ns_capable 3582 drivers/net/bonding/bond_main.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 427 drivers/net/ipvlan/ipvlan_main.c if (!ns_capable(dev_net(ipvlan->phy_dev)->user_ns, CAP_NET_ADMIN)) ns_capable 531 drivers/net/ipvlan/ipvlan_main.c if (!ns_capable(dev_net(phy_dev)->user_ns, CAP_NET_ADMIN)) ns_capable 389 drivers/net/ppp/ppp_generic.c if (!ns_capable(file->f_cred->user_ns, CAP_NET_ADMIN)) ns_capable 626 drivers/net/tun.c !ns_capable(net->user_ns, CAP_NET_ADMIN); ns_capable 2771 drivers/net/tun.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 3072 drivers/net/tun.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 3345 drivers/net/tun.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 1177 drivers/staging/gasket/gasket_core.c bool is_root = ns_capable(pid_ns->user_ns, CAP_SYS_ADMIN); ns_capable 1256 drivers/staging/gasket/gasket_core.c bool is_root = ns_capable(pid_ns->user_ns, CAP_SYS_ADMIN); ns_capable 29 fs/attr.c ns_capable(inode->i_sb->s_user_ns, CAP_CHOWN)) ns_capable 42 fs/attr.c ns_capable(inode->i_sb->s_user_ns, CAP_CHOWN)) ns_capable 122 fs/fsopen.c if (!ns_capable(current->nsproxy->mnt_ns->user_ns, CAP_SYS_ADMIN)) ns_capable 165 fs/fsopen.c if (!ns_capable(current->nsproxy->mnt_ns->user_ns, CAP_SYS_ADMIN)) ns_capable 249 fs/fsopen.c if (!ns_capable(sb->s_user_ns, CAP_SYS_ADMIN)) { ns_capable 2087 fs/inode.c if (kuid_has_mapping(ns, inode->i_uid) && ns_capable(ns, CAP_FOWNER)) ns_capable 562 fs/ioctl.c if (!ns_capable(sb->s_user_ns, CAP_SYS_ADMIN)) ns_capable 579 fs/ioctl.c if (!ns_capable(sb->s_user_ns, CAP_SYS_ADMIN)) ns_capable 1569 fs/namespace.c if (!ns_capable(sb->s_user_ns, CAP_SYS_ADMIN)) ns_capable 1643 fs/namespace.c return ns_capable(current->nsproxy->mnt_ns->user_ns, CAP_SYS_ADMIN); ns_capable 2552 fs/namespace.c if (ns_capable(sb->s_user_ns, CAP_SYS_ADMIN)) { ns_capable 3971 fs/namespace.c if (!ns_capable(mnt_ns->user_ns, CAP_SYS_ADMIN) || ns_capable 3972 fs/namespace.c !ns_capable(current_user_ns(), CAP_SYS_CHROOT) || ns_capable 3973 fs/namespace.c !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) ns_capable 521 fs/open.c if (!ns_capable(current_user_ns(), CAP_SYS_CHROOT)) ns_capable 2378 fs/proc/base.c if (!ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE)) { ns_capable 2417 fs/proc/base.c if (!ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE)) { ns_capable 2925 fs/proc/base.c if (!ns_capable(ns, CAP_SYS_ADMIN)) ns_capable 490 fs/super.c return ns_capable(fc->user_ns, CAP_SYS_ADMIN); ns_capable 211 include/linux/capability.h extern bool ns_capable(struct user_namespace *ns, int cap); ns_capable 183 ipc/namespace.c if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) || ns_capable 184 ipc/namespace.c !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) ns_capable 1090 ipc/shm.c if (!ns_capable(ns->user_ns, CAP_IPC_LOCK)) { ns_capable 534 ipc/util.c !ns_capable(ns->user_ns, CAP_IPC_OWNER)) ns_capable 709 ipc/util.c ns_capable(ns->user_ns, CAP_SYS_ADMIN)) ns_capable 398 kernel/capability.c EXPORT_SYMBOL(ns_capable); ns_capable 449 kernel/capability.c return ns_capable(&init_user_ns, cap); ns_capable 506 kernel/capability.c return ns_capable(ns, cap) && privileged_wrt_inode_uidgid(ns, inode); ns_capable 1208 kernel/cgroup/cgroup-v1.c if (!ns_capable(ctx->ns->user_ns, CAP_SYS_ADMIN)) ns_capable 66 kernel/cgroup/namespace.c if (!ns_capable(user_ns, CAP_SYS_ADMIN)) ns_capable 102 kernel/cgroup/namespace.c if (!ns_capable(current_user_ns(), CAP_SYS_ADMIN) || ns_capable 103 kernel/cgroup/namespace.c !ns_capable(cgroup_ns->user_ns, CAP_SYS_ADMIN)) ns_capable 181 kernel/groups.c return ns_capable(user_ns, CAP_SETGID) && ns_capable 147 kernel/nsproxy.c if (!ns_capable(user_ns, CAP_SYS_ADMIN)) ns_capable 199 kernel/nsproxy.c if (!ns_capable(user_ns, CAP_SYS_ADMIN)) ns_capable 274 kernel/pid_namespace.c if (write && !ns_capable(pid_ns->user_ns, CAP_SYS_ADMIN)) ns_capable 388 kernel/pid_namespace.c if (!ns_capable(new->user_ns, CAP_SYS_ADMIN) || ns_capable 389 kernel/pid_namespace.c !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) ns_capable 318 kernel/reboot.c if (!ns_capable(pid_ns->user_ns, CAP_SYS_BOOT)) ns_capable 5417 kernel/sched/core.c if (!ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE)) { ns_capable 820 kernel/signal.c ns_capable(tcred->user_ns, CAP_KILL); ns_capable 163 kernel/sys.c if (ns_capable(pcred->user_ns, CAP_SYS_NICE)) ns_capable 375 kernel/sys.c ns_capable(old->user_ns, CAP_SETGID)) ns_capable 384 kernel/sys.c ns_capable(old->user_ns, CAP_SETGID)) ns_capable 430 kernel/sys.c if (ns_capable(old->user_ns, CAP_SETGID)) ns_capable 738 kernel/sys.c if (!ns_capable(old->user_ns, CAP_SETGID)) { ns_capable 861 kernel/sys.c ns_capable(old->user_ns, CAP_SETGID)) { ns_capable 1310 kernel/sys.c if (!ns_capable(current->nsproxy->uts_ns->user_ns, CAP_SYS_ADMIN)) ns_capable 1363 kernel/sys.c if (!ns_capable(current->nsproxy->uts_ns->user_ns, CAP_SYS_ADMIN)) ns_capable 1600 kernel/sys.c if (!id_match && !ns_capable(tcred->user_ns, CAP_SYS_RESOURCE)) ns_capable 1998 kernel/sys.c if (!ns_capable(current_user_ns(), CAP_SYS_ADMIN)) ns_capable 42 kernel/ucount.c if (ns_capable(user_ns, CAP_SYS_RESOURCE)) ns_capable 1115 kernel/user_namespace.c if (ns_capable(ns->parent, cap_setid) && ns_capable 1274 kernel/user_namespace.c if (!ns_capable(user_ns, CAP_SYS_ADMIN)) ns_capable 147 kernel/utsname.c if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) || ns_capable 148 kernel/utsname.c !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) ns_capable 577 net/8021q/vlan.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 587 net/8021q/vlan.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 596 net/8021q/vlan.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 605 net/8021q/vlan.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 620 net/8021q/vlan.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 627 net/8021q/vlan.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 89 net/bridge/br_ioctl.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 181 net/bridge/br_ioctl.c if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) ns_capable 188 net/bridge/br_ioctl.c if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) ns_capable 195 net/bridge/br_ioctl.c if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) ns_capable 202 net/bridge/br_ioctl.c if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) ns_capable 242 net/bridge/br_ioctl.c if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) ns_capable 250 net/bridge/br_ioctl.c if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) ns_capable 259 net/bridge/br_ioctl.c if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) ns_capable 273 net/bridge/br_ioctl.c if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) ns_capable 336 net/bridge/br_ioctl.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 366 net/bridge/br_ioctl.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 36 net/bridge/br_sysfs_br.c if (!ns_capable(dev_net(br->dev)->user_ns, CAP_NET_ADMIN)) ns_capable 281 net/bridge/br_sysfs_br.c if (!ns_capable(dev_net(br->dev)->user_ns, CAP_NET_ADMIN)) ns_capable 313 net/bridge/br_sysfs_if.c if (!ns_capable(dev_net(p->dev)->user_ns, CAP_NET_ADMIN)) ns_capable 1464 net/bridge/netfilter/ebtables.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 1487 net/bridge/netfilter/ebtables.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 2327 net/bridge/netfilter/ebtables.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 2351 net/bridge/netfilter/ebtables.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 440 net/core/dev_ioctl.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 482 net/core/dev_ioctl.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 2621 net/core/ethtool.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 85 net/core/net-sysfs.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 381 net/core/net-sysfs.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 1384 net/core/net-sysfs.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 1577 net/core/net-sysfs.c return ns_capable(net->user_ns, CAP_SYS_ADMIN); ns_capable 1362 net/core/net_namespace.c if (!ns_capable(net->user_ns, CAP_SYS_ADMIN) || ns_capable 1363 net/core/net_namespace.c !