to (reference) in projects: security - OpenGrok search results

Project(s)

Full Search
Definition
Symbol
File Path
History
Type

Searched refs:to (Results 1 – 17 of 17) sorted by relevance

/security/
D	Kconfig	11 bool "Restrict unprivileged access to the kernel syslog" 18 unless the dmesg_restrict sysctl is explicitly set to (1). 20 If you are unsure how to answer this question, answer N. 27 This allows you to choose different security modules to be 33 If you are unsure how to answer this question, answer N. 46 If you are unsure how to answer this question, answer N. 53 If enabled, a security module can use these hooks to 55 If you are unsure how to answer this question, answer N. 73 If enabled, a security module can use these hooks to 75 If you are unsure how to answer this question, answer N. [all …]
D	Kconfig.hardening	9 anything passed by reference to another function, under the 11 the initialization. As this regularly leads to exploitable 12 flaws, this plugin is available to identify and zero-initialize 32 function entry time. This has the possibility to have the 46 This leaves the kernel vulnerable to the standard 76 this with CONFIG_KASAN_STACK can lead to a stack overflow 87 initialized. This is intended to eliminate all classes 96 pattern. This is intended to eliminate all classes 98 exposures, even variables that were warned to have been 108 This option will cause a warning to be printed each time the [all …]
D	security.c	679 struct task_struct to) in security_binder_transaction() argument 681 return call_int_hook(binder_transaction, 0, from, to); in security_binder_transaction() 685 struct task_struct to) in security_binder_transfer_binder() argument 687 return call_int_hook(binder_transfer_binder, 0, from, to); in security_binder_transfer_binder() 691 struct task_struct to, struct file file) in security_binder_transfer_file() argument 693 return call_int_hook(binder_transfer_file, 0, from, to, file); in security_binder_transfer_file()
/security/selinux/
D	Kconfig	10 If you are unsure how to answer this question, answer N. 18 to be disabled at boot. If this option is selected, SELinux 20 command line. The purpose of this option is to allow a single 21 kernel image to be distributed with SELinux built in, but not 24 If you are unsure how to answer this question, answer N. 32 This option enables writing to a selinuxfs node 'disable', which 33 allows SELinux to be disabled at runtime prior to the policy load. 35 This option is similar to the selinux=0 boot parameter, but is to 38 to employ. 45 If you are unsure how to answer this question, answer N. [all …]
D	hooks.c	1628 #error Fix SELinux to handle capabilities > 63. 2060 struct task_struct to) in selinux_binder_transaction() argument 2064 u32 tosid = task_sid(to); in selinux_binder_transaction() 2081 struct task_struct to) in selinux_binder_transfer_binder() argument 2084 u32 tosid = task_sid(to); in selinux_binder_transfer_binder() 2092 struct task_struct to, in selinux_binder_transfer_file() argument 2095 u32 sid = task_sid(to); in selinux_binder_transfer_file() 2629 char to = options; in selinux_sb_eat_lsm_opts() local 2666 if (to != from) in selinux_sb_eat_lsm_opts() 2667 memmove(to, from, len); in selinux_sb_eat_lsm_opts() [all …]
/security/integrity/ima/
D	Kconfig	22 to change the contents of an important system file 27 TPM hardware, so that the TPM can prove to a third party 30 to learn more about IMA. 38 TPM PCRs are only reset on a hard reboot. In order to validate 42 Depending on the IMA policy, the measurement list can grow to 52 that IMA uses to maintain the integrity aggregate of the 71 limited to 255 characters. The 'ima-ng' measurement list 126 bool "Enable multiple writes to the IMA policy" 131 appended to the original policy. Have in mind that the rules are 142 It is often useful to be able to read back the IMA policy. It is [all …]
/security/keys/
D	Kconfig	19 to five standard keyrings: UID-specific, GID-specific, session, 22 If you are unsure as to whether this is required, answer N. 33 call that didn't upcall to the kernel to be cached temporarily in the 34 task_struct. The cache is cleared by exit and just prior to the 38 wants to request a key that is likely the same as the one requested 39 by the last step to save on the searching. 42 filesystem in which each method needs to request an authentication 57 LSMs gets to rule on which admin-level processes get to access the 72 (for example Kerberos ticket caches). The data may be stored out to 75 If you are unsure as to whether this is required, answer N. [all …]
/security/integrity/evm/
D	Kconfig	14 If you are unsure how to answer this question, answer N. 27 additional info to the calculation, requires existing EVM 28 labeled file systems to be relabeled. 37 In addition to the original security xattrs (eg. security.selinux, 44 additional info to the calculation, requires existing EVM 45 labeled file systems to be relabeled. 52 Allow userland to provide additional xattrs for HMAC calculation. 54 When this option is enabled, root can add additional xattrs to the 66 onto the '.evm' trusted keyring. A public key can be used to
/security/smack/
D	Kconfig	`14 If you are unsure how to answer this question, answer N. 26 rules. The developer can use the information to 30 This is a superior mechanism to the oft abused 32 If you are unsure how to answer this question, answer N. 43 If you are unsure how to answer this question, answer N. 50 Sending a signal has been treated as a write operation to the 53 to differentiate between delivering a network packet and 55 If you are unsure how to answer this question, answer N.`
D	smack_lsm.c	`724 char from = options, to = options; in smack_sb_eat_lsm_opts() local 753 if (to != from) in smack_sb_eat_lsm_opts() 754 memmove(to, from, len); in smack_sb_eat_lsm_opts() 755 to += len; in smack_sb_eat_lsm_opts() 762 *to = '\0'; in smack_sb_eat_lsm_opts()`
/security/safesetid/
D	Kconfig	`3 bool "Gate setid transitions to limit CAP_SET{U/G}ID capabilities" 8 SafeSetID is an LSM module that gates the setid family of syscalls to 9 restrict UID/GID transitions from a given UID/GID to only those 12 with CAP_SET{U/G}ID, such as allowing a user to set up user namespace 15 If you are unsure how to answer this question, answer N.`
/security/lockdown/
D	Kconfig	`14 to ensure that lockdown enforcement can be carried out on kernel 24 The kernel can be configured to default to differing levels of 37 the kernel to be modified at runtime are disabled. 43 allow the kernel to be modified at runtime or that permit userland 44 code to read confidential material held inside the kernel are`
/security/integrity/
D	Kconfig	`15 Refer to the individual components for additional details. 29 to "lock" certain keyring to prevent adding new keys. 51 This option requires that all keys added to the .ima and 80 In addition to enabling integrity auditing support, this`
/security/apparmor/
D	Kconfig	`16 If you are unsure how to answer this question, answer N. 26 is available to userspace via the apparmor filesystem. 36 to verify that policy in the kernel matches what is expected, 67 When enabled, various debug messages will be logged to`
/security/tomoyo/
D	Kconfig	`16 If you are unsure how to answer this question, answer N. 40 If you don't need audit logs, you may set this value to 0. 47 Say Y here if you want to activate access control as soon as built-in 49 operations which can lead to the hijacking of the boot sequence are 77 want to also pass TOMOYO_trigger=/bin/systemd option.`
/security/loadpin/
D	Kconfig	`3 bool "Pin load of kernel files (modules, fw, etc) to one filesystem" 8 can be pinned to the first filesystem used for loading. When`
/security/yama/
D	Kconfig	`14 If you are unsure how to answer this question, answer N.`

Documentation
LICENSES
arch
block
certs
crypto
drivers
fs
include
init
ipc
kernel
lib
mm
net
samples
scripts
security
sound
tools
usr
virt