Symbol: ns_capable
drivers/connector/connector.c
176
if (ns_capable(net->user_ns, CAP_NET_ADMIN))
drivers/infiniband/core/device.c
172
return ns_capable(net->user_ns, CAP_NET_RAW);
drivers/net/bonding/bond_main.c
4615
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
drivers/net/ipvlan/ipvlan_main.c
455
if (!ns_capable(dev_net(ipvlan->phy_dev)->user_ns, CAP_NET_ADMIN))
drivers/net/ipvlan/ipvlan_main.c
561
if (!ns_capable(dev_net(phy_dev)->user_ns, CAP_NET_ADMIN))
drivers/net/ppp/ppp_generic.c
399
if (!ns_capable(file->f_cred->user_ns, CAP_NET_ADMIN))
drivers/net/tun.c
2757
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
drivers/net/tun.c
3073
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
drivers/net/tun.c
3314
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
drivers/net/tun.c
520
!ns_capable(net->user_ns, CAP_NET_ADMIN);
drivers/net/wireguard/netlink.c
494
ret = !net || !ns_capable(net->user_ns, CAP_NET_ADMIN) ? -EPERM : 0;
fs/attr.c
104
ns_capable(inode->i_sb->s_user_ns, CAP_CHOWN))
fs/attr.c
135
ns_capable(inode->i_sb->s_user_ns, CAP_CHOWN))
fs/fhandle.c
320
if (ns_capable(root->mnt->mnt_sb->s_user_ns, CAP_SYS_ADMIN))
fs/fhandle.c
323
ns_capable(real_mount(root->mnt)->mnt_ns->user_ns,
fs/fhandle.c
331
if (!ns_capable(current_user_ns(), CAP_DAC_READ_SEARCH))
fs/fsopen.c
262
if (!ns_capable(sb->s_user_ns, CAP_SYS_ADMIN)) {
fs/init.c
88
if (!ns_capable(current_user_ns(), CAP_SYS_CHROOT))
fs/inode.c
2706
if (vfsuid_has_mapping(ns, vfsuid) && ns_capable(ns, CAP_FOWNER))
fs/ioctl.c
389
if (!ns_capable(sb->s_user_ns, CAP_SYS_ADMIN))
fs/ioctl.c
406
if (!ns_capable(sb->s_user_ns, CAP_SYS_ADMIN))
fs/namei.c
2749
!ns_capable(fd_file(f)->f_cred->user_ns, CAP_DAC_READ_SEARCH))
fs/namespace.c
1928
if (!ns_capable(sb->s_user_ns, CAP_SYS_ADMIN))
fs/namespace.c
2004
return ns_capable(current->nsproxy->mnt_ns->user_ns, CAP_SYS_ADMIN);
fs/namespace.c
2029
if (flags & MNT_FORCE && !ns_capable(sb->s_user_ns, CAP_SYS_ADMIN))
fs/namespace.c
2396
if (!ns_capable(old_mnt->mnt_ns->user_ns, CAP_SYS_ADMIN))
fs/namespace.c
2838
if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN))
fs/namespace.c
3208
!ns_capable(current_user_ns(), CAP_SYS_ADMIN))
fs/namespace.c
3390
if (ns_capable(sb->s_user_ns, CAP_SYS_ADMIN)) {
fs/namespace.c
4789
if (!ns_capable(fs_userns, CAP_SYS_ADMIN))
fs/namespace.c
5000
if (!ns_capable(mnt_userns, CAP_SYS_ADMIN))
fs/namespace.c
6434
if (!ns_capable(mnt_ns->user_ns, CAP_SYS_ADMIN) ||
fs/namespace.c
6435
!ns_capable(user_ns, CAP_SYS_CHROOT) ||
fs/namespace.c
6436
!ns_capable(user_ns, CAP_SYS_ADMIN))
fs/notify/fanotify/fanotify_user.c
1993
if (!ns_capable(group->user_ns, CAP_SYS_ADMIN) &&
fs/notify/fanotify/fanotify_user.c
2097
if (user_ns && !ns_capable(user_ns, CAP_SYS_ADMIN))
fs/open.c
606
if (!ns_capable(current_user_ns(), CAP_SYS_CHROOT))
fs/proc/base.c
2615
if (!ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE)) {
fs/proc/base.c
2655
if (!ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE)) {
fs/proc/base.c
3195
if (!ns_capable(ns, CAP_SYS_ADMIN))
fs/proc/root.c
154
if (!ns_capable(target->user_ns, CAP_SYS_ADMIN)) {
fs/super.c
699
return ns_capable(fc->user_ns, CAP_SYS_ADMIN);
include/linux/capability.h
148
extern bool ns_capable(struct user_namespace *ns, int cap);
include/linux/capability.h
202
return ns_capable(ns, CAP_CHECKPOINT_RESTORE) ||
include/linux/capability.h
203
ns_capable(ns, CAP_SYS_ADMIN);
ipc/namespace.c
237
if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) ||
ipc/namespace.c
238
!ns_capable(nsset->cred->user_ns, CAP_SYS_ADMIN))
ipc/shm.c
1192
if (!ns_capable(ns->user_ns, CAP_IPC_LOCK)) {
ipc/util.c
568
!ns_capable(ns->user_ns, CAP_IPC_OWNER))
ipc/util.c
740
