Security (full) in projects: linux - OpenGrok search results

Project(s)

Full Search
Definition
Symbol
File Path
History
Type

Searched full:security (Results 1 – 25 of 1231) sorted by relevance

12 3 4 5 6 7 8 9 10 >>...50

/linux/Documentation/security/
H A D	lsm.rst	2 Linux Security Modules: General Security Hooks for Linux 16 In March 2001, the National Security Agency (NSA) gave a presentation 17 about Security-Enhanced Linux (SELinux) at the 2.5 Linux Kernel Summit. 20 implemented as its own particular kernel patch. Several other security 25 patch to support its security needs. 28 remarks that described a security framework he would be willing to 30 general framework that would provide a set of security hooks to control 31 operations on kernel objects and a set of opaque security fields in 32 kernel data structures for maintaining security attributes. This 34 desired model of security. Linus also suggested the possibility of [all …]
/linux/security/
H A D	Kconfig	`3 # Security configuration 6 menu "Security options" 8 source "security/keys/Kconfig" 73 config SECURITY 74 bool "Enable different security models" 78 This allows you to choose different security modules to be 81 If this option is not selected, the default Linux security 89 depends on SECURITY 95 various security modules (AppArmor, IMA, SafeSetID, TOMOYO, TPM). 100 bool "Socket and Networking Security Hook 75 config SECURITY global() config [all...]`
H A D	security.c	3 * Security plug functions 40 * all security modules to use the same descriptions for auditing 235 return lsm_blob_alloc(&cred->security, blob_sizes.lbs_cred, gfp); in lsm_cred_alloc() 270 return lsm_blob_alloc(&task->security, blob_sizes.lbs_task, GFP_KERNEL); in lsm_task_alloc() 283 return lsm_blob_alloc(&kip->security, blob_sizes.lbs_ipc, GFP_KERNEL); in lsm_ipc_alloc() 297 return lsm_blob_alloc(&key->security, blob_sizes.lbs_key, GFP_KERNEL); in lsm_key_alloc() 311 return lsm_blob_alloc(&mp->security, blob_sizes.lbs_msg_msg, in lsm_msg_msg_alloc() 340 return lsm_blob_alloc(&map->security, blob_sizes.lbs_bpf_map, GFP_KERNEL); in lsm_bpf_map_alloc() 353 return lsm_blob_alloc(&prog->aux->security, blob_sizes.lbs_bpf_prog, GFP_KERNEL); in lsm_bpf_prog_alloc() 366 return lsm_blob_alloc(&token->security, blob_size in lsm_bpf_token_alloc() 4660 security_tun_dev_alloc_security(void ** security) security_tun_dev_alloc_security() argument 4683 security_tun_dev_free_security(void * security) security_tun_dev_free_security() argument 4710 security_tun_dev_attach_queue(void * security) security_tun_dev_attach_queue() argument 4726 security_tun_dev_attach(struct sock * sk,void * security) security_tun_dev_attach() argument 4741 security_tun_dev_open(void * security) security_tun_dev_open() argument [all...]
