FreeBSD kernel kern code
Functions | Variables
kern_priv.c File Reference
#include "opt_kdtrace.h"
#include <sys/cdefs.h>
#include <sys/param.h>
#include <sys/jail.h>
#include <sys/kernel.h>
#include <sys/priv.h>
#include <sys/proc.h>
#include <sys/sdt.h>
#include <sys/sysctl.h>
#include <sys/systm.h>
#include <security/mac/mac_framework.h>
Include dependency graph for kern_priv.c:

Go to the source code of this file.

Functions

 __FBSDID ("$BSDSUniX$")
 
 SYSCTL_INT (_security_bsd, OID_AUTO, suser_enabled, CTLFLAG_RW,&suser_enabled, 0,"processes with uid 0 have privilege")
 
 TUNABLE_INT ("security.bsd.suser_enabled",&suser_enabled)
 
 SYSCTL_INT (_security_bsd, OID_AUTO, unprivileged_mlock, CTLFLAG_RW|CTLFLAG_TUN,&unprivileged_mlock, 0,"Allow non-root users to call mlock(2)")
 
 TUNABLE_INT ("security.bsd.unprivileged_mlock",&unprivileged_mlock)
 
 SDT_PROVIDER_DEFINE (priv)
 
 SDT_PROBE_DEFINE1 (priv, kernel, priv_check, priv__ok,"int")
 
 SDT_PROBE_DEFINE1 (priv, kernel, priv_check, priv__err,"int")
 
int priv_check_cred (struct ucred *cred, int priv, int flags)
 
int priv_check (struct thread *td, int priv)
 

Variables

static int suser_enabled = 1
 
static int unprivileged_mlock = 0
 

Function Documentation

__FBSDID ( "$BSDSUniX$"  )
int priv_check ( struct thread *  td,
int  priv 
)

Definition at line 170 of file kern_priv.c.

References priv_check_cred().

Referenced by _do_lock_pp(), cpuset_modify(), create_thread(), do_unlock_pp(), donice(), falloc_noinstall(), firmware_get(), intr_event_bind(), ipcperm(), kern_adjtime(), kern_clock_settime(), kern_fcntl(), kern_fhstatfs(), kern_fstatfs(), kern_getfsstat(), kern_jail_set(), kern_kldload(), kern_kldunload(), kern_mknodat(), kern_msgctl(), kern_proc_setrlimit(), kern_settimeofday(), kern_statfs(), mqfs_setattr(), p_candebug(), p_cansched(), priv_check_cred(), protect_set(), setfflags(), sys_acct(), sys_chroot(), sys_fhopen(), sys_fhstat(), sys_getfh(), sys_jail_attach(), sys_jail_remove(), sys_kenv(), sys_lgetfh(), sys_ntp_adjtime(), sys_reboot(), sys_revoke(), sys_rtprio(), sys_rtprio_thread(), sys_setlogin(), sys_setloginclass(), sys_unmount(), sysctl_kern_msgbuf(), sysctl_root(), tty_generic_ioctl(), ttydev_open(), ttyil_ioctl(), vfs_domount(), vfs_suser(), and vn_stat().

Here is the call graph for this function:

int priv_check_cred ( struct ucred *  cred,
int  priv,
int  flags 
)

Definition at line 76 of file kern_priv.c.

References prison_priv_check(), priv_check(), suser_enabled, and unprivileged_mlock.

Referenced by can_hardlink(), cr_cansignal(), cr_seeothergids(), cr_seeotheruids(), do_execve(), do_unlink(), extattr_check_cred(), fork1(), kern_setgroups(), ksem_access(), ksem_chown(), mqf_chown(), priv_check(), shm_chown(), sys_setegid(), sys_seteuid(), sys_setgid(), sys_setregid(), sys_setresgid(), sys_setresuid(), sys_setreuid(), sys_setuid(), vaccess(), vaccess_acl_nfs4(), vaccess_acl_posix1e(), and vfs_domount_first().

Here is the call graph for this function:

Here is the caller graph for this function:

SDT_PROBE_DEFINE1 ( priv  ,
kernel  ,
priv_check  ,
priv__ok  ,
"int"   
)
SDT_PROBE_DEFINE1 ( priv  ,
kernel  ,
priv_check  ,
priv__err  ,
"int"   
)
SDT_PROVIDER_DEFINE ( priv  )
SYSCTL_INT ( _security_bsd  ,
OID_AUTO  ,
suser_enabled  ,
CTLFLAG_RW  ,
suser_enabled,
,
"processes with uid 0 have privilege"   
)
SYSCTL_INT ( _security_bsd  ,
OID_AUTO  ,
unprivileged_mlock  ,
CTLFLAG_RW|  CTLFLAG_TUN,
unprivileged_mlock,
,
"Allow non-root users to call mlock(2)"   
)
TUNABLE_INT ( "security.bsd.suser_enabled"  ,
suser_enabled 
)
TUNABLE_INT ( "security.bsd.unprivileged_mlock"  ,
unprivileged_mlock 
)

Variable Documentation

int suser_enabled = 1
static

Definition at line 57 of file kern_priv.c.

Referenced by priv_check_cred().

int unprivileged_mlock = 0
static

Definition at line 62 of file kern_priv.c.

Referenced by priv_check_cred().