Home
last modified time | relevance | path

Searched full:deny (Results 1 – 25 of 159) sorted by relevance

1234567

/linux/security/apparmor/include/
H A Dperms.h71 u32 deny; /* explicit deny, or conflict if allow also set */ member
74 u32 cond; /* set only when ~allow and ~deny */
76 u32 kill; /* set only when ~allow | deny */
77 u32 complain; /* accumulates only used when ~allow & ~deny */
78 u32 prompt; /* accumulates only used when ~allow & ~deny */
81 u32 quiet; /* set only when ~allow | deny */
82 u32 hide; /* set only when ~allow | deny */
110 accum->deny |= addend->deny; in aa_perms_accum_raw()
111 accum->allow &= addend->allow & ~addend->deny; in aa_perms_accum_raw()
115 accum->complain |= addend->complain & ~addend->allow & ~addend->deny; in aa_perms_accum_raw()
[all …]
/linux/samples/seccomp/
H A Dbpf-fancy.c42 DENY, /* Don't passthrough into a label */ in main()
46 JNE(STDIN_FILENO, DENY), in main()
48 JNE((unsigned long)buf, DENY), in main()
50 JGE(sizeof(buf), DENY), in main()
57 DENY, in main()
64 DENY, in main()
69 DENY, in main()
74 DENY, in main()
79 DENY, in main()
/linux/tools/testing/selftests/landlock/
H A Dscoped_base_variants.h39 * \ P2 -> P1 : deny
55 * | P1 --. P1 -> P2 : deny
71 * | P1 ---. P1 -> P2 : deny
72 * '------' \ P2 -> P1 : deny
106 * | \ | P2 -> P1 : deny
123 * |.------. | P1 -> P2 : deny
141 * | .------. | P1 -> P2 : deny
142 * | | P1 . | P2 -> P1 : deny
H A Dscoped_multiple_domain_variants.h28 * | P1----# P2 # | P3 -> P1 : deny
47 * # P1----# P2 # # P3 -> P1 : deny
136 * ###### P3 -> P2 : deny
137 * # P1 #----P2 P3 -> P1 : deny
/linux/Documentation/admin-guide/cgroup-v1/
H A Ddevices.rst25 devices.deny. For instance::
32 echo a > /sys/fs/cgroup/1/devices.deny
62 a cgroup's devices.deny file, all its children will have that entry removed
75 B deny "c 1:3 rwm", "c 116:2 rwm", "b 3:* rwm"
79 # echo "c 116:* r" > A/devices.deny
120 Allowing or denying all by writing 'a' to devices.allow or devices.deny will
126 device cgroups is implemented internally using a behavior (ALLOW, DENY) and a
/linux/tools/testing/selftests/bpf/prog_tests/
H A Dtest_sysctl.c56 .descr = "sysctl:read deny all",
74 /* return DENY; */
95 /* return DENY; */
159 /* else return DENY; */
186 /* else return DENY; */
244 /* else return DENY; */
286 /* else return DENY; */
341 /* else return DENY; */
390 /* else return DENY; */
432 /* else return DENY; */
[all …]
H A Dsock_post_bind.c100 .descr = "bind6 deny specific IP & port",
113 /* return DENY; */
147 /* else return DENY; */
160 .descr = "bind4 deny specific IP & port of TCP, and retry",
173 /* return DENY; */
191 .descr = "bind4 deny specific IP & port of UDP, and retry",
204 /* return DENY; */
222 .descr = "bind6 deny specific IP & port, and retry",
235 /* return DENY; */
H A Dsock_addr.c506 "bind4: bind deny (stream)",
538 "bind4: bind deny (dgram)",
602 "bind6: bind deny (stream)",
634 "bind6: bind deny (dgram)",
700 "bind4: kernel_bind deny (stream)",
732 "bind4: kernel_bind deny (dgram)",
764 "bind6: kernel_bind deny (stream)",
796 "bind6: kernel_bind deny (dgram)",
830 "connect4: connect deny (stream)",
862 "connect4: connect deny (dgram)",
[all …]
H A Dcgroup_dev.c107 if (test__start_subtest("deny-mknod")) in test_cgroup_dev()
111 if (test__start_subtest("deny-read")) in test_cgroup_dev()
114 if (test__start_subtest("deny-write")) in test_cgroup_dev()
117 if (test__start_subtest("deny-mknod-wrong-type")) in test_cgroup_dev()
H A Dsockopt.c110 .descr = "getsockopt: no optval bounds check, deny loading",
158 .descr = "getsockopt: deny writing to ctx->level",
219 .descr = "getsockopt: deny writing to ctx->optname",
262 .descr = "getsockopt: deny bigger ctx->optlen",
353 .descr = "getsockopt: deny writing to ctx->optval",
367 .descr = "getsockopt: deny writing to ctx->optval_end",
485 .descr = "setsockopt: no optval bounds check, deny loading",
658 .descr = "setsockopt: deny ctx->optlen < 0 (except -1)",
677 .descr = "setsockopt: deny ctx->optlen > input optlen",
778 .descr = "setsockopt: deny write ctx->retval",
[all …]
/linux/security/ipe/
H A Dpolicy_tests.c47 " \t DEFAULT \t op=EXECUTE action=DENY\n"
50 "DEFAULT \t op=KMODULE\t\t\t action=DENY\r\n"
104 "DEFAULT action=DENY\n\0"
