user_ns 2118 arch/x86/kernel/cpu/resctrl/rdtgroup.c put_user_ns(fc->user_ns); user_ns 2119 arch/x86/kernel/cpu/resctrl/rdtgroup.c fc->user_ns = get_user_ns(&init_user_ns); user_ns 5110 arch/x86/kvm/x86.c struct kvm_clock_data user_ns; user_ns 5114 arch/x86/kvm/x86.c if (copy_from_user(&user_ns, argp, sizeof(user_ns))) user_ns 5118 arch/x86/kvm/x86.c if (user_ns.flags) user_ns 5129 arch/x86/kvm/x86.c kvm->arch.kvmclock_offset += user_ns.clock - now_ns; user_ns 5134 arch/x86/kvm/x86.c struct kvm_clock_data user_ns; user_ns 5138 arch/x86/kvm/x86.c user_ns.clock = now_ns; user_ns 5139 arch/x86/kvm/x86.c user_ns.flags = kvm->arch.use_master_clock ? KVM_CLOCK_TSC_STABLE : 0; user_ns 5140 arch/x86/kvm/x86.c memset(&user_ns.pad, 0, sizeof(user_ns.pad)); user_ns 5143 arch/x86/kvm/x86.c if (copy_to_user(argp, &user_ns, sizeof(user_ns))) user_ns 1654 drivers/infiniband/core/device.c if (!netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN)) { user_ns 3582 drivers/net/bonding/bond_main.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 427 drivers/net/ipvlan/ipvlan_main.c if (!ns_capable(dev_net(ipvlan->phy_dev)->user_ns, CAP_NET_ADMIN)) user_ns 531 drivers/net/ipvlan/ipvlan_main.c if (!ns_capable(dev_net(phy_dev)->user_ns, CAP_NET_ADMIN)) user_ns 389 drivers/net/ppp/ppp_generic.c if (!ns_capable(file->f_cred->user_ns, CAP_NET_ADMIN)) user_ns 626 drivers/net/tun.c !ns_capable(net->user_ns, CAP_NET_ADMIN); user_ns 2771 drivers/net/tun.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 3072 drivers/net/tun.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 3345 drivers/net/tun.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 1177 drivers/staging/gasket/gasket_core.c bool is_root = ns_capable(pid_ns->user_ns, CAP_SYS_ADMIN); user_ns 1256 drivers/staging/gasket/gasket_core.c bool is_root = ns_capable(pid_ns->user_ns, CAP_SYS_ADMIN); user_ns 137 fs/autofs/waitq.c struct user_namespace *user_ns = sbi->pipe->f_cred->user_ns; user_ns 147 fs/autofs/waitq.c packet->uid = from_kuid_munged(user_ns, wq->uid); user_ns 148 fs/autofs/waitq.c packet->gid = from_kgid_munged(user_ns, wq->gid); user_ns 255 fs/binfmt_elf.c NEW_AUX_ENT(AT_UID, from_kuid_munged(cred->user_ns, cred->uid)); user_ns 256 fs/binfmt_elf.c NEW_AUX_ENT(AT_EUID, from_kuid_munged(cred->user_ns, cred->euid)); user_ns 257 fs/binfmt_elf.c NEW_AUX_ENT(AT_GID, from_kgid_munged(cred->user_ns, cred->gid)); user_ns 258 fs/binfmt_elf.c NEW_AUX_ENT(AT_EGID, from_kgid_munged(cred->user_ns, cred->egid)); user_ns 1541 fs/binfmt_elf.c SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid)); user_ns 1542 fs/binfmt_elf.c SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid)); user_ns 652 fs/binfmt_elf_fdpic.c NEW_AUX_ENT(AT_UID, (elf_addr_t) from_kuid_munged(cred->user_ns, cred->uid)); user_ns 653 fs/binfmt_elf_fdpic.c NEW_AUX_ENT(AT_EUID, (elf_addr_t) from_kuid_munged(cred->user_ns, cred->euid)); user_ns 654 fs/binfmt_elf_fdpic.c NEW_AUX_ENT(AT_GID, (elf_addr_t) from_kgid_munged(cred->user_ns, cred->gid)); user_ns 655 fs/binfmt_elf_fdpic.c NEW_AUX_ENT(AT_EGID, (elf_addr_t) from_kgid_munged(cred->user_ns, cred->egid)); user_ns 1413 fs/binfmt_elf_fdpic.c SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid)); user_ns 1414 fs/binfmt_elf_fdpic.c SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid)); user_ns 1319 fs/exec.c struct user_namespace *old, *user_ns; user_ns 1323 fs/exec.c user_ns = old = bprm->mm->user_ns; user_ns 1324 fs/exec.c while ((user_ns != &init_user_ns) && user_ns 1325 fs/exec.c !privileged_wrt_inode_uidgid(user_ns, inode)) user_ns 1326 fs/exec.c user_ns = user_ns->parent; user_ns 1328 fs/exec.c if (old != user_ns) { user_ns 1329 fs/exec.c bprm->mm->user_ns = get_user_ns(user_ns); user_ns 1553 fs/exec.c if (!kuid_has_mapping(bprm->cred->user_ns, uid) || user_ns 1554 fs/exec.c !kgid_has_mapping(bprm->cred->user_ns, gid)) user_ns 239 fs/fcntl.c struct user_namespace *user_ns = current_user_ns(); user_ns 245 fs/fcntl.c src[0] = from_kuid(user_ns, filp->f_owner.uid); user_ns 246 fs/fcntl.c src[1] = from_kuid(user_ns, filp->f_owner.euid); user_ns 276 fs/fs_context.c fc->user_ns = get_user_ns(fc->cred->user_ns); user_ns 279 fs/fs_context.c fc->user_ns = get_user_ns(reference->d_sb->s_user_ns); user_ns 283 fs/fs_context.c fc->user_ns = get_user_ns(reference->d_sb->s_user_ns); user_ns 362 fs/fs_context.c get_user_ns(fc->user_ns); user_ns 505 fs/fs_context.c put_user_ns(fc->user_ns); user_ns 122 fs/fsopen.c if (!ns_capable(current->nsproxy->mnt_ns->user_ns, CAP_SYS_ADMIN)) user_ns 165 fs/fsopen.c if (!ns_capable(current->nsproxy->mnt_ns->user_ns, CAP_SYS_ADMIN)) user_ns 37 fs/fuse/acl.c acl = posix_acl_from_xattr(fc->user_ns, value, size); user_ns 84 fs/fuse/acl.c ret = posix_acl_to_xattr(fc->user_ns, acl, value, size); user_ns 509 fs/fuse/cuse.c fuse_conn_init(&cc->fc, file->f_cred->user_ns, &fuse_dev_fiq_ops, NULL); user_ns 136 fs/fuse/dev.c req->in.h.uid = from_kuid(fc->user_ns, current_fsuid()); user_ns 137 fs/fuse/dev.c req->in.h.gid = from_kgid(fc->user_ns, current_fsgid()); user_ns 462 fs/fuse/dev.c req->in.h.uid = from_kuid_munged(fc->user_ns, current_fsuid()); user_ns 463 fs/fuse/dev.c req->in.h.gid = from_kgid_munged(fc->user_ns, current_fsgid()); user_ns 2238 fs/fuse/dev.c old->f_cred->user_ns == file->f_cred->user_ns) user_ns 903 fs/fuse/dir.c stat->uid = make_kuid(fc->user_ns, attr->uid); user_ns 904 fs/fuse/dir.c stat->gid = make_kgid(fc->user_ns, attr->gid); user_ns 1089 fs/fuse/dir.c return current_in_userns(fc->user_ns); user_ns 1368 fs/fuse/dir.c arg->valid |= FATTR_UID, arg->uid = from_kuid(fc->user_ns, iattr->ia_uid); user_ns 1370 fs/fuse/dir.c arg->valid |= FATTR_GID, arg->gid = from_kgid(fc->user_ns, iattr->ia_gid); user_ns 522 fs/fuse/fuse_i.h struct user_namespace *user_ns; user_ns 951 fs/fuse/fuse_i.h void fuse_conn_init(struct fuse_conn *fc, struct user_namespace *user_ns, user_ns 160 fs/fuse/inode.c inode->i_uid = make_kuid(fc->user_ns, attr->uid); user_ns 161 fs/fuse/inode.c inode->i_gid = make_kgid(fc->user_ns, attr->gid); user_ns 508 fs/fuse/inode.c ctx->user_id = make_kuid(fc->user_ns, result.uint_32); user_ns 515 fs/fuse/inode.c ctx->group_id = make_kgid(fc->user_ns, result.uint_32); user_ns 564 fs/fuse/inode.c seq_printf(m, ",user_id=%u", from_kuid_munged(fc->user_ns, fc->user_id)); user_ns 565 fs/fuse/inode.c seq_printf(m, ",group_id=%u", from_kgid_munged(fc->user_ns, fc->group_id)); user_ns 603 fs/fuse/inode.c void fuse_conn_init(struct