Searched refs:CAP_MAC_ADMIN (Results 1 – 10 of 10) sorted by relevance
| /linux/security/ipe/ |
| H A D | fs.c | 35 if (!file_ns_capable(f, &init_user_ns, CAP_MAC_ADMIN)) in setaudit()
83 if (!file_ns_capable(f, &init_user_ns, CAP_MAC_ADMIN)) in setenforce()
143 if (!file_ns_capable(f, &init_user_ns, CAP_MAC_ADMIN)) { in new_policy()
|
| H A D | policy_fs.c | 216 if (!file_ns_capable(f, &init_user_ns, CAP_MAC_ADMIN)) in setactive()
305 if (!file_ns_capable(f, &init_user_ns, CAP_MAC_ADMIN)) { in update_policy()
356 if (!file_ns_capable(f, &init_user_ns, CAP_MAC_ADMIN)) in delete_policy()
|
| /linux/include/uapi/linux/ |
| H A D | capability.h | 360 #define CAP_MAC_ADMIN 33 macro
|
| /linux/security/safesetid/ |
| H A D | securityfs.c | 243 if (!file_ns_capable(file, &init_user_ns, CAP_MAC_ADMIN)) in safesetid_uid_file_write()
257 if (!file_ns_capable(file, &init_user_ns, CAP_MAC_ADMIN)) in safesetid_gid_file_write()
|
| /linux/Documentation/admin-guide/LSM/ |
| H A D | Smack.rst | 79 name space. A process must have ``CAP_MAC_ADMIN`` to change any of these
124 reading ``/proc/self/attr/current``. A process with ``CAP_MAC_ADMIN``
282 This contains labels processes must have for CAP_MAC_ADMIN
311 a process with ``CAP_MAC_ADMIN`` can write a label into this interface.
321 if it has ``CAP_MAC_ADMIN``. This interface allows a process without
322 ``CAP_MAC_ADMIN`` to relabel itself to one of labels from predefined list.
323 A process without ``CAP_MAC_ADMIN`` can change its label only once. When it
619 A process with CAP_MAC_OVERRIDE or CAP_MAC_ADMIN is privileged.
621 be denied otherwise. CAP_MAC_ADMIN allows a process to change
|
| H A D | ipe.rst | 311 writes to ipe's securityfs nodes require ``CAP_MAC_ADMIN``.
328 all writes to ipe's securityfs nodes require ``CAP_MAC_ADMIN``.
539 all writes to ipe's securityfs nodes require ``CAP_MAC_ADMIN``.
|
| /linux/Documentation/admin-guide/cgroup-v1/ |
| H A D | devices.rst | 49 CAP_MAC_ADMIN, since we really are trying to lock down root.
|
| /linux/security/smack/ |
| H A D | smack_lsm.c | 796 if (!smack_privileged(CAP_MAC_ADMIN)) { in smack_set_mnt_opts()
1340 if (check_priv && !smack_privileged(CAP_MAC_ADMIN)) in smack_inode_setxattr()
1428 * Removing the Smack attribute requires CAP_MAC_ADMIN
1445 if (!smack_privileged(CAP_MAC_ADMIN)) in smack_inode_removexattr()
3737 if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel)) in do_setattr()
3757 if (!smack_privileged(CAP_MAC_ADMIN)) { in do_setattr()
4985 if (smack_privileged_cred(CAP_MAC_ADMIN, current_cred())) in smack_uring_sqpoll()
|
| /linux/security/apparmor/ |
| H A D | policy.c | 871 CAP_MAC_ADMIN) == 0; in aa_policy_admin_capable()
|
| /linux/security/selinux/ |
| H A D | hooks.c | 3297 if (cap_capable(cred, &init_user_ns, CAP_MAC_ADMIN, opts)) in has_cap_mac_admin()
3299 if (cred_has_capability(cred, CAP_MAC_ADMIN, opts, true)) in has_cap_mac_admin()
3578 * If the caller has CAP_MAC_ADMIN, then get the raw context in selinux_inode_getsecurity()
|