| /freebsd/share/man/man9/ |
| H A D | priv.9 | 34 .Nd kernel privilege checking API
51 privilege checking interface.
55 The caller identifies the desired privilege via the
58 .Ss Privilege Policies
60 the superuser policy, which grants privilege based on the effective (or
69 When adding a new privilege check to a code path, first check the complete
72 to see if one already exists for the class of privilege required.
73 Only if there is not an exact match should a new privilege be added to the
74 privilege list.
75 As privilege numbers becomes encoded in the kernel module ABI, privilege
[all …]
|
| H A D | vaccess_acl_nfs4.9 | 66 privilege was required for successful evaluation of the call; the
71 privilege information, or it may point to an integer that will be set to
72 1 if privilege is used, and 0 otherwise.
100 then super-user privilege, if available for the credential, will also be
|
| H A D | vaccess_acl_posix1e.9 | 66 privilege was required for successful evaluation of the call; the
71 privilege information, or it may point to an integer that will be set to
72 1 if privilege is used, and 0 otherwise.
99 then super-user privilege, if available for the credential, will also be
|
| /freebsd/crypto/krb5/src/tests/ |
| H A D | t_kadmin_acl.py | 90 msg = "Operation requires ``change-password'' privilege"
108 expected_msg="Operation requires ``add'' privilege")
123 expected_msg="Operation requires ``add'' privilege")
125 expected_msg="Operation requires ``add'' privilege")
134 expected_msg="Operation requires ``delete'' privilege")
136 expected_msg="Operation requires ``delete'' privilege")
142 expected_msg="Operation requires ``get'' privilege")
155 expected_msg="Operation requires ``get'' privilege")
157 expected_msg="Operation requires ``get'' privilege")
166 expected_msg="Operation requires ``list'' privilege")
[all …]
|
| /freebsd/sys/contrib/device-tree/Bindings/powerpc/ |
| H A D | ibm,powerpc-cpu-features.txt | 13 enablement, privilege, and compatibility metadata.
94 - usable-privilege
104 This property describes the privilege levels and/or software components
118 This property describes the HV privilege support required to enable the
119 feature to lesser privilege levels. If the property does not exist then no
137 This property describes the OS privilege support required to enable the
138 feature to lesser privilege levels. If the property does not exist then no
179 This property may exist when the usable-privilege property value has PR bit set.
213 usable-privilege = <1 | 2 | 4>;
219 usable-privilege = <1 | 2>;
[all …]
|
| /freebsd/crypto/krb5/src/lib/kadm5/ |
| H A D | kadm_err.et | 8 error_code KADM5_AUTH_GET, "Operation requires ``get'' privilege"
9 error_code KADM5_AUTH_ADD, "Operation requires ``add'' privilege"
10 error_code KADM5_AUTH_MODIFY, "Operation requires ``modify'' privilege"
11 error_code KADM5_AUTH_DELETE, "Operation requires ``delete'' privilege"
51 error_code KADM5_AUTH_LIST, "Operation requires ``list'' privilege"
52 error_code KADM5_AUTH_CHANGEPW, "Operation requires ``change-password'' privilege"
57 error_code KADM5_AUTH_SETKEY, "Operation requires ``set-key'' privilege"
67 error_code KADM5_AUTH_EXTRACT, "Operation requires ``extract-keys'' privilege"
|
| /freebsd/sys/kern/ |
| H A D | kern_priv.c | 51 * it is nonzero, an effective uid of 0 connotes special privilege,
53 * uid 0 is offered no special privilege in the kernel security policy.
83 &sysctl_kern_suser_enabled, "I", "Processes with uid 0 have privilege");
119 * privilege. in priv_check_cred_post()
130 * with a privilege error here. in priv_check_cred_post()
144 * Check a credential for privilege. Lots of good reasons to deny privilege;
152 KASSERT(PRIV_VALID(priv), ("priv_check_cred: invalid privilege %d", in priv_check_cred()
164 * privilege unilaterally. in priv_check_cred()
203 * Having determined if privilege is restricted by various policies, in priv_check_cred()
204 * now determine if privilege is granted. At this point, any policy in priv_check_cred()
[all …]
|
| /freebsd/sys/sys/ |
| H A D | priv.h | 33 * Privilege checking interface for BSD kernel.
39 * Privilege list, sorted loosely by kernel subsystem.