fuse_conn *fc, struct user_namespace *user_ns, user_ns 628 fs/fuse/inode.c fc->user_ns = get_user_ns(user_ns); user_ns 641 fs/fuse/inode.c put_user_ns(fc->user_ns); user_ns 1239 fs/fuse/inode.c (file->f_cred->user_ns != sb->s_user_ns)) user_ns 13 fs/mount.h struct user_namespace *user_ns; user_ns 1643 fs/namespace.c return ns_capable(current->nsproxy->mnt_ns->user_ns, CAP_SYS_ADMIN); user_ns 2045 fs/namespace.c struct user_namespace *user_ns = current->nsproxy->mnt_ns->user_ns; user_ns 2101 fs/namespace.c if (child->mnt_parent->mnt_ns->user_ns != user_ns) user_ns 2322 fs/namespace.c struct user_namespace *user_ns = current->nsproxy->mnt_ns->user_ns; user_ns 2323 fs/namespace.c struct mnt_namespace *ns = alloc_mnt_ns(user_ns, true); user_ns 3164 fs/namespace.c put_user_ns(ns->user_ns); user_ns 3177 fs/namespace.c static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns, bool anon) user_ns 3183 fs/namespace.c ucounts = inc_mnt_namespaces(user_ns); user_ns 3206 fs/namespace.c new_ns->user_ns = get_user_ns(user_ns); user_ns 3213 fs/namespace.c struct user_namespace *user_ns, struct fs_struct *new_fs) user_ns 3231 fs/namespace.c new_ns = alloc_mnt_ns(user_ns, false); user_ns 3238 fs/namespace.c if (user_ns != ns->user_ns) user_ns 3246 fs/namespace.c if (user_ns != ns->user_ns) { user_ns 3470 fs/namespace.c ns = alloc_mnt_ns(current->nsproxy->mnt_ns->user_ns, true); user_ns 3913 fs/namespace.c if (ns->user_ns == &init_user_ns) user_ns 3971 fs/namespace.c if (!ns_capable(mnt_ns->user_ns, CAP_SYS_ADMIN) || user_ns 4008 fs/namespace.c return to_mnt_ns(ns)->user_ns; user_ns 82 fs/nfs/nfs2xdr.c return clnt->cl_cred->user_ns; user_ns 110 fs/nfs/nfs3xdr.c return clnt->cl_cred->user_ns; user_ns 78 fs/nfs/nfs4idmap.c return idmap->cred->user_ns; user_ns 289 fs/nfs/nfs4idmap.c if (!idmap->cred || idmap->cred->user_ns == &init_user_ns) user_ns 2536 fs/nfs/super.c oldns = old->client->cl_cred->user_ns; user_ns 2538 fs/nfs/super.c newns = new->client->cl_cred->user_ns; user_ns 1186 fs/nfsd/export.c struct user_namespace *userns = m->file->f_cred->user_ns; user_ns 1405 fs/nfsd/nfsctl.c put_user_ns(fc->user_ns); user_ns 1406 fs/nfsd/nfsctl.c fc->user_ns = get_user_ns(fc->net_ns->user_ns); user_ns 131 fs/nfsd/nfsd.h return cred ? cred->user_ns : &init_user_ns; user_ns 189 fs/nsfs.c struct user_namespace *user_ns; user_ns 206 fs/nsfs.c user_ns = container_of(ns, struct user_namespace, ns); user_ns 208 fs/nsfs.c uid = from_kuid_munged(current_user_ns(), user_ns->owner); user_ns 369 fs/open.c kuid_t root_uid = make_kuid(override_cred->user_ns, 0); user_ns 126 fs/orangefs/devorangefs-req.c if (file->f_cred->user_ns != &init_user_ns) { user_ns 210 fs/posix_acl.c posix_acl_valid(struct user_namespace *user_ns, const struct posix_acl *acl) user_ns 230 fs/posix_acl.c if (!kuid_has_mapping(user_ns, pa->e_uid)) user_ns 245 fs/posix_acl.c if (!kgid_has_mapping(user_ns, pa->e_gid)) user_ns 707 fs/posix_acl.c struct user_namespace *user_ns = current_user_ns(); user_ns 708 fs/posix_acl.c if (user_ns == &init_user_ns) user_ns 710 fs/posix_acl.c posix_acl_fix_xattr_userns(&init_user_ns, user_ns, value, size); user_ns 715 fs/posix_acl.c struct user_namespace *user_ns = current_user_ns(); user_ns 716 fs/posix_acl.c if (user_ns == &init_user_ns) user_ns 718 fs/posix_acl.c posix_acl_fix_xattr_userns(user_ns, &init_user_ns, value, size); user_ns 725 fs/posix_acl.c posix_acl_from_xattr(struct user_namespace *user_ns, user_ns 765 fs/posix_acl.c make_kuid(user_ns, user_ns 772 fs/posix_acl.c make_kgid(user_ns, user_ns 794 fs/posix_acl.c posix_acl_to_xattr(struct user_namespace *user_ns, const struct posix_acl *acl, user_ns 817 fs/posix_acl.c cpu_to_le32(from_kuid(user_ns, acl_e->e_uid)); user_ns 821 fs/posix_acl.c cpu_to_le32(from_kgid(user_ns, acl_e->e_gid)); user_ns 155 fs/proc/array.c struct user_namespace *user_ns = seq_user_ns(m); user_ns 193 fs/proc/array.c seq_put_decimal_ull(m, "\nUid:\t", from_kuid_munged(user_ns, cred->uid)); user_ns 194 fs/proc/array.c seq_put_decimal_ull(m, "\t", from_kuid_munged(user_ns, cred->euid)); user_ns 195 fs/proc/array.c seq_put_decimal_ull(m, "\t", from_kuid_munged(user_ns, cred->suid)); user_ns 196 fs/proc/array.c seq_put_decimal_ull(m, "\t", from_kuid_munged(user_ns, cred->fsuid)); user_ns 197 fs/proc/array.c seq_put_decimal_ull(m, "\nGid:\t", from_kgid_munged(user_ns, cred->gid)); user_ns 198 fs/proc/array.c seq_put_decimal_ull(m, "\t", from_kgid_munged(user_ns, cred->egid)); user_ns 199 fs/proc/array.c seq_put_decimal_ull(m, "\t", from_kgid_munged(user_ns, cred->sgid)); user_ns 200 fs/proc/array.c seq_put_decimal_ull(m, "\t", from_kgid_munged(user_ns, cred->fsgid)); user_ns 207 fs/proc/array.c from_kgid_munged(user_ns, group_info->gid[g])); user_ns 1239 fs/proc/base.c from_kuid(file->f_cred->user_ns, user_ns 1273 fs/proc/base.c kloginuid = make_kuid(file->f_cred->user_ns, loginuid); user_ns 1726 fs/proc/base.c struct user_namespace *user_ns = mm->user_ns; user_ns 1728 fs/proc/base.c uid = make_kuid(user_ns, 0); user_ns 1732 fs/proc/base.c gid = make_kgid(user_ns, 0); user_ns 2378 fs/proc/base.c if (!ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE)) { user_ns 2417 fs/proc/base.c if (!ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE)) { user_ns 2838 fs/proc/base.c ns = get_user_ns(task_cred_xxx(task, user_ns)); user_ns 2916 fs/proc/base.c ns = get_user_ns(task_cred_xxx(task, user_ns)); user_ns 352 fs/proc/proc_net.c uid = make_kuid(net->user_ns, 0); user_ns 356 fs/proc/proc_net.c gid = make_kgid(net->user_ns, 0); user_ns 88 fs/proc/root.c struct user_namespace *user_ns) user_ns 93 fs/proc/root.c pid_ns->pid_gid = make_kgid(user_ns, ctx->gid); user_ns 187 fs/proc/root.c put_user_ns(fc->user_ns); user_ns 188 fs/proc/root.c fc->user_ns = get_user_ns(ctx->pid_ns->user_ns); user_ns 311 fs/proc/root.c if (fc->user_ns != ns->user_ns) { user_ns 312 fs/proc/root.c put_user_ns(fc->user_ns); user_ns 313 fs/proc/root.c fc->user_ns = get_user_ns(ns->user_ns); user_ns 201 fs/super.c struct user_namespace *user_ns) user_ns 211 fs/super.c s->s_user_ns = get_user_ns(user_ns); user_ns 490 fs/super.c return ns_capable(fc->user_ns, CAP_SYS_ADMIN); user_ns 517 fs/super.c struct user_namespace *user_ns = fc->global ? &init_user_ns : fc->user_ns; user_ns 530 fs/super.c s = alloc_super(fc->fs_type, fc->sb_flags, user_ns); user_ns 556 fs/super.c if (user_ns != old->s_user_ns) { user_ns 582 fs/super.c struct user_namespace *user_ns = current_user_ns(); user_ns 592 fs/super.c user_ns = &init_user_ns; user_ns 600 fs/super.c if (user_ns != old->s_user_ns) { user_ns 613 fs/super.c s = alloc_super(type, (flags & ~SB_SUBMOUNT), user_ns); user_ns 75 fs/sysfs/mount.c put_user_ns(fc->user_ns); user_ns 76 fs/sysfs/mount.c fc->user_ns = get_user_ns(netns->user_ns); user_ns 857 include/linux/cgroup.h struct user_namespace *user_ns; user_ns 869 include/linux/cgroup.h struct user_namespace *user_ns, user_ns 879 include/linux/cgroup.h copy_cgroup_ns(unsigned long flags, struct user_namespace *user_ns, user_ns 146 include/linux/cred.h struct user_namespace *user_ns; /* user_ns the caps and keyrings are relative to. */ user_ns 392 include/linux/cred.h #define current_user_ns() (current_cred_xxx(user_ns)) user_ns 93 include/linux/fs_context.h struct user_namespace *user_ns; /* The user namespace for this mount */ user_ns 41 include/linux/inet_diag.h struct user_namespace *user_ns, user_ns 73 include/linux/inet_diag.h struct user_namespace *user_ns, bool net_admin); user_ns 68 include/linux/ipc_namespace.h struct user_namespace *user_ns; user_ns 124 include/linux/ipc_namespace.h struct user_namespace *user_ns, struct ipc_namespace *ns); user_ns 136 include/linux/ipc_namespace.h struct user_namespace *user_ns, struct ipc_namespace *ns) user_ns 488 include/linux/mm_types.h struct user_namespace *user_ns; user_ns 41 include/linux/pid_namespace.h struct user_namespace *user_ns; user_ns 63 include/linux/pid_namespace.h struct user_namespace *user_ns, struct pid_namespace *ns); user_ns 77 include/linux/pid_namespace.h struct user_namespace *user_ns, struct pid_namespace *ns) user_ns 47 include/linux/posix_acl_xattr.h struct posix_acl *posix_acl_from_xattr(struct user_namespace *user_ns, user_ns 49 include/linux/posix_acl_xattr.h int posix_acl_to_xattr(struct user_namespace *user_ns, user_ns 166 include/linux/seq_file.h return seq->file->f_cred->user_ns; user_ns 14 include/linux/tsacct_kern.h extern void bacct_add_tsk(struct user_namespace *user_ns, user_ns 18 include/linux/tsacct_kern.h static inline void bacct_add_tsk(struct user_namespace *user_ns, user_ns 27 include/linux/utsname.h struct user_namespace *user_ns; user_ns 40 include/linux/utsname.h struct user_namespace *user_ns, struct uts_namespace *old_ns); user_ns 59 include/linux/utsname.h struct user_namespace *user_ns, struct uts_namespace *old_ns) user_ns 86 include/net/net_namespace.h struct user_namespace *user_ns; /* Owning user namespace */ user_ns 192 include/net/net_namespace.h struct net *copy_net_ns(unsigned long flags, struct user_namespace *user_ns, user_ns 202 include/net/net_namespace.h struct user_namespace *user_ns, struct net *old_net) user_ns 786 include/net/sock.h return sk->sk_socket->file->f_cred->user_ns; user_ns 1848 include/net/sock.h return sk ? sk->sk_uid : make_kuid(net->user_ns, 0); user_ns 2541 include/net/sock.h struct user_namespace *user_ns, int cap); user_ns 37 init/version.c .user_ns = &init_user_ns, user_ns 388 ipc/mqueue.c put_user_ns(fc->user_ns); user_ns 389 ipc/mqueue.c fc->user_ns = get_user_ns(ctx->ipc_ns->user_ns); user_ns 408 ipc/mqueue.c put_user_ns(fc->user_ns); user_ns 409 ipc/mqueue.c fc->user_ns = get_user_ns(ctx->ipc_ns->user_ns); user_ns 1291 ipc/msg.c struct user_namespace *user_ns = seq_user_ns(s); user_ns 1304 ipc/msg.c from_kuid_munged(user_ns, msq->q_perm.uid), user_ns 1305 ipc/msg.c from_kgid_munged(user_ns, msq->q_perm.gid), user_ns 1306 ipc/msg.c from_kuid_munged(user_ns, msq->q_perm.cuid), user_ns 1307 ipc/msg.c from_kgid_munged(user_ns, msq->q_perm.cgid), user_ns 30 ipc/msgutil.c .user_ns = &init_user_ns, user_ns 32 ipc/namespace.c static struct ipc_namespace *create_ipc_ns(struct user_namespace *user_ns, user_ns 40 ipc/namespace.c ucounts = inc_ipc_namespaces(user_ns); user_ns 55 ipc/namespace.c ns->user_ns = get_user_ns(user_ns); user_ns 69 ipc/namespace.c put_user_ns(ns->user_ns); user_ns 80 ipc/namespace.c struct user_namespace *user_ns, struct ipc_namespace *ns) user_ns 84 ipc/namespace.c return create_ipc_ns(user_ns, ns); user_ns 125 ipc/namespace.c put_user_ns(ns->user_ns); user_ns 183 ipc/namespace.c if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) || user_ns 196 ipc/namespace.c return to_ipc_ns(ns)->user_ns; user_ns 2414 ipc/sem.c struct user_namespace *user_ns = seq_user_ns(s); user_ns 2435 ipc/sem.c from_kuid_munged(user_ns, sma->sem_perm.uid), user_ns 2436 ipc/sem.c from_kgid_munged(user_ns, sma->sem_perm.gid), user_ns 2437 ipc/sem.c from_kuid_munged(user_ns, sma->sem_perm.cuid), user_ns 2438 ipc/sem.c from_kgid_munged(user_ns, sma->sem_perm.cgid), user_ns 1090 ipc/shm.c if (!ns_capable(ns->user_ns, CAP_IPC_LOCK)) { user_ns 1742 ipc/shm.c struct user_namespace *user_ns = seq_user_ns(s); user_ns 1767 ipc/shm.c from_kuid_munged(user_ns, shp->shm_perm.uid), user_ns 1768 ipc/shm.c from_kgid_munged(user_ns, shp->shm_perm.gid), user_ns 1769 ipc/shm.c from_kuid_munged(user_ns, shp->shm_perm.cuid), user_ns 1770 ipc/shm.c from_kgid_munged(user_ns, shp->shm_perm.cgid), user_ns 534 ipc/util.c !ns_capable(ns->user_ns, CAP_IPC_OWNER)) user_ns 709 ipc/util.c ns_capable(ns->user_ns, CAP_SYS_ADMIN)) user_ns 495 kernel/acct.c ac.ac_uid = from_kuid_munged(file->f_cred->user_ns, orig_cred->uid); user_ns 496 kernel/acct.c ac.ac_gid = from_kgid_munged(file->f_cred->user_ns, orig_cred->gid); user_ns 1208 kernel/cgroup/cgroup-v1.c if (!ns_capable(ctx->ns->user_ns, CAP_SYS_ADMIN)) user_ns 207 kernel/cgroup/cgroup.c .user_ns = &init_user_ns, user_ns 2205 kernel/cgroup/cgroup.c put_user_ns(fc->user_ns); user_ns 2206 kernel/cgroup/cgroup.c fc->user_ns = get_user_ns(ctx->ns->user_ns); user_ns 5747 kernel/cgroup/cgroup.c get_user_ns(init_cgroup_ns.user_ns); user_ns 44 kernel/cgroup/namespace.c put_user_ns(ns->user_ns); user_ns 51 kernel/cgroup/namespace.c struct user_namespace *user_ns, user_ns 66 kernel/cgroup/namespace.c if (!ns_capable(user_ns, CAP_SYS_ADMIN)) user_ns 69 kernel/cgroup/namespace.c ucounts = inc_cgroup_namespaces(user_ns); user_ns 86 kernel/cgroup/namespace.c new_ns->user_ns = get_user_ns(user_ns); user_ns 103 kernel/cgroup/namespace.c !ns_capable(cgroup_ns->user_ns, CAP_SYS_ADMIN)) user_ns 140 kernel/cgroup/namespace.c return to_cg_ns(ns)->user_ns; user_ns 61 kernel/cred.c .user_ns = &init_user_ns, user_ns 122 kernel/cred.c put_user_ns(cred->user_ns); user_ns 272 kernel/cred.c get_user_ns(new->user_ns); user_ns 397 kernel/cred.c const struct user_namespace *set_ns = set->user_ns; user_ns 398 kernel/cred.c const struct user_namespace *subset_ns = subset->user_ns; user_ns 704 kernel/cred.c get_user_ns(new->user_ns); user_ns 694 kernel/fork.c put_user_ns(mm->user_ns); user_ns 1004 kernel/fork.c struct user_namespace *user_ns) user_ns 1046 kernel/fork.c mm->user_ns = get_user_ns(user_ns); user_ns 1354 kernel/fork.c if (!mm_init(mm, tsk, mm->user_ns)) user_ns 45 kernel/groups.c struct user_namespace *user_ns = current_user_ns(); user_ns 51 kernel/groups.c gid = from_kgid_munged(user_ns, group_info->gid[i]); user_ns 62 kernel/groups.c struct user_namespace *user_ns = current_user_ns(); user_ns 72 kernel/groups.c kgid = make_kgid(user_ns, gid); user_ns 179 kernel/groups.c struct user_namespace *user_ns = current_user_ns(); user_ns 181 kernel/groups.c return ns_capable(user_ns, CAP_SETGID) && user_ns 182 kernel/groups.c userns_may_setgroups(user_ns); user_ns 61 kernel/nsproxy.c struct task_struct *tsk, struct user_namespace *user_ns, user_ns 71 kernel/nsproxy.c new_nsp->mnt_ns = copy_mnt_ns(flags, tsk->nsproxy->mnt_ns, user_ns, new_fs); user_ns 77 kernel/nsproxy.c new_nsp->uts_ns = copy_utsname(flags, user_ns, tsk->nsproxy->uts_ns); user_ns 83 kernel/nsproxy.c new_nsp->ipc_ns = copy_ipcs(flags, user_ns, tsk->nsproxy->ipc_ns); user_ns 90 kernel/nsproxy.c copy_pid_ns(flags, user_ns, tsk->nsproxy->pid_ns_for_children); user_ns 96 kernel/nsproxy.c new_nsp->cgroup_ns = copy_cgroup_ns(flags, user_ns, user_ns 103 kernel/nsproxy.c new_nsp->net_ns = copy_net_ns(flags, user_ns, tsk->nsproxy->net_ns); user_ns 137 kernel/nsproxy.c struct user_namespace *user_ns = task_cred_xxx(tsk, user_ns); user_ns 147 kernel/nsproxy.c if (!ns_capable(user_ns, CAP_SYS_ADMIN)) user_ns 161 kernel/nsproxy.c new_ns = create_new_namespaces(flags, tsk, user_ns, tsk->fs); user_ns 191 kernel/nsproxy.c struct user_namespace *user_ns; user_ns 198 kernel/nsproxy.c user_ns = new_cred ? new_cred->user_ns : current_user_ns(); user_ns 199 kernel/nsproxy.c if (!ns_capable(user_ns, CAP_SYS_ADMIN)) user_ns 202 kernel/nsproxy.c *new_nsp = create_new_namespaces(unshare_flags, current, user_ns, user_ns 79 kernel/pid.c .user_ns = &init_user_ns, user_ns 78 kernel/pid_namespace.c static struct pid_namespace *create_pid_namespace(struct user_namespace *user_ns, user_ns 87 kernel/pid_namespace.c if (!in_userns(parent_pid_ns->user_ns, user_ns)) user_ns 93 kernel/pid_namespace.c ucounts = inc_pid_namespaces(user_ns); user_ns 116 kernel/pid_namespace.c ns->user_ns = get_user_ns(user_ns); user_ns 137 kernel/pid_namespace.c put_user_ns(ns->user_ns); user_ns 151 kernel/pid_namespace.c struct user_namespace *user_ns, struct pid_namespace *old_ns) user_ns 157 kernel/pid_namespace.c return create_pid_namespace(user_ns, old_ns); user_ns 274 kernel/pid_namespace.c if (write && !ns_capable(pid_ns->user_ns, CAP_SYS_ADMIN)) user_ns 388 kernel/pid_namespace.c if (!ns_capable(new->user_ns, CAP_SYS_ADMIN) || user_ns 434 kernel/pid_namespace.c return to_pid_ns(ns)->user_ns; user_ns 55 kernel/ptrace.c !ptracer_capable(tsk, mm->user_ns))) { user_ns 329 kernel/ptrace.c if (ptrace_has_cap(cred, tcred->user_ns, mode)) user_ns 348 kernel/ptrace.c !ptrace_has_cap(cred, mm->user_ns, mode))) user_ns 318 kernel/reboot.c if (!ns_capable(pid_ns->user_ns, CAP_SYS_BOOT)) user_ns 5417 kernel/sched/core.c if (!ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE)) { user_ns 820 kernel/signal.c ns_capable(tcred->user_ns, CAP_KILL); user_ns 1128 kernel/signal.c from_kuid_munged(task_cred_xxx(t, user_ns), user_ns 1225 kernel/signal.c t_user_ns = task_cred_xxx(t, user_ns); user_ns 1954 kernel/signal.c info.si_uid = from_kuid_munged(task_cred_xxx(tsk->parent, user_ns), user_ns 2045 kernel/signal.c info.si_uid = from_kuid_munged(task_cred_xxx(parent, user_ns), task_uid(tsk)); user_ns 163 kernel/sys.c if (ns_capable(pcred->user_ns, CAP_SYS_NICE)) user_ns 236 kernel/sys.c uid = make_kuid(cred->user_ns, who); user_ns 304 kernel/sys.c uid = make_kuid(cred->user_ns, who); user_ns 375 kernel/sys.c ns_capable(old->user_ns, CAP_SETGID)) user_ns 384 kernel/sys.c ns_capable(old->user_ns, CAP_SETGID)) user_ns 430 kernel/sys.c if (ns_capable(old->user_ns, CAP_SETGID)) user_ns 519 kernel/sys.c !ns_capable_setid(old->user_ns, CAP_SETUID)) user_ns 528 kernel/sys.c !ns_capable_setid(old->user_ns, CAP_SETUID)) user_ns 587 kernel/sys.c if (ns_capable_setid(old->user_ns, CAP_SETUID)) { user_ns 649 kernel/sys.c if (!ns_capable_setid(old->user_ns, CAP_SETUID)) { user_ns 697 kernel/sys.c ruid = from_kuid_munged(cred->user_ns, cred->uid); user_ns 698 kernel/sys.c euid = from_kuid_munged(cred->user_ns, cred->euid); user_ns 699 kernel/sys.c suid = from_kuid_munged(cred->user_ns, cred->suid); user_ns 738 kernel/sys.c if (!ns_capable(old->user_ns, CAP_SETGID)) { user_ns 776 kernel/sys.c rgid = from_kgid_munged(cred->user_ns, cred->gid); user_ns 777 kernel/sys.c egid = from_kgid_munged(cred->user_ns, cred->egid); user_ns 778 kernel/sys.c sgid = from_kgid_munged(cred->user_ns, cred->sgid); user_ns 805 kernel/sys.c old_fsuid = from_kuid_munged(old->user_ns, old->fsuid); user_ns 807 kernel/sys.c kuid = make_kuid(old->user_ns, uid); user_ns 817 kernel/sys.c ns_capable_setid(old->user_ns, CAP_SETUID)) { user_ns 849 kernel/sys.c old_fsgid = from_kgid_munged(old->user_ns, old->fsgid); user_ns 851 kernel/sys.c kgid = make_kgid(old->user_ns, gid); user_ns 861 kernel/sys.c ns_capable(old->user_ns, CAP_SETGID)) { user_ns 1310 kernel/sys.c if (!ns_capable(current->nsproxy->uts_ns->user_ns, CAP_SYS_ADMIN)) user_ns 1363 kernel/sys.c if (!ns_capable(current->nsproxy->uts_ns->user_ns, CAP_SYS_ADMIN)) user_ns 1600 kernel/sys.c if (!id_match && !ns_capable(tcred->user_ns, CAP_SYS_RESOURCE)) user_ns 159 kernel/taskstats.c static void fill_stats(struct user_namespace *user_ns, user_ns 177 kernel/taskstats.c bacct_add_tsk(user_ns, pid_ns, stats, tsk); user_ns 20 kernel/tsacct.c void bacct_add_tsk(struct user_namespace *user_ns, user_ns 54 kernel/tsacct.c stats->ac_uid = from_kuid_munged(user_ns, tcred->uid); user_ns 55 kernel/tsacct.c stats->ac_gid = from_kgid_munged(user_ns, tcred->gid); user_ns 37 kernel/ucount.c struct user_namespace *user_ns = user_ns 42 kernel/ucount.c if (ns_capable(user_ns, CAP_SYS_RESOURCE)) user_ns 70 kernel/uid16.c ruid = high2lowuid(from_kuid_munged(cred->user_ns, cred->uid)); user_ns 71 kernel/uid16.c euid = high2lowuid(from_kuid_munged(cred->user_ns, cred->euid)); user_ns 72 kernel/uid16.c suid = high2lowuid(from_kuid_munged(cred->user_ns, cred->suid)); user_ns 93 kernel/uid16.c rgid = high2lowgid(from_kgid_munged(cred->user_ns, cred->gid)); user_ns 94 kernel/uid16.c egid = high2lowgid(from_kgid_munged(cred->user_ns, cred->egid)); user_ns 95 kernel/uid16.c sgid = high2lowgid(from_kgid_munged(cred->user_ns, cred->sgid)); user_ns 117 kernel/uid16.c struct user_namespace *user_ns = current_user_ns(); user_ns 124 kernel/uid16.c group = high2lowgid(from_kgid_munged(user_ns, kgid)); user_ns 135 kernel/uid16.c struct user_namespace *user_ns = current_user_ns(); user_ns 144 kernel/uid16.c kgid = make_kgid(user_ns, low2highgid(group)); user_ns 42 kernel/user_namespace.c static void set_cred_user_ns(struct cred *cred, struct user_namespace *user_ns) user_ns 58 kernel/user_namespace.c cred->user_ns = user_ns; user_ns 71 kernel/user_namespace.c struct user_namespace *ns, *parent_ns = new->user_ns; user_ns 1242 kernel/user_namespace.c struct user_namespace *user_ns; user_ns 1245 kernel/user_namespace.c user_ns = get_user_ns(__task_cred(task)->user_ns); user_ns 1248 kernel/user_namespace.c return user_ns ? &user_ns->ns : NULL; user_ns 1258 kernel/user_namespace.c struct user_namespace *user_ns = to_user_ns(ns); user_ns 1264 kernel/user_namespace.c if (user_ns == current_user_ns()) user_ns 1274 kernel/user_namespace.c if (!ns_capable(user_ns, CAP_SYS_ADMIN)) user_ns 1281 kernel/user_namespace.c put_user_ns(cred->user_ns); user_ns 1282 kernel/user_namespace.c set_cred_user_ns(cred, get_user_ns(user_ns)); user_ns 45 kernel/utsname.c static struct uts_namespace *clone_uts_ns(struct user_namespace *user_ns, user_ns 53 kernel/utsname.c ucounts = inc_uts_namespaces(user_ns); user_ns 71 kernel/utsname.c ns->user_ns = get_user_ns(user_ns); user_ns 90 kernel/utsname.c struct user_namespace *user_ns, struct uts_namespace *old_ns) user_ns 100 kernel/utsname.c new_ns = clone_uts_ns(user_ns, old_ns); user_ns 112 kernel/utsname.c put_user_ns(ns->user_ns); user_ns 147 kernel/utsname.c if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) || user_ns 159 kernel/utsname.c return to_uts_ns(ns)->user_ns; user_ns 346 lib/kobject_uevent.c struct user_namespace *owning_user_ns = sock_net(usk)->user_ns; user_ns 739 lib/kobject_uevent.c if (!netlink_ns_capable(skb, net->user_ns, CAP_SYS_ADMIN)) { user_ns 779 lib/kobject_uevent.c if (sock_net(ue_sk->sk)->user_ns == &init_user_ns) { user_ns 792 lib/kobject_uevent.c if (sock_net(ue_sk->sk)->user_ns == &init_user_ns) { user_ns 38 mm/init-mm.c .user_ns = &init_user_ns, user_ns 577 net/8021q/vlan.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 587 net/8021q/vlan.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 596 net/8021q/vlan.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 605 net/8021q/vlan.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 620 net/8021q/vlan.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 627 net/8021q/vlan.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 89 net/bridge/br_ioctl.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 181 net/bridge/br_ioctl.c if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) user_ns 188 net/bridge/br_ioctl.c if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) user_ns 195 net/bridge/br_ioctl.c if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) user_ns 202 net/bridge/br_ioctl.c if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) user_ns 242 net/bridge/br_ioctl.c if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) user_ns 250 net/bridge/br_ioctl.c if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) user_ns 259 net/bridge/br_ioctl.c if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) user_ns 273 net/bridge/br_ioctl.c if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) user_ns 336 net/bridge/br_ioctl.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 366 net/bridge/br_ioctl.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 36 net/bridge/br_sysfs_br.c if (!ns_capable(dev_net(br->dev)->user_ns, CAP_NET_ADMIN)) user_ns 281 net/bridge/br_sysfs_br.c if (!ns_capable(dev_net(br->dev)->user_ns, CAP_NET_ADMIN)) user_ns 313 net/bridge/br_sysfs_if.c if (!ns_capable(dev_net(p->dev)->user_ns, CAP_NET_ADMIN)) user_ns 1464 net/bridge/netfilter/ebtables.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 1487 net/bridge/netfilter/ebtables.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 2327 net/bridge/netfilter/ebtables.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 2351 net/bridge/netfilter/ebtables.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 440 net/core/dev_ioctl.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 482 net/core/dev_ioctl.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 2621 net/core/ethtool.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 608 net/core/fib_rules.c if (current_user_ns() != net->user_ns) { user_ns 4207 net/core/filter.c return from_kuid_munged(sock_net(sk)->user_ns, kuid); user_ns 3677 net/core/neighbour.c if (neigh_parms_net(p)->user_ns != &init_user_ns) user_ns 85 net/core/net-sysfs.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 381 net/core/net-sysfs.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 1384 net/core/net-sysfs.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 1577 net/core/net-sysfs.c return ns_capable(net->user_ns, CAP_SYS_ADMIN); user_ns 318 net/core/net_namespace.c static __net_init int setup_net(struct net *net, struct user_namespace *user_ns) user_ns 329 net/core/net_namespace.c net->user_ns = user_ns; user_ns 450 net/core/net_namespace.c struct user_namespace *user_ns, struct net *old_net) user_ns 459 net/core/net_namespace.c ucounts = inc_net_namespaces(user_ns); user_ns 470 net/core/net_namespace.c get_user_ns(user_ns); user_ns 476 net/core/net_namespace.c rv = setup_net(net, user_ns); user_ns 483 net/core/net_namespace.c put_user_ns(user_ns); user_ns 504 net/core/net_namespace.c kuid_t ns_root_uid = make_kuid(net->user_ns, 0); user_ns 505 net/core/net_namespace.c kgid_t ns_root_gid = make_kgid(net->user_ns, 0); user_ns 615 net/core/net_namespace.c put_user_ns(net->user_ns); user_ns 1362 net/core/net_namespace.c if (!ns_capable(net->user_ns, CAP_SYS_ADMIN) || user_ns 1373 net/core/net_namespace.c return to_net_ns(ns)->user_ns; user_ns 1875 net/core/rtnetlink.c if (!sk_ns_capable(sk, net->user_ns, CAP_NET_ADMIN)) { user_ns 2088 net/core/rtnetlink.c if (!netlink_ns_capable(skb, net->user_ns, cap)) { user_ns 3211 net/core/rtnetlink.c if (!netlink_ns_capable(skb, link_net->user_ns, CAP_NET_ADMIN)) user_ns 5280 net/core/rtnetlink.