| /freebsd-src/share/man/man9/ |
| H A D | priv.9 | 34 .Nd kernel privilege checking API
51 privilege checking interface.
55 The caller identifies the desired privilege via the
58 .Ss Privilege Policies
60 the superuser policy, which grants privilege based on the effective (or
69 When adding a new privilege check to a code path, first check the complete
72 to see if one already exists for the class of privilege required.
73 Only if there is not an exact match should a new privilege be added to the
74 privilege list.
75 As privilege numbers becomes encoded in the kernel module ABI, privilege
[all …]
|
| H A D | vaccess_acl_nfs4.9 | 66 privilege was required for successful evaluation of the call; the
71 privilege information, or it may point to an integer that will be set to
72 1 if privilege is used, and 0 otherwise.
100 then super-user privilege, if available for the credential, will also be
|
| H A D | vaccess_acl_posix1e.9 | 66 privilege was required for successful evaluation of the call; the
71 privilege information, or it may point to an integer that will be set to
72 1 if privilege is used, and 0 otherwise.
99 then super-user privilege, if available for the credential, will also be
|
| H A D | vm_map_check_protection.9 | 45 allows the specified privilege
60 function returns TRUE if the privilege is allowed; if it is not allowed,
|
| /freebsd-src/sys/contrib/device-tree/Bindings/powerpc/ |
| H A D | ibm,powerpc-cpu-features.txt | 13 enablement, privilege, and compatibility metadata.
94 - usable-privilege
104 This property describes the privilege levels and/or software components
118 This property describes the HV privilege support required to enable the
119 feature to lesser privilege levels. If the property does not exist then no
137 This property describes the OS privilege support required to enable the
138 feature to lesser privilege levels. If the property does not exist then no
179 This property may exist when the usable-privilege property value has PR bit set.
213 usable-privilege = <1 | 2 | 4>;
219 usable-privilege = <1 | 2>;
[all …]
|
| /freebsd-src/sys/kern/ |
| H A D | kern_priv.c | 51 * it is nonzero, an effective uid of 0 connotes special privilege,
53 * uid 0 is offered no special privilege in the kernel security policy.
83 &sysctl_kern_suser_enabled, "I", "Processes with uid 0 have privilege");
119 * privilege. in priv_check_cred_post()
130 * with a privilege error here. in priv_check_cred_post()
144 * Check a credential for privilege. Lots of good reasons to deny privilege;
152 KASSERT(PRIV_VALID(priv), ("priv_check_cred: invalid privilege %d", in priv_check_cred()
164 * privilege unilaterally. in priv_check_cred()
203 * Having determined if privilege i in priv_check_cred()
[all...] |
| H A D | subr_acl_posix1e.c | 136 * XXXRW: Do privilege lookup here. in vaccess_acl_posix1e()
210 * XXXRW: Do privilege lookup here. in vaccess_acl_posix1e()
224 * know if we should try again with any available privilege, or if we in vaccess_acl_posix1e()
274 * DAC. Try again, this time with privilege. in vaccess_acl_posix1e()
291 * XXXRW: Do privilege lookup here. in vaccess_acl_posix1e()
313 * XXXRW: Do privilege lookup here. in vaccess_acl_posix1e()
326 * Even with privilege, group membership was not sufficient. in vaccess_acl_posix1e()
346 * XXXRW: Do privilege lookup here. in vaccess_acl_posix1e()
|
| /freebsd-src/sys/security/mac/ |
| H A D | mac_priv.c | 52 * The MAC Framework interacts with kernel privilege checks in two ways: it
53 * may restrict the granting of privilege to a subject, and it may grant
55 * or both of these entry points. Restriction of privilege by any policy
56 * always overrides granting of privilege by any policy or other privilege
64 * Restrict access to a privilege for a credential. Return failure if any
81 * Grant access to a privilege for a credential. Return success if any
|
| /freebsd-src/crypto/openssh/ |
| H A D | README.privsep | 1 Privilege separation, or privsep, is method in OpenSSH by which
2 operations that require root privilege are performed by a separate
3 privileged monitor process. Its purpose is to prevent privilege
8 Privilege separation is now mandatory. During the pre-authentication
28 --with-privsep-path=xxx Path for privilege separation chroot
29 --with-privsep-user=user Specify non-privileged user for privilege separation
|
| /freebsd-src/crypto/heimdal/lib/kadm5/ |
| H A D | kadm5_err.et | 12 error_code AUTH_GET, "Operation requires `get' privilege"
13 error_code AUTH_ADD, "Operation requires `add' privilege"
14 error_code AUTH_MODIFY, "Operation requires `modify' privilege"
15 error_code AUTH_DELETE, "Operation requires `delete' privilege"
55 error_code AUTH_LIST, "Operation requires `list' privilege"
56 error_code AUTH_CHANGEPW, "Operation requires `change-password' privilege"
|
| /freebsd-src/sys/sys/ |
| H A D | priv.h | 33 * Privilege checking interface for BSD kernel.
39 * Privilege list, sorted loosely by kernel subsystem.
42 * there existing instances referring to the same privilege? Third party
44 * modules. Particular numeric privilege assignments are part of the
48 * When adding a new privilege, remember to determine if it's appropriate
49 * for use in jail, and update the privilege switch in prison_priv_check()
54 * Track beginning of privilege list.
