Searched refs:unconfined (Results 1 – 13 of 13) sorted by relevance
| /linux/security/apparmor/include/ |
| H A D | policy_ns.h | 40 * @unconfined: special unconfined profile for the namespace
63 struct aa_profile *unconfined; member
82 #define ns_unconfined(NS) (&(NS)->unconfined->label)
113 aa_get_profile(ns->unconfined); in aa_get_ns()
127 aa_put_profile(ns->unconfined); in aa_put_ns()
|
| H A D | label.h | 83 FLAG_UNCONFINED = 2, /* label unconfined only if all */
159 #define unconfined(X) label_unconfined(X) macro
|
| /linux/security/apparmor/ |
| H A D | domain.c | 66 if (!tracer || unconfined(tracerl)) in may_change_ptraced_domain()
373 * find_attach - do attachment search for unconfined processes
711 AA_DEBUG(DEBUG_DOMAIN, "unconfined attached to new label"); in profile_transition()
714 AA_DEBUG(DEBUG_DOMAIN, "unconfined exec no attachment"); in profile_transition()
812 * NOTE: Domain transitions from unconfined are allowed in profile_onexec()
946 * Testing for unconfined must be done before the subset test in apparmor_bprm_creds_for_exec()
948 if ((bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS) && !unconfined(label) && in apparmor_bprm_creds_for_exec()
982 * NOTE: Domain transitions from unconfined and to stacked in apparmor_bprm_creds_for_exec()
987 !unconfined(label) && in apparmor_bprm_creds_for_exec()
1241 * Testing for unconfined mus in aa_change_hat()
[all...] |
| H A D | af_unix.c | 39 if (unconfined(label) || !label_mediates(label, AA_CLASS_FILE)) in unix_fs_perm()
432 if (!unconfined(label)) { in aa_unix_create_perm()
450 if (!unconfined(label)) { in aa_unix_label_sk_perm()
500 if (!unconfined(label)) { in aa_unix_bind_perm()
534 if (!unconfined(label)) { in aa_unix_listen_perm()
555 if (!unconfined(label)) { in aa_unix_accept_perm()
588 if (!unconfined(label)) { in aa_unix_opt_perm()
|
| H A D | task.c | 70 if (unconfined(label) || (labels_ns(old) != labels_ns(label))) in aa_replace_current_label()
72 * if switching to unconfined or a different label namespace in aa_replace_current_label()
247 if (profile_unconfined(tracee) || unconfined(tracer) || in profile_tracee_perm()
|
| H A D | secid.c | 100 label = aa_label_strn_parse(&root_ns->unconfined->label, secdata, in apparmor_secctx_to_secid()
|
| H A D | audit.c | 239 rule->label = aa_label_parse(&root_ns->unconfined->label, rulestr, in aa_audit_rule_init()
|
| H A D | file.c | 567 return unconfined(obj_label); in __file_is_delegated()
622 /* revalidate access, if task is unconfined, or the cached cred in aa_file_perm()
626 * Note: the test for !unconfined(flabel) is to handle file in aa_file_perm()
627 * delegation from unconfined tasks in aa_file_perm()
630 if (unconfined(label) || __file_is_delegated(flabel) || in aa_file_perm()
|
| H A D | label.c | 561 * This checks for subset but taking into account unconfined. IF
562 * @sub contains an unconfined profile that does not have a matching
563 * unconfined in @set then this will not cause the test to fail.
564 * Conversely we don't care about an unconfined in @set that is not in
1522 return snprintf(str, size, "%s", "unconfined"); in aa_profile_snxprint()
1527 if ((flags & FLAG_SHOW_MODE) && profile != profile->ns->unconfined) { in aa_profile_snxprint()
1553 if (profile == profile->ns->unconfined) in label_modename()
1554 /* special case unconfined so stacks with in label_modename()
1555 * unconfined don't report as mixed. ie. in label_modename()
1556 * profile_foo//&:ns1:unconfined (mixe in label_modename()
[all...] |
| H A D | policy.c | 12 * to it determined either by matching "unconfined" tasks against the
16 * visible profiles. Each namespace contains a special "unconfined" profile,
27 * unconfined - special automatically generated unconfined profile
97 "unconfined",
169 * replacements to the unconfined profile.
388 /* set of rules that are mediated by unconfined */
609 /* the unconfined profile is not in the regular profile list */ in aa_lookupn_profile()
610 if (!profile && strncmp(hname, "unconfined", n) == 0) in aa_lookupn_profile()
611 profile = aa_get_newest_profile(ns->unconfined); in aa_lookupn_profile()
[all...] |
| /linux/Documentation/admin-guide/LSM/ |
| H A D | apparmor.rst | 11 them run in an unconfined state which is equivalent to standard Linux DAC
|
| H A D | Smack.rst | 309 unconfined
856 Another feature of bringup mode is the "unconfined" option. Writing
857 a label to /sys/fs/smackfs/unconfined makes subjects with that label
859 all subjects. Any access that is granted because a label is unconfined
|
| H A D | ipe.rst | 338 type=1300 audit(1653364370.067:61): SYSCALL arch=c000003e syscall=9 success=no exit=-13 a0=7f1105a28000 a1=195000 a2=5 a3=812 items=0 ppid=2219 pid=2241 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="ld-linux.so" exe="/tmp/ipe-test/lib/ld-linux.so" subj=unconfined key=(null)
342 type=1300 audit(1653364735.161:64): SYSCALL arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=1000 a2=4 a3=21 items=0 ppid=2219 pid=2472 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="mmap_test" exe="/root/overlake_test/upstream_test/vol_fsverity/bin/mmap_test" subj=unconfined key=(null)
|