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 48 net/core/scm.c kuid_t uid = make_kuid(cred->user_ns, creds->uid); user_ns 49 net/core/scm.c kgid_t gid = make_kgid(cred->user_ns, creds->gid); user_ns 55 net/core/scm.c ns_capable(task_active_pid_ns(current)->user_ns, CAP_SYS_ADMIN)) && user_ns 57 net/core/scm.c uid_eq(uid, cred->suid)) || ns_capable(cred->user_ns, CAP_SETUID)) && user_ns 59 net/core/scm.c gid_eq(gid, cred->sgid)) || ns_capable(cred->user_ns, CAP_SETGID))) { user_ns 157 net/core/sock.c struct user_namespace *user_ns, int cap) user_ns 159 net/core/sock.c return file_ns_capable(sk->sk_socket->file, user_ns, cap) && user_ns 160 net/core/sock.c ns_capable(user_ns, cap); user_ns 190 net/core/sock.c return sk_ns_capable(sk, sock_net(sk)->user_ns, cap); user_ns 580 net/core/sock.c if (!ns_capable(net->user_ns, CAP_NET_RAW)) user_ns 868 net/core/sock.c ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) user_ns 1066 net/core/sock.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) { user_ns 1157 net/core/sock.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) { user_ns 1205 net/core/sock.c struct user_namespace *user_ns = current_user_ns(); user_ns 1209 net/core/sock.c if (put_user(from_kgid_munged(user_ns, src->gid[i]), dst + i)) user_ns 2275 net/core/sock.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) user_ns 2879 net/core/sock.c sk->sk_uid = make_kuid(sock_net(sk)->user_ns, 0); user_ns 298 net/core/sock_diag.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) user_ns 608 net/core/sysctl_net_core.c if (net->user_ns != &init_user_ns) { user_ns 371 net/ieee802154/6lowpan/reassembly.c if (net->user_ns != &init_user_ns) user_ns 902 net/ieee802154/socket.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN) && user_ns 903 net/ieee802154/socket.c !ns_capable(net->user_ns, CAP_NET_RAW)) { user_ns 926 net/ieee802154/socket.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN) && user_ns 927 net/ieee802154/socket.c !ns_capable(net->user_ns, CAP_NET_RAW)) { user_ns 310 net/ipv4/af_inet.c !ns_capable(net->user_ns, CAP_NET_RAW)) user_ns 499 net/ipv4/af_inet.c !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE)) user_ns 1182 net/ipv4/arp.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 1048 net/ipv4/devinet.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 1056 net/ipv4/devinet.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 628 net/ipv4/fib_frontend.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 115 net/ipv4/inet_diag.c struct user_namespace *user_ns, user_ns 164 net/ipv4/inet_diag.c r->idiag_uid = from_kuid_munged(user_ns, sock_i_uid(sk)); user_ns 175 net/ipv4/inet_diag.c struct user_namespace *user_ns, user_ns 204 net/ipv4/inet_diag.c if (inet_diag_msg_attrs_fill(sk, skb, r, ext, user_ns, net_admin)) user_ns 314 net/ipv4/inet_diag.c struct user_namespace *user_ns, user_ns 319 net/ipv4/inet_diag.c return inet_sk_diag_fill(sk, inet_csk(sk), skb, req, user_ns, user_ns 400 net/ipv4/inet_diag.c struct user_namespace *user_ns, user_ns 412 net/ipv4/inet_diag.c return inet_csk_diag_fill(sk, skb, r, user_ns, portid, seq, user_ns 409 net/ipv4/ip_options.c if (!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) { user_ns 444 net/ipv4/ip_options.c if ((!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) || opt->cipso) { user_ns 457 net/ipv4/ip_options.c if (!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) { user_ns 1159 net/ipv4/ip_sockglue.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) user_ns 1165 net/ipv4/ip_sockglue.c if (!!val && !ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW) && user_ns 1166 net/ipv4/ip_sockglue.c !ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) { user_ns 883 net/ipv4/ip_tunnel.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 939 net/ipv4/ip_tunnel.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 1399 net/ipv4/ipmr.c !ns_capable(net->user_ns, CAP_NET_ADMIN)) { user_ns 1302 net/ipv4/netfilter/arp_tables.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) user_ns 1436 net/ipv4/netfilter/arp_tables.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) user_ns 1457 net/ipv4/netfilter/arp_tables.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) user_ns 1480 net/ipv4/netfilter/arp_tables.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) user_ns 1543 net/ipv4/netfilter/ip_tables.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) user_ns 1645 net/ipv4/netfilter/ip_tables.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) user_ns 1667 net/ipv4/netfilter/ip_tables.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) user_ns 1691 net/ipv4/netfilter/ip_tables.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) user_ns 3376 net/ipv4/route.c if (net->user_ns != &init_user_ns) { user_ns 174 net/ipv4/sysctl_net_ipv4.c struct user_namespace *user_ns = current_user_ns(); user_ns 187 net/ipv4/sysctl_net_ipv4.c urange[0] = from_kgid_munged(user_ns, low); user_ns 188 net/ipv4/sysctl_net_ipv4.c urange[1] = from_kgid_munged(user_ns, high); user_ns 192 net/ipv4/sysctl_net_ipv4.c low = make_kgid(user_ns, urange[0]); user_ns 193 net/ipv4/sysctl_net_ipv4.c high = make_kgid(user_ns, urange[1]); user_ns 2699 net/ipv4/tcp.c return ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN) && user_ns 2827 net/ipv4/tcp.c ns_capable(sock_net(sk)->user_ns, user_ns 3041 net/ipv6/addrconf.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 3061 net/ipv6/addrconf.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 169 net/ipv6/af_inet6.c !ns_capable(net->user_ns, CAP_NET_RAW)) user_ns 296 net/ipv6/af_inet6.c !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE)) user_ns 75 net/ipv6/anycast.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 854 net/ipv6/datagram.c if (!ns_capable(net->user_ns, CAP_NET_RAW)) { user_ns 874 net/ipv6/datagram.c if (!ns_capable(net->user_ns, CAP_NET_RAW)) { user_ns 899 net/ipv6/datagram.c if (!ns_capable(net->user_ns, CAP_NET_RAW)) { user_ns 595 net/ipv6/ip6_flowlabel.c ns_capable(net->user_ns, CAP_NET_ADMIN)) { user_ns 1255 net/ipv6/ip6_gre.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 1304 net/ipv6/ip6_gre.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 1617 net/ipv6/ip6_tunnel.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 1653 net/ipv6/ip6_tunnel.