Home
last modified time | relevance | path

Searched refs:allow_list (Results 1 – 13 of 13) sorted by relevance

/systemd-251/src/nspawn/
Dnspawn-seccomp.c34 } allow_list[] = { in add_syscall_filters() local
145 for (size_t i = 0; i < ELEMENTSOF(allow_list); i++) { in add_syscall_filters()
146 … if (allow_list[i].capability != 0 && (cap_list_retain & (1ULL << allow_list[i].capability)) == 0) in add_syscall_filters()
150 allow_list[i].name, in add_syscall_filters()
156 … return log_error_errno(r, "Failed to add syscall filter item %s: %m", allow_list[i].name); in add_syscall_filters()
/systemd-251/src/network/
Dnetworkd-dhcp-common.h77 …nt family, const union in_addr_union *address, uint8_t prefixlen, Set *allow_list, Set *deny_list);
78 static inline bool in4_address_is_filtered(const struct in_addr *address, Set *allow_list, Set *den… in in4_address_is_filtered() argument
79 …address_is_filtered(AF_INET, &(union in_addr_union) { .in = *address }, 32, allow_list, deny_list); in in4_address_is_filtered()
81 …fix_is_filtered(const struct in6_addr *prefix, uint8_t prefixlen, Set *allow_list, Set *deny_list)… in in6_prefix_is_filtered() argument
82 …is_filtered(AF_INET6, &(union in_addr_union) { .in6 = *prefix }, prefixlen, allow_list, deny_list); in in6_prefix_is_filtered()
Dnetworkd-dhcp-common.c242 …nt family, const union in_addr_union *address, uint8_t prefixlen, Set *allow_list, Set *deny_list)… in address_is_filtered() argument
248 if (allow_list) { in address_is_filtered()
249 SET_FOREACH(p, allow_list) in address_is_filtered()
/systemd-251/src/core/
Dbpf-devices.h10 int bpf_devices_cgroup_init(BPFProgram **ret, CGroupDevicePolicy policy, bool allow_list);
14 bool allow_list,
Dbpf-devices.c165 bool allow_list) { in bpf_devices_cgroup_init() argument
192 if (policy == CGROUP_DEVICE_POLICY_AUTO && !allow_list) in bpf_devices_cgroup_init()
199 if (policy == CGROUP_DEVICE_POLICY_CLOSED || allow_list) { in bpf_devices_cgroup_init()
213 bool allow_list, in bpf_devices_apply_policy() argument
226 const bool deny_everything = policy == CGROUP_DEVICE_POLICY_STRICT && !allow_list; in bpf_devices_apply_policy()
Dbpf-lsm.c206 int lsm_bpf_unit_restrict_filesystems(Unit *u, const Set *filesystems, bool allow_list) { in lsm_bpf_unit_restrict_filesystems() argument
235 uint32_t allow = allow_list; in lsm_bpf_unit_restrict_filesystems()
311 int lsm_bpf_unit_restrict_filesystems(Unit *u, const Set *filesystems, const bool allow_list) { in lsm_bpf_unit_restrict_filesystems() argument
Ddbus-execute.c1984 int allow_list; in bus_exec_context_set_transient_property() local
1991 r = sd_bus_message_read(message, "b", &allow_list); in bus_exec_context_set_transient_property()
2005 FilesystemParseFlags invert_flag = allow_list ? 0 : FILESYSTEM_PARSE_INVERT; in bus_exec_context_set_transient_property()
2016 c->restrict_filesystems_allow_list = allow_list; in bus_exec_context_set_transient_property()
2034 … unit_write_settingf(u, flags, name, "%s=%s%s", name, allow_list ? "" : "~", joined); in bus_exec_context_set_transient_property()
2393 int allow_list; in bus_exec_context_set_transient_property() local
2400 r = sd_bus_message_read(message, "b", &allow_list); in bus_exec_context_set_transient_property()
2414 SeccompParseFlags invert_flag = allow_list ? 0 : SECCOMP_PARSE_INVERT; in bus_exec_context_set_transient_property()
2429 c->syscall_allow_list = allow_list; in bus_exec_context_set_transient_property()
2452 if (allow_list && e >= 0) in bus_exec_context_set_transient_property()
[all …]
Dbpf-lsm.h19 int lsm_bpf_unit_restrict_filesystems(Unit *u, const Set *filesystems, bool allow_list);
/systemd-251/src/analyze/
Danalyze-security.c570 static bool syscall_names_in_filter(Hashmap *s, bool allow_list, const SyscallFilterSet *f, const c… in syscall_names_in_filter() argument
580 if (syscall_names_in_filter(s, allow_list, g, ret_offending_syscall)) in syscall_names_in_filter()
591 if (hashmap_contains(s, syscall) != allow_list) { in syscall_names_in_filter()
2017 int allow_list, r; in property_read_restrict_address_families() local
2027 r = sd_bus_message_read(m, "b", &allow_list); in property_read_restrict_address_families()
2035 info->restrict_address_family_other = allow_list; in property_read_restrict_address_families()
2051 info->restrict_address_family_inet = !allow_list; in property_read_restrict_address_families()
2053 info->restrict_address_family_unix = !allow_list; in property_read_restrict_address_families()
2055 info->restrict_address_family_netlink = !allow_list; in property_read_restrict_address_families()
2057 info->restrict_address_family_packet = !allow_list; in property_read_restrict_address_families()
[all …]
/systemd-251/src/shared/
Dseccomp-util.h98 int seccomp_restrict_address_families(Set *address_families, bool allow_list);
Dseccomp-util.c1413 int seccomp_restrict_address_families(Set *address_families, bool allow_list) { in seccomp_restrict_address_families() argument
1462 if (allow_list) { in seccomp_restrict_address_families()
Dbus-unit-util.c1398 int allow_list = 1; in bus_append_execute_property() local
1402 allow_list = 0; in bus_append_execute_property()
1422 r = sd_bus_message_append_basic(m, 'b', &allow_list); in bus_append_execute_property()
/systemd-251/src/systemctl/
Dsystemctl-show.c1072 int allow_list; in print_property() local
1078 r = sd_bus_message_read(m, "b", &allow_list); in print_property()
1090 … if (FLAGS_SET(flags, BUS_PRINT_PROPERTY_SHOW_EMPTY) || allow_list || !strv_isempty(l)) { in print_property()
1098 if (!allow_list) in print_property()