ns_capable(ns->user_ns, CAP_SYS_ADMIN))
kernel/bpf/token.c
14
return ns_capable(ns, cap) || (cap != CAP_SYS_ADMIN && ns_capable(ns, CAP_SYS_ADMIN));
kernel/bpf/token.c
146
if (!ns_capable(userns, CAP_BPF))
kernel/capability.c
365
EXPORT_SYMBOL(ns_capable);
kernel/capability.c
416
return ns_capable(&init_user_ns, cap);
kernel/capability.c
478
return ns_capable(ns, cap) &&
kernel/cgroup/cgroup-v1.c
1262
if (!ns_capable(ctx->ns->user_ns, CAP_SYS_ADMIN))
kernel/cgroup/namespace.c
64
if (!ns_capable(user_ns, CAP_SYS_ADMIN))
kernel/cgroup/namespace.c
97
if (!ns_capable(nsset->cred->user_ns, CAP_SYS_ADMIN) ||
kernel/cgroup/namespace.c
98
!ns_capable(cgroup_ns->user_ns, CAP_SYS_ADMIN))
kernel/events/core.c
13777
is_capable &= ns_capable(__task_cred(task)->user_ns, CAP_KILL);
kernel/nsproxy.c
181
} else if (!ns_capable(user_ns, CAP_SYS_ADMIN))
kernel/nsproxy.c
223
if (!ns_capable(user_ns, CAP_SYS_ADMIN))
kernel/pid_namespace.c
407
if (!ns_capable(new->user_ns, CAP_SYS_ADMIN) ||
kernel/pid_namespace.c
408
!ns_capable(nsset->cred->user_ns, CAP_SYS_ADMIN))
kernel/pid_sysctl.h
15
if (write && !ns_capable(ns->user_ns, CAP_SYS_ADMIN))
kernel/ptrace.c
272
return ns_capable(ns, CAP_SYS_PTRACE);
kernel/reboot.c
736
if (!ns_capable(pid_ns->user_ns, CAP_SYS_BOOT))
kernel/sched/syscalls.c
1206
if (!ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE))
kernel/signal.c
792
ns_capable(tcred->user_ns, CAP_KILL);
kernel/sys.c
1424
if (!ns_capable(current->nsproxy->uts_ns->user_ns, CAP_SYS_ADMIN))
kernel/sys.c
1478
if (!ns_capable(current->nsproxy->uts_ns->user_ns, CAP_SYS_ADMIN))
kernel/sys.c
1723
if (!id_match && !ns_capable(tcred->user_ns, CAP_SYS_RESOURCE))
kernel/sys.c
226
if (ns_capable(pcred->user_ns, CAP_SYS_NICE))
kernel/time/namespace.c
315
if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) ||
kernel/time/namespace.c
316
!ns_capable(nsset->cred->user_ns, CAP_SYS_ADMIN))
kernel/user_namespace.c
1207
if (ns_capable(ns->parent, cap_setid) &&
kernel/user_namespace.c
1361
if (!ns_capable(user_ns, CAP_SYS_ADMIN))
kernel/utsname.c
132
if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) ||
kernel/utsname.c
133
!ns_capable(nsset->cred->user_ns, CAP_SYS_ADMIN))
net/8021q/vlan.c
602
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/8021q/vlan.c
612
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/8021q/vlan.c
621
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/8021q/vlan.c
630
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/8021q/vlan.c
645
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/8021q/vlan.c
652
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/bridge/br_ioctl.c
219
if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN))
net/bridge/br_ioctl.c
226
if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN))
net/bridge/br_ioctl.c
233
if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN))
net/bridge/br_ioctl.c
240
if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN))
net/bridge/br_ioctl.c
280
if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN))
net/bridge/br_ioctl.c
287
if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN))
net/bridge/br_ioctl.c
296
if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN))
net/bridge/br_ioctl.c
310
if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN))
net/bridge/br_ioctl.c
379
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/bridge/br_ioctl.c
406
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/bridge/br_ioctl.c
430
if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) {
net/bridge/br_ioctl.c
91
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/bridge/br_sysfs_br.c
313
if (!ns_capable(dev_net(br->dev)->user_ns, CAP_NET_ADMIN))
net/bridge/br_sysfs_br.c
