credentials.rst - OpenGrok cross reference for /linux/Documentation/security/credentials.rst

Lines Matching full:may
17      Objects are things in the system that may be acted upon directly by
43      indicates the 'objective context' of that object.  This may or may not be
58      Objects other than tasks may under some circumstances also be subjects.
59      For instance an open file may send SIGIO to a task using the UID and EUID
77      Linux has a number of actions available that a subject may perform upon an
98 	 file may supply more than one ACL.
102 	 'group' and 'other'), each of which may be granted certain privileges
112 	 The system as a whole may have one or more sets of rules that get
166      The inheritable capabilities are the ones that may get passed across
169      The bounding set limits the capabilities that may be inherited across
189      be searched for the desired key.  Each process may subscribe to a number
204      operations that a task may do.  Currently Linux supports several LSM
208      rules (policies) that say what operations a task with one label may do to
230 Files on disk or obtained over the network may have annotations that form the
232 this may include one or more of the following:
243 privilege escalation bits come into play, and may allow the resulting process
255 Once a set of credentials has been prepared and committed, it may not be
258  1. its reference count may be changed;
260  2. the reference count on the group_info struct it points to may be changed;
262  3. the reference count on the security data it points to may be changed;
264  4. the reference count on any keyrings it points to may be changed;
266  5. any keyrings it points to may be revoked, expired or have their security
269  6. the contents of any keyrings to which it points may be changed (the whole
278 A task may only alter its _own_ credentials; it is no longer permitted for a
283 process as the instantiating process may need to create them.
292  1. The reference count may be altered.
294  2. While the keyring subscriptions of a set of credentials may not be
295     changed, the keyrings subscribed to may have their contents altered.
360 While a task may access its own credentials without the need for locking, the
394    ``get_cred()`` as this may race with ``commit_cred()``.
423 magic.  This may not be used for pointer members as what they point to may
430 As previously mentioned, a task may only alter its own credentials, and may not
445 as the ptrace state may alter the outcome, particularly in the case of
458 is shared as it may permute elements as part of the sorting process
479 those credentials may _not_ be changed further.
552 instead of "current"'s credentials, as the file may have been passed to a more