sphinx.addnodesdocument)}( rawsourcechildren]( translations LanguagesNode)}(hhh](h pending_xref)}(hhh]docutils.nodesTextChinese (Simplified)}parenthsba attributes}(ids]classes]names]dupnames]backrefs] refdomainstdreftypedoc reftarget,/translations/zh_CN/security/lsm-developmentmodnameN classnameN refexplicitutagnamehhh ubh)}(hhh]hChinese (Traditional)}hh2sbah}(h]h ]h"]h$]h&] refdomainh)reftypeh+ reftarget,/translations/zh_TW/security/lsm-developmentmodnameN classnameN refexplicituh1hhh ubh)}(hhh]hItalian}hhFsbah}(h]h ]h"]h$]h&] refdomainh)reftypeh+ reftarget,/translations/it_IT/security/lsm-developmentmodnameN classnameN refexplicituh1hhh ubh)}(hhh]hJapanese}hhZsbah}(h]h ]h"]h$]h&] refdomainh)reftypeh+ reftarget,/translations/ja_JP/security/lsm-developmentmodnameN classnameN refexplicituh1hhh ubh)}(hhh]hKorean}hhnsbah}(h]h ]h"]h$]h&] refdomainh)reftypeh+ reftarget,/translations/ko_KR/security/lsm-developmentmodnameN classnameN refexplicituh1hhh ubh)}(hhh]hSpanish}hhsbah}(h]h ]h"]h$]h&] refdomainh)reftypeh+ reftarget,/translations/sp_SP/security/lsm-developmentmodnameN classnameN refexplicituh1hhh ubeh}(h]h ]h"]h$]h&]current_languageEnglishuh1h hh _documenthsourceNlineNubhsection)}(hhh](htitle)}(h!Linux Security Module Developmenth]h!Linux Security Module Development}(hhhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhhhF/var/lib/git/docbuild/linux/Documentation/security/lsm-development.rsthKubh paragraph)}(hXBased on https://lore.kernel.org/r/20071026073721.618b4778@laptopd505.fenrus.org, a new LSM is accepted into the kernel when its intent (a description of what it tries to protect against and in what cases one would expect to use it) has been appropriately documented in ``Documentation/admin-guide/LSM/``. This allows an LSM's code to be easily compared to its goals, and so that end users and distros can make a more informed decision about which LSMs suit their requirements.h](h Based on }(hhhhhNhNubh reference)}(hGhttps://lore.kernel.org/r/20071026073721.618b4778@laptopd505.fenrus.orgh]hGhttps://lore.kernel.org/r/20071026073721.618b4778@laptopd505.fenrus.org}(hhhhhNhNubah}(h]h ]h"]h$]h&]refurihuh1hhhubh, a new LSM is accepted into the kernel when its intent (a description of what it tries to protect against and in what cases one would expect to use it) has been appropriately documented in }(hhhhhNhNubhliteral)}(h"``Documentation/admin-guide/LSM/``h]hDocumentation/admin-guide/LSM/}(hhhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhubh. This allows an LSM’s code to be easily compared to its goals, and so that end users and distros can make a more informed decision about which LSMs suit their requirements.}(hhhhhNhNubeh}(h]h ]h"]h$]h&]uh1hhhhKhhhhubh)}(hFor extensive documentation on the available LSM hook interfaces, please see ``security/security.c`` and associated structures:h](hMFor extensive documentation on the available LSM hook interfaces, please see }(hhhhhNhNubh)}(h``security/security.c``h]hsecurity/security.c}(hhhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhubh and associated structures:}(hhhhhNhNubeh}(h]h ]h"]h$]h&]uh1hhhhK hhhhubhindex)}(hhh]h}(h]h ]h"]h$]h&]entries](single#security_free_mnt_opts (C function)c.security_free_mnt_optshNtauh1jhhhhhNhNubhdesc)}(hhh](hdesc_signature)}(h-void security_free_mnt_opts (void **mnt_opts)h]hdesc_signature_line)}(h,void security_free_mnt_opts(void **mnt_opts)h](hdesc_sig_keyword_type)}(hvoidh]hvoid}(hj4hhhNhNubah}(h]h ]ktah"]h$]h&]uh1j2hj.hhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubhdesc_sig_space)}(h h]h }(hjFhhhNhNubah}(h]h ]wah"]h$]h&]uh1jDhj.hhhjChMubh desc_name)}(hsecurity_free_mnt_optsh]h desc_sig_name)}(hsecurity_free_mnt_optsh]hsecurity_free_mnt_opts}(hj]hhhNhNubah}(h]h ]nah"]h$]h&]uh1j[hjWubah}(h]h ](sig-namedescnameeh"]h$]h&] xml:spacepreserveuh1jUhj.hhhjChMubhdesc_parameterlist)}(h(void **mnt_opts)h]hdesc_parameter)}(hvoid **mnt_optsh](j3)}(hvoidh]hvoid}(hjhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj~ubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj~ubhdesc_sig_punctuation)}(h*h]h*}(hjhhhNhNubah}(h]h ]pah"]h$]h&]uh1jhj~ubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj~ubj\)}(hmnt_optsh]hmnt_opts}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj~ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjxubah}(h]h ]h"]h$]h&]jtjuuh1jvhj.hhhjChMubeh}(h]h ]h"]h$]h&]jtju add_permalinkuh1j,sphinx_line_type declaratorhj(hhhjChMubah}(h]jah ](sig sig-objecteh"]h$]h&] is_multiline _toc_parts) _toc_namehuh1j&hjChMhj#hhubh desc_content)}(hhh]h)}(h)Free memory associated with mount optionsh]h)Free memory associated with mount options}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjhhubah}(h]h ]h"]h$]h&]uh1jhj#hhhjChMubeh}(h]h ](cfunctioneh"]h$]h&]domainjobjtypej desctypej noindex noindexentrynocontentsentryuh1j!hhhhhNhNubh container)}(h|**Parameters** ``void **mnt_opts`` LSM processed mount options **Description** Free memory associated with **mnt_ops**.h](h)}(h**Parameters**h]hstrong)}(hjh]h Parameters}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubhdefinition_list)}(hhh]hdefinition_list_item)}(h0``void **mnt_opts`` LSM processed mount options h](hterm)}(h``void **mnt_opts``h]h)}(hjBh]hvoid **mnt_opts}(hjDhhhNhNubah}(h]h ]h"]h$]h&]uh1hhj@ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj:ubh definition)}(hhh]h)}(hLSM processed mount optionsh]hLSM processed mount options}(hj]hhhNhNubah}(h]h ]h"]h$]h&]uh1hhjWhMhjZubah}(h]h ]h"]h$]h&]uh1jXhj:ubeh}(h]h ]h"]h$]h&]uh1j8hjWhMhj5ubah}(h]h ]h"]h$]h&]uh1j3hjubh)}(h**Description**h]j)}(hjh]h Description}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhj}ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(h(Free memory associated with **mnt_ops**.h](hFree memory associated with }(hjhhhNhNubj)}(h **mnt_ops**h]hmnt_ops}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubh.}(hjhhhNhNubeh}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j%security_sb_eat_lsm_opts (C function)c.security_sb_eat_lsm_optshNtauh1jhhhhhNhNubj")}(hhh](j')}(h=int security_sb_eat_lsm_opts (char *options, void **mnt_opts)h]j-)}(hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubjY)}(hhh]h)}(h mount optionsh]h mount options}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhj hMhj ubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hj hMhjubj9)}(h0``void **mnt_opts`` LSM processed mount options h](j?)}(h``void **mnt_opts``h]h)}(hj/h]hvoid **mnt_opts}(hj1hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj-ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj)ubjY)}(hhh]h)}(hLSM processed mount optionsh]hLSM processed mount options}(hjHhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjDhMhjEubah}(h]h ]h"]h$]h&]uh1jXhj)ubeh}(h]h ]h"]h$]h&]uh1j8hjDhMhjubeh}(h]h ]h"]h$]h&]uh1j3hjubh)}(h**Description**h]j)}(hjjh]h Description}(hjlhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjhubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(h5Eat (scan **options**) and save them in **mnt_opts**.h](h Eat (scan }(hjhhhNhNubj)}(h **options**h]hoptions}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubh) and save them in }(hjhhhNhNubj)}(h **mnt_opts**h]hmnt_opts}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubh.}(hjhhhNhNubeh}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(h **Return**h]j)}(hjh]hReturn}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(h1Returns 0 on success, negative values on failure.h]h1Returns 0 on success, negative values on failure.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j(security_sb_mnt_opts_compat (C function)c.security_sb_mnt_opts_compathNtauh1jhhhhhNhNubj")}(hhh](j')}(hHint security_sb_mnt_opts_compat (struct super_block *sb, void *mnt_opts)h]j-)}(hGint security_sb_mnt_opts_compat(struct super_block *sb, void *mnt_opts)h](j3)}(hinth]hint}(hjhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hj hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjhhhjhMubjV)}(hsecurity_sb_mnt_opts_compath]j\)}(hsecurity_sb_mnt_opts_compath]hsecurity_sb_mnt_opts_compat}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjhhhjhMubjw)}(h((struct super_block *sb, void *mnt_opts)h](j})}(hstruct super_block *sbh](hdesc_sig_keyword)}(hstructh]hstruct}(hj9hhhNhNubah}(h]h ]kah"]h$]h&]uh1j7hj3ubjE)}(h h]h }(hjHhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj3ubh)}(hhh]j\)}(h super_blockh]h super_block}(hjYhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjVubah}(h]h ]h"]h$]h&] refdomainjreftype identifier reftargetj[modnameN classnameN c:parent_keysphinx.domains.c LookupKey)}data]jt ASTIdentifier)}jojsbc.security_sb_mnt_opts_compatasbuh1hhj3ubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj3ubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj3ubj\)}(hsbh]hsb}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj3ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj/ubj})}(hvoid *mnt_optsh](j3)}(hvoidh]hvoid}(hjhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjubj\)}(hmnt_optsh]hmnt_opts}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj/ubeh}(h]h ]h"]h$]h&]jtjuuh1jvhjhhhjhMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjhhhjhMubah}(h]jah ](jjeh"]h$]h&]jj)jhuh1j&hjhMhjhhubj)}(hhh]h)}(h&Check if new mount options are allowedh]h&Check if new mount options are allowed}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjhhubah}(h]h ]h"]h$]h&]uh1jhjhhhjhMubeh}(h]h ](jfunctioneh"]h$]h&]j jjj jj jjjuh1j!hhhhhNhNubj)}(hXA**Parameters** ``struct super_block *sb`` filesystem superblock ``void *mnt_opts`` new mount options **Description** Determine if the new mount options in **mnt_opts** are allowed given the existing mounted filesystem at **sb**. **sb** superblock being compared. **Return** Returns 0 if options are compatible.h](h)}(h**Parameters**h]j)}(hj*h]h Parameters}(hj,hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj(ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj$ubj4)}(hhh](j9)}(h1``struct super_block *sb`` filesystem superblock h](j?)}(h``struct super_block *sb``h]h)}(hjIh]hstruct super_block *sb}(hjKhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjGubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjCubjY)}(hhh]h)}(hfilesystem superblockh]hfilesystem superblock}(hjbhhhNhNubah}(h]h ]h"]h$]h&]uh1hhj^hMhj_ubah}(h]h ]h"]h$]h&]uh1jXhjCubeh}(h]h ]h"]h$]h&]uh1j8hj^hMhj@ubj9)}(h%``void *mnt_opts`` new mount options h](j?)}(h``void *mnt_opts``h]h)}(hjh]hvoid *mnt_opts}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj|ubjY)}(hhh]h)}(hnew mount optionsh]hnew mount options}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhMhjubah}(h]h ]h"]h$]h&]uh1jXhj|ubeh}(h]h ]h"]h$]h&]uh1j8hjhMhj@ubeh}(h]h ]h"]h$]h&]uh1j3hj$ubh)}(h**Description**h]j)}(hjh]h Description}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj$ubh)}(hDetermine if the new mount options in **mnt_opts** are allowed given the existing mounted filesystem at **sb**. **sb** superblock being compared.h](h&Determine if the new mount options in }(hjhhhNhNubj)}(h **mnt_opts**h]hmnt_opts}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubh6 are allowed given the existing mounted filesystem at }(hjhhhNhNubj)}(h**sb**h]hsb}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubh. }(hjhhhNhNubj)}(h**sb**h]hsb}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubh superblock being compared.}(hjhhhNhNubeh}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj$ubh)}(h **Return**h]j)}(hjh]hReturn}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj$ubh)}(h$Returns 0 if options are compatible.h]h$Returns 0 if options are compatible.}(hj0hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj$ubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j security_sb_remount (C function)c.security_sb_remounthNtauh1jhhhhhNhNubj")}(hhh](j')}(h@int security_sb_remount (struct super_block *sb, void *mnt_opts)h]j-)}(h?int security_sb_remount(struct super_block *sb, void *mnt_opts)h](j3)}(hinth]hint}(hj_hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj[hhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hjnhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj[hhhjmhMubjV)}(hsecurity_sb_remounth]j\)}(hsecurity_sb_remounth]hsecurity_sb_remount}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj|ubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhj[hhhjmhMubjw)}(h((struct super_block *sb, void *mnt_opts)h](j})}(hstruct super_block *sbh](j8)}(hj;h]hstruct}(hjhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubh)}(hhh]j\)}(h super_blockh]h super_block}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjmodnameN classnameNjsjv)}jy]j|)}jojsbc.security_sb_remountasbuh1hhjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjubj\)}(hsbh]hsb}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubj})}(hvoid *mnt_optsh](j3)}(hvoidh]hvoid}(hjhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj ubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj ubj)}(hjh]h*}(hj*hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj ubj\)}(hmnt_optsh]hmnt_opts}(hj7hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubeh}(h]h ]h"]h$]h&]jtjuuh1jvhj[hhhjmhMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjWhhhjmhMubah}(h]jRah ](jjeh"]h$]h&]jj)jhuh1j&hjmhMhjThhubj)}(hhh]h)}(h3Verify no incompatible mount changes during remounth]h3Verify no incompatible mount changes during remount}(hjahhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj^hhubah}(h]h ]h"]h$]h&]uh1jhjThhhjmhMubeh}(h]h ](jfunctioneh"]h$]h&]j jjjyjjyjjjuh1j!hhhhhNhNubj)}(hX**Parameters** ``struct super_block *sb`` filesystem superblock ``void *mnt_opts`` (re)mount options **Description** Extracts security system specific mount options and verifies no changes are being made to those options. **Return** Returns 0 if permission is granted.h](h)}(h**Parameters**h]j)}(hjh]h Parameters}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj}ubj4)}(hhh](j9)}(h1``struct super_block *sb`` filesystem superblock h](j?)}(h``struct super_block *sb``h]h)}(hjh]hstruct super_block *sb}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubjY)}(hhh]h)}(hfilesystem superblockh]hfilesystem superblock}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhMhjubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hjhMhjubj9)}(h%``void *mnt_opts`` (re)mount options h](j?)}(h``void *mnt_opts``h]h)}(hjh]hvoid *mnt_opts}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubjY)}(hhh]h)}(h(re)mount optionsh]h(re)mount options}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhMhjubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hjhMhjubeh}(h]h ]h"]h$]h&]uh1j3hj}ubh)}(h**Description**h]j)}(hj h]h Description}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj}ubh)}(hhExtracts security system specific mount options and verifies no changes are being made to those options.h]hhExtracts security system specific mount options and verifies no changes are being made to those options.}(hj, hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj}ubh)}(h **Return**h]j)}(hj= h]hReturn}(hj? hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj; ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj}ubh)}(h#Returns 0 if permission is granted.h]h#Returns 0 if permission is granted.}(hjS hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj}ubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j%security_sb_set_mnt_opts (C function)c.security_sb_set_mnt_optshNtauh1jhhhhhNhNubj")}(hhh](j')}(h~int security_sb_set_mnt_opts (struct super_block *sb, void *mnt_opts, unsigned long kern_flags, unsigned long *set_kern_flags)h]j-)}(h}int security_sb_set_mnt_opts(struct super_block *sb, void *mnt_opts, unsigned long kern_flags, unsigned long *set_kern_flags)h](j3)}(hinth]hint}(hj hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj~ hhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMCubjE)}(h h]h }(hj hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj~ hhhj hMCubjV)}(hsecurity_sb_set_mnt_optsh]j\)}(hsecurity_sb_set_mnt_optsh]hsecurity_sb_set_mnt_opts}(hj hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj ubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhj~ hhhj hMCubjw)}(ha(struct super_block *sb, void *mnt_opts, unsigned long kern_flags, unsigned long *set_kern_flags)h](j})}(hstruct super_block *sbh](j8)}(hj;h]hstruct}(hj hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj ubjE)}(h h]h }(hj hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj ubh)}(hhh]j\)}(h super_blockh]h super_block}(hj hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj modnameN classnameNjsjv)}jy]j|)}joj sbc.security_sb_set_mnt_optsasbuh1hhj ubjE)}(h h]h }(hj hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj ubj)}(hjh]h*}(hj hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj ubj\)}(hsbh]hsb}(hj hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj ubj})}(hvoid *mnt_optsh](j3)}(hvoidh]hvoid}(hj1 hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj- ubjE)}(h h]h }(hj? hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj- ubj)}(hjh]h*}(hjM hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj- ubj\)}(hmnt_optsh]hmnt_opts}(hjZ hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj- ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj ubj})}(hunsigned long kern_flagsh](j3)}(hunsignedh]hunsigned}(hjs hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjo ubjE)}(h h]h }(hj hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjo ubj3)}(hlongh]hlong}(hj hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjo ubjE)}(h h]h }(hj hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjo ubj\)}(h kern_flagsh]h kern_flags}(hj hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjo ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj ubj})}(hunsigned long *set_kern_flagsh](j3)}(hunsignedh]hunsigned}(hj hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj ubjE)}(h h]h }(hj hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj ubj3)}(hlongh]hlong}(hj hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj ubjE)}(h h]h }(hj hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj ubj)}(hjh]h*}(hj hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj ubj\)}(hset_kern_flagsh]hset_kern_flags}(hj hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj ubeh}(h]h ]h"]h$]h&]jtjuuh1jvhj~ hhhj hMCubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjz hhhj hMCubah}(h]ju ah ](jjeh"]h$]h&]jj)jhuh1j&hj hMChjw hhubj)}(hhh]h)}(h&Set the mount options for a filesystemh]h&Set the mount options for a filesystem}(hj3 hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMChj0 hhubah}(h]h ]h"]h$]h&]uh1jhjw hhhj hMCubeh}(h]h ](jfunctioneh"]h$]h&]j jjjK jjK jjjuh1j!hhhhhNhNubj)}(hX]**Parameters** ``struct super_block *sb`` filesystem superblock ``void *mnt_opts`` binary mount options ``unsigned long kern_flags`` kernel flags (in) ``unsigned long *set_kern_flags`` kernel flags (out) **Description** Set the security relevant mount options used for a superblock. **Return** Returns 0 on success, error on failure.h](h)}(h**Parameters**h]j)}(hjU h]h Parameters}(hjW hhhNhNubah}(h]h ]h"]h$]h&]uh1jhjS ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMGhjO ubj4)}(hhh](j9)}(h1``struct super_block *sb`` filesystem superblock h](j?)}(h``struct super_block *sb``h]h)}(hjt h]hstruct super_block *sb}(hjv hhhNhNubah}(h]h ]h"]h$]h&]uh1hhjr ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMDhjn ubjY)}(hhh]h)}(hfilesystem superblockh]hfilesystem superblock}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj hMDhj ubah}(h]h ]h"]h$]h&]uh1jXhjn ubeh}(h]h ]h"]h$]h&]uh1j8hj hMDhjk ubj9)}(h(``void *mnt_opts`` binary mount options h](j?)}(h``void *mnt_opts``h]h)}(hj h]hvoid *mnt_opts}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMEhj ubjY)}(hhh]h)}(hbinary mount optionsh]hbinary mount options}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj hMEhj ubah}(h]h ]h"]h$]h&]uh1jXhj ubeh}(h]h ]h"]h$]h&]uh1j8hj hMEhjk ubj9)}(h/``unsigned long kern_flags`` kernel flags (in) h](j?)}(h``unsigned long kern_flags``h]h)}(hj h]hunsigned long kern_flags}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMFhj ubjY)}(hhh]h)}(hkernel flags (in)h]hkernel flags (in)}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj hMFhj ubah}(h]h ]h"]h$]h&]uh1jXhj ubeh}(h]h ]h"]h$]h&]uh1j8hj hMFhjk ubj9)}(h5``unsigned long *set_kern_flags`` kernel flags (out) h](j?)}(h!``unsigned long *set_kern_flags``h]h)}(hj h]hunsigned long *set_kern_flags}(hj! hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMGhj ubjY)}(hhh]h)}(hkernel flags (out)h]hkernel flags (out)}(hj8 hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj4 hMGhj5 ubah}(h]h ]h"]h$]h&]uh1jXhj ubeh}(h]h ]h"]h$]h&]uh1j8hj4 hMGhjk ubeh}(h]h ]h"]h$]h&]uh1j3hjO ubh)}(h**Description**h]j)}(hjZ h]h Description}(hj\ hhhNhNubah}(h]h ]h"]h$]h&]uh1jhjX ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMIhjO ubh)}(h>Set the security relevant mount options used for a superblock.h]h>Set the security relevant mount options used for a superblock.}(hjp hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMHhjO ubh)}(h **Return**h]j)}(hj h]hReturn}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMJhjO ubh)}(h'Returns 0 on success, error on failure.h]h'Returns 0 on success, error on failure.}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMKhjO ubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j'security_sb_clone_mnt_opts (C function)c.security_sb_clone_mnt_optshNtauh1jhhhhhNhNubj")}(hhh](j')}(hint security_sb_clone_mnt_opts (const struct super_block *oldsb, struct super_block *newsb, unsigned long kern_flags, unsigned long *set_kern_flags)h]j-)}(hint security_sb_clone_mnt_opts(const struct super_block *oldsb, struct super_block *newsb, unsigned long kern_flags, unsigned long *set_kern_flags)h](j3)}(hinth]hint}(hj hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj hhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM`ubjE)}(h h]h }(hj hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj hhhj hM`ubjV)}(hsecurity_sb_clone_mnt_optsh]j\)}(hsecurity_sb_clone_mnt_optsh]hsecurity_sb_clone_mnt_opts}(hj hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj ubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhj hhhj hM`ubjw)}(hu(const struct super_block *oldsb, struct super_block *newsb, unsigned long kern_flags, unsigned long *set_kern_flags)h](j})}(hconst struct super_block *oldsbh](j8)}(hconsth]hconst}(hj hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj ubjE)}(h h]h }(hj hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj ubj8)}(hj;h]hstruct}(hj hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj ubjE)}(h h]h }(hj, hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj ubh)}(hhh]j\)}(h super_blockh]h super_block}(hj= hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj: ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj? modnameN classnameNjsjv)}jy]j|)}joj sbc.security_sb_clone_mnt_optsasbuh1hhj ubjE)}(h h]h }(hj] hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj ubj)}(hjh]h*}(hjk hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj ubj\)}(holdsbh]holdsb}(hjx hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj ubj})}(hstruct super_block *newsbh](j8)}(hj;h]hstruct}(hj hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj ubjE)}(h h]h }(hj hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj ubh)}(hhh]j\)}(h super_blockh]h super_block}(hj hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj modnameN classnameNjsjv)}jy]jY c.security_sb_clone_mnt_optsasbuh1hhj ubjE)}(h h]h }(hj hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj ubj)}(hjh]h*}(hj hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj ubj\)}(hnewsbh]hnewsb}(hj hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj ubj})}(hunsigned long kern_flagsh](j3)}(hunsignedh]hunsigned}(hjhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj ubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj ubj3)}(hlongh]hlong}(hjhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj ubjE)}(h h]h }(hj+hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj ubj\)}(h kern_flagsh]h kern_flags}(hj9hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj ubj})}(hunsigned long *set_kern_flagsh](j3)}(hunsignedh]hunsigned}(hjRhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjNubjE)}(h h]h }(hj`hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjNubj3)}(hlongh]hlong}(hjnhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjNubjE)}(h h]h }(hj|hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjNubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjNubj\)}(hset_kern_flagsh]hset_kern_flags}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjNubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj ubeh}(h]h ]h"]h$]h&]jtjuuh1jvhj hhhj hM`ubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhj hhhj hM`ubah}(h]j ah ](jjeh"]h$]h&]jj)jhuh1j&hj hM`hj hhubj)}(hhh]h)}(h"Duplicate superblock mount optionsh]h"Duplicate superblock mount options}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM`hjhhubah}(h]h ]h"]h$]h&]uh1jhj hhhj hM`ubeh}(h]h ](jfunctioneh"]h$]h&]j jjjjjjjjuh1j!hhhhhNhNubj)}(hXn**Parameters** ``const struct super_block *oldsb`` source superblock ``struct super_block *newsb`` destination superblock ``unsigned long kern_flags`` kernel flags (in) ``unsigned long *set_kern_flags`` kernel flags (out) **Description** Copy all security options from a given superblock to another. **Return** Returns 0 on success, error on failure.h](h)}(h**Parameters**h]j)}(hjh]h Parameters}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMdhjubj4)}(hhh](j9)}(h6``const struct super_block *oldsb`` source superblock h](j?)}(h#``const struct super_block *oldsb``h]h)}(hjh]hconst struct super_block *oldsb}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMahjubjY)}(hhh]h)}(hsource superblockh]hsource superblock}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhMahjubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hjhMahjubj9)}(h5``struct super_block *newsb`` destination superblock h](j?)}(h``struct super_block *newsb``h]h)}(hj;h]hstruct super_block *newsb}(hj=hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj9ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMbhj5ubjY)}(hhh]h)}(hdestination superblockh]hdestination superblock}(hjThhhNhNubah}(h]h ]h"]h$]h&]uh1hhjPhMbhjQubah}(h]h ]h"]h$]h&]uh1jXhj5ubeh}(h]h ]h"]h$]h&]uh1j8hjPhMbhjubj9)}(h/``unsigned long kern_flags`` kernel flags (in) h](j?)}(h``unsigned long kern_flags``h]h)}(hjth]hunsigned long kern_flags}(hjvhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjrubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMchjnubjY)}(hhh]h)}(hkernel flags (in)h]hkernel flags (in)}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhMchjubah}(h]h ]h"]h$]h&]uh1jXhjnubeh}(h]h ]h"]h$]h&]uh1j8hjhMchjubj9)}(h5``unsigned long *set_kern_flags`` kernel flags (out) h](j?)}(h!``unsigned long *set_kern_flags``h]h)}(hjh]hunsigned long *set_kern_flags}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMdhjubjY)}(hhh]h)}(hkernel flags (out)h]hkernel flags (out)}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhMdhjubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hjhMdhjubeh}(h]h ]h"]h$]h&]uh1j3hjubh)}(h**Description**h]j)}(hjh]h Description}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMfhjubh)}(h=Copy all security options from a given superblock to another.h]h=Copy all security options from a given superblock to another.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMehjubh)}(h **Return**h]j)}(hjh]hReturn}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhj ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMghjubh)}(h'Returns 0 on success, error on failure.h]h'Returns 0 on success, error on failure.}(hj%hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhhjubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j*security_dentry_init_security (C function)c.security_dentry_init_securityhNtauh1jhhhhhNhNubj")}(hhh](j')}(hint security_dentry_init_security (struct dentry *dentry, int mode, const struct qstr *name, const char **xattr_name, struct lsm_context *lsmctx)h]j-)}(hint security_dentry_init_security(struct dentry *dentry, int mode, const struct qstr *name, const char **xattr_name, struct lsm_context *lsmctx)h](j3)}(hinth]hint}(hjThhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjPhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hjchhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjPhhhjbhMubjV)}(hsecurity_dentry_init_securityh]j\)}(hsecurity_dentry_init_securityh]hsecurity_dentry_init_security}(hjuhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjqubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjPhhhjbhMubjw)}(ho(struct dentry *dentry, int mode, const struct qstr *name, const char **xattr_name, struct lsm_context *lsmctx)h](j})}(hstruct dentry *dentryh](j8)}(hj;h]hstruct}(hjhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubh)}(hhh]j\)}(hdentryh]hdentry}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjmodnameN classnameNjsjv)}jy]j|)}jojwsbc.security_dentry_init_securityasbuh1hhjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjubj\)}(hdentryh]hdentry}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubj})}(hint modeh](j3)}(hinth]hint}(hjhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj\)}(hmodeh]hmode}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubj})}(hconst struct qstr *nameh](j8)}(hj h]hconst}(hj8hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj4ubjE)}(h h]h }(hjEhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj4ubj8)}(hj;h]hstruct}(hjShhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj4ubjE)}(h h]h }(hj`hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj4ubh)}(hhh]j\)}(hqstrh]hqstr}(hjqhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjnubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjsmodnameN classnameNjsjv)}jy]jc.security_dentry_init_securityasbuh1hhj4ubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj4ubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj4ubj\)}(hnameh]hname}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj4ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubj})}(hconst char **xattr_nameh](j8)}(hj h]hconst}(hjhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj3)}(hcharh]hchar}(hjhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjubj\)}(h xattr_nameh]h xattr_name}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubj})}(hstruct lsm_context *lsmctxh](j8)}(hj;h]hstruct}(hj-hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj)ubjE)}(h h]h }(hj:hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj)ubh)}(hhh]j\)}(h lsm_contexth]h lsm_context}(hjKhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjHubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjMmodnameN classnameNjsjv)}jy]jc.security_dentry_init_securityasbuh1hhj)ubjE)}(h h]h }(hjihhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj)ubj)}(hjh]h*}(hjwhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj)ubj\)}(hlsmctxh]hlsmctx}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj)ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubeh}(h]h ]h"]h$]h&]jtjuuh1jvhjPhhhjbhMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjLhhhjbhMubah}(h]jGah ](jjeh"]h$]h&]jj)jhuh1j&hjbhMhjIhhubj)}(hhh]h)}(hPerform dentry initializationh]hPerform dentry initialization}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjhhubah}(h]h ]h"]h$]h&]uh1jhjIhhhjbhMubeh}(h]h ](jfunctioneh"]h$]h&]j jjjjjjjjuh1j!hhhhhNhNubj)}(hXn**Parameters** ``struct dentry *dentry`` the dentry to initialize ``int mode`` mode used to determine resource type ``const struct qstr *name`` name of the last path component ``const char **xattr_name`` name of the security/LSM xattr ``struct lsm_context *lsmctx`` pointer to the resulting LSM context **Description** Compute a context for a dentry as the inode is not yet available since NFSv4 has no label backed by an EA anyway. It is important to note that **xattr_name** does not need to be free'd by the caller, it is a static string. **Return** Returns 0 on success, negative values on failure.h](h)}(h**Parameters**h]j)}(hjh]h Parameters}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubj4)}(hhh](j9)}(h3``struct dentry *dentry`` the dentry to initialize h](j?)}(h``struct dentry *dentry``h]h)}(hjh]hstruct dentry *dentry}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubjY)}(hhh]h)}(hthe dentry to initializeh]hthe dentry to initialize}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhMhjubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hjhMhjubj9)}(h2``int mode`` mode used to determine resource type h](j?)}(h ``int mode``h]h)}(hj(h]hint mode}(hj*hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj&ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj"ubjY)}(hhh]h)}(h$mode used to determine resource typeh]h$mode used to determine resource type}(hjAhhhNhNubah}(h]h ]h"]h$]h&]uh1hhj=hMhj>ubah}(h]h ]h"]h$]h&]uh1jXhj"ubeh}(h]h ]h"]h$]h&]uh1j8hj=hMhjubj9)}(h<``const struct qstr *name`` name of the last path component h](j?)}(h``const struct qstr *name``h]h)}(hjah]hconst struct qstr *name}(hjchhhNhNubah}(h]h ]h"]h$]h&]uh1hhj_ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj[ubjY)}(hhh]h)}(hname of the last path componenth]hname of the last path component}(hjzhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjvhMhjwubah}(h]h ]h"]h$]h&]uh1jXhj[ubeh}(h]h ]h"]h$]h&]uh1j8hjvhMhjubj9)}(h;``const char **xattr_name`` name of the security/LSM xattr h](j?)}(h``const char **xattr_name``h]h)}(hjh]hconst char **xattr_name}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubjY)}(hhh]h)}(hname of the security/LSM xattrh]hname of the security/LSM xattr}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhMhjubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hjhMhjubj9)}(hD``struct lsm_context *lsmctx`` pointer to the resulting LSM context h](j?)}(h``struct lsm_context *lsmctx``h]h)}(hjh]hstruct lsm_context *lsmctx}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubjY)}(hhh]h)}(h$pointer to the resulting LSM contexth]h$pointer to the resulting LSM context}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhMhjubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hjhMhjubeh}(h]h ]h"]h$]h&]uh1j3hjubh)}(h**Description**h]j)}(hjh]h Description}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhj ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(hCompute a context for a dentry as the inode is not yet available since NFSv4 has no label backed by an EA anyway. It is important to note that **xattr_name** does not need to be free'd by the caller, it is a static string.h](hCompute a context for a dentry as the inode is not yet available since NFSv4 has no label backed by an EA anyway. It is important to note that }(hj$hhhNhNubj)}(h**xattr_name**h]h xattr_name}(hj,hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj$ubhC does not need to be free’d by the caller, it is a static string.}(hj$hhhNhNubeh}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(h **Return**h]j)}(hjGh]hReturn}(hjIhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjEubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(h1Returns 0 on success, negative values on failure.h]h1Returns 0 on success, negative values on failure.}(hj]hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j,security_dentry_create_files_as (C function)!c.security_dentry_create_files_ashNtauh1jhhhhhNhNubj")}(hhh](j')}(hint security_dentry_create_files_as (struct dentry *dentry, int mode, struct qstr *name, const struct cred *old, struct cred *new)h]j-)}(hint security_dentry_create_files_as(struct dentry *dentry, int mode, struct qstr *name, const struct cred *old, struct cred *new)h](j3)}(hinth]hint}(hjhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjhhhjhMubjV)}(hsecurity_dentry_create_files_ash]j\)}(hsecurity_dentry_create_files_ash]hsecurity_dentry_create_files_as}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjhhhjhMubjw)}(h^(struct dentry *dentry, int mode, struct qstr *name, const struct cred *old, struct cred *new)h](j})}(hstruct dentry *dentryh](j8)}(hj;h]hstruct}(hjhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubh)}(hhh]j\)}(hdentryh]hdentry}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjmodnameN classnameNjsjv)}jy]j|)}jojsb!c.security_dentry_create_files_asasbuh1hhjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjubj\)}(hdentryh]hdentry}(hj"hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubj})}(hint modeh](j3)}(hinth]hint}(hj;hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj7ubjE)}(h h]h }(hjIhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj7ubj\)}(hmodeh]hmode}(hjWhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj7ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubj})}(hstruct qstr *nameh](j8)}(hj;h]hstruct}(hjphhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjlubjE)}(h h]h }(hj}hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjlubh)}(hhh]j\)}(hqstrh]hqstr}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjmodnameN classnameNjsjv)}jy]j!c.security_dentry_create_files_asasbuh1hhjlubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjlubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjlubj\)}(hnameh]hname}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjlubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubj})}(hconst struct cred *oldh](j8)}(hj h]hconst}(hjhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj8)}(hj;h]hstruct}(hjhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubh)}(hhh]j\)}(hcredh]hcred}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjmodnameN classnameNjsjv)}jy]j!c.security_dentry_create_files_asasbuh1hhjubjE)}(h h]h }(hj7hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj)}(hjh]h*}(hjEhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjubj\)}(holdh]hold}(hjRhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubj})}(hstruct cred *newh](j8)}(hj;h]hstruct}(hjkhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjgubjE)}(h h]h }(hjxhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjgubh)}(hhh]j\)}(hcredh]hcred}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjmodnameN classnameNjsjv)}jy]j!c.security_dentry_create_files_asasbuh1hhjgubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjgubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjgubj\)}(hnewh]hnew}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjgubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubeh}(h]h ]h"]h$]h&]jtjuuh1jvhjhhhjhMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjhhhjhMubah}(h]jah ](jjeh"]h$]h&]jj)jhuh1j&hjhMhjhhubj)}(hhh]h)}(hPerform dentry initializationh]hPerform dentry initialization}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjhhubah}(h]h ]h"]h$]h&]uh1jhjhhhjhMubeh}(h]h ](jfunctioneh"]h$]h&]j jjjjjjjjuh1j!hhhhhNhNubj)}(hXU**Parameters** ``struct dentry *dentry`` the dentry to initialize ``int mode`` mode used to determine resource type ``struct qstr *name`` name of the last path component ``const struct cred *old`` creds to use for LSM context calculations ``struct cred *new`` creds to modify **Description** Compute a context for a dentry as the inode is not yet available and set that context in passed in creds so that new files are created using that context. Context is calculated using the passed in creds and not the creds of the caller. **Return** Returns 0 on success, error on failure.h](h)}(h**Parameters**h]j)}(hjh]h Parameters}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhj ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubj4)}(hhh](j9)}(h3``struct dentry *dentry`` the dentry to initialize h](j?)}(h``struct dentry *dentry``h]h)}(hj-h]hstruct dentry *dentry}(hj/hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj+ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj'ubjY)}(hhh]h)}(hthe dentry to initializeh]hthe dentry to initialize}(hjFhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjBhMhjCubah}(h]h ]h"]h$]h&]uh1jXhj'ubeh}(h]h ]h"]h$]h&]uh1j8hjBhMhj$ubj9)}(h2``int mode`` mode used to determine resource type h](j?)}(h ``int mode``h]h)}(hjfh]hint mode}(hjhhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjdubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj`ubjY)}(hhh]h)}(h$mode used to determine resource typeh]h$mode used to determine resource type}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhj{hMhj|ubah}(h]h ]h"]h$]h&]uh1jXhj`ubeh}(h]h ]h"]h$]h&]uh1j8hj{hMhj$ubj9)}(h6``struct qstr *name`` name of the last path component h](j?)}(h``struct qstr *name``h]h)}(hjh]hstruct qstr *name}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubjY)}(hhh]h)}(hname of the last path componenth]hname of the last path component}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhMhjubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hjhMhj$ubj9)}(hE``const struct cred *old`` creds to use for LSM context calculations h](j?)}(h``const struct cred *old``h]h)}(hjh]hconst struct cred *old}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubjY)}(hhh]h)}(h)creds to use for LSM context calculationsh]h)creds to use for LSM context calculations}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhMhjubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hjhMhj$ubj9)}(h%``struct cred *new`` creds to modify h](j?)}(h``struct cred *new``h]h)}(hjh]hstruct cred *new}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj ubjY)}(hhh]h)}(hcreds to modifyh]hcreds to modify}(hj*hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj&hMhj'ubah}(h]h ]h"]h$]h&]uh1jXhj ubeh}(h]h ]h"]h$]h&]uh1j8hj&hMhj$ubeh}(h]h ]h"]h$]h&]uh1j3hjubh)}(h**Description**h]j)}(hjLh]h Description}(hjNhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjJubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(hCompute a context for a dentry as the inode is not yet available and set that context in passed in creds so that new files are created using that context. Context is calculated using the passed in creds and not the creds of the caller.h]hCompute a context for a dentry as the inode is not yet available and set that context in passed in creds so that new files are created using that context. Context is calculated using the passed in creds and not the creds of the caller.}(hjbhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(h **Return**h]j)}(hjsh]hReturn}(hjuhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjqubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(h'Returns 0 on success, error on failure.h]h'Returns 0 on success, error on failure.