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 820 net/ipv6/ip6_vti.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 852 net/ipv6/ip6_vti.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 1646 net/ipv6/ip6mr.c !ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 372 net/ipv6/ipv6_sockglue.c if (valbool && !ns_capable(net->user_ns, CAP_NET_RAW) && user_ns 373 net/ipv6/ipv6_sockglue.c !ns_capable(net->user_ns, CAP_NET_ADMIN)) { user_ns 409 net/ipv6/ipv6_sockglue.c if (optname != IPV6_RTHDR && !ns_capable(net->user_ns, CAP_NET_RAW)) user_ns 836 net/ipv6/ipv6_sockglue.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 1552 net/ipv6/netfilter/ip6_tables.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) user_ns 1654 net/ipv6/netfilter/ip6_tables.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) user_ns 1676 net/ipv6/netfilter/ip6_tables.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) user_ns 1700 net/ipv6/netfilter/ip6_tables.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) user_ns 4330 net/ipv6/route.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 6186 net/ipv6/route.c if (net->user_ns != &init_user_ns) user_ns 1217 net/ipv6/sit.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 1263 net/ipv6/sit.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 1294 net/ipv6/sit.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 1321 net/ipv6/sit.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 146 net/key/af_key.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 169 net/llc/af_llc.c if (!ns_capable(net->user_ns, CAP_NET_RAW)) user_ns 2062 net/netfilter/ipset/ip_set_core.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 2424 net/netfilter/ipvs/ip_vs_ctl.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) user_ns 2738 net/netfilter/ipvs/ip_vs_ctl.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) user_ns 3997 net/netfilter/ipvs/ip_vs_ctl.c if (net->user_ns != &init_user_ns) user_ns 565 net/netfilter/ipvs/ip_vs_lblc.c if (net->user_ns != &init_user_ns) user_ns 751 net/netfilter/ipvs/ip_vs_lblcr.c if (net->user_ns != &init_user_ns) user_ns 670 net/netfilter/nf_conntrack_expect.c root_uid = make_kuid(net->user_ns, 0); user_ns 671 net/netfilter/nf_conntrack_expect.c root_gid = make_kgid(net->user_ns, 0); user_ns 475 net/netfilter/nf_conntrack_standalone.c root_uid = make_kuid(net->user_ns, 0); user_ns 476 net/netfilter/nf_conntrack_standalone.c root_gid = make_kgid(net->user_ns, 0); user_ns 1058 net/netfilter/nf_conntrack_standalone.c if (net->user_ns != &init_user_ns) { user_ns 155 net/netfilter/nfnetlink_log.c u32 portid, struct user_namespace *user_ns) user_ns 187 net/netfilter/nfnetlink_log.c inst->peer_user_ns = user_ns; user_ns 608 net/netfilter/nfnetlink_log.c struct user_namespace *user_ns = inst->peer_user_ns; user_ns 609 net/netfilter/nfnetlink_log.c __be32 uid = htonl(from_kuid_munged(user_ns, cred->fsuid)); user_ns 610 net/netfilter/nfnetlink_log.c __be32 gid = htonl(from_kgid_munged(user_ns, cred->fsgid)); user_ns 1123 net/netfilter/nfnetlink_log.c root_uid = make_kuid(net->user_ns, 0); user_ns 1124 net/netfilter/nfnetlink_log.c root_gid = make_kgid(net->user_ns, 0); user_ns 1739 net/netfilter/x_tables.c root_uid = make_kuid(net->user_ns, 0); user_ns 1740 net/netfilter/x_tables.c root_gid = make_kgid(net->user_ns, 0); user_ns 32 net/netfilter/xt_owner.c (current_user_ns() != net->user_ns)) user_ns 37 net/netfilter/xt_owner.c kuid_t uid_min = make_kuid(net->user_ns, info->uid_min); user_ns 38 net/netfilter/xt_owner.c kuid_t uid_max = make_kuid(net->user_ns, info->uid_max); user_ns 49 net/netfilter/xt_owner.c kgid_t gid_min = make_kgid(net->user_ns, info->gid_min); user_ns 50 net/netfilter/xt_owner.c kgid_t gid_max = make_kgid(net->user_ns, info->gid_max); user_ns 85 net/netfilter/xt_owner.c kuid_t uid_min = make_kuid(net->user_ns, info->uid_min); user_ns 86 net/netfilter/xt_owner.c kuid_t uid_max = make_kuid(net->user_ns, info->uid_max); user_ns 95 net/netfilter/xt_owner.c kgid_t gid_min = make_kgid(net->user_ns, info->gid_min); user_ns 96 net/netfilter/xt_owner.c kgid_t gid_max = make_kgid(net->user_ns, info->gid_max); user_ns 853 net/netlink/af_netlink.c struct user_namespace *user_ns, int cap) user_ns 856 net/netlink/af_netlink.c file_ns_capable(nsp->sk->sk_socket->file, user_ns, cap)) && user_ns 857 net/netlink/af_netlink.c ns_capable(user_ns, cap); user_ns 872 net/netlink/af_netlink.c struct user_namespace *user_ns, int cap) user_ns 874 net/netlink/af_netlink.c return __netlink_ns_capable(&NETLINK_CB(skb), user_ns, cap); user_ns 905 net/netlink/af_netlink.c return netlink_ns_capable(skb, sock_net(skb->sk)->user_ns, cap); user_ns 912 net/netlink/af_netlink.c ns_capable(sock_net(sock->sk)->user_ns, CAP_NET_ADMIN); user_ns 1423 net/netlink/af_netlink.c if (!file_ns_capable(sk->sk_socket->file, p->net->user_ns, user_ns 1687 net/netlink/af_netlink.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_BROADCAST)) user_ns 530 net/netlink/genetlink.c !netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN)) user_ns 3240 net/packet/af_packet.c if (!ns_capable(net->user_ns, CAP_NET_RAW)) user_ns 132 net/packet/diag.c struct user_namespace *user_ns, user_ns 156 net/packet/diag.c from_kuid_munged(user_ns, sock_i_uid(sk)))) user_ns 1942 net/sched/cls_api.c if (!netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN)) user_ns 2167 net/sched/cls_api.c if (!netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN)) user_ns 2774 net/sched/cls_api.c !netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN)) user_ns 1420 net/sched/sch_api.c !netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN)) user_ns 1503 net/sched/sch_api.c if (!netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN)) user_ns 1992 net/sched/sch_api.c !netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN)) user_ns 126 net/sctp/diag.c struct user_namespace *user_ns, user_ns 156 net/sctp/diag.c if (inet_diag_msg_attrs_fill(sk, skb, r, ext, user_ns, net_admin)) user_ns 403 net/sctp/socket.c !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE)) user_ns 1080 net/sctp/socket.c !