42
if (!ns_capable(dev_net(br->dev)->user_ns, CAP_NET_ADMIN))
net/bridge/br_sysfs_if.c
323
if (!ns_capable(dev_net(p->dev)->user_ns, CAP_NET_ADMIN))
net/bridge/netfilter/ebtables.c
2452
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/bridge/netfilter/ebtables.c
2517
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/core/dev_ioctl.c
764
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/core/dev_ioctl.c
806
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/core/net-sysfs.c
173
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/core/net-sysfs.c
1879
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/core/net-sysfs.c
204
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/core/net-sysfs.c
2185
return ns_capable(net->user_ns, CAP_SYS_ADMIN);
net/core/net-sysfs.c
574
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/core/net_namespace.c
1536
if (!ns_capable(net->user_ns, CAP_SYS_ADMIN) ||
net/core/net_namespace.c
1537
!ns_capable(nsset->cred->user_ns, CAP_SYS_ADMIN))
net/core/rtnetlink.c
7015
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/core/scm.c
59
ns_capable(task_active_pid_ns(current)->user_ns, CAP_SYS_ADMIN)) &&
net/core/scm.c
61
uid_eq(uid, cred->suid)) || ns_capable(cred->user_ns, CAP_SETUID)) &&
net/core/scm.c
63
gid_eq(gid, cred->sgid)) || ns_capable(cred->user_ns, CAP_SETGID))) {
net/core/sock.c
1167
return has_current_bpf_ctx() || ns_capable(ns, cap);
net/core/sock.c
175
ns_capable(user_ns, cap);
net/core/sock.c
3018
if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW) &&
net/core/sock.c
3019
!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
net/core/sock.c
649
if (sk->sk_bound_dev_if && !ns_capable(net->user_ns, CAP_NET_RAW))
net/core/sock_diag.c
315
if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
net/ethtool/ioctl.c
3299
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/ieee802154/socket.c
905
if (!ns_capable(net->user_ns, CAP_NET_ADMIN) &&
net/ieee802154/socket.c
906
!ns_capable(net->user_ns, CAP_NET_RAW)) {
net/ieee802154/socket.c
929
if (!ns_capable(net->user_ns, CAP_NET_ADMIN) &&
net/ieee802154/socket.c
930
!ns_capable(net->user_ns, CAP_NET_RAW)) {
net/ipv4/af_inet.c
323
!ns_capable(net->user_ns, CAP_NET_RAW))
net/ipv4/af_inet.c
519
!ns_capable(net->user_ns, CAP_NET_BIND_SERVICE))
net/ipv4/arp.c
1275
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/ipv4/devinet.c
1101
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/ipv4/devinet.c
1109
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/ipv4/devinet.c
2529
if (write && !ns_capable(net->user_ns, CAP_NET_ADMIN))
net/ipv4/fib_frontend.c
634
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/ipv4/ip_options.c
396
if (!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) {
net/ipv4/ip_options.c
431
if ((!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) || opt->cipso) {
net/ipv4/ip_options.c
444
if (!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) {
net/ipv4/ip_tunnel.c
915
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/ipv4/ip_tunnel.c
971
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/ipv4/ipmr.c
1401
!ns_capable(net->user_ns, CAP_NET_ADMIN)) {
net/ipv4/netfilter/arp_tables.c
1419
if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
net/ipv4/netfilter/arp_tables.c
1447
if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
net/ipv4/netfilter/ip_tables.c
1625
if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
net/ipv4/netfilter/ip_tables.c
1654
if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
net/ipv6/addrconf.c
3146
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/ipv6/addrconf.c
3173
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/ipv6/af_inet6.c
