Lines Matching +full:allow +full:- +full:set +full:- +full:time

1 .. SPDX-License-Identifier: GPL-2.0
12 `samples/check-exec/inc.c`_ example.
28 for script interpreters and dynamic linkers to check the securebits at run time
31 set to 1 (i.e. always enforce restrictions).
41 Programs should always perform this check to apply kernel-level checks against
60 To avoid race conditions leading to time-of-check to time-of-use issues,
67 When ``SECBIT_EXEC_RESTRICT_FILE`` is set, a process should only interpret or
71 This secure bit may be set by user session managers, service managers,
73 related ``SECBIT_EXEC_RESTRICT_FILE_LOCKED`` bit should also be set.
76 securebits but without relying on any other user-controlled configuration.
83 checks.  For instance, the ``PATH`` and ``LD_PRELOAD`` variables can be set by
89 When ``SECBIT_EXEC_DENY_INTERACTIVE`` is set, a process should never interpret
96 should always deny such execution if ``SECBIT_EXEC_DENY_INTERACTIVE`` is set.
98 This secure bit may be set by user session managers, service managers,
100 related ``SECBIT_EXEC_DENY_INTERACTIVE_LOCKED`` bit should also be set.
107    Always interpret scripts, and allow arbitrary user commands (default).
118    Deny script interpretation if they are not executable, but allow
123    /tmp/*.sh``).  This makes sense for (semi-restricted) user sessions.
131    dm-verity/IPE) but where access rights might not be ready yet.  Indeed,
143 .. _samples/check-exec/inc.c:
144    https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/samples/check-exec/inc.c