/linux-master/security/landlock/ |
H A D | net.h | 12 #include "ruleset.h" 18 int landlock_append_net_rule(struct landlock_ruleset *const ruleset, 26 landlock_append_net_rule(struct landlock_ruleset *const ruleset, const u16 port, argument
|
H A D | ruleset.h | 25 * by a ruleset/layer. This must be ORed with all ruleset->access_masks[] 43 /* Makes sure all ruleset access rights can be stored. */ 67 * union landlock_key - Key of a ruleset's red-black tree 98 * struct landlock_id - Unique rule identifier for a ruleset 117 * @node: Node in the ruleset's red-black tree. 123 * for this ruleset element. The pointer is set once and never 140 * struct landlock_hierarchy - Node in a ruleset hierarchy 156 * struct landlock_ruleset - Landlock ruleset 164 * landlock_rule nodes with inode object. Once a ruleset i 253 landlock_get_ruleset(struct landlock_ruleset *const ruleset) argument 260 landlock_add_fs_access_mask(struct landlock_ruleset *const ruleset, const access_mask_t fs_access_mask, const u16 layer_level) argument 273 landlock_add_net_access_mask(struct landlock_ruleset *const ruleset, const access_mask_t net_access_mask, const u16 layer_level) argument 286 landlock_get_raw_fs_access_mask(const struct landlock_ruleset *const ruleset, const u16 layer_level) argument 295 landlock_get_fs_access_mask(const struct landlock_ruleset *const ruleset, const u16 layer_level) argument 304 landlock_get_net_access_mask(const struct landlock_ruleset *const ruleset, const u16 layer_level) argument [all...] |
H A D | syscalls.c | 33 #include "ruleset.h" 119 struct landlock_ruleset *ruleset = filp->private_data; local 121 landlock_put_ruleset(ruleset); 141 * A ruleset file descriptor enables to build a ruleset by adding (i.e. 143 * reentrant design is also used in a read way to enforce the ruleset on the 155 * sys_landlock_create_ruleset - Create a new ruleset 158 * the new ruleset. 163 * This system call enables to create a new Landlock ruleset, and returns the 182 struct landlock_ruleset *ruleset; local 238 struct landlock_ruleset *ruleset; local 303 add_rule_path_beneath(struct landlock_ruleset *const ruleset, const void __user *const rule_attr) argument 341 add_rule_net_port(struct landlock_ruleset *ruleset, const void __user *const rule_attr) argument 410 struct landlock_ruleset *ruleset; local 468 struct landlock_ruleset *new_dom, *ruleset; local [all...] |
H A D | Makefile | 3 landlock-y := setup.o syscalls.o object.o ruleset.o \
|
H A D | ruleset.c | 25 #include "ruleset.h" 59 /* Informs about useless ruleset. */ 137 static struct rb_root *get_root(struct landlock_ruleset *const ruleset, argument 142 return &ruleset->root_inode; 146 return &ruleset->root_net_port; 168 const struct landlock_ruleset ruleset = { local 172 typeof(ruleset.access_masks[0]) access_masks = ~0; 174 BUILD_BUG_ON(ruleset.num_rules < LANDLOCK_MAX_NUM_RULES); 175 BUILD_BUG_ON(ruleset.num_layers < LANDLOCK_MAX_NUM_LAYERS); 182 * insert_rule - Create and insert a rule in a ruleset 