174
!ns_capable(net->user_ns, CAP_NET_RAW))
net/ipv6/af_inet6.c
295
!ns_capable(net->user_ns, CAP_NET_BIND_SERVICE))
net/ipv6/anycast.c
77
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/ipv6/datagram.c
878
if (!ns_capable(net->user_ns, CAP_NET_RAW)) {
net/ipv6/datagram.c
898
if (!ns_capable(net->user_ns, CAP_NET_RAW)) {
net/ipv6/datagram.c
923
if (!ns_capable(net->user_ns, CAP_NET_RAW)) {
net/ipv6/ip6_flowlabel.c
593
ns_capable(net->user_ns, CAP_NET_ADMIN)) {
net/ipv6/ip6_gre.c
1287
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/ipv6/ip6_gre.c
1336
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/ipv6/ip6_tunnel.c
1678
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/ipv6/ip6_tunnel.c
1714
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/ipv6/ip6_vti.c
828
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/ipv6/ip6_vti.c
860
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/ipv6/ip6mr.c
1694
!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/ipv6/netfilter/ip6_tables.c
1634
if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
net/ipv6/netfilter/ip6_tables.c
1663
if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
net/ipv6/route.c
4570
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/ipv6/sit.c
1223
if (!ns_capable(t->net->user_ns, CAP_NET_ADMIN))
net/ipv6/sit.c
1252
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/ipv6/sit.c
1331
if (!ns_capable(t->net->user_ns, CAP_NET_ADMIN))
net/ipv6/sit.c
464
if (!ns_capable(t->net->user_ns, CAP_NET_ADMIN))
net/key/af_key.c
145
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/llc/af_llc.c
177
if (!ns_capable(net->user_ns, CAP_NET_RAW))
net/mptcp/sockopt.c
601
cap_net_admin = ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN);
net/netfilter/ipset/ip_set_core.c
2250
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/netfilter/ipvs/ip_vs_ctl.c
2704
if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
net/netfilter/ipvs/ip_vs_ctl.c
3024
if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
net/netlink/af_netlink.c
1697
if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_BROADCAST))
net/netlink/af_netlink.c
852
ns_capable(user_ns, cap);
net/netlink/af_netlink.c
907
ns_capable(sock_net(sock->sk)->user_ns, CAP_NET_ADMIN);
net/netlink/genetlink.c
1832
!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/netlink/genetlink.c
1835
!ns_capable(net->user_ns, CAP_SYS_ADMIN))
net/nfc/rawsock.c
345
if (!ns_capable(net->user_ns, CAP_NET_RAW))
net/packet/af_packet.c
3340
if (!ns_capable(net->user_ns, CAP_NET_RAW))
net/sctp/socket.c
1087
!ns_capable(net->user_ns, CAP_NET_BIND_SERVICE))
net/sctp/socket.c
419
!ns_capable(net->user_ns, CAP_NET_BIND_SERVICE))
net/socket.c
1344
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
net/unix/af_unix.c
3263
if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
net/xdp/xsk.c
1862
if (!ns_capable(net->user_ns, CAP_NET_RAW))
security/commoncap.c
1042
if (!ns_capable(user_ns, CAP_SYS_ADMIN))
security/commoncap.c
1086
if (!ns_capable(user_ns, CAP_SYS_ADMIN))
security/commoncap.c
1215
if (!is_subset && !ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE))
security/commoncap.c
1274
if (!ns_capable(current_user_ns(), CAP_SETPCAP))
security/commoncap.c
180
if (ns_capable(child_cred->user_ns, CAP_SYS_PTRACE))
security/commoncap.c
590
if (ns_capable(inode->i_sb->s_user_ns, CAP_SETFCAP))
security/commoncap.c
954
if (!ns_capable(new->user_ns, CAP_SETUID) ||
security/keys/persistent.c
149
!ns_capable(ns, CAP_SETUID))
security/yama/yama_lsm.c
366
!ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE))
security/yama/yama_lsm.c
372
if (!ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE))