| /linux/net/smc/ |
| H A D | smc_netlink.c | 39 /* can be retrieved by unprivileged users */
44 /* can be retrieved by unprivileged users */
49 /* can be retrieved by unprivileged users */
54 /* can be retrieved by unprivileged users */
59 /* can be retrieved by unprivileged users */
64 /* can be retrieved by unprivileged users */
69 /* can be retrieved by unprivileged users */
74 /* can be retrieved by unprivileged users */
79 /* can be retrieved by unprivileged users */
101 /* can be retrieved by unprivileged users */
[all …]
|
| /linux/tools/testing/selftests/bpf/progs/ |
| H A D | bpf_misc.h | 16 * Programs could be loaded in privileged and unprivileged modes.
19 * imply unprivileged mode.
20 * If combination of privileged and unprivileged attributes is present
24 * that differ between privileged and unprivileged modes.
27 * unprivileged mode is derived from the usual program name by adding
42 * __msg_unpriv Same as __msg but for unprivileged mode.
43 * __not_msg_unpriv Same as __not_msg but for unprivileged mode.
54 * __xlated_unpriv Same as __xlated but for unprivileged mode.
86 * __jited_unpriv Same as __jited but for unprivileged mode.
90 * __success_unpriv Expect program load success in unprivileged mode.
[all …]
|
| /linux/Documentation/admin-guide/ |
| H A D | perf-security.rst | 54 ID is 0, referred to as superuser or root), and b) unprivileged
60 Unprivileged processes are subject to a full security permission check
67 files of unprivileged users.
69 Unprivileged processes with enabled CAP_PERFMON capability are treated
87 Prior Linux v5.9 unprivileged processes using perf_events system call
90 So unprivileged processes provided with CAP_SYS_PTRACE capability are
96 Other capabilities being granted to unprivileged processes can
223 Unprivileged users
226 perf_events *scope* and *access* control for unprivileged processes
243 imposed but ignored for unprivileged processes with CAP_IPC_LOCK
[all …]
|
| /linux/include/linux/ |
| H A D | fanotify.h | 32 * We do not allow unprivileged groups to request permission events.
33 * We do not allow unprivileged groups to get other process pid in events.
34 * We do not allow unprivileged groups to use unlimited resources.
45 * FAN_CLASS_NOTIF is the only class we allow for unprivileged group.
46 * We do not allow unprivileged groups to get file descriptors in events,
|
| H A D | psi_types.h | 156 /* Trigger type - PSI_AVGS for unprivileged, PSI_POLL for RT */
178 /* Unprivileged triggers against N*PSI_FREQ windows */
|
| H A D | ipc_namespace.h | 97 * MIN_*: Lowest value an admin can set the maximum unprivileged limit to
98 * DFLT_*MAX: Default values for the maximum unprivileged limits
|
| /linux/Documentation/userspace-api/ |
| H A D | no_new_privs.rst | 15 - chroot is disallowed to unprivileged processes, since it would allow
49 Unprivileged users are therefore only allowed to install such filters
53 available to an unprivileged user. If everything running with a
60 available to unprivileged tasks if ``no_new_privs`` is set. In principle,
|
| /linux/tools/bpf/bpftool/Documentation/ |
| H A D | bpftool-feature.rst | 26 | **bpftool** **feature probe** [*COMPONENT*] [**full**] [**unprivileged**] [**macros** [**prefix**…
54 When the **unprivileged** keyword is used, bpftool will dump only the
57 small subset of the parameters supported by the system. Unprivileged users
58 MUST use the **unprivileged** keyword: This is to avoid misdetection if
|
| /linux/Documentation/filesystems/fuse/ |
| H A D | fuse-passthrough.rst | 73 This behavior leads to two main issues for unprivileged FUSE daemons:
85 (``RLIMIT_NOFILE``). If an unprivileged daemon could register backing files
102 filesystem stacking scenarios if unprivileged users could set up passthrough.
|
| H A D | fuse.rst | 312 an unprivileged user - normally restricted from mounting with
316 processes in user namespaces where they're unprivileged. For this
379 Since we are talking about unprivileged userspace programs,
|
| /linux/tools/testing/selftests/tty/ |
| H A D | tty_tiocsti_test.c | 44 * unprivileged processes and successfully perform TIOCSTI operations that the
45 * unprivileged process couldn't do directly.
48 * 1. Unprivileged process opens TTY (direct TIOCSTI fails due to lack of
50 * 2. Unprivileged process passes FD to privileged process via SCM_RIGHTS
132 * Since we're testing the scenario where an unprivileged process pass an FD
616 TH_LOG("Privileged parent can use TIOCSTI on FD from unprivileged child"); in TEST_F()
|
| /linux/Documentation/arch/riscv/ |
| H A D | uabi.rst | 10 Chapter 27 of the RISC-V Instruction Set Manual Volume I Unprivileged ISA
32 after standard unprivileged extensions. If multiple supervisor-level
|
| H A D | cmodx.rst | 10 program must enforce its own synchronization with the unprivileged fence.i
45 Though fence.i is an unprivileged instruction, the default Linux ABI prohibits
|
| /linux/tools/testing/selftests/namespaces/ |
| H A D | file_handle_test.c | 32 /* Drop to unprivileged uid/gid */ in TEST()
53 /* Try to open using FD_NSFS_ROOT as unprivileged user */ in TEST()
63 "Permission denied for unprivileged user (expected)"); in TEST()
87 /* Drop to unprivileged uid/gid */ in TEST()
137 /* Drop to unprivileged uid/gid */ in TEST()
187 /* Drop to unprivileged uid/gid */ in TEST()
237 /* Drop to unprivileged uid/gid */ in TEST()
287 /* Drop to unprivileged uid/gid */ in TEST()
337 /* Drop to unprivileged uid/gid */ in TEST()
389 /* Drop to unprivileged uid/gid */ in TEST()
|
| H A D | listns_permissions_test.c | 24 * Test that unprivileged users can only see namespaces they're currently in.
58 /* Create user namespace to be unprivileged */ in TEST()
84 /* Now we're unprivileged - list all network namespaces */ in TEST()
127 TH_LOG("Unprivileged child saw its own namespace, plus %d others (likely init_net)", in TEST()
|
| /linux/Documentation/security/ |
| H A D | self-protection.rst | 13 In the worst-case scenario, we assume an unprivileged local attacker
119 restricted to the more regular set of normally available to unprivileged
125 The kernel should never allow an unprivileged user the ability to
131 unprivileged socket API is nonsense: only the root or physically local
|
| /linux/tools/testing/selftests/bpf/prog_tests/ |
| H A D | unpriv_bpf_disabled.c | 53 /* Positive tests for unprivileged BPF disabled. Verify we can in sysctl_set()
144 /* Negative tests for unprivileged BPF disabled. Verify we cannot in test_unpriv_bpf_disabled_negative()
244 /* ensure unprivileged bpf disabled is set */ in test_unpriv_bpf_disabled()
|
| /linux/tools/testing/selftests/mount/ |
| H A D | .gitignore | 2 unprivileged-remount-test
|
| H A D | Makefile | 7 TEST_GEN_FILES := unprivileged-remount-test nosymfollow-test
|
| H A D | run_unprivileged_remount.sh | 8 ./unprivileged-remount-test ;
|
| /linux/tools/testing/selftests/cgroup/ |
| H A D | test_cpuset.c | 203 * from an unprivileged process, the main process remains privileged in test_cpuset_perms_subtree()
205 * The unprivileged child runs in subtree too to avoid parent and in test_cpuset_perms_subtree()
|
| /linux/arch/arm/kernel/ |
| H A D | spectre.c | 45 return sprintf(buf, "Vulnerable: Unprivileged eBPF enabled\n"); in cpu_show_spectre_v2()
|
| /linux/security/ |
| H A D | Kconfig | 11 bool "Restrict unprivileged access to the kernel syslog"
14 This enforces restrictions on unprivileged users reading the kernel
|
| /linux/fs/smb/server/ |
| H A D | Kconfig | 69 Prevent unprivileged processes to start the ksmbd kernel server.
|
| /linux/arch/arm/boot/dts/xen/ |
| H A D | xenvm-4.2.dts | 3 * Xen Virtual Machine for unprivileged guests
|