Show patches with: none      |   487 patches
« 1 2 ... 2 3 4 5 »
Patch Series A/R/T S/W/F Date Submitter Delegate State
[RFC,v13,04/20] ipe: add LSM hooks on execution and kernel read Integrity Policy Enforcement LSM (IPE) - - - --- 2024-02-29 Fan Wu pcmoore Handled Elsewhere
[RFC,v13,03/20] ipe: add evaluation loop Integrity Policy Enforcement LSM (IPE) - - - --- 2024-02-29 Fan Wu pcmoore Handled Elsewhere
[RFC,v13,02/20] ipe: add policy parser Integrity Policy Enforcement LSM (IPE) - - - --- 2024-02-29 Fan Wu pcmoore Handled Elsewhere
[RFC,v13,01/20] security: add ipe lsm Integrity Policy Enforcement LSM (IPE) - - - --- 2024-02-29 Fan Wu pcmoore Handled Elsewhere
[v2,25/25] vfs: return -EOPNOTSUPP for fscaps from vfs_*xattr() fs: use type-safe uid representation for filesystem capabilities - - - --- 2024-02-21 Seth Forshee (DigitalOcean) pcmoore Handled Elsewhere
[v2,24/25] commoncap: use vfs fscaps interfaces fs: use type-safe uid representation for filesystem capabilities - - - --- 2024-02-21 Seth Forshee (DigitalOcean) pcmoore Handled Elsewhere
[v2,23/25] commoncap: remove cap_inode_getsecurity() fs: use type-safe uid representation for filesystem capabilities 1 - - --- 2024-02-21 Seth Forshee (DigitalOcean) pcmoore Handled Elsewhere
[v2,22/25] fs: use vfs interfaces for capabilities xattrs fs: use type-safe uid representation for filesystem capabilities - - - --- 2024-02-21 Seth Forshee (DigitalOcean) pcmoore Handled Elsewhere
[v2,21/25] ovl: use vfs_{get,set}_fscaps() for copy-up fs: use type-safe uid representation for filesystem capabilities - 1 - --- 2024-02-21 Seth Forshee (DigitalOcean) pcmoore Handled Elsewhere
[v2,20/25] ovl: add fscaps handlers fs: use type-safe uid representation for filesystem capabilities - - - --- 2024-02-21 Seth Forshee (DigitalOcean) pcmoore Handled Elsewhere
[v2,19/25] fs: add vfs_remove_fscaps() fs: use type-safe uid representation for filesystem capabilities - - - --- 2024-02-21 Seth Forshee (DigitalOcean) pcmoore Handled Elsewhere
[v2,18/25] fs: add vfs_set_fscaps() fs: use type-safe uid representation for filesystem capabilities - - - --- 2024-02-21 Seth Forshee (DigitalOcean) pcmoore Handled Elsewhere
[v2,17/25] fs: add vfs_get_fscaps() fs: use type-safe uid representation for filesystem capabilities - 1 - --- 2024-02-21 Seth Forshee (DigitalOcean) pcmoore Handled Elsewhere
[v2,16/25] fs: add inode operations to get/set/remove fscaps fs: use type-safe uid representation for filesystem capabilities - 1 - --- 2024-02-21 Seth Forshee (DigitalOcean) pcmoore Handled Elsewhere
[v2,15/25] security: call evm fscaps hooks from generic security hooks fs: use type-safe uid representation for filesystem capabilities - - - --- 2024-02-21 Seth Forshee (DigitalOcean) pcmoore Handled Elsewhere
[v2,14/25] evm: add support for fscaps security hooks fs: use type-safe uid representation for filesystem capabilities - - - --- 2024-02-21 Seth Forshee (DigitalOcean) pcmoore Handled Elsewhere
[v2,13/25] smack: add hooks for fscaps operations fs: use type-safe uid representation for filesystem capabilities - - - --- 2024-02-21 Seth Forshee (DigitalOcean) pcmoore Handled Elsewhere
[v2,12/25] selinux: add hooks for fscaps operations fs: use type-safe uid representation for filesystem capabilities - - - --- 2024-02-21 Seth Forshee (DigitalOcean) pcmoore Handled Elsewhere
[v2,11/25] security: add hooks for set/get/remove of fscaps fs: use type-safe uid representation for filesystem capabilities 1 1 - --- 2024-02-21 Seth Forshee (DigitalOcean) pcmoore Handled Elsewhere
[v2,10/25] xattr: use is_fscaps_xattr() fs: use type-safe uid representation for filesystem capabilities - 1 - --- 2024-02-21 Seth Forshee (DigitalOcean) pcmoore Handled Elsewhere
[v2,09/25] commoncap: use is_fscaps_xattr() fs: use type-safe uid representation for filesystem capabilities - 1 - --- 2024-02-21 Seth Forshee (DigitalOcean) pcmoore Handled Elsewhere
[v2,08/25] xattr: add is_fscaps_xattr() helper fs: use type-safe uid representation for filesystem capabilities - 1 - --- 2024-02-21 Seth Forshee (DigitalOcean) pcmoore Handled Elsewhere