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j)security_inode_init_security (C function)c.security_inode_init_securityhNtauh1jhhhhhNhNubj")}(hhh](j')}(hint security_inode_init_security (struct inode *inode, struct inode *dir, const struct qstr *qstr, const initxattrs initxattrs, void *fs_data)h]j-)}(hint security_inode_init_security(struct inode *inode, struct inode *dir, const struct qstr *qstr, const initxattrs initxattrs, void *fs_data)h](j3)}(hinth]hint}(hjhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjhhhjhMubjV)}(hsecurity_inode_init_securityh]j\)}(hsecurity_inode_init_securityh]hsecurity_inode_init_security}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjhhhjhMubjw)}(hm(struct inode *inode, struct inode *dir, const struct qstr *qstr, const initxattrs initxattrs, void *fs_data)h](j})}(hstruct inode *inodeh](j8)}(hj;h]hstruct}(hjhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubh)}(hhh]j\)}(hinodeh]hinode}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjmodnameN classnameNjsjv)}jy]j|)}jojsbc.security_inode_init_securityasbuh1hhjubjE)}(h h]h }(hj3hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj)}(hjh]h*}(hjAhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjubj\)}(hinodeh]hinode}(hjNhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubj})}(hstruct inode *dirh](j8)}(hj;h]hstruct}(hjghhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjcubjE)}(h h]h }(hjthhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjcubh)}(hhh]j\)}(hinodeh]hinode}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjmodnameN classnameNjsjv)}jy]j/c.security_inode_init_securityasbuh1hhjcubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjcubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjcubj\)}(hdirh]hdir}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjcubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubj})}(hconst struct qstr *qstrh](j8)}(hj h]hconst}(hjhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj8)}(hj;h]hstruct}(hjhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubh)}(hhh]j\)}(hqstrh]hqstr}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjmodnameN classnameNjsjv)}jy]j/c.security_inode_init_securityasbuh1hhjubjE)}(h h]h }(hj.hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj)}(hjh]h*}(hj<hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjubj\)}(hqstrh]hqstr}(hjIhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubj})}(hconst initxattrs initxattrsh](j8)}(hj h]hconst}(hjbhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj^ubjE)}(h h]h }(hjohhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj^ubh)}(hhh]j\)}(h initxattrsh]h initxattrs}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj}ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjmodnameN classnameNjsjv)}jy]j/c.security_inode_init_securityasbuh1hhj^ubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj^ubj\)}(h initxattrsh]h initxattrs}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj^ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubj})}(h void *fs_datah](j3)}(hvoidh]hvoid}(hjhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjubj\)}(hfs_datah]hfs_data}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubeh}(h]h ]h"]h$]h&]jtjuuh1jvhjhhhjhMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjhhhjhMubah}(h]jah ](jjeh"]h$]h&]jj)jhuh1j&hjhMhjhhubj)}(hhh]h)}(h!Initialize an inode's LSM contexth]h#Initialize an inode’s LSM context}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjhhubah}(h]h ]h"]h$]h&]uh1jhjhhhjhMubeh}(h]h ](jfunctioneh"]h$]h&]j jjj0jj0jjjuh1j!hhhhhNhNubj)}(hXd**Parameters** ``struct inode *inode`` the inode ``struct inode *dir`` parent directory ``const struct qstr *qstr`` last component of the pathname ``const initxattrs initxattrs`` callback function to write xattrs ``void *fs_data`` filesystem specific data **Description** Obtain the security attribute name suffix and value to set on a newly created inode and set up the incore security field for the new inode. This hook is called by the fs code as part of the inode creation transaction and provides for atomic labeling of the inode, unlike the post_create/mkdir/... hooks called by the VFS. The hook function is expected to populate the xattrs array, by calling lsm_get_xattr_slot() to retrieve the slots reserved by the security module with the lbs_xattr_count field of the lsm_blob_sizes structure. For each slot, the hook function should set ->name to the attribute name suffix (e.g. selinux), to allocate ->value (will be freed by the caller) and set it to the attribute value, to set ->value_len to the length of the value. If the security module does not use security attributes or does not wish to put a security attribute on this particular inode, then it should return -EOPNOTSUPP to skip this processing. **Return** Returns 0 if the LSM successfully initialized all of the inode security attributes that are required, negative values otherwise.h](h)}(h**Parameters**h]j)}(hj:h]h Parameters}(hj<hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj8ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj4ubj4)}(hhh](j9)}(h"``struct inode *inode`` the inode h](j?)}(h``struct inode *inode``h]h)}(hjYh]hstruct inode *inode}(hj[hhhNhNubah}(h]h ]h"]h$]h&]uh1hhjWubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjSubjY)}(hhh]h)}(h the inodeh]h the inode}(hjrhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjnhMhjoubah}(h]h ]h"]h$]h&]uh1jXhjSubeh}(h]h ]h"]h$]h&]uh1j8hjnhMhjPubj9)}(h'``struct inode *dir`` parent directory h](j?)}(h``struct inode *dir``h]h)}(hjh]hstruct inode *dir}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubjY)}(hhh]h)}(hparent directoryh]hparent directory}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhMhjubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hjhMhjPubj9)}(h;``const struct qstr *qstr`` last component of the pathname h](j?)}(h``const struct qstr *qstr``h]h)}(hjh]hconst struct qstr *qstr}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubjY)}(hhh]h)}(hlast component of the pathnameh]hlast component of the pathname}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhMhjubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hjhMhjPubj9)}(hB``const initxattrs initxattrs`` callback function to write xattrs h](j?)}(h``const initxattrs initxattrs``h]h)}(hjh]hconst initxattrs initxattrs}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubjY)}(hhh]h)}(h!callback function to write xattrsh]h!callback function to write xattrs}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhMhjubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hjhMhjPubj9)}(h+``void *fs_data`` filesystem specific data h](j?)}(h``void *fs_data``h]h)}(hj=h]h void *fs_data}(hj?hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj;ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj7ubjY)}(hhh]h)}(hfilesystem specific datah]hfilesystem specific data}(hjVhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjRhMhjSubah}(h]h ]h"]h$]h&]uh1jXhj7ubeh}(h]h ]h"]h$]h&]uh1j8hjRhMhjPubeh}(h]h ]h"]h$]h&]uh1j3hj4ubh)}(h**Description**h]j)}(hjxh]h Description}(hjzhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjvubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj4ubh)}(hXBObtain the security attribute name suffix and value to set on a newly created inode and set up the incore security field for the new inode. This hook is called by the fs code as part of the inode creation transaction and provides for atomic labeling of the inode, unlike the post_create/mkdir/... hooks called by the VFS.h]hXBObtain the security attribute name suffix and value to set on a newly created inode and set up the incore security field for the new inode. This hook is called by the fs code as part of the inode creation transaction and provides for atomic labeling of the inode, unlike the post_create/mkdir/... hooks called by the VFS.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj4ubh)}(hXqThe hook function is expected to populate the xattrs array, by calling lsm_get_xattr_slot() to retrieve the slots reserved by the security module with the lbs_xattr_count field of the lsm_blob_sizes structure. For each slot, the hook function should set ->name to the attribute name suffix (e.g. selinux), to allocate ->value (will be freed by the caller) and set it to the attribute value, to set ->value_len to the length of the value. If the security module does not use security attributes or does not wish to put a security attribute on this particular inode, then it should return -EOPNOTSUPP to skip this processing.h]hXqThe hook function is expected to populate the xattrs array, by calling lsm_get_xattr_slot() to retrieve the slots reserved by the security module with the lbs_xattr_count field of the lsm_blob_sizes structure. For each slot, the hook function should set ->name to the attribute name suffix (e.g. selinux), to allocate ->value (will be freed by the caller) and set it to the attribute value, to set ->value_len to the length of the value. If the security module does not use security attributes or does not wish to put a security attribute on this particular inode, then it should return -EOPNOTSUPP to skip this processing.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj4ubh)}(h **Return**h]j)}(hjh]hReturn}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj4ubh)}(hReturns 0 if the LSM successfully initialized all of the inode security attributes that are required, negative values otherwise.h]hReturns 0 if the LSM successfully initialized all of the inode security attributes that are required, negative values otherwise.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj4ubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j security_path_mknod (C function)c.security_path_mknodhNtauh1jhhhhhNhNubj")}(hhh](j')}(hgint security_path_mknod (const struct path *dir, struct dentry *dentry, umode_t mode, unsigned int dev)h]j-)}(hfint security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode, unsigned int dev)h](j3)}(hinth]hint}(hjhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM[ubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjhhhjhM[ubjV)}(hsecurity_path_mknodh]j\)}(hsecurity_path_mknodh]hsecurity_path_mknod}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjhhhjhM[ubjw)}(hO(const struct path *dir, struct dentry *dentry, umode_t mode, unsigned int dev)h](j})}(hconst struct path *dirh](j8)}(hj h]hconst}(hj0hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj,ubjE)}(h h]h }(hj=hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj,ubj8)}(hj;h]hstruct}(hjKhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj,ubjE)}(h h]h }(hjXhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj,ubh)}(hhh]j\)}(hpathh]hpath}(hjihhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjfubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjkmodnameN classnameNjsjv)}jy]j|)}jojsbc.security_path_mknodasbuh1hhj,ubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj,ubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj,ubj\)}(hdirh]hdir}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj,ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj(ubj})}(hstruct dentry *dentryh](j8)}(hj;h]hstruct}(hjhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubh)}(hhh]j\)}(hdentryh]hdentry}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjmodnameN classnameNjsjv)}jy]jc.security_path_mknodasbuh1hhjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjubj\)}(hdentryh]hdentry}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj(ubj})}(h umode_t modeh](h)}(hhh]j\)}(humode_th]humode_t}(hj0hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj-ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj2modnameN classnameNjsjv)}jy]jc.security_path_mknodasbuh1hhj)ubjE)}(h h]h }(hjNhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj)ubj\)}(hmodeh]hmode}(hj\hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj)ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj(ubj})}(hunsigned int devh](j3)}(hunsignedh]hunsigned}(hjuhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjqubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjqubj3)}(hinth]hint}(hjhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjqubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjqubj\)}(hdevh]hdev}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjqubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj(ubeh}(h]h ]h"]h$]h&]jtjuuh1jvhjhhhjhM[ubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjhhhjhM[ubah}(h]jah ](jjeh"]h$]h&]jj)jhuh1j&hjhM[hjhhubj)}(hhh]h)}(h+Check if creating a special file is allowedh]h+Check if creating a special file is allowed}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM[hjhhubah}(h]h ]h"]h$]h&]uh1jhjhhhjhM[ubeh}(h]h ](jfunctioneh"]h$]h&]j jjjjjjjjuh1j!hhhhhNhNubj)}(hXn**Parameters** ``const struct path *dir`` parent directory ``struct dentry *dentry`` new file ``umode_t mode`` new file mode ``unsigned int dev`` device number **Description** Check permissions when creating a file. Note that this hook is called even if mknod operation is being done for a regular file. **Return** Returns 0 if permission is granted.h](h)}(h**Parameters**h]j)}(hjh]h Parameters}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM_hjubj4)}(hhh](j9)}(h,``const struct path *dir`` parent directory h](j?)}(h``const struct path *dir``h]h)}(hjh]hconst struct path *dir}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM\hjubjY)}(hhh]h)}(hparent directoryh]hparent directory}(hj1hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj-hM\hj.ubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hj-hM\hjubj9)}(h#``struct dentry *dentry`` new file h](j?)}(h``struct dentry *dentry``h]h)}(hjQh]hstruct dentry *dentry}(hjShhhNhNubah}(h]h ]h"]h$]h&]uh1hhjOubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM]hjKubjY)}(hhh]h)}(hnew fileh]hnew file}(hjjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjfhM]hjgubah}(h]h ]h"]h$]h&]uh1jXhjKubeh}(h]h ]h"]h$]h&]uh1j8hjfhM]hjubj9)}(h``umode_t mode`` new file mode h](j?)}(h``umode_t mode``h]h)}(hjh]h umode_t mode}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM^hjubjY)}(hhh]h)}(h new file modeh]h new file mode}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhM^hjubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hjhM^hjubj9)}(h#``unsigned int dev`` device number h](j?)}(h``unsigned int dev``h]h)}(hjh]hunsigned int dev}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM_hjubjY)}(hhh]h)}(h device numberh]h device number}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhM_hjubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hjhM_hjubeh}(h]h ]h"]h$]h&]uh1j3hjubh)}(h**Description**h]j)}(hjh]h Description}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMahjubh)}(hCheck permissions when creating a file. Note that this hook is called even if mknod operation is being done for a regular file.h]hCheck permissions when creating a file. Note that this hook is called even if mknod operation is being done for a regular file.}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM`hjubh)}(h **Return**h]j)}(hj% h]hReturn}(hj' hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj# ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMchjubh)}(h#Returns 0 if permission is granted.h]h#Returns 0 if permission is granted.}(hj; hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMdhjubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j security_path_mkdir (C function)c.security_path_mkdirhNtauh1jhhhhhNhNubj")}(hhh](j')}(hUint security_path_mkdir (const struct path *dir, struct dentry *dentry, umode_t mode)h]j-)}(hTint security_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode)h](j3)}(hinth]hint}(hjj hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjf hhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM~ubjE)}(h h]h }(hjy hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjf hhhjx hM~ubjV)}(hsecurity_path_mkdirh]j\)}(hsecurity_path_mkdirh]hsecurity_path_mkdir}(hj hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj ubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjf hhhjx hM~ubjw)}(h=(const struct path *dir, struct dentry *dentry, umode_t mode)h](j})}(hconst struct path *dirh](j8)}(hj h]hconst}(hj hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj ubjE)}(h h]h }(hj hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj ubj8)}(hj;h]hstruct}(hj hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj ubjE)}(h h]h }(hj hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj ubh)}(hhh]j\)}(hpathh]hpath}(hj hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj modnameN classnameNjsjv)}jy]j|)}joj sbc.security_path_mkdirasbuh1hhj ubjE)}(h h]h }(hj!hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj ubj)}(hjh]h*}(hj!hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj ubj\)}(hdirh]hdir}(hj!hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj ubj})}(hstruct dentry *dentryh](j8)}(hj;h]hstruct}(hj4!hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj0!ubjE)}(h h]h }(hjA!hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj0!ubh)}(hhh]j\)}(hdentryh]hdentry}(hjR!hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjO!ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjT!modnameN classnameNjsjv)}jy]j c.security_path_mkdirasbuh1hhj0!ubjE)}(h h]h }(hjp!hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj0!ubj)}(hjh]h*}(hj~!hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj0!ubj\)}(hdentryh]hdentry}(hj!hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj0!ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj ubj})}(h umode_t modeh](h)}(hhh]j\)}(humode_th]humode_t}(hj!hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj!ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj!modnameN classnameNjsjv)}jy]j c.security_path_mkdirasbuh1hhj!ubjE)}(h h]h }(hj!hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj!ubj\)}(hmodeh]hmode}(hj!hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj!ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj ubeh}(h]h ]h"]h$]h&]jtjuuh1jvhjf hhhjx hM~ubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjb hhhjx hM~ubah}(h]j] ah ](jjeh"]h$]h&]jj)jhuh1j&hjx hM~hj_ hhubj)}(hhh]h)}(h,Check if creating a new directory is allowedh]h,Check if creating a new directory is allowed}(hj!hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM~hj!hhubah}(h]h ]h"]h$]h&]uh1jhj_ hhhjx hM~ubeh}(h]h ](jfunctioneh"]h$]h&]j jjj"jj"jjjuh1j!hhhhhNhNubj)}(hX**Parameters** ``const struct path *dir`` parent directory ``struct dentry *dentry`` new directory ``umode_t mode`` new directory mode **Description** Check permissions to create a new directory in the existing directory. **Return** Returns 0 if permission is granted.h](h)}(h**Parameters**h]j)}(hj"h]h Parameters}(hj!"hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj"ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj"ubj4)}(hhh](j9)}(h,``const struct path *dir`` parent directory h](j?)}(h``const struct path *dir``h]h)}(hj>"h]hconst struct path *dir}(hj@"hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj<"ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj8"ubjY)}(hhh]h)}(hparent directoryh]hparent directory}(hjW"hhhNhNubah}(h]h ]h"]h$]h&]uh1hhjS"hMhjT"ubah}(h]h ]h"]h$]h&]uh1jXhj8"ubeh}(h]h ]h"]h$]h&]uh1j8hjS"hMhj5"ubj9)}(h(``struct dentry *dentry`` new directory h](j?)}(h``struct dentry *dentry``h]h)}(hjw"h]hstruct dentry *dentry}(hjy"hhhNhNubah}(h]h ]h"]h$]h&]uh1hhju"ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjq"ubjY)}(hhh]h)}(h new directoryh]h new directory}(hj"hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj"hMhj"ubah}(h]h ]h"]h$]h&]uh1jXhjq"ubeh}(h]h ]h"]h$]h&]uh1j8hj"hMhj5"ubj9)}(h$``umode_t mode`` new directory mode h](j?)}(h``umode_t mode``h]h)}(hj"h]h umode_t mode}(hj"hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj"ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj"ubjY)}(hhh]h)}(hnew directory modeh]hnew directory mode}(hj"hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj"hMhj"ubah}(h]h ]h"]h$]h&]uh1jXhj"ubeh}(h]h ]h"]h$]h&]uh1j8hj"hMhj5"ubeh}(h]h ]h"]h$]h&]uh1j3hj"ubh)}(h**Description**h]j)}(hj"h]h Description}(hj"hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj"ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj"ubh)}(hFCheck permissions to create a new directory in the existing directory.h]hFCheck permissions to create a new directory in the existing directory.}(hj#hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj"ubh)}(h **Return**h]j)}(hj#h]hReturn}(hj#hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj#ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj"ubh)}(h#Returns 0 if permission is granted.h]h#Returns 0 if permission is granted.}(hj(#hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj"ubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j!security_path_unlink (C function)c.security_path_unlinkhNtauh1jhhhhhNhNubj")}(hhh](j')}(hHint security_path_unlink (const struct path *dir, struct dentry *dentry)h]j-)}(hGint security_path_unlink(const struct path *dir, struct dentry *dentry)h](j3)}(hinth]hint}(hjW#hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjS#hhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hjf#hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjS#hhhje#hMubjV)}(hsecurity_path_unlinkh]j\)}(hsecurity_path_unlinkh]hsecurity_path_unlink}(hjx#hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjt#ubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjS#hhhje#hMubjw)}(h/(const struct path *dir, struct dentry *dentry)h](j})}(hconst struct path *dirh](j8)}(hj h]hconst}(hj#hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj#ubjE)}(h h]h }(hj#hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj#ubj8)}(hj;h]hstruct}(hj#hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj#ubjE)}(h h]h }(hj#hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj#ubh)}(hhh]j\)}(hpathh]hpath}(hj#hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj#ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj#modnameN classnameNjsjv)}jy]j|)}jojz#sbc.security_path_unlinkasbuh1hhj#ubjE)}(h h]h }(hj#hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj#ubj)}(hjh]h*}(hj#hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj#ubj\)}(hdirh]hdir}(hj$hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj#ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj#ubj})}(hstruct dentry *dentryh](j8)}(hj;h]hstruct}(hj!$hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj$ubjE)}(h h]h }(hj.$hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj$ubh)}(hhh]j\)}(hdentryh]hdentry}(hj?$hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj<$ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjA$modnameN classnameNjsjv)}jy]j#c.security_path_unlinkasbuh1hhj$ubjE)}(h h]h }(hj]$hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj$ubj)}(hjh]h*}(hjk$hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj$ubj\)}(hdentryh]hdentry}(hjx$hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj$ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj#ubeh}(h]h ]h"]h$]h&]jtjuuh1jvhjS#hhhje#hMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjO#hhhje#hMubah}(h]jJ#ah ](jjeh"]h$]h&]jj)jhuh1j&hje#hMhjL#hhubj)}(hhh]h)}(h(Check if removing a hard link is allowedh]h(Check if removing a hard link is allowed}(hj$hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj$hhubah}(h]h ]h"]h$]h&]uh1jhjL#hhhje#hMubeh}(h]h ](jfunctioneh"]h$]h&]j jjj$jj$jjjuh1j!hhhhhNhNubj)}(h**Parameters** ``const struct path *dir`` parent directory ``struct dentry *dentry`` file **Description** Check the permission to remove a hard link to a file. **Return** Returns 0 if permission is granted.h](h)}(h**Parameters**h]j)}(hj$h]h Parameters}(hj$hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj$ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj$ubj4)}(hhh](j9)}(h,``const struct path *dir`` parent directory h](j?)}(h``const struct path *dir``h]h)}(hj$h]hconst struct path *dir}(hj$hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj$ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj$ubjY)}(hhh]h)}(hparent directoryh]hparent directory}(hj$hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj$hMhj$ubah}(h]h ]h"]h$]h&]uh1jXhj$ubeh}(h]h ]h"]h$]h&]uh1j8hj$hMhj$ubj9)}(h``struct dentry *dentry`` file h](j?)}(h``struct dentry *dentry``h]h)}(hj%h]hstruct dentry *dentry}(hj%hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj%ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj%ubjY)}(hhh]h)}(hfileh]hfile}(hj5%hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj1%hMhj2%ubah}(h]h ]h"]h$]h&]uh1jXhj%ubeh}(h]h ]h"]h$]h&]uh1j8hj1%hMhj$ubeh}(h]h ]h"]h$]h&]uh1j3hj$ubh)}(h**Description**h]j)}(hjW%h]h Description}(hjY%hhhNhNubah}(h]h ]h"]h$]h&]uh1jhjU%ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj$ubh)}(h5Check the permission to remove a hard link to a file.h]h5Check the permission to remove a hard link to a file.}(hjm%hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj$ubh)}(h **Return**h]j)}(hj~%h]hReturn}(hj%hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj|%ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj$ubh)}(h#Returns 0 if permission is granted.h]h#Returns 0 if permission is granted.}(hj%hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj$ubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j!security_path_rename (C function)c.security_path_renamehNtauh1jhhhhhNhNubj")}(hhh](j')}(hint security_path_rename (const struct path *old_dir, struct dentry *old_dentry, const struct path *new_dir, struct dentry *new_dentry, unsigned int flags)h]j-)}(hint security_path_rename(const struct path *old_dir, struct dentry *old_dentry, const struct path *new_dir, struct dentry *new_dentry, unsigned int flags)h](j3)}(hinth]hint}(hj%hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj%hhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hj%hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj%hhhj%hMubjV)}(hsecurity_path_renameh]j\)}(hsecurity_path_renameh]hsecurity_path_rename}(hj%hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj%ubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhj%hhhj%hMubjw)}(h(const struct path *old_dir, struct dentry *old_dentry, const struct path *new_dir, struct dentry *new_dentry, unsigned int flags)h](j})}(hconst struct path *old_dirh](j8)}(hj h]hconst}(hj&hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj%ubjE)}(h h]h }(hj &hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj%ubj8)}(hj;h]hstruct}(hj&hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj%ubjE)}(h h]h }(hj(&hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj%ubh)}(hhh]j\)}(hpathh]hpath}(hj9&hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj6&ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj;&modnameN classnameNjsjv)}jy]j|)}joj%sbc.security_path_renameasbuh1hhj%ubjE)}(h h]h }(hjY&hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj%ubj)}(hjh]h*}(hjg&hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj%ubj\)}(hold_dirh]hold_dir}(hjt&hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj%ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj%ubj})}(hstruct dentry *old_dentryh](j8)}(hj;h]hstruct}(hj&hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj&ubjE)}(h h]h }(hj&hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj&ubh)}(hhh]j\)}(hdentryh]hdentry}(hj&hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj&ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj&modnameN classnameNjsjv)}jy]jU&c.security_path_renameasbuh1hhj&ubjE)}(h h]h }(hj&hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj&ubj)}(hjh]h*}(hj&hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj&ubj\)}(h old_dentryh]h old_dentry}(hj&hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj&ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj%ubj})}(hconst struct path *new_dirh](j8)}(hj h]hconst}(hj&hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj&ubjE)}(h h]h }(hj 'hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj&ubj8)}(hj;h]hstruct}(hj'hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj&ubjE)}(h h]h }(hj%'hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj&ubh)}(hhh]j\)}(hpathh]hpath}(hj6'hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj3'ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj8'modnameN classnameNjsjv)}jy]jU&c.security_path_renameasbuh1hhj&ubjE)}(h h]h }(hjT'hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj&ubj)}(hjh]h*}(hjb'hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj&ubj\)}(hnew_dirh]hnew_dir}(hjo'hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj&ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj%ubj})}(hstruct dentry *new_dentryh](j8)}(hj;h]hstruct}(hj'hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj'ubjE)}(h h]h }(hj'hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj'ubh)}(hhh]j\)}(hdentryh]hdentry}(hj'hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj'ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj'modnameN classnameNjsjv)}jy]jU&c.security_path_renameasbuh1hhj'ubjE)}(h h]h }(hj'hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj'ubj)}(hjh]h*}(hj'hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj'ubj\)}(h new_dentryh]h new_dentry}(hj'hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj'ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj%ubj})}(hunsigned int flagsh](j3)}(hunsignedh]hunsigned}(hj'hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj'ubjE)}(h h]h }(hj(hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj'ubj3)}(hinth]hint}(hj(hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj'ubjE)}(h h]h }(hj"(hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj'ubj\)}(hflagsh]hflags}(hj0(hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj'ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj%ubeh}(h]h ]h"]h$]h&]jtjuuh1jvhj%hhhj%hMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhj%hhhj%hMubah}(h]j%ah ](jjeh"]h$]h&]jj)jhuh1j&hj%hMhj%hhubj)}(hhh]h)}(h#Check if renaming a file is allowedh]h#Check if renaming a file is allowed}(hjZ(hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjW(hhubah}(h]h ]h"]h$]h&]uh1jhj%hhhj%hMubeh}(h]h ](jfunctioneh"]h$]h&]j jjjr(jjr(jjjuh1j!hhhhhNhNubj)}(hX**Parameters** ``const struct path *old_dir`` parent directory of the old file ``struct dentry *old_dentry`` the old file ``const struct path *new_dir`` parent directory of the new file ``struct dentry *new_dentry`` the new file ``unsigned int flags`` flags **Description** Check for permission to rename a file or directory. **Return** Returns 0 if permission is granted.h](h)}(h**Parameters**h]j)}(hj|(h]h Parameters}(hj~(hhhNhNubah}(h]h ]h"]h$]h&]uh1jhjz(ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjv(ubj4)}(hhh](j9)}(h@``const struct path *old_dir`` parent directory of the old file h](j?)}(h``const struct path *old_dir``h]h)}(hj(h]hconst struct path *old_dir}(hj(hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj(ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj(ubjY)}(hhh]h)}(h parent directory of the old fileh]h parent directory of the old file}(hj(hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj(hMhj(ubah}(h]h ]h"]h$]h&]uh1jXhj(ubeh}(h]h ]h"]h$]h&]uh1j8hj(hMhj(ubj9)}(h+``struct dentry *old_dentry`` the old file h](j?)}(h``struct dentry *old_dentry``h]h)}(hj(h]hstruct dentry *old_dentry}(hj(hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj(ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj(ubjY)}(hhh]h)}(h the old fileh]h the old file}(hj(hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj(hMhj(ubah}(h]h ]h"]h$]h&]uh1jXhj(ubeh}(h]h ]h"]h$]h&]uh1j8hj(hMhj(ubj9)}(h@``const struct path *new_dir`` parent directory of the new file h](j?)}(h``const struct path *new_dir``h]h)}(hj )h]hconst struct path *new_dir}(hj)hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj )ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj)ubjY)}(hhh]h)}(h parent directory of the new fileh]h parent directory of the new file}(hj&)hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj")hMhj#)ubah}(h]h ]h"]h$]h&]uh1jXhj)ubeh}(h]h ]h"]h$]h&]uh1j8hj")hMhj(ubj9)}(h+``struct dentry *new_dentry`` the new file h](j?)}(h``struct dentry *new_dentry``h]h)}(hjF)h]hstruct dentry *new_dentry}(hjH)hhhNhNubah}(h]h ]h"]h$]h&]uh1hhjD)ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj@)ubjY)}(hhh]h)}(h the new fileh]h the new file}(hj_)hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj[)hMhj\)ubah}(h]h ]h"]h$]h&]uh1jXhj@)ubeh}(h]h ]h"]h$]h&]uh1j8hj[)hMhj(ubj9)}(h``unsigned int flags`` flags h](j?)}(h``unsigned int flags``h]h)}(hj)h]hunsigned int flags}(hj)hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj})ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjy)ubjY)}(hhh]h)}(hflagsh]hflags}(hj)hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj)hMhj)ubah}(h]h ]h"]h$]h&]uh1jXhjy)ubeh}(h]h ]h"]h$]h&]uh1j8hj)hMhj(ubeh}(h]h ]h"]h$]h&]uh1j3hjv(ubh)}(h**Description**h]j)}(hj)h]h Description}(hj)hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj)ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjv(ubh)}(h3Check for permission to rename a file or directory.h]h3Check for permission to rename a file or directory.}(hj)hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjv(ubh)}(h **Return**h]j)}(hj)h]hReturn}(hj)hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj)ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjv(ubh)}(h#Returns 0 if permission is granted.h]h#Returns 0 if permission is granted.}(hj)hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjv(ubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j"security_inode_create (C function)c.security_inode_createhNtauh1jhhhhhNhNubj")}(hhh](j')}(hRint security_inode_create (struct inode *dir, struct dentry *dentry, umode_t mode)h]j-)}(hQint security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode)h](j3)}(hinth]hint}(hj&*hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj"*hhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM2ubjE)}(h h]h }(hj5*hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj"*hhhj4*hM2ubjV)}(hsecurity_inode_createh]j\)}(hsecurity_inode_createh]hsecurity_inode_create}(hjG*hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjC*ubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhj"*hhhj4*hM2ubjw)}(h8(struct inode *dir, struct dentry *dentry, umode_t mode)h](j})}(hstruct inode *dirh](j8)}(hj;h]hstruct}(hjc*hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj_*ubjE)}(h h]h }(hjp*hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj_*ubh)}(hhh]j\)}(hinodeh]hinode}(hj*hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj~*ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj*modnameN classnameNjsjv)}jy]j|)}jojI*sbc.security_inode_createasbuh1hhj_*ubjE)}(h h]h }(hj*hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj_*ubj)}(hjh]h*}(hj*hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj_*ubj\)}(hdirh]hdir}(hj*hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj_*ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj[*ubj})}(hstruct dentry *dentryh](j8)}(hj;h]hstruct}(hj*hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj*ubjE)}(h h]h }(hj*hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj*ubh)}(hhh]j\)}(hdentryh]hdentry}(hj*hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj*ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj*modnameN classnameNjsjv)}jy]j*c.security_inode_createasbuh1hhj*ubjE)}(h h]h }(hj+hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj*ubj)}(hjh]h*}(hj+hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj*ubj\)}(hdentryh]hdentry}(hj,+hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj*ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj[*ubj})}(h umode_t modeh](h)}(hhh]j\)}(humode_th]humode_t}(hjH+hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjE+ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjJ+modnameN classnameNjsjv)}jy]j*c.security_inode_createasbuh1hhjA+ubjE)}(h h]h }(hjf+hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjA+ubj\)}(hmodeh]hmode}(hjt+hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjA+ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj[*ubeh}(h]h ]h"]h$]h&]jtjuuh1jvhj"*hhhj4*hM2ubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhj*hhhj4*hM2ubah}(h]j*ah ](jjeh"]h$]h&]jj)jhuh1j&hj4*hM2hj*hhubj)}(hhh]h)}(h#Check if creating a file is allowedh]h#Check if creating a file is allowed}(hj+hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM2hj+hhubah}(h]h ]h"]h$]h&]uh1jhj*hhhj4*hM2ubeh}(h]h ](jfunctioneh"]h$]h&]j jjj+jj+jjjuh1j!hhhhhNhNubj)}(hX**Parameters** ``struct inode *dir`` the parent directory ``struct dentry *dentry`` the file being created ``umode_t mode`` requested file mode **Description** Check permission to create a regular file. **Return** Returns 0 if permission is granted.h](h)}(h**Parameters**h]j)}(hj+h]h Parameters}(hj+hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj+ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM6hj+ubj4)}(hhh](j9)}(h+``struct inode *dir`` the parent directory h](j?)}(h``struct inode *dir``h]h)}(hj+h]hstruct inode *dir}(hj+hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj+ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM3hj+ubjY)}(hhh]h)}(hthe parent directoryh]hthe parent directory}(hj+hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj+hM3hj+ubah}(h]h ]h"]h$]h&]uh1jXhj+ubeh}(h]h ]h"]h$]h&]uh1j8hj+hM3hj+ubj9)}(h1``struct dentry *dentry`` the file being created h](j?)}(h``struct dentry *dentry``h]h)}(hj,h]hstruct dentry *dentry}(hj,hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj,ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM4hj,ubjY)}(hhh]h)}(hthe file being createdh]hthe file being created}(hj1,hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj-,hM4hj.,ubah}(h]h ]h"]h$]h&]uh1jXhj,ubeh}(h]h ]h"]h$]h&]uh1j8hj-,hM4hj+ubj9)}(h%``umode_t mode`` requested file mode h](j?)}(h``umode_t mode``h]h)}(hjQ,h]h umode_t mode}(hjS,hhhNhNubah}(h]h ]h"]h$]h&]uh1hhjO,ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM5hjK,ubjY)}(hhh]h)}(hrequested file modeh]hrequested file mode}(hjj,hhhNhNubah}(h]h ]h"]h$]h&]uh1hhjf,hM5hjg,ubah}(h]h ]h"]h$]h&]uh1jXhjK,ubeh}(h]h ]h"]h$]h&]uh1j8hjf,hM5hj+ubeh}(h]h ]h"]h$]h&]uh1j3hj+ubh)}(h**Description**h]j)}(hj,h]h Description}(hj,hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj,ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM7hj+ubh)}(h*Check permission to create a regular file.h]h*Check permission to create a regular file.}(hj,hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM6hj+ubh)}(h **Return**h]j)}(hj,h]hReturn}(hj,hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj,ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM8hj+ubh)}(h#Returns 0 if permission is granted.h]h#Returns 0 if permission is granted.}(hj,hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM9hj+ubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j!security_inode_mkdir (C function)c.security_inode_mkdirhNtauh1jhhhhhNhNubj")}(hhh](j')}(hQint security_inode_mkdir (struct inode *dir, struct dentry *dentry, umode_t mode)h]j-)}(hPint security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)h](j3)}(hinth]hint}(hj,hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj,hhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hj-hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj,hhhj-hMubjV)}(hsecurity_inode_mkdirh]j\)}(hsecurity_inode_mkdirh]hsecurity_inode_mkdir}(hj-hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj-ubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhj,hhhj-hMubjw)}(h8(struct inode *dir, struct dentry *dentry, umode_t mode)Ph](j})}(hstruct inode *dirh](j8)}(hj;h]hstruct}(hj5-hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj1-ubjE)}(h h]h }(hjB-hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj1-ubh)}(hhh]j\)}(hinodeh]hinode}(hjS-hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjP-ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjU-modnameN classnameNjsjv)}jy]j|)}joj-sbc.security_inode_mkdirasbuh1hhj1-ubjE)}(h h]h }(hjs-hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj1-ubj)}(hjh]h*}(hj-hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj1-ubj\)}(hdirh]hdir}(hj-hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj1-ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj--ubj})}(hstruct dentry *dentryh](j8)}(hj;h]hstruct}(hj-hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj-ubjE)}(h h]h }(hj-hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj-ubh)}(hhh]j\)}(hdentryh]hdentry}(hj-hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj-ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj-modnameN classnameNjsjv)}jy]jo-c.security_inode_mkdirasbuh1hhj-ubjE)}(h h]h }(hj-hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj-ubj)}(hjh]h*}(hj-hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj-ubj\)}(hdentryh]hdentry}(hj-hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj-ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj--ubj})}(h umode_t modeh](h)}(hhh]j\)}(humode_th]humode_t}(hj.hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj.ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj.modnameN classnameNjsjv)}jy]jo-c.security_inode_mkdirasbuh1hhj.ubjE)}(h h]h }(hj8.hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj.ubj\)}(hmodeh]hmode}(hjF.hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj.ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj--ubeh}(h]h ]h"]h$]h&]jtjuuh1jvhj,hhhj-hMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhj,hhhj-hMubah}(h]j,ah ](jjeh"]h$]h&]jj)jhuh1j&hj-hMhj,hhubj)}(hhh]h)}(h,Check if creating a new directory is allowedh]h,Check if creating a new directory is allowed}(hjp.hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjm.hhubah}(h]h ]h"]h$]h&]uh1jhj,hhhj-hMubeh}(h]h ](jfunctioneh"]h$]h&]j jjj.jj.jjjuh1j!hhhhhNhNubj)}(hX<**Parameters** ``struct inode *dir`` parent directory ``struct dentry *dentry`` new directory ``umode_t mode`` new directory mode **Description** Check permissions to create a new directory in the existing directory associated with inode structure **dir**. **Return** Returns 0 if permission is granted.h](h)}(h**Parameters**h]j)}(hj.h]h Parameters}(hj.hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj.ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj.ubj4)}(hhh](j9)}(h'``struct inode *dir`` parent directory h](j?)}(h``struct inode *dir``h]h)}(hj.h]hstruct inode *dir}(hj.hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj.ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj.ubjY)}(hhh]h)}(hparent directoryh]hparent directory}(hj.hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj.hMhj.ubah}(h]h ]h"]h$]h&]uh1jXhj.ubeh}(h]h ]h"]h$]h&]uh1j8hj.hMhj.ubj9)}(h(``struct dentry *dentry`` new directory h](j?)}(h``struct dentry *dentry``h]h)}(hj.h]hstruct dentry *dentry}(hj.hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj.ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj.ubjY)}(hhh]h)}(h new directoryh]h new directory}(hj/hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj.hMhj/ubah}(h]h ]h"]h$]h&]uh1jXhj.ubeh}(h]h ]h"]h$]h&]uh1j8hj.hMhj.ubj9)}(h$``umode_t mode`` new directory mode h](j?)}(h``umode_t mode``h]h)}(hj#/h]h umode_t mode}(hj%/hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj!/ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj/ubjY)}(hhh]h)}(hnew directory modeh]hnew directory mode}(hjh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj1ubjY)}(hhh]h)}(hidmap of the mounth]hidmap of the mount}(hj1hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj1hM hj1ubah}(h]h ]h"]h$]h&]uh1jXhj1ubeh}(h]h ]h"]h$]h&]uh1j8hj1hM hj1ubj9)}(h``struct dentry *dentry`` file h](j?)}(h``struct dentry *dentry``h]h)}(hj1h]hstruct dentry *dentry}(hj1hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj1ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj1ubjY)}(hhh]h)}(hfileh]hfile}(hj2hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj 2hM hj 2ubah}(h]h ]h"]h$]h&]uh1jXhj1ubeh}(h]h ]h"]h$]h&]uh1j8hj 2hM hj1ubj9)}(h&``struct iattr *attr`` new attributes h](j?)}(h``struct iattr *attr``h]h)}(hj/2h]hstruct iattr *attr}(hj12hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj-2ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj)2ubjY)}(hhh]h)}(hnew attributesh]hnew attributes}(hjH2hhhNhNubah}(h]h ]h"]h$]h&]uh1hhjD2hM hjE2ubah}(h]h ]h"]h$]h&]uh1jXhj)2ubeh}(h]h ]h"]h$]h&]uh1j8hjD2hM hj1ubeh}(h]h ]h"]h$]h&]uh1j3hj1ubh)}(h**Description**h]j)}(hjj2h]h Description}(hjl2hhhNhNubah}(h]h ]h"]h$]h&]uh1jhjh2ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj1ubh)}(hCheck permission before setting file attributes. Note that the kernel call to notify_change is performed from several locations, whenever file attributes change (such as when a file is truncated, chown/chmod operations, transferring disk quotas, etc).h]hCheck permission before setting file attributes. Note that the kernel call to notify_change is performed from several locations, whenever file attributes change (such as when a file is truncated, chown/chmod operations, transferring disk quotas, etc).}(hj2hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj1ubh)}(h **Return**h]j)}(hj2h]hReturn}(hj2hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj2ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM! hj1ubh)}(h#Returns 0 if permission is granted.h]h#Returns 0 if permission is granted.