Home
last modified time | relevance | path

Searched refs:security (Results 1 – 25 of 25) sorted by relevance

/security/integrity/evm/
DKconfig11 EVM protects a file's security extended attributes against
37 In addition to the original security xattrs (eg. security.selinux,
38 security.SMACK64, security.capability, and security.ima) included
40 Smack xattrs: security.SMACK64EXEC, security.SMACK64TRANSMUTE and
41 security.SMACK64MMAP.
56 /sys/kernel/security/integrity/evm/evm_xattrs.
/security/selinux/
Dxfrm.c67 return selinux_authorizable_ctx(x->security); in selinux_authorizable_xfrm()
183 if (!xp->security) in selinux_xfrm_state_pol_flow_match()
184 if (x->security) in selinux_xfrm_state_pol_flow_match()
191 if (!x->security) in selinux_xfrm_state_pol_flow_match()
199 state_sid = x->security->ctx_sid; in selinux_xfrm_state_pol_flow_match()
224 return x->security->ctx_sid; in selinux_xfrm_skb_sid_egress()
239 struct xfrm_sec_ctx *ctx = x->security; in selinux_xfrm_skb_sid_ingress()
337 return selinux_xfrm_alloc_user(&x->security, uctx, GFP_KERNEL); in selinux_xfrm_state_alloc()
375 x->security = ctx; in selinux_xfrm_state_alloc_acquire()
387 selinux_xfrm_free(x->security); in selinux_xfrm_state_free()
[all …]
DMakefile21 ccflags-y := -I$(srctree)/security/selinux -I$(srctree)/security/selinux/include
Dhooks.c2863 const struct selinux_mnt_opts *src = src_fc->security; in selinux_fs_context_dup()
2869 fc->security = kzalloc(sizeof(struct selinux_mnt_opts), GFP_KERNEL); in selinux_fs_context_dup()
2870 if (!fc->security) in selinux_fs_context_dup()
2873 opts = fc->security; in selinux_fs_context_dup()
2917 rc = selinux_add_opt(opt, param->string, &fc->security); in selinux_fs_context_parse_param()
5644 static int selinux_tun_dev_alloc_security(void **security) in selinux_tun_dev_alloc_security() argument
5653 *security = tunsec; in selinux_tun_dev_alloc_security()
5657 static void selinux_tun_dev_free_security(void *security) in selinux_tun_dev_free_security() argument
5659 kfree(security); in selinux_tun_dev_free_security()
5678 static int selinux_tun_dev_attach_queue(void *security) in selinux_tun_dev_attach_queue() argument
[all …]
DKconfig41 kernel hardening feature for security hooks. Please consider
/security/
DKconfig8 source "security/keys/Kconfig"
23 bool "Enable different security models"
27 This allows you to choose different security modules to be
30 If this option is not selected, the default Linux security
44 various security modules (AppArmor, IMA, SafeSetID, TOMOYO, TPM).
52 This enables the socket and networking security hooks.
53 If enabled, a security module can use these hooks to
61 This enables the Infiniband security hooks.
62 If enabled, a security module can use these hooks to
70 This enables the XFRM (IPSec) networking security hooks.
[all …]
Dsecurity.c535 cred->security = NULL; in lsm_cred_alloc()
539 cred->security = kzalloc(blob_sizes.lbs_cred, gfp); in lsm_cred_alloc()
540 if (cred->security == NULL) in lsm_cred_alloc()
612 task->security = NULL; in lsm_task_alloc()
616 task->security = kzalloc(blob_sizes.lbs_task, GFP_KERNEL); in lsm_task_alloc()
617 if (task->security == NULL) in lsm_task_alloc()
633 kip->security = NULL; in lsm_ipc_alloc()
637 kip->security = kzalloc(blob_sizes.lbs_ipc, GFP_KERNEL); in lsm_ipc_alloc()
638 if (kip->security == NULL) in lsm_ipc_alloc()
654 mp->security = NULL; in lsm_msg_msg_alloc()
[all …]
DMakefile13 obj-$(CONFIG_SECURITY) += security.o
DKconfig.hardening140 suitable as a production security mitigation than pattern
/security/selinux/include/
Dobjsec.h153 return cred->security + selinux_blob_sizes.lbs_cred; in selinux_cred()
172 return msg_msg->security + selinux_blob_sizes.lbs_msg_msg; in selinux_msg_msg()
178 return ipc->security + selinux_blob_sizes.lbs_ipc; in selinux_ipc()
/security/yama/
DKconfig8 system-wide security settings beyond regular Linux discretionary
10 Like capabilities, this security module stacks with other LSMs.
/security/apparmor/include/
Dcred.h24 struct aa_label **blob = cred->security + apparmor_blob_sizes.lbs_cred; in cred_label()
33 struct aa_label **blob = cred->security + apparmor_blob_sizes.lbs_cred; in set_cred_label()
Dtask.h15 return task->security + apparmor_blob_sizes.lbs_task; in task_ctx()
/security/lockdown/
DKconfig15 boot parameters that are otherwise parsed before the security
31 enabled via the kernel commandline or /sys/kernel/security/lockdown.
/security/smack/
Dsmack.h337 return cred->security + smack_blob_sizes.lbs_cred; in smack_cred()
353 return msg->security + smack_blob_sizes.lbs_msg_msg; in smack_msg_msg()
358 return ipc->security + smack_blob_sizes.lbs_ipc; in smack_ipc()
DKconfig13 of other mandatory security schemes.
41 This enables security marking of network packets using
Dsmack_lsm.c623 struct smack_mnt_opts *dst, *src = src_fc->security; in smack_fs_context_dup()
628 fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); in smack_fs_context_dup()
629 if (!fc->security) in smack_fs_context_dup()
631 dst = fc->security; in smack_fs_context_dup()
689 rc = smack_add_opt(opt, param->string, &fc->security); in smack_fs_context_parse_param()
4269 key->security = skp; in smack_key_alloc()
4281 key->security = NULL; in smack_key_free()
4334 if (keyp->security == NULL) in smack_key_permission()
4350 rc = smk_access(tkp, keyp->security, request, &ad); in smack_key_permission()
4351 rc = smk_bu_note("key access", tkp, keyp->security, request, rc); in smack_key_permission()
[all …]
/security/landlock/
Dcred.h26 return cred->security + landlock_blob_sizes.lbs_cred; in landlock_cred()
DKconfig10 tailored access control policies. A Landlock security policy is a
/security/integrity/
DKconfig99 source "security/integrity/ima/Kconfig"
100 source "security/integrity/evm/Kconfig"
/security/loadpin/
DKconfig7 (kernel modules, firmware, kexec images, security policy)
/security/apparmor/
DKconfig13 This enables the AppArmor security module.
/security/tomoyo/
DKconfig39 You can read the log via /sys/kernel/security/tomoyo/audit.
Dcommon.h1222 return task->security + tomoyo_blob_sizes.lbs_task; in tomoyo_task()
/security/integrity/ima/
DKconfig148 It requires the system to be labeled with a security extended
150 the security extended attributes from offline attack, enable