commoncap.c - OpenGrok cross reference for /kernel/linux/linux-5.10/security/commoncap.c

Lines Matching full:capability
2 /* Common capabilities, needed by capability.o.
5 #include <linux/capability.h>
51  * cap_capable - Determine whether a task has a particular effective capability
53  * @ns:  The user namespace in which we need the capability
54  * @cap: The capability to check for
57  * Determine whether the nominated task has the specified capability amongst
62  * cap_has_capability() returns 0 when a task has a capability, but the
70 	/* See if cred has the capability in the target user namespace  in cap_capable()
94 		 * If you have a capability in a parent user ns, then you have  in cap_capable()
126  * If we have the ptrace capability to the target user_ns, then ptrace
163  * If parent has the ptrace capability to current's user_ns, then ptrace
190  * cap_capget - Retrieve a task's capability sets
191  * @target: The task from which to retrieve the capability sets
204 	/* Derived from kernel/capability.c:sys_capget. */  in cap_capget()
221 	 * capability  in cap_inh_is_capped()
238  * process's capability sets.  The changes are made to the proposed new
292  * Returns 1 if security.capability has a value, meaning inode_killpriv()
382 	if (strcmp(name, "capability") != 0)  in cap_inode_getsecurity()
445 	/* This comes from a parent namespace.  Return as a v2 capability */  in cap_inode_getsecurity()
490  * User requested a write of security.capability.  If needed, update the
544  * Calculate the new process capability sets from the capability sets attached
588  * Extract the on-exec-apply capability sets for an executable file.
665  * Attempt to get the on-exec apply capability sets for an executable file from
685 	 * explicit that capability bits are limited to s_user_ns and its  in get_file_caps()
742 	 * If the legacy file capability is set, then don't set privs  in handle_privileged_root()
753 	 * capability sets for the file.  in handle_privileged_root()
975 		/* security.capability gets namespaced */  in cap_inode_removexattr()
1157  * Implement PR_CAPBSET_DROP.  Attempt to remove the specified capability from
1220 	 * capability-based-privilege environment.  in cap_task_prctl()
1338  * capability security module.  Returns 0 if this mapping should be allowed
1387 				"capability");  in capability_init()
1391 DEFINE_LSM(capability) = {
1392 	.name = "capability",