Searched refs:CAP_SETUID (Results 1 – 17 of 17) sorted by relevance
| /kernel/linux/linux-5.10/Documentation/admin-guide/LSM/ |
| D | SafeSetID.rst | 14 to switch to a different user must be spawned with CAP_SETUID privileges.
15 CAP_SETUID is granted to programs running as root or those running as a non-root
16 user that have been explicitly given the CAP_SETUID runtime capability. It is
25 since CAP_SETUID allows changing to any user on the system, including the root
35 other untrusted uids without full blown CAP_SETUID capabilities. The non-root
36 program would still need CAP_SETUID to do any kind of transition, but the
38 of CAP_SETUID since the non-root program cannot take advantage of CAP_SETUID to
41 services without having to give out CAP_SETUID all over the place just so that
45 basically-root-equivalent CAP_SETUID.
112 previously for CAP_SETUID. However, for compatibility with common sandboxing
|
| /kernel/liteos_a/security/cap/ |
| D | capability_type.h | 43 #define CAP_SETUID 7 macro
|
| /kernel/linux/linux-5.10/security/safesetid/ |
| D | lsm.c | 96 if (cap != CAP_SETUID && cap != CAP_SETGID) in safesetid_security_capable()
114 case CAP_SETUID: in safesetid_security_capable()
|
| /kernel/linux/patches/linux-4.19/prebuilts/usr/include/linux/ |
| D | capability.h | 66 #define CAP_SETUID 7 macro
|
| /kernel/linux/patches/linux-5.10/prebuilts/usr/include/linux/ |
| D | capability.h | 77 #define CAP_SETUID 7 macro
|
| /kernel/linux/linux-5.10/include/uapi/linux/ |
| D | capability.h | 157 #define CAP_SETUID 7 macro
|
| /kernel/linux/linux-5.10/tools/testing/selftests/clone3/ |
| D | clone3_cap_checkpoint_restore.c | 101 cap_value_t cap_values[] = { CAP_SETUID, CAP_SETGID }; in set_capability()
|
| /kernel/linux/linux-5.10/security/keys/ |
| D | persistent.c | 149 !ns_capable(ns, CAP_SETUID)) in keyctl_get_persistent()
|
| /kernel/liteos_a/testsuites/unittest/security/capability/smoke/ |
| D | cap_test_001.cpp | 74 capdata[CAP_TO_INDEX(CAP_SYS_NICE)].effective |= CAP_TO_MASK(CAP_SETUID); in TestChild()
|
| /kernel/linux/linux-5.10/tools/testing/selftests/safesetid/ |
| D | safesetid-test.c | 272 cap_value_t cap_values[] = {CAP_SETUID, CAP_SETGID}; in drop_caps()
|
| /kernel/linux/linux-5.10/kernel/ |
| D | user_namespace.c | 1100 return map_write(file, buf, size, ppos, CAP_SETUID, in proc_uid_map_write()
1145 if (cap_setid == CAP_SETUID && !verify_root_map(file, ns, new_map)) in new_idmap_permitted()
1154 if (cap_setid == CAP_SETUID) { in new_idmap_permitted()
|
| D | sys.c | 529 !ns_capable_setid(old->user_ns, CAP_SETUID)) in __sys_setreuid()
538 !ns_capable_setid(old->user_ns, CAP_SETUID)) in __sys_setreuid()
597 if (ns_capable_setid(old->user_ns, CAP_SETUID)) { in __sys_setuid()
659 if (!ns_capable_setid(old->user_ns, CAP_SETUID)) { in __sys_setresuid()
831 ns_capable_setid(old->user_ns, CAP_SETUID)) { in __sys_setfsuid()
|
| /kernel/linux/linux-5.10/net/core/ |
| D | scm.c | 58 uid_eq(uid, cred->suid)) || ns_capable(cred->user_ns, CAP_SETUID)) && in scm_check_creds()
|
| /kernel/liteos_a/syscall/ |
| D | process_syscall.c | 645 if (IsCapPermit(CAP_SETUID)) { in SysSetUserID()
687 if (IsCapPermit(CAP_SETUID)) { in SysSetUserID()
|
| /kernel/liteos_a/fs/proc/os_adapt/ |
| D | process_proc.c | 430 ret = OsUserContainerMapWrite(file, kbuf, size, CAP_SETUID, in ProcIDMapWrite()
|
| /kernel/linux/linux-5.10/security/ |
| D | commoncap.c | 865 if (!ns_capable(new->user_ns, CAP_SETUID) || in cap_bprm_creds_from_file()
|
| /kernel/linux/linux-5.10/security/integrity/ima/ |
| D | ima_policy.c | 531 if (has_capability_noaudit(current, CAP_SETUID)) { in ima_match_rules()
|