| /linux/security/landlock/ |
| H A D | task.c | 27 * domain_scope_le - Checks domain ordering for scoped ptrace
46 /* @parent is in the scoped hierarchy of @child. */ in domain_scope_le()
115 * domain_is_scoped - Checks if the client domain is scoped in the same
122 * Returns: True if the @client domain is scoped to access the @server,
123 * unless the @server is also scoped in the same domain as @client.
150 * parent domains are scoped. in domain_is_scoped()
169 * hierarchy. If the client is scoped, the request is in domain_is_scoped()
|
| H A D | syscalls.c | 100 ruleset_size += sizeof(ruleset_attr.scoped); in build_check_abi()
219 if ((ruleset_attr.scoped | LANDLOCK_MASK_SCOPE) != LANDLOCK_MASK_SCOPE) in SYSCALL_DEFINE3()
225 ruleset_attr.scoped); in SYSCALL_DEFINE3()
|
| /linux/Documentation/userspace-api/ |
| H A D | landlock.rst | 84 .scoped =
128 ruleset_attr.scoped &= ~(LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET |
320 interactions between sandboxes. Each Landlock domain can be explicitly scoped
330 not scoped. If a process's domain is scoped, it can only connect to sockets
332 Moreover, If a process is scoped to send signal to a non-scoped process, it can
336 scoped, meaning if the domain is scoped after the socket is connected , it can
341 A process with a scoped domain can inherit a socket created by a non-scoped
342 process. The process cannot connect to this socket since it has a scoped
345 IPC scoping does not support exceptions, so if a domain is scoped, no rules can
589 ``LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET`` to the ``scoped`` ruleset attribute.
[all …]
|
| /linux/include/linux/ |
| H A D | kcsan-checks.h | 22 #define KCSAN_ACCESS_SCOPED (1 << 4) /* Access is a scoped access. */
130 /* Scoped access information. */
145 /* Location where scoped access was set up. */
157 * kcsan_begin_scoped_access - begin scoped access
159 * Begin scoped access and initialize @sa, which will cause KCSAN to
163 * Scoped accesses are implemented by appending @sa to an internal list for the
177 * kcsan_end_scoped_access - end scoped access
179 * End a scoped access, which will stop KCSAN checking the memory range.
390 * Scoped variant of ASSERT_EXCLUSIVE_WRITER().
457 * Scoped variant of ASSERT_EXCLUSIVE_ACCESS().
|
| H A D | kcsan.h | 24 int disable_scoped; /* disable scoped access counter */
52 /* List of scoped accesses; likely to be empty. */
57 * Scoped access for modeling access reordering to detect missing memory
|
| /linux/arch/powerpc/mm/book3s64/ |
| H A D | radix_tlb.c | 66 /* Flush process scoped entries. */ in tlbiel_all_isa300()
108 prs = 1; /* process scoped */ in __tlbiel_pid()
122 prs = 1; /* process scoped */ in __tlbie_pid()
136 prs = 0; /* partition scoped */ in __tlbie_lpid()
150 prs = 1; /* process scoped */ in __tlbie_lpid_guest()
166 prs = 1; /* process scoped */ in __tlbiel_va()
182 prs = 1; /* process scoped */ in __tlbie_va()
198 prs = 0; /* partition scoped */ in __tlbie_lpid_va()
1146 * Flush partition scoped LPID address translation for all CPUs.
1159 * Flush partition scoped PWC from LPID for all CPUs.
[all …]
|
| /linux/samples/landlock/ |
| H A D | sandboxer.c | 228 if (!(ruleset_attr->scoped & in check_ruleset_scope()
259 ruleset_attr->scoped &= ~LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET; in check_ruleset_scope()
261 ruleset_attr->scoped &= ~LANDLOCK_SCOPE_SIGNAL; in check_ruleset_scope()
344 .scoped = LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET | in main()
416 ruleset_attr.scoped &= ~(LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET | in main()
|
| /linux/tools/testing/selftests/landlock/ |
| H A D | scoped_signal_test.c | 77 * after getting scoped.
107 * domain is not scoped. in TEST_F()
169 * This test ensures that a scoped process cannot send signal out of
170 * scoped domain.
|
| H A D | scoped_test.c | 24 .scoped = scoped_mask, in TEST()
|
| H A D | scoped_common.h | 17 .scoped = scope, in create_scoped_domain()
|
| H A D | scoped_abstract_unix_test.c | 70 * parent, when they have scoped domain or no domain.