}(hj2hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM" hj1ubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j(security_inode_listsecurity (C function)c.security_inode_listsecurityhNtauh1jhhhhhNhNubj")}(hhh](j')}(hWint security_inode_listsecurity (struct inode *inode, char *buffer, size_t buffer_size)h]j-)}(hVint security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)h](j3)}(hinth]hint}(hj2hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj2hhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM ubjE)}(h h]h }(hj2hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj2hhhj2hM ubjV)}(hsecurity_inode_listsecurityh]j\)}(hsecurity_inode_listsecurityh]hsecurity_inode_listsecurity}(hj2hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj2ubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhj2hhhj2hM ubjw)}(h7(struct inode *inode, char *buffer, size_t buffer_size)h](j})}(hstruct inode *inodeh](j8)}(hj;h]hstruct}(hj3hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj3ubjE)}(h h]h }(hj 3hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj3ubh)}(hhh]j\)}(hinodeh]hinode}(hj13hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj.3ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj33modnameN classnameNjsjv)}jy]j|)}joj2sbc.security_inode_listsecurityasbuh1hhj3ubjE)}(h h]h }(hjQ3hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj3ubj)}(hjh]h*}(hj_3hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj3ubj\)}(hinodeh]hinode}(hjl3hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj3ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj 3ubj})}(h char *bufferh](j3)}(hcharh]hchar}(hj3hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj3ubjE)}(h h]h }(hj3hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj3ubj)}(hjh]h*}(hj3hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj3ubj\)}(hbufferh]hbuffer}(hj3hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj3ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj 3ubj})}(hsize_t buffer_sizeh](h)}(hhh]j\)}(hsize_th]hsize_t}(hj3hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj3ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj3modnameN classnameNjsjv)}jy]jM3c.security_inode_listsecurityasbuh1hhj3ubjE)}(h h]h }(hj3hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj3ubj\)}(h buffer_sizeh]h buffer_size}(hj3hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj3ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj 3ubeh}(h]h ]h"]h$]h&]jtjuuh1jvhj2hhhj2hM ubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhj2hhhj2hM ubah}(h]j2ah ](jjeh"]h$]h&]jj)jhuh1j&hj2hM hj2hhubj)}(hhh]h)}(h#List the xattr security label namesh]h#List the xattr security label names}(hj 4hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj4hhubah}(h]h ]h"]h$]h&]uh1jhj2hhhj2hM ubeh}(h]h ](jfunctioneh"]h$]h&]j jjj84jj84jjjuh1j!hhhhhNhNubj)}(hX**Parameters** ``struct inode *inode`` inode ``char *buffer`` buffer ``size_t buffer_size`` size of buffer **Description** Copy the extended attribute names for the security labels associated with **inode** into **buffer**. The maximum size of **buffer** is specified by **buffer_size**. **buffer** may be NULL to request the size of the buffer required. **Return** Returns number of bytes used/required on success.h](h)}(h**Parameters**h]j)}(hjB4h]h Parameters}(hjD4hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj@4ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj<4ubj4)}(hhh](j9)}(h``struct inode *inode`` inode h](j?)}(h``struct inode *inode``h]h)}(hja4h]hstruct inode *inode}(hjc4hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj_4ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj[4ubjY)}(hhh]h)}(hinodeh]hinode}(hjz4hhhNhNubah}(h]h ]h"]h$]h&]uh1hhjv4hM hjw4ubah}(h]h ]h"]h$]h&]uh1jXhj[4ubeh}(h]h ]h"]h$]h&]uh1j8hjv4hM hjX4ubj9)}(h``char *buffer`` buffer h](j?)}(h``char *buffer``h]h)}(hj4h]h char *buffer}(hj4hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj4ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj4ubjY)}(hhh]h)}(hbufferh]hbuffer}(hj4hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj4hM hj4ubah}(h]h ]h"]h$]h&]uh1jXhj4ubeh}(h]h ]h"]h$]h&]uh1j8hj4hM hjX4ubj9)}(h&``size_t buffer_size`` size of buffer h](j?)}(h``size_t buffer_size``h]h)}(hj4h]hsize_t buffer_size}(hj4hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj4ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj4ubjY)}(hhh]h)}(hsize of bufferh]hsize of buffer}(hj4hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj4hM hj4ubah}(h]h ]h"]h$]h&]uh1jXhj4ubeh}(h]h ]h"]h$]h&]uh1j8hj4hM hjX4ubeh}(h]h ]h"]h$]h&]uh1j3hj<4ubh)}(h**Description**h]j)}(hj5h]h Description}(hj5hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj 5ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj<4ubh)}(hCopy the extended attribute names for the security labels associated with **inode** into **buffer**. The maximum size of **buffer** is specified by **buffer_size**. **buffer** may be NULL to request the size of the buffer required.h](hJCopy the extended attribute names for the security labels associated with }(hj$5hhhNhNubj)}(h **inode**h]hinode}(hj,5hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj$5ubh into }(hj$5hhhNhNubj)}(h **buffer**h]hbuffer}(hj>5hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj$5ubh. The maximum size of }(hj$5hhhNhNubj)}(h **buffer**h]hbuffer}(hjP5hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj$5ubh is specified by }(hj$5hhhNhNubj)}(h**buffer_size**h]h buffer_size}(hjb5hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj$5ubh. }(hj$5hhhNhNubj)}(h **buffer**h]hbuffer}(hjt5hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj$5ubh8 may be NULL to request the size of the buffer required.}(hj$5hhhNhNubeh}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj<4ubh)}(h **Return**h]j)}(hj5h]hReturn}(hj5hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj5ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj<4ubh)}(h1Returns number of bytes used/required on success.h]h1Returns number of bytes used/required on success.}(hj5hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj<4ubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j#security_inode_copy_up (C function)c.security_inode_copy_uphNtauh1jhhhhhNhNubj")}(hhh](j')}(hBint security_inode_copy_up (struct dentry *src, struct cred **new)h]j-)}(hAint security_inode_copy_up(struct dentry *src, struct cred **new)h](j3)}(hinth]hint}(hj5hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj5hhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM ubjE)}(h h]h }(hj5hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj5hhhj5hM ubjV)}(hsecurity_inode_copy_uph]j\)}(hsecurity_inode_copy_uph]hsecurity_inode_copy_up}(hj5hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj5ubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhj5hhhj5hM ubjw)}(h'(struct dentry *src, struct cred **new)h](j})}(hstruct dentry *srch](j8)}(hj;h]hstruct}(hj6hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj 6ubjE)}(h h]h }(hj6hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj 6ubh)}(hhh]j\)}(hdentryh]hdentry}(hj/6hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj,6ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj16modnameN classnameNjsjv)}jy]j|)}joj5sbc.security_inode_copy_upasbuh1hhj 6ubjE)}(h h]h }(hjO6hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj 6ubj)}(hjh]h*}(hj]6hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj 6ubj\)}(hsrch]hsrc}(hjj6hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj 6ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj 6ubj})}(hstruct cred **newh](j8)}(hj;h]hstruct}(hj6hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj6ubjE)}(h h]h }(hj6hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj6ubh)}(hhh]j\)}(hcredh]hcred}(hj6hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj6ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj6modnameN classnameNjsjv)}jy]jK6c.security_inode_copy_upasbuh1hhj6ubjE)}(h h]h }(hj6hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj6ubj)}(hjh]h*}(hj6hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj6ubj)}(hjh]h*}(hj6hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj6ubj\)}(hnewh]hnew}(hj6hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj6ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj 6ubeh}(h]h ]h"]h$]h&]jtjuuh1jvhj5hhhj5hM ubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhj5hhhj5hM ubah}(h]j5ah ](jjeh"]h$]h&]jj)jhuh1j&hj5hM hj5hhubj)}(hhh]h)}(h,Create new creds for an overlayfs copy-up oph]h,Create new creds for an overlayfs copy-up op}(hj7hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj7hhubah}(h]h ]h"]h$]h&]uh1jhj5hhhj5hM ubeh}(h]h ](jfunctioneh"]h$]h&]j jjj)7jj)7jjjuh1j!hhhhhNhNubj)}(hX**Parameters** ``struct dentry *src`` union dentry of copy-up file ``struct cred **new`` newly created creds **Description** A file is about to be copied up from lower layer to upper layer of overlay filesystem. Security module can prepare a set of new creds and modify as need be and return new creds. Caller will switch to new creds temporarily to create new file and release newly allocated creds. **Return** Returns 0 on success or a negative error code on error.h](h)}(h**Parameters**h]j)}(hj37h]h Parameters}(hj57hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj17ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj-7ubj4)}(hhh](j9)}(h4``struct dentry *src`` union dentry of copy-up file h](j?)}(h``struct dentry *src``h]h)}(hjR7h]hstruct dentry *src}(hjT7hhhNhNubah}(h]h ]h"]h$]h&]uh1hhjP7ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjL7ubjY)}(hhh]h)}(hunion dentry of copy-up fileh]hunion dentry of copy-up file}(hjk7hhhNhNubah}(h]h ]h"]h$]h&]uh1hhjg7hM hjh7ubah}(h]h ]h"]h$]h&]uh1jXhjL7ubeh}(h]h ]h"]h$]h&]uh1j8hjg7hM hjI7ubj9)}(h*``struct cred **new`` newly created creds h](j?)}(h``struct cred **new``h]h)}(hj7h]hstruct cred **new}(hj7hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj7ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj7ubjY)}(hhh]h)}(hnewly created credsh]hnewly created creds}(hj7hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj7hM hj7ubah}(h]h ]h"]h$]h&]uh1jXhj7ubeh}(h]h ]h"]h$]h&]uh1j8hj7hM hjI7ubeh}(h]h ]h"]h$]h&]uh1j3hj-7ubh)}(h**Description**h]j)}(hj7h]h Description}(hj7hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj7ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj-7ubh)}(hXA file is about to be copied up from lower layer to upper layer of overlay filesystem. Security module can prepare a set of new creds and modify as need be and return new creds. Caller will switch to new creds temporarily to create new file and release newly allocated creds.h]hXA file is about to be copied up from lower layer to upper layer of overlay filesystem. Security module can prepare a set of new creds and modify as need be and return new creds. Caller will switch to new creds temporarily to create new file and release newly allocated creds.}(hj7hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj-7ubh)}(h **Return**h]j)}(hj7h]hReturn}(hj7hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj7ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj-7ubh)}(h7Returns 0 on success or a negative error code on error.h]h7Returns 0 on success or a negative error code on error.}(hj8hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj-7ubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j)security_inode_copy_up_xattr (C function)c.security_inode_copy_up_xattrhNtauh1jhhhhhNhNubj")}(hhh](j')}(hGint security_inode_copy_up_xattr (struct dentry *src, const char *name)h]j-)}(hFint security_inode_copy_up_xattr(struct dentry *src, const char *name)h](j3)}(hinth]hint}(hj28hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj.8hhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM ubjE)}(h h]h }(hjA8hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj.8hhhj@8hM ubjV)}(hsecurity_inode_copy_up_xattrh]j\)}(hsecurity_inode_copy_up_xattrh]hsecurity_inode_copy_up_xattr}(hjS8hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjO8ubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhj.8hhhj@8hM ubjw)}(h&(struct dentry *src, const char *name)h](j})}(hstruct dentry *srch](j8)}(hj;h]hstruct}(hjo8hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjk8ubjE)}(h h]h }(hj|8hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjk8ubh)}(hhh]j\)}(hdentryh]hdentry}(hj8hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj8ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj8modnameN classnameNjsjv)}jy]j|)}jojU8sbc.security_inode_copy_up_xattrasbuh1hhjk8ubjE)}(h h]h }(hj8hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjk8ubj)}(hjh]h*}(hj8hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjk8ubj\)}(hsrch]hsrc}(hj8hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjk8ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjg8ubj})}(hconst char *nameh](j8)}(hj h]hconst}(hj8hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj8ubjE)}(h h]h }(hj8hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj8ubj3)}(hcharh]hchar}(hj8hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj8ubjE)}(h h]h }(hj 9hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj8ubj)}(hjh]h*}(hj9hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj8ubj\)}(hnameh]hname}(hj%9hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj8ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjg8ubeh}(h]h ]h"]h$]h&]jtjuuh1jvhj.8hhhj@8hM ubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhj*8hhhj@8hM ubah}(h]j%8ah ](jjeh"]h$]h&]jj)jhuh1j&hj@8hM hj'8hhubj)}(hhh]h)}(h(Filter xattrs in an overlayfs copy-up oph]h(Filter xattrs in an overlayfs copy-up op}(hjO9hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjL9hhubah}(h]h ]h"]h$]h&]uh1jhj'8hhhj@8hM ubeh}(h]h ](jfunctioneh"]h$]h&]j jjjg9jjg9jjjuh1j!hhhhhNhNubj)}(hX**Parameters** ``struct dentry *src`` union dentry of copy-up file ``const char *name`` xattr name **Description** Filter the xattrs being copied up when a unioned file is copied up from a lower layer to the union/overlay layer. The caller is responsible for reading and writing the xattrs, this hook is merely a filter. **Return** Returns 0 to accept the xattr, -ECANCELED to discard the xattr, -EOPNOTSUPP if the security module does not know about attribute, or a negative error code to abort the copy up.h](h)}(h**Parameters**h]j)}(hjq9h]h Parameters}(hjs9hhhNhNubah}(h]h ]h"]h$]h&]uh1jhjo9ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjk9ubj4)}(hhh](j9)}(h4``struct dentry *src`` union dentry of copy-up file h](j?)}(h``struct dentry *src``h]h)}(hj9h]hstruct dentry *src}(hj9hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj9ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj9ubjY)}(hhh]h)}(hunion dentry of copy-up fileh]hunion dentry of copy-up file}(hj9hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj9hM hj9ubah}(h]h ]h"]h$]h&]uh1jXhj9ubeh}(h]h ]h"]h$]h&]uh1j8hj9hM hj9ubj9)}(h ``const char *name`` xattr name h](j?)}(h``const char *name``h]h)}(hj9h]hconst char *name}(hj9hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj9ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj9ubjY)}(hhh]h)}(h xattr nameh]h xattr name}(hj9hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj9hM hj9ubah}(h]h ]h"]h$]h&]uh1jXhj9ubeh}(h]h ]h"]h$]h&]uh1j8hj9hM hj9ubeh}(h]h ]h"]h$]h&]uh1j3hjk9ubh)}(h**Description**h]j)}(hj:h]h Description}(hj:hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj:ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjk9ubh)}(hFilter the xattrs being copied up when a unioned file is copied up from a lower layer to the union/overlay layer. The caller is responsible for reading and writing the xattrs, this hook is merely a filter.h]hFilter the xattrs being copied up when a unioned file is copied up from a lower layer to the union/overlay layer. The caller is responsible for reading and writing the xattrs, this hook is merely a filter.}(hj:hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjk9ubh)}(h **Return**h]j)}(hj+:h]hReturn}(hj-:hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj):ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjk9ubh)}(hReturns 0 to accept the xattr, -ECANCELED to discard the xattr, -EOPNOTSUPP if the security module does not know about attribute, or a negative error code to abort the copy up.h]hReturns 0 to accept the xattr, -ECANCELED to discard the xattr, -EOPNOTSUPP if the security module does not know about attribute, or a negative error code to abort the copy up.}(hjA:hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjk9ubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j(security_inode_setintegrity (C function)c.security_inode_setintegrityhNtauh1jhhhhhNhNubj")}(hhh](j')}(hyint security_inode_setintegrity (const struct inode *inode, enum lsm_integrity_type type, const void *value, size_t size)h]j-)}(hxint security_inode_setintegrity(const struct inode *inode, enum lsm_integrity_type type, const void *value, size_t size)h](j3)}(hinth]hint}(hjp:hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjl:hhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM ubjE)}(h h]h }(hj:hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjl:hhhj~:hM ubjV)}(hsecurity_inode_setintegrityh]j\)}(hsecurity_inode_setintegrityh]hsecurity_inode_setintegrity}(hj:hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj:ubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjl:hhhj~:hM ubjw)}(hY(const struct inode *inode, enum lsm_integrity_type type, const void *value, size_t size)h](j})}(hconst struct inode *inodeh](j8)}(hj h]hconst}(hj:hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj:ubjE)}(h h]h }(hj:hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj:ubj8)}(hj;h]hstruct}(hj:hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj:ubjE)}(h h]h }(hj:hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj:ubh)}(hhh]j\)}(hinodeh]hinode}(hj:hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj:ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj:modnameN classnameNjsjv)}jy]j|)}joj:sbc.security_inode_setintegrityasbuh1hhj:ubjE)}(h h]h }(hj;hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj:ubj)}(hjh]h*}(hj;hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj:ubj\)}(hinodeh]hinode}(hj!;hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj:ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj:ubj})}(henum lsm_integrity_type typeh](j8)}(henumh]henum}(hj:;hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj6;ubjE)}(h h]h }(hjH;hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj6;ubh)}(hhh]j\)}(hlsm_integrity_typeh]hlsm_integrity_type}(hjY;hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjV;ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj[;modnameN classnameNjsjv)}jy]j;c.security_inode_setintegrityasbuh1hhj6;ubjE)}(h h]h }(hjw;hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj6;ubj\)}(htypeh]htype}(hj;hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj6;ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj:ubj})}(hconst void *valueh](j8)}(hj h]hconst}(hj;hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj;ubjE)}(h h]h }(hj;hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj;ubj3)}(hvoidh]hvoid}(hj;hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj;ubjE)}(h h]h }(hj;hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj;ubj)}(hjh]h*}(hj;hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj;ubj\)}(hvalueh]hvalue}(hj;hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj;ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj:ubj})}(h size_t sizeh](h)}(hhh]j\)}(hsize_th]hsize_t}(hj;hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj;ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj<modnameN classnameNjsjv)}jy]j;c.security_inode_setintegrityasbuh1hhj;ubjE)}(h h]h }(hj<hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj;ubj\)}(hsizeh]hsize}(hj*<hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj;ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj:ubeh}(h]h ]h"]h$]h&]jtjuuh1jvhjl:hhhj~:hM ubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjh:hhhj~:hM ubah}(h]jc:ah ](jjeh"]h$]h&]jj)jhuh1j&hj~:hM hje:hhubj)}(hhh]h)}(hSet the inode's integrity datah]h Set the inode’s integrity data}(hjT<hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjQ<hhubah}(h]h ]h"]h$]h&]uh1jhje:hhhj~:hM ubeh}(h]h ](jfunctioneh"]h$]h&]j jjjl<jjl<jjjuh1j!hhhhhNhNubj)}(hX**Parameters** ``const struct inode *inode`` inode ``enum lsm_integrity_type type`` type of integrity, e.g. hash digest, signature, etc ``const void *value`` the integrity value ``size_t size`` size of the integrity value **Description** Register a verified integrity measurement of a inode with LSMs. LSMs should free the previously saved data if **value** is NULL. **Return** Returns 0 on success, negative values on failure.h](h)}(h**Parameters**h]j)}(hjv<h]h Parameters}(hjx<hhhNhNubah}(h]h ]h"]h$]h&]uh1jhjt<ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjp<ubj4)}(hhh](j9)}(h$``const struct inode *inode`` inode h](j?)}(h``const struct inode *inode``h]h)}(hj<h]hconst struct inode *inode}(hj<hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj<ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj<ubjY)}(hhh]h)}(hinodeh]hinode}(hj<hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj<hM hj<ubah}(h]h ]h"]h$]h&]uh1jXhj<ubeh}(h]h ]h"]h$]h&]uh1j8hj<hM hj<ubj9)}(hU``enum lsm_integrity_type type`` type of integrity, e.g. hash digest, signature, etc h](j?)}(h ``enum lsm_integrity_type type``h]h)}(hj<h]henum lsm_integrity_type type}(hj<hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj<ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj<ubjY)}(hhh]h)}(h3type of integrity, e.g. hash digest, signature, etch]h3type of integrity, e.g. hash digest, signature, etc}(hj<hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj<hM hj<ubah}(h]h ]h"]h$]h&]uh1jXhj<ubeh}(h]h ]h"]h$]h&]uh1j8hj<hM hj<ubj9)}(h*``const void *value`` the integrity value h](j?)}(h``const void *value``h]h)}(hj=h]hconst void *value}(hj =hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj=ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj=ubjY)}(hhh]h)}(hthe integrity valueh]hthe integrity value}(hj =hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj=hM hj=ubah}(h]h ]h"]h$]h&]uh1jXhj=ubeh}(h]h ]h"]h$]h&]uh1j8hj=hM hj<ubj9)}(h,``size_t size`` size of the integrity value h](j?)}(h``size_t size``h]h)}(hj@=h]h size_t size}(hjB=hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj>=ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj:=ubjY)}(hhh]h)}(hsize of the integrity valueh]hsize of the integrity value}(hjY=hhhNhNubah}(h]h ]h"]h$]h&]uh1hhjU=hM hjV=ubah}(h]h ]h"]h$]h&]uh1jXhj:=ubeh}(h]h ]h"]h$]h&]uh1j8hjU=hM hj<ubeh}(h]h ]h"]h$]h&]uh1j3hjp<ubh)}(h**Description**h]j)}(hj{=h]h Description}(hj}=hhhNhNubah}(h]h ]h"]h$]h&]uh1jhjy=ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjp<ubh)}(hRegister a verified integrity measurement of a inode with LSMs. LSMs should free the previously saved data if **value** is NULL.h](hnRegister a verified integrity measurement of a inode with LSMs. LSMs should free the previously saved data if }(hj=hhhNhNubj)}(h **value**h]hvalue}(hj=hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj=ubh is NULL.}(hj=hhhNhNubeh}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjp<ubh)}(h **Return**h]j)}(hj=h]hReturn}(hj=hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj=ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjp<ubh)}(h1Returns 0 on success, negative values on failure.h]h1Returns 0 on success, negative values on failure.}(hj=hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjp<ubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j security_file_ioctl (C function)c.security_file_ioctlhNtauh1jhhhhhNhNubj")}(hhh](j')}(hPint security_file_ioctl (struct file *file, unsigned int cmd, unsigned long arg)h]j-)}(hOint security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg)h](j3)}(hinth]hint}(hj=hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj=hhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMq ubjE)}(h h]h }(hj>hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj=hhhj>hMq ubjV)}(hsecurity_file_ioctlh]j\)}(hsecurity_file_ioctlh]hsecurity_file_ioctl}(hj>hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj>ubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhj=hhhj>hMq ubjw)}(h8(struct file *file, unsigned int cmd, unsigned long arg)h](j})}(hstruct file *fileh](j8)}(hj;h]hstruct}(hj6>hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj2>ubjE)}(h h]h }(hjC>hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj2>ubh)}(hhh]j\)}(hfileh]hfile}(hjT>hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjQ>ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjV>modnameN classnameNjsjv)}jy]j|)}joj>sbc.security_file_ioctlasbuh1hhj2>ubjE)}(h h]h }(hjt>hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj2>ubj)}(hjh]h*}(hj>hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj2>ubj\)}(hfileh]hfile}(hj>hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj2>ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj.>ubj})}(hunsigned int cmdh](j3)}(hunsignedh]hunsigned}(hj>hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj>ubjE)}(h h]h }(hj>hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj>ubj3)}(hinth]hint}(hj>hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj>ubjE)}(h h]h }(hj>hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj>ubj\)}(hcmdh]hcmd}(hj>hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj>ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj.>ubj})}(hunsigned long argh](j3)}(hunsignedh]hunsigned}(hj>hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj>ubjE)}(h h]h }(hj?hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj>ubj3)}(hlongh]hlong}(hj?hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj>ubjE)}(h h]h }(hj#?hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj>ubj\)}(hargh]harg}(hj1?hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj>ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj.>ubeh}(h]h ]h"]h$]h&]jtjuuh1jvhj=hhhj>hMq ubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhj=hhhj>hMq ubah}(h]j=ah ](jjeh"]h$]h&]jj)jhuh1j&hj>hMq hj=hhubj)}(hhh]h)}(hCheck if an ioctl is allowedh]hCheck if an ioctl is allowed}(hj[?hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMq hjX?hhubah}(h]h ]h"]h$]h&]uh1jhj=hhhj>hMq ubeh}(h]h ](jfunctioneh"]h$]h&]j jjjs?jjs?jjjuh1j!hhhhhNhNubj)}(hX**Parameters** ``struct file *file`` associated file ``unsigned int cmd`` ioctl cmd ``unsigned long arg`` ioctl arguments **Description** Check permission for an ioctl operation on **file**. Note that **arg** sometimes represents a user space pointer; in other cases, it may be a simple integer value. When **arg** represents a user space pointer, it should never be used by the security module. **Return** Returns 0 if permission is granted.h](h)}(h**Parameters**h]j)}(hj}?h]h Parameters}(hj?hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj{?ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMu hjw?ubj4)}(hhh](j9)}(h&``struct file *file`` associated file h](j?)}(h``struct file *file``h]h)}(hj?h]hstruct file *file}(hj?hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj?ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMr hj?ubjY)}(hhh]h)}(hassociated fileh]hassociated file}(hj?hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj?hMr hj?ubah}(h]h ]h"]h$]h&]uh1jXhj?ubeh}(h]h ]h"]h$]h&]uh1j8hj?hMr hj?ubj9)}(h``unsigned int cmd`` ioctl cmd h](j?)}(h``unsigned int cmd``h]h)}(hj?h]hunsigned int cmd}(hj?hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj?ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMs hj?ubjY)}(hhh]h)}(h ioctl cmdh]h ioctl cmd}(hj?hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj?hMs hj?ubah}(h]h ]h"]h$]h&]uh1jXhj?ubeh}(h]h ]h"]h$]h&]uh1j8hj?hMs hj?ubj9)}(h&``unsigned long arg`` ioctl arguments h](j?)}(h``unsigned long arg``h]h)}(hj@h]hunsigned long arg}(hj@hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj @ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMt hj@ubjY)}(hhh]h)}(hioctl argumentsh]hioctl arguments}(hj'@hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj#@hMt hj$@ubah}(h]h ]h"]h$]h&]uh1jXhj@ubeh}(h]h ]h"]h$]h&]uh1j8hj#@hMt hj?ubeh}(h]h ]h"]h$]h&]uh1j3hjw?ubh)}(h**Description**h]j)}(hjI@h]h Description}(hjK@hhhNhNubah}(h]h ]h"]h$]h&]uh1jhjG@ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMv hjw?ubh)}(hXCheck permission for an ioctl operation on **file**. Note that **arg** sometimes represents a user space pointer; in other cases, it may be a simple integer value. When **arg** represents a user space pointer, it should never be used by the security module.h](h+Check permission for an ioctl operation on }(hj_@hhhNhNubj)}(h**file**h]hfile}(hjg@hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj_@ubh . Note that }(hj_@hhhNhNubj)}(h**arg**h]harg}(hjy@hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj_@ubhd sometimes represents a user space pointer; in other cases, it may be a simple integer value. When }(hj_@hhhNhNubj)}(h**arg**h]harg}(hj@hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj_@ubhQ represents a user space pointer, it should never be used by the security module.}(hj_@hhhNhNubeh}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMu hjw?ubh)}(h **Return**h]j)}(hj@h]hReturn}(hj@hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj@ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMz hjw?ubh)}(h#Returns 0 if permission is granted.h]h#Returns 0 if permission is granted.}(hj@hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM{ hjw?ubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j'security_file_ioctl_compat (C function)c.security_file_ioctl_compathNtauh1jhhhhhNhNubj")}(hhh](j')}(hWint security_file_ioctl_compat (struct file *file, unsigned int cmd, unsigned long arg)h]j-)}(hVint security_file_ioctl_compat(struct file *file, unsigned int cmd, unsigned long arg)h](j3)}(hinth]hint}(hj@hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj@hhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM ubjE)}(h h]h }(hj@hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj@hhhj@hM ubjV)}(hsecurity_file_ioctl_compath]j\)}(hsecurity_file_ioctl_compath]hsecurity_file_ioctl_compat}(hj AhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjAubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhj@hhhj@hM ubjw)}(h8(struct file *file, unsigned int cmd, unsigned long arg)h](j})}(hstruct file *fileh](j8)}(hj;h]hstruct}(hj(AhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj$AubjE)}(h h]h }(hj5AhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj$Aubh)}(hhh]j\)}(hfileh]hfile}(hjFAhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjCAubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjHAmodnameN classnameNjsjv)}jy]j|)}jojAsbc.security_file_ioctl_compatasbuh1hhj$AubjE)}(h h]h }(hjfAhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj$Aubj)}(hjh]h*}(hjtAhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj$Aubj\)}(hfileh]hfile}(hjAhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj$Aubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj Aubj})}(hunsigned int cmdh](j3)}(hunsignedh]hunsigned}(hjAhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjAubjE)}(h h]h }(hjAhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjAubj3)}(hinth]hint}(hjAhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjAubjE)}(h h]h }(hjAhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjAubj\)}(hcmdh]hcmd}(hjAhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjAubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj Aubj})}(hunsigned long argh](j3)}(hunsignedh]hunsigned}(hjAhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjAubjE)}(h h]h }(hjAhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjAubj3)}(hlongh]hlong}(hjBhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjAubjE)}(h h]h }(hjBhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjAubj\)}(hargh]harg}(hj#BhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjAubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj Aubeh}(h]h ]h"]h$]h&]jtjuuh1jvhj@hhhj@hM ubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhj@hhhj@hM ubah}(h]j@ah ](jjeh"]h$]h&]jj)jhuh1j&hj@hM hj@hhubj)}(hhh]h)}(h+Check if an ioctl is allowed in compat modeh]h+Check if an ioctl is allowed in compat mode}(hjMBhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjJBhhubah}(h]h ]h"]h$]h&]uh1jhj@hhhj@hM ubeh}(h]h ](jfunctioneh"]h$]h&]j jjjeBjjeBjjjuh1j!hhhhhNhNubj)}(hX0**Parameters** ``struct file *file`` associated file ``unsigned int cmd`` ioctl cmd ``unsigned long arg`` ioctl arguments **Description** Compat version of security_file_ioctl() that correctly handles 32-bit processes running on 64-bit kernels. **Return** Returns 0 if permission is granted.h](h)}(h**Parameters**h]j)}(hjoBh]h Parameters}(hjqBhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjmBubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjiBubj4)}(hhh](j9)}(h&``struct file *file`` associated file h](j?)}(h``struct file *file``h]h)}(hjBh]hstruct file *file}(hjBhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjBubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjBubjY)}(hhh]h)}(hassociated fileh]hassociated file}(hjBhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjBhM hjBubah}(h]h ]h"]h$]h&]uh1jXhjBubeh}(h]h ]h"]h$]h&]uh1j8hjBhM hjBubj9)}(h``unsigned int cmd`` ioctl cmd h](j?)}(h``unsigned int cmd``h]h)}(hjBh]hunsigned int cmd}(hjBhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjBubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjBubjY)}(hhh]h)}(h ioctl cmdh]h ioctl cmd}(hjBhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjBhM hjBubah}(h]h ]h"]h$]h&]uh1jXhjBubeh}(h]h ]h"]h$]h&]uh1j8hjBhM hjBubj9)}(h&``unsigned long arg`` ioctl arguments h](j?)}(h``unsigned long arg``h]h)}(hjCh]hunsigned long arg}(hjChhhNhNubah}(h]h ]h"]h$]h&]uh1hhjBubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjBubjY)}(hhh]h)}(hioctl argumentsh]hioctl arguments}(hjChhhNhNubah}(h]h ]h"]h$]h&]uh1hhjChM hjCubah}(h]h ]h"]h$]h&]uh1jXhjBubeh}(h]h ]h"]h$]h&]uh1j8hjChM hjBubeh}(h]h ]h"]h$]h&]uh1j3hjiBubh)}(h**Description**h]j)}(hj;Ch]h Description}(hj=ChhhNhNubah}(h]h ]h"]h$]h&]uh1jhj9Cubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjiBubh)}(hjCompat version of security_file_ioctl() that correctly handles 32-bit processes running on 64-bit kernels.h]hjCompat version of security_file_ioctl() that correctly handles 32-bit processes running on 64-bit kernels.}(hjQChhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjiBubh)}(h **Return**h]j)}(hjbCh]hReturn}(hjdChhhNhNubah}(h]h ]h"]h$]h&]uh1jhj`Cubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjiBubh)}(h#Returns 0 if permission is granted.h]h#Returns 0 if permission is granted.}(hjxChhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjiBubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j$security_file_post_open (C function)c.security_file_post_openhNtauh1jhhhhhNhNubj")}(hhh](j')}(h9int security_file_post_open (struct file *file, int mask)h]j-)}(h8int security_file_post_open(struct file *file, int mask)h](j3)}(hinth]hint}(hjChhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjChhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chML ubjE)}(h h]h }(hjChhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjChhhjChML ubjV)}(hsecurity_file_post_openh]j\)}(hsecurity_file_post_openh]hsecurity_file_post_open}(hjChhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjCubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjChhhjChML ubjw)}(h(struct file *file, int mask)h](j})}(hstruct file *fileh](j8)}(hj;h]hstruct}(hjChhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjCubjE)}(h h]h }(hjChhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjCubh)}(hhh]j\)}(hfileh]hfile}(hjDhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjCubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjDmodnameN classnameNjsjv)}jy]j|)}jojCsbc.security_file_post_openasbuh1hhjCubjE)}(h h]h }(hj"DhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjCubj)}(hjh]h*}(hj0DhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjCubj\)}(hfileh]hfile}(hj=DhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjCubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjCubj})}(hint maskh](j3)}(hinth]hint}(hjVDhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjRDubjE)}(h h]h }(hjdDhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjRDubj\)}(hmaskh]hmask}(hjrDhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjRDubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjCubeh}(h]h ]h"]h$]h&]jtjuuh1jvhjChhhjChML ubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjChhhjChML ubah}(h]jCah ](jjeh"]h$]h&]jj)jhuh1j&hjChML hjChhubj)}(hhh]h)}(h(Evaluate a file after it has been openedh]h(Evaluate a file after it has been opened}(hjDhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chML hjDhhubah}(h]h ]h"]h$]h&]uh1jhjChhhjChML ubeh}(h]h ](jfunctioneh"]h$]h&]j jjjDjjDjjjuh1j!hhhhhNhNubj)}(hX8**Parameters** ``struct file *file`` the file ``int mask`` access mask **Description** Evaluate an opened file and the access mask requested with open(). The hook is useful for LSMs that require the file content to be available in order to make decisions. **Return** Returns 0 if permission is granted.h](h)}(h**Parameters**h]j)}(hjDh]h Parameters}(hjDhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjDubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMP hjDubj4)}(hhh](j9)}(h``struct file *file`` the file h](j?)}(h``struct file *file``h]h)}(hjDh]hstruct file *file}(hjDhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjDubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMM hjDubjY)}(hhh]h)}(hthe fileh]hthe file}(hjDhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjDhMM hjDubah}(h]h ]h"]h$]h&]uh1jXhjDubeh}(h]h ]h"]h$]h&]uh1j8hjDhMM hjDubj9)}(h``int mask`` access mask h](j?)}(h ``int mask``h]h)}(hjEh]hint mask}(hjEhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjEubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMN hjEubjY)}(hhh]h)}(h access maskh]h access mask}(hj/EhhhNhNubah}(h]h ]h"]h$]h&]uh1hhj+EhMN hj,Eubah}(h]h ]h"]h$]h&]uh1jXhjEubeh}(h]h ]h"]h$]h&]uh1j8hj+EhMN hjDubeh}(h]h ]h"]h$]h&]uh1j3hjDubh)}(h**Description**h]j)}(hjQEh]h Description}(hjSEhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjOEubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMP hjDubh)}(hEvaluate an opened file and the access mask requested with open(). The hook is useful for LSMs that require the file content to be available in order to make decisions.h]hEvaluate an opened file and the access mask requested with open(). The hook is useful for LSMs that require the file content to be available in order to make decisions.}(hjgEhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMO hjDubh)}(h **Return**h]j)}(hjxEh]hReturn}(hjzEhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjvEubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMS hjDubh)}(h#Returns 0 if permission is granted.h]h#Returns 0 if permission is granted.}(hjEhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMT hjDubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j#security_cred_getsecid (C function)c.security_cred_getsecidhNtauh1jhhhhhNhNubj")}(hhh](j')}(h>void security_cred_getsecid (const struct cred *c, u32 *secid)h]j-)}(h=void security_cred_getsecid(const struct cred *c, u32 *secid)h](j3)}(hvoidh]hvoid}(hjEhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjEhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM ubjE)}(h h]h }(hjEhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjEhhhjEhM ubjV)}(hsecurity_cred_getsecidh]j\)}(hsecurity_cred_getsecidh]hsecurity_cred_getsecid}(hjEhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjEubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjEhhhjEhM ubjw)}(h"(const struct cred *c, u32 *secid)h](j})}(hconst struct cred *ch](j8)}(hj h]hconst}(hjEhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjEubjE)}(h h]h }(hjFhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjEubj8)}(hj;h]hstruct}(hjFhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjEubjE)}(h h]h }(hj"FhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjEubh)}(hhh]j\)}(hcredh]hcred}(hj3FhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj0Fubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj5FmodnameN classnameNjsjv)}jy]j|)}jojEsbc.security_cred_getsecidasbuh1hhjEubjE)}(h h]h }(hjSFhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjEubj)}(hjh]h*}(hjaFhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjEubj\)}(hjh]hc}(hjnFhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjEubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjEubj})}(h u32 *secidh](h)}(hhh]j\)}(hu32h]hu32}(hjFhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjFubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjFmodnameN classnameNjsjv)}jy]jOFc.security_cred_getsecidasbuh1hhjFubjE)}(h h]h }(hjFhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjFubj)}(hjh]h*}(hjFhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjFubj\)}(hsecidh]hsecid}(hjFhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjFubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjEubeh}(h]h ]h"]h$]h&]jtjuuh1jvhjEhhhjEhM ubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjEhhhjEhM ubah}(h]jEah ](jjeh"]h$]h&]jj)jhuh1j&hjEhM hjEhhubj)}(hhh]h)}(h'Get the secid from a set of credentialsh]h'Get the secid from a set of credentials}(hjFhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjFhhubah}(h]h ]h"]h$]h&]uh1jhjEhhhjEhM ubeh}(h]h ](jfunctioneh"]h$]h&]j jjjGjjGjjjuh1j!hhhhhNhNubj)}(h**Parameters** ``const struct cred *c`` credentials ``u32 *secid`` secid value **Description** Retrieve the security identifier of the cred structure **c**. In case of failure, **secid** will be set to zero.h](h)}(h**Parameters**h]j)}(hjGh]h Parameters}(hjGhhhNhNubah}(h]h ]h"]h$]h&]uh1jhj Gubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjGubj4)}(hhh](j9)}(h%``const struct cred *c`` credentials h](j?)}(h``const struct cred *c``h]h)}(hj-Gh]hconst struct cred *c}(hj/GhhhNhNubah}(h]h ]h"]h$]h&]uh1hhj+Gubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj'GubjY)}(hhh]h)}(h credentialsh]h credentials}(hjFGhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjBGhM hjCGubah}(h]h ]h"]h$]h&]uh1jXhj'Gubeh}(h]h ]h"]h$]h&]uh1j8hjBGhM hj$Gubj9)}(h``u32 *secid`` secid value h](j?)}(h``u32 *secid``h]h)}(hjfGh]h u32 *secid}(hjhGhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjdGubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj`GubjY)}(hhh]h)}(h secid valueh]h secid value}(hjGhhhNhNubah}(h]h ]h"]h$]h&]uh1hhj{GhM hj|Gubah}(h]h ]h"]h$]h&]uh1jXhj`Gubeh}(h]h ]h"]h$]h&]uh1j8hj{GhM hj$Gubeh}(h]h ]h"]h$]h&]uh1j3hjGubh)}(h**Description**h]j)}(hjGh]h Description}(hjGhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjGubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjGubh)}(hqRetrieve the security identifier of the cred structure **c**. In case of failure, **secid** will be set to zero.h](h7Retrieve the security identifier of the cred structure }(hjGhhhNhNubj)}(h**c**h]hc}(hjGhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjGubh. In case of failure, }(hjGhhhNhNubj)}(h **secid**h]hsecid}(hjGhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjGubh will be set to zero.