42 * there existing instances referring to the same privilege? Third party
44 * modules. Particular numeric privilege assignments are part of the
48 * When adding a new privilege, remember to determine if it's appropriate
49 * for use in jail, and update the privilege switch in prison_priv_check()
54 * Track beginning of privilege list.
60 * number of specific privilege checks, and have (relatively) precise
77 #define PRIV_DRIVER 14 /* Low-level driver privilege. */
154 #define PRIV_MAC_PARTITION 140 /* Privilege in mac_partition policy. */
[all …]
|
| /freebsd/sys/security/mac/ |
| H A D | mac_priv.c | 52 * The MAC Framework interacts with kernel privilege checks in two ways: it
53 * may restrict the granting of privilege to a subject, and it may grant
55 * or both of these entry points. Restriction of privilege by any policy
56 * always overrides granting of privilege by any policy or other privilege
64 * Restrict access to a privilege for a credential. Return failure if any
81 * Grant access to a privilege for a credential. Return success if any
|
| /freebsd/crypto/heimdal/lib/kadm5/ |
| H A D | kadm5_err.et | 12 error_code AUTH_GET, "Operation requires `get' privilege"
13 error_code AUTH_ADD, "Operation requires `add' privilege"
14 error_code AUTH_MODIFY, "Operation requires `modify' privilege"
15 error_code AUTH_DELETE, "Operation requires `delete' privilege"
55 error_code AUTH_LIST, "Operation requires `list' privilege"
56 error_code AUTH_CHANGEPW, "Operation requires `change-password' privilege"
|
| /freebsd/crypto/openssh/ |
| H A D | README.privsep | 1 Privilege separation, or privsep, is method in OpenSSH by which
2 operations that require root privilege are performed by a separate
3 privileged monitor process. Its purpose is to prevent privilege
8 Privilege separation is now mandatory. During the pre-authentication
28 --with-privsep-path=xxx Path for privilege separation chroot
29 --with-privsep-user=user Specify non-privileged user for privilege separation
|
| /freebsd/crypto/krb5/src/util/support/ |
| H A D | secure_getenv.c | 37 * privilege compared to the calling process.
41 * setgid process which is still running with elevated privilege; if we can
43 * dropped privilege with seteuid() or setegid(). These comparisons do not
45 * privilege before the library initializer ran; this is not ideal because such
56 * is run by root and drops privilege, such as Apache httpd. We do not want to
59 * On some platforms a process may have elevated privilege via mechanisms other
|
| /freebsd/sys/dev/sfxge/common/ |
| H A D | ef10_mcdi.c | 290 * Use privilege mask state at MCDI attach. in ef10_mcdi_feature_supported()
296 * Admin privilege must be used prior to introduction of in ef10_mcdi_feature_supported()
304 * Admin privilege used prior to introduction of in ef10_mcdi_feature_supported()
313 * Admin privilege must be used prior to introduction of in ef10_mcdi_feature_supported()
314 * mac spoofing privilege (at v4.6), which is used up to in ef10_mcdi_feature_supported()
315 * introduction of change mac spoofing privilege (at v4.7) in ef10_mcdi_feature_supported()
324 * Admin privilege must be used prior to introduction of in ef10_mcdi_feature_supported()
325 * mac spoofing privilege (at v4.6), which is used up to in ef10_mcdi_feature_supported()
326 * introduction of mac spoofing TX privilege (at v4.7) in ef10_mcdi_feature_supported()
|
| /freebsd/sys/contrib/device-tree/src/powerpc/ |
| H A D | microwatt.dts | 44 usable-privilege = <2>;
49 usable-privilege = <3>;
55 usable-privilege = <2>;
60 usable-privilege = <3>;
65 usable-privilege = <2>;
71 usable-privilege = <3>;
|
| /freebsd/crypto/krb5/src/man/ |
| H A D | kadmin.man | 273 This command requires the \fBadd\fP privilege.
483 This command requires the \fImodify\fP privilege.
519 This command requires the \fBdelete\fP privilege.
532 This command requires the \fBchangepw\fP privilege, or that the
587 This command requires the \fBmodify\fP privilege.
598 This command requires the \fBinquire\fP privilege, or that the principal
650 This command requires the \fBlist\fP privilege.
679 This command requires the \fBinquire\fP privilege.
729 This command requires the \fBmodify\fP privilege.
754 This command requires the \fBdelete\fP privilege.
[all …]
|
| /freebsd/sys/cddl/dev/dtrace/ |
| H A D | dtrace_cddl.h | 154 * Test privilege. Audit success or failure, allow privilege debugging.