191 "DEFAULT op=EXECUTE action=DENY\n"
220 "op=EXECUTE dmverity_roothash=1c0d7ee1f8343b7fbe418378e8eb22c061d7dec7 action=DENY\n",
227 "op=EXECUTE fsverity_digest=1c0d7ee1f8343b7fbe418378e8eb22c061d7dec7 action=DENY\n",
/linux/drivers/gpu/drm/xe/
H A Dxe_reg_whitelist.c151 * Print details about the entry added to allow/deny access
160 bool deny; in xe_reg_whitelist_print_entry() local
162 deny = val & RING_FORCE_TO_NONPRIV_DENY; in xe_reg_whitelist_print_entry()
193 deny ? "deny" : "allow", in xe_reg_whitelist_print_entry()
/linux/Documentation/userspace-api/
H A Dcheck_exec.rst96 should always deny such execution if ``SECBIT_EXEC_DENY_INTERACTIVE`` is set.
118 Deny script interpretation if they are not executable, but allow
127 Always interpret scripts, but deny arbitrary user commands.
136 Deny script interpretation if they are not executable, and also deny
/linux/fs/ocfs2/cluster/
H A Dmasklog.h37 * indication of which bits are allowed (allow) or denied (off/deny).
38 * ENTRY deny
39 * EXIT deny
51 * Echoing allow/deny/off string into the logmask files can flip the bits
H A Dmasklog.c27 state = "deny"; in mlog_mask_show()
39 } else if (!strncasecmp(buf, "deny", 4)) { in mlog_mask_store()
/linux/include/linux/
H A Dmman.h193 * This is only applicable if the user has set the Memory-Deny-Write-Execute
203 /* If MDWE is disabled, we have nothing to deny. */ in map_deny_write_exec()
207 /* If the new VMA is not executable, we have nothing to deny. */ in map_deny_write_exec()
/linux/arch/arc/include/asm/
H A Dspinlock.h84 * zero means writer holds the lock exclusively, deny Reader. in arch_read_lock()
140 * deny writer. Otherwise if unlocked grant to writer in arch_write_lock()
307 * zero means writer holds the lock exclusively, deny Reader. in arch_read_trylock()
332 * deny writer. Otherwise if unlocked grant to writer in arch_write_trylock()
/linux/security/
H A Ddevice_cgroup.c291 * - List the exceptions in case the default policy is to deny in devcgroup_seq_show()
582 * root's behavior: allow, devcg's: deny in propagate_exception()
583 * root's behavior: deny, devcg's: deny in propagate_exception()
598 * Modify the exception list using allow/deny rules.
764 * If the default policy is to deny by default, try to remove in devcgroup_update_access()
803 .name = "deny",
/linux/Documentation/security/
H A Dipe.rst310 op=READ integrity_verified=NO label=critical_t action=DENY
322 op=READ integrity_verified=NO label=critical_t action=DENY
328 op=EXECUTE action=DENY
330 op=READ integrity_verified=NO label=critical_t action=DENY
337 DEFAULT op=EXECUTE action=DENY
341 op=READ integrity_verified=NO label=critical_t action=DENY
/linux/tools/testing/selftests/filesystems/
H A Dutils.c200 ret = write_nointr(setgroups_fd, "deny\n", STRLITERALLEN("deny\n")); in write_id_mapping()
201 if (ret != STRLITERALLEN("deny\n")) { in write_id_mapping()
202 syserror("Failed to write \"deny\" to \"/proc/%d/setgroups\"", pid); in write_id_mapping()
501 ret = write_file("/proc/self/setgroups", "deny"); in setup_userns()
/linux/arch/parisc/include/asm/
H A Dspinlock.h88 * zero means writer holds the lock exclusively, deny Reader. in arch_read_trylock()
113 * deny writer. Otherwise if unlocked grant to writer in arch_write_trylock()
/linux/fs/nfsd/
H A Dnfs4state.c408 * st_{access,deny}_bmap field of the stateid, in order to track not
418 * track of access/deny bit combinations; so, e.g., we allow:
420 * OPEN allow read, deny write
421 * OPEN allow both, deny none
422 * DOWNGRADE allow read, deny none
472 /* set share deny for a given stateid */
474 set_deny(u32 deny, struct nfs4_ol_stateid *stp) in set_deny() argument
476 unsigned char mask = 1 << deny; in set_deny()
478 WARN_ON_ONCE(deny > NFS4_SHARE_DENY_BOTH); in set_deny()
482 /* clear share deny for a given stateid */
[all …]
/linux/Documentation/usb/
H A Dauthorization.rst98 There is a similar approach to allow or deny specific USB interfaces.
116 Deny interfaces per default::
/linux/tools/testing/selftests/bpf/
H A DDENYLIST.riscv641 # riscv64 deny list for BPF CI and local vmtest
/linux/Documentation/ABI/stable/
H A Do2cb7 and can be written into with the strings "allow", "deny", or

1234567