| /kernel/ |
| D | nsproxy.c | 68 struct task_struct *tsk, struct user_namespace *user_ns, in create_new_namespaces() argument
78 new_nsp->mnt_ns = copy_mnt_ns(flags, tsk->nsproxy->mnt_ns, user_ns, new_fs); in create_new_namespaces()
84 new_nsp->uts_ns = copy_utsname(flags, user_ns, tsk->nsproxy->uts_ns); in create_new_namespaces()
90 new_nsp->ipc_ns = copy_ipcs(flags, user_ns, tsk->nsproxy->ipc_ns); in create_new_namespaces()
97 copy_pid_ns(flags, user_ns, tsk->nsproxy->pid_ns_for_children); in create_new_namespaces()
103 new_nsp->cgroup_ns = copy_cgroup_ns(flags, user_ns, in create_new_namespaces()
110 new_nsp->net_ns = copy_net_ns(flags, user_ns, tsk->nsproxy->net_ns); in create_new_namespaces()
116 new_nsp->time_ns_for_children = copy_time_ns(flags, user_ns, in create_new_namespaces()
154 struct user_namespace *user_ns = task_cred_xxx(tsk, user_ns); in copy_namespaces() local
164 } else if (!ns_capable(user_ns, CAP_SYS_ADMIN)) in copy_namespaces()
[all …]
|
| D | utsname.c | 45 static struct uts_namespace *clone_uts_ns(struct user_namespace *user_ns, in clone_uts_ns() argument
53 ucounts = inc_uts_namespaces(user_ns); in clone_uts_ns()
71 ns->user_ns = get_user_ns(user_ns); in clone_uts_ns()
90 struct user_namespace *user_ns, struct uts_namespace *old_ns) in copy_utsname() argument
100 new_ns = clone_uts_ns(user_ns, old_ns); in copy_utsname()
109 put_user_ns(ns->user_ns); in free_uts_ns()
145 if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) || in utsns_install()
146 !ns_capable(nsset->cred->user_ns, CAP_SYS_ADMIN)) in utsns_install()
157 return to_uts_ns(ns)->user_ns; in utsns_owner()
|
| D | pid_namespace.c | 71 static struct pid_namespace *create_pid_namespace(struct user_namespace *user_ns, in create_pid_namespace() argument
80 if (!in_userns(parent_pid_ns->user_ns, user_ns)) in create_pid_namespace()
86 ucounts = inc_pid_namespaces(user_ns); in create_pid_namespace()
109 ns->user_ns = get_user_ns(user_ns); in create_pid_namespace()
129 put_user_ns(ns->user_ns); in delayed_free_pidns()
143 struct user_namespace *user_ns, struct pid_namespace *old_ns) in copy_pid_ns() argument
149 return create_pid_namespace(user_ns, old_ns); in copy_pid_ns()
283 if (write && !checkpoint_restore_ns_capable(pid_ns->user_ns)) in pid_ns_ctl_handler()
398 if (!ns_capable(new->user_ns, CAP_SYS_ADMIN) || in pidns_install()
399 !ns_capable(nsset->cred->user_ns, CAP_SYS_ADMIN)) in pidns_install()
[all …]
|
| D | uid16.c | 70 ruid = high2lowuid(from_kuid_munged(cred->user_ns, cred->uid)); in SYSCALL_DEFINE3()
71 euid = high2lowuid(from_kuid_munged(cred->user_ns, cred->euid)); in SYSCALL_DEFINE3()
72 suid = high2lowuid(from_kuid_munged(cred->user_ns, cred->suid)); in SYSCALL_DEFINE3()
93 rgid = high2lowgid(from_kgid_munged(cred->user_ns, cred->gid)); in SYSCALL_DEFINE3()
94 egid = high2lowgid(from_kgid_munged(cred->user_ns, cred->egid)); in SYSCALL_DEFINE3()
95 sgid = high2lowgid(from_kgid_munged(cred->user_ns, cred->sgid)); in SYSCALL_DEFINE3()
117 struct user_namespace *user_ns = current_user_ns(); in groups16_to_user() local
124 group = high2lowgid(from_kgid_munged(user_ns, kgid)); in groups16_to_user()
135 struct user_namespace *user_ns = current_user_ns(); in groups16_from_user() local
144 kgid = make_kgid(user_ns, low2highgid(group)); in groups16_from_user()
|
| D | groups.c | 40 struct user_namespace *user_ns = current_user_ns(); in groups_to_user() local
46 gid = from_kgid_munged(user_ns, group_info->gid[i]); in groups_to_user()
57 struct user_namespace *user_ns = current_user_ns(); in groups_from_user() local
67 kgid = make_kgid(user_ns, gid); in groups_from_user()