[v2,07/25] capability: provide a helper for converting vfs_caps to xattr for userspace fs: use type-safe uid representation for filesystem capabilities - 1 - --- 2024-02-21 Seth Forshee (DigitalOcean) pcmoore Handled Elsewhere
[v2,06/25] capability: provide helpers for converting between xattrs and vfs_caps fs: use type-safe uid representation for filesystem capabilities - - - --- 2024-02-21 Seth Forshee (DigitalOcean) pcmoore Handled Elsewhere
[v2,05/25] capability: use vfsuid_t for vfs_caps rootids fs: use type-safe uid representation for filesystem capabilities 1 1 - --- 2024-02-21 Seth Forshee (DigitalOcean) pcmoore Handled Elsewhere
[v2,04/25] capability: rename cpu_vfs_cap_data to vfs_caps fs: use type-safe uid representation for filesystem capabilities 1 1 - --- 2024-02-21 Seth Forshee (DigitalOcean) pcmoore Handled Elsewhere
[v2,03/25] capability: add static asserts for comapatibility of vfs_cap_data and vfs_ns_cap_data fs: use type-safe uid representation for filesystem capabilities - 1 - --- 2024-02-21 Seth Forshee (DigitalOcean) pcmoore Handled Elsewhere
[v2,02/25] mnt_idmapping: include cred.h fs: use type-safe uid representation for filesystem capabilities - 1 - --- 2024-02-21 Seth Forshee (DigitalOcean) pcmoore Handled Elsewhere
[v2,01/25] mnt_idmapping: split out core vfs[ug]id_t definitions into vfsid.h fs: use type-safe uid representation for filesystem capabilities - 1 - --- 2024-02-21 Seth Forshee (DigitalOcean) pcmoore Handled Elsewhere
[RFC,v12,20/20] documentation: add ipe documentation Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Handled Elsewhere
[RFC,v12,19/20] ipe: kunit test for parser Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Handled Elsewhere
[RFC,v12,18/20] scripts: add boot policy generation program Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Handled Elsewhere
[RFC,v12,17/20] ipe: enable support for fs-verity as a trust provider Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Handled Elsewhere
[RFC,v12,16/20] fsverity: consume builtin signature via LSM hook Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Handled Elsewhere
[RFC,v12,15/20] ipe: add support for dm-verity as a trust provider Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Handled Elsewhere
[RFC,v12,14/20] dm verity: consume root hash digest and signature data via LSM hook Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Handled Elsewhere
[RFC,v12,13/20] dm: add finalize hook to target_type Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Handled Elsewhere
[RFC,v12,12/20] dm verity: set DM_TARGET_SINGLETON feature flag Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Handled Elsewhere
[RFC,v12,11/20] block|security: add LSM blob to block_device Integrity Policy Enforcement LSM (IPE) - 1 - --- 2024-01-30 Fan Wu pcmoore Handled Elsewhere
[RFC,v12,10/20] ipe: add permissive toggle Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Handled Elsewhere
[RFC,v12,09/20] uapi|audit|ipe: add ipe auditing support Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Handled Elsewhere
[RFC,v12,08/20] ipe: add userspace interface Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Handled Elsewhere
[RFC,v12,07/20] security: add new securityfs delete function Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Handled Elsewhere
[RFC,v12,06/20] ipe: introduce 'boot_verified' as a trust provider Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Handled Elsewhere
[RFC,v12,05/20] initramfs|security: Add security hook to initramfs unpack Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Handled Elsewhere
[RFC,v12,04/20] ipe: add LSM hooks on execution and kernel read Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Handled Elsewhere
[RFC,v12,03/20] ipe: add evaluation loop Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Handled Elsewhere
[RFC,v12,02/20] ipe: add policy parser Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Handled Elsewhere
[RFC,v12,01/20] security: add ipe lsm Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Handled Elsewhere
audit: Use KMEM_CACHE instead of kmem_cache_create audit: Use KMEM_CACHE instead of kmem_cache_create - - - --- 2024-01-24 Kunwu pcmoore Accepted