/linux/Documentation/userspace-api/
H A D	lsm.rst	6 Linux Security Modules 12 Linux security modules (LSM) provide a mechanism to implement 13 additional access controls to the Linux security policies. 15 The various security modules may support any of these attributes: 17 ``LSM_ATTR_CURRENT`` is the current, active security context of the 20 This is supported by the SELinux, Smack and AppArmor security modules. 24 ``LSM_ATTR_EXEC`` is the security context of the process at the time the 27 This is supported by the SELinux and AppArmor security modules. 30 ``LSM_ATTR_FSCREATE`` is the security context of the process used when 33 This is supported by the SELinux security module. [all …]
/linux/Documentation/driver-api/nvdimm/
H A D	security.rst	2 NVDIMM Security 9 specification [1], security DSMs are introduced. The spec added the following 10 security DSMs: "get security state", "set passphrase", "disable passphrase", 12 data structure has been added to struct dimm in order to support the security 17 The "security" sysfs attribute is provided in the nvdimm sysfs directory. For 19 /sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0012:00/ndbus0/nmem0/security 21 The "show" attribute of that attribute will display the security state for 23 frozen, and overwrite. If security is not supported, the sysfs attribute 27 in order to support some of the security functionalities: 29 disable <keyid> - disable enabled security and remove key. [all …]
/linux/Documentation/process/
H A D	security-bugs.rst	3 Security bugs 6 Linux kernel developers take security very seriously. As such, we'd 7 like to know when a security bug is found so that it can be fixed and 13 Like with any bug report, a security bug report requires a lot of analysis work 18 any security bug report: 39 is not a security bug. 50 "system freezes each time I run this command"), the security team will help 69 What qualifies as a security bug 78 It turns out that the majority of the bugs reported via the security team are 79 just regular bugs that have been improperly qualified as security bugs due to [all …]
H A D	embargoed-hardware-issues.rst	9 Hardware issues which result in security problems are a different category 10 of security bugs than pure software bugs which only affect the Linux 25 The Linux kernel hardware security team is separate from the regular Linux 26 kernel security team. 28 The team only handles developing fixes for embargoed hardware security 29 issues. Reports of pure software security bugs in the Linux kernel are not 31 Linux kernel security team (:ref:`Documentation/admin-guide/ 34 The team can be contacted by email at <hardware-security@kernel.org>. This 35 is a private list of security officers who will help you coordinate a fix 43 - PGP: https://www.kernel.org/static/files/hardware-security.asc [all …]
H A D	cve.rst	7 security vulnerabilities. Over time, their usefulness has declined with 12 security identifiers, and ongoing abuses by individuals and companies 17 potential Linux kernel security issues. This assignment is independent 18 of the :doc:`normal Linux kernel security bug reporting 19 process<../process/security-bugs>`. 31 potentially security issues are identified by the developers responsible 37 any bug might be exploitable to compromise the security of the kernel, 47 security issues should be sent to this alias, it is ONLY for assignment 49 feel you have found an unfixed security issue, please follow the 50 :doc:`normal Linux kernel security bug reporting [all …]
/linux/Documentation/netlabel/
H A D	lsm_interface.rst	2 NetLabel Linux Security Module Interface 12 NetLabel is a mechanism which can set and retrieve security attributes from 15 The NetLabel security module API is defined in 'include/net/netlabel.h' but a 18 NetLabel Security Attributes 22 it uses the concept of security attributes to refer to the packet's security 23 labels. The NetLabel security attributes are defined by the 25 NetLabel subsystem converts the security attributes to and from the correct 28 security attributes into whatever security identifiers are in use for their 44 label and the internal LSM security identifier can be time consuming. The 47 LSM has received a packet, used NetLabel to decode its security attributes, [all …]
H A D	introduction.rst	12 NetLabel is a mechanism which can be used by kernel security modules to attach 13 security attributes to outgoing network packets generated from user space 14 applications and read security attributes from incoming network packets. It 16 layer, and the kernel security module API. 22 network packet's security attributes. If any translation between the network 23 security attributes and those on the host are required then the protocol 26 the NetLabel kernel security module API described below. 41 Security Module API 44 The purpose of the NetLabel security module API is to provide a protocol 46 to protocol independence, the security module API is designed to be completely [all …]