}(hjGhhhNhNubeh}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjGubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j%security_cred_getlsmprop (C function)c.security_cred_getlsmprophNtauh1jhhhhhNhNubj")}(hhh](j')}(hKvoid security_cred_getlsmprop (const struct cred *c, struct lsm_prop *prop)h]j-)}(hJvoid security_cred_getlsmprop(const struct cred *c, struct lsm_prop *prop)h](j3)}(hvoidh]hvoid}(hj HhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjHhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM ubjE)}(h h]h }(hjHhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjHhhhjHhM ubjV)}(hsecurity_cred_getlsmproph]j\)}(hsecurity_cred_getlsmproph]hsecurity_cred_getlsmprop}(hj+HhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj'Hubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjHhhhjHhM ubjw)}(h-(const struct cred *c, struct lsm_prop *prop)h](j})}(hconst struct cred *ch](j8)}(hj h]hconst}(hjGHhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjCHubjE)}(h h]h }(hjTHhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjCHubj8)}(hj;h]hstruct}(hjbHhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjCHubjE)}(h h]h }(hjoHhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjCHubh)}(hhh]j\)}(hcredh]hcred}(hjHhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj}Hubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjHmodnameN classnameNjsjv)}jy]j|)}joj-Hsbc.security_cred_getlsmpropasbuh1hhjCHubjE)}(h h]h }(hjHhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjCHubj)}(hjh]h*}(hjHhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjCHubj\)}(hjh]hc}(hjHhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjCHubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj?Hubj})}(hstruct lsm_prop *proph](j8)}(hj;h]hstruct}(hjHhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjHubjE)}(h h]h }(hjHhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjHubh)}(hhh]j\)}(hlsm_proph]hlsm_prop}(hjHhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjHubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjHmodnameN classnameNjsjv)}jy]jHc.security_cred_getlsmpropasbuh1hhjHubjE)}(h h]h }(hjIhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjHubj)}(hjh]h*}(hjIhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjHubj\)}(hproph]hprop}(hj*IhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjHubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj?Hubeh}(h]h ]h"]h$]h&]jtjuuh1jvhjHhhhjHhM ubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjHhhhjHhM ubah}(h]jGah ](jjeh"]h$]h&]jj)jhuh1j&hjHhM hjGhhubj)}(hhh]h)}(h*Get the LSM data from a set of credentialsh]h*Get the LSM data from a set of credentials}(hjTIhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjQIhhubah}(h]h ]h"]h$]h&]uh1jhjGhhhjHhM ubeh}(h]h ](jfunctioneh"]h$]h&]j jjjlIjjlIjjjuh1j!hhhhhNhNubj)}(h**Parameters** ``const struct cred *c`` credentials ``struct lsm_prop *prop`` destination for the LSM data **Description** Retrieve the security data of the cred structure **c**. In case of failure, **prop** will be cleared.h](h)}(h**Parameters**h]j)}(hjvIh]h Parameters}(hjxIhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjtIubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjpIubj4)}(hhh](j9)}(h%``const struct cred *c`` credentials h](j?)}(h``const struct cred *c``h]h)}(hjIh]hconst struct cred *c}(hjIhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjIubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjIubjY)}(hhh]h)}(h credentialsh]h credentials}(hjIhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjIhM hjIubah}(h]h ]h"]h$]h&]uh1jXhjIubeh}(h]h ]h"]h$]h&]uh1j8hjIhM hjIubj9)}(h7``struct lsm_prop *prop`` destination for the LSM data h](j?)}(h``struct lsm_prop *prop``h]h)}(hjIh]hstruct lsm_prop *prop}(hjIhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjIubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjIubjY)}(hhh]h)}(hdestination for the LSM datah]hdestination for the LSM data}(hjIhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjIhM hjIubah}(h]h ]h"]h$]h&]uh1jXhjIubeh}(h]h ]h"]h$]h&]uh1j8hjIhM hjIubeh}(h]h ]h"]h$]h&]uh1j3hjpIubh)}(h**Description**h]j)}(hj Jh]h Description}(hj JhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjJubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjpIubh)}(hfRetrieve the security data of the cred structure **c**. In case of failure, **prop** will be cleared.h](h1Retrieve the security data of the cred structure }(hjJhhhNhNubj)}(h**c**h]hc}(hj'JhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjJubh. In case of failure, }(hjJhhhNhNubj)}(h**prop**h]hprop}(hj9JhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjJubh will be cleared.}(hjJhhhNhNubeh}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjpIubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j&security_kernel_read_file (C function)c.security_kernel_read_filehNtauh1jhhhhhNhNubj")}(hhh](j')}(h]int security_kernel_read_file (struct file *file, enum kernel_read_file_id id, bool contents)h]j-)}(h\int security_kernel_read_file(struct file *file, enum kernel_read_file_id id, bool contents)h](j3)}(hinth]hint}(hjrJhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjnJhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM* ubjE)}(h h]h }(hjJhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjnJhhhjJhM* ubjV)}(hsecurity_kernel_read_fileh]j\)}(hsecurity_kernel_read_fileh]hsecurity_kernel_read_file}(hjJhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjJubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjnJhhhjJhM* ubjw)}(h?(struct file *file, enum kernel_read_file_id id, bool contents)h](j})}(hstruct file *fileh](j8)}(hj;h]hstruct}(hjJhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjJubjE)}(h h]h }(hjJhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjJubh)}(hhh]j\)}(hfileh]hfile}(hjJhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjJubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjJmodnameN classnameNjsjv)}jy]j|)}jojJsbc.security_kernel_read_fileasbuh1hhjJubjE)}(h h]h }(hjJhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjJubj)}(hjh]h*}(hjJhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjJubj\)}(hfileh]hfile}(hjKhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjJubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjJubj})}(henum kernel_read_file_id idh](j8)}(hj<;h]henum}(hj!KhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjKubjE)}(h h]h }(hj.KhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjKubh)}(hhh]j\)}(hkernel_read_file_idh]hkernel_read_file_id}(hj?KhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM+ hjLubjY)}(hhh]h)}(hfileh]hfile}(hj$LhhhNhNubah}(h]h ]h"]h$]h&]uh1hhj LhM+ hj!Lubah}(h]h ]h"]h$]h&]uh1jXhjLubeh}(h]h ]h"]h$]h&]uh1j8hj LhM+ hjLubj9)}(h0``enum kernel_read_file_id id`` file identifier h](j?)}(h``enum kernel_read_file_id id``h]h)}(hjDLh]henum kernel_read_file_id id}(hjFLhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjBLubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM, hj>LubjY)}(hhh]h)}(hfile identifierh]hfile identifier}(hj]LhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjYLhM, hjZLubah}(h]h ]h"]h$]h&]uh1jXhj>Lubeh}(h]h ]h"]h$]h&]uh1j8hjYLhM, hjLubj9)}(hK``bool contents`` trust if security_kernel_post_read_file() will be called h](j?)}(h``bool contents``h]h)}(hj}Lh]h bool contents}(hjLhhhNhNubah}(h]h ]h"]h$]h&]uh1hhj{Lubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM- hjwLubjY)}(hhh]h)}(h8trust if security_kernel_post_read_file() will be calledh]h8trust if security_kernel_post_read_file() will be called}(hjLhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjLhM- hjLubah}(h]h ]h"]h$]h&]uh1jXhjwLubeh}(h]h ]h"]h$]h&]uh1j8hjLhM- hjLubeh}(h]h ]h"]h$]h&]uh1j3hjKubh)}(h**Description**h]j)}(hjLh]h Description}(hjLhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjLubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM/ hjKubh)}(h#Read a file specified by userspace.h]h#Read a file specified by userspace.}(hjLhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM. hjKubh)}(h **Return**h]j)}(hjLh]hReturn}(hjLhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjLubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM0 hjKubh)}(h#Returns 0 if permission is granted.h]h#Returns 0 if permission is granted.}(hjLhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM1 hjKubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j+security_kernel_post_read_file (C function) c.security_kernel_post_read_filehNtauh1jhhhhhNhNubj")}(hhh](j')}(hkint security_kernel_post_read_file (struct file *file, char *buf, loff_t size, enum kernel_read_file_id id)h]j-)}(hjint security_kernel_post_read_file(struct file *file, char *buf, loff_t size, enum kernel_read_file_id id)h](j3)}(hinth]hint}(hj$MhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj Mhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM; ubjE)}(h h]h }(hj3MhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj Mhhhj2MhM; ubjV)}(hsecurity_kernel_post_read_fileh]j\)}(hsecurity_kernel_post_read_fileh]hsecurity_kernel_post_read_file}(hjEMhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjAMubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhj Mhhhj2MhM; ubjw)}(hH(struct file *file, char *buf, loff_t size, enum kernel_read_file_id id)h](j})}(hstruct file *fileh](j8)}(hj;h]hstruct}(hjaMhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj]MubjE)}(h h]h }(hjnMhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj]Mubh)}(hhh]j\)}(hfileh]hfile}(hjMhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj|Mubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjMmodnameN classnameNjsjv)}jy]j|)}jojGMsb c.security_kernel_post_read_fileasbuh1hhj]MubjE)}(h h]h }(hjMhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj]Mubj)}(hjh]h*}(hjMhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj]Mubj\)}(hfileh]hfile}(hjMhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj]Mubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjYMubj})}(h char *bufh](j3)}(hcharh]hchar}(hjMhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjMubjE)}(h h]h }(hjMhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjMubj)}(hjh]h*}(hjMhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjMubj\)}(hbufh]hbuf}(hjMhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjMubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjYMubj})}(h loff_t sizeh](h)}(hhh]j\)}(hloff_th]hloff_t}(hjNhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjNubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjNmodnameN classnameNjsjv)}jy]jM c.security_kernel_post_read_fileasbuh1hhjNubjE)}(h h]h }(hj6NhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjNubj\)}(hsizeh]hsize}(hjDNhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjNubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjYMubj})}(henum kernel_read_file_id idh](j8)}(hj<;h]henum}(hj]NhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjYNubjE)}(h h]h }(hjjNhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjYNubh)}(hhh]j\)}(hkernel_read_file_idh]hkernel_read_file_id}(hj{NhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjxNubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj}NmodnameN classnameNjsjv)}jy]jM c.security_kernel_post_read_fileasbuh1hhjYNubjE)}(h h]h }(hjNhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjYNubj\)}(hidh]hid}(hjNhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjYNubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjYMubeh}(h]h ]h"]h$]h&]jtjuuh1jvhj Mhhhj2MhM; ubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjMhhhj2MhM; ubah}(h]jMah ](jjeh"]h$]h&]jj)jhuh1j&hj2MhM; hjMhhubj)}(hhh]h)}(h"Read a file specified by userspaceh]h"Read a file specified by userspace}(hjNhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM; hjNhhubah}(h]h ]h"]h$]h&]uh1jhjMhhhj2MhM; ubeh}(h]h ](jfunctioneh"]h$]h&]j jjjNjjNjjjuh1j!hhhhhNhNubj)}(hX**Parameters** ``struct file *file`` file ``char *buf`` file contents ``loff_t size`` size of file contents ``enum kernel_read_file_id id`` file identifier **Description** Read a file specified by userspace. This must be paired with a prior call to security_kernel_read_file() call that indicated this hook would also be called, see security_kernel_read_file() for more information. **Return** Returns 0 if permission is granted.h](h)}(h**Parameters**h]j)}(hjNh]h Parameters}(hjNhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM? hjNubj4)}(hhh](j9)}(h``struct file *file`` file h](j?)}(h``struct file *file``h]h)}(hjOh]hstruct file *file}(hjOhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjOubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM< hj OubjY)}(hhh]h)}(hfileh]hfile}(hj+OhhhNhNubah}(h]h ]h"]h$]h&]uh1hhj'OhM< hj(Oubah}(h]h ]h"]h$]h&]uh1jXhj Oubeh}(h]h ]h"]h$]h&]uh1j8hj'OhM< hj Oubj9)}(h``char *buf`` file contents h](j?)}(h ``char *buf``h]h)}(hjKOh]h char *buf}(hjMOhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjIOubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM= hjEOubjY)}(hhh]h)}(h file contentsh]h file contents}(hjdOhhhNhNubah}(h]h ]h"]h$]h&]uh1hhj`OhM= hjaOubah}(h]h ]h"]h$]h&]uh1jXhjEOubeh}(h]h ]h"]h$]h&]uh1j8hj`OhM= hj Oubj9)}(h&``loff_t size`` size of file contents h](j?)}(h``loff_t size``h]h)}(hjOh]h loff_t size}(hjOhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjOubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM> hj~OubjY)}(hhh]h)}(hsize of file contentsh]hsize of file contents}(hjOhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjOhM> hjOubah}(h]h ]h"]h$]h&]uh1jXhj~Oubeh}(h]h ]h"]h$]h&]uh1j8hjOhM> hj Oubj9)}(h0``enum kernel_read_file_id id`` file identifier h](j?)}(h``enum kernel_read_file_id id``h]h)}(hjOh]henum kernel_read_file_id id}(hjOhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjOubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM? hjOubjY)}(hhh]h)}(hfile identifierh]hfile identifier}(hjOhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjOhM? hjOubah}(h]h ]h"]h$]h&]uh1jXhjOubeh}(h]h ]h"]h$]h&]uh1j8hjOhM? hj Oubeh}(h]h ]h"]h$]h&]uh1j3hjNubh)}(h**Description**h]j)}(hjOh]h Description}(hjOhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjOubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMA hjNubh)}(hRead a file specified by userspace. This must be paired with a prior call to security_kernel_read_file() call that indicated this hook would also be called, see security_kernel_read_file() for more information.h]hRead a file specified by userspace. This must be paired with a prior call to security_kernel_read_file() call that indicated this hook would also be called, see security_kernel_read_file() for more information.}(hjPhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM@ hjNubh)}(h **Return**h]j)}(hjPh]hReturn}(hj!PhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjPubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMD hjNubh)}(h#Returns 0 if permission is granted.h]h#Returns 0 if permission is granted.}(hj5PhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chME hjNubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j&security_kernel_load_data (C function)c.security_kernel_load_datahNtauh1jhhhhhNhNubj")}(hhh](j')}(hJint security_kernel_load_data (enum kernel_load_data_id id, bool contents)h]j-)}(hIint security_kernel_load_data(enum kernel_load_data_id id, bool contents)h](j3)}(hinth]hint}(hjdPhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj`Phhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMO ubjE)}(h h]h }(hjsPhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj`PhhhjrPhMO ubjV)}(hsecurity_kernel_load_datah]j\)}(hsecurity_kernel_load_datah]hsecurity_kernel_load_data}(hjPhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjPubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhj`PhhhjrPhMO ubjw)}(h,(enum kernel_load_data_id id, bool contents)h](j})}(henum kernel_load_data_id idh](j8)}(hj<;h]henum}(hjPhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjPubjE)}(h h]h }(hjPhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjPubh)}(hhh]j\)}(hkernel_load_data_idh]hkernel_load_data_id}(hjPhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjPubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjPmodnameN classnameNjsjv)}jy]j|)}jojPsbc.security_kernel_load_dataasbuh1hhjPubjE)}(h h]h }(hjPhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjPubj\)}(hidh]hid}(hjPhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjPubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjPubj})}(h bool contentsh](j3)}(hjKh]hbool}(hjQhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjQubjE)}(h h]h }(hjQhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjQubj\)}(hcontentsh]hcontents}(hj!QhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjQubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjPubeh}(h]h ]h"]h$]h&]jtjuuh1jvhj`PhhhjrPhMO ubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhj\PhhhjrPhMO ubah}(h]jWPah ](jjeh"]h$]h&]jj)jhuh1j&hjrPhMO hjYPhhubj)}(hhh]h)}(hLoad data provided by userspaceh]hLoad data provided by userspace}(hjKQhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMO hjHQhhubah}(h]h ]h"]h$]h&]uh1jhjYPhhhjrPhMO ubeh}(h]h ](jfunctioneh"]h$]h&]j jjjcQjjcQjjjuh1j!hhhhhNhNubj)}(h**Parameters** ``enum kernel_load_data_id id`` data identifier ``bool contents`` true if security_kernel_post_load_data() will be called **Description** Load data provided by userspace. **Return** Returns 0 if permission is granted.h](h)}(h**Parameters**h]j)}(hjmQh]h Parameters}(hjoQhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjkQubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMS hjgQubj4)}(hhh](j9)}(h0``enum kernel_load_data_id id`` data identifier h](j?)}(h``enum kernel_load_data_id id``h]h)}(hjQh]henum kernel_load_data_id id}(hjQhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjQubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMP hjQubjY)}(hhh]h)}(hdata identifierh]hdata identifier}(hjQhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjQhMP hjQubah}(h]h ]h"]h$]h&]uh1jXhjQubeh}(h]h ]h"]h$]h&]uh1j8hjQhMP hjQubj9)}(hJ``bool contents`` true if security_kernel_post_load_data() will be called h](j?)}(h``bool contents``h]h)}(hjQh]h bool contents}(hjQhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjQubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMQ hjQubjY)}(hhh]h)}(h7true if security_kernel_post_load_data() will be calledh]h7true if security_kernel_post_load_data() will be called}(hjQhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjQhMQ hjQubah}(h]h ]h"]h$]h&]uh1jXhjQubeh}(h]h ]h"]h$]h&]uh1j8hjQhMQ hjQubeh}(h]h ]h"]h$]h&]uh1j3hjgQubh)}(h**Description**h]j)}(hjRh]h Description}(hjRhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjQubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMS hjgQubh)}(h Load data provided by userspace.h]h Load data provided by userspace.}(hjRhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMR hjgQubh)}(h **Return**h]j)}(hj'Rh]hReturn}(hj)RhhhNhNubah}(h]h ]h"]h$]h&]uh1jhj%Rubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMT hjgQubh)}(h#Returns 0 if permission is granted.h]h#Returns 0 if permission is granted.}(hj=RhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMU hjgQubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j+security_kernel_post_load_data (C function) c.security_kernel_post_load_datahNtauh1jhhhhhNhNubj")}(hhh](j')}(hkint security_kernel_post_load_data (char *buf, loff_t size, enum kernel_load_data_id id, char *description)h]j-)}(hjint security_kernel_post_load_data(char *buf, loff_t size, enum kernel_load_data_id id, char *description)h](j3)}(hinth]hint}(hjlRhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjhRhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM^ ubjE)}(h h]h }(hj{RhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjhRhhhjzRhM^ ubjV)}(hsecurity_kernel_post_load_datah]j\)}(hsecurity_kernel_post_load_datah]hsecurity_kernel_post_load_data}(hjRhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjRubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjhRhhhjzRhM^ ubjw)}(hH(char *buf, loff_t size, enum kernel_load_data_id id, char *description)h](j})}(h char *bufh](j3)}(hcharh]hchar}(hjRhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjRubjE)}(h h]h }(hjRhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjRubj)}(hjh]h*}(hjRhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjRubj\)}(hbufh]hbuf}(hjRhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjRubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjRubj})}(h loff_t sizeh](h)}(hhh]j\)}(hloff_th]hloff_t}(hjRhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjRubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjRmodnameN classnameNjsjv)}jy]j|)}jojRsb c.security_kernel_post_load_dataasbuh1hhjRubjE)}(h h]h }(hjShhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjRubj\)}(hsizeh]hsize}(hjShhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjRubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjRubj})}(henum kernel_load_data_id idh](j8)}(hj<;h]henum}(hj5ShhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj1SubjE)}(h h]h }(hjBShhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj1Subh)}(hhh]j\)}(hkernel_load_data_idh]hkernel_load_data_id}(hjSShhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjPSubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjUSmodnameN classnameNjsjv)}jy]j S c.security_kernel_post_load_dataasbuh1hhj1SubjE)}(h h]h }(hjqShhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj1Subj\)}(hidh]hid}(hjShhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj1Subeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjRubj})}(hchar *descriptionh](j3)}(hcharh]hchar}(hjShhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjSubjE)}(h h]h }(hjShhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjSubj)}(hjh]h*}(hjShhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjSubj\)}(h descriptionh]h description}(hjShhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjSubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjRubeh}(h]h ]h"]h$]h&]jtjuuh1jvhjhRhhhjzRhM^ ubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjdRhhhjzRhM^ ubah}(h]j_Rah ](jjeh"]h$]h&]jj)jhuh1j&hjzRhM^ hjaRhhubj)}(hhh]h)}(h*Load userspace data from a non-file sourceh]h*Load userspace data from a non-file source}(hjShhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM^ hjShhubah}(h]h ]h"]h$]h&]uh1jhjaRhhhjzRhM^ ubeh}(h]h ](jfunctioneh"]h$]h&]j jjjTjjTjjjuh1j!hhhhhNhNubj)}(hX**Parameters** ``char *buf`` data ``loff_t size`` size of data ``enum kernel_load_data_id id`` data identifier ``char *description`` text description of data, specific to the id value **Description** Load data provided by a non-file source (usually userspace buffer). This must be paired with a prior security_kernel_load_data() call that indicated this hook would also be called, see security_kernel_load_data() for more information. **Return** Returns 0 if permission is granted.h](h)}(h**Parameters**h]j)}(hj Th]h Parameters}(hjThhhNhNubah}(h]h ]h"]h$]h&]uh1jhj Tubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMb hjTubj4)}(hhh](j9)}(h``char *buf`` data h](j?)}(h ``char *buf``h]h)}(hj,Th]h char *buf}(hj.ThhhNhNubah}(h]h ]h"]h$]h&]uh1hhj*Tubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM_ hj&TubjY)}(hhh]h)}(hdatah]hdata}(hjEThhhNhNubah}(h]h ]h"]h$]h&]uh1hhjAThM_ hjBTubah}(h]h ]h"]h$]h&]uh1jXhj&Tubeh}(h]h ]h"]h$]h&]uh1j8hjAThM_ hj#Tubj9)}(h``loff_t size`` size of data h](j?)}(h``loff_t size``h]h)}(hjeTh]h loff_t size}(hjgThhhNhNubah}(h]h ]h"]h$]h&]uh1hhjcTubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM` hj_TubjY)}(hhh]h)}(h size of datah]h size of data}(hj~ThhhNhNubah}(h]h ]h"]h$]h&]uh1hhjzThM` hj{Tubah}(h]h ]h"]h$]h&]uh1jXhj_Tubeh}(h]h ]h"]h$]h&]uh1j8hjzThM` hj#Tubj9)}(h0``enum kernel_load_data_id id`` data identifier h](j?)}(h``enum kernel_load_data_id id``h]h)}(hjTh]henum kernel_load_data_id id}(hjThhhNhNubah}(h]h ]h"]h$]h&]uh1hhjTubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMa hjTubjY)}(hhh]h)}(hdata identifierh]hdata identifier}(hjThhhNhNubah}(h]h ]h"]h$]h&]uh1hhjThMa hjTubah}(h]h ]h"]h$]h&]uh1jXhjTubeh}(h]h ]h"]h$]h&]uh1j8hjThMa hj#Tubj9)}(hI``char *description`` text description of data, specific to the id value h](j?)}(h``char *description``h]h)}(hjTh]hchar *description}(hjThhhNhNubah}(h]h ]h"]h$]h&]uh1hhjTubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMb hjTubjY)}(hhh]h)}(h2text description of data, specific to the id valueh]h2text description of data, specific to the id value}(hjThhhNhNubah}(h]h ]h"]h$]h&]uh1hhjThMb hjTubah}(h]h ]h"]h$]h&]uh1jXhjTubeh}(h]h ]h"]h$]h&]uh1j8hjThMb hj#Tubeh}(h]h ]h"]h$]h&]uh1j3hjTubh)}(h**Description**h]j)}(hjUh]h Description}(hjUhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjUubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMd hjTubh)}(hLoad data provided by a non-file source (usually userspace buffer). This must be paired with a prior security_kernel_load_data() call that indicated this hook would also be called, see security_kernel_load_data() for more information.h]hLoad data provided by a non-file source (usually userspace buffer). This must be paired with a prior security_kernel_load_data() call that indicated this hook would also be called, see security_kernel_load_data() for more information.}(hj(UhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMc hjTubh)}(h **Return**h]j)}(hj9Uh]hReturn}(hj;UhhhNhNubah}(h]h ]h"]h$]h&]uh1jhj7Uubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMh hjTubh)}(h#Returns 0 if permission is granted.h]h#Returns 0 if permission is granted.}(hjOUhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMi hjTubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j-security_current_getlsmprop_subj (C function)"c.security_current_getlsmprop_subjhNtauh1jhhhhhNhNubj")}(hhh](j')}(h=void security_current_getlsmprop_subj (struct lsm_prop *prop)h]j-)}(hVhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj;Vhhubah}(h]h ]h"]h$]h&]uh1jhjsUhhhjUhM ubeh}(h]h ](jfunctioneh"]h$]h&]j jjjVVjjVVjjjuh1j!hhhhhNhNubj)}(h**Parameters** ``struct lsm_prop *prop`` lsm specific information **Description** Retrieve the subjective security identifier of the current task and return it in **prop**.h](h)}(h**Parameters**h]j)}(hj`Vh]h Parameters}(hjbVhhhNhNubah}(h]h ]h"]h$]h&]uh1jhj^Vubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjZVubj4)}(hhh]j9)}(h3``struct lsm_prop *prop`` lsm specific information h](j?)}(h``struct lsm_prop *prop``h]h)}(hjVh]hstruct lsm_prop *prop}(hjVhhhNhNubah}(h]h ]h"]h$]h&]uh1hhj}Vubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjyVubjY)}(hhh]h)}(hlsm specific informationh]hlsm specific information}(hjVhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjVhM hjVubah}(h]h ]h"]h$]h&]uh1jXhjyVubeh}(h]h ]h"]h$]h&]uh1j8hjVhM hjvVubah}(h]h ]h"]h$]h&]uh1j3hjZVubh)}(h**Description**h]j)}(hjVh]h Description}(hjVhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjVubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjZVubh)}(hZRetrieve the subjective security identifier of the current task and return it in **prop**.h](hQRetrieve the subjective security identifier of the current task and return it in }(hjVhhhNhNubj)}(h**prop**h]hprop}(hjVhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjVubh.}(hjVhhhNhNubeh}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjZVubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j)security_task_getlsmprop_obj (C function)c.security_task_getlsmprop_objhNtauh1jhhhhhNhNubj")}(hhh](j')}(hPvoid security_task_getlsmprop_obj (struct task_struct *p, struct lsm_prop *prop)h]j-)}(hOvoid security_task_getlsmprop_obj(struct task_struct *p, struct lsm_prop *prop)h](j3)}(hvoidh]hvoid}(hjWhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj Whhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM ubjE)}(h h]h }(hj WhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj WhhhjWhM ubjV)}(hsecurity_task_getlsmprop_objh]j\)}(hsecurity_task_getlsmprop_objh]hsecurity_task_getlsmprop_obj}(hj2WhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj.Wubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhj WhhhjWhM ubjw)}(h.(struct task_struct *p, struct lsm_prop *prop)h](j})}(hstruct task_struct *ph](j8)}(hj;h]hstruct}(hjNWhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjJWubjE)}(h h]h }(hj[WhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjJWubh)}(hhh]j\)}(h task_structh]h task_struct}(hjlWhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjiWubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjnWmodnameN classnameNjsjv)}jy]j|)}joj4Wsbc.security_task_getlsmprop_objasbuh1hhjJWubjE)}(h h]h }(hjWhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjJWubj)}(hjh]h*}(hjWhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjJWubj\)}(hjh]hp}(hjWhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjJWubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjFWubj})}(hstruct lsm_prop *proph](j8)}(hj;h]hstruct}(hjWhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjWubjE)}(h h]h }(hjWhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjWubh)}(hhh]j\)}(hlsm_proph]hlsm_prop}(hjWhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjWubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjWmodnameN classnameNjsjv)}jy]jWc.security_task_getlsmprop_objasbuh1hhjWubjE)}(h h]h }(hjWhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjWubj)}(hjh]h*}(hj XhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjWubj\)}(hproph]hprop}(hjXhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjWubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjFWubeh}(h]h ]h"]h$]h&]jtjuuh1jvhj WhhhjWhM ubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhj WhhhjWhM ubah}(h]jWah ](jjeh"]h$]h&]jj)jhuh1j&hjWhM hjWhhubj)}(hhh]h)}(hGet a task's objective LSM datah]h!Get a task’s objective LSM data}(hj@XhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj=Xhhubah}(h]h ]h"]h$]h&]uh1jhjWhhhjWhM ubeh}(h]h ](jfunctioneh"]h$]h&]j jjjXXjjXXjjjuh1j!hhhhhNhNubj)}(h**Parameters** ``struct task_struct *p`` target task ``struct lsm_prop *prop`` lsm specific information **Description** Retrieve the objective security identifier of the task_struct in **p** and return it in **prop**.h](h)}(h**Parameters**h]j)}(hjbXh]h Parameters}(hjdXhhhNhNubah}(h]h ]h"]h$]h&]uh1jhj`Xubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj\Xubj4)}(hhh](j9)}(h&``struct task_struct *p`` target task h](j?)}(h``struct task_struct *p``h]h)}(hjXh]hstruct task_struct *p}(hjXhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjXubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj{XubjY)}(hhh]h)}(h target taskh]h target task}(hjXhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjXhM hjXubah}(h]h ]h"]h$]h&]uh1jXhj{Xubeh}(h]h ]h"]h$]h&]uh1j8hjXhM hjxXubj9)}(h3``struct lsm_prop *prop`` lsm specific information h](j?)}(h``struct lsm_prop *prop``h]h)}(hjXh]hstruct lsm_prop *prop}(hjXhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjXubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjXubjY)}(hhh]h)}(hlsm specific informationh]hlsm specific information}(hjXhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjXhM hjXubah}(h]h ]h"]h$]h&]uh1jXhjXubeh}(h]h ]h"]h$]h&]uh1j8hjXhM hjxXubeh}(h]h ]h"]h$]h&]uh1j3hj\Xubh)}(h**Description**h]j)}(hjXh]h Description}(hjXhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjXubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj\Xubh)}(haRetrieve the objective security identifier of the task_struct in **p** and return it in **prop**.h](hARetrieve the objective security identifier of the task_struct in }(hj YhhhNhNubj)}(h**p**h]hp}(hjYhhhNhNubah}(h]h ]h"]h$]h&]uh1jhj Yubh and return it in }(hj YhhhNhNubj)}(h**prop**h]hprop}(hj%YhhhNhNubah}(h]h ]h"]h$]h&]uh1jhj Yubh.}(hj YhhhNhNubeh}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj\Xubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j#security_d_instantiate (C function)c.security_d_instantiatehNtauh1jhhhhhNhNubj")}(hhh](j')}(hHvoid security_d_instantiate (struct dentry *dentry, struct inode *inode)h]j-)}(hGvoid security_d_instantiate(struct dentry *dentry, struct inode *inode)h](j3)}(hvoidh]hvoid}(hj^YhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjZYhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hjmYhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjZYhhhjlYhMubjV)}(hsecurity_d_instantiateh]j\)}(hsecurity_d_instantiateh]hsecurity_d_instantiate}(hjYhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj{Yubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjZYhhhjlYhMubjw)}(h,(struct dentry *dentry, struct inode *inode)h](j})}(hstruct dentry *dentryh](j8)}(hj;h]hstruct}(hjYhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjYubjE)}(h h]h }(hjYhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjYubh)}(hhh]j\)}(hdentryh]hdentry}(hjYhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjYubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjYmodnameN classnameNjsjv)}jy]j|)}jojYsbc.security_d_instantiateasbuh1hhjYubjE)}(h h]h }(hjYhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjYubj)}(hjh]h*}(hjYhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjYubj\)}(hdentryh]hdentry}(hjYhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjYubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjYubj})}(hstruct inode *inodeh](j8)}(hj;h]hstruct}(hj ZhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj ZubjE)}(h h]h }(hjZhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj Zubh)}(hhh]j\)}(hinodeh]hinode}(hj+ZhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj(Zubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj-ZmodnameN classnameNjsjv)}jy]jYc.security_d_instantiateasbuh1hhj ZubjE)}(h h]h }(hjIZhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj Zubj)}(hjh]h*}(hjWZhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj Zubj\)}(hinodeh]hinode}(hjdZhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj Zubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjYubeh}(h]h ]h"]h$]h&]jtjuuh1jvhjZYhhhjlYhMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjVYhhhjlYhMubah}(h]jQYah ](jjeh"]h$]h&]jj)jhuh1j&hjlYhMhjSYhhubj)}(hhh]h)}(h/Populate an inode's LSM state based on a dentryh]h1Populate an inode’s LSM state based on a dentry}(hjZhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjZhhubah}(h]h ]h"]h$]h&]uh1jhjSYhhhjlYhMubeh}(h]h ](jfunctioneh"]h$]h&]j jjjZjjZjjjuh1j!hhhhhNhNubj)}(h**Parameters** ``struct dentry *dentry`` dentry ``struct inode *inode`` inode **Description** Fill in **inode** security information for a **dentry** if allowed.h](h)}(h**Parameters**h]j)}(hjZh]h Parameters}(hjZhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjZubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjZubj4)}(hhh](j9)}(h!``struct dentry *dentry`` dentry h](j?)}(h``struct dentry *dentry``h]h)}(hjZh]hstruct dentry *dentry}(hjZhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjZubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjZubjY)}(hhh]h)}(hdentryh]hdentry}(hjZhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjZhMhjZubah}(h]h ]h"]h$]h&]uh1jXhjZubeh}(h]h ]h"]h$]h&]uh1j8hjZhMhjZubj9)}(h``struct inode *inode`` inode h](j?)}(h``struct inode *inode``h]h)}(hj[h]hstruct inode *inode}(hj [hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj[ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj[ubjY)}(hhh]h)}(hinodeh]hinode}(hj![hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj[hMhj[ubah}(h]h ]h"]h$]h&]uh1jXhj[ubeh}(h]h ]h"]h$]h&]uh1j8hj[hMhjZubeh}(h]h ]h"]h$]h&]uh1j3hjZubh)}(h**Description**h]j)}(hjC[h]h Description}(hjE[hhhNhNubah}(h]h ]h"]h$]h&]uh1jhjA[ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjZubh)}(hCFill in **inode** security information for a **dentry** if allowed.h](hFill in }(hjY[hhhNhNubj)}(h **inode**h]hinode}(hja[hhhNhNubah}(h]h ]h"]h$]h&]uh1jhjY[ubh security information for a }(hjY[hhhNhNubj)}(h **dentry**h]hdentry}(hjs[hhhNhNubah}(h]h ]h"]h$]h&]uh1jhjY[ubh if allowed.}(hjY[hhhNhNubeh}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjZubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j security_ismaclabel (C function)c.security_ismaclabelhNtauh1jhhhhhNhNubj")}(hhh](j')}(h*int security_ismaclabel (const char *name)h]j-)}(h)int security_ismaclabel(const char *name)h](j3)}(hinth]hint}(hj[hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj[hhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hj[hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj[hhhj[hMubjV)}(hsecurity_ismaclabelh]j\)}(hsecurity_ismaclabelh]hsecurity_ismaclabel}(hj[hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj[ubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhj[hhhj[hMubjw)}(h(const char *name)h]j})}(hconst char *nameh](j8)}(hj h]hconst}(hj[hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj[ubjE)}(h h]h }(hj[hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj[ubj3)}(hcharh]hchar}(hj\hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj[ubjE)}(h h]h }(hj\hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj[ubj)}(hjh]h*}(hj \hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj[ubj\)}(hnameh]hname}(hj-\hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj[ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj[ubah}(h]h ]h"]h$]h&]jtjuuh1jvhj[hhhj[hMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhj[hhhj[hMubah}(h]j[ah ](jjeh"]h$]h&]jj)jhuh1j&hj[hMhj[hhubj)}(hhh]h)}(h+Check if the named attribute is a MAC labelh]h+Check if the named attribute is a MAC label}(hjW\hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjT\hhubah}(h]h ]h"]h$]h&]uh1jhj[hhhj[hMubeh}(h]h ](jfunctioneh"]h$]h&]j jjjo\jjo\jjjuh1j!hhhhhNhNubj)}(h**Parameters** ``const char *name`` full extended attribute name **Description** Check if the extended attribute specified by **name** represents a MAC label. **Return** Returns 1 if name is a MAC attribute otherwise returns 0.h](h)}(h**Parameters**h]j)}(hjy\h]h Parameters}(hj{\hhhNhNubah}(h]h ]h"]h$]h&]uh1jhjw\ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjs\ubj4)}(hhh]j9)}(h2``const char *name`` full extended attribute name h](j?)}(h``const char *name``h]h)}(hj\h]hconst char *name}(hj\hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj\ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj\ubjY)}(hhh]h)}(hfull extended attribute nameh]hfull extended attribute name}(hj\hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj\hMhj\ubah}(h]h ]h"]h$]h&]uh1jXhj\ubeh}(h]h ]h"]h$]h&]uh1j8hj\hMhj\ubah}(h]h ]h"]h$]h&]uh1j3hjs\ubh)}(h**Description**h]j)}(hj\h]h Description}(hj\hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj\ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjs\ubh)}(hMCheck if the extended attribute specified by **name** represents a MAC label.h](h-Check if the extended attribute specified by }(hj\hhhNhNubj)}(h**name**h]hname}(hj\hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj\ubh represents a MAC label.}(hj\hhhNhNubeh}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjs\ubh)}(h **Return**h]j)}(hj ]h]hReturn}(hj]hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj ]ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjs\ubh)}(h9Returns 1 if name is a MAC attribute otherwise returns 0.h]h9Returns 1 if name is a MAC attribute otherwise returns 0.}(hj"]hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjs\ubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j%security_secid_to_secctx (C function)c.security_secid_to_secctxhNtauh1jhhhhhNhNubj")}(hhh](j')}(h@int security_secid_to_secctx (u32 secid, struct lsm_context *cp)h]j-)}(h?int security_secid_to_secctx(u32 secid, struct lsm_context *cp)h](j3)}(hinth]hint}(hjQ]hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjM]hhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hj`]hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjM]hhhj_]hMubjV)}(hsecurity_secid_to_secctxh]j\)}(hsecurity_secid_to_secctxh]hsecurity_secid_to_secctx}(hjr]hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjn]ubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjM]hhhj_]hMubjw)}(h#(u32 secid, struct lsm_context *cp)h](j})}(h u32 secidh](h)}(hhh]j\)}(hu32h]hu32}(hj]hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj]ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj]modnameN classnameNjsjv)}jy]j|)}jojt]sbc.security_secid_to_secctxasbuh1hhj]ubjE)}(h h]h }(hj]hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj]ubj\)}(hsecidh]hsecid}(hj]hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj]ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj]ubj})}(hstruct lsm_context *cph](j8)}(hj;h]hstruct}(hj]hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj]ubjE)}(h h]h }(hj]hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj]ubh)}(hhh]j\)}(h lsm_contexth]h lsm_context}(hj]hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj]ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj]modnameN classnameNjsjv)}jy]j]c.security_secid_to_secctxasbuh1hhj]ubjE)}(h h]h }(hj^hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj]ubj)}(hjh]h*}(hj"^hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj]ubj\)}(hcph]hcp}(hj/^hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj]ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj]ubeh}(h]h ]h"]h$]h&]jtjuuh1jvhjM]hhhj_]hMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjI]hhhj_]hMubah}(h]jD]ah ](jjeh"]h$]h&]jj)jhuh1j&hj_]hMhjF]hhubj)}(hhh]h)}(hConvert a secid to a secctxh]hConvert a secid to a secctx}(hjY^hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjV^hhubah}(h]h ]h"]h$]h&]uh1jhjF]hhhj_]hMubeh}(h]h ](jfunctioneh"]h$]h&]j jjjq^jjq^jjjuh1j!hhhhhNhNubj)}(hX**Parameters** ``u32 secid`` secid ``struct lsm_context *cp`` the LSM context **Description** Convert secid to security context. If **cp** is NULL the length of the result will be returned, but no data will be returned. This does mean that the length could change between calls to check the length and the next call which actually allocates and returns the data. **Return** Return length of data on success, error on failure.h](h)}(h**Parameters**h]j)}(hj{^h]h Parameters}(hj}^hhhNhNubah}(h]h ]h"]h$]h&]uh1jhjy^ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhju^ubj4)}(hhh](j9)}(h``u32 secid`` secid h](j?)}(h ``u32 secid``h]h)}(hj^h]h u32 secid}(hj^hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj^ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj^ubjY)}(hhh]h)}(hsecidh]hsecid}(hj^hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj^hMhj^ubah}(h]h ]h"]h$]h&]uh1jXhj^ubeh}(h]h ]h"]h$]h&]uh1j8hj^hMhj^ubj9)}(h+``struct lsm_context *cp`` the LSM context h](j?)}(h``struct lsm_context *cp``h]h)}(hj^h]hstruct lsm_context *cp}(hj^hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj^ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj^ubjY)}(hhh]h)}(hthe LSM contexth]hthe LSM context}(hj^hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj^hMhj^ubah}(h]h ]h"]h$]h&]uh1jXhj^ubeh}(h]h ]h"]h$]h&]uh1j8hj^hMhj^ubeh}(h]h ]h"]h$]h&]uh1j3hju^ubh)}(h**Description**h]j)}(hj_h]h Description}(hj_hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj _ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhju^ubh)}(hXConvert secid to security context. If **cp** is NULL the length of the result will be returned, but no data will be returned. This does mean that the length could change between calls to check the length and the next call which actually allocates and returns the data.h](h'Convert secid to security context. If }(hj$_hhhNhNubj)}(h**cp**h]hcp}(hj,_hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj$_ubh is NULL the length of the result will be returned, but no data will be returned. This does mean that the length could change between calls to check the length and the next call which actually allocates and returns the data.}(hj$_hhhNhNubeh}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhju^ubh)}(h **Return**h]j)}(hjG_h]hReturn}(hjI_hhhNhNubah}(h]h ]h"]h$]h&]uh1jhjE_ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhju^ubh)}(h3Return length of data on success, error on failure.h]h3Return length of data on success, error on failure.}(hj]_hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhju^ubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j'security_lsmprop_to_secctx (C function)c.security_lsmprop_to_secctxhNtauh1jhhhhhNhNubj")}(hhh](j')}(hNint security_lsmprop_to_secctx (struct lsm_prop *prop, struct lsm_context *cp)h]j-)}(hMint security_lsmprop_to_secctx(struct lsm_prop *prop, struct lsm_context *cp)h](j3)}(hinth]hint}(hj_hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj_hhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hj_hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj_hhhj_hMubjV)}(hsecurity_lsmprop_to_secctxh]j\)}(hsecurity_lsmprop_to_secctxh]hsecurity_lsmprop_to_secctx}(hj_hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj_ubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhj_hhhj_hMubjw)}(h/(struct lsm_prop *prop, struct lsm_context *cp)h](j})}(hstruct lsm_prop *proph](j8)}(hj;h]hstruct}(hj_hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj_ubjE)}(h h]h }(hj_hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj_ubh)}(hhh]j\)}(hlsm_proph]hlsm_prop}(hj_hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj_ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj_modnameN classnameNjsjv)}jy]j|)}joj_sbc.security_lsmprop_to_secctxasbuh1hhj_ubjE)}(h h]h }(hj`hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj_ubj)}(hjh]h*}(hj`hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj_ubj\)}(hproph]hprop}(hj"`hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj_ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj_ubj})}(hstruct lsm_context *cph](j8)}(hj;h]hstruct}(hj;`hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj7`ubjE)}(h h]h }(hjH`hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj7`ubh)}(hhh]j\)}(h lsm_contexth]h lsm_context}(hjY`hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjV`ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj[`modnameN classnameNjsjv)}jy]j`c.security_lsmprop_to_secctxasbuh1hhj7`ubjE)}(h h]h }(hjw`hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj7`ubj)}(hjh]h*}(hj`hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj7`ubj\)}(hcph]hcp}(hj`hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj7`ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj_ubeh}(h]h ]h"]h$]h&]jtjuuh1jvhj_hhhj_hMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhj_hhhj_hMubah}(h]j_ah ](jjeh"]h$]h&]jj)jhuh1j&hj_hMhj_hhubj)}(hhh]h)}(hConvert a lsm_prop to a secctxh]hConvert a lsm_prop to a secctx}(hj`hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj`hhubah}(h]h ]h"]h$]h&]uh1jhj_hhhj_hMubeh}(h]h ](jfunctioneh"]h$]h&]j jjj`jj`jjjuh1j!hhhhhNhNubj)}(hX**Parameters** ``struct lsm_prop *prop`` lsm specific information ``struct lsm_context *cp`` the LSM context **Description** Convert a **prop** entry to security context. If **cp** is NULL the length of the result will be returned. This does mean that the length could change between calls to check the length and the next call which actually allocates and returns the **cp**. **Return** Return length of data on success, error on failure.h](h)}(h**Parameters**h]j)}(hj`h]h Parameters}(hj`hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj`ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj`ubj4)}(hhh](j9)}(h3``struct lsm_prop *prop`` lsm specific information h](j?)