io_uring: enable audit and restrict cred override for IORING_OP_FIXED_FD_INSTALL io_uring: enable audit and restrict cred override for IORING_OP_FIXED_FD_INSTALL - - - --- 2024-01-23 Paul Moore pcmoore Handled Elsewhere
[GIT,PULL] audit/audit-pr-20240105 [GIT,PULL] audit/audit-pr-20240105 - - - --- 2024-01-05 Paul Moore pcmoore Accepted
kernel: auditfilter: Remove unnecessary ‘0’ values from ret kernel: auditfilter: Remove unnecessary ‘0’ values from ret - - - --- 2023-12-28 Li zeming pcmoore Accepted
[v39,18/42] LSM: Use lsmcontext in security_lsmblob_to_secctx Untitled series #810617 - - - --- 2023-12-15 Casey Schaufler pcmoore Handled Elsewhere
[v39,17/42] LSM: Use lsmcontext in security_secid_to_secctx Untitled series #810617 - - - --- 2023-12-15 Casey Schaufler pcmoore Handled Elsewhere
[v39,16/42] LSM: Ensure the correct LSM context releaser Untitled series #810617 3 2 - --- 2023-12-15 Casey Schaufler pcmoore Handled Elsewhere
[v39,13/42] LSM: Create new security_cred_getlsmblob LSM hook Untitled series #810617 2 2 - --- 2023-12-15 Casey Schaufler pcmoore Handled Elsewhere
[v39,11/42] LSM: Use lsmblob in security_inode_getsecid Untitled series #810617 2 2 - --- 2023-12-15 Casey Schaufler pcmoore Handled Elsewhere
[v39,08/42] LSM: Use lsmblob in security_ipc_getsecid Untitled series #810617 2 2 - --- 2023-12-15 Casey Schaufler pcmoore Handled Elsewhere
[2/2] audit: Apply special optimizations audit: Further reduce syscall latency - - - --- 2023-12-12 Haakon Bugge pcmoore Not Applicable
[2/2] audit: Apply codegen optimizations Untitled series #809161 - - - --- 2023-12-12 Haakon Bugge pcmoore Rejected
[1/2] audit: Vary struct audit_entry alignment audit: Further reduce syscall latency - - - --- 2023-12-12 Haakon Bugge pcmoore Rejected
[16/16] vfs: return -EOPNOTSUPP for fscaps from vfs_*xattr() fs: use type-safe uid representation for filesystem capabilities - - - --- 2023-11-29 Seth Forshee (DigitalOcean) Handled Elsewhere
[15/16] commoncap: use vfs fscaps interfaces for killpriv checks fs: use type-safe uid representation for filesystem capabilities - - - --- 2023-11-29 Seth Forshee (DigitalOcean) Handled Elsewhere
[14/16] commoncap: remove cap_inode_getsecurity() fs: use type-safe uid representation for filesystem capabilities 1 - - --- 2023-11-29 Seth Forshee (DigitalOcean) Handled Elsewhere
[13/16] fs: use vfs interfaces for capabilities xattrs fs: use type-safe uid representation for filesystem capabilities - - - --- 2023-11-29 Seth Forshee (DigitalOcean) Handled Elsewhere
[12/16] ovl: use vfs_{get,set}_fscaps() for copy-up fs: use type-safe uid representation for filesystem capabilities - 1 - --- 2023-11-29 Seth Forshee (DigitalOcean) Handled Elsewhere
[11/16] ovl: add fscaps handlers fs: use type-safe uid representation for filesystem capabilities - - - --- 2023-11-29 Seth Forshee (DigitalOcean) Handled Elsewhere
[10/16] fs: add vfs_remove_fscaps() fs: use type-safe uid representation for filesystem capabilities - - - --- 2023-11-29 Seth Forshee (DigitalOcean) Handled Elsewhere
[09/16] fs: add vfs_set_fscaps() fs: use type-safe uid representation for filesystem capabilities - - - --- 2023-11-29 Seth Forshee (DigitalOcean) Handled Elsewhere
[08/16] fs: add vfs_get_fscaps() fs: use type-safe uid representation for filesystem capabilities - - - --- 2023-11-29 Seth Forshee (DigitalOcean) Handled Elsewhere
[07/16] fs: add inode operations to get/set/remove fscaps fs: use type-safe uid representation for filesystem capabilities - 1 - --- 2023-11-29 Seth Forshee (DigitalOcean) Handled Elsewhere
[06/16] capability: provide a helper for converting vfs_caps to xattr for userspace fs: use type-safe uid representation for filesystem capabilities - - - --- 2023-11-29 Seth Forshee (DigitalOcean) Handled Elsewhere
[05/16] capability: provide helpers for converting between xattrs and vfs_caps fs: use type-safe uid representation for filesystem capabilities - - - --- 2023-11-29 Seth Forshee (DigitalOcean) Handled Elsewhere
[04/16] capability: use vfsuid_t for vfs_caps rootids fs: use type-safe uid representation for filesystem capabilities 1 - - --- 2023-11-29 Seth Forshee (DigitalOcean) Handled Elsewhere