H A D	draft-ietf-cipso-ipsecurity-01.txt	6 COMMERCIAL IP SECURITY OPTION (CIPSO 2.2) 13 IP Security Option (CIPSO). This draft reflects the version as approved by 35 Currently the Internet Protocol includes two security options. One of 36 these options is the DoD Basic Security Option (BSO) (Type 130) which allows 37 IP datagrams to be labeled with security classifications. This option 38 provides sixteen security classifications and a variable number of handling 39 restrictions. To handle additional security information, such as security 40 categories or compartments, another security option (Type 133) exists and 41 is referred to as the DoD Extended Security Option (ESO). The values for 46 mandatory access controls and multi-level security. These systems are [all …]
/linux/security/selinux/
H A D	xfrm.c	3 * Security-Enhanced Linux (SELinux) security module 29 * 3. Testing addition of sk_policy's with security context via setsockopt 33 #include <linux/security.h> 63 * Returns true if the xfrm contains a security blob for SELinux. 67 return selinux_authorizable_ctx(x->security); in selinux_authorizable_xfrm() 71 * Allocates a xfrm_sec_state and populates it using the supplied security 177 if (!xp->security) in selinux_xfrm_state_pol_flow_match() 178 if (x->security) in selinux_xfrm_state_pol_flow_match() 185 if (!x->security) in selinux_xfrm_state_pol_flow_match() 193 state_sid = x->security->ctx_sid; in selinux_xfrm_state_pol_flow_match() [all …]
/linux/security/integrity/evm/
H A D	Kconfig	`12 EVM protects a file's security extended attributes against 38 In addition to the original security xattrs (eg. security.selinux, 39 security.SMACK64, security.capability, and security.ima) included 41 Smack xattrs: security.SMACK64EXEC, security.SMACK64TRANSMUTE and 42 security.SMACK64MMAP. 57 /sys/kernel/security/integrity/evm/evm_xattrs.`
/linux/security/selinux/include/
H A D	objsec.h	3 * Security-Enhanced Linux (SELinux) security module 5 * This file contains the SELinux security data structures for kernel objects. 77 u16 sclass; /* security class of this object / 110 u16 sclass; / security class of this object / 148 u16 sclass; / sock security class / 186 return cred->security + selinux_blob_sizes.lbs_cred; in selinux_cred() 192 return task->security + selinux_blob_sizes.lbs_task; in selinux_task() 218 return msg_msg->security + selinux_blob_sizes.lbs_msg_msg; in selinux_msg_msg() 224 return ipc->security + selinux_blob_sizes.lbs_ipc; in selinux_ipc() 228 get the subjective security ID of the current task [all …]
/linux/include/uapi/linux/
H A D	rxrpc.h	33 #define RXRPC_SECURITY_KEY 1 /* [clnt] set client security key / 34 #define RXRPC_SECURITY_KEYRING 2 / [srvr] set ring of server security keys / 36 #define RXRPC_MIN_SECURITY_LEVEL 4 / minimum security level / 70 RxRPC security levels 77 * RxRPC security indices 79 #define RXRPC_SECURITY_NONE 0 /* no security protocol / 110 Rx kerberos security abort codes 111 * - unfortunately we have no generalised security abort codes to say things 112 * like "unsupported security", so we have to use these instead and hope the 115 #define RXKADINCONSISTENCY 19270400 /* security modul [all...]
/linux/fs/cachefiles/
H A D	security.c	2 /* CacheFiles security management 13 * determine the security context within which we access the cache from within 33 pr_err("Security denies permission to nominate security context: error %d\n", in cachefiles_get_security_ID() 56 pr_err("Security denies permission to make dirs: error %d", in cachefiles_check_cache_dir() 63 pr_err("Security denies permission to create files: error %d", in cachefiles_check_cache_dir() 70 * check the security details of the on-disk cache 71 * - must be called with security override in force 72 * - must return with a security override in force - even in the case of an 92 /* use the cache root dir's security context as the basis with in cachefiles_determine_cache_security()
/linux/fs/ceph/
H A D	Kconfig	`40 bool "CephFS Security Labels" 41 depends on CEPH_FS && SECURITY 43 Security labels support alternative access control models 44 implemented by security modules like SELinux. This option 45 enables an extended attribute handler for file security 48 If you are not using a security module that requires using 49 extended attributes for file security labels, say N.`
/linux/security/tomoyo/