}(h``struct lsm_prop *prop``h]h)}(hj`h]hstruct lsm_prop *prop}(hj`hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj`ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj`ubjY)}(hhh]h)}(hlsm specific informationh]hlsm specific information}(hjahhhNhNubah}(h]h ]h"]h$]h&]uh1hhjahMhjaubah}(h]h ]h"]h$]h&]uh1jXhj`ubeh}(h]h ]h"]h$]h&]uh1j8hjahMhj`ubj9)}(h+``struct lsm_context *cp`` the LSM context h](j?)}(h``struct lsm_context *cp``h]h)}(hj6ah]hstruct lsm_context *cp}(hj8ahhhNhNubah}(h]h ]h"]h$]h&]uh1hhj4aubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj0aubjY)}(hhh]h)}(hthe LSM contexth]hthe LSM context}(hjOahhhNhNubah}(h]h ]h"]h$]h&]uh1hhjKahMhjLaubah}(h]h ]h"]h$]h&]uh1jXhj0aubeh}(h]h ]h"]h$]h&]uh1j8hjKahMhj`ubeh}(h]h ]h"]h$]h&]uh1j3hj`ubh)}(h**Description**h]j)}(hjqah]h Description}(hjsahhhNhNubah}(h]h ]h"]h$]h&]uh1jhjoaubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj`ubh)}(hConvert a **prop** entry to security context. If **cp** is NULL the length of the result will be returned. This does mean that the length could change between calls to check the length and the next call which actually allocates and returns the **cp**.h](h Convert a }(hjahhhNhNubj)}(h**prop**h]hprop}(hjahhhNhNubah}(h]h ]h"]h$]h&]uh1jhjaubh entry to security context. If }(hjahhhNhNubj)}(h**cp**h]hcp}(hjahhhNhNubah}(h]h ]h"]h$]h&]uh1jhjaubh is NULL the length of the result will be returned. This does mean that the length could change between calls to check the length and the next call which actually allocates and returns the }(hjahhhNhNubj)}(h**cp**h]hcp}(hjahhhNhNubah}(h]h ]h"]h$]h&]uh1jhjaubh.}(hjahhhNhNubeh}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj`ubh)}(h **Return**h]j)}(hjah]hReturn}(hjahhhNhNubah}(h]h ]h"]h$]h&]uh1jhjaubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj`ubh)}(h3Return length of data on success, error on failure.h]h3Return length of data on success, error on failure.}(hjahhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj`ubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j%security_secctx_to_secid (C function)c.security_secctx_to_secidhNtauh1jhhhhhNhNubj")}(hhh](j')}(hJint security_secctx_to_secid (const char *secdata, u32 seclen, u32 *secid)h]j-)}(hIint security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)h](j3)}(hinth]hint}(hjbhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjbhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hj"bhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjbhhhj!bhMubjV)}(hsecurity_secctx_to_secidh]j\)}(hsecurity_secctx_to_secidh]hsecurity_secctx_to_secid}(hj4bhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj0bubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjbhhhj!bhMubjw)}(h-(const char *secdata, u32 seclen, u32 *secid)h](j})}(hconst char *secdatah](j8)}(hj h]hconst}(hjPbhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjLbubjE)}(h h]h }(hj]bhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjLbubj3)}(hcharh]hchar}(hjkbhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjLbubjE)}(h h]h }(hjybhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjLbubj)}(hjh]h*}(hjbhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjLbubj\)}(hsecdatah]hsecdata}(hjbhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjLbubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjHbubj})}(h u32 seclenh](h)}(hhh]j\)}(hu32h]hu32}(hjbhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjbubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjbmodnameN classnameNjsjv)}jy]j|)}joj6bsbc.security_secctx_to_secidasbuh1hhjbubjE)}(h h]h }(hjbhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjbubj\)}(hseclenh]hseclen}(hjbhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjbubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjHbubj})}(h u32 *secidh](h)}(hhh]j\)}(hu32h]hu32}(hjbhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjbubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjbmodnameN classnameNjsjv)}jy]jbc.security_secctx_to_secidasbuh1hhjbubjE)}(h h]h }(hjchhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjbubj)}(hjh]h*}(hj&chhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjbubj\)}(hsecidh]hsecid}(hj3chhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjbubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjHbubeh}(h]h ]h"]h$]h&]jtjuuh1jvhjbhhhj!bhMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhj bhhhj!bhMubah}(h]jbah ](jjeh"]h$]h&]jj)jhuh1j&hj!bhMhjbhhubj)}(hhh]h)}(hConvert a secctx to a secidh]hConvert a secctx to a secid}(hj]chhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjZchhubah}(h]h ]h"]h$]h&]uh1jhjbhhhj!bhMubeh}(h]h ](jfunctioneh"]h$]h&]j jjjucjjucjjjuh1j!hhhhhNhNubj)}(h**Parameters** ``const char *secdata`` secctx ``u32 seclen`` length of secctx ``u32 *secid`` secid **Description** Convert security context to secid. **Return** Returns 0 on success, error on failure.h](h)}(h**Parameters**h]j)}(hjch]h Parameters}(hjchhhNhNubah}(h]h ]h"]h$]h&]uh1jhj}cubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjycubj4)}(hhh](j9)}(h``const char *secdata`` secctx h](j?)}(h``const char *secdata``h]h)}(hjch]hconst char *secdata}(hjchhhNhNubah}(h]h ]h"]h$]h&]uh1hhjcubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjcubjY)}(hhh]h)}(hsecctxh]hsecctx}(hjchhhNhNubah}(h]h ]h"]h$]h&]uh1hhjchM hjcubah}(h]h ]h"]h$]h&]uh1jXhjcubeh}(h]h ]h"]h$]h&]uh1j8hjchM hjcubj9)}(h ``u32 seclen`` length of secctx h](j?)}(h``u32 seclen``h]h)}(hjch]h u32 seclen}(hjchhhNhNubah}(h]h ]h"]h$]h&]uh1hhjcubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjcubjY)}(hhh]h)}(hlength of secctxh]hlength of secctx}(hjchhhNhNubah}(h]h ]h"]h$]h&]uh1hhjchM hjcubah}(h]h ]h"]h$]h&]uh1jXhjcubeh}(h]h ]h"]h$]h&]uh1j8hjchM hjcubj9)}(h``u32 *secid`` secid h](j?)}(h``u32 *secid``h]h)}(hjdh]h u32 *secid}(hjdhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjdubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hj dubjY)}(hhh]h)}(hsecidh]hsecid}(hj)dhhhNhNubah}(h]h ]h"]h$]h&]uh1hhj%dhM hj&dubah}(h]h ]h"]h$]h&]uh1jXhj dubeh}(h]h ]h"]h$]h&]uh1j8hj%dhM hjcubeh}(h]h ]h"]h$]h&]uh1j3hjycubh)}(h**Description**h]j)}(hjKdh]h Description}(hjMdhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjIdubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjycubh)}(h"Convert security context to secid.h]h"Convert security context to secid.}(hjadhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjycubh)}(h **Return**h]j)}(hjrdh]hReturn}(hjtdhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjpdubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjycubh)}(h'Returns 0 on success, error on failure.h]h'Returns 0 on success, error on failure.}(hjdhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjycubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j$security_release_secctx (C function)c.security_release_secctxhNtauh1jhhhhhNhNubj")}(hhh](j')}(h5void security_release_secctx (struct lsm_context *cp)h]j-)}(h4void security_release_secctx(struct lsm_context *cp)h](j3)}(hvoidh]hvoid}(hjdhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjdhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hjdhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjdhhhjdhMubjV)}(hsecurity_release_secctxh]j\)}(hsecurity_release_secctxh]hsecurity_release_secctx}(hjdhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjdubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjdhhhjdhMubjw)}(h(struct lsm_context *cp)h]j})}(hstruct lsm_context *cph](j8)}(hj;h]hstruct}(hjdhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjdubjE)}(h h]h }(hjehhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjdubh)}(hhh]j\)}(h lsm_contexth]h lsm_context}(hjehhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjeubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjemodnameN classnameNjsjv)}jy]j|)}jojdsbc.security_release_secctxasbuh1hhjdubjE)}(h h]h }(hj2ehhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjdubj)}(hjh]h*}(hj@ehhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjdubj\)}(hcph]hcp}(hjMehhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjdubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjdubah}(h]h ]h"]h$]h&]jtjuuh1jvhjdhhhjdhMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjdhhhjdhMubah}(h]jdah ](jjeh"]h$]h&]jj)jhuh1j&hjdhMhjdhhubj)}(hhh]h)}(hFree a secctx bufferh]hFree a secctx buffer}(hjwehhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjtehhubah}(h]h ]h"]h$]h&]uh1jhjdhhhjdhMubeh}(h]h ](jfunctioneh"]h$]h&]j jjjejjejjjuh1j!hhhhhNhNubj)}(hq**Parameters** ``struct lsm_context *cp`` the security context **Description** Release the security context.h](h)}(h**Parameters**h]j)}(hjeh]h Parameters}(hjehhhNhNubah}(h]h ]h"]h$]h&]uh1jhjeubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjeubj4)}(hhh]j9)}(h0``struct lsm_context *cp`` the security context h](j?)}(h``struct lsm_context *cp``h]h)}(hjeh]hstruct lsm_context *cp}(hjehhhNhNubah}(h]h ]h"]h$]h&]uh1hhjeubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjeubjY)}(hhh]h)}(hthe security contexth]hthe security context}(hjehhhNhNubah}(h]h ]h"]h$]h&]uh1hhjehMhjeubah}(h]h ]h"]h$]h&]uh1jXhjeubeh}(h]h ]h"]h$]h&]uh1j8hjehMhjeubah}(h]h ]h"]h$]h&]uh1j3hjeubh)}(h**Description**h]j)}(hjeh]h Description}(hjehhhNhNubah}(h]h ]h"]h$]h&]uh1jhjeubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjeubh)}(hRelease the security context.h]hRelease the security context.}(hj fhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjeubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j-security_inode_invalidate_secctx (C function)"c.security_inode_invalidate_secctxhNtauh1jhhhhhNhNubj")}(hhh](j')}(h;void security_inode_invalidate_secctx (struct inode *inode)h]j-)}(h:void security_inode_invalidate_secctx(struct inode *inode)h](j3)}(hvoidh]hvoid}(hj8fhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj4fhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM&ubjE)}(h h]h }(hjGfhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj4fhhhjFfhM&ubjV)}(h security_inode_invalidate_secctxh]j\)}(h security_inode_invalidate_secctxh]h security_inode_invalidate_secctx}(hjYfhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjUfubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhj4fhhhjFfhM&ubjw)}(h(struct inode *inode)h]j})}(hstruct inode *inodeh](j8)}(hj;h]hstruct}(hjufhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjqfubjE)}(h h]h }(hjfhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjqfubh)}(hhh]j\)}(hinodeh]hinode}(hjfhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjfubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjfmodnameN classnameNjsjv)}jy]j|)}joj[fsb"c.security_inode_invalidate_secctxasbuh1hhjqfubjE)}(h h]h }(hjfhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjqfubj)}(hjh]h*}(hjfhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjqfubj\)}(hinodeh]hinode}(hjfhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjqfubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjmfubah}(h]h ]h"]h$]h&]jtjuuh1jvhj4fhhhjFfhM&ubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhj0fhhhjFfhM&ubah}(h]j+fah ](jjeh"]h$]h&]jj)jhuh1j&hjFfhM&hj-fhhubj)}(hhh]h)}(h$Invalidate an inode's security labelh]h&Invalidate an inode’s security label}(hjfhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM&hjfhhubah}(h]h ]h"]h$]h&]uh1jhj-fhhhjFfhM&ubeh}(h]h ](jfunctioneh"]h$]h&]j jjjgjjgjjjuh1j!hhhhhNhNubj)}(h**Parameters** ``struct inode *inode`` inode **Description** Notify the security module that it must revalidate the security context of an inode.h](h)}(h**Parameters**h]j)}(hjgh]h Parameters}(hjghhhNhNubah}(h]h ]h"]h$]h&]uh1jhjgubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM*hjgubj4)}(hhh]j9)}(h``struct inode *inode`` inode h](j?)}(h``struct inode *inode``h]h)}(hj9gh]hstruct inode *inode}(hj;ghhhNhNubah}(h]h ]h"]h$]h&]uh1hhj7gubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM'hj3gubjY)}(hhh]h)}(hinodeh]hinode}(hjRghhhNhNubah}(h]h ]h"]h$]h&]uh1hhjNghM'hjOgubah}(h]h ]h"]h$]h&]uh1jXhj3gubeh}(h]h ]h"]h$]h&]uh1j8hjNghM'hj0gubah}(h]h ]h"]h$]h&]uh1j3hjgubh)}(h**Description**h]j)}(hjtgh]h Description}(hjvghhhNhNubah}(h]h ]h"]h$]h&]uh1jhjrgubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM)hjgubh)}(hTNotify the security module that it must revalidate the security context of an inode.h]hTNotify the security module that it must revalidate the security context of an inode.}(hjghhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM(hjgubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j(security_inode_notifysecctx (C function)c.security_inode_notifysecctxhNtauh1jhhhhhNhNubj")}(hhh](j')}(hLint security_inode_notifysecctx (struct inode *inode, void *ctx, u32 ctxlen)h]j-)}(hKint security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)h](j3)}(hinth]hint}(hjghhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjghhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM3ubjE)}(h h]h }(hjghhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjghhhjghM3ubjV)}(hsecurity_inode_notifysecctxh]j\)}(hsecurity_inode_notifysecctxh]hsecurity_inode_notifysecctx}(hjghhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjgubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjghhhjghM3ubjw)}(h,(struct inode *inode, void *ctx, u32 ctxlen)h](j})}(hstruct inode *inodeh](j8)}(hj;h]hstruct}(hjghhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjgubjE)}(h h]h }(hjhhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjgubh)}(hhh]j\)}(hinodeh]hinode}(hjhhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjhubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjhmodnameN classnameNjsjv)}jy]j|)}jojgsbc.security_inode_notifysecctxasbuh1hhjgubjE)}(h h]h }(hj4hhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjgubj)}(hjh]h*}(hjBhhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjgubj\)}(hinodeh]hinode}(hjOhhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjgubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjgubj})}(h void *ctxh](j3)}(hvoidh]hvoid}(hjhhhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjdhubjE)}(h h]h }(hjvhhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjdhubj)}(hjh]h*}(hjhhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjdhubj\)}(hctxh]hctx}(hjhhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjdhubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjgubj})}(h u32 ctxlenh](h)}(hhh]j\)}(hu32h]hu32}(hjhhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjhubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjhmodnameN classnameNjsjv)}jy]j0hc.security_inode_notifysecctxasbuh1hhjhubjE)}(h h]h }(hjhhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjhubj\)}(hctxlenh]hctxlen}(hjhhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjhubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjgubeh}(h]h ]h"]h$]h&]jtjuuh1jvhjghhhjghM3ubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjghhhjghM3ubah}(h]jgah ](jjeh"]h$]h&]jj)jhuh1j&hjghM3hjghhubj)}(hhh]h)}(h+Notify the LSM of an inode's security labelh]h-Notify the LSM of an inode’s security label}(hjihhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM3hjihhubah}(h]h ]h"]h$]h&]uh1jhjghhhjghM3ubeh}(h]h ](jfunctioneh"]h$]h&]j jjjijjijjjuh1j!hhhhhNhNubj)}(hXV**Parameters** ``struct inode *inode`` inode ``void *ctx`` secctx ``u32 ctxlen`` length of secctx **Description** Notify the security module of what the security context of an inode should be. Initializes the incore security context managed by the security module for this inode. Example usage: NFS client invokes this hook to initialize the security context in its incore inode to the value provided by the server for the file when the server returned the file's attributes to the client. Must be called with inode->i_mutex locked. **Return** Returns 0 on success, error on failure.h](h)}(h**Parameters**h]j)}(hj%ih]h Parameters}(hj'ihhhNhNubah}(h]h ]h"]h$]h&]uh1jhj#iubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM7hjiubj4)}(hhh](j9)}(h``struct inode *inode`` inode h](j?)}(h``struct inode *inode``h]h)}(hjDih]hstruct inode *inode}(hjFihhhNhNubah}(h]h ]h"]h$]h&]uh1hhjBiubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM4hj>iubjY)}(hhh]h)}(hinodeh]hinode}(hj]ihhhNhNubah}(h]h ]h"]h$]h&]uh1hhjYihM4hjZiubah}(h]h ]h"]h$]h&]uh1jXhj>iubeh}(h]h ]h"]h$]h&]uh1j8hjYihM4hj;iubj9)}(h``void *ctx`` secctx h](j?)}(h ``void *ctx``h]h)}(hj}ih]h void *ctx}(hjihhhNhNubah}(h]h ]h"]h$]h&]uh1hhj{iubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM5hjwiubjY)}(hhh]h)}(hsecctxh]hsecctx}(hjihhhNhNubah}(h]h ]h"]h$]h&]uh1hhjihM5hjiubah}(h]h ]h"]h$]h&]uh1jXhjwiubeh}(h]h ]h"]h$]h&]uh1j8hjihM5hj;iubj9)}(h ``u32 ctxlen`` length of secctx h](j?)}(h``u32 ctxlen``h]h)}(hjih]h u32 ctxlen}(hjihhhNhNubah}(h]h ]h"]h$]h&]uh1hhjiubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM6hjiubjY)}(hhh]h)}(hlength of secctxh]hlength of secctx}(hjihhhNhNubah}(h]h ]h"]h$]h&]uh1hhjihM6hjiubah}(h]h ]h"]h$]h&]uh1jXhjiubeh}(h]h ]h"]h$]h&]uh1j8hjihM6hj;iubeh}(h]h ]h"]h$]h&]uh1j3hjiubh)}(h**Description**h]j)}(hjih]h Description}(hjihhhNhNubah}(h]h ]h"]h$]h&]uh1jhjiubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM8hjiubh)}(hXNotify the security module of what the security context of an inode should be. Initializes the incore security context managed by the security module for this inode. Example usage: NFS client invokes this hook to initialize the security context in its incore inode to the value provided by the server for the file when the server returned the file's attributes to the client. Must be called with inode->i_mutex locked.h]hXNotify the security module of what the security context of an inode should be. Initializes the incore security context managed by the security module for this inode. Example usage: NFS client invokes this hook to initialize the security context in its incore inode to the value provided by the server for the file when the server returned the file’s attributes to the client. Must be called with inode->i_mutex locked.}(hjjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM7hjiubh)}(h **Return**h]j)}(hjjh]hReturn}(hjjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM>hjiubh)}(h'Returns 0 on success, error on failure.h]h'Returns 0 on success, error on failure.}(hj.jhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM?hjiubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j%security_inode_setsecctx (C function)c.security_inode_setsecctxhNtauh1jhhhhhNhNubj")}(hhh](j')}(hKint security_inode_setsecctx (struct dentry *dentry, void *ctx, u32 ctxlen)h]j-)}(hJint security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)h](j3)}(hinth]hint}(hj]jhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjYjhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMHubjE)}(h h]h }(hjljhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjYjhhhjkjhMHubjV)}(hsecurity_inode_setsecctxh]j\)}(hsecurity_inode_setsecctxh]hsecurity_inode_setsecctx}(hj~jhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjzjubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjYjhhhjkjhMHubjw)}(h.(struct dentry *dentry, void *ctx, u32 ctxlen)h](j})}(hstruct dentry *dentryh](j8)}(hj;h]hstruct}(hjjhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjjubjE)}(h h]h }(hjjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjjubh)}(hhh]j\)}(hdentryh]hdentry}(hjjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjjubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjjmodnameN classnameNjsjv)}jy]j|)}jojjsbc.security_inode_setsecctxasbuh1hhjjubjE)}(h h]h }(hjjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjjubj)}(hjh]h*}(hjjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjjubj\)}(hdentryh]hdentry}(hjjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjjubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjjubj})}(h void *ctxh](j3)}(hvoidh]hvoid}(hj khhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjkubjE)}(h h]h }(hjkhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjkubj)}(hjh]h*}(hj(khhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjkubj\)}(hctxh]hctx}(hj5khhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjkubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjjubj})}(h u32 ctxlenh](h)}(hhh]j\)}(hu32h]hu32}(hjQkhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjNkubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjSkmodnameN classnameNjsjv)}jy]jjc.security_inode_setsecctxasbuh1hhjJkubjE)}(h h]h }(hjokhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjJkubj\)}(hctxlenh]hctxlen}(hj}khhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjJkubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjjubeh}(h]h ]h"]h$]h&]jtjuuh1jvhjYjhhhjkjhMHubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjUjhhhjkjhMHubah}(h]jPjah ](jjeh"]h$]h&]jj)jhuh1j&hjkjhMHhjRjhhubj)}(hhh]h)}(h%Change the security label of an inodeh]h%Change the security label of an inode}(hjkhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMHhjkhhubah}(h]h ]h"]h$]h&]uh1jhjRjhhhjkjhMHubeh}(h]h ](jfunctioneh"]h$]h&]j jjjkjjkjjjuh1j!hhhhhNhNubj)}(hX{**Parameters** ``struct dentry *dentry`` inode ``void *ctx`` secctx ``u32 ctxlen`` length of secctx **Description** Change the security context of an inode. Updates the incore security context managed by the security module and invokes the fs code as needed (via __vfs_setxattr_noperm) to update any backing xattrs that represent the context. Example usage: NFS server invokes this hook to change the security context in its incore inode and on the backing filesystem to a value provided by the client on a SETATTR operation. Must be called with inode->i_mutex locked. **Return** Returns 0 on success, error on failure.h](h)}(h**Parameters**h]j)}(hjkh]h Parameters}(hjkhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjkubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMLhjkubj4)}(hhh](j9)}(h ``struct dentry *dentry`` inode h](j?)}(h``struct dentry *dentry``h]h)}(hjkh]hstruct dentry *dentry}(hjkhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjkubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMIhjkubjY)}(hhh]h)}(hinodeh]hinode}(hjlhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjkhMIhjkubah}(h]h ]h"]h$]h&]uh1jXhjkubeh}(h]h ]h"]h$]h&]uh1j8hjkhMIhjkubj9)}(h``void *ctx`` secctx h](j?)}(h ``void *ctx``h]h)}(hj!lh]h void *ctx}(hj#lhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjlubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMJhjlubjY)}(hhh]h)}(hsecctxh]hsecctx}(hj:lhhhNhNubah}(h]h ]h"]h$]h&]uh1hhj6lhMJhj7lubah}(h]h ]h"]h$]h&]uh1jXhjlubeh}(h]h ]h"]h$]h&]uh1j8hj6lhMJhjkubj9)}(h ``u32 ctxlen`` length of secctx h](j?)}(h``u32 ctxlen``h]h)}(hjZlh]h u32 ctxlen}(hj\lhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjXlubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMKhjTlubjY)}(hhh]h)}(hlength of secctxh]hlength of secctx}(hjslhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjolhMKhjplubah}(h]h ]h"]h$]h&]uh1jXhjTlubeh}(h]h ]h"]h$]h&]uh1j8hjolhMKhjkubeh}(h]h ]h"]h$]h&]uh1j3hjkubh)}(h**Description**h]j)}(hjlh]h Description}(hjlhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjlubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMMhjkubh)}(hXChange the security context of an inode. Updates the incore security context managed by the security module and invokes the fs code as needed (via __vfs_setxattr_noperm) to update any backing xattrs that represent the context. Example usage: NFS server invokes this hook to change the security context in its incore inode and on the backing filesystem to a value provided by the client on a SETATTR operation. Must be called with inode->i_mutex locked.h]hXChange the security context of an inode. Updates the incore security context managed by the security module and invokes the fs code as needed (via __vfs_setxattr_noperm) to update any backing xattrs that represent the context. Example usage: NFS server invokes this hook to change the security context in its incore inode and on the backing filesystem to a value provided by the client on a SETATTR operation. Must be called with inode->i_mutex locked.}(hjlhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMLhjkubh)}(h **Return**h]j)}(hjlh]hReturn}(hjlhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjlubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMThjkubh)}(h'Returns 0 on success, error on failure.h]h'Returns 0 on success, error on failure.}(hjlhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMUhjkubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j%security_inode_getsecctx (C function)c.security_inode_getsecctxhNtauh1jhhhhhNhNubj")}(hhh](j')}(hJint security_inode_getsecctx (struct inode *inode, struct lsm_context *cp)h]j-)}(hIint security_inode_getsecctx(struct inode *inode, struct lsm_context *cp)h](j3)}(hinth]hint}(hjmhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjlhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM^ubjE)}(h h]h }(hjmhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjlhhhjmhM^ubjV)}(hsecurity_inode_getsecctxh]j\)}(hsecurity_inode_getsecctxh]hsecurity_inode_getsecctx}(hj"mhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjmubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjlhhhjmhM^ubjw)}(h-(struct inode *inode, struct lsm_context *cp)h](j})}(hstruct inode *inodeh](j8)}(hj;h]hstruct}(hj>mhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj:mubjE)}(h h]h }(hjKmhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj:mubh)}(hhh]j\)}(hinodeh]hinode}(hj\mhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjYmubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj^mmodnameN classnameNjsjv)}jy]j|)}joj$msbc.security_inode_getsecctxasbuh1hhj:mubjE)}(h h]h }(hj|mhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj:mubj)}(hjh]h*}(hjmhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj:mubj\)}(hinodeh]hinode}(hjmhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj:mubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj6mubj})}(hstruct lsm_context *cph](j8)}(hj;h]hstruct}(hjmhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjmubjE)}(h h]h }(hjmhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjmubh)}(hhh]j\)}(h lsm_contexth]h lsm_context}(hjmhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjmubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjmmodnameN classnameNjsjv)}jy]jxmc.security_inode_getsecctxasbuh1hhjmubjE)}(h h]h }(hjmhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjmubj)}(hjh]h*}(hjmhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjmubj\)}(hcph]hcp}(hjnhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjmubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj6mubeh}(h]h ]h"]h$]h&]jtjuuh1jvhjlhhhjmhM^ubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjlhhhjmhM^ubah}(h]jlah ](jjeh"]h$]h&]jj)jhuh1j&hjmhM^hjlhhubj)}(hhh]h)}(h"Get the security label of an inodeh]h"Get the security label of an inode}(hj1nhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM^hj.nhhubah}(h]h ]h"]h$]h&]uh1jhjlhhhjmhM^ubeh}(h]h ](jfunctioneh"]h$]h&]j jjjInjjInjjjuh1j!hhhhhNhNubj)}(hX**Parameters** ``struct inode *inode`` inode ``struct lsm_context *cp`` security context **Description** On success, returns 0 and fills out **cp** with the security context for the given **inode**. **Return** Returns 0 on success, error on failure.h](h)}(h**Parameters**h]j)}(hjSnh]h Parameters}(hjUnhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjQnubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMbhjMnubj4)}(hhh](j9)}(h``struct inode *inode`` inode h](j?)}(h``struct inode *inode``h]h)}(hjrnh]hstruct inode *inode}(hjtnhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjpnubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM_hjlnubjY)}(hhh]h)}(hinodeh]hinode}(hjnhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjnhM_hjnubah}(h]h ]h"]h$]h&]uh1jXhjlnubeh}(h]h ]h"]h$]h&]uh1j8hjnhM_hjinubj9)}(h,``struct lsm_context *cp`` security context h](j?)}(h``struct lsm_context *cp``h]h)}(hjnh]hstruct lsm_context *cp}(hjnhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjnubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM`hjnubjY)}(hhh]h)}(hsecurity contexth]hsecurity context}(hjnhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjnhM`hjnubah}(h]h ]h"]h$]h&]uh1jXhjnubeh}(h]h ]h"]h$]h&]uh1j8hjnhM`hjinubeh}(h]h ]h"]h$]h&]uh1j3hjMnubh)}(h**Description**h]j)}(hjnh]h Description}(hjnhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjnubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMbhjMnubh)}(h]On success, returns 0 and fills out **cp** with the security context for the given **inode**.h](h$On success, returns 0 and fills out }(hjnhhhNhNubj)}(h**cp**h]hcp}(hjohhhNhNubah}(h]h ]h"]h$]h&]uh1jhjnubh) with the security context for the given }(hjnhhhNhNubj)}(h **inode**h]hinode}(hjohhhNhNubah}(h]h ]h"]h$]h&]uh1jhjnubh.}(hjnhhhNhNubeh}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMahjMnubh)}(h **Return**h]j)}(hj1oh]hReturn}(hj3ohhhNhNubah}(h]h ]h"]h$]h&]uh1jhj/oubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMdhjMnubh)}(h'Returns 0 on success, error on failure.h]h'Returns 0 on success, error on failure.}(hjGohhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMehjMnubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j)security_unix_stream_connect (C function)c.security_unix_stream_connecthNtauh1jhhhhhNhNubj")}(hhh](j')}(h\int security_unix_stream_connect (struct sock *sock, struct sock *other, struct sock *newsk)h]j-)}(h[int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk)h](j3)}(hinth]hint}(hjvohhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjrohhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hjohhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjrohhhjohMubjV)}(hsecurity_unix_stream_connecth]j\)}(hsecurity_unix_stream_connecth]hsecurity_unix_stream_connect}(hjohhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjoubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjrohhhjohMubjw)}(h;(struct sock *sock, struct sock *other, struct sock *newsk)h](j})}(hstruct sock *sockh](j8)}(hj;h]hstruct}(hjohhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjoubjE)}(h h]h }(hjohhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjoubh)}(hhh]j\)}(hsockh]hsock}(hjohhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjoubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjomodnameN classnameNjsjv)}jy]j|)}jojosbc.security_unix_stream_connectasbuh1hhjoubjE)}(h h]h }(hjohhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjoubj)}(hjh]h*}(hjohhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjoubj\)}(hsockh]hsock}(hj phhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjoubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjoubj})}(hstruct sock *otherh](j8)}(hj;h]hstruct}(hj%phhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj!pubjE)}(h h]h }(hj2phhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj!pubh)}(hhh]j\)}(hsockh]hsock}(hjCphhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj@pubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjEpmodnameN classnameNjsjv)}jy]joc.security_unix_stream_connectasbuh1hhj!pubjE)}(h h]h }(hjaphhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj!pubj)}(hjh]h*}(hjophhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj!pubj\)}(hotherh]hother}(hj|phhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj!pubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjoubj})}(hstruct sock *newskh](j8)}(hj;h]hstruct}(hjphhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjpubjE)}(h h]h }(hjphhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjpubh)}(hhh]j\)}(hsockh]hsock}(hjphhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjpubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjpmodnameN classnameNjsjv)}jy]joc.security_unix_stream_connectasbuh1hhjpubjE)}(h h]h }(hjphhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjpubj)}(hjh]h*}(hjphhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjpubj\)}(hnewskh]hnewsk}(hjphhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjpubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjoubeh}(h]h ]h"]h$]h&]jtjuuh1jvhjrohhhjohMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjnohhhjohMubah}(h]jioah ](jjeh"]h$]h&]jj)jhuh1j&hjohMhjkohhubj)}(hhh]h)}(h$Check if a AF_UNIX stream is allowedh]h$Check if a AF_UNIX stream is allowed}(hjqhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjqhhubah}(h]h ]h"]h$]h&]uh1jhjkohhhjohMubeh}(h]h ](jfunctioneh"]h$]h&]j jjj.qjj.qjjjuh1j!hhhhhNhNubj)}(hX**Parameters** ``struct sock *sock`` originating sock ``struct sock *other`` peer sock ``struct sock *newsk`` new sock **Description** Check permissions before establishing a Unix domain stream connection between **sock** and **other**. The **unix_stream_connect** and **unix_may_send** hooks were necessary because Linux provides an alternative to the conventional file name space for Unix domain sockets. Whereas binding and connecting to sockets in the file name space is mediated by the typical file permissions (and caught by the mknod and permission hooks in inode_security_ops), binding and connecting to sockets in the abstract name space is completely unmediated. Sufficient control of Unix domain sockets in the abstract name space isn't possible using only the socket layer hooks, since we need to know the actual target socket, which is not looked up until we are inside the af_unix code. **Return** Returns 0 if permission is granted.h](h)}(h**Parameters**h]j)}(hj8qh]h Parameters}(hj:qhhhNhNubah}(h]h ]h"]h$]h&]uh1jhj6qubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj2qubj4)}(hhh](j9)}(h'``struct sock *sock`` originating sock h](j?)}(h``struct sock *sock``h]h)}(hjWqh]hstruct sock *sock}(hjYqhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjUqubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjQqubjY)}(hhh]h)}(horiginating sockh]horiginating sock}(hjpqhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjlqhMhjmqubah}(h]h ]h"]h$]h&]uh1jXhjQqubeh}(h]h ]h"]h$]h&]uh1j8hjlqhMhjNqubj9)}(h!``struct sock *other`` peer sock h](j?)}(h``struct sock *other``h]h)}(hjqh]hstruct sock *other}(hjqhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjqubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjqubjY)}(hhh]h)}(h peer sockh]h peer sock}(hjqhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjqhMhjqubah}(h]h ]h"]h$]h&]uh1jXhjqubeh}(h]h ]h"]h$]h&]uh1j8hjqhMhjNqubj9)}(h ``struct sock *newsk`` new sock h](j?)}(h``struct sock *newsk``h]h)}(hjqh]hstruct sock *newsk}(hjqhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjqubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjqubjY)}(hhh]h)}(hnew sockh]hnew sock}(hjqhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjqhMhjqubah}(h]h ]h"]h$]h&]uh1jXhjqubeh}(h]h ]h"]h$]h&]uh1j8hjqhMhjNqubeh}(h]h ]h"]h$]h&]uh1j3hj2qubh)}(h**Description**h]j)}(hjrh]h Description}(hjrhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjrubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj2qubh)}(heCheck permissions before establishing a Unix domain stream connection between **sock** and **other**.h](hNCheck permissions before establishing a Unix domain stream connection between }(hjrhhhNhNubj)}(h**sock**h]hsock}(hj"rhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjrubh and }(hjrhhhNhNubj)}(h **other**h]hother}(hj4rhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjrubh.}(hjrhhhNhNubeh}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj2qubh)}(hXThe **unix_stream_connect** and **unix_may_send** hooks were necessary because Linux provides an alternative to the conventional file name space for Unix domain sockets. Whereas binding and connecting to sockets in the file name space is mediated by the typical file permissions (and caught by the mknod and permission hooks in inode_security_ops), binding and connecting to sockets in the abstract name space is completely unmediated. Sufficient control of Unix domain sockets in the abstract name space isn't possible using only the socket layer hooks, since we need to know the actual target socket, which is not looked up until we are inside the af_unix code.h](hThe }(hjMrhhhNhNubj)}(h**unix_stream_connect**h]hunix_stream_connect}(hjUrhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjMrubh and }(hjMrhhhNhNubj)}(h**unix_may_send**h]h unix_may_send}(hjgrhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjMrubhXj hooks were necessary because Linux provides an alternative to the conventional file name space for Unix domain sockets. Whereas binding and connecting to sockets in the file name space is mediated by the typical file permissions (and caught by the mknod and permission hooks in inode_security_ops), binding and connecting to sockets in the abstract name space is completely unmediated. Sufficient control of Unix domain sockets in the abstract name space isn’t possible using only the socket layer hooks, since we need to know the actual target socket, which is not looked up until we are inside the af_unix code.}(hjMrhhhNhNubeh}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj2qubh)}(h **Return**h]j)}(hjrh]hReturn}(hjrhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjrubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj2qubh)}(h#Returns 0 if permission is granted.h]h#Returns 0 if permission is granted.}(hjrhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj2qubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j#security_unix_may_send (C function)c.security_unix_may_sendhNtauh1jhhhhhNhNubj")}(hhh](j')}(hFint security_unix_may_send (struct socket *sock, struct socket *other)h]j-)}(hEint security_unix_may_send(struct socket *sock, struct socket *other)h](j3)}(hinth]hint}(hjrhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjrhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hjrhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjrhhhjrhMubjV)}(hsecurity_unix_may_sendh]j\)}(hsecurity_unix_may_sendh]hsecurity_unix_may_send}(hjrhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjrubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjrhhhjrhMubjw)}(h+(struct socket *sock, struct socket *other)h](j})}(hstruct socket *sockh](j8)}(hj;h]hstruct}(hjshhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjsubjE)}(h h]h }(hjshhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjsubh)}(hhh]j\)}(hsocketh]hsocket}(hj"shhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjsubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj$smodnameN classnameNjsjv)}jy]j|)}jojrsbc.security_unix_may_sendasbuh1hhjsubjE)}(h h]h }(hjBshhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjsubj)}(hjh]h*}(hjPshhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjsubj\)}(hsockh]hsock}(hj]shhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjsubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjrubj})}(hstruct socket *otherh](j8)}(hj;h]hstruct}(hjvshhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjrsubjE)}(h h]h }(hjshhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjrsubh)}(hhh]j\)}(hsocketh]hsocket}(hjshhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjsubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjsmodnameN classnameNjsjv)}jy]j>sc.security_unix_may_sendasbuh1hhjrsubjE)}(h h]h }(hjshhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjrsubj)}(hjh]h*}(hjshhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjrsubj\)}(hotherh]hother}(hjshhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjrsubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjrubeh}(h]h ]h"]h$]h&]jtjuuh1jvhjrhhhjrhMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjrhhhjrhMubah}(h]jrah ](jjeh"]h$]h&]jj)jhuh1j&hjrhMhjrhhubj)}(hhh]h)}(h*Check if AF_UNIX socket can send datagramsh]h*Check if AF_UNIX socket can send datagrams}(hjshhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjshhubah}(h]h ]h"]h$]h&]uh1jhjrhhhjrhMubeh}(h]h ](jfunctioneh"]h$]h&]j jjjtjjtjjjuh1j!hhhhhNhNubj)}(hX**Parameters** ``struct socket *sock`` originating sock ``struct socket *other`` peer sock **Description** Check permissions before connecting or sending datagrams from **sock** to **other**. The **unix_stream_connect** and **unix_may_send** hooks were necessary because Linux provides an alternative to the conventional file name space for Unix domain sockets. Whereas binding and connecting to sockets in the file name space is mediated by the typical file permissions (and caught by the mknod and permission hooks in inode_security_ops), binding and connecting to sockets in the abstract name space is completely unmediated. Sufficient control of Unix domain sockets in the abstract name space isn't possible using only the socket layer hooks, since we need to know the actual target socket, which is not looked up until we are inside the af_unix code. **Return** Returns 0 if permission is granted.h](h)}(h**Parameters**h]j)}(hjth]h Parameters}(hjthhhNhNubah}(h]h ]h"]h$]h&]uh1jhjtubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjtubj4)}(hhh](j9)}(h)``struct socket *sock`` originating sock h](j?)}(h``struct socket *sock``h]h)}(hj8th]hstruct socket *sock}(hj:thhhNhNubah}(h]h ]h"]h$]h&]uh1hhj6tubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj2tubjY)}(hhh]h)}(horiginating sockh]horiginating sock}(hjQthhhNhNubah}(h]h ]h"]h$]h&]uh1hhjMthMhjNtubah}(h]h ]h"]h$]h&]uh1jXhj2tubeh}(h]h ]h"]h$]h&]uh1j8hjMthMhj/tubj9)}(h#``struct socket *other`` peer sock h](j?)}(h``struct socket *other``h]h)}(hjqth]hstruct socket *other}(hjsthhhNhNubah}(h]h ]h"]h$]h&]uh1hhjotubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjktubjY)}(hhh]h)}(h peer sockh]h peer sock}(hjthhhNhNubah}(h]h ]h"]h$]h&]uh1hhjthMhjtubah}(h]h ]h"]h$]h&]uh1jXhjktubeh}(h]h ]h"]h$]h&]uh1j8hjthMhj/tubeh}(h]h ]h"]h$]h&]uh1j3hjtubh)}(h**Description**h]j)}(hjth]h Description}(hjthhhNhNubah}(h]h ]h"]h$]h&]uh1jhjtubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjtubh)}(hTCheck permissions before connecting or sending datagrams from **sock** to **other**.h](h>Check permissions before connecting or sending datagrams from }(hjthhhNhNubj)}(h**sock**h]hsock}(hjthhhNhNubah}(h]h ]h"]h$]h&]uh1jhjtubh to }(hjthhhNhNubj)}(h **other**h]hother}(hjthhhNhNubah}(h]h ]h"]h$]h&]uh1jhjtubh.