| /linux-2.6.39/net/rxrpc/ |
| D | ar-security.c | 147 conn->security = sec; in rxrpc_init_client_conn_security()
149 ret = conn->security->init_connection_security(conn); in rxrpc_init_client_conn_security()
151 rxrpc_security_put(conn->security); in rxrpc_init_client_conn_security()
152 conn->security = NULL; in rxrpc_init_client_conn_security()
217 conn->security = sec; in rxrpc_init_server_conn_security()
231 if (call->conn->security) in rxrpc_secure_packet()
232 return call->conn->security->secure_packet( in rxrpc_secure_packet()
243 if (call->conn->security) in rxrpc_verify_packet()
244 return call->conn->security->verify_packet( in rxrpc_verify_packet()
256 if (conn->security) { in rxrpc_clear_conn_security()
[all …]
|
| D | ar-connevent.c | 174 if (conn->security) in rxrpc_process_event()
175 return conn->security->respond_to_challenge( in rxrpc_process_event()
180 if (!conn->security) in rxrpc_process_event()
183 ret = conn->security->verify_response(conn, skb, _abort_code); in rxrpc_process_event()
187 ret = conn->security->init_connection_security(conn); in rxrpc_process_event()
191 conn->security->prime_packet_security(conn); in rxrpc_process_event()
238 ASSERT(conn->security != NULL); in rxrpc_secure_connection()
240 if (conn->security->issue_challenge(conn) < 0) { in rxrpc_secure_connection()
|
| D | Kconfig | 33 tristate "RxRPC Kerberos security"
41 Provide kerberos 4 and AFS kaserver security handling for AF_RXRPC
|
| /linux-2.6.39/Documentation/ |
| D | SecurityBugs | 1 Linux kernel developers take security very seriously. As such, we'd
2 like to know when a security bug is found so that it can be fixed and
3 disclosed as quickly as possible. Please report security bugs to the
4 Linux kernel security team.
8 The Linux kernel security team can be contacted by email at
9 <security@kernel.org>. This is a private list of security officers
11 It is possible that the security team will bring in extra help from
12 area maintainers to understand and fix the security vulnerability.
22 The goal of the Linux kernel security team is to work with the
28 A disclosure date is negotiated by the security team working with the
[all …]
|
| D | apparmor.txt | 3 AppArmor is MAC style security extension for the Linux kernel. It implements
13 If AppArmor should be selected as the default security module then
19 If AppArmor is not the default security module it can be enabled by passing
20 security=apparmor on the kernel's command line.
22 If AppArmor is the default security module it can be disabled by passing
23 apparmor=0, security=XXXX (where XXX is valid security module), on the
|
| D | tomoyo.txt | 13 Build the kernel with CONFIG_SECURITY_TOMOYO=y and pass "security=tomoyo" on
30 TOMOYO Linux: pragmatic and manageable security for Linux
38 The role of "pathname based access control" in security.
47 We believe that inode based security and name based security are complementary
|
| /linux-2.6.39/Documentation/netlabel/ |
| D | introduction.txt | 9 NetLabel is a mechanism which can be used by kernel security modules to attach
10 security attributes to outgoing network packets generated from user space
11 applications and read security attributes from incoming network packets. It
13 layer, and the kernel security module API.
18 network packet's security attributes. If any translation between the network
19 security attributes and those on the host are required then the protocol
22 the NetLabel kernel security module API described below.
38 The purpose of the NetLabel security module API is to provide a protocol
40 to protocol independence, the security module API is designed to be completely
44 Detailed information about the NetLabel security module API can be found in the
|
| D | lsm_interface.txt | 9 NetLabel is a mechanism which can set and retrieve security attributes from
12 The NetLabel security module API is defined in 'include/net/netlabel.h' but a
18 it uses the concept of security attributes to refer to the packet's security
19 labels. The NetLabel security attributes are defined by the
21 NetLabel subsystem converts the security attributes to and from the correct
24 security attributes into whatever security identifiers are in use for their
38 label and the internal LSM security identifier can be time consuming. The
41 LSM has received a packet, used NetLabel to decode its security attributes,
42 and translated the security attributes into a LSM internal identifier the LSM
|
| D | cipso_ipv4.txt | 22 label by using the NetLabel security module API; if the NetLabel "domain" is
31 NetLabel security module API to extract the security attributes of the packet.
37 The CIPSO/IPv4 protocol engine contains a mechanism to translate CIPSO security
42 different security attribute mapping table.