199 insert_rule(struct landlock_ruleset *const ruleset, const struct landlock_id id, const struct landlock_layer (*const layers)[], const size_t num_layers) argument 294 landlock_insert_rule(struct landlock_ruleset *const ruleset, const struct landlock_id id, const access_mask_t access) argument 486 free_ruleset(struct landlock_ruleset *const ruleset) argument 505 landlock_put_ruleset(struct landlock_ruleset *const ruleset) argument 514 struct landlock_ruleset *ruleset; local 520 landlock_put_ruleset_deferred(struct landlock_ruleset *const ruleset) argument 538 landlock_merge_ruleset(struct landlock_ruleset *const parent, struct landlock_ruleset *const ruleset) argument 590 landlock_find_rule(const struct landlock_ruleset *const ruleset, const struct landlock_id id) argument [all...] |
H A D | fs.h | 16 #include "ruleset.h" 91 int landlock_append_fs_rule(struct landlock_ruleset *const ruleset,
|
H A D | net.c | 18 #include "ruleset.h" 20 int landlock_append_net_rule(struct landlock_ruleset *const ruleset, argument 33 ~landlock_get_net_access_mask(ruleset, 0); 35 mutex_lock(&ruleset->lock); 36 err = landlock_insert_rule(ruleset, id, access_rights); 37 mutex_unlock(&ruleset->lock);
|
/linux-master/drivers/net/ethernet/marvell/prestera/ |
H A D | prestera_acl.c | 140 struct prestera_acl_ruleset *ruleset; local 147 ruleset = kzalloc(sizeof(*ruleset), GFP_KERNEL); 148 if (!ruleset) 151 ruleset->acl = acl; 152 ruleset->ingress = block->ingress; 153 ruleset->ht_key.block = block; 154 ruleset->ht_key.chain_index = chain_index; 155 refcount_set(&ruleset->refcount, 1); 157 err = rhashtable_init(&ruleset 188 prestera_acl_ruleset_keymask_set(struct prestera_acl_ruleset *ruleset, void *keymask) argument 198 prestera_acl_ruleset_offload(struct prestera_acl_ruleset *ruleset) argument 240 prestera_acl_ruleset_destroy(struct prestera_acl_ruleset *ruleset) argument 287 struct prestera_acl_ruleset *ruleset; local 302 struct prestera_acl_ruleset *ruleset; local 313 prestera_acl_ruleset_put(struct prestera_acl_ruleset *ruleset) argument 321 prestera_acl_ruleset_bind(struct prestera_acl_ruleset *ruleset, struct prestera_port *port) argument 333 prestera_acl_ruleset_unbind(struct prestera_acl_ruleset *ruleset, struct prestera_port *port) argument 345 prestera_acl_ruleset_block_bind(struct prestera_acl_ruleset *ruleset, struct prestera_flow_block *block) argument 369 prestera_acl_ruleset_block_unbind(struct prestera_acl_ruleset *ruleset, struct prestera_flow_block *block) argument 380 prestera_acl_ruleset_prio_refresh(struct prestera_acl *acl, struct prestera_acl_ruleset *ruleset) argument 411 prestera_acl_rule_lookup(struct prestera_acl_ruleset *ruleset, unsigned long cookie) argument 418 prestera_acl_ruleset_index_get(const struct prestera_acl_ruleset *ruleset) argument 423 prestera_acl_ruleset_prio_get(struct prestera_acl_ruleset *ruleset, u32 *prio_min, u32 *prio_max) argument 430 prestera_acl_ruleset_is_offload(struct prestera_acl_ruleset *ruleset) argument 436 prestera_acl_rule_create(struct prestera_acl_ruleset *ruleset, unsigned long cookie, u32 chain_index) argument 470 prestera_acl_ruleset_prio_update(struct prestera_acl_ruleset *ruleset, u32 prio) argument 481 struct prestera_acl_ruleset *ruleset = rule->ruleset; local 532 struct prestera_acl_ruleset *ruleset = rule->ruleset; local [all...] |
H A D | prestera_acl.h | 130 struct prestera_acl_ruleset *ruleset; member in struct:prestera_acl_rule 156 prestera_acl_rule_create(struct prestera_acl_ruleset *ruleset, 162 prestera_acl_rule_lookup(struct prestera_acl_ruleset *ruleset, 188 int prestera_acl_ruleset_keymask_set(struct prestera_acl_ruleset *ruleset, 190 bool prestera_acl_ruleset_is_offload(struct prestera_acl_ruleset *ruleset); 191 int prestera_acl_ruleset_offload(struct prestera_acl_ruleset *ruleset); 192 void prestera_acl_ruleset_put(struct prestera_acl_ruleset *ruleset); 193 int prestera_acl_ruleset_bind(struct prestera_acl_ruleset *ruleset, 195 int prestera_acl_ruleset_unbind(struct prestera_acl_ruleset *ruleset, 197 u32 prestera_acl_ruleset_index_get(const struct prestera_acl_ruleset *ruleset); [all...] |
H A D | prestera_flower.c | 11 struct prestera_acl_ruleset *ruleset; member in struct:prestera_flower_template 19 prestera_acl_ruleset_put(template->ruleset); 39 struct prestera_acl_ruleset *ruleset; local 48 ruleset = prestera_acl_ruleset_get(block->sw->acl, block, 50 if (IS_ERR(ruleset)) 51 return PTR_ERR(ruleset); 54 rule->re_arg.jump.i.index = prestera_acl_ruleset_index_get(ruleset); 56 rule->jump_ruleset = ruleset; 403 struct prestera_acl_ruleset *ruleset; local 405 ruleset 416 struct prestera_acl_ruleset *ruleset; local 465 struct prestera_acl_ruleset *ruleset; local 485 struct prestera_acl_ruleset *ruleset; local 552 struct prestera_acl_ruleset *ruleset; local [all...] |
/linux-master/drivers/net/ethernet/mellanox/mlxsw/ |
H A D | spectrum_acl.c | 70 struct mlxsw_sp_acl_ruleset *ruleset; member in struct:mlxsw_sp_acl_rule 100 mlxsw_sp_acl_ruleset_is_singular(const struct mlxsw_sp_acl_ruleset *ruleset) argument 102 /* We hold a reference on ruleset ourselves */ 103 return refcount_read(&ruleset->ref_count) == 2; 110 struct mlxsw_sp_acl_ruleset *ruleset = block->ruleset_zero; local 111 const struct mlxsw_sp_acl_profile_ops *ops = ruleset->ht_key.ops; 113 return ops->ruleset_bind(mlxsw_sp, ruleset->priv, 121 struct mlxsw_sp_acl_ruleset *ruleset = block->ruleset_zero; local 122 const struct mlxsw_sp_acl_profile_ops *ops = ruleset->ht_key.ops; 124 ops->ruleset_unbind(mlxsw_sp, ruleset 129 mlxsw_sp_acl_ruleset_block_bind(struct mlxsw_sp *mlxsw_sp, struct mlxsw_sp_acl_ruleset *ruleset, struct mlxsw_sp_flow_block *block) argument 154 mlxsw_sp_acl_ruleset_block_unbind(struct mlxsw_sp *mlxsw_sp, struct mlxsw_sp_acl_ruleset *ruleset, struct mlxsw_sp_flow_block *block) argument 172 struct mlxsw_sp_acl_ruleset *ruleset; local 211 mlxsw_sp_acl_ruleset_destroy(struct mlxsw_sp *mlxsw_sp, struct mlxsw_sp_acl_ruleset *ruleset) argument 224 mlxsw_sp_acl_ruleset_ref_inc(struct mlxsw_sp_acl_ruleset *ruleset) argument 229 mlxsw_sp_acl_ruleset_ref_dec(struct mlxsw_sp *mlxsw_sp, struct mlxsw_sp_acl_ruleset *ruleset) argument 259 struct mlxsw_sp_acl_ruleset *ruleset; local 278 struct mlxsw_sp_acl_ruleset *ruleset; local 293 mlxsw_sp_acl_ruleset_put(struct mlxsw_sp *mlxsw_sp, struct mlxsw_sp_acl_ruleset *ruleset) argument 299 mlxsw_sp_acl_ruleset_group_id(struct mlxsw_sp_acl_ruleset *ruleset) argument 306 mlxsw_sp_acl_ruleset_prio_get(struct mlxsw_sp_acl_ruleset *ruleset, unsigned int *p_min_prio, unsigned int *p_max_prio) argument 814 mlxsw_sp_acl_rule_create(struct mlxsw_sp *mlxsw_sp, struct mlxsw_sp_acl_ruleset *ruleset, unsigned long cookie, struct mlxsw_afa_block *afa_block, struct netlink_ext_ack *extack) argument 852 struct mlxsw_sp_acl_ruleset *ruleset = rule->ruleset; local 862 struct mlxsw_sp_acl_ruleset *ruleset = rule->ruleset; local 906 struct mlxsw_sp_acl_ruleset *ruleset = rule->ruleset; local 928 struct mlxsw_sp_acl_ruleset *ruleset = rule->ruleset; local 939 mlxsw_sp_acl_rule_lookup(struct mlxsw_sp *mlxsw_sp, struct mlxsw_sp_acl_ruleset *ruleset, unsigned long cookie) argument 956 struct mlxsw_sp_acl_ruleset *ruleset = rule->ruleset; local [all...] |
H A D | spectrum2_mr_tcam.c | 36 struct mlxsw_sp_acl_ruleset *ruleset) 41 group_id = mlxsw_sp_acl_ruleset_group_id(ruleset); 218 struct mlxsw_sp_acl_ruleset *ruleset; local 223 ruleset = mlxsw_sp2_mr_tcam_proto_ruleset(mr_tcam, key->proto); 224 if (WARN_ON(!ruleset)) 227 rule = mlxsw_sp_acl_rule_create(mlxsw_sp, ruleset, 251 struct mlxsw_sp_acl_ruleset *ruleset; local 254 ruleset = mlxsw_sp2_mr_tcam_proto_ruleset(mr_tcam, key->proto); 255 if (WARN_ON(!ruleset)) 258 rule = mlxsw_sp_acl_rule_lookup(mlxsw_sp, ruleset, 34 mlxsw_sp2_mr_tcam_bind_group(struct mlxsw_sp *mlxsw_sp, enum mlxsw_reg_pemrbt_protocol protocol, struct mlxsw_sp_acl_ruleset *ruleset) argument 275 struct mlxsw_sp_acl_ruleset *ruleset; local [all...] |
H A D | spectrum_flower.c | 131 struct mlxsw_sp_acl_ruleset *ruleset; local 134 ruleset = mlxsw_sp_acl_ruleset_lookup(mlxsw_sp, block, 137 if (IS_ERR(ruleset)) 138 return PTR_ERR(ruleset); 140 group_id = mlxsw_sp_acl_ruleset_group_id(ruleset); 731 struct mlxsw_sp_acl_ruleset *ruleset; local 739 ruleset = mlxsw_sp_acl_ruleset_get(mlxsw_sp, block, 742 if (IS_ERR(ruleset)) 743 return PTR_ERR(ruleset); 745 rule = mlxsw_sp_acl_rule_create(mlxsw_sp, ruleset, 781 struct mlxsw_sp_acl_ruleset *ruleset; local 804 struct mlxsw_sp_acl_ruleset *ruleset; local 842 struct mlxsw_sp_acl_ruleset *ruleset; local 863 struct mlxsw_sp_acl_ruleset *ruleset; local 880 struct mlxsw_sp_acl_ruleset *ruleset; local [all...] |