}(hjthhhNhNubeh}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjtubh)}(hXThe **unix_stream_connect** and **unix_may_send** hooks were necessary because Linux provides an alternative to the conventional file name space for Unix domain sockets. Whereas binding and connecting to sockets in the file name space is mediated by the typical file permissions (and caught by the mknod and permission hooks in inode_security_ops), binding and connecting to sockets in the abstract name space is completely unmediated. Sufficient control of Unix domain sockets in the abstract name space isn't possible using only the socket layer hooks, since we need to know the actual target socket, which is not looked up until we are inside the af_unix code.h](hThe }(hjthhhNhNubj)}(h**unix_stream_connect**h]hunix_stream_connect}(hjthhhNhNubah}(h]h ]h"]h$]h&]uh1jhjtubh and }(hjthhhNhNubj)}(h**unix_may_send**h]h unix_may_send}(hjuhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjtubhXj hooks were necessary because Linux provides an alternative to the conventional file name space for Unix domain sockets. Whereas binding and connecting to sockets in the file name space is mediated by the typical file permissions (and caught by the mknod and permission hooks in inode_security_ops), binding and connecting to sockets in the abstract name space is completely unmediated. Sufficient control of Unix domain sockets in the abstract name space isn’t possible using only the socket layer hooks, since we need to know the actual target socket, which is not looked up until we are inside the af_unix code.}(hjthhhNhNubeh}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjtubh)}(h **Return**h]j)}(hj*uh]hReturn}(hj,uhhhNhNubah}(h]h ]h"]h$]h&]uh1jhj(uubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjtubh)}(h#Returns 0 if permission is granted.h]h#Returns 0 if permission is granted.}(hj@uhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjtubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j'security_socket_socketpair (C function)c.security_socket_socketpairhNtauh1jhhhhhNhNubj")}(hhh](j')}(hKint security_socket_socketpair (struct socket *socka, struct socket *sockb)h]j-)}(hJint security_socket_socketpair(struct socket *socka, struct socket *sockb)h](j3)}(hinth]hint}(hjouhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjkuhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hj~uhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjkuhhhj}uhMubjV)}(hsecurity_socket_socketpairh]j\)}(hsecurity_socket_socketpairh]hsecurity_socket_socketpair}(hjuhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjuubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjkuhhhj}uhMubjw)}(h,(struct socket *socka, struct socket *sockb)h](j})}(hstruct socket *sockah](j8)}(hj;h]hstruct}(hjuhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjuubjE)}(h h]h }(hjuhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjuubh)}(hhh]j\)}(hsocketh]hsocket}(hjuhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjuubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjumodnameN classnameNjsjv)}jy]j|)}jojusbc.security_socket_socketpairasbuh1hhjuubjE)}(h h]h }(hjuhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjuubj)}(hjh]h*}(hjuhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjuubj\)}(hsockah]hsocka}(hjvhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjuubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjuubj})}(hstruct socket *sockbh](j8)}(hj;h]hstruct}(hjvhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjvubjE)}(h h]h }(hj+vhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjvubh)}(hhh]j\)}(hsocketh]hsocket}(hjvmodnameN classnameNjsjv)}jy]juc.security_socket_socketpairasbuh1hhjvubjE)}(h h]h }(hjZvhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjvubj)}(hjh]h*}(hjhvhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjvubj\)}(hsockbh]hsockb}(hjuvhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjvubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjuubeh}(h]h ]h"]h$]h&]jtjuuh1jvhjkuhhhj}uhMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjguhhhj}uhMubah}(h]jbuah ](jjeh"]h$]h&]jj)jhuh1j&hj}uhMhjduhhubj)}(hhh]h)}(h)Check if creating a socketpair is allowedh]h)Check if creating a socketpair is allowed}(hjvhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjvhhubah}(h]h ]h"]h$]h&]uh1jhjduhhhj}uhMubeh}(h]h ](jfunctioneh"]h$]h&]j jjjvjjvjjjuh1j!hhhhhNhNubj)}(hX**Parameters** ``struct socket *socka`` first socket ``struct socket *sockb`` second socket **Description** Check permissions before creating a fresh pair of sockets. **Return** Returns 0 if permission is granted and the connection was established.h](h)}(h**Parameters**h]j)}(hjvh]h Parameters}(hjvhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjvubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjvubj4)}(hhh](j9)}(h&``struct socket *socka`` first socket h](j?)}(h``struct socket *socka``h]h)}(hjvh]hstruct socket *socka}(hjvhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjvubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjvubjY)}(hhh]h)}(h first socketh]h first socket}(hjvhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjvhMhjvubah}(h]h ]h"]h$]h&]uh1jXhjvubeh}(h]h ]h"]h$]h&]uh1j8hjvhMhjvubj9)}(h'``struct socket *sockb`` second socket h](j?)}(h``struct socket *sockb``h]h)}(hjwh]hstruct socket *sockb}(hjwhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjwubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjwubjY)}(hhh]h)}(h second socketh]h second socket}(hj2whhhNhNubah}(h]h ]h"]h$]h&]uh1hhj.whMhj/wubah}(h]h ]h"]h$]h&]uh1jXhjwubeh}(h]h ]h"]h$]h&]uh1j8hj.whMhjvubeh}(h]h ]h"]h$]h&]uh1j3hjvubh)}(h**Description**h]j)}(hjTwh]h Description}(hjVwhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjRwubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjvubh)}(h:Check permissions before creating a fresh pair of sockets.h]h:Check permissions before creating a fresh pair of sockets.}(hjjwhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjvubh)}(h **Return**h]j)}(hj{wh]hReturn}(hj}whhhNhNubah}(h]h ]h"]h$]h&]uh1jhjywubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjvubh)}(hFReturns 0 if permission is granted and the connection was established.h]hFReturns 0 if permission is granted and the connection was established.}(hjwhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjvubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j"security_sock_rcv_skb (C function)c.security_sock_rcv_skbhNtauh1jhhhhhNhNubj")}(hhh](j')}(h@int security_sock_rcv_skb (struct sock *sk, struct sk_buff *skb)h]j-)}(h?int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)h](j3)}(hinth]hint}(hjwhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjwhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hjwhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjwhhhjwhMubjV)}(hsecurity_sock_rcv_skbh]j\)}(hsecurity_sock_rcv_skbh]hsecurity_sock_rcv_skb}(hjwhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjwubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjwhhhjwhMubjw)}(h&(struct sock *sk, struct sk_buff *skb)h](j})}(hstruct sock *skh](j8)}(hj;h]hstruct}(hjwhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjwubjE)}(h h]h }(hj xhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjwubh)}(hhh]j\)}(hsockh]hsock}(hjxhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjxubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjxmodnameN classnameNjsjv)}jy]j|)}jojwsbc.security_sock_rcv_skbasbuh1hhjwubjE)}(h h]h }(hj;xhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjwubj)}(hjh]h*}(hjIxhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjwubj\)}(hskh]hsk}(hjVxhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjwubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjwubj})}(hstruct sk_buff *skbh](j8)}(hj;h]hstruct}(hjoxhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjkxubjE)}(h h]h }(hj|xhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjkxubh)}(hhh]j\)}(hsk_buffh]hsk_buff}(hjxhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjxubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjxmodnameN classnameNjsjv)}jy]j7xc.security_sock_rcv_skbasbuh1hhjkxubjE)}(h h]h }(hjxhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjkxubj)}(hjh]h*}(hjxhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjkxubj\)}(hskbh]hskb}(hjxhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjkxubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjwubeh}(h]h ]h"]h$]h&]jtjuuh1jvhjwhhhjwhMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjwhhhjwhMubah}(h]jwah ](jjeh"]h$]h&]jj)jhuh1j&hjwhMhjwhhubj)}(hhh]h)}(h.Check if an incoming network packet is allowedh]h.Check if an incoming network packet is allowed}(hjxhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjxhhubah}(h]h ]h"]h$]h&]uh1jhjwhhhjwhMubeh}(h]h ](jfunctioneh"]h$]h&]j jjjyjjyjjjuh1j!hhhhhNhNubj)}(hX**Parameters** ``struct sock *sk`` destination sock ``struct sk_buff *skb`` incoming packet **Description** Check permissions on incoming network packets. This hook is distinct from Netfilter's IP input hooks since it is the first time that the incoming sk_buff **skb** has been associated with a particular socket, **sk**. Must not sleep inside this hook because some callers hold spinlocks. **Return** Returns 0 if permission is granted.h](h)}(h**Parameters**h]j)}(hjyh]h Parameters}(hjyhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjyubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj yubj4)}(hhh](j9)}(h%``struct sock *sk`` destination sock h](j?)}(h``struct sock *sk``h]h)}(hj1yh]hstruct sock *sk}(hj3yhhhNhNubah}(h]h ]h"]h$]h&]uh1hhj/yubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj+yubjY)}(hhh]h)}(hdestination sockh]hdestination sock}(hjJyhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjFyhMhjGyubah}(h]h ]h"]h$]h&]uh1jXhj+yubeh}(h]h ]h"]h$]h&]uh1j8hjFyhMhj(yubj9)}(h(``struct sk_buff *skb`` incoming packet h](j?)}(h``struct sk_buff *skb``h]h)}(hjjyh]hstruct sk_buff *skb}(hjlyhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhyubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjdyubjY)}(hhh]h)}(hincoming packeth]hincoming packet}(hjyhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjyhMhjyubah}(h]h ]h"]h$]h&]uh1jXhjdyubeh}(h]h ]h"]h$]h&]uh1j8hjyhMhj(yubeh}(h]h ]h"]h$]h&]uh1j3hj yubh)}(h**Description**h]j)}(hjyh]h Description}(hjyhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjyubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj yubh)}(hXCheck permissions on incoming network packets. This hook is distinct from Netfilter's IP input hooks since it is the first time that the incoming sk_buff **skb** has been associated with a particular socket, **sk**. Must not sleep inside this hook because some callers hold spinlocks.h](hCheck permissions on incoming network packets. This hook is distinct from Netfilter’s IP input hooks since it is the first time that the incoming sk_buff }(hjyhhhNhNubj)}(h**skb**h]hskb}(hjyhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjyubh/ has been associated with a particular socket, }(hjyhhhNhNubj)}(h**sk**h]hsk}(hjyhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjyubhG. Must not sleep inside this hook because some callers hold spinlocks.}(hjyhhhNhNubeh}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj yubh)}(h **Return**h]j)}(hjyh]hReturn}(hjyhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjyubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj yubh)}(h#Returns 0 if permission is granted.h]h#Returns 0 if permission is granted.}(hjzhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj yubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j-security_socket_getpeersec_dgram (C function)"c.security_socket_getpeersec_dgramhNtauh1jhhhhhNhNubj")}(hhh](j')}(h[int security_socket_getpeersec_dgram (struct socket *sock, struct sk_buff *skb, u32 *secid)h]j-)}(hZint security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)h](j3)}(hinth]hint}(hj5zhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj1zhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hjDzhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj1zhhhjCzhMubjV)}(h security_socket_getpeersec_dgramh]j\)}(h security_socket_getpeersec_dgramh]h security_socket_getpeersec_dgram}(hjVzhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjRzubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhj1zhhhjCzhMubjw)}(h6(struct socket *sock, struct sk_buff *skb, u32 *secid)h](j})}(hstruct socket *sockh](j8)}(hj;h]hstruct}(hjrzhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjnzubjE)}(h h]h }(hjzhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjnzubh)}(hhh]j\)}(hsocketh]hsocket}(hjzhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjzubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjzmodnameN classnameNjsjv)}jy]j|)}jojXzsb"c.security_socket_getpeersec_dgramasbuh1hhjnzubjE)}(h h]h }(hjzhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjnzubj)}(hjh]h*}(hjzhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjnzubj\)}(hsockh]hsock}(hjzhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjnzubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjjzubj})}(hstruct sk_buff *skbh](j8)}(hj;h]hstruct}(hjzhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjzubjE)}(h h]h }(hjzhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjzubh)}(hhh]j\)}(hsk_buffh]hsk_buff}(hj{hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjzubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj{modnameN classnameNjsjv)}jy]jz"c.security_socket_getpeersec_dgramasbuh1hhjzubjE)}(h h]h }(hj {hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjzubj)}(hjh]h*}(hj.{hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjzubj\)}(hskbh]hskb}(hj;{hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjzubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjjzubj})}(h u32 *secidh](h)}(hhh]j\)}(hu32h]hu32}(hjW{hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjT{ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjY{modnameN classnameNjsjv)}jy]jz"c.security_socket_getpeersec_dgramasbuh1hhjP{ubjE)}(h h]h }(hju{hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjP{ubj)}(hjh]h*}(hj{hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjP{ubj\)}(hsecidh]hsecid}(hj{hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjP{ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjjzubeh}(h]h ]h"]h$]h&]jtjuuh1jvhj1zhhhjCzhMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhj-zhhhjCzhMubah}(h]j(zah ](jjeh"]h$]h&]jj)jhuh1j&hjCzhMhj*zhhubj)}(hhh]h)}(hGet the remote peer labelh]hGet the remote peer label}(hj{hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj{hhubah}(h]h ]h"]h$]h&]uh1jhj*zhhhjCzhMubeh}(h]h ](jfunctioneh"]h$]h&]j jjj{jj{jjjuh1j!hhhhhNhNubj)}(hX0**Parameters** ``struct socket *sock`` socket ``struct sk_buff *skb`` datagram packet ``u32 *secid`` remote peer label secid **Description** This hook allows the security module to provide peer socket security state for udp sockets on a per-packet basis to userspace via getsockopt SO_GETPEERSEC. The application must first have indicated the IP_PASSSEC option via getsockopt. It can then retrieve the security state returned by this hook for a packet via the SCM_SECURITY ancillary message type. **Return** Returns 0 on success, error on failure.h](h)}(h**Parameters**h]j)}(hj{h]h Parameters}(hj{hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj{ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj{ubj4)}(hhh](j9)}(h``struct socket *sock`` socket h](j?)}(h``struct socket *sock``h]h)}(hj{h]hstruct socket *sock}(hj{hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj{ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj{ubjY)}(hhh]h)}(hsocketh]hsocket}(hj|hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj|hMhj|ubah}(h]h ]h"]h$]h&]uh1jXhj{ubeh}(h]h ]h"]h$]h&]uh1j8hj|hMhj{ubj9)}(h(``struct sk_buff *skb`` datagram packet h](j?)}(h``struct sk_buff *skb``h]h)}(hj4|h]hstruct sk_buff *skb}(hj6|hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj2|ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj.|ubjY)}(hhh]h)}(hdatagram packeth]hdatagram packet}(hjM|hhhNhNubah}(h]h ]h"]h$]h&]uh1hhjI|hMhjJ|ubah}(h]h ]h"]h$]h&]uh1jXhj.|ubeh}(h]h ]h"]h$]h&]uh1j8hjI|hMhj{ubj9)}(h'``u32 *secid`` remote peer label secid h](j?)}(h``u32 *secid``h]h)}(hjm|h]h u32 *secid}(hjo|hhhNhNubah}(h]h ]h"]h$]h&]uh1hhjk|ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjg|ubjY)}(hhh]h)}(hremote peer label secidh]hremote peer label secid}(hj|hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj|hMhj|ubah}(h]h ]h"]h$]h&]uh1jXhjg|ubeh}(h]h ]h"]h$]h&]uh1j8hj|hMhj{ubeh}(h]h ]h"]h$]h&]uh1j3hj{ubh)}(h**Description**h]j)}(hj|h]h Description}(hj|hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj|ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj{ubh)}(hXcThis hook allows the security module to provide peer socket security state for udp sockets on a per-packet basis to userspace via getsockopt SO_GETPEERSEC. The application must first have indicated the IP_PASSSEC option via getsockopt. It can then retrieve the security state returned by this hook for a packet via the SCM_SECURITY ancillary message type.h]hXcThis hook allows the security module to provide peer socket security state for udp sockets on a per-packet basis to userspace via getsockopt SO_GETPEERSEC. The application must first have indicated the IP_PASSSEC option via getsockopt. It can then retrieve the security state returned by this hook for a packet via the SCM_SECURITY ancillary message type.}(hj|hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj{ubh)}(h **Return**h]j)}(hj|h]hReturn}(hj|hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj|ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj{ubh)}(h'Returns 0 on success, error on failure.h]h'Returns 0 on success, error on failure.}(hj|hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj{ubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](jsecurity_sk_clone (C function)c.security_sk_clonehNtauh1jhhhhhNhNubj")}(hhh](j')}(hBvoid security_sk_clone (const struct sock *sk, struct sock *newsk)h]j-)}(hAvoid security_sk_clone(const struct sock *sk, struct sock *newsk)h](j3)}(hvoidh]hvoid}(hj}hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj}hhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM-ubjE)}(h h]h }(hj#}hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj}hhhj"}hM-ubjV)}(hsecurity_sk_cloneh]j\)}(hsecurity_sk_cloneh]hsecurity_sk_clone}(hj5}hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj1}ubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhj}hhhj"}hM-ubjw)}(h+(const struct sock *sk, struct sock *newsk)h](j})}(hconst struct sock *skh](j8)}(hj h]hconst}(hjQ}hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjM}ubjE)}(h h]h }(hj^}hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjM}ubj8)}(hj;h]hstruct}(hjl}hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjM}ubjE)}(h h]h }(hjy}hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjM}ubh)}(hhh]j\)}(hsockh]hsock}(hj}hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj}ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj}modnameN classnameNjsjv)}jy]j|)}joj7}sbc.security_sk_cloneasbuh1hhjM}ubjE)}(h h]h }(hj}hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjM}ubj)}(hjh]h*}(hj}hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjM}ubj\)}(hskh]hsk}(hj}hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjM}ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjI}ubj})}(hstruct sock *newskh](j8)}(hj;h]hstruct}(hj}hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj}ubjE)}(h h]h }(hj}hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj}ubh)}(hhh]j\)}(hsockh]hsock}(hj}hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj}ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj}modnameN classnameNjsjv)}jy]j}c.security_sk_cloneasbuh1hhj}ubjE)}(h h]h }(hj~hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj}ubj)}(hjh]h*}(hj(~hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj}ubj\)}(hnewskh]hnewsk}(hj5~hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj}ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjI}ubeh}(h]h ]h"]h$]h&]jtjuuh1jvhj}hhhj"}hM-ubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhj }hhhj"}hM-ubah}(h]j}ah ](jjeh"]h$]h&]jj)jhuh1j&hj"}hM-hj }hhubj)}(hhh]h)}(hClone a sock's LSM stateh]hClone a sock’s LSM state}(hj_~hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM-hj\~hhubah}(h]h ]h"]h$]h&]uh1jhj }hhhj"}hM-ubeh}(h]h ](jfunctioneh"]h$]h&]j jjjw~jjw~jjjuh1j!hhhhhNhNubj)}(h**Parameters** ``const struct sock *sk`` original sock ``struct sock *newsk`` target sock **Description** Clone/copy security structure.h](h)}(h**Parameters**h]j)}(hj~h]h Parameters}(hj~hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj~ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM1hj{~ubj4)}(hhh](j9)}(h(``const struct sock *sk`` original sock h](j?)}(h``const struct sock *sk``h]h)}(hj~h]hconst struct sock *sk}(hj~hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj~ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM.hj~ubjY)}(hhh]h)}(h original sockh]h original sock}(hj~hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj~hM.hj~ubah}(h]h ]h"]h$]h&]uh1jXhj~ubeh}(h]h ]h"]h$]h&]uh1j8hj~hM.hj~ubj9)}(h#``struct sock *newsk`` target sock h](j?)}(h``struct sock *newsk``h]h)}(hj~h]hstruct sock *newsk}(hj~hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj~ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM/hj~ubjY)}(hhh]h)}(h target sockh]h target sock}(hj~hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj~hM/hj~ubah}(h]h ]h"]h$]h&]uh1jXhj~ubeh}(h]h ]h"]h$]h&]uh1j8hj~hM/hj~ubeh}(h]h ]h"]h$]h&]uh1j3hj{~ubh)}(h**Description**h]j)}(hjh]h Description}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM1hj{~ubh)}(hClone/copy security structure.h]hClone/copy security structure.}(hj*hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM0hj{~ubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j&security_sk_classify_flow (C function)c.security_sk_classify_flowhNtauh1jhhhhhNhNubj")}(hhh](j')}(hQvoid security_sk_classify_flow (const struct sock *sk, struct flowi_common *flic)h]j-)}(hPvoid security_sk_classify_flow(const struct sock *sk, struct flowi_common *flic)h](j3)}(hvoidh]hvoid}(hjYhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjUhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM:ubjE)}(h h]h }(hjhhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjUhhhjghM:ubjV)}(hsecurity_sk_classify_flowh]j\)}(hsecurity_sk_classify_flowh]hsecurity_sk_classify_flow}(hjzhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjvubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjUhhhjghM:ubjw)}(h2(const struct sock *sk, struct flowi_common *flic)h](j})}(hconst struct sock *skh](j8)}(hj h]hconst}(hjhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj8)}(hj;h]hstruct}(hjhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubh)}(hhh]j\)}(hsockh]hsock}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjmodnameN classnameNjsjv)}jy]j|)}joj|sbc.security_sk_classify_flowasbuh1hhjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjubj\)}(hskh]hsk}(hj hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubj})}(hstruct flowi_common *flich](j8)}(hj;h]hstruct}(hj#hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjubjE)}(h h]h }(hj0hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubh)}(hhh]j\)}(h flowi_commonh]h flowi_common}(hjAhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj>ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjCmodnameN classnameNjsjv)}jy]jc.security_sk_classify_flowasbuh1hhjubjE)}(h h]h }(hj_hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj)}(hjh]h*}(hjmhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjubj\)}(hflich]hflic}(hjzhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubeh}(h]h ]h"]h$]h&]jtjuuh1jvhjUhhhjghM:ubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjQhhhjghM:ubah}(h]jLah ](jjeh"]h$]h&]jj)jhuh1j&hjghM:hjNhhubj)}(hhh]h)}(h"Set a flow's secid based on socketh]h$Set a flow’s secid based on socket}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM:hjhhubah}(h]h ]h"]h$]h&]uh1jhjNhhhjghM:ubeh}(h]h ](jfunctioneh"]h$]h&]j jjjjjjjjuh1j!hhhhhNhNubj)}(h**Parameters** ``const struct sock *sk`` original socket ``struct flowi_common *flic`` target flow **Description** Set the target flow's secid to socket's secid.h](h)}(h**Parameters**h]j)}(hjƀh]h Parameters}(hjȀhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjĀubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM>hjubj4)}(hhh](j9)}(h*``const struct sock *sk`` original socket h](j?)}(h``const struct sock *sk``h]h)}(hjh]hconst struct sock *sk}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM;hj߀ubjY)}(hhh]h)}(horiginal socketh]horiginal socket}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhM;hjubah}(h]h ]h"]h$]h&]uh1jXhj߀ubeh}(h]h ]h"]h$]h&]uh1j8hjhM;hj܀ubj9)}(h*``struct flowi_common *flic`` target flow h](j?)}(h``struct flowi_common *flic``h]h)}(hjh]hstruct flowi_common *flic}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM<hjubjY)}(hhh]h)}(h target flowh]h target flow}(hj7hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj3hM<hj4ubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hj3hM<hj܀ubeh}(h]h ]h"]h$]h&]uh1j3hjubh)}(h**Description**h]j)}(hjYh]h Description}(hj[hhhNhNubah}(h]h ]h"]h$]h&]uh1jhjWubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM>hjubh)}(h.Set the target flow's secid to socket's secid.h]h2Set the target flow’s secid to socket’s secid.}(hjohhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM=hjubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j'security_req_classify_flow (C function)c.security_req_classify_flowhNtauh1jhhhhhNhNubj")}(hhh](j')}(h[void security_req_classify_flow (const struct request_sock *req, struct flowi_common *flic)h]j-)}(hZvoid security_req_classify_flow(const struct request_sock *req, struct flowi_common *flic)h](j3)}(hvoidh]hvoid}(hjhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMGubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjhhhjhMGubjV)}(hsecurity_req_classify_flowh]j\)}(hsecurity_req_classify_flowh]hsecurity_req_classify_flow}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjhhhjhMGubjw)}(h;(const struct request_sock *req, struct flowi_common *flic)h](j})}(hconst struct request_sock *reqh](j8)}(hj h]hconst}(hjہhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjׁubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjׁubj8)}(hj;h]hstruct}(hjhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjׁubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjׁubh)}(hhh]j\)}(h request_sockh]h request_sock}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjmodnameN classnameNjsjv)}jy]j|)}jojsbc.security_req_classify_flowasbuh1hhjׁubjE)}(h h]h }(hj4hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjׁubj)}(hjh]h*}(hjBhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjׁubj\)}(hreqh]hreq}(hjOhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjׁubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjӁubj})}(hstruct flowi_common *flich](j8)}(hj;h]hstruct}(hjhhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjdubjE)}(h h]h }(hjuhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjdubh)}(hhh]j\)}(h flowi_commonh]h flowi_common}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjmodnameN classnameNjsjv)}jy]j0c.security_req_classify_flowasbuh1hhjdubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjdubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjdubj\)}(hflich]hflic}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjdubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjӁubeh}(h]h ]h"]h$]h&]jtjuuh1jvhjhhhjhMGubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjhhhjhMGubah}(h]jah ](jjeh"]h$]h&]jj)jhuh1j&hjhMGhjhhubj)}(hhh]h)}(h(Set a flow's secid based on request_sockh]h*Set a flow’s secid based on request_sock}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMGhjhhubah}(h]h ]h"]h$]h&]uh1jhjhhhjhMGubeh}(h]h ](jfunctioneh"]h$]h&]j jjjjjjjjuh1j!hhhhhNhNubj)}(h**Parameters** ``const struct request_sock *req`` request_sock ``struct flowi_common *flic`` target flow **Description** Sets **flic**'s secid to **req**'s secid.h](h)}(h**Parameters**h]j)}(hj h]h Parameters}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMKhjubj4)}(hhh](j9)}(h0``const struct request_sock *req`` request_sock h](j?)}(h"``const struct request_sock *req``h]h)}(hj*h]hconst struct request_sock *req}(hj,hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj(ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMHhj$ubjY)}(hhh]h)}(h request_sockh]h request_sock}(hjChhhNhNubah}(h]h ]h"]h$]h&]uh1hhj?hMHhj@ubah}(h]h ]h"]h$]h&]uh1jXhj$ubeh}(h]h ]h"]h$]h&]uh1j8hj?hMHhj!ubj9)}(h*``struct flowi_common *flic`` target flow h](j?)}(h``struct flowi_common *flic``h]h)}(hjch]hstruct flowi_common *flic}(hjehhhNhNubah}(h]h ]h"]h$]h&]uh1hhjaubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMIhj]ubjY)}(hhh]h)}(h target flowh]h target flow}(hj|hhhNhNubah}(h]h ]h"]h$]h&]uh1hhjxhMIhjyubah}(h]h ]h"]h$]h&]uh1jXhj]ubeh}(h]h ]h"]h$]h&]uh1j8hjxhMIhj!ubeh}(h]h ]h"]h$]h&]uh1j3hjubh)}(h**Description**h]j)}(hjh]h Description}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMKhjubh)}(h)Sets **flic**'s secid to **req**'s secid.h](hSets }(hjhhhNhNubj)}(h**flic**h]hflic}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubh’s secid to }(hjhhhNhNubj)}(h**req**h]hreq}(hj΃hhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubh ’s secid.}(hjhhhNhNubeh}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMJhjubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j security_sock_graft (C function)c.security_sock_grafthNtauh1jhhhhhNhNubj")}(hhh](j')}(hAvoid security_sock_graft (struct sock *sk, struct socket *parent)h]j-)}(h@void security_sock_graft(struct sock *sk, struct socket *parent)h](j3)}(hvoidh]hvoid}(hjhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMUubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjhhhjhMUubjV)}(hsecurity_sock_grafth]j\)}(hsecurity_sock_grafth]hsecurity_sock_graft}(hj(hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj$ubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjhhhjhMUubjw)}(h((struct sock *sk, struct socket *parent)h](j})}(hstruct sock *skh](j8)}(hj;h]hstruct}(hjDhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj@ubjE)}(h h]h }(hjQhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj@ubh)}(hhh]j\)}(hsockh]hsock}(hjbhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj_ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjdmodnameN classnameNjsjv)}jy]j|)}joj*sbc.security_sock_graftasbuh1hhj@ubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj@ubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj@ubj\)}(hskh]hsk}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj@ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj<ubj})}(hstruct socket *parenth](j8)}(hj;h]hstruct}(hjhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjubjE)}(h h]h }(hjÄhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubh)}(hhh]j\)}(hsocketh]hsocket}(hjԄhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjфubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjքmodnameN classnameNjsjv)}jy]j~c.security_sock_graftasbuh1hhjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjubj\)}(hparenth]hparent}(hj hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj<ubeh}(h]h ]h"]h$]h&]jtjuuh1jvhjhhhjhMUubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjhhhjhMUubah}(h]jah ](jjeh"]h$]h&]jj)jhuh1j&hjhMUhjhhubj)}(hhh]h)}(h4Reconcile LSM state when grafting a sock on a socketh]h4Reconcile LSM state when grafting a sock on a socket}(hj7hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMUhj4hhubah}(h]h ]h"]h$]h&]uh1jhjhhhjhMUubeh}(h]h ](jfunctioneh"]h$]h&]j jjjOjjOjjjuh1j!hhhhhNhNubj)}(h**Parameters** ``struct sock *sk`` sock being grafted ``struct socket *parent`` target parent socket **Description** Sets **parent**'s inode secid to **sk**'s secid and update **sk** with any necessary LSM state from **parent**.h](h)}(h**Parameters**h]j)}(hjYh]h Parameters}(hj[hhhNhNubah}(h]h ]h"]h$]h&]uh1jhjWubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMYhjSubj4)}(hhh](j9)}(h'``struct sock *sk`` sock being grafted h](j?)}(h``struct sock *sk``h]h)}(hjxh]hstruct sock *sk}(hjzhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjvubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMVhjrubjY)}(hhh]h)}(hsock being graftedh]hsock being grafted}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhMVhjubah}(h]h ]h"]h$]h&]uh1jXhjrubeh}(h]h ]h"]h$]h&]uh1j8hjhMVhjoubj9)}(h/``struct socket *parent`` target parent socket h](j?)}(h``struct socket *parent``h]h)}(hjh]hstruct socket *parent}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMWhjubjY)}(hhh]h)}(htarget parent socketh]htarget parent socket}(hjʅhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjƅhMWhjDžubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hjƅhMWhjoubeh}(h]h ]h"]h$]h&]uh1j3hjSubh)}(h**Description**h]j)}(hjh]h Description}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMYhjSubh)}(hoSets **parent**'s inode secid to **sk**'s secid and update **sk** with any necessary LSM state from **parent**.h](hSets }(hjhhhNhNubj)}(h **parent**h]hparent}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubh’s inode secid to }(hjhhhNhNubj)}(h**sk**h]hsk}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubh’s secid and update }(hjhhhNhNubj)}(h**sk**h]hsk}(hj.hhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubh# with any necessary LSM state from }(hjhhhNhNubj)}(h **parent**h]hparent}(hj@hhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubh.}(hjhhhNhNubeh}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMXhjSubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j'security_inet_conn_request (C function)c.security_inet_conn_requesthNtauh1jhhhhhNhNubj")}(hhh](j')}(heint security_inet_conn_request (const struct sock *sk, struct sk_buff *skb, struct request_sock *req)h]j-)}(hdint security_inet_conn_request(const struct sock *sk, struct sk_buff *skb, struct request_sock *req)h](j3)}(hinth]hint}(hjyhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjuhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMcubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjuhhhjhMcubjV)}(hsecurity_inet_conn_requesth]j\)}(hsecurity_inet_conn_requesth]hsecurity_inet_conn_request}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjuhhhjhMcubjw)}(hF(const struct sock *sk, struct sk_buff *skb, struct request_sock *req)h](j})}(hconst struct sock *skh](j8)}(hj h]hconst}(hjhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjubjE)}(h h]h }(hjÆhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj8)}(hj;h]hstruct}(hjцhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjubjE)}(h h]h }(hjކhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubh)}(hhh]j\)}(hsockh]hsock}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjmodnameN classnameNjsjv)}jy]j|)}jojsbc.security_inet_conn_requestasbuh1hhjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjubj\)}(hskh]hsk}(hj*hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubj})}(hstruct sk_buff *skbh](j8)}(hj;h]hstruct}(hjChhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj?ubjE)}(h h]h }(hjPhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj?ubh)}(hhh]j\)}(hsk_buffh]hsk_buff}(hjahhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj^ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjcmodnameN classnameNjsjv)}jy]j c.security_inet_conn_requestasbuh1hhj?ubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj?ubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj?ubj\)}(hskbh]hskb}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj?ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubj})}(hstruct request_sock *reqh](j8)}(hj;h]hstruct}(hjhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubh)}(hhh]j\)}(h request_sockh]h request_sock}(hjчhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj·ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjӇmodnameN classnameNjsjv)}jy]j c.security_inet_conn_requestasbuh1hhjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjubj\)}(hreqh]hreq}(hj hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubeh}(h]h ]h"]h$]h&]jtjuuh1jvhjuhhhjhMcubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjqhhhjhMcubah}(h]jlah ](jjeh"]h$]h&]jj)jhuh1j&hjhMchjnhhubj)}(hhh]h)}(h-Set request_sock state using incoming connecth]h-Set request_sock state using incoming connect}(hj4hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMchj1hhubah}(h]h ]h"]h$]h&]uh1jhjnhhhjhMcubeh}(h]h ](jfunctioneh"]h$]h&]j jjjLjjLjjjuh1j!hhhhhNhNubj)}(hX:**Parameters** ``const struct sock *sk`` parent listening sock ``struct sk_buff *skb`` incoming connection ``struct request_sock *req`` new request_sock **Description** Initialize the **req** LSM state based on **sk** and the incoming connect in **skb**. **Return** Returns 0 if permission is granted.h](h)}(h**Parameters**h]j)}(hjVh]h Parameters}(hjXhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjTubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMghjPubj4)}(hhh](j9)}(h0``const struct sock *sk`` parent listening sock h](j?)}(h``const struct sock *sk``h]h)}(hjuh]hconst struct sock *sk}(hjwhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjsubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMdhjoubjY)}(hhh]h)}(hparent listening sockh]hparent listening sock}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhMdhjubah}(h]h ]h"]h$]h&]uh1jXhjoubeh}(h]h ]h"]h$]h&]uh1j8hjhMdhjlubj9)}(h,``struct sk_buff *skb`` incoming connection h](j?)}(h``struct sk_buff *skb``h]h)}(hjh]hstruct sk_buff *skb}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMehjubjY)}(hhh]h)}(hincoming connectionh]hincoming connection}(hjLjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjÈhMehjĈubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hjÈhMehjlubj9)}(h.``struct request_sock *req`` new request_sock h](j?)}(h``struct request_sock *req``h]h)}(hjh]hstruct request_sock *req}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMfhjubjY)}(hhh]h)}(hnew request_sockh]hnew request_sock}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhMfhjubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hjhMfhjlubeh}(h]h ]h"]h$]h&]uh1j3hjPubh)}(h**Description**h]j)}(hj"h]h Description}(hj$hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhhjPubh)}(hUInitialize the **req** LSM state based on **sk** and the incoming connect in **skb**.h](hInitialize the }(hj8hhhNhNubj)}(h**req**h]hreq}(hj@hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj8ubh LSM state based on }(hj8hhhNhNubj)}(h**sk**h]hsk}(hjRhhhNhNubah}(h]h ]h"]h$]h&]uh1jhj8ubh and the incoming connect in }(hj8hhhNhNubj)}(h**skb**h]hskb}(hjdhhhNhNubah}(h]h ]h"]h$]h&]uh1jhj8ubh.}(hj8hhhNhNubeh}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMghjPubh)}(h **Return**h]j)}(hjh]hReturn}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhj}ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMihjPubh)}(h#Returns 0 if permission is granted.h]h#Returns 0 if permission is granted.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMjhjPubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j+security_inet_conn_established (C function) c.security_inet_conn_establishedhNtauh1jhhhhhNhNubj")}(hhh](j')}(hJvoid security_inet_conn_established (struct sock *sk, struct sk_buff *skb)h]j-)}(hIvoid security_inet_conn_established(struct sock *sk, struct sk_buff *skb)h](j3)}(hvoidh]hvoid}(hjĉhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hjӉhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjhhhj҉hMubjV)}(hsecurity_inet_conn_establishedh]j\)}(hsecurity_inet_conn_establishedh]hsecurity_inet_conn_established}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjhhhj҉hMubjw)}(h&(struct sock *sk, struct sk_buff *skb)h](j})}(hstruct sock *skh](j8)}(hj;h]hstruct}(hjhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubh)}(hhh]j\)}(hsockh]hsock}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj!modnameN classnameNjsjv)}jy]j|)}jojsb c.security_inet_conn_establishedasbuh1hhjubjE)}(h h]h }(hj?hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj)}(hjh]h*}(hjMhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjubj\)}(hskh]hsk}(hjZhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubj})}(hstruct sk_buff *skbh](j8)}(hj;h]hstruct}(hjshhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjoubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjoubh)}(hhh]j\)}(hsk_buffh]hsk_buff}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjmodnameN classnameNjsjv)}jy]j; c.security_inet_conn_establishedasbuh1hhjoubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjoubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjoubj\)}(hskbh]hskb}(hjʊhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjoubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubeh}(h]h ]h"]h$]h&]jtjuuh1jvhjhhhj҉hMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjhhhj҉hMubah}(h]jah ](jjeh"]h$]h&]jj)jhuh1j&hj҉hMhjhhubj)}(hhh]h)}(h'Update sock's LSM state with connectionh]h)Update sock’s LSM state with connection}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjhhubah}(h]h ]h"]h$]h&]uh1jhjhhhj҉hMubeh}(h]h ](jfunctioneh"]h$]h&]j jjj jj jjjuh1j!hhhhhNhNubj)}(h**Parameters** ``struct sock *sk`` sock ``struct sk_buff *skb`` connection packet **Description** Update **sock**'s LSM state to represent a new connection from **skb**.h](h)}(h**Parameters**h]j)}(hjh]h Parameters}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubj4)}(hhh](j9)}(h``struct sock *sk`` sock h](j?)}(h``struct sock *sk``h]h)}(hj5h]hstruct sock *sk}(hj7hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj3ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj/ubjY)}(hhh]h)}(hsockh]hsock}(hjNhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjJhMhjKubah}(h]h ]h"]h$]h&]uh1jXhj/ubeh}(h]h ]h"]h$]h&]uh1j8hjJhMhj,ubj9)}(h*``struct sk_buff *skb`` connection packet h](j?)}(h``struct sk_buff *skb``h]h)}(hjnh]hstruct sk_buff *skb}(hjphhhNhNubah}(h]h ]h"]h$]h&]uh1hhjlubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjhubjY)}(hhh]h)}(hconnection packeth]hconnection packet}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhMhjubah}(h]h ]h"]h$]h&]uh1jXhjhubeh}(h]h ]h"]h$]h&]uh1j8hjhMhj,ubeh}(h]h ]h"]h$]h&]uh1j3hjubh)}(h**Description**h]j)}(hjh]h Description}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(hGUpdate **sock**'s LSM state to represent a new connection from **skb**.h](hUpdate }(hjhhhNhNubj)}(h**sock**h]hsock}(hjNjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubh2’s LSM state to represent a new connection from }(hjhhhNhNubj)}(h**skb**h]hskb}(hjًhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubh.}(hjhhhNhNubeh}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j,security_secmark_relabel_packet (C function)!c.security_secmark_relabel_packethNtauh1jhhhhhNhNubj")}(hhh](j')}(h/int security_secmark_relabel_packet (u32 secid)h]j-)}(h.int security_secmark_relabel_packet(u32 secid)h](j3)}(hinth]hint}(hjhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hj!hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjhhhj hMubjV)}(hsecurity_secmark_relabel_packeth]j\)}(hsecurity_secmark_relabel_packeth]hsecurity_secmark_relabel_packet}(hj3hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj/ubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjhhhj hMubjw)}(h (u32 secid)h]j})}(h u32 secidh](h)}(hhh]j\)}(hu32h]hu32}(hjRhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjOubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjTmodnameN classnameNjsjv)}jy]j|)}joj5sb!c.security_secmark_relabel_packetasbuh1hhjKubjE)}(h h]h }(hjrhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjKubj\)}(hsecidh]hsecid}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjKubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjGubah}(h]h ]h"]h$]h&]jtjuuh1jvhjhhhj hMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhj hhhj hMubah}(h]jah ](jjeh"]h$]h&]jj)jhuh1j&hj hMhjhhubj)}(hhh]h)}(h%Check if setting a secmark is allowedh]h%Check if setting a secmark is allowed}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjhhubah}(h]h ]h"]h$]h&]uh1jhjhhhj hMubeh}(h]h ](jfunctioneh"]h$]h&]j jjjŒjjŒjjjuh1j!hhhhhNhNubj)}(h**Parameters** ``u32 secid`` new secmark value **Description** Check if the process should be allowed to relabel packets to **secid**. **Return** Returns 0 if permission is granted.h](h)}(h**Parameters**h]j)}(hǰh]h Parameters}(hjΌhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjʌubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjƌubj4)}(hhh]j9)}(h ``u32 secid`` new secmark value h](j?)