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) ns_capable 5280 net/core/rtnetlink.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 55 net/core/scm.c ns_capable(task_active_pid_ns(current)->user_ns, CAP_SYS_ADMIN)) && ns_capable 57 net/core/scm.c uid_eq(uid, cred->suid)) || ns_capable(cred->user_ns, CAP_SETUID)) && ns_capable 59 net/core/scm.c gid_eq(gid, cred->sgid)) || ns_capable(cred->user_ns, CAP_SETGID))) { ns_capable 160 net/core/sock.c ns_capable(user_ns, cap); ns_capable 580 net/core/sock.c if (!ns_capable(net->user_ns, CAP_NET_RAW)) ns_capable 868 net/core/sock.c ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) ns_capable 1066 net/core/sock.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) { ns_capable 1157 net/core/sock.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) { ns_capable 2275 net/core/sock.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) ns_capable 298 net/core/sock_diag.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) ns_capable 902 net/ieee802154/socket.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN) && ns_capable 903 net/ieee802154/socket.c !ns_capable(net->user_ns, CAP_NET_RAW)) { ns_capable 926 net/ieee802154/socket.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN) && ns_capable 927 net/ieee802154/socket.c !ns_capable(net->user_ns, CAP_NET_RAW)) { ns_capable 310 net/ipv4/af_inet.c !ns_capable(net->user_ns, CAP_NET_RAW)) ns_capable 499 net/ipv4/af_inet.c !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE)) ns_capable 1182 net/ipv4/arp.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 1048 net/ipv4/devinet.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 1056 net/ipv4/devinet.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 628 net/ipv4/fib_frontend.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 409 net/ipv4/ip_options.c if (!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) { ns_capable 444 net/ipv4/ip_options.c if ((!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) || opt->cipso) { ns_capable 457 net/ipv4/ip_options.c if (!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) { ns_capable 1159 net/ipv4/ip_sockglue.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) ns_capable 1165 net/ipv4/ip_sockglue.c if (!!val && !ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW) && ns_capable 1166 net/ipv4/ip_sockglue.c !ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) { ns_capable 883 net/ipv4/ip_tunnel.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 939 net/ipv4/ip_tunnel.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 1399 net/ipv4/ipmr.c !ns_capable(net->user_ns, CAP_NET_ADMIN)) { ns_capable 1302 net/ipv4/netfilter/arp_tables.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) ns_capable 1436 net/ipv4/netfilter/arp_tables.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) ns_capable 1457 net/ipv4/netfilter/arp_tables.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) ns_capable 1480 net/ipv4/netfilter/arp_tables.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) ns_capable 1543 net/ipv4/netfilter/ip_tables.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) ns_capable 1645 net/ipv4/netfilter/ip_tables.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) ns_capable 1667 net/ipv4/netfilter/ip_tables.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) ns_capable 1691 net/ipv4/netfilter/ip_tables.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) ns_capable 2699 net/ipv4/tcp.c return ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN) && ns_capable 2827 net/ipv4/tcp.c ns_capable(sock_net(sk)->user_ns, ns_capable 3041 net/ipv6/addrconf.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 3061 net/ipv6/addrconf.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 169 net/ipv6/af_inet6.c !ns_capable(net->user_ns, CAP_NET_RAW)) ns_capable 296 net/ipv6/af_inet6.c !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE)) ns_capable 75 net/ipv6/anycast.