H A D | spectrum_acl_tcam.c | 1694 struct mlxsw_sp_acl_tcam_flower_ruleset *ruleset = ruleset_priv; local 1696 return mlxsw_sp_acl_tcam_vgroup_add(mlxsw_sp, tcam, &ruleset->vgroup, 1707 struct mlxsw_sp_acl_tcam_flower_ruleset *ruleset = ruleset_priv; local 1709 mlxsw_sp_acl_tcam_vgroup_del(&ruleset->vgroup); 1718 struct mlxsw_sp_acl_tcam_flower_ruleset *ruleset = ruleset_priv; local 1720 return mlxsw_sp_acl_tcam_group_bind(mlxsw_sp, &ruleset->vgroup.group, 1730 struct mlxsw_sp_acl_tcam_flower_ruleset *ruleset = ruleset_priv; local 1732 mlxsw_sp_acl_tcam_group_unbind(mlxsw_sp, &ruleset->vgroup.group, 1739 struct mlxsw_sp_acl_tcam_flower_ruleset *ruleset = ruleset_priv; local 1741 return mlxsw_sp_acl_tcam_group_id(&ruleset 1749 struct mlxsw_sp_acl_tcam_flower_ruleset *ruleset = ruleset_priv; local 1813 struct mlxsw_sp_acl_tcam_mr_ruleset *ruleset = ruleset_priv; local 1848 struct mlxsw_sp_acl_tcam_mr_ruleset *ruleset = ruleset_priv; local 1874 struct mlxsw_sp_acl_tcam_mr_ruleset *ruleset = ruleset_priv; local 1884 struct mlxsw_sp_acl_tcam_mr_ruleset *ruleset = ruleset_priv; local [all...] |
/linux-master/include/linux/crush/ |
H A D | mapper.h | 14 extern int crush_find_rule(const struct crush_map *map, int ruleset, int type, int size);
|
H A D | crush.h | 29 #define CRUSH_MAX_RULESET (1<<8) /* max crush ruleset number */ 77 * Given a ruleset and size of output set, we search through the 81 __u8 ruleset; member in struct:crush_rule_mask
|
/linux-master/tools/testing/selftests/netfilter/ |
H A D | nft_audit.sh | 40 nft flush ruleset
|
H A D | conntrack_vrf.sh | 105 # as decided by the first iteration of the ruleset. 143 ip netns exec $ns0 nft list ruleset 162 flush ruleset 211 flush ruleset
|
H A D | nft_fib.sh | 220 # switch to ruleset that doesn't log, this time 238 ip netns exec ${ns1} nft flush ruleset 239 ip netns exec ${ns2} nft flush ruleset 240 ip netns exec ${nsrouter} nft flush ruleset 250 # ... pbr ruleset for the router, check iif+oif. 253 echo "SKIP: Could not load fib forward ruleset" 267 ip -net ${nsrouter} nft list ruleset
|
H A D | bridge_netfilter.sh | 52 ip netns exec ${ns0} nft list ruleset 66 ip netns exec ${ns0} nft list ruleset
|
H A D | nft_zones_many.sh | 47 flush ruleset
|
H A D | nft_synproxy.sh | 112 ip netns exec $nsr nft list ruleset
|
H A D | nft_queue.sh | 252 ip netns exec ${nsrouter} nft list ruleset 320 flush ruleset 369 flush ruleset 394 ip netns exec ${ns1} nft list ruleset 427 # dummy ruleset to add base chains between the
|
H A D | nft_flowtable.sh | 187 echo "SKIP: Could not load nft ruleset" 207 echo "SKIP: Could not load nft ruleset" 488 ip netns exec $nsr1 nft list ruleset 523 ip netns exec $nsr1 nft list ruleset 543 ip netns exec $nsr1 nft list ruleset 576 ip netns exec $nsr1 nft list ruleset 600 ip netns exec $nsr1 nft list ruleset 668 ip netns exec $nsr1 nft list ruleset 1>&2
|
/linux-master/security/safesetid/ |
H A D | securityfs.c | 264 size_t len, loff_t *ppos, struct mutex *policy_update_lock, struct __rcu setid_ruleset* ruleset) 271 pol = rcu_dereference_protected(ruleset, lockdep_is_held(policy_update_lock)); 263 safesetid_file_read(struct file *file, char __user *buf, size_t len, loff_t *ppos, struct mutex *policy_update_lock, struct __rcu setid_ruleset* ruleset) argument
|