46 The NetLabel system provides a framework for caching security attribute
|
| D | draft-ietf-cipso-ipsecurity-01.txt | 35 Currently the Internet Protocol includes two security options. One of
37 IP datagrams to be labeled with security classifications. This option
38 provides sixteen security classifications and a variable number of handling
39 restrictions. To handle additional security information, such as security
40 categories or compartments, another security option (Type 133) exists and
46 mandatory access controls and multi-level security. These systems are
52 applications of a commercial security option. The BSO and ESO were
54 to support multiple security policies. This Internet Draft provides the
56 security policy. Support for additional security policies shall be
76 This option permits security related information to be passed between
[all …]
|
| /linux-2.6.39/security/ |
| D | Kconfig | 65 Note that LSM security checks are still performed, and may further
86 bool "Enable different security models"
89 This allows you to choose different security modules to be
92 If this option is not selected, the default Linux security
110 This enables the socket and networking security hooks.
111 If enabled, a security module can use these hooks to
119 This enables the XFRM (IPSec) networking security hooks.
120 If enabled, a security module can use these hooks to
132 This enables the security hooks for pathname based access control.
133 If enabled, a security module can use these hooks to
[all …]
|
| /linux-2.6.39/security/selinux/ |
| D | xfrm.c | 73 return selinux_authorizable_ctx(x->security); in selinux_authorizable_xfrm()
120 if (!xp->security) in selinux_xfrm_state_pol_flow_match()
121 if (x->security) in selinux_xfrm_state_pol_flow_match()
128 if (!x->security) in selinux_xfrm_state_pol_flow_match()
136 state_sid = x->security->ctx_sid; in selinux_xfrm_state_pol_flow_match()
176 struct xfrm_sec_ctx *ctx = x->security; in selinux_xfrm_decode_session()
362 err = selinux_xfrm_sec_ctx_alloc(&x->security, uctx, secid); in selinux_xfrm_state_alloc()
373 struct xfrm_sec_ctx *ctx = x->security; in selinux_xfrm_state_free()
383 struct xfrm_sec_ctx *ctx = x->security; in selinux_xfrm_state_delete()
418 struct xfrm_sec_ctx *ctx = x->security; in selinux_xfrm_sock_rcv_skb()
|
| /linux-2.6.39/security/tomoyo/ |
| D | tomoyo.c | 14 new->security = NULL; in tomoyo_cred_alloc_blank()
21 struct tomoyo_domain_info *domain = old->security; in tomoyo_cred_prepare()
22 new->security = domain; in tomoyo_cred_prepare()
35 struct tomoyo_domain_info *domain = cred->security; in tomoyo_cred_free()
67 bprm->cred->security)->users); in tomoyo_bprm_set_creds()
72 bprm->cred->security = NULL; in tomoyo_bprm_set_creds()
78 struct tomoyo_domain_info *domain = bprm->cred->security; in tomoyo_bprm_check_security()
284 cred->security = &tomoyo_kernel_domain; in tomoyo_init()
|
| /linux-2.6.39/security/apparmor/ |
| D | context.c | 79 struct aa_task_cxt *cxt = current_cred()->security; in aa_replace_current_profile()
90 cxt = new->security; in aa_replace_current_profile()
126 cxt = new->security; in aa_set_current_onexec()
153 cxt = new->security; in aa_set_current_hat()
190 cxt = new->security; in aa_restore_previous_profile()
|
| D | lsm.c | 51 aa_free_task_context(cred->security); in apparmor_cred_free()
52 cred->security = NULL; in apparmor_cred_free()
65 cred->security = cxt; in apparmor_cred_alloc_blank()
80 aa_dup_task_context(cxt, old->security); in apparmor_cred_prepare()
81 new->security = cxt; in apparmor_cred_prepare()
90 const struct aa_task_cxt *old_cxt = old->security; in apparmor_cred_transfer()
91 struct aa_task_cxt *new_cxt = new->security; in apparmor_cred_transfer()
522 struct aa_task_cxt *cxt = cred->security; in apparmor_getprocattr()
894 cred->security = cxt; in set_init_cxt()
939 aa_free_task_context(current->real_cred->security); in apparmor_init()
|
| /linux-2.6.39/Documentation/filesystems/caching/ |
| D | cachefiles.txt | 23 (*) A note on security.