166 * its child, when they have scoped domain or no domain.
302 * grand child processes when they can have scoped or non-scoped domains.
913 * the domain is not scoped. in TEST()
1002 /* Child's domain is scoped. */ in TEST()
|
| /linux/Documentation/security/ |
| H A D | landlock.rst | 12 Landlock's goal is to create scoped access-control (i.e. sandboxing). To
45 sandboxed process shall retain their scoped accesses (at the time of resource
|
| /linux/kernel/kcsan/ |
| H A D | core.c | 212 /* Check scoped accesses; never inline because this is a slow-path! */
568 * 2. Avoid races of scoped accesses from nested interrupts (below). in kcsan_setup_watchpoint()
574 * Avoid races of scoped accesses from nested interrupts (or scheduler). in kcsan_setup_watchpoint()
575 * Assume setting up a watchpoint for a non-scoped (normal) access that in kcsan_setup_watchpoint()
576 * also conflicts with a current scoped access. In a nested interrupt, in kcsan_setup_watchpoint()
577 * which shares the context, it would check a conflicting scoped access. in kcsan_setup_watchpoint()
578 * To avoid, disable scoped access checking. in kcsan_setup_watchpoint()
|
| /linux/include/uapi/linux/ |
| H A D | openat2.h | 36 be scoped inside the dirfd
|
| H A D | landlock.h | 48 * @scoped: Bitmask of scopes (cf. `Scope flags`_)
52 __u64 scoped; member
|
| /linux/tools/include/uapi/linux/ |
| H A D | openat2.h | |
| /linux/Documentation/arch/powerpc/ |
| H A D | ultravisor.rst | 305 scoped page table. But the Hypervisor can provide a hint to the
372 partition-scoped page-table of the SVM. If `dest_gpa` is not shared,
488 scoped page tables for the Hypervisor as well as each of the
490 operates in partition 0 and its partition-scoped page tables
494 scoped and process-scoped page table entries for the Hypervisor
|
| /linux/Documentation/netlink/specs/ |
| H A D | netdev.yaml | 278 are scoped to an interface and queue type.
303 Get device statistics, scoped to a device or a queue.
328 doc: Queue ID, if stats are scoped to a single queue instance.
|
| /linux/Documentation/virt/kvm/arm/ |
| H A D | vcpu-features.rst | 27 system. The ID register values may be VM-scoped in KVM, meaning that the
|
| /linux/net/ipv4/ |
| H A D | ping.c | 343 int addr_type, scoped, has_addr; in ping_check_bind_addr() local
356 scoped = __ipv6_addr_needs_scope_id(addr_type); in ping_check_bind_addr()
359 (scoped && !addr->sin6_scope_id)) in ping_check_bind_addr()
379 scoped); in ping_check_bind_addr()
386 if (scoped) in ping_check_bind_addr()
|
| /linux/Documentation/networking/devlink/ |
| H A D | devlink-region.rst | 17 Snapshot identifiers are scoped to the devlink instance, not a region.
|
| /linux/tools/testing/selftests/openat2/ |
| H A D | helpers.h | 62 be scoped inside the dirfd
|
| /linux/include/acpi/ |
| H A D | actbl1.h | 393 /* Subtable 0: Device Scoped Memory Affinity Structure (DSMAS) */
409 /* Subtable 1: Device scoped Latency and Bandwidth Information Structure (DSLBIS) */
422 /* Subtable 2: Device Scoped Memory Side Cache Information Structure (DSMSCIS) */
431 /* Subtable 3: Device Scoped Initiator Structure (DSIS) */
443 /* Subtable 4: Device Scoped EFI Memory Type Structure (DSEMTS) */
453 /* Subtable 5: Switch Scoped Latency and Bandwidth Information Structure (SSLBIS) */
|
| /linux/Documentation/arch/arm64/ |
| H A D | tagged-address-abi.rst | 87 The ABI properties described above are thread-scoped, inherited on
|
| /linux/net/netfilter/ |
| H A D | nft_lookup.c | 146 * scoped to the rule, but for named sets this can be useful. in nft_lookup_init()
|