函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:include\linux\capability.h Create Date:2022-07-27 06:41:17
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:ns_capable

函数原型:static inline bool ns_capable(struct user_namespace *ns, int cap)

返回类型:bool

参数:

类型参数名称
struct user_namespace *ns
intcap
239  返回:true
调用者
名称描述
capable_wrt_inode_uidgidapable_wrt_inode_uidgid - Check nsown_capable and uid and gid mapped*@inode: The inode in question*@cap: The capability in question* Return true if the current task has the given capability targeted at* its own user namespace and that the given inode's
kill_ok_by_credalled with RCU read lock from check_kill_permission()
set_one_prio_permReturns true if current's euid is same as p's uid or euid,* or has CAP_SYS_NICE to p's user_ns.* Called with rcu_read_lock, creds are safe
SYSCALL_DEFINE2
SYSCALL_DEFINE2Only setdomainname; getdomainname can be implemented by calling* uname()
check_prlimit_permission lock must be held
alloc_pid分配进程句柄
copy_namespaces复制名称空间
unshare_nsproxy_namespacesCalled from unshare. Unshare all the namespaces part of nsproxy.* On success, returns the new nsproxy.
SYSCALL_DEFINE4Reboot system call: for obvious reasons only root may call it,* and even root needs to set up some magic numbers in the registers* so that some mistake won't make this reboot the whole machine.* You can also set the meaning of the ctrl-alt-del-key here.
set_permissions
may_setgroups
sched_setaffinity
copy_cgroup_ns
cgroupns_install
cgroup1_get_tree
utsns_install
new_idmap_permitted
userns_install
pidns_install
ipcpermspcperms - check ipc permissions*@ns: ipc namespace*@ipcp: ipc permission set*@flag: desired permission set* Check user, group, other permissions for access* to ipc resources. return 0 if allowed*@flag will most probably be 0 or ``S_
ipcctl_obtain_checkpcctl_obtain_check - retrieve an ipc object and check permissions*@ns: ipc namespace*@ids: the table of ids where to look for the ipc*@id: the id of the ipc to retrieve*@cmd: the cmd to check*@perm: the permission to set*@extra_perm: one extra permission
shmctl_do_lock
ipcns_install
keyctl_get_persistentGet the persistent keyring for a specific UID and link it to the nominated* keyring.
cap_ptrace_access_checkap_ptrace_access_check - Determine whether the current process may access* another*@child: The process to be accessed*@mode: The mode of attachment.* If we are in the same or an ancestor user_ns and have all the target
cap_convert_nscapUser requested a write of security.capability. If needed, update the* xattr to change from v2 to v3, or to fixup the v3 rootid.* If all is ok, we return the new size, on error return < 0.
cap_bprm_set_credsap_bprm_set_creds - Set up the proposed credentials for execve().*@bprm: The execution parameters, including the proposed creds* Set up the proposed credentials for a new execution context being* constructed by execve()
cap_inode_setxattrap_inode_setxattr - Determine whether an xattr may be altered*@dentry: The inode/dentry being altered*@name: The name of the xattr to be changed*@value: The value that the xattr will be changed to*@size: The size of value*@flags: The replacement flag*
cap_inode_removexattrap_inode_removexattr - Determine whether an xattr may be removed*@dentry: The inode/dentry being altered*@name: The name of the xattr to be changed* Determine whether an xattr may be removed from an inode, returning 0 if
cap_safe_niceRationale: code calling task_setscheduler, task_setioprio, and* task_setnice, assumes that*
cap_prctl_dropImplement PR_CAPBSET_DROP. Attempt to remove the specified capability from* the current task's bounding set. Returns 0 on success, -ve on error.
policy_admin_capable
yama_ptrace_access_checkyama_ptrace_access_check - validate PTRACE_ATTACH calls*@child: task that current task is attempting to ptrace*@mode: ptrace attach mode* Returns 0 if following the ptrace is allowed, -ve on error.
ksys_chroot
mount_capable
ioctl_fsfreeze
ioctl_fsthaw
inode_owner_or_capablede_owner_or_capable - check current task permissions to inode*@inode: inode being checked* Return true if current either has CAP_FOWNER in a namespace with the* inode owner uid mapped, or owns the file.
chown_ok
chgrp_ok
do_umount
may_mountIs the caller allowed to modify his namespace?
do_remounthange filesystem flags. dir should be a physical root of filesystem.* If you've mounted a non-root directory somewhere and want to do remount* on it - tough luck.
mntns_install
SYSCALL_DEFINE2Open a filesystem by name so that it can be configured for mounting.* We are allowed to specify a container in which the filesystem will be* opened, thereby indicating which namespaces will be used (notably, which
SYSCALL_DEFINE3Pick a superblock into a context for reconfiguration.
vfs_fsconfig_lockedCheck the state and apply the configuration. Note that this function is* allowed to 'steal' the value by setting param->xxx to NULL before returning.