H A D	securityfs_if.c	3 * security/tomoyo/securityfs_if.c 8 #include <linux/security.h> 29 * tomoyo_write_self - write() for /sys/kernel/security/tomoyo/self_domain interface. 91 * tomoyo_read_self - read() for /sys/kernel/security/tomoyo/self_domain interface. 118 /* Operations for /sys/kernel/security/tomoyo/self_domain interface. / 125 tomoyo_open - open() for /sys/kernel/security/tomoyo/ interface. 140 * tomoyo_release - close() for /sys/kernel/security/tomoyo/ interface. 153 * tomoyo_poll - poll() for /sys/kernel/security/tomoyo/ interface. 167 * tomoyo_read - read() for /sys/kernel/security/tomoyo/ interface. 183 * tomoyo_write - write() for /sys/kernel/security/tomoyo/ interface. [all …]
/linux/Documentation/filesystems/caching/
H A D	cachefiles.rst	23 () Security model and SELinux. 25 () A note on security. 292 Security Model and SELinux 295 CacheFiles is implemented to deal properly with the LSM security features of 300 security context that is not appropriate for accessing the cache - either 305 The way CacheFiles works is to temporarily change the security context (fsuid, 306 fsgid and actor security label) that the process acts as - without changing the 307 security context of the process when it the target of an operation performed by 313 (1) Finds the security label attached to the root cache directory and uses 314 that as the security label with which it will create files. By default, [all …]
/linux/drivers/infiniband/core/
H A D	security.c	33 #include <linux/security.h> 87 ret = security_ib_pkey_access(qp_sec->security, subnet_prefix, pkey); in enforce_qp_pkey_security() 94 ret = security_ib_pkey_access(shared_qp_sec->security, in enforce_qp_pkey_security() 103 /* The caller of this function must hold the QP security 104 * mutex of the QP of the security structure in pps. 106 It takes separate ports_pkeys and security structure 108 * or the pps will be for the real QP and security structure 150 /* The caller of this function must hold the QP security 164 * the qp pointer in the security structure is in qp_to_error() 240 /* The caller of this function must hold the QP security [all …]
/linux/net/netfilter/
H A D	xt_CONNSECMARK.c	3 * This module is used to copy security markings from packets 4 * to connections, and restore security markings from connections 24 MODULE_DESCRIPTION("Xtables: target for copying between connection and security mark"); 29 * If the packet has a security mark and the connection does not, copy 30 * the security mark from the packet to the connection. 47 * If packet has no security mark, and the connection does, restore the 48 * security mark from the connection to the packet. 89 strcmp(par->table, "security") != 0) { in connsecmark_tg_check() 90 pr_info_ratelimited("only valid in \'mangle\' or \'security\' table, not \'%s\'\n", in connsecmark_tg_check()
/linux/drivers/char/tpm/
H A D	Kconfig	13 If you have a TPM security chip in your system, which 41 and interposer attacks (see tpm-security.rst). Saying Y 67 If you have a TPM security chip that is compliant with the 78 If you have a TPM security chip which is connected to a regular, 98 If you have a TPM security chip, compliant with the TCG TPM PTP 109 If you have a TPM security chip that is compliant with the 129 If you have an Atmel I2C TPM security chip say Yes and it will be 138 If you have a TPM security chip that is compliant with the 149 If you have a TPM security chip with an I2C interface from 159 If you have a TPM security chip from National Semiconductor [all …]
/linux/fs/9p/
H A D	Kconfig	`36 bool "9P Security Labels" 39 Security labels support alternative access control models 40 implemented by security modules like SELinux. This option 41 enables an extended attribute handler for file security 44 If you are not using a security module that requires using 45 extended attributes for file security labels, say N.`
/linux/net/ipv4/netfilter/
H A D	iptable_security.c	`3 * "security" table 5 * This is for use by Mandatory Access Control (MAC) security models, 6 * which need to be able to manage security policy in separate context 22 MODULE_DESCRIPTION("iptables security table, for MAC rules"); 29 .name = "security", 53 xt_unregister_table_pre_exit(net, NFPROTO_IPV4, "security"); in iptable_security_net_pre_exit() 58 ipt_unregister_table_exit(net, "security"); in iptable_security_net_exit()`
/linux/net/ipv6/netfilter/
H A D	ip6table_security.c	`3 * "security" table for IPv6 5 * This is for use by Mandatory Access Control (MAC) security models, 6 * which need to be able to manage security policy in separate context 21 MODULE_DESCRIPTION("ip6tables security table, for MAC rules"); 28 .name = "security", 52 xt_unregister_table_pre_exit(net, NFPROTO_IPV6, "security"); in ip6table_security_net_pre_exit() 57 ip6t_unregister_table_exit(net, "security"); in ip6table_security_net_exit()`

12 3 4 5 6 7 8 9 10 >>...50