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE)) user_ns 65 net/smc/smc_diag.c struct user_namespace *user_ns) user_ns 70 net/smc/smc_diag.c r->diag_uid = from_kuid_munged(user_ns, sock_i_uid(sk)); user_ns 82 net/smc/smc_diag.c struct user_namespace *user_ns; user_ns 100 net/smc/smc_diag.c user_ns = sk_user_ns(NETLINK_CB(cb->skb).sk); user_ns 101 net/smc/smc_diag.c if (smc_diag_msg_attrs_fill(sk, skb, r, user_ns)) user_ns 1163 net/socket.c if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) user_ns 419 net/sunrpc/auth_gss/auth_gss.c struct user_namespace *userns = cred->user_ns; user_ns 446 net/sunrpc/auth_gss/auth_gss.c struct user_namespace *userns = cred->user_ns; user_ns 111 net/sunrpc/auth_unix.c clnt->cl_cred->user_ns : &init_user_ns; user_ns 1435 net/sunrpc/rpc_pipe.c put_user_ns(fc->user_ns); user_ns 1436 net/sunrpc/rpc_pipe.c fc->user_ns = get_user_ns(fc->net_ns->user_ns); user_ns 559 net/sunrpc/svcauth_unix.c struct user_namespace *user_ns = m->file->f_cred->user_ns; user_ns 575 net/sunrpc/svcauth_unix.c seq_printf(m, "%u %d:", from_kuid_munged(user_ns, ug->uid), glen); user_ns 577 net/sunrpc/svcauth_unix.c seq_printf(m, " %d", from_kgid_munged(user_ns, ug->gi->gid[i])); user_ns 822 net/sunrpc/svcauth_unix.c rqstp->rq_xprt->xpt_cred->user_ns : &init_user_ns; user_ns 48 net/sysctl_net.c if (ns_capable_noaudit(net->user_ns, CAP_NET_ADMIN)) { user_ns 64 net/sysctl_net.c ns_root_uid = make_kuid(net->user_ns, 0); user_ns 68 net/sysctl_net.c ns_root_gid = make_kgid(net->user_ns, 0); user_ns 2539 net/unix/af_unix.c if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) user_ns 34 net/unix/sysctl_net_unix.c if (net->user_ns != &init_user_ns) user_ns 1084 net/xdp/xsk.c if (!ns_capable(net->user_ns, CAP_NET_RAW)) user_ns 81 net/xdp/xsk_diag.c struct user_namespace *user_ns, user_ns 106 net/xdp/xsk_diag.c from_kuid_munged(user_ns, sock_i_uid(sk)))) user_ns 59 net/xfrm/xfrm_sysctl.c if (net->user_ns != &init_user_ns) user_ns 644 security/apparmor/policy.c struct user_namespace *user_ns = current_user_ns(); user_ns 646 security/apparmor/policy.c bool root_in_user_ns = uid_eq(current_euid(), make_kuid(user_ns, 0)) || user_ns 647 security/apparmor/policy.c in_egroup_p(make_kgid(user_ns, 0)); user_ns 653 security/apparmor/policy.c (user_ns == &init_user_ns || user_ns 655 security/apparmor/policy.c user_ns->level == view_ns->level))) user_ns 664 security/apparmor/policy.c struct user_namespace *user_ns = current_user_ns(); user_ns 665 security/apparmor/policy.c bool capable = ns_capable(user_ns, CAP_MAC_ADMIN); user_ns 76 security/commoncap.c if (ns == cred->user_ns) user_ns 83 security/commoncap.c if (ns->level <= cred->user_ns->level) user_ns 90 security/commoncap.c if ((ns->parent == cred->user_ns) && uid_eq(ns->owner, cred->euid)) user_ns 146 security/commoncap.c if (cred->user_ns == child_cred->user_ns && user_ns 149 security/commoncap.c if (ns_capable(child_cred->user_ns, CAP_SYS_PTRACE)) user_ns 178 security/commoncap.c if (cred->user_ns == child_cred->user_ns && user_ns 181 security/commoncap.c if (has_ns_capability(parent, child_cred->user_ns, CAP_SYS_PTRACE)) user_ns 223 security/commoncap.c if (cap_capable(current_cred(), current_cred()->user_ns, user_ns 823 security/commoncap.c root_uid = make_kuid(new->user_ns, 0); user_ns 840 security/commoncap.c !ptracer_capable(current, new->user_ns))) { user_ns 842 security/commoncap.c if (!ns_capable(new->user_ns, CAP_SETUID) || user_ns 915 security/commoncap.c struct user_namespace *user_ns = dentry->d_sb->s_user_ns; user_ns 929 security/commoncap.c if (!ns_capable(user_ns, CAP_SYS_ADMIN)) user_ns 947 security/commoncap.c struct user_namespace *user_ns = dentry->d_sb->s_user_ns; user_ns 964 security/commoncap.c if (!ns_capable(user_ns, CAP_SYS_ADMIN)) user_ns 1000 security/commoncap.c kuid_t root_uid = make_kuid(old->user_ns, 0); user_ns 1055 security/commoncap.c kuid_t root_uid = make_kuid(old->user_ns, 0); user_ns 1091 security/commoncap.c if (!is_subset && !ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE)) user_ns 1208 security/commoncap.c current_cred()->user_ns, user_ns 66 security/keys/proc.c struct user_namespace *user_ns = seq_user_ns(p); user_ns 71 security/keys/proc.c if (kuid_has_mapping(user_ns, key->user->uid)) user_ns 80 security/keys/proc.c struct user_namespace *user_ns = seq_user_ns(p); user_ns 103 security/keys/proc.c if (kuid_has_mapping(user_ns, minkey->user->uid)) user_ns 252 security/keys/proc.c static struct rb_node *__key_user_next(struct user_namespace *user_ns, struct rb_node *n) user_ns 256 security/keys/proc.c if (kuid_has_mapping(user_ns, user->uid)) user_ns 263 security/keys/proc.c static struct rb_node *key_user_next(struct user_namespace *user_ns, struct rb_node *n) user_ns 265 security/keys/proc.c return __key_user_next(user_ns, rb_next(n)); user_ns 268 security/keys/proc.c static struct rb_node *key_user_first(struct user_namespace *user_ns, struct rb_root *r) user_ns 271 security/keys/proc.c return __key_user_next(user_ns, n); user_ns 38 security/keys/process_keys.c static struct key *get_user_register(struct user_namespace *user_ns) user_ns 40 security/keys/process_keys.c struct key *reg_keyring = READ_ONCE(user_ns->user_keyring_register); user_ns 45 security/keys/process_keys.c down_write(&user_ns->keyring_sem); user_ns 50 security/keys/process_keys.c reg_keyring = user_ns->user_keyring_register; user_ns 53 security/keys/process_keys.c user_ns->owner, INVALID_GID, user_ns 60 security/keys/process_keys.c smp_store_release(&user_ns->user_keyring_register, user_ns 64 security/keys/process_keys.c up_write(&user_ns->keyring_sem); user_ns 78 security/keys/process_keys.c struct user_namespace *user_ns = current_user_ns(); user_ns 82 security/keys/process_keys.c uid_t uid = from_kuid(user_ns, cred->user->uid); user_ns 90 security/keys/process_keys.c reg_keyring = get_user_register(user_ns); user_ns 94 security/keys/process_keys.c down_write(&user_ns->keyring_sem); user_ns 158 security/keys/process_keys.c up_write(&user_ns->keyring_sem); user_ns 176 security/keys/process_keys.c up_write(&user_ns->keyring_sem); user_ns 187 security/keys/process_keys.c struct key *reg_keyring = READ_ONCE(cred->user_ns->user_keyring_register); user_ns 205 security/keys/process_keys.c from_kuid(cred->user_ns, user_ns 931 security/keys/process_keys.c new->user_ns = get_user_ns(old->user_ns); user_ns 52 security/safesetid/securityfs.c rule->src_uid = make_kuid(file->f_cred->user_ns, parsed_parent); user_ns 53 security/safesetid/securityfs.c rule->dst_uid = make_kuid(file->f_cred->user_ns, parsed_child); user_ns 371 security/yama/yama_lsm.c !ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE)) user_ns 377 security/yama/yama_lsm.c if (!ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE))