changes or reports to a maintainer
64 please Cc: security@kernel.org, especially if the maintainer
2625 L: linux-security-module@vger.kernel.org
2629 F: security/commoncap.c
4232 L: linux-security-module@vger.kernel.org
4234 F: security/integrity/evm/
5429 L: linux-security-module@vger.kernel.org
5431 F: security/integrity/ima/
6135 F: Documentation/security/keys.txt
6139 F: security/keys/
[all …]
/linux-4.4.14/Documentation/filesystems/nfs/
Didmapper.txt58 See <file:Documentation/security/keys-request-key.txt> for more information
/linux-4.4.14/Documentation/usb/
Dauthorization.txt65 security verification you can make (or the best, for someone willing
/linux-4.4.14/arch/unicore32/
DKconfig249 source "security/Kconfig"
/linux-4.4.14/net/ipv6/netfilter/
DKconfig286 # security table for MAC policy
292 This option adds a `security' table to iptables, for use
/linux-4.4.14/arch/arm/boot/dts/
Datlas6.dtsi794 security@b00f0000 {
795 compatible = "sirf,prima2-security";
Dprima2.dtsi832 security@b00f0000 {
833 compatible = "sirf,prima2-security";
/linux-4.4.14/drivers/scsi/bfa/
Dbfa_fc.h295 security:1, member
315 security:1, member
/linux-4.4.14/Documentation/ABI/
DREADME25 errors or security problems are found in them. Userspace
/linux-4.4.14/Documentation/filesystems/cifs/
DTODO47 k) implement support for security and trusted categories of xattrs
DREADME369 greater security.
545 mode also will be emulated using queries of the security
616 SecurityFlags Flags which control security negotiation and
631 enabling lanman authentication in the security flags
644 may use Kerberos security 0x00008
719 Enabling Kerberos (extended security) works but requires version 1.2 or later
723 require this helper. Note that NTLMv2 security (which does not require the
DCHANGES51 flag to be set to 2, and mount must enable krb5 to turn on extended security).
57 Improve support for multiple security contexts to the same server. We
63 established security contexts. fsync now sends SMB Flush operation
259 Allow override of global cifs security flags on mount via "sec=" option(s).
282 Fix NTLMv2 security (can be enabled in /proc/fs/cifs) so customers can
298 directio. Recognize share mode security and send NTLM encrypted password
755 NTLM security case. This should help Windows 2003
/linux-4.4.14/Documentation/virtual/kvm/devices/
Darm-vgic.txt79 implementation without the security extensions" which we present to the
/linux-4.4.14/crypto/
DKconfig582 longer hash-results, without needing a larger security level
594 longer hash-results, without needing a larger security level
695 security against collision attacks.
698 of security against collision attacks.
734 security against collision attacks.
737 of security against collision attacks.
1382 many rounds for security. It is very fast and uses
/linux-4.4.14/net/mac80211/
Dmesh.c736 sdata->u.mesh.security ? WLAN_CAPABILITY_PRIVACY : 0); in ieee80211_mesh_build_beacon()
1101 (elems.rsn && sdata->u.mesh.security == IEEE80211_MESH_SEC_NONE) || in ieee80211_mesh_rx_bcn_presp()
1102 (!elems.rsn && sdata->u.mesh.security != IEEE80211_MESH_SEC_NONE)) in ieee80211_mesh_rx_bcn_presp()
Dmesh_plink.c498 sdata->u.mesh.security & IEEE80211_MESH_SEC_AUTHED) in mesh_sta_info_alloc()
1062 sdata->u.mesh.security == IEEE80211_MESH_SEC_NONE) { in mesh_process_plink_frame()
Dcfg.c230 if (sdata->u.mesh.security != IEEE80211_MESH_SEC_NONE) in ieee80211_add_key()
1651 ifmsh->security = IEEE80211_MESH_SEC_NONE; in copy_mesh_setup()
1653 ifmsh->security |= IEEE80211_MESH_SEC_AUTHED; in copy_mesh_setup()
1655 ifmsh->security |= IEEE80211_MESH_SEC_SECURED; in copy_mesh_setup()
/linux-4.4.14/drivers/staging/rtl8723au/include/
Drtl8723a_hal.h418 u32 security:3; member
/linux-4.4.14/arch/nios2/
DKconfig211 source "security/Kconfig"
/linux-4.4.14/Documentation/powerpc/
Dhvcs.txt268 As a security feature to prevent the delivery of stale data to an
414 Q: What are the security concerns involving hvcs?
416 A: There are three main security concerns:
423 2. To provide network security when grabbing the console it is
/linux-4.4.14/Documentation/devicetree/bindings/arm/hisilicon/
Dhisilicon.txt142 SRAM banks for power management, modem, security, etc. Further, use "syscon"
/linux-4.4.14/arch/avr32/
DKconfig282 source "security/Kconfig"
/linux-4.4.14/Documentation/development-process/
D3.Early-stage26 To the audio developers, this security module was sufficient to solve their
111 - The AppArmor security module made use of internal virtual filesystem
D7.AdvancedTopics168 security issues, duplication of code found elsewhere, adequate
/linux-4.4.14/net/ipv4/netfilter/
DKconfig375 # security table for MAC policy
381 This option adds a `security' table to iptables, for use
/linux-4.4.14/drivers/net/wireless/ipw2x00/
Dipw2100.c5181 struct security_info_params *security = in ipw2100_set_security_information() local
5184 memset(security, 0, sizeof(*security)); in ipw2100_set_security_information()
5190 security->auth_mode = auth_mode; in ipw2100_set_security_information()
5191 security->unicast_using_group = unicast_using_group; in ipw2100_set_security_information()
5196 security->allowed_ciphers = IPW_NONE_CIPHER; in ipw2100_set_security_information()
5199 security->allowed_ciphers = IPW_WEP40_CIPHER | in ipw2100_set_security_information()
5203 security->allowed_ciphers = IPW_WEP40_CIPHER | in ipw2100_set_security_information()
5207 security->allowed_ciphers = IPW_WEP40_CIPHER | in ipw2100_set_security_information()
5211 security->allowed_ciphers = IPW_WEP40_CIPHER | in ipw2100_set_security_information()
5218 security->auth_mode, security->allowed_ciphers, security_level); in ipw2100_set_security_information()
[all …]
/linux-4.4.14/net/
DKconfig92 This enables security marking of network packets, similar
93 to nfmark, but designated for security purposes.
/linux-4.4.14/arch/x86/
DKconfig.debug121 W+X mappings after applying NX, as such mappings are a security risk.
132 still fine, as W+X mappings are not a security hole in
DKconfig1651 Supervisor Mode Access Prevention (SMAP) is a security
1876 kernel image is decompressed, as a security feature that
2039 it can be used to assist security vulnerability exploitation.
2046 to improve security.
2056 security vulnerability exploitation (traditionally as
2065 which could be used in certain rare security vulnerability
2679 source "security/Kconfig"
/linux-4.4.14/Documentation/aoe/
Daoe.txt48 untrusted networks should be ignored as a matter of security. See
/linux-4.4.14/Documentation/devicetree/bindings/crypto/
Dfsl-sec4.txt307 monitors security state information & reports
308 security violations. This also included rtc,
/linux-4.4.14/drivers/input/
DKconfig170 a security threat - your keypresses include your passwords, of
/linux-4.4.14/net/netfilter/
DKconfig72 bool 'Connection tracking security mark support'
76 This option enables security markings to be applied to
675 The CONNSECMARK target copies security markings from packets
676 to connections, and restores security markings from connections
914 The SECMARK target allows security marking of network
915 packets, for use with security subsystems.
/linux-4.4.14/arch/microblaze/
DKconfig293 source "security/Kconfig"
/linux-4.4.14/arch/metag/
DKconfig282 source "security/Kconfig"
/linux-4.4.14/net/key/
Daf_key.c756 if ((xfrm_ctx = x->security)) { in __pfkey_xfrm_state2msg()
1959 struct xfrm_sec_ctx *xfrm_ctx = xp->security; in pfkey_xfrm_policy2sec_ctx_size()
2141 if ((xfrm_ctx = xp->security)) { in pfkey_xfrm_policy2msg()
2250 err = security_xfrm_policy_alloc(&xp->security, uctx, GFP_KERNEL); in pfkey_spdadd()
3105 if ((xfrm_ctx = x->security)) { in pfkey_send_acquire()
3260 *dir = security_xfrm_policy_alloc(&xp->security, uctx, GFP_ATOMIC); in pfkey_compile_policy()
/linux-4.4.14/arch/x86/entry/syscalls/
Dsyscall_64.tbl194 185 common security
/linux-4.4.14/Documentation/spi/
Dspidev55 security issues; udev/mdev should already be configured securely.
/linux-4.4.14/drivers/gpu/drm/
DKconfig19 These modules provide support for synchronization, security, and
/linux-4.4.14/arch/parisc/
DKconfig344 source "security/Kconfig"
/linux-4.4.14/drivers/acpi/
DKconfig412 NOTE: This option is security sensitive, because it allows arbitrary
414 to bypass certain security measures (e.g. if root is not allowed to
/linux-4.4.14/drivers/net/wireless/realtek/rtlwifi/rtl8723be/
Dtrx.h550 u32 security:3; member
/linux-4.4.14/arch/m32r/
DKconfig407 source "security/Kconfig"
/linux-4.4.14/arch/frv/
DKconfig376 source "security/Kconfig"
/linux-4.4.14/drivers/net/wireless/mwifiex/
DREADME56 bssid and the security related parameters can be specified while joining/creating
/linux-4.4.14/drivers/net/wireless/realtek/rtlwifi/rtl8821ae/
Dtrx.h545 u32 security:3; member
/linux-4.4.14/Documentation/scsi/
DFlashPoint.txt49 enhance CPU utilization, optimize I/O performance, and ensure data security
/linux-4.4.14/include/net/
Dxfrm.h228 struct xfrm_sec_ctx *security; member
549 struct xfrm_sec_ctx *security; member
/linux-4.4.14/drivers/net/wireless/realtek/rtlwifi/rtl8192de/
Dtrx.h677 u32 security:3; member
/linux-4.4.14/Documentation/prctl/
Dseccomp_filter.txt200 emulation security checks, making resuming the syscall mostly
/linux-4.4.14/drivers/net/wireless/realtek/rtlwifi/rtl8723ae/
Dtrx.h645 u32 security:3; member
/linux-4.4.14/drivers/net/wireless/realtek/rtlwifi/rtl8192ce/
Dtrx.h660 u32 security:3; member
/linux-4.4.14/arch/mn10300/
DKconfig489 source "security/Kconfig"
/linux-4.4.14/drivers/net/wireless/realtek/rtlwifi/rtl8188ee/
Dtrx.h720 u32 security:3; member
/linux-4.4.14/arch/tile/
DKconfig490 source "security/Kconfig"
/linux-4.4.14/drivers/char/hw_random/
DKconfig277 found in the security function of some PowerPC 4xx SoCs.
/linux-4.4.14/drivers/net/wireless/realtek/rtlwifi/rtl8192ee/
Dtrx.h777 u32 security:3; member
/linux-4.4.14/Documentation/crypto/
Dasymmetric-keys.txt268 Documentation/security/keys.txt].
/linux-4.4.14/Documentation/ia64/
Dfsys.txt38 security-sensitive kernel-level state is leaked back to

12