[03/16] capability: rename cpu_vfs_cap_data to vfs_caps fs: use type-safe uid representation for filesystem capabilities 1 1 - --- 2023-11-29 Seth Forshee (DigitalOcean) Handled Elsewhere
[02/16] mnt_idmapping: include cred.h fs: use type-safe uid representation for filesystem capabilities - - - --- 2023-11-29 Seth Forshee (DigitalOcean) Handled Elsewhere
[01/16] mnt_idmapping: split out core vfs[ug]id_t definitions into vfsid.h fs: use type-safe uid representation for filesystem capabilities - - - --- 2023-11-29 Seth Forshee (DigitalOcean) Handled Elsewhere
[GIT,PULL] audit/audit-pr-20231116 [GIT,PULL] audit/audit-pr-20231116 - - - --- 2023-11-16 Paul Moore pcmoore Accepted
MAINTAINERS: update the audit entry MAINTAINERS: update the audit entry - - - --- 2023-11-15 Paul Moore pcmoore Accepted
audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare() audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare() - - - --- 2023-11-15 Paul Moore pcmoore Accepted
[GIT,PULL] audit/audit-pr-20231030 [GIT,PULL] audit/audit-pr-20231030 - - - --- 2023-10-31 Paul Moore pcmoore Accepted
[v3] audit: don't take task_lock() in audit_exe_compare() code path [v3] audit: don't take task_lock() in audit_exe_compare() code path - 2 - --- 2023-10-24 Paul Moore pcmoore Accepted
[v2] audit: don't take task_lock() in audit_exe_compare() code path [v2] audit: don't take task_lock() in audit_exe_compare() code path - 1 - --- 2023-10-24 Paul Moore pcmoore Superseded
audit: use mmget() instead of get_task_exe_file() when auditing @current audit: use mmget() instead of get_task_exe_file() when auditing @current - - - --- 2023-10-18 Paul Moore pcmoore Superseded
[v2] audit: Send netlink ACK before setting connection in auditd_set [v2] audit: Send netlink ACK before setting connection in auditd_set - - - --- 2023-10-18 Chris Riches pcmoore Accepted
audit,io_uring: io_uring openat triggers audit reference count underflow audit,io_uring: io_uring openat triggers audit reference count underflow 1 1 - --- 2023-10-12 Dan Clash pcmoore Accepted
[nf,v2] netfilter: nf_tables: audit log object reset once per table [nf,v2] netfilter: nf_tables: audit log object reset once per table 1 1 - --- 2023-10-11 Phil Sutter pcmoore Handled Elsewhere
audit: io_uring openat triggers audit reference count underflow in worker thread audit: io_uring openat triggers audit reference count underflow in worker thread - - - --- 2023-10-06 Dan Clash pcmoore Changes Requested
[RFC,v11,19/19] documentation: add ipe documentation Integrity Policy Enforcement LSM (IPE) - - - --- 2023-10-04 Fan Wu pcmoore Handled Elsewhere
[RFC,v11,18/19] ipe: kunit test for parser Integrity Policy Enforcement LSM (IPE) - - - --- 2023-10-04 Fan Wu pcmoore Handled Elsewhere
[RFC,v11,17/19] scripts: add boot policy generation program Integrity Policy Enforcement LSM (IPE) - - - --- 2023-10-04 Fan Wu pcmoore Handled Elsewhere
[RFC,v11,16/19] ipe: enable support for fs-verity as a trust provider Integrity Policy Enforcement LSM (IPE) - - - --- 2023-10-04 Fan Wu pcmoore Handled Elsewhere
[RFC,v11,15/19] fsverity: consume builtin signature via LSM hook Integrity Policy Enforcement LSM (IPE) - - - --- 2023-10-04 Fan Wu pcmoore Handled Elsewhere
[RFC,v11,14/19] ipe: add support for dm-verity as a trust provider Integrity Policy Enforcement LSM (IPE) - - - --- 2023-10-04 Fan Wu pcmoore Handled Elsewhere
[RFC,v11,13/19] dm verity: consume root hash digest and signature data via LSM hook Integrity Policy Enforcement LSM (IPE) - - - --- 2023-10-04 Fan Wu pcmoore Handled Elsewhere
[RFC,v11,12/19] dm: add finalize hook to target_type Integrity Policy Enforcement LSM (IPE) - - - --- 2023-10-04 Fan Wu pcmoore Handled Elsewhere
[RFC,v11,11/19] dm verity: set DM_TARGET_SINGLETON feature flag Integrity Policy Enforcement LSM (IPE) - - - --- 2023-10-04 Fan Wu pcmoore Handled Elsewhere
[RFC,v11,10/19] block|security: add LSM blob to block_device Integrity Policy Enforcement LSM (IPE) - 1 - --- 2023-10-04 Fan Wu pcmoore Handled Elsewhere
[RFC,v11,09/19] ipe: add permissive toggle Integrity Policy Enforcement LSM (IPE) - - - --- 2023-10-04 Fan Wu pcmoore Handled Elsewhere
« 1 2 ... 2 3 4 5 »