314 CacheFiles is implemented to deal properly with the LSM security features of
319 security context that is not appropriate for accessing the cache - either
324 The way CacheFiles works is to temporarily change the security context (fsuid,
325 fsgid and actor security label) that the process acts as - without changing the
326 security context of the process when it the target of an operation performed by
332 (1) Finds the security label attached to the root cache directory and uses
333 that as the security label with which it will create files. By default,
338 (2) Finds the security label of the process which issued the bind request
343 and asks LSM to supply a security ID as which it should act given the
[all …]
|
| /linux-2.6.39/security/apparmor/include/ |
| D | context.h | 92 struct aa_task_cxt *cxt = __task_cred(task)->security; in __aa_task_is_confined()
111 struct aa_task_cxt *cxt = cred->security; in aa_cred_profile()
139 const struct aa_task_cxt *cxt = current_cred()->security; in aa_current_profile()
|
| /linux-2.6.39/fs/jfs/ |
| D | Kconfig | 29 implemented by security modules like SELinux. This option
30 enables an extended attribute handler for file security
33 If you are not using a security module that requires using
34 extended attributes for file security labels, say N.
|
| /linux-2.6.39/drivers/char/tpm/ |
| D | Kconfig | 11 If you have a TPM security chip in your system, which
31 If you have a TPM security chip that is compliant with the
39 If you have a TPM security chip from National Semiconductor
47 If you have a TPM security chip from Atmel say Yes and it
55 If you have a TPM security chip from Infineon Technologies
|
| /linux-2.6.39/fs/ext2/ |
| D | Kconfig | 39 implemented by security modules like SELinux. This option
40 enables an extended attribute handler for file security
43 If you are not using a security module that requires using
44 extended attributes for file security labels, say N.
|
| /linux-2.6.39/security/smack/ |
| D | smack_lsm.c | 39 #define task_security(task) (task_cred_xxx((task), security))
443 struct task_smack *tsp = bprm->cred->security; in smack_bprm_set_creds()
1268 char *tsp = smk_of_task(tsk->cred->security); in smack_file_send_sigiotask()
1332 cred->security = tsp; in smack_cred_alloc_blank()
1345 struct task_smack *tsp = cred->security; in smack_cred_free()
1352 cred->security = NULL; in smack_cred_free()
1373 struct task_smack *old_tsp = old->security; in smack_cred_prepare()
1385 new->security = new_tsp; in smack_cred_prepare()
1398 struct task_smack *old_tsp = old->security; in smack_cred_transfer()
1399 struct task_smack *new_tsp = new->security; in smack_cred_transfer()
[all …]
|
| /linux-2.6.39/kernel/ |
| D | cred.c | 313 new->security = NULL; in prepare_creds()
680 new->security = NULL; in prepare_kernel_cred()
761 if (selinux_is_enabled() && cred->security) { in creds_are_invalid()
762 if ((unsigned long) cred->security < PAGE_SIZE) in creds_are_invalid()
764 if ((*(u32 *)cred->security & 0xffffff00) == in creds_are_invalid()
794 printk(KERN_ERR "CRED: ->security is %p\n", cred->security); in dump_invalid_creds()
795 if ((unsigned long) cred->security >= PAGE_SIZE && in dump_invalid_creds()
796 (((unsigned long) cred->security & 0xffffff00) != in dump_invalid_creds()
799 ((u32*)cred->security)[0], in dump_invalid_creds()
800 ((u32*)cred->security)[1]); in dump_invalid_creds()
|
| /linux-2.6.39/fs/ext3/ |
| D | Kconfig | 40 power failure, which can be a security issue. However,
84 implemented by security modules like SELinux. This option
85 enables an extended attribute handler for file security
88 If you are not using a security module that requires using
89 extended attributes for file security labels, say N.
|
| /linux-2.6.39/drivers/net/ |
| D | ps3_gelic_wireless.h | 89 u16 security; member
120 u16 security; member
164 __be16 security; member
|
| /linux-2.6.39/fs/ext4/ |
| D | Kconfig | 71 implemented by security modules like SELinux. This option
72 enables an extended attribute handler for file security
75 If you are not using a security module that requires using
76 extended attributes for file security labels, say N.
|