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 854 net/ipv6/datagram.c if (!ns_capable(net->user_ns, CAP_NET_RAW)) { ns_capable 874 net/ipv6/datagram.c if (!ns_capable(net->user_ns, CAP_NET_RAW)) { ns_capable 899 net/ipv6/datagram.c if (!ns_capable(net->user_ns, CAP_NET_RAW)) { ns_capable 595 net/ipv6/ip6_flowlabel.c ns_capable(net->user_ns, CAP_NET_ADMIN)) { ns_capable 1255 net/ipv6/ip6_gre.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 1304 net/ipv6/ip6_gre.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 1617 net/ipv6/ip6_tunnel.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 1653 net/ipv6/ip6_tunnel.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 820 net/ipv6/ip6_vti.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 852 net/ipv6/ip6_vti.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 1646 net/ipv6/ip6mr.c !ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 372 net/ipv6/ipv6_sockglue.c if (valbool && !ns_capable(net->user_ns, CAP_NET_RAW) && ns_capable 373 net/ipv6/ipv6_sockglue.c !ns_capable(net->user_ns, CAP_NET_ADMIN)) { ns_capable 409 net/ipv6/ipv6_sockglue.c if (optname != IPV6_RTHDR && !ns_capable(net->user_ns, CAP_NET_RAW)) ns_capable 836 net/ipv6/ipv6_sockglue.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 1552 net/ipv6/netfilter/ip6_tables.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) ns_capable 1654 net/ipv6/netfilter/ip6_tables.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) ns_capable 1676 net/ipv6/netfilter/ip6_tables.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) ns_capable 1700 net/ipv6/netfilter/ip6_tables.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) ns_capable 4330 net/ipv6/route.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 1217 net/ipv6/sit.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 1263 net/ipv6/sit.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 1294 net/ipv6/sit.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 1321 net/ipv6/sit.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 146 net/key/af_key.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 169 net/llc/af_llc.c if (!ns_capable(net->user_ns, CAP_NET_RAW)) ns_capable 2062 net/netfilter/ipset/ip_set_core.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 2424 net/netfilter/ipvs/ip_vs_ctl.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) ns_capable 2738 net/netfilter/ipvs/ip_vs_ctl.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) ns_capable 857 net/netlink/af_netlink.c ns_capable(user_ns, cap); ns_capable 912 net/netlink/af_netlink.c ns_capable(sock_net(sock->sk)->user_ns, CAP_NET_ADMIN); ns_capable 1687 net/netlink/af_netlink.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_BROADCAST)) ns_capable 3240 net/packet/af_packet.c if (!ns_capable(net->user_ns, CAP_NET_RAW)) ns_capable 403 net/sctp/socket.c !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE)) ns_capable 1080 net/sctp/socket.c !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE)) ns_capable 1163 net/socket.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) ns_capable 2539 net/unix/af_unix.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) ns_capable 1084 net/xdp/xsk.c if (!ns_capable(net->user_ns, CAP_NET_RAW)) ns_capable 665 security/apparmor/policy.c bool capable = ns_capable(user_ns, CAP_MAC_ADMIN); ns_capable 149 security/commoncap.c if (ns_capable(child_cred->user_ns, CAP_SYS_PTRACE)) ns_capable 495 security/commoncap.c if (ns_capable(inode->i_sb->s_user_ns, CAP_SETFCAP)) ns_capable 842 security/commoncap.c if (!ns_capable(new->user_ns, CAP_SETUID) || ns_capable 929 security/commoncap.c if (!ns_capable(user_ns, CAP_SYS_ADMIN)) ns_capable 964 security/commoncap.c if (!ns_capable(user_ns, CAP_SYS_ADMIN)) ns_capable 1091 security/commoncap.c if (!is_subset && !ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE)) ns_capable 1144 security/commoncap.c if (!ns_capable(current_user_ns(), CAP_SETPCAP)) ns_capable 149 security/keys/persistent.c !ns_capable(ns, CAP_SETUID)) ns_capable 371 security/yama/yama_lsm.c !ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE)) ns_capable 377 security/yama/yama_lsm.c if (!ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE))