Home
last modified time | relevance | path

Searched refs:unconfined (Results 1 – 17 of 17) sorted by relevance

/linux/security/apparmor/include/
H A Dpolicy_ns.h65 struct aa_profile *unconfined; member
84 #define ns_unconfined(NS) (&(NS)->unconfined->label)
115 aa_get_profile(ns->unconfined); in aa_get_ns()
129 aa_put_profile(ns->unconfined); in aa_put_ns()
H A Dlabel.h159 #define unconfined(X) label_unconfined(X) macro
/linux/security/apparmor/
H A Dpolicy_ns.c122 ns->unconfined = alloc_unconfined("unconfined"); in alloc_ns()
123 if (!ns->unconfined) in alloc_ns()
126 ns->unconfined->ns = ns; in alloc_ns()
157 ns->unconfined->ns = NULL; in aa_free_ns()
158 aa_free_profile(ns->unconfined); in aa_free_ns()
381 root_ns->unconfined->ns = aa_get_ns(root_ns); in aa_alloc_root_ns()
H A Ddomain.c66 if (!tracer || unconfined(tracerl)) in may_change_ptraced_domain()
950 if ((bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS) && !unconfined(label) && in apparmor_bprm_creds_for_exec()
989 !unconfined(label) && in apparmor_bprm_creds_for_exec()
1245 if (task_no_new_privs(current) && !unconfined(label) && !ctx->nnp) in aa_change_hat()
1251 if (unconfined(label)) { in aa_change_hat()
1287 if (task_no_new_privs(current) && !unconfined(label) && in aa_change_hat()
1309 if (task_no_new_privs(current) && !unconfined(label) && in aa_change_hat()
1413 if (task_no_new_privs(current) && !unconfined(label) && !ctx->nnp) in aa_change_profile()
1439 if (!stack && unconfined(label) && in aa_change_profile()
1440 label == &labels_ns(label)->unconfined->label && in aa_change_profile()
[all …]
H A Daf_unix.c39 if (unconfined(label) || !label_mediates(label, AA_CLASS_FILE)) in unix_fs_perm()
432 if (!unconfined(label)) { in aa_unix_create_perm()
450 if (!unconfined(label)) { in aa_unix_label_sk_perm()
500 if (!unconfined(label)) { in aa_unix_bind_perm()
534 if (!unconfined(label)) { in aa_unix_listen_perm()
555 if (!unconfined(label)) { in aa_unix_accept_perm()
588 if (!unconfined(label)) { in aa_unix_opt_perm()
H A Dlsm.c178 if (!unconfined(label)) { in apparmor_capget()
203 if (!unconfined(label)) in apparmor_capable()
227 if (!unconfined(label)) in common_perm()
374 if (!unconfined(label)) in apparmor_path_link()
395 if (!unconfined(label)) { in apparmor_path_rename()
483 if (!unconfined(label)) { in apparmor_file_open()
714 if (!unconfined(label)) { in apparmor_sb_mount()
745 if (!unconfined(label)) in apparmor_move_mount()
760 if (!unconfined(label)) in apparmor_sb_umount()
774 if (!unconfined(label)) in apparmor_sb_pivotroot()
[all …]
H A Dtask.c71 if (unconfined(label) || (labels_ns(old) != labels_ns(label))) in aa_replace_current_label()
248 if (profile_unconfined(tracee) || unconfined(tracer) || in profile_tracee_perm()
H A Dsecid.c100 label = aa_label_strn_parse(&root_ns->unconfined->label, secdata, in apparmor_secctx_to_secid()
H A Dnet.c294 if (rcu_access_pointer(ctx->label) != kernel_t && !unconfined(label)) { in aa_label_sk_perm()
349 label = aa_label_strn_parse(&root_ns->unconfined->label, in apparmor_secmark_init()
H A Daudit.c239 rule->label = aa_label_parse(&root_ns->unconfined->label, rulestr, in aa_audit_rule_init()
H A Dfile.c572 return unconfined(obj_label); in __file_is_delegated()
649 if (unconfined(label) || __file_is_delegated(flabel) || in aa_file_perm()
H A Dlabel.c1526 if ((flags & FLAG_SHOW_MODE) && profile != profile->ns->unconfined) { in aa_profile_snxprint()
1552 if (profile == profile->ns->unconfined) in label_modename()
1585 profile != profile->ns->unconfined) in display_mode()
1873 base != &root_ns->unconfined->label)) in aa_label_strn_parse()
H A Dapparmorfs.c2037 &ns->unconfined->label.count, in __aafs_ns_mkdir_entries()
2044 &ns->unconfined->label.count, in __aafs_ns_mkdir_entries()
2051 &ns->unconfined->label.count, in __aafs_ns_mkdir_entries()
2058 &ns->unconfined->label.count, in __aafs_ns_mkdir_entries()
2066 &ns->unconfined->label.count, in __aafs_ns_mkdir_entries()
H A Dpolicy.c649 profile = aa_get_newest_profile(ns->unconfined); in aa_lookupn_profile()
675 profile = aa_get_newest_profile(ns->unconfined); in aa_fqlookupn_profile()
/linux/Documentation/admin-guide/LSM/
H A Dapparmor.rst11 them run in an unconfined state which is equivalent to standard Linux DAC
H A DSmack.rst309 unconfined
866 Another feature of bringup mode is the "unconfined" option. Writing
867 a label to /sys/fs/smackfs/unconfined makes subjects with that label
869 all subjects. Any access that is granted because a label is unconfined
H A Dipe.rst351 …=0 tty=pts0 ses=2 comm="ld-linux.so" exe="/tmp/ipe-test/lib/ld-linux.so" subj=unconfined key=(null)
355 …test" exe="/root/overlake_test/upstream_test/vol_fsverity/bin/mmap_test" subj=unconfined key=(null)