Home
last modified time | relevance | path

Searched full:unprivileged (Results 1 – 25 of 145) sorted by relevance

123456

/linux/net/smc/
H A Dsmc_netlink.c39 /* can be retrieved by unprivileged users */
44 /* can be retrieved by unprivileged users */
49 /* can be retrieved by unprivileged users */
54 /* can be retrieved by unprivileged users */
59 /* can be retrieved by unprivileged users */
64 /* can be retrieved by unprivileged users */
69 /* can be retrieved by unprivileged users */
74 /* can be retrieved by unprivileged users */
79 /* can be retrieved by unprivileged users */
101 /* can be retrieved by unprivileged users */
[all …]
/linux/tools/testing/selftests/bpf/progs/
H A Dbpf_misc.h16 * Programs could be loaded in privileged and unprivileged modes.
19 * imply unprivileged mode.
20 * If combination of privileged and unprivileged attributes is present
24 * that differ between privileged and unprivileged modes.
27 * unprivileged mode is derived from the usual program name by adding
36 * __msg_unpriv Same as __msg but for unprivileged mode.
41 * __xlated_unpriv Same as __xlated but for unprivileged mode.
73 * __jited_unpriv Same as __jited but for unprivileged mode.
77 * __success_unpriv Expect program load success in unprivileged mode.
80 * __failure_unpriv Expect program load failure in unprivileged mode.
[all …]
/linux/Documentation/admin-guide/
H A Dperf-security.rst54 ID is 0, referred to as superuser or root), and b) unprivileged
60 Unprivileged processes are subject to a full security permission check
67 files of unprivileged users.
69 Unprivileged processes with enabled CAP_PERFMON capability are treated
87 Prior Linux v5.9 unprivileged processes using perf_events system call
90 So unprivileged processes provided with CAP_SYS_PTRACE capability are
96 Other capabilities being granted to unprivileged processes can
223 Unprivileged users
226 perf_events *scope* and *access* control for unprivileged processes
243 imposed but ignored for unprivileged processes with CAP_IPC_LOCK
[all …]
/linux/include/linux/
H A Dfanotify.h32 * We do not allow unprivileged groups to request permission events.
33 * We do not allow unprivileged groups to get other process pid in events.
34 * We do not allow unprivileged groups to use unlimited resources.
45 * FAN_CLASS_NOTIF is the only class we allow for unprivileged group.
46 * We do not allow unprivileged groups to get file descriptors in events,
H A Dpsi_types.h158 /* Trigger type - PSI_AVGS for unprivileged, PSI_POLL for RT */
180 /* Unprivileged triggers against N*PSI_FREQ windows */
H A Dipc_namespace.h97 * MIN_*: Lowest value an admin can set the maximum unprivileged limit to
98 * DFLT_*MAX: Default values for the maximum unprivileged limits
/linux/Documentation/userspace-api/
H A Dno_new_privs.rst15 - chroot is disallowed to unprivileged processes, since it would allow
49 Unprivileged users are therefore only allowed to install such filters
53 available to an unprivileged user. If everything running with a
60 available to unprivileged tasks if ``no_new_privs`` is set. In principle,
/linux/tools/testing/selftests/x86/
H A Diopl.c259 printf("[RUN]\tiopl(3) unprivileged but with IOPL==3\n"); in main()
261 printf("[FAIL]\tiopl(3) should work if iopl is already 3 even if unprivileged\n"); in main()
265 printf("[RUN]\tiopl(0) unprivileged\n"); in main()
267 printf("[FAIL]\tiopl(0) should work if iopl is already 3 even if unprivileged\n"); in main()
271 printf("[RUN]\tiopl(3) unprivileged\n"); in main()
273 printf("[FAIL]\tiopl(3) should fail if when unprivileged if iopl==0\n"); in main()
/linux/tools/bpf/bpftool/Documentation/
H A Dbpftool-feature.rst26 | **bpftool** **feature probe** [*COMPONENT*] [**full**] [**unprivileged**] [**macros** [**prefix**…
54 When the **unprivileged** keyword is used, bpftool will dump only the
57 small subset of the parameters supported by the system. Unprivileged users
58 MUST use the **unprivileged** keyword: This is to avoid misdetection if
/linux/kernel/bpf/
H A DKconfig74 bool "Disable unprivileged BPF by default"
78 Disables unprivileged BPF by default by setting the corresponding
84 Unprivileged BPF could be used to exploit certain potential
/linux/tools/bpf/bpftool/
H A Dfeature.c207 printf("bpf() syscall for unprivileged users is enabled\n"); in probe_unprivileged_disabled()
269 printf("JIT compiler hardening is enabled for unprivileged users\n"); in probe_jit_harden()
322 printf("Unable to retrieve global memory limit for JIT compiler for unprivileged users\n"); in probe_jit_limit()
325 printf("Global memory limit for JIT compiler for unprivileged users is %ld bytes\n", res); in probe_jit_limit()
570 /* Probe may succeed even if program load fails, for unprivileged users in probe_prog_type()
637 * check required for unprivileged users in probe_map_type()
696 * unprivileged users check that we did not fail because of in probe_helper_for_progtype()
1130 p_err("missing %s, required for full feature probing; run as root or use 'unprivileged'", in handle_perms()
1133 …err("missing %s%s%s%s%s%s%s%srequired for full feature probing; run as root or use 'unprivileged'", in handle_perms()
1238 } else if (is_prefix(*argv, "unprivileged")) { in do_probe()
[all …]
/linux/Documentation/driver-api/early-userspace/
H A Dearly_userspace_support.rst44 built by an unprivileged user.
65 Because device-special files cannot be created by a unprivileged user,
68 early userspace image can be built by an unprivileged user.
/linux/include/uapi/linux/
H A Dublk_cmd.h165 * Unprivileged user can create /dev/ublkcN and /dev/ublkbN.
167 * /dev/ublk-control needs to be available for unprivileged user, and it
169 * unprivileged user. Except for the command of UBLK_CMD_ADD_DEV, all
180 * Then ublk server can be run as unprivileged user, and /dev/ublkbN can
/linux/Documentation/block/
H A Dublk.rst150 permission check, and this command is added for supporting unprivileged
161 unprivileged application needs to query devices the current user owns,
232 Unprivileged ublk device is supported by passing ``UBLK_F_UNPRIVILEGED_DEV``.
233 Once the flag is set, all control commands can be sent by unprivileged
/linux/Documentation/arch/riscv/
H A Duabi.rst10 chapter 27 of the unprivileged specification.
30 after standard unprivileged extensions. If multiple supervisor-level
/linux/Documentation/security/
H A Dself-protection.rst13 In the worst-case scenario, we assume an unprivileged local attacker
119 restricted to the more regular set of normally available to unprivileged
125 The kernel should never allow an unprivileged user the ability to
131 unprivileged socket API is nonsense: only the root or physically local
H A Dlandlock.rst14 including unprivileged ones. Because such a process may be compromised or
19 Landlock is designed to be usable by unprivileged processes while following the
/linux/tools/testing/selftests/bpf/prog_tests/
H A Dunpriv_bpf_disabled.c72 /* Positive tests for unprivileged BPF disabled. Verify we can in test_unpriv_bpf_disabled_positive()
163 /* Negative tests for unprivileged BPF disabled. Verify we cannot in test_unpriv_bpf_disabled_negative()
263 /* ensure unprivileged bpf disabled is set */ in test_unpriv_bpf_disabled()
/linux/tools/testing/selftests/mount/
H A D.gitignore2 unprivileged-remount-test
H A DMakefile7 TEST_GEN_FILES := unprivileged-remount-test nosymfollow-test
H A Drun_unprivileged_remount.sh8 ./unprivileged-remount-test ;
/linux/tools/testing/selftests/cgroup/
H A Dtest_cpuset.c203 * from an unprivileged process, the main process remains privileged in test_cpuset_perms_subtree()
205 * The unprivileged child runs in subtree too to avoid parent and in test_cpuset_perms_subtree()
/linux/arch/arm/kernel/
H A Dspectre.c45 return sprintf(buf, "Vulnerable: Unprivileged eBPF enabled\n"); in cpu_show_spectre_v2()
/linux/Documentation/filesystems/
H A Dfuse.rst298 an unprivileged user - normally restricted from mounting with
302 processes in user namespaces where they're unprivileged. For this
365 Since we are talking about unprivileged userspace programs,
/linux/Documentation/admin-guide/sysctl/
H A Dkernel.rst255 This toggle indicates whether unprivileged users are prevented
498 -EPERM) for unprivileged processes not in the io_uring_group group.
567 unprivileged users.
573 if leaking kernel pointer values to unprivileged users is a concern.
952 Controls use of the performance events system by unprivileged
1445 systems, large numbers of split locks from unprivileged users can result in
1623 Writing 1 to this entry will disable unprivileged calls to ``bpf()``;
1628 Writing 2 to this entry will also disable unprivileged calls to ``bpf()``,
1636 0 Unprivileged calls to ``bpf()`` are enabled
1637 1 Unprivileged calls to ``bpf()`` are disabled without recovery
[all …]

123456