}(h ``u32 secid``h]h)}(hjh]h u32 secid}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubjY)}(hhh]h)}(hnew secmark valueh]hnew secmark value}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhMhjubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hjhMhjubah}(h]h ]h"]h$]h&]uh1j3hjƌubh)}(h**Description**h]j)}(hj&h]h Description}(hj(hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj$ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjƌubh)}(hGCheck if the process should be allowed to relabel packets to **secid**.h](h=Check if the process should be allowed to relabel packets to }(hj<hhhNhNubj)}(h **secid**h]hsecid}(hjDhhhNhNubah}(h]h ]h"]h$]h&]uh1jhj<ubh.}(hj<hhhNhNubeh}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjƌubh)}(h **Return**h]j)}(hj_h]hReturn}(hjahhhNhNubah}(h]h ]h"]h$]h&]uh1jhj]ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjƌubh)}(h#Returns 0 if permission is granted.h]h#Returns 0 if permission is granted.}(hjuhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjƌubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j*security_secmark_refcount_inc (C function)c.security_secmark_refcount_inchNtauh1jhhhhhNhNubj")}(hhh](j')}(h)void security_secmark_refcount_inc (void)h]j-)}(h(void security_secmark_refcount_inc(void)h](j3)}(hvoidh]hvoid}(hjhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjhhhjhMubjV)}(hsecurity_secmark_refcount_inch]j\)}(hsecurity_secmark_refcount_inch]hsecurity_secmark_refcount_inc}(hjōhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjhhhjhMubjw)}(h(void)h]j})}(hvoidh]j3)}(hvoidh]hvoid}(hjhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjݍubah}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjٍubah}(h]h ]h"]h$]h&]jtjuuh1jvhjhhhjhMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjhhhjhMubah}(h]jah ](jjeh"]h$]h&]jj)jhuh1j&hjhMhjhhubj)}(hhh]h)}(h)Increment the secmark labeling rule counth]h)Increment the secmark labeling rule count}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjhhubah}(h]h ]h"]h$]h&]uh1jhjhhhjhMubeh}(h]h ](jfunctioneh"]h$]h&]j jjj#jj#jjjuh1j!hhhhhNhNubj)}(h**Parameters** ``void`` no arguments **Description** Tells the LSM to increment the number of secmark labeling rules loaded.h](h)}(h**Parameters**h]j)}(hj-h]h Parameters}(hj/hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj+ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj'ubj4)}(hhh]j9)}(h``void`` no arguments h](j?)}(h``void``h]h)}(hjLh]hvoid}(hjNhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjJubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chKhjFubjY)}(hhh]h)}(h no argumentsh]h no arguments}(hjehhhNhNubah}(h]h ]h"]h$]h&]uh1hhjahKhjbubah}(h]h ]h"]h$]h&]uh1jXhjFubeh}(h]h ]h"]h$]h&]uh1j8hjahKhjCubah}(h]h ]h"]h$]h&]uh1j3hj'ubh)}(h**Description**h]j)}(hjh]h Description}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chKhj'ubh)}(hGTells the LSM to increment the number of secmark labeling rules loaded.h]hGTells the LSM to increment the number of secmark labeling rules loaded.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj'ubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j*security_secmark_refcount_dec (C function)c.security_secmark_refcount_dechNtauh1jhhhhhNhNubj")}(hhh](j')}(h)void security_secmark_refcount_dec (void)h]j-)}(h(void security_secmark_refcount_dec(void)h](j3)}(hvoidh]hvoid}(hj̎hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjȎhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hjێhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjȎhhhjڎhMubjV)}(hsecurity_secmark_refcount_dech]j\)}(hsecurity_secmark_refcount_dech]hsecurity_secmark_refcount_dec}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjȎhhhjڎhMubjw)}(h(void)h]j})}(hvoidh]j3)}(hvoidh]hvoid}(hj hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjubah}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubah}(h]h ]h"]h$]h&]jtjuuh1jvhjȎhhhjڎhMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjĎhhhjڎhMubah}(h]jah ](jjeh"]h$]h&]jj)jhuh1j&hjڎhMhjhhubj)}(hhh]h)}(h)Decrement the secmark labeling rule counth]h)Decrement the secmark labeling rule count}(hj3hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj0hhubah}(h]h ]h"]h$]h&]uh1jhjhhhjڎhMubeh}(h]h ](jfunctioneh"]h$]h&]j jjjKjjKjjjuh1j!hhhhhNhNubj)}(h**Parameters** ``void`` no arguments **Description** Tells the LSM to decrement the number of secmark labeling rules loaded.h](h)}(h**Parameters**h]j)}(hjUh]h Parameters}(hjWhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjSubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjOubj4)}(hhh]j9)}(h``void`` no arguments h](j?)}(h``void``h]h)}(hjth]hvoid}(hjvhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjrubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chKhjnubjY)}(hhh]h)}(h no argumentsh]h no arguments}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhKhjubah}(h]h ]h"]h$]h&]uh1jXhjnubeh}(h]h ]h"]h$]h&]uh1j8hjhKhjkubah}(h]h ]h"]h$]h&]uh1j3hjOubh)}(h**Description**h]j)}(hjh]h Description}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chKhjOubh)}(hGTells the LSM to decrement the number of secmark labeling rules loaded.h]hGTells the LSM to decrement the number of secmark labeling rules loaded.}(hjŏhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjOubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j,security_tun_dev_alloc_security (C function)!c.security_tun_dev_alloc_securityhNtauh1jhhhhhNhNubj")}(hhh](j')}(h5int security_tun_dev_alloc_security (void **security)h]j-)}(h4int security_tun_dev_alloc_security(void **security)h](j3)}(hinth]hint}(hjhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjhhhjhMubjV)}(hsecurity_tun_dev_alloc_securityh]j\)}(hsecurity_tun_dev_alloc_securityh]hsecurity_tun_dev_alloc_security}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjhhhjhMubjw)}(h(void **security)h]j})}(hvoid **securityh](j3)}(hvoidh]hvoid}(hj1hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj-ubjE)}(h h]h }(hj?hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj-ubj)}(hjh]h*}(hjMhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj-ubj)}(hjh]h*}(hjZhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj-ubj\)}(hsecurityh]hsecurity}(hjghhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj-ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj)ubah}(h]h ]h"]h$]h&]jtjuuh1jvhjhhhjhMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjhhhjhMubah}(h]jah ](jjeh"]h$]h&]jj)jhuh1j&hjhMhjhhubj)}(hhh]h)}(h$Allocate a LSM blob for a TUN deviceh]h$Allocate a LSM blob for a TUN device}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjhhubah}(h]h ]h"]h$]h&]uh1jhjhhhjhMubeh}(h]h ](jfunctioneh"]h$]h&]j jjjjjjjjuh1j!hhhhhNhNubj)}(hX**Parameters** ``void **security`` pointer to the LSM blob **Description** This hook allows a module to allocate a security structure for a TUN device, returning the pointer in **security**. **Return** Returns a zero on success, negative values on failure.h](h)}(h**Parameters**h]j)}(hjh]h Parameters}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubj4)}(hhh]j9)}(h,``void **security`` pointer to the LSM blob h](j?)}(h``void **security``h]h)}(hjҐh]hvoid **security}(hjԐhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjАubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj̐ubjY)}(hhh]h)}(hpointer to the LSM blobh]hpointer to the LSM blob}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhMhjubah}(h]h ]h"]h$]h&]uh1jXhj̐ubeh}(h]h ]h"]h$]h&]uh1j8hjhMhjɐubah}(h]h ]h"]h$]h&]uh1j3hjubh)}(h**Description**h]j)}(hj h]h Description}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhj ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(hsThis hook allows a module to allocate a security structure for a TUN device, returning the pointer in **security**.h](hfThis hook allows a module to allocate a security structure for a TUN device, returning the pointer in }(hj#hhhNhNubj)}(h **security**h]hsecurity}(hj+hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj#ubh.}(hj#hhhNhNubeh}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(h **Return**h]j)}(hjFh]hReturn}(hjHhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjDubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(h6Returns a zero on success, negative values on failure.h]h6Returns a zero on success, negative values on failure.}(hj\hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j+security_tun_dev_free_security (C function) c.security_tun_dev_free_securityhNtauh1jhhhhhNhNubj")}(hhh](j')}(h4void security_tun_dev_free_security (void *security)h]j-)}(h3void security_tun_dev_free_security(void *security)h](j3)}(hvoidh]hvoid}(hjhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjhhhjhMubjV)}(hsecurity_tun_dev_free_securityh]j\)}(hsecurity_tun_dev_free_securityh]hsecurity_tun_dev_free_security}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjhhhjhMubjw)}(h(void *security)h]j})}(hvoid *securityh](j3)}(hvoidh]hvoid}(hjȑhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjđubjE)}(h h]h }(hj֑hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjđubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjđubj\)}(hsecurityh]hsecurity}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjđubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubah}(h]h ]h"]h$]h&]jtjuuh1jvhjhhhjhMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjhhhjhMubah}(h]j~ah ](jjeh"]h$]h&]jj)jhuh1j&hjhMhjhhubj)}(hhh]h)}(hFree a TUN device LSM blobh]hFree a TUN device LSM blob}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjhhubah}(h]h ]h"]h$]h&]uh1jhjhhhjhMubeh}(h]h ](jfunctioneh"]h$]h&]j jjj3jj3jjjuh1j!hhhhhNhNubj)}(h**Parameters** ``void *security`` LSM blob **Description** This hook allows a module to free the security structure for a TUN device.h](h)}(h**Parameters**h]j)}(hj=h]h Parameters}(hj?hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj;ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj7ubj4)}(hhh]j9)}(h``void *security`` LSM blob h](j?)}(h``void *security``h]h)}(hj\h]hvoid *security}(hj^hhhNhNubah}(h]h ]h"]h$]h&]uh1hhjZubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjVubjY)}(hhh]h)}(hLSM blobh]hLSM blob}(hjuhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjqhMhjrubah}(h]h ]h"]h$]h&]uh1jXhjVubeh}(h]h ]h"]h$]h&]uh1j8hjqhMhjSubah}(h]h ]h"]h$]h&]uh1j3hj7ubh)}(h**Description**h]j)}(hjh]h Description}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj7ubh)}(hJThis hook allows a module to free the security structure for a TUN device.h]hJThis hook allows a module to free the security structure for a TUN device.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj7ubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j$security_tun_dev_create (C function)c.security_tun_dev_createhNtauh1jhhhhhNhNubj")}(hhh](j')}(h"int security_tun_dev_create (void)h]j-)}(h!int security_tun_dev_create(void)h](j3)}(hinth]hint}(hjܒhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjؒhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjؒhhhjhMubjV)}(hsecurity_tun_dev_createh]j\)}(hsecurity_tun_dev_createh]hsecurity_tun_dev_create}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjؒhhhjhMubjw)}(h(void)h]j})}(hvoidh]j3)}(hvoidh]hvoid}(hjhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjubah}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubah}(h]h ]h"]h$]h&]jtjuuh1jvhjؒhhhjhMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjԒhhhjhMubah}(h]jϒah ](jjeh"]h$]h&]jj)jhuh1j&hjhMhjђhhubj)}(hhh]h)}(h)Check if creating a TUN device is allowedh]h)Check if creating a TUN device is allowed}(hjChhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj@hhubah}(h]h ]h"]h$]h&]uh1jhjђhhhjhMubeh}(h]h ](jfunctioneh"]h$]h&]j jjj[jj[jjjuh1j!hhhhhNhNubj)}(h**Parameters** ``void`` no arguments **Description** Check permissions prior to creating a new TUN device. **Return** Returns 0 if permission is granted.h](h)}(h**Parameters**h]j)}(hjeh]h Parameters}(hjghhhNhNubah}(h]h ]h"]h$]h&]uh1jhjcubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj_ubj4)}(hhh]j9)}(h``void`` no arguments h](j?)}(h``void``h]h)}(hjh]hvoid}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chKhj~ubjY)}(hhh]h)}(h no argumentsh]h no arguments}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhKhjubah}(h]h ]h"]h$]h&]uh1jXhj~ubeh}(h]h ]h"]h$]h&]uh1j8hjhKhj{ubah}(h]h ]h"]h$]h&]uh1j3hj_ubh)}(h**Description**h]j)}(hjh]h Description}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chKhj_ubh)}(h5Check permissions prior to creating a new TUN device.h]h5Check permissions prior to creating a new TUN device.}(hjՓhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj_ubh)}(h **Return**h]j)}(hjh]hReturn}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj_ubh)}(h#Returns 0 if permission is granted.h]h#Returns 0 if permission is granted.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj_ubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j*security_tun_dev_attach_queue (C function)c.security_tun_dev_attach_queuehNtauh1jhhhhhNhNubj")}(hhh](j')}(h2int security_tun_dev_attach_queue (void *security)h]j-)}(h1int security_tun_dev_attach_queue(void *security)h](j3)}(hinth]hint}(hj+hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj'hhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hj:hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj'hhhj9hMubjV)}(hsecurity_tun_dev_attach_queueh]j\)}(hsecurity_tun_dev_attach_queueh]hsecurity_tun_dev_attach_queue}(hjLhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjHubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhj'hhhj9hMubjw)}(h(void *security)h]j})}(hvoid *securityh](j3)}(hvoidh]hvoid}(hjhhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjdubjE)}(h h]h }(hjvhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjdubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjdubj\)}(hsecurityh]hsecurity}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjdubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj`ubah}(h]h ]h"]h$]h&]jtjuuh1jvhj'hhhj9hMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhj#hhhj9hMubah}(h]jah ](jjeh"]h$]h&]jj)jhuh1j&hj9hMhj hhubj)}(hhh]h)}(h)Check if attaching a TUN queue is allowedh]h)Check if attaching a TUN queue is allowed}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjhhubah}(h]h ]h"]h$]h&]uh1jhj hhhj9hMubeh}(h]h ](jfunctioneh"]h$]h&]j jjjӔjjӔjjjuh1j!hhhhhNhNubj)}(h**Parameters** ``void *security`` TUN device LSM blob **Description** Check permissions prior to attaching to a TUN device queue. **Return** Returns 0 if permission is granted.h](h)}(h**Parameters**h]j)}(hjݔh]h Parameters}(hjߔhhhNhNubah}(h]h ]h"]h$]h&]uh1jhj۔ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjהubj4)}(hhh]j9)}(h'``void *security`` TUN device LSM blob h](j?)}(h``void *security``h]h)}(hjh]hvoid *security}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubjY)}(hhh]h)}(hTUN device LSM blobh]hTUN device LSM blob}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhMhjubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hjhMhjubah}(h]h ]h"]h$]h&]uh1j3hjהubh)}(h**Description**h]j)}(hj7h]h Description}(hj9hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj5ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjהubh)}(h;Check permissions prior to attaching to a TUN device queue.h]h;Check permissions prior to attaching to a TUN device queue.}(hjMhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjהubh)}(h **Return**h]j)}(hj^h]hReturn}(hj`hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj\ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjהubh)}(h#Returns 0 if permission is granted.h]h#Returns 0 if permission is granted.}(hjthhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjהubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j$security_tun_dev_attach (C function)c.security_tun_dev_attachhNtauh1jhhhhhNhNubj")}(hhh](j')}(h=int security_tun_dev_attach (struct sock *sk, void *security)h]j-)}(hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubjY)}(hhh]h)}(hassociated sockh]hassociated sock}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhMhjubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hjhMhjݖubj9)}(h'``void *security`` TUN device LSM blob h](j?)}(h``void *security``h]h)}(hjh]hvoid *security}(hj!hhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubjY)}(hhh]h)}(hTUN device LSM blobh]hTUN device LSM blob}(hj8hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj4hMhj5ubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hj4hMhjݖubeh}(h]h ]h"]h$]h&]uh1j3hjubh)}(h**Description**h]j)}(hjZh]h Description}(hj\hhhNhNubah}(h]h ]h"]h$]h&]uh1jhjXubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(hqThis hook can be used by the module to update any security state associated with the TUN device's sock structure.h]hsThis hook can be used by the module to update any security state associated with the TUN device’s sock structure.}(hjphhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(h **Return**h]j)}(hjh]hReturn}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(h#Returns 0 if permission is granted.h]h#Returns 0 if permission is granted.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j"security_tun_dev_open (C function)c.security_tun_dev_openhNtauh1jhhhhhNhNubj")}(hhh](j')}(h*int security_tun_dev_open (void *security)h]j-)}(h)int security_tun_dev_open(void *security)h](j3)}(hinth]hint}(hjƗhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj—hhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hj՗hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj—hhhjԗhMubjV)}(hsecurity_tun_dev_openh]j\)}(hsecurity_tun_dev_openh]hsecurity_tun_dev_open}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhj—hhhjԗhMubjw)}(h(void *security)h]j})}(hvoid *securityh](j3)}(hvoidh]hvoid}(hjhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjubj\)}(hsecurityh]hsecurity}(hj,hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubah}(h]h ]h"]h$]h&]jtjuuh1jvhj—hhhjԗhMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjhhhjԗhMubah}(h]jah ](jjeh"]h$]h&]jj)jhuh1j&hjԗhMhjhhubj)}(hhh]h)}(h#Update TUN device LSM state on openh]h#Update TUN device LSM state on open}(hjVhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjShhubah}(h]h ]h"]h$]h&]uh1jhjhhhjԗhMubeh}(h]h ](jfunctioneh"]h$]h&]j jjjnjjnjjjuh1j!hhhhhNhNubj)}(h**Parameters** ``void *security`` TUN device LSM blob **Description** This hook can be used by the module to update any security state associated with the TUN device's security structure. **Return** Returns 0 if permission is granted.h](h)}(h**Parameters**h]j)}(hjxh]h Parameters}(hjzhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjvubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjrubj4)}(hhh]j9)}(h'``void *security`` TUN device LSM blob h](j?)}(h``void *security``h]h)}(hjh]hvoid *security}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubjY)}(hhh]h)}(hTUN device LSM blobh]hTUN device LSM blob}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhMhjubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hjhMhjubah}(h]h ]h"]h$]h&]uh1j3hjrubh)}(h**Description**h]j)}(hjҘh]h Description}(hjԘhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjИubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjrubh)}(huThis hook can be used by the module to update any security state associated with the TUN device's security structure.h]hwThis hook can be used by the module to update any security state associated with the TUN device’s security structure.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjrubh)}(h **Return**h]j)}(hjh]hReturn}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjrubh)}(h#Returns 0 if permission is granted.h]h#Returns 0 if permission is granted.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM hjrubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j(security_sctp_assoc_request (C function)c.security_sctp_assoc_requesthNtauh1jhhhhhNhNubj")}(hhh](j')}(hTint security_sctp_assoc_request (struct sctp_association *asoc, struct sk_buff *skb)h]j-)}(hSint security_sctp_assoc_request(struct sctp_association *asoc, struct sk_buff *skb)h](j3)}(hinth]hint}(hj>hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj:hhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hjMhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj:hhhjLhMubjV)}(hsecurity_sctp_assoc_requesth]j\)}(hsecurity_sctp_assoc_requesth]hsecurity_sctp_assoc_request}(hj_hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj[ubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhj:hhhjLhMubjw)}(h4(struct sctp_association *asoc, struct sk_buff *skb)h](j})}(hstruct sctp_association *asoch](j8)}(hj;h]hstruct}(hj{hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjwubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjwubh)}(hhh]j\)}(hsctp_associationh]hsctp_association}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjmodnameN classnameNjsjv)}jy]j|)}jojasbc.security_sctp_assoc_requestasbuh1hhjwubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjwubj)}(hjh]h*}(hjǙhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjwubj\)}(hasoch]hasoc}(hjԙhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjwubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjsubj})}(hstruct sk_buff *skbh](j8)}(hj;h]hstruct}(hjhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubh)}(hhh]j\)}(hsk_buffh]hsk_buff}(hj hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj modnameN classnameNjsjv)}jy]jc.security_sctp_assoc_requestasbuh1hhjubjE)}(h h]h }(hj)hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj)}(hjh]h*}(hj7hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjubj\)}(hskbh]hskb}(hjDhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjsubeh}(h]h ]h"]h$]h&]jtjuuh1jvhj:hhhjLhMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhj6hhhjLhMubah}(h]j1ah ](jjeh"]h$]h&]jj)jhuh1j&hjLhMhj3hhubj)}(hhh]h)}(h(Update the LSM on a SCTP association reqh]h(Update the LSM on a SCTP association req}(hjnhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjkhhubah}(h]h ]h"]h$]h&]uh1jhj3hhhjLhMubeh}(h]h ](jfunctioneh"]h$]h&]j jjjjjjjjuh1j!hhhhhNhNubj)}(hX**Parameters** ``struct sctp_association *asoc`` SCTP association ``struct sk_buff *skb`` packet requesting the association **Description** Passes the **asoc** and **chunk->skb** of the association INIT packet to the LSM. **Return** Returns 0 on success, error on failure.h](h)}(h**Parameters**h]j)}(hjh]h Parameters}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubj4)}(hhh](j9)}(h3``struct sctp_association *asoc`` SCTP association h](j?)}(h!``struct sctp_association *asoc``h]h)}(hjh]hstruct sctp_association *asoc}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubjY)}(hhh]h)}(hSCTP associationh]hSCTP association}(hjȚhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjĚhMhjŚubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hjĚhMhjubj9)}(h:``struct sk_buff *skb`` packet requesting the association h](j?)}(h``struct sk_buff *skb``h]h)}(hjh]hstruct sk_buff *skb}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubjY)}(hhh]h)}(h!packet requesting the associationh]h!packet requesting the association}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhMhjubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hjhMhjubeh}(h]h ]h"]h$]h&]uh1j3hjubh)}(h**Description**h]j)}(hj#h]h Description}(hj%hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj!ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(hQPasses the **asoc** and **chunk->skb** of the association INIT packet to the LSM.h](h Passes the }(hj9hhhNhNubj)}(h**asoc**h]hasoc}(hjAhhhNhNubah}(h]h ]h"]h$]h&]uh1jhj9ubh and }(hj9hhhNhNubj)}(h**chunk->skb**h]h chunk->skb}(hjShhhNhNubah}(h]h ]h"]h$]h&]uh1jhj9ubh+ of the association INIT packet to the LSM.}(hj9hhhNhNubeh}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(h **Return**h]j)}(hjnh]hReturn}(hjphhhNhNubah}(h]h ]h"]h$]h&]uh1jhjlubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(h'Returns 0 on success, error on failure.h]h'Returns 0 on success, error on failure.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j'security_sctp_bind_connect (C function)c.security_sctp_bind_connecthNtauh1jhhhhhNhNubj")}(hhh](j')}(hdint security_sctp_bind_connect (struct sock *sk, int optname, struct sockaddr *address, int addrlen)h]j-)}(hcint security_sctp_bind_connect(struct sock *sk, int optname, struct sockaddr *address, int addrlen)h](j3)}(hinth]hint}(hjhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM#ubjE)}(h h]h }(hj›hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjhhhjhM#ubjV)}(hsecurity_sctp_bind_connecth]j\)}(hsecurity_sctp_bind_connecth]hsecurity_sctp_bind_connect}(hjԛhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjЛubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjhhhjhM#ubjw)}(hE(struct sock *sk, int optname, struct sockaddr *address, int addrlen)h](j})}(hstruct sock *skh](j8)}(hj;h]hstruct}(hjhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubh)}(hhh]j\)}(hsockh]hsock}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjmodnameN classnameNjsjv)}jy]j|)}joj֛sbc.security_sctp_bind_connectasbuh1hhjubjE)}(h h]h }(hj.hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj)}(hjh]h*}(hj<hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjubj\)}(hskh]hsk}(hjIhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubj})}(h int optnameh](j3)}(hinth]hint}(hjbhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj^ubjE)}(h h]h }(hjphhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj^ubj\)}(hoptnameh]hoptname}(hj~hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj^ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubj})}(hstruct sockaddr *addressh](j8)}(hj;h]hstruct}(hjhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubh)}(hhh]j\)}(hsockaddrh]hsockaddr}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjmodnameN classnameNjsjv)}jy]j*c.security_sctp_bind_connectasbuh1hhjubjE)}(h h]h }(hjӜhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjubj\)}(haddressh]haddress}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubj})}(h int addrlenh](j3)}(hinth]hint}(hjhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj\)}(haddrlenh]haddrlen}(hj#hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubeh}(h]h ]h"]h$]h&]jtjuuh1jvhjhhhjhM#ubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjhhhjhM#ubah}(h]jah ](jjeh"]h$]h&]jj)jhuh1j&hjhM#hjhhubj)}(hhh]h)}(h*Validate a list of addrs for a SCTP optionh]h*Validate a list of addrs for a SCTP option}(hjMhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM#hjJhhubah}(h]h ]h"]h$]h&]uh1jhjhhhjhM#ubeh}(h]h ](jfunctioneh"]h$]h&]j jjjejjejjjuh1j!hhhhhNhNubj)}(hX4**Parameters** ``struct sock *sk`` socket ``int optname`` SCTP option to validate ``struct sockaddr *address`` list of IP addresses to validate ``int addrlen`` length of the address list **Description** Validiate permissions required for each address associated with sock **sk**. Depending on **optname**, the addresses will be treated as either a connect or bind service. The **addrlen** is calculated on each IPv4 and IPv6 address using sizeof(struct sockaddr_in) or sizeof(struct sockaddr_in6). **Return** Returns 0 on success, error on failure.h](h)}(h**Parameters**h]j)}(hjoh]h Parameters}(hjqhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjmubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM'hjiubj4)}(hhh](j9)}(h``struct sock *sk`` socket h](j?)}(h``struct sock *sk``h]h)}(hjh]hstruct sock *sk}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM$hjubjY)}(hhh]h)}(hsocketh]hsocket}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhM$hjubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hjhM$hjubj9)}(h(``int optname`` SCTP option to validate h](j?)}(h``int optname``h]h)}(hjǝh]h int optname}(hjɝhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjŝubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM%hjubjY)}(hhh]h)}(hSCTP option to validateh]hSCTP option to validate}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjܝhM%hjݝubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hjܝhM%hjubj9)}(h>``struct sockaddr *address`` list of IP addresses to validate h](j?)}(h``struct sockaddr *address``h]h)}(hjh]hstruct sockaddr *address}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM&hjubjY)}(hhh]h)}(h list of IP addresses to validateh]h list of IP addresses to validate}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhM&hjubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hjhM&hjubj9)}(h+``int addrlen`` length of the address list h](j?)}(h``int addrlen``h]h)}(hj9h]h int addrlen}(hj;hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj7ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM'hj3ubjY)}(hhh]h)}(hlength of the address listh]hlength of the address list}(hjRhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjNhM'hjOubah}(h]h ]h"]h$]h&]uh1jXhj3ubeh}(h]h ]h"]h$]h&]uh1j8hjNhM'hjubeh}(h]h ]h"]h$]h&]uh1j3hjiubh)}(h**Description**h]j)}(hjth]h Description}(hjvhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjrubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM)hjiubh)}(hX&Validiate permissions required for each address associated with sock **sk**. Depending on **optname**, the addresses will be treated as either a connect or bind service. The **addrlen** is calculated on each IPv4 and IPv6 address using sizeof(struct sockaddr_in) or sizeof(struct sockaddr_in6).h](hEValidiate permissions required for each address associated with sock }(hjhhhNhNubj)}(h**sk**h]hsk}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubh. Depending on }(hjhhhNhNubj)}(h **optname**h]hoptname}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubhI, the addresses will be treated as either a connect or bind service. The }(hjhhhNhNubj)}(h **addrlen**h]haddrlen}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubhm is calculated on each IPv4 and IPv6 address using sizeof(struct sockaddr_in) or sizeof(struct sockaddr_in6).}(hjhhhNhNubeh}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM(hjiubh)}(h **Return**h]j)}(hjўh]hReturn}(hjӞhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjϞubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM-hjiubh)}(h'Returns 0 on success, error on failure.h]h'Returns 0 on success, error on failure.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM.hjiubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j#security_sctp_sk_clone (C function)c.security_sctp_sk_clonehNtauh1jhhhhhNhNubj")}(hhh](j')}(h`void security_sctp_sk_clone (struct sctp_association *asoc, struct sock *sk, struct sock *newsk)h]j-)}(h_void security_sctp_sk_clone(struct sctp_association *asoc, struct sock *sk, struct sock *newsk)h](j3)}(hvoidh]hvoid}(hjhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM8ubjE)}(h h]h }(hj%hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjhhhj$hM8ubjV)}(hsecurity_sctp_sk_cloneh]j\)}(hsecurity_sctp_sk_cloneh]hsecurity_sctp_sk_clone}(hj7hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj3ubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjhhhj$hM8ubjw)}(hD(struct sctp_association *asoc, struct sock *sk, struct sock *newsk)h](j})}(hstruct sctp_association *asoch](j8)}(hj;h]hstruct}(hjShhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjOubjE)}(h h]h }(hj`hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjOubh)}(hhh]j\)}(hsctp_associationh]hsctp_association}(hjqhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjnubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjsmodnameN classnameNjsjv)}jy]j|)}joj9sbc.security_sctp_sk_cloneasbuh1hhjOubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjOubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjOubj\)}(hasoch]hasoc}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjOubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjKubj})}(hstruct sock *skh](j8)}(hj;h]hstruct}(hjşhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjubjE)}(h h]h }(hjҟhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubh)}(hhh]j\)}(hsockh]hsock}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjmodnameN classnameNjsjv)}jy]jc.security_sctp_sk_cloneasbuh1hhjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjubj\)}(hskh]hsk}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjKubj})}(hstruct sock *newskh](j8)}(hj;h]hstruct}(hj5hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj1ubjE)}(h h]h }(hjBhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj1ubh)}(hhh]j\)}(hsockh]hsock}(hjShhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjPubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjUmodnameN classnameNjsjv)}jy]jc.security_sctp_sk_cloneasbuh1hhj1ubjE)}(h h]h }(hjqhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj1ubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj1ubj\)}(hnewskh]hnewsk}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj1ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjKubeh}(h]h ]h"]h$]h&]jtjuuh1jvhjhhhj$hM8ubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjhhhj$hM8ubah}(h]j ah ](jjeh"]h$]h&]jj)jhuh1j&hj$hM8hj hhubj)}(hhh]h)}(hClone a SCTP sock's LSM stateh]hClone a SCTP sock’s LSM state}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM8hjhhubah}(h]h ]h"]h$]h&]uh1jhj hhhj$hM8ubeh}(h]h ](jfunctioneh"]h$]h&]j jjjΠjjΠjjjuh1j!hhhhhNhNubj)}(hX6**Parameters** ``struct sctp_association *asoc`` SCTP association ``struct sock *sk`` original sock ``struct sock *newsk`` target sock **Description** Called whenever a new socket is created by accept(2) (i.e. a TCP style socket) or when a socket is 'peeled off' e.g userspace calls sctp_peeloff(3).h](h)}(h**Parameters**h]j)}(hjؠh]h Parameters}(hjڠhhhNhNubah}(h]h ]h"]h$]h&]uh1jhj֠ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM<hjҠubj4)}(hhh](j9)}(h3``struct sctp_association *asoc`` SCTP association h](j?)}(h!``struct sctp_association *asoc``h]h)}(hjh]hstruct sctp_association *asoc}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM9hjubjY)}(hhh]h)}(hSCTP associationh]hSCTP association}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhj hM9hj ubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hj hM9hjubj9)}(h"``struct sock *sk`` original sock h](j?)}(h``struct sock *sk``h]h)}(hj0h]hstruct sock *sk}(hj2hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj.ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM:hj*ubjY)}(hhh]h)}(h original sockh]h original sock}(hjIhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjEhM:hjFubah}(h]h ]h"]h$]h&]uh1jXhj*ubeh}(h]h ]h"]h$]h&]uh1j8hjEhM:hjubj9)}(h#``struct sock *newsk`` target sock h](j?)}(h``struct sock *newsk``h]h)}(hjih]hstruct sock *newsk}(hjkhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjgubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM;hjcubjY)}(hhh]h)}(h target sockh]h target sock}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhj~hM;hjubah}(h]h ]h"]h$]h&]uh1jXhjcubeh}(h]h ]h"]h$]h&]uh1j8hj~hM;hjubeh}(h]h ]h"]h$]h&]uh1j3hjҠubh)}(h**Description**h]j)}(hjh]h Description}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM=hjҠubh)}(hCalled whenever a new socket is created by accept(2) (i.e. a TCP style socket) or when a socket is 'peeled off' e.g userspace calls sctp_peeloff(3).h]hCalled whenever a new socket is created by accept(2) (i.e. a TCP style socket) or when a socket is ‘peeled off’ e.g userspace calls sctp_peeloff(3).}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM<hjҠubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j,security_sctp_assoc_established (C function)!c.security_sctp_assoc_establishedhNtauh1jhhhhhNhNubj")}(hhh](j')}(hXint security_sctp_assoc_established (struct sctp_association *asoc, struct sk_buff *skb)h]j-)}(hWint security_sctp_assoc_established(struct sctp_association *asoc, struct sk_buff *skb)h](j3)}(hinth]hint}(hjhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMIubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjhhhjhMIubjV)}(hsecurity_sctp_assoc_establishedh]j\)}(hsecurity_sctp_assoc_establishedh]hsecurity_sctp_assoc_established}(hj hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjhhhjhMIubjw)}(h4(struct sctp_association *asoc, struct sk_buff *skb)h](j})}(hstruct sctp_association *asoch](j8)}(hj;h]hstruct}(hj&hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj"ubjE)}(h h]h }(hj3hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj"ubh)}(hhh]j\)}(hsctp_associationh]hsctp_association}(hjDhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjAubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjFmodnameN classnameNjsjv)}jy]j|)}joj sb!c.security_sctp_assoc_establishedasbuh1hhj"ubjE)}(h h]h }(hjdhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj"ubj)}(hjh]h*}(hjrhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj"ubj\)}(hasoch]hasoc}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj"ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubj})}(hstruct sk_buff *skbh](j8)}(hj;h]hstruct}(hjhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubh)}(hhh]j\)}(hsk_buffh]hsk_buff}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjmodnameN classnameNjsjv)}jy]j`!c.security_sctp_assoc_establishedasbuh1hhjubjE)}(h h]h }(hjԢhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjubj\)}(hskbh]hskb}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubeh}(h]h ]h"]h$]h&]jtjuuh1jvhjhhhjhMIubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjhhhjhMIubah}(h]jܡah ](jjeh"]h$]h&]jj)jhuh1j&hjhMIhjޡhhubj)}(hhh]h)}(h'Update LSM state when assoc establishedh]h'Update LSM state when assoc established}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMIhjhhubah}(h]h ]h"]h$]h&]uh1jhjޡhhhjhMIubeh}(h]h ](jfunctioneh"]h$]h&]j jjj1jj1jjjuh1j!hhhhhNhNubj)}(hX***Parameters** ``struct sctp_association *asoc`` SCTP association ``struct sk_buff *skb`` packet establishing the association **Description** Passes the **asoc** and **chunk->skb** of the association COOKIE_ACK packet to the security module. **Return** Returns 0 if permission is granted.h](h)}(h**Parameters**h]j)}(hj;h]h Parameters}(hj=hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj9ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMMhj5ubj4)}(hhh](j9)}(h3``struct sctp_association *asoc`` SCTP association h](j?)}(h!``struct sctp_association *asoc``h]h)}(hjZh]hstruct sctp_association *asoc}(hj\hhhNhNubah}(h]h ]h"]h$]h&]uh1hhjXubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMJhjTubjY)}(hhh]h)}(hSCTP associationh]hSCTP association}(hjshhhNhNubah}(h]h ]h"]h$]h&]uh1hhjohMJhjpubah}(h]h ]h"]h$]h&]uh1jXhjTubeh}(h]h ]h"]h$]h&]uh1j8hjohMJhjQubj9)}(h<``struct sk_buff *skb`` packet establishing the association h](j?)}(h``struct sk_buff *skb``h]h)}(hjh]hstruct sk_buff *skb}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMKhjubjY)}(hhh]h)}(h#packet establishing the associationh]h#packet establishing the association}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhMKhjubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hjhMKhjQubeh}(h]h ]h"]h$]h&]uh1j3hj5ubh)}(h**Description**h]j)}(hjΣh]h Description}(hjУhhhNhNubah}(h]h ]h"]h$]h&]uh1jhj̣ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMMhj5ubh)}(hcPasses the **asoc** and **chunk->skb** of the association COOKIE_ACK packet to the security module.h](h Passes the }(hjhhhNhNubj)}(h**asoc**h]hasoc}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubh and }(hjhhhNhNubj)}(h**chunk->skb**h]h chunk->skb}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubh= of the association COOKIE_ACK packet to the security module.}(hjhhhNhNubeh}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMLhj5ubh)}(h **Return**h]j)}(hjh]hReturn}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMOhj5ubh)}(h#Returns 0 if permission is granted.h]h#Returns 0 if permission is granted.}(hj/hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMPhj5ubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j$security_ib_pkey_access (C function)c.security_ib_pkey_accesshNtauh1jhhhhhNhNubj")}(hhh](j')}(hDint security_ib_pkey_access (void *sec, u64 subnet_prefix, u16 pkey)h]j-)}(hCint security_ib_pkey_access(void *sec, u64 subnet_prefix, u16 pkey)h](j3)}(hinth]hint}(hj^hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjZhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMnubjE)}(h h]h }(hjmhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjZhhhjlhMnubjV)}(hsecurity_ib_pkey_accessh]j\)}(hsecurity_ib_pkey_accessh]hsecurity_ib_pkey_access}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj{ubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjZhhhjlhMnubjw)}(h((void *sec, u64 subnet_prefix, u16 pkey)h](j})}(h void *sech](j3)}(hvoidh]hvoid}(hjhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjubj\)}(hsech]hsec}(hjĤhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubj})}(hu64 subnet_prefixh](h)}(hhh]j\)}(hu64h]hu64}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjݤubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjmodnameN classnameNjsjv)}jy]j|)}jojsbc.security_ib_pkey_accessasbuh1hhj٤ubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj٤ubj\)}(h subnet_prefixh]h subnet_prefix}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj٤ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubj})}(hu16 pkeyh](h)}(hhh]j\)}(hu16h]hu16}(hj*hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj'ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj,modnameN classnameNjsjv)}jy]jc.security_ib_pkey_accessasbuh1hhj#ubjE)}(h h]h }(hjHhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj#ubj\)}(hpkeyh]hpkey}(hjVhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj#ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubeh}(h]h ]h"]h$]h&]jtjuuh1jvhjZhhhjlhMnubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjVhhhjlhMnubah}(h]jQah ](jjeh"]h$]h&]jj)jhuh1j&hjlhMnhjShhubj)}(hhh]h)}(h(Check if access to an IB pkey is allowedh]h(Check if access to an IB pkey is allowed}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMnhj}hhubah}(h]h ]h"]h$]h&]uh1jhjShhhjlhMnubeh}(h]h ](jfunctioneh"]h$]h&]j jjjjjjjjuh1j!hhhhhNhNubj)}(h**Parameters** ``void *sec`` LSM blob ``u64 subnet_prefix`` subnet prefix of the port ``u16 pkey`` IB pkey **Description** Check permission to access a pkey when modifying a QP. **Return** Returns 0 if permission is granted.h](h)}(h**Parameters**h]j)}(hjh]h Parameters}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMrhjubj4)}(hhh](j9)}(h``void *sec`` LSM blob h](j?)}(h ``void *sec``h]h)}(hjh]h void *sec}(hjåhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMohjubjY)}(hhh]h)}(hLSM blobh]hLSM blob}(hjڥhhhNhNubah}(h]h ]h"]h$]h&]uh1hhj֥hMohjץubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hj֥hMohjubj9)}(h0``u64 subnet_prefix`` subnet prefix of the port h](j?)}(h``u64 subnet_prefix``h]h)}(hjh]hu64 subnet_prefix}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMphjubjY)}(hhh]h)}(hsubnet prefix of the porth]hsubnet prefix of the port}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhMphjubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hjhMphjubj9)}(h``u16 pkey`` IB pkey h](j?)}(h ``u16 pkey``h]h)}(hj3h]hu16 pkey}(hj5hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj1ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMqhj-ubjY)}(hhh]h)}(hIB pkeyh]hIB pkey}(hjLhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjHhMqhjIubah}(h]h ]h"]h$]h&]uh1jXhj-ubeh}(h]h ]h"]h$]h&]uh1j8hjHhMqhjubeh}(h]h ]h"]h$]h&]uh1j3hjubh)}(h**Description**h]j)}(hjnh]h Description}(hjphhhNhNubah}(h]h ]h"]h$]h&]uh1jhjlubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMshjubh)}(h6Check permission to access a pkey when modifying a QP.h]h6Check permission to access a pkey when modifying a QP.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMrhjubh)}(h **Return**h]j)}(hjh]hReturn}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMthjubh)}(h#Returns 0 if permission is granted.h]h#Returns 0 if permission is granted.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMuhjubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j.security_ib_endport_manage_subnet (C function)#c.security_ib_endport_manage_subnethNtauh1jhhhhhNhNubj")}(hhh](j')}(hTint security_ib_endport_manage_subnet (void *sec, const char *dev_name, u8 port_num)h]j-)}(hSint security_ib_endport_manage_subnet(void *sec, const char *dev_name, u8 port_num)h](j3)}(hinth]hint}(hjڦhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj֦hhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM~ubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj֦hhhjhM~ubjV)}(h!security_ib_endport_manage_subneth]j\)}(h!security_ib_endport_manage_subneth]h!security_ib_endport_manage_subnet}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhj֦hhhjhM~ubjw)}(h.(void *sec, const char *dev_name, u8 port_num)h](j})}(h void *sech](j3)}(hvoidh]hvoid}(hjhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjubjE)}(h h]h }(hj%hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj)}(hjh]h*}(hj3hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjubj\)}(hsech]hsec}(hj@hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubj})}(hconst char *dev_nameh](j8)}(hj h]hconst}(hjYhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjUubjE)}(h h]h }(hjfhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjUubj3)}(hcharh]hchar}(hjthhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjUubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjUubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjUubj\)}(hdev_nameh]hdev_name}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjUubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubj})}(h u8 port_numh](h)}(hhh]j\)}(hu8h]hu8}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjmodnameN classnameNjsjv)}jy]j|)}jojsb#c.security_ib_endport_manage_subnetasbuh1hhjubjE)}(h h]h }(hj٧hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj\)}(hport_numh]hport_num}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubeh}(h]h ]h"]h$]h&]jtjuuh1jvhj֦hhhjhM~ubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjҦhhhjhM~ubah}(h]jͦah ](jjeh"]h$]h&]jj)jhuh1j&hjhM~hjϦhhubj)}(hhh]h)}(h Check if SMPs traffic is allowedh]h Check if SMPs traffic is allowed}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chM~hjhhubah}(h]h ]h"]h$]h&]uh1jhjϦhhhjhM~ubeh}(h]h ](jfunctioneh"]h$]h&]j jjj)jj)jjjuh1j!hhhhhNhNubj)}(h**Parameters** ``void *sec`` LSM blob ``const char *dev_name`` IB device name ``u8 port_num`` port number **Description** Check permissions to send and receive SMPs on a end port. **Return** Returns 0 if permission is granted.h](h)}(h**Parameters**h]j)}(hj3h]h Parameters}(hj5hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj1ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj-ubj4)}(hhh](j9)}(h``void *sec`` LSM blob h](j?)}(h ``void *sec``h]h)}(hjRh]h void *sec}(hjThhhNhNubah}(h]h ]h"]h$]h&]uh1hhjPubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjLubjY)}(hhh]h)}(hLSM blobh]hLSM blob}(hjkhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjghMhjhubah}(h]h ]h"]h$]h&]uh1jXhjLubeh}(h]h ]h"]h$]h&]uh1j8hjghMhjIubj9)}(h(``const char *dev_name`` IB device name h](j?)}(h``const char *dev_name``h]h)}(hjh]hconst char *dev_name}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubjY)}(hhh]h)}(hIB device nameh]hIB device name}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhMhjubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hjhMhjIubj9)}(h``u8 port_num`` port number h](j?)}(h``u8 port_num``h]h)}(hjĨh]h u8 port_num}(hjƨhhhNhNubah}(h]h ]h"]h$]h&]uh1hhj¨ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubjY)}(hhh]h)}(h port numberh]h port number}(hjݨhhhNhNubah}(h]h ]h"]h$]h&]uh1hhj٨hMhjڨubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hj٨hMhjIubeh}(h]h ]h"]h$]h&]uh1j3hj-ubh)}(h**Description**h]j)}(hjh]h Description}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj-ubh)}(h9Check permissions to send and receive SMPs on a end port.h]h9Check permissions to send and receive SMPs on a end port.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj-ubh)}(h **Return**h]j)}(hj&h]hReturn}(hj(hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj$ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj-ubh)}(h#Returns 0 if permission is granted.h]h#Returns 0 if permission is granted.}(hj<hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj-ubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j'security_ib_alloc_security (C function)c.security_ib_alloc_securityhNtauh1jhhhhhNhNubj")}(hhh](j')}(h+int security_ib_alloc_security (void **sec)h]j-)}(h*int security_ib_alloc_security(void **sec)h](j3)}(hinth]hint}(hjkhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjghhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hjzhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjghhhjyhMubjV)}(hsecurity_ib_alloc_securityh]j\)}(hsecurity_ib_alloc_securityh]hsecurity_ib_alloc_security}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjghhhjyhMubjw)}(h (void **sec)h]j})}(h void **sech](j3)}(hvoidh]hvoid}(hjhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj)}(hjh]h*}(hjĩhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjubj)}(hjh]h*}(hjѩhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjubj\)}(hsech]hsec}(hjީhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubah}(h]h ]h"]h$]h&]jtjuuh1jvhjghhhjyhMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjchhhjyhMubah}(h]j^ah ](jjeh"]h$]h&]jj)jhuh1j&hjyhMhj`hhubj)}(hhh]h)}(hAllocate an Infiniband LSM blobh]hAllocate an Infiniband LSM blob}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjhhubah}(h]h ]h"]h$]h&]uh1jhj`hhhjyhMubeh}(h]h ](jfunctioneh"]h$]h&]j jjj jj jjjuh1j!hhhhhNhNubj)}(h**Parameters** ``void **sec`` LSM blob **Description** Allocate a security structure for Infiniband objects. **Return** Returns 0 on success, non-zero on failure.h](h)}(h**Parameters**h]j)}(hj*h]h Parameters}(hj,hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj(ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj$ubj4)}(hhh]j9)}(h``void **sec`` LSM blob h](j?)}(h``void **sec``h]h)}(hjIh]h void **sec}(hjKhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjGubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjCubjY)}(hhh]h)}(hLSM blobh]hLSM blob}(hjbhhhNhNubah}(h]h ]h"]h$]h&]uh1hhj^hMhj_ubah}(h]h ]h"]h$]h&]uh1jXhjCubeh}(h]h ]h"]h$]h&]uh1j8hj^hMhj@ubah}(h]h ]h"]h$]h&]uh1j3hj$ubh)}(h**Description**h]j)}(hjh]h Description}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj$ubh)}(h5Allocate a security structure for Infiniband objects.h]h5Allocate a security structure for Infiniband objects.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj$ubh)}(h **Return**h]j)}(hjh]hReturn}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj$ubh)}(h*Returns 0 on success, non-zero on failure.h]h*Returns 0 on success, non-zero on failure.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj$ubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j&security_ib_free_security (C function)c.security_ib_free_securityhNtauh1jhhhhhNhNubj")}(hhh](j')}(h*void security_ib_free_security (void *sec)h]j-)}(h)void security_ib_free_security(void *sec)h](j3)}(hvoidh]hvoid}(hjhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjhhhjhMubjV)}(hsecurity_ib_free_securityh]j\)}(hsecurity_ib_free_securityh]hsecurity_ib_free_security}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj ubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjhhhjhMubjw)}(h (void *sec)h]j})}(h void *sech](j3)}(hvoidh]hvoid}(hj-hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj)ubjE)}(h h]h }(hj;hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj)ubj)}(hjh]h*}(hjIhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj)ubj\)}(hsech]hsec}(hjVhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj)ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj%ubah}(h]h ]h"]h$]h&]jtjuuh1jvhjhhhjhMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjhhhjhMubah}(h]jah ](jjeh"]h$]h&]jj)jhuh1j&hjhMhjhhubj)}(hhh]h)}(hFree an Infiniband LSM blobh]hFree an Infiniband LSM blob}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj}hhubah}(h]h ]h"]h$]h&]uh1jhjhhhjhMubeh}(h]h ](jfunctioneh"]h$]h&]j jjjjjjjjuh1j!hhhhhNhNubj)}(hg**Parameters** ``void *sec`` LSM blob **Description** Deallocate an Infiniband security structure.h](h)}(h**Parameters**h]j)}(hjh]h Parameters}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubj4)}(hhh]j9)}(h``void *sec`` LSM blob h](j?)}(h ``void *sec``h]h)}(hjh]h void *sec}(hjëhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubjY)}(hhh]h)}(hLSM blobh]hLSM blob}(hjګhhhNhNubah}(h]h ]h"]h$]h&]uh1hhj֫hMhj׫ubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hj֫hMhjubah}(h]h ]h"]h$]h&]uh1j3hjubh)}(h**Description**h]j)}(hjh]h Description}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(h,Deallocate an Infiniband security structure.h]h,Deallocate an Infiniband security structure.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j'security_xfrm_policy_alloc (C function)c.security_xfrm_policy_allochNtauh1jhhhhhNhNubj")}(hhh](j')}(hiint security_xfrm_policy_alloc (struct xfrm_sec_ctx **ctxp, struct xfrm_user_sec_ctx *sec_ctx, gfp_t gfp)h]j-)}(hhint security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_user_sec_ctx *sec_ctx, gfp_t gfp)h](j3)}(hinth]hint}(hjAhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj=hhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hjPhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj=hhhjOhMubjV)}(hsecurity_xfrm_policy_alloch]j\)}(hsecurity_xfrm_policy_alloch]hsecurity_xfrm_policy_alloc}(hjbhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj^ubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhj=hhhjOhMubjw)}(hJ(struct xfrm_sec_ctx **ctxp, struct xfrm_user_sec_ctx *sec_ctx, gfp_t gfp)h](j})}(hstruct xfrm_sec_ctx **ctxph](j8)}(hj;h]hstruct}(hj~hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjzubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjzubh)}(hhh]j\)}(h xfrm_sec_ctxh]h xfrm_sec_ctx}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjmodnameN classnameNjsjv)}jy]j|)}jojdsbc.security_xfrm_policy_allocasbuh1hhjzubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjzubj)}(hjh]h*}(hjʬhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjzubj)}(hjh]h*}(hj׬hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjzubj\)}(hctxph]hctxp}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjzubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjvubj})}(h!struct xfrm_user_sec_ctx *sec_ctxh](j8)}(hj;h]hstruct}(hjhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjubjE)}(h h]h }(hj hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubh)}(hhh]j\)}(hxfrm_user_sec_ctxh]hxfrm_user_sec_ctx}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjmodnameN classnameNjsjv)}jy]jc.security_xfrm_policy_allocasbuh1hhjubjE)}(h h]h }(hj9hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj)}(hjh]h*}(hjGhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjubj\)}(hsec_ctxh]hsec_ctx}(hjThhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjvubj})}(h gfp_t gfph](h)}(hhh]j\)}(hgfp_th]hgfp_t}(hjphhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjmubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjrmodnameN classnameNjsjv)}jy]jc.security_xfrm_policy_allocasbuh1hhjiubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjiubj\)}(hgfph]hgfp}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjiubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjvubeh}(h]h ]h"]h$]h&]jtjuuh1jvhj=hhhjOhMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhj9hhhjOhMubah}(h]j4ah ](jjeh"]h$]h&]jj)jhuh1j&hjOhMhj6hhubj)}(hhh]h)}(hAllocate a xfrm policy LSM blobh]hAllocate a xfrm policy LSM blob}(hjƭhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjíhhubah}(h]h ]h"]h$]h&]uh1jhj6hhhjOhMubeh}(h]h ](jfunctioneh"]h$]h&]j jjjޭjjޭjjjuh1j!hhhhhNhNubj)}(hX**Parameters** ``struct xfrm_sec_ctx **ctxp`` xfrm security context being added to the SPD ``struct xfrm_user_sec_ctx *sec_ctx`` security label provided by userspace ``gfp_t gfp`` gfp flags **Description** Allocate a security structure to the xp->security field; the security field is initialized to NULL when the xfrm_policy is allocated. **Return** Return 0 if operation was successful.h](h)}(h**Parameters**h]j)}(hjh]h Parameters}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubj4)}(hhh](j9)}(hL``struct xfrm_sec_ctx **ctxp`` xfrm security context being added to the SPD h](j?)}(h``struct xfrm_sec_ctx **ctxp``h]h)}(hjh]hstruct xfrm_sec_ctx **ctxp}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubjY)}(hhh]h)}(h,xfrm security context being added to the SPDh]h,xfrm security context being added to the SPD}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhMhjubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hjhMhjubj9)}(hK``struct xfrm_user_sec_ctx *sec_ctx`` security label provided by userspace h](j?)}(h%``struct xfrm_user_sec_ctx *sec_ctx``h]h)}(hj@h]h!struct xfrm_user_sec_ctx *sec_ctx}(hjBhhhNhNubah}(h]h ]h"]h$]h&]uh1hhj>ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj:ubjY)}(hhh]h)}(h$security label provided by userspaceh]h$security label provided by userspace}(hjYhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjUhMhjVubah}(h]h ]h"]h$]h&]uh1jXhj:ubeh}(h]h ]h"]h$]h&]uh1j8hjUhMhjubj9)}(h``gfp_t gfp`` gfp flags h](j?)}(h ``gfp_t gfp``h]h)}(hjyh]h gfp_t gfp}(hj{hhhNhNubah}(h]h ]h"]h$]h&]uh1hhjwubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjsubjY)}(hhh]h)}(h gfp flagsh]h gfp flags}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhMhjubah}(h]h ]h"]h$]h&]uh1jXhjsubeh}(h]h ]h"]h$]h&]uh1j8hjhMhjubeh}(h]h ]h"]h$]h&]uh1j3hjubh)}(h**Description**h]j)}(hjh]h Description}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(hAllocate a security structure to the xp->security field; the security field is initialized to NULL when the xfrm_policy is allocated.h]hAllocate a security structure to the xp->security field; the security field is initialized to NULL when the xfrm_policy is allocated.}(hjʮhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(h **Return**h]j)}(hjۮh]hReturn}(hjݮhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjٮubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(h%Return 0 if operation was successful.h]h%Return 0 if operation was successful.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j&security_xfrm_policy_free (C function)c.security_xfrm_policy_freehNtauh1jhhhhhNhNubj")}(hhh](j')}(h9void security_xfrm_policy_free (struct xfrm_sec_ctx *ctx)h]j-)}(h8void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx)h](j3)}(hvoidh]hvoid}(hj hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hj/hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjhhhj.hMubjV)}(hsecurity_xfrm_policy_freeh]j\)}(hsecurity_xfrm_policy_freeh]hsecurity_xfrm_policy_free}(hjAhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj=ubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjhhhj.hMubjw)}(h(struct xfrm_sec_ctx *ctx)h]j})}(hstruct xfrm_sec_ctx *ctxh](j8)}(hj;h]hstruct}(hj]hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjYubjE)}(h h]h }(hjjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjYubh)}(hhh]j\)}(h xfrm_sec_ctxh]h xfrm_sec_ctx}(hj{hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjxubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj}modnameN classnameNjsjv)}jy]j|)}jojCsbc.security_xfrm_policy_freeasbuh1hhjYubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjYubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjYubj\)}(hctxh]hctx}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjYubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjUubah}(h]h ]h"]h$]h&]jtjuuh1jvhjhhhj.hMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjhhhj.hMubah}(h]jah ](jjeh"]h$]h&]jj)jhuh1j&hj.hMhjhhubj)}(hhh]h)}(hFree a xfrm security contexth]hFree a xfrm security context}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjݯhhubah}(h]h ]h"]h$]h&]uh1jhjhhhj.hMubeh}(h]h ](jfunctioneh"]h$]h&]j jjjjjjjjuh1j!hhhhhNhNubj)}(h**Parameters** ``struct xfrm_sec_ctx *ctx`` xfrm security context **Description** Free LSM resources associated with **ctx**.h](h)}(h**Parameters**h]j)}(hjh]h Parameters}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubj4)}(hhh]j9)}(h3``struct xfrm_sec_ctx *ctx`` xfrm security context h](j?)}(h``struct xfrm_sec_ctx *ctx``h]h)}(hj!h]hstruct xfrm_sec_ctx *ctx}(hj#hhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubjY)}(hhh]h)}(hxfrm security contexth]hxfrm security context}(hj:hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj6hMhj7ubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hj6hMhjubah}(h]h ]h"]h$]h&]uh1j3hjubh)}(h**Description**h]j)}(hj\h]h Description}(hj^hhhNhNubah}(h]h ]h"]h$]h&]uh1jhjZubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(h+Free LSM resources associated with **ctx**.h](h#Free LSM resources associated with }(hjrhhhNhNubj)}(h**ctx**h]hctx}(hjzhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjrubh.}(hjrhhhNhNubeh}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j&security_xfrm_state_alloc (C function)c.security_xfrm_state_allochNtauh1jhhhhhNhNubj")}(hhh](j')}(hWint security_xfrm_state_alloc (struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx)h]j-)}(hVint security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx)h](j3)}(hinth]hint}(hjhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hj°hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjhhhjhMubjV)}(hsecurity_xfrm_state_alloch]j\)}(hsecurity_xfrm_state_alloch]hsecurity_xfrm_state_alloc}(hj԰hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjаubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjhhhjhMubjw)}(h9(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx)h](j})}(hstruct xfrm_state *xh](j8)}(hj;h]hstruct}(hjhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubh)}(hhh]j\)}(h xfrm_stateh]h xfrm_state}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjmodnameN classnameNjsjv)}jy]j|)}jojְsbc.security_xfrm_state_allocasbuh1hhjubjE)}(h h]h }(hj.hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj)}(hjh]h*}(hj<hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjubj\)}(hxh]hx}(hjIhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubj})}(h!struct xfrm_user_sec_ctx *sec_ctxh](j8)}(hj;h]hstruct}(hjbhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj^ubjE)}(h h]h }(hjohhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj^ubh)}(hhh]j\)}(hxfrm_user_sec_ctxh]hxfrm_user_sec_ctx}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj}ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjmodnameN classnameNjsjv)}jy]j*c.security_xfrm_state_allocasbuh1hhj^ubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj^ubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj^ubj\)}(hsec_ctxh]hsec_ctx}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj^ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubeh}(h]h ]h"]h$]h&]jtjuuh1jvhjhhhjhMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjhhhjhMubah}(h]jah ](jjeh"]h$]h&]jj)jhuh1j&hjhMhjhhubj)}(hhh]h)}(hAllocate a xfrm state LSM blobh]hAllocate a xfrm state LSM blob}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjhhubah}(h]h ]h"]h$]h&]uh1jhjhhhjhMubeh}(h]h ](jfunctioneh"]h$]h&]j jjjjjjjjuh1j!hhhhhNhNubj)}(hX**Parameters** ``struct xfrm_state *x`` xfrm state being added to the SAD ``struct xfrm_user_sec_ctx *sec_ctx`` security label provided by userspace **Description** Allocate a security structure to the **x->security** field; the security field is initialized to NULL when the xfrm_state is allocated. Set the context to correspond to **sec_ctx**. **Return** Return 0 if operation was successful.h](h)}(h**Parameters**h]j)}(hjh]h Parameters}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubj4)}(hhh](j9)}(h;``struct xfrm_state *x`` xfrm state being added to the SAD h](j?)}(h``struct xfrm_state *x``h]h)}(hj$h]hstruct xfrm_state *x}(hj&hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj"ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubjY)}(hhh]h)}(h!xfrm state being added to the SADh]h!xfrm state being added to the SAD}(hj=hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj9hMhj:ubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hj9hMhjubj9)}(hK``struct xfrm_user_sec_ctx *sec_ctx`` security label provided by userspace h](j?)}(h%``struct xfrm_user_sec_ctx *sec_ctx``h]h)}(hj]h]h!struct xfrm_user_sec_ctx *sec_ctx}(hj_hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj[ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjWubjY)}(hhh]h)}(h$security label provided by userspaceh]h$security label provided by userspace}(hjvhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjrhMhjsubah}(h]h ]h"]h$]h&]uh1jXhjWubeh}(h]h ]h"]h$]h&]uh1j8hjrhMhjubeh}(h]h ]h"]h$]h&]uh1j3hjubh)}(h**Description**h]j)}(hjh]h Description}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(hAllocate a security structure to the **x->security** field; the security field is initialized to NULL when the xfrm_state is allocated. Set the context to correspond to **sec_ctx**.h](h%Allocate a security structure to the }(hjhhhNhNubj)}(h**x->security**h]h x->security}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubhu field; the security field is initialized to NULL when the xfrm_state is allocated. Set the context to correspond to }(hjhhhNhNubj)}(h **sec_ctx**h]hsec_ctx}(hjȲhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubh.}(hjhhhNhNubeh}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(h **Return**h]j)}(hjh]hReturn}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(h%Return 0 if operation was successful.h]h%Return 0 if operation was successful.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j'security_xfrm_state_delete (C function)c.security_xfrm_state_deletehNtauh1jhhhhhNhNubj")}(hhh](j')}(h5int security_xfrm_state_delete (struct xfrm_state *x)h]j-)}(h4int security_xfrm_state_delete(struct xfrm_state *x)h](j3)}(hinth]hint}(hj(hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj$hhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hj7hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj$hhhj6hMubjV)}(hsecurity_xfrm_state_deleteh]j\)}(hsecurity_xfrm_state_deleteh]hsecurity_xfrm_state_delete}(hjIhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjEubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhj$hhhj6hMubjw)}(h(struct xfrm_state *x)h]j})}(hstruct xfrm_state *xh](j8)}(hj;h]hstruct}(hjehhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjaubjE)}(h h]h }(hjrhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjaubh)}(hhh]j\)}(h xfrm_stateh]h xfrm_state}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjmodnameN classnameNjsjv)}jy]j|)}jojKsbc.security_xfrm_state_deleteasbuh1hhjaubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjaubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjaubj\)}(hjKh]hx}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjaubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hj]ubah}(h]h ]h"]h$]h&]jtjuuh1jvhj$hhhj6hMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhj hhhj6hMubah}(h]jah ](jjeh"]h$]h&]jj)jhuh1j&hj6hMhjhhubj)}(hhh]h)}(h)Check if deleting a xfrm state is allowedh]h)Check if deleting a xfrm state is allowed}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjhhubah}(h]h ]h"]h$]h&]uh1jhjhhhj6hMubeh}(h]h ](jfunctioneh"]h$]h&]j jjjjjjjjuh1j!hhhhhNhNubj)}(h**Parameters** ``struct xfrm_state *x`` xfrm state **Description** Authorize deletion of x->security. **Return** Returns 0 if permission is granted.h](h)}(h**Parameters**h]j)}(hj h]h Parameters}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubj4)}(hhh]j9)}(h$``struct xfrm_state *x`` xfrm state h](j?)}(h``struct xfrm_state *x``h]h)}(hj(h]hstruct xfrm_state *x}(hj*hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj&ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj"ubjY)}(hhh]h)}(h xfrm stateh]h xfrm state}(hjAhhhNhNubah}(h]h ]h"]h$]h&]uh1hhj=hMhj>ubah}(h]h ]h"]h$]h&]uh1jXhj"ubeh}(h]h ]h"]h$]h&]uh1j8hj=hMhjubah}(h]h ]h"]h$]h&]uh1j3hjubh)}(h**Description**h]j)}(hjch]h Description}(hjehhhNhNubah}(h]h ]h"]h$]h&]uh1jhjaubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(h"Authorize deletion of x->security.h]h"Authorize deletion of x->security.}(hjyhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(h **Return**h]j)}(hjh]hReturn}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(h#Returns 0 if permission is granted.h]h#Returns 0 if permission is granted.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j!security_locked_down (C function)c.security_locked_downhNtauh1jhhhhhNhNubj")}(hhh](j')}(h4int security_locked_down (enum lockdown_reason what)h]j-)}(h3int security_locked_down(enum lockdown_reason what)h](j3)}(hinth]hint}(hjϴhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj˴hhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hj޴hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj˴hhhjݴhMubjV)}(hsecurity_locked_downh]j\)}(hsecurity_locked_downh]hsecurity_locked_down}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhj˴hhhjݴhMubjw)}(h(enum lockdown_reason what)h]j})}(henum lockdown_reason whath](j8)}(hj<;h]henum}(hj hhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubh)}(hhh]j\)}(hlockdown_reasonh]hlockdown_reason}(hj*hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj'ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj,modnameN classnameNjsjv)}jy]j|)}jojsbc.security_locked_downasbuh1hhjubjE)}(h h]h }(hjJhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj\)}(hwhath]hwhat}(hjXhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubah}(h]h ]h"]h$]h&]jtjuuh1jvhj˴hhhjݴhMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjǴhhhjݴhMubah}(h]j´ah ](jjeh"]h$]h&]jj)jhuh1j&hjݴhMhjĴhhubj)}(hhh]h)}(h$Check if a kernel feature is allowedh]h$Check if a kernel feature is allowed}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjhhubah}(h]h ]h"]h$]h&]uh1jhjĴhhhjݴhMubeh}(h]h ](jfunctioneh"]h$]h&]j jjjjjjjjuh1j!hhhhhNhNubj)}(hX**Parameters** ``enum lockdown_reason what`` requested kernel feature **Description** Determine whether a kernel feature that potentially enables arbitrary code execution in kernel space should be permitted. **Return** Returns 0 if permission is granted.h](h)}(h**Parameters**h]j)}(hjh]h Parameters}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubj4)}(hhh]j9)}(h7``enum lockdown_reason what`` requested kernel feature h](j?)}(h``enum lockdown_reason what``h]h)}(hjõh]henum lockdown_reason what}(hjŵhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubjY)}(hhh]h)}(hrequested kernel featureh]hrequested kernel feature}(hjܵhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjصhMhjٵubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hjصhMhjubah}(h]h ]h"]h$]h&]uh1j3hjubh)}(h**Description**h]j)}(hjh]h Description}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(hyDetermine whether a kernel feature that potentially enables arbitrary code execution in kernel space should be permitted.h]hyDetermine whether a kernel feature that potentially enables arbitrary code execution in kernel space should be permitted.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(h **Return**h]j)}(hj%h]hReturn}(hj'hhhNhNubah}(h]h ]h"]h$]h&]uh1jhj#ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(h#Returns 0 if permission is granted.h]h#Returns 0 if permission is granted.}(hj;hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j security_bdev_alloc (C function)c.security_bdev_allochNtauh1jhhhhhNhNubj")}(hhh](j')}(h3int security_bdev_alloc (struct block_device *bdev)h]j-)}(h2int security_bdev_alloc(struct block_device *bdev)h](j3)}(hinth]hint}(hjjhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjfhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hjyhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjfhhhjxhMubjV)}(hsecurity_bdev_alloch]j\)}(hsecurity_bdev_alloch]hsecurity_bdev_alloc}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjfhhhjxhMubjw)}(h(struct block_device *bdev)h]j})}(hstruct block_device *bdevh](j8)}(hj;h]hstruct}(hjhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubh)}(hhh]j\)}(h block_deviceh]h block_device}(hjŶhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj¶ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjǶmodnameN classnameNjsjv)}jy]j|)}jojsbc.security_bdev_allocasbuh1hhjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjubj\)}(hbdevh]hbdev}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubah}(h]h ]h"]h$]h&]jtjuuh1jvhjfhhhjxhMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjbhhhjxhMubah}(h]j]ah ](jjeh"]h$]h&]jj)jhuh1j&hjxhMhj_hhubj)}(hhh]h)}(h Allocate a block device LSM blobh]h Allocate a block device LSM blob}(hj*hhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj'hhubah}(h]h ]h"]h$]h&]uh1jhj_hhhjxhMubeh}(h]h ](jfunctioneh"]h$]h&]j jjjBjjBjjjuh1j!hhhhhNhNubj)}(hX**Parameters** ``struct block_device *bdev`` block device **Description** Allocate and attach a security structure to **bdev->bd_security**. The security field is initialized to NULL when the bdev structure is allocated. **Return** Return 0 if operation was successful.h](h)}(h**Parameters**h]j)}(hjLh]h Parameters}(hjNhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjJubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjFubj4)}(hhh]j9)}(h+``struct block_device *bdev`` block device h](j?)}(h``struct block_device *bdev``h]h)}(hjkh]hstruct block_device *bdev}(hjmhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjiubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjeubjY)}(hhh]h)}(h block deviceh]h block device}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhMhjubah}(h]h ]h"]h$]h&]uh1jXhjeubeh}(h]h ]h"]h$]h&]uh1j8hjhMhjbubah}(h]h ]h"]h$]h&]uh1j3hjFubh)}(h**Description**h]j)}(hjh]h Description}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjFubh)}(hAllocate and attach a security structure to **bdev->bd_security**. The security field is initialized to NULL when the bdev structure is allocated.h](h,Allocate and attach a security structure to }(hjhhhNhNubj)}(h**bdev->bd_security**h]hbdev->bd_security}(hjķhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubhR. The security field is initialized to NULL when the bdev structure is allocated.}(hjhhhNhNubeh}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjFubh)}(h **Return**h]j)}(hj߷h]hReturn}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjݷubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjFubh)}(h%Return 0 if operation was successful.h]h%Return 0 if operation was successful.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjFubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](jsecurity_bdev_free (C function)c.security_bdev_freehNtauh1jhhhhhNhNubj")}(hhh](j')}(h3void security_bdev_free (struct block_device *bdev)h]j-)}(h2void security_bdev_free(struct block_device *bdev)h](j3)}(hvoidh]hvoid}(hj$hhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hj hhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hj3hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj hhhj2hMubjV)}(hsecurity_bdev_freeh]j\)}(hsecurity_bdev_freeh]hsecurity_bdev_free}(hjEhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjAubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhj hhhj2hMubjw)}(h(struct block_device *bdev)h]j})}(hstruct block_device *bdevh](j8)}(hj;h]hstruct}(hjahhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hj]ubjE)}(h h]h }(hjnhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj]ubh)}(hhh]j\)}(h block_deviceh]h block_device}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj|ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjmodnameN classnameNjsjv)}jy]j|)}jojGsbc.security_bdev_freeasbuh1hhj]ubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj]ubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhj]ubj\)}(hbdevh]hbdev}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj]ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjYubah}(h]h ]h"]h$]h&]jtjuuh1jvhj hhhj2hMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjhhhj2hMubah}(h]jah ](jjeh"]h$]h&]jj)jhuh1j&hj2hMhjhhubj)}(hhh]h)}(hFree a block device's LSM blobh]h Free a block device’s LSM blob}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjhhubah}(h]h ]h"]h$]h&]uh1jhjhhhj2hMubeh}(h]h ](jfunctioneh"]h$]h&]j jjjjjjjjuh1j!hhhhhNhNubj)}(h**Parameters** ``struct block_device *bdev`` block device **Description** Deallocate the bdev security structure and set **bdev->bd_security** to NULL.h](h)}(h**Parameters**h]j)}(hjh]h Parameters}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubj4)}(hhh]j9)}(h+``struct block_device *bdev`` block device h](j?)}(h``struct block_device *bdev``h]h)}(hj%h]hstruct block_device *bdev}(hj'hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj#ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubjY)}(hhh]h)}(h block deviceh]h block device}(hj>hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj:hMhj;ubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hj:hMhjubah}(h]h ]h"]h$]h&]uh1j3hjubh)}(h**Description**h]j)}(hj`h]h Description}(hjbhhhNhNubah}(h]h ]h"]h$]h&]uh1jhj^ubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(hMDeallocate the bdev security structure and set **bdev->bd_security** to NULL.h](h/Deallocate the bdev security structure and set }(hjvhhhNhNubj)}(h**bdev->bd_security**h]hbdev->bd_security}(hj~hhhNhNubah}(h]h ]h"]h$]h&]uh1jhjvubh to NULL.}(hjvhhhNhNubeh}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubj)}(hhh]h}(h]h ]h"]h$]h&]entries](j'security_bdev_setintegrity (C function)c.security_bdev_setintegrityhNtauh1jhhhhhNhNubj")}(hhh](j')}(hxint security_bdev_setintegrity (struct block_device *bdev, enum lsm_integrity_type type, const void *value, size_t size)h]j-)}(hwint security_bdev_setintegrity(struct block_device *bdev, enum lsm_integrity_type type, const void *value, size_t size)h](j3)}(hinth]hint}(hjhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjhhh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMubjE)}(h h]h }(hjƹhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjhhhjŹhMubjV)}(hsecurity_bdev_setintegrityh]j\)}(hsecurity_bdev_setintegrityh]hsecurity_bdev_setintegrity}(hjعhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjԹubah}(h]h ](jojpeh"]h$]h&]jtjuuh1jUhjhhhjŹhMubjw)}(hY(struct block_device *bdev, enum lsm_integrity_type type, const void *value, size_t size)h](j})}(hstruct block_device *bdevh](j8)}(hj;h]hstruct}(hjhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubh)}(hhh]j\)}(h block_deviceh]h block_device}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjmodnameN classnameNjsjv)}jy]j|)}jojڹsbc.security_bdev_setintegrityasbuh1hhjubjE)}(h h]h }(hj2hhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjubj)}(hjh]h*}(hj@hhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjubj\)}(hbdevh]hbdev}(hjMhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubj})}(henum lsm_integrity_type typeh](j8)}(hj<;h]henum}(hjfhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjbubjE)}(h h]h }(hjshhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjbubh)}(hhh]j\)}(hlsm_integrity_typeh]hlsm_integrity_type}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetjmodnameN classnameNjsjv)}jy]j.c.security_bdev_setintegrityasbuh1hhjbubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjbubj\)}(htypeh]htype}(hjhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjbubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubj})}(hconst void *valueh](j8)}(hj h]hconst}(hjɺhhhNhNubah}(h]h ]jDah"]h$]h&]uh1j7hjźubjE)}(h h]h }(hjֺhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjźubj3)}(hvoidh]hvoid}(hjhhhNhNubah}(h]h ]j?ah"]h$]h&]uh1j2hjźubjE)}(h h]h }(hjhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhjźubj)}(hjh]h*}(hjhhhNhNubah}(h]h ]jah"]h$]h&]uh1jhjźubj\)}(hvalueh]hvalue}(hj hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hjźubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubj})}(h size_t sizeh](h)}(hhh]j\)}(hsize_th]hsize_t}(hj)hhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj&ubah}(h]h ]h"]h$]h&] refdomainjreftypejo reftargetj+modnameN classnameNjsjv)}jy]j.c.security_bdev_setintegrityasbuh1hhj"ubjE)}(h h]h }(hjGhhhNhNubah}(h]h ]jQah"]h$]h&]uh1jDhj"ubj\)}(hsizeh]hsize}(hjUhhhNhNubah}(h]h ]jhah"]h$]h&]uh1j[hj"ubeh}(h]h ]h"]h$]h&]noemphjtjuuh1j|hjubeh}(h]h ]h"]h$]h&]jtjuuh1jvhjhhhjŹhMubeh}(h]h ]h"]h$]h&]jtjujuh1j,jjhjhhhjŹhMubah}(h]jah ](jjeh"]h$]h&]jj)jhuh1j&hjŹhMhjhhubj)}(hhh]h)}(hSet the device's integrity datah]h!Set the device’s integrity data}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj|hhubah}(h]h ]h"]h$]h&]uh1jhjhhhjŹhMubeh}(h]h ](jfunctioneh"]h$]h&]j jjjjjjjjuh1j!hhhhhNhNubj)}(hX**Parameters** ``struct block_device *bdev`` block device ``enum lsm_integrity_type type`` type of integrity, e.g. hash digest, signature, etc ``const void *value`` the integrity value ``size_t size`` size of the integrity value **Description** Register a verified integrity measurement of a bdev with LSMs. LSMs should free the previously saved data if **value** is NULL. Please note that the new hook should be invoked every time the security information is updated to keep these data current. For example, in dm-verity, if the mapping table is reloaded and configured to use a different dm-verity target with a new roothash and signing information, the previously stored data in the LSM blob will become obsolete. It is crucial to re-invoke the hook to refresh these data and ensure they are up to date. This necessity arises from the design of device-mapper, where a device-mapper device is first created, and then targets are subsequently loaded into it. These targets can be modified multiple times during the device's lifetime. Therefore, while the LSM blob is allocated during the creation of the block device, its actual contents are not initialized at this stage and can change substantially over time. This includes alterations from data that the LSMs 'trusts' to those they do not, making it essential to handle these changes correctly. Failure to address this dynamic aspect could potentially allow for bypassing LSM checks. **Return** Returns 0 on success, negative values on failure.h](h)}(h**Parameters**h]j)}(hjh]h Parameters}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubj4)}(hhh](j9)}(h+``struct block_device *bdev`` block device h](j?)}(h``struct block_device *bdev``h]h)}(hjh]hstruct block_device *bdev}(hj»hhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubjY)}(hhh]h)}(h block deviceh]h block device}(hjٻhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjջhMhjֻubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hjջhMhjubj9)}(hU``enum lsm_integrity_type type`` type of integrity, e.g. hash digest, signature, etc h](j?)}(h ``enum lsm_integrity_type type``h]h)}(hjh]henum lsm_integrity_type type}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubjY)}(hhh]h)}(h3type of integrity, e.g. hash digest, signature, etch]h3type of integrity, e.g. hash digest, signature, etc}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhMhjubah}(h]h ]h"]h$]h&]uh1jXhjubeh}(h]h ]h"]h$]h&]uh1j8hjhMhjubj9)}(h*``const void *value`` the integrity value h](j?)}(h``const void *value``h]h)}(hj2h]hconst void *value}(hj4hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj0ubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhj,ubjY)}(hhh]h)}(hthe integrity valueh]hthe integrity value}(hjKhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjGhMhjHubah}(h]h ]h"]h$]h&]uh1jXhj,ubeh}(h]h ]h"]h$]h&]uh1j8hjGhMhjubj9)}(h,``size_t size`` size of the integrity value h](j?)}(h``size_t size``h]h)}(hjkh]h size_t size}(hjmhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjiubah}(h]h ]h"]h$]h&]uh1j>h\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjeubjY)}(hhh]h)}(hsize of the integrity valueh]hsize of the integrity value}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhMhjubah}(h]h ]h"]h$]h&]uh1jXhjeubeh}(h]h ]h"]h$]h&]uh1j8hjhMhjubeh}(h]h ]h"]h$]h&]uh1j3hjubh)}(h**Description**h]j)}(hjh]h Description}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(hXRegister a verified integrity measurement of a bdev with LSMs. LSMs should free the previously saved data if **value** is NULL. Please note that the new hook should be invoked every time the security information is updated to keep these data current. For example, in dm-verity, if the mapping table is reloaded and configured to use a different dm-verity target with a new roothash and signing information, the previously stored data in the LSM blob will become obsolete. It is crucial to re-invoke the hook to refresh these data and ensure they are up to date. This necessity arises from the design of device-mapper, where a device-mapper device is first created, and then targets are subsequently loaded into it. These targets can be modified multiple times during the device's lifetime. Therefore, while the LSM blob is allocated during the creation of the block device, its actual contents are not initialized at this stage and can change substantially over time. This includes alterations from data that the LSMs 'trusts' to those they do not, making it essential to handle these changes correctly. Failure to address this dynamic aspect could potentially allow for bypassing LSM checks.h](hmRegister a verified integrity measurement of a bdev with LSMs. LSMs should free the previously saved data if }(hjhhhNhNubj)}(h **value**h]hvalue}(hjļhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjubhX8 is NULL. Please note that the new hook should be invoked every time the security information is updated to keep these data current. For example, in dm-verity, if the mapping table is reloaded and configured to use a different dm-verity target with a new roothash and signing information, the previously stored data in the LSM blob will become obsolete. It is crucial to re-invoke the hook to refresh these data and ensure they are up to date. This necessity arises from the design of device-mapper, where a device-mapper device is first created, and then targets are subsequently loaded into it. These targets can be modified multiple times during the device’s lifetime. Therefore, while the LSM blob is allocated during the creation of the block device, its actual contents are not initialized at this stage and can change substantially over time. This includes alterations from data that the LSMs ‘trusts’ to those they do not, making it essential to handle these changes correctly. Failure to address this dynamic aspect could potentially allow for bypassing LSM checks.}(hjhhhNhNubeh}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(h **Return**h]j)}(hj߼h]hReturn}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjݼubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubh)}(h1Returns 0 on success, negative values on failure.h]h1Returns 0 on success, negative values on failure.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hh\/var/lib/git/docbuild/linux/Documentation/security/lsm-development:16: ./security/security.chMhjubeh}(h]h ] kernelindentah"]h$]h&]uh1jhhhhhNhNubeh}(h]!linux-security-module-developmentah ]h"]!linux security module developmentah$]h&]uh1hhhhhhhhKubeh}(h]h ]h"]h$]h&]sourcehuh1hcurrent_sourceN current_lineNsettingsdocutils.frontendValues)}(hN generatorN datestampN source_linkN source_urlN toc_backlinksentryfootnote_backlinksK sectnum_xformKstrip_commentsNstrip_elements_with_classesN strip_classesN report_levelK halt_levelKexit_status_levelKdebugNwarning_streamN tracebackinput_encoding utf-8-siginput_encoding_error_handlerstrictoutput_encodingutf-8output_encoding_error_handlerj6error_encodingutf-8error_encoding_error_handlerbackslashreplace language_codeenrecord_dependenciesNconfigN id_prefixhauto_id_prefixid dump_settingsNdump_internalsNdump_transformsNdump_pseudo_xmlNexpose_internalsNstrict_visitorN_disable_configN_sourceh _destinationN _config_files]7/var/lib/git/docbuild/linux/Documentation/docutils.confafile_insertion_enabled raw_enabledKline_length_limitM'pep_referencesN pep_base_urlhttps://peps.python.org/pep_file_url_templatepep-%04drfc_referencesN rfc_base_url&https://datatracker.ietf.org/doc/html/ tab_widthKtrim_footnote_reference_spacesyntax_highlightlong smart_quotessmartquotes_locales]character_level_inline_markupdoctitle_xform docinfo_xformKsectsubtitle_xform image_loadinglinkembed_stylesheetcloak_email_addressessection_self_linkenvNubreporterNindirect_targets]substitution_defs}substitution_names}refnames}refids}nameids}jj s nametypes}jsh}(j hjj(jjjjjRjWju jz j j jGjLjjjjjjj] jb jJ#jO#j%j%j*j*j,j,j/j/j2j2j5j5j%8j*8jc:jh:j=j=j@j@jCjCjEjEjGjHjeJjjJjMjMjWPj\Pj_RjdRjqUjvUjWj WjQYjVYj[j[jD]jI]j_j_jbj bjdjdj+fj0fjgjgjPjjUjjljljiojnojrjrjbujgujwjwj(zj-zj}j }jLjQjjjjjljqjjjj jjjjĎjjj~jjϒjԒjj#jjjjj1j6jjj jjܡjjQjVjͦjҦj^jcjjj4j9jjjjjj j´jǴj]jbjjjju footnote_refs} citation_refs} autofootnotes]autofootnote_refs]symbol_footnotes]symbol_footnote_refs] footnotes] citations]autofootnote_startKsymbol_footnote_startK id_counter collectionsCounter}Rparse_messages]transform_messages] transformerN include_log] decorationNhhub.