60 * number of specific privilege checks, and have (relatively) precise
77 #define PRIV_DRIVER 14 /* Low-level driver privilege. */
154 #define PRIV_MAC_PARTITION 140 /* Privilege i
[all...] |
| /freebsd-src/sys/dev/sfxge/common/ |
| H A D | ef10_mcdi.c | 290 * Use privilege mask state at MCDI attach. in ef10_mcdi_feature_supported()
296 * Admin privilege must be used prior to introduction of in ef10_mcdi_feature_supported()
304 * Admin privilege used prior to introduction of in ef10_mcdi_feature_supported()
313 * Admin privilege must be used prior to introduction of in ef10_mcdi_feature_supported()
314 * mac spoofing privilege (at v4.6), which is used up to in ef10_mcdi_feature_supported()
315 * introduction of change mac spoofing privilege (at v4.7) in ef10_mcdi_feature_supported()
324 * Admin privilege must be used prior to introduction of in ef10_mcdi_feature_supported()
325 * mac spoofing privilege (at v4.6), which is used up to in ef10_mcdi_feature_supported()
326 * introduction of mac spoofing TX privilege (at v4.7) in ef10_mcdi_feature_supported()
|
| /freebsd-src/sys/contrib/device-tree/src/powerpc/ |
| H A D | microwatt.dts | 44 usable-privilege = <2>;
49 usable-privilege = <3>;
55 usable-privilege = <2>;
60 usable-privilege = <3>;
65 usable-privilege = <2>;
71 usable-privilege = <3>;
|
| /freebsd-src/sys/cddl/dev/dtrace/ |
| H A D | dtrace_cddl.h | 154 * Test privilege. Audit success or failure, allow privilege debugging.
161 * Test privilege. Audit success only, no privilege debugging.
168 * Test privilege. No priv_debugging, no auditing.
|
| /freebsd-src/tests/sys/cddl/zfs/tests/acl/cifs/ |
| H A D | cifs_attr_001_pos.ksh | 38 # PRIV_FILE_OWNER privilege could set/clear DOS attributes.
45 # PRIV_FILE_OWNER privilege
207 # PRIV_FILE_OWNER privilege, it should log_must,
220 "write_attributes permission or PRIV_FILE_OWNER privilege"
257 "write_attributes permission or PRIV_FILE_OWNER privilege"
|
| /freebsd-src/tools/regression/priv/ |
| H A D | priv_proc_setrlimit.c | 33 * requires privilege. We test three cases:
81 * privilege.
108 * without privilege.
136 * privilege.
|
| H A D | priv_vfs_chown.c | 32 * Confirm that privilege is required in the cases using chown():
56 * Check that changing the uid of a file requires privilege.
86 * privilege as long as the gid matches the process.
120 * without privilege if the gid doesn't match the process.
|
| H A D | priv_sched_rtprio.c | 32 * Test privilege associated with real time process settings. There are
33 * three relevant notions of privilege:
35 * - Privilege to set the real-time priority of the current process.
36 * - Privilege to set the real-time priority of another process.
37 * - Privilege to set the idle priority of another process.
38 * - No privilege to set the idle priority of the current process.
|
| /freebsd-src/contrib/wpa/wpa_supplicant/doc/docbook/ |
| H A D | wpa_priv.sgml | 15 <refpurpose>wpa_supplicant privilege separation helper</refpurpose>
31 <para><command>wpa_priv</command> is a privilege separation helper that
38 can be run as non-root user. Privilege separation restricts the effects
58 <command>wpa_supplicant</command> with privilege separation:</para>
|
| /freebsd-src/sys/i386/include/ |
| H A D | tss.h | 44 int tss_esp0; /* kernel stack pointer privilege level 0 */
46 int tss_esp1; /* kernel stack pointer privilege level 1 */
48 int tss_esp2; /* kernel stack pointer privilege level 2 */
|
| /freebsd-src/sys/contrib/openzfs/tests/runfiles/ |
| H A D | sunos.run | 38 [tests/functional/privilege]
40 tags = ['functional', 'privilege']
|
| /freebsd-src/contrib/llvm-project/llvm/lib/Target/LoongArch/ |
| H A D | LoongArch.td | 19 "LA64 Basic Integer and Privilege Instruction Set">;
22 "LA32 Basic Integer and Privilege Instruction Set">;
26 "LA64 Basic Integer and Privilege Instruction Set">;
30 "LA32 Basic Integer and Privilege Instruction Set">;
|
| /freebsd-src/lib/libpmc/ |
| H A D | pmc_disable.3 | 48 privilege to perform these operations.
88 The current process lacks sufficient privilege to perform this
|
| /freebsd-src/lib/libc/gen/ |
| H A D | sysctl.3 | 268 privilege may change the value.
320 privilege may change the value.
596 This level may be raised by processes with appropriate privilege.
607 privilege may change the value.
713 privilege may change the value.
816 privilege may change the value.
938 A process without appropriate privilege attempts to set a value.
|
| /freebsd-src/sys/security/mac_priority/ |
| H A D | mac_priority.c | 50 "Group id of the realtime privilege group");
60 "Group id of the idletime privilege group");
|