161 * Test privilege. Audit success only, no privilege debugging.
168 * Test privilege. No priv_debugging, no auditing.
|
| /freebsd/sys/contrib/device-tree/Bindings/interrupt-controller/ |
| H A D | riscv,imsics.yaml | 18 for each privilege level (machine or supervisor). The configuration of
22 which is same for given privilege level across CPUs (or HARTs).
25 for each privilege level (machine or supervisor) which collectively describe
26 IMSIC interrupt files at that privilege level across CPUs (or HARTs).
33 privilege level (machine or supervisor) encodes group index, HART index,
|
| /freebsd/crypto/krb5/doc/html/_sources/admin/admin_commands/ |
| H A D | kadmin_local.rst.txt | 246 This command requires the **add** privilege.
437 This command requires the *modify* privilege.
473 This command requires the **delete** privilege.
487 This command requires the **changepw** privilege, or that the
533 This command requires the **modify** privilege.
545 This command requires the **inquire** privilege, or that the principal
590 This command requires the **list** privilege.
612 This command requires the **inquire** privilege.
661 This command requires the **modify** privilege.
679 This command requires the **delete** privilege.
[all …]
|
| /freebsd/crypto/krb5/doc/admin/admin_commands/ |
| H A D | kadmin_local.rst | 246 This command requires the **add** privilege.
437 This command requires the *modify* privilege.
473 This command requires the **delete** privilege.
487 This command requires the **changepw** privilege, or that the
533 This command requires the **modify** privilege.
545 This command requires the **inquire** privilege, or that the principal
590 This command requires the **list** privilege.
612 This command requires the **inquire** privilege.
661 This command requires the **modify** privilege.
679 This command requires the **delete** privilege.
[all …]
|
| /freebsd/tests/sys/cddl/zfs/tests/acl/cifs/ |
| H A D | cifs_attr_001_pos.ksh | 38 # PRIV_FILE_OWNER privilege could set/clear DOS attributes.
45 # PRIV_FILE_OWNER privilege
207 # PRIV_FILE_OWNER privilege, it should log_must,
220 "write_attributes permission or PRIV_FILE_OWNER privilege"
257 "write_attributes permission or PRIV_FILE_OWNER privilege"
|
| /freebsd/crypto/krb5/doc/html/appdev/refs/api/ |
| H A D | krb5_pac_init.html | 9 …<title>krb5_pac_init - Create an empty Privilege Attribute Certificate (PAC) handle. — MIT K…
42 …b5-bugs@mit.edu?subject=Documentation__krb5_pac_init - Create an empty Privilege Attribute Certif…
55 <section id="krb5-pac-init-create-an-empty-privilege-attribute-certificate-pac-handle">
56 … - Create an empty Privilege Attribute Certificate (PAC) handle.<a class="headerlink" href="#krb5…
88 <li><a class="reference internal" href="#">krb5_pac_init - Create an empty Privilege Attribute Cer…
152 …b5-bugs@mit.edu?subject=Documentation__krb5_pac_init - Create an empty Privilege Attribute Certif…
|
| /freebsd/tools/regression/priv/ |
| H A D | priv_sched_rtprio.c | 32 * Test privilege associated with real time process settings. There are
33 * three relevant notions of privilege:
35 * - Privilege to set the real-time priority of the current process.
36 * - Privilege to set the real-time priority of another process.
37 * - Privilege to set the idle priority of another process.
38 * - No privilege to set the idle priority of the current process.
|
| H A D | priv_vfs_chown.c | 32 * Confirm that privilege is required in the cases using chown():
56 * Check that changing the uid of a file requires privilege.
86 * privilege as long as the gid matches the process.
120 * without privilege if the gid doesn't match the process.
|
| H A D | priv_proc_setrlimit.c | 33 * requires privilege. We test three cases:
81 * privilege.
108 * without privilege.
136 * privilege.
|
| /freebsd/contrib/wpa/wpa_supplicant/doc/docbook/ |
| H A D | wpa_priv.sgml | 15 <refpurpose>wpa_supplicant privilege separation helper</refpurpose>
31 <para><command>wpa_priv</command> is a privilege separation helper that
38 can be run as non-root user. Privilege separation restricts the effects
58 <command>wpa_supplicant</command> with privilege separation:</para>
|