187 struct user_namespace *user_ns = current_user_ns(); in may_setgroups() local
189 return ns_capable_setid(user_ns, CAP_SETGID) && in may_setgroups()
190 userns_may_setgroups(user_ns); in may_setgroups()
|
| D | cred.c | 63 .user_ns = &init_user_ns,
127 put_user_ns(cred->user_ns); in put_cred_rcu()
277 get_user_ns(new->user_ns); in prepare_creds()
413 const struct user_namespace *set_ns = set->user_ns; in cred_cap_issubset()
414 const struct user_namespace *subset_ns = subset->user_ns; in cred_cap_issubset()
501 if (new->user != old->user || new->user_ns != old->user_ns) in commit_creds()
506 if (new->user != old->user || new->user_ns != old->user_ns) in commit_creds()
680 if (old_ucounts->ns == new->user_ns && uid_eq(old_ucounts->uid, new->uid)) in set_cred_ucounts()
683 if (!(new_ucounts = alloc_ucounts(new->user_ns, new->uid))) in set_cred_ucounts()
741 get_user_ns(new->user_ns); in prepare_kernel_cred()
|
| D | user_namespace.c | 43 static void set_cred_user_ns(struct cred *cred, struct user_namespace *user_ns) in set_cred_user_ns() argument
59 cred->user_ns = user_ns; in set_cred_user_ns()
84 struct user_namespace *ns, *parent_ns = new->user_ns; in create_user_ns()
883 const struct user_namespace *file_ns = file->f_cred->user_ns; in verify_root_map()
1322 struct user_namespace *user_ns; in userns_get() local
1325 user_ns = get_user_ns(__task_cred(task)->user_ns); in userns_get()
1328 return user_ns ? &user_ns->ns : NULL; in userns_get()
1338 struct user_namespace *user_ns = to_user_ns(ns); in userns_install() local
1344 if (user_ns == current_user_ns()) in userns_install()
1354 if (!ns_capable(user_ns, CAP_SYS_ADMIN)) in userns_install()
[all …]
|
| D | sys.c | 180 if (ns_capable(pcred->user_ns, CAP_SYS_NICE)) in set_one_prio_perm()
254 uid = make_kuid(cred->user_ns, who); in SYSCALL_DEFINE3()
322 uid = make_kuid(cred->user_ns, who); in SYSCALL_DEFINE2()
392 ns_capable_setid(old->user_ns, CAP_SETGID)) in __sys_setregid()
401 ns_capable_setid(old->user_ns, CAP_SETGID)) in __sys_setregid()
451 if (ns_capable_setid(old->user_ns, CAP_SETGID)) in __sys_setgid()
550 !ns_capable_setid(old->user_ns, CAP_SETUID)) in __sys_setreuid()
559 !ns_capable_setid(old->user_ns, CAP_SETUID)) in __sys_setreuid()
623 if (ns_capable_setid(old->user_ns, CAP_SETUID)) { in __sys_setuid()
700 !ns_capable_setid(old->user_ns, CAP_SETUID)) in __sys_setresuid()
[all …]
|
| D | tsacct.c | 20 void bacct_add_tsk(struct user_namespace *user_ns, in bacct_add_tsk() argument
62 stats->ac_uid = from_kuid_munged(user_ns, tcred->uid); in bacct_add_tsk()
63 stats->ac_gid = from_kgid_munged(user_ns, tcred->gid); in bacct_add_tsk()
|
| D | ucount.c | 43 struct user_namespace *user_ns = in set_permissions() local
48 if (ns_capable(user_ns, CAP_SYS_RESOURCE)) in set_permissions()
|
| D | acct.c | 516 ac.ac_uid = from_kuid_munged(file->f_cred->user_ns, orig_cred->uid); in do_acct_process()
517 ac.ac_gid = from_kgid_munged(file->f_cred->user_ns, orig_cred->gid); in do_acct_process()
|
| D | pid.c | 81 .user_ns = &init_user_ns,
203 if (!checkpoint_restore_ns_capable(tmp->user_ns)) in alloc_pid()
|
| D | taskstats.c | 174 static void fill_stats(struct user_namespace *user_ns, in fill_stats() argument
192 bacct_add_tsk(user_ns, pid_ns, stats, tsk); in fill_stats()
|
| D | ptrace.c | 56 !ptracer_capable(tsk, mm->user_ns))) { in ptrace_access_vm()
334 if (ptrace_has_cap(tcred->user_ns, mode)) in __ptrace_may_access()
353 !ptrace_has_cap(mm->user_ns, mode))) in __ptrace_may_access()
|
| D | fork.c | 888 put_user_ns(mm->user_ns); in __mmdrop()
1218 struct user_namespace *user_ns) in mm_init() argument
1264 mm->user_ns = get_user_ns(user_ns); in mm_init()
1638 if (!mm_init(mm, tsk, mm->user_ns)) in dup_mm()
|
| D | signal.c | 835 ns_capable(tcred->user_ns, CAP_KILL); in kill_ok_by_cred()
1151 from_kuid_munged(task_cred_xxx(t, user_ns), in __send_signal_locked()
1250 t_user_ns = task_cred_xxx(t, user_ns); in send_signal_locked()
2091 info.si_uid = from_kuid_munged(task_cred_xxx(tsk->parent, user_ns), in do_notify_parent()
2182 info.si_uid = from_kuid_munged(task_cred_xxx(parent, user_ns), task_uid(tsk)); in do_notify_parent_cldstop()
|
| D | reboot.c | 710 if (!ns_capable(pid_ns->user_ns, CAP_SYS_BOOT)) in SYSCALL_DEFINE4()
|
| /kernel/cgroup/ |
| D | namespace.c | 44 put_user_ns(ns->user_ns); in free_cgroup_ns()
51 struct user_namespace *user_ns, in copy_cgroup_ns() argument
66 if (!ns_capable(user_ns, CAP_SYS_ADMIN)) in copy_cgroup_ns()
69 ucounts = inc_cgroup_namespaces(user_ns); in copy_cgroup_ns()
86 new_ns->user_ns = get_user_ns(user_ns); in copy_cgroup_ns()
103 if (!ns_capable(nsset->cred->user_ns, CAP_SYS_ADMIN) || in cgroupns_install()
104 !ns_capable(cgroup_ns->user_ns, CAP_SYS_ADMIN)) in cgroupns_install()
141 return to_cg_ns(ns)->user_ns; in cgroupns_owner()
|
| D | cgroup-v1.c | 518 !ns_capable(tcred->user_ns, CAP_SYS_NICE)) in __cgroup1_procs_write()
560 if ((ctx->ns->user_ns != &init_user_ns) || in cgroup_release_agent_write()
985 if ((fc->user_ns != &init_user_ns) || !capable(CAP_SYS_ADMIN)) in cgroup1_parse_param()
1242 if (!ns_capable(ctx->ns->user_ns, CAP_SYS_ADMIN)) in cgroup1_get_tree()
|
| D | cgroup.c | 217 .user_ns = &init_user_ns,
2269 put_user_ns(fc->user_ns); in cgroup_init_fs_context()
2270 fc->user_ns = get_user_ns(ctx->ns->user_ns); in cgroup_init_fs_context()
6107 get_user_ns(init_cgroup_ns.user_ns); in cgroup_init()
|
| /kernel/time/ |
| D | namespace.c | 78 static struct time_namespace *clone_time_ns(struct user_namespace *user_ns, in clone_time_ns() argument
86 ucounts = inc_time_namespaces(user_ns); in clone_time_ns()
107 ns->user_ns = get_user_ns(user_ns); in clone_time_ns()
134 struct user_namespace *user_ns, struct time_namespace *old_ns) in copy_time_ns() argument
139 return clone_time_ns(user_ns, old_ns); in copy_time_ns()
232 put_user_ns(ns->user_ns); in free_time_ns()
294 if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) || in timens_install()
295 !ns_capable(nsset->cred->user_ns, CAP_SYS_ADMIN)) in timens_install()
326 return to_time_ns(ns)->user_ns; in timens_owner()
375 if (!file_ns_capable(file, time_ns->user_ns, CAP_SYS_TIME)) { in proc_timens_set_offset()
[all …]
|
| /kernel/trace/ |
| D | trace_events_user.c | 184 static char *user_event_group_system_name(struct user_namespace *user_ns) in user_event_group_system_name() argument
189 if (user_ns != &init_user_ns) { in user_event_group_system_name()
210 *user_event_group_from_user_ns(struct user_namespace *user_ns) in user_event_group_from_user_ns() argument
212 if (user_ns == &init_user_ns) in user_event_group_from_user_ns()
220 struct user_namespace *user_ns = current_user_ns(); in current_user_event_group() local
223 while (user_ns) { in current_user_event_group()
224 group = user_event_group_from_user_ns(user_ns); in current_user_event_group()
229 user_ns = user_ns->parent; in current_user_event_group()
236 *user_event_group_create(struct user_namespace *user_ns) in user_event_group_create() argument
245 group->system_name = user_event_group_system_name(user_ns); in user_event_group_create()
|
| /kernel/sched/ |
| D | core.c | 8404 if (!ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE)) { in sched_setaffinity()
|
| /kernel/events/ |
| D | core.c | 12239 is_capable &= ns_capable(__task_cred(task)->user_ns, CAP_KILL); in perf_check_permission()
|