Security modules development

Show patches with: State = Action Required | Archived = No | 144 patches

« 1 2 »

Patch	Series	A/R/T	S/W/F	Date	Submitter	Delegate	State
[v3,4/5] Audit: multiple subject lsm values for netlabel	[v3,1/5] Audit: Create audit_stamp structure	- - -	---	2025-03-19	Casey Schaufler		New
[v3,3/5] Audit: Add record for multiple task security contexts	[v3,1/5] Audit: Create audit_stamp structure	- - -	---	2025-03-19	Casey Schaufler		New
[v3,2/5] LSM: security_lsmblob_to_secctx module selection	[v3,1/5] Audit: Create audit_stamp structure	- - -	---	2025-03-19	Casey Schaufler		New
[v3,1/5] Audit: Create audit_stamp structure	[v3,1/5] Audit: Create audit_stamp structure	- - -	---	2025-03-19	Casey Schaufler		New
[v2] keys: Fix UAF in key_put()	[v2] keys: Fix UAF in key_put()	- 1 1	---	2025-03-19	David Howells		New
apparmor: make __begin_current_label_crit_section() indicate whether put is needed	apparmor: make __begin_current_label_crit_section() indicate whether put is needed	- - -	---	2025-03-18	Mateusz Guzik		New
[v2,8/8] landlock: Document errata	Landlock signal scope fix and errata interface	- - -	---	2025-03-18	Mickaël Salaün		New
[v2,7/8] selftests/landlock: Add a new test for setuid()	Landlock signal scope fix and errata interface	- - -	---	2025-03-18	Mickaël Salaün		New
[v2,6/8] selftests/landlock: Split signal_scoping_threads tests	Landlock signal scope fix and errata interface	- - -	---	2025-03-18	Mickaël Salaün		New
[v2,5/8] landlock: Always allow signals between threads of the same process	Landlock signal scope fix and errata interface	1 - -	---	2025-03-18	Mickaël Salaün		New
[v2,4/8] landlock: Prepare to add second errata	Landlock signal scope fix and errata interface	- - -	---	2025-03-18	Mickaël Salaün		New
[v2,3/8] landlock: Add erratum for TCP fix	Landlock signal scope fix and errata interface	- - -	---	2025-03-18	Mickaël Salaün		New
[v2,2/8] landlock: Add the errata interface	Landlock signal scope fix and errata interface	- - -	---	2025-03-18	Mickaël Salaün		New
[v2,1/8] landlock: Move code to ease future backports	Landlock signal scope fix and errata interface	- - -	---	2025-03-18	Mickaël Salaün		New
keys: Fix UAF in key_put()	keys: Fix UAF in key_put()	- - 1	---	2025-03-18	David Howells		New
[v10,8/8] ima: measure kexec load and exec events as critical data	ima: kexec: measure events between kexec load and execute	- 1 -	---	2025-03-18	steven chen		New
[v10,7/8] ima: make the kexec extra memory configurable	ima: kexec: measure events between kexec load and execute	- 2 -	---	2025-03-18	steven chen		New
[v10,6/8] ima: kexec: move IMA log copy from kexec load to execute	ima: kexec: measure events between kexec load and execute	- 1 -	---	2025-03-18	steven chen		New
[v10,5/8] ima: kexec: define functions to copy IMA log at soft boot	ima: kexec: measure events between kexec load and execute	- 1 -	---	2025-03-18	steven chen		New
[v10,4/8] ima: kexec: skip IMA segment validation after kexec soft reboot	ima: kexec: measure events between kexec load and execute	1 2 -	---	2025-03-18	steven chen		New
[v10,3/8] kexec: define functions to map and unmap segments	ima: kexec: measure events between kexec load and execute	1 - -	---	2025-03-18	steven chen		New
[v10,2/8] ima: define and call ima_alloc_kexec_file_buf()	ima: kexec: measure events between kexec load and execute	- - -	---	2025-03-18	steven chen		New
[v10,1/8] ima: rename variable the ser_file "file" to "ima_kexec_file"	ima: kexec: measure events between kexec load and execute	- 1 -	---	2025-03-18	steven chen		New
[v2,2/2] smack: fix bug: setting task label silently ignores input garbage	smack: fix two bugs in setting task label	- - -	---	2025-03-15	Konstantin Andreev		New
[v2,1/2] smack: fix bug: unprivileged task can create labels	smack: fix two bugs in setting task label	- - -	---	2025-03-15	Konstantin Andreev		New
[v2] crypto: lib/Kconfig: hide library options	[v2] crypto: lib/Kconfig: hide library options	1 - -	---	2025-03-14	Arnd Bergmann		New
[RFC,1/1] fix NULL mnt [was Re: apparmor NULL pointer dereference on resume [efivarfs]]	[RFC,1/1] fix NULL mnt [was Re: apparmor NULL pointer dereference on resume [efivarfs]]	- - -	---	2025-03-14	James Bottomley		New
[v5] hwmon: (pmbus/tps53679) Add support for TPS53685	[v5] hwmon: (pmbus/tps53679) Add support for TPS53685	- - -	---	2025-03-14	Chiang Brian		New
[v5,1/1] ipe: add errno field to IPE policy load auditing	ipe: add errno field to IPE policy load auditing	- - -	---	2025-03-13	Jasjiv Singh		New
[RFC,v1,7/7] ima: make SHA1 non-mandatory	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-13	Nicolai Stange		New
[RFC,v1,6/7] ima: invalidate unsupported PCR banks once at first use	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-13	Nicolai Stange		New
[RFC,v1,5/7] tpm: enable bank selection for PCR extend	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-13	Nicolai Stange		New
[RFC,v1,4/7] ima: track the set of PCRs ever extended	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-13	Nicolai Stange		New
[RFC,v1,3/7] ima: move INVALID_PCR() to ima.h	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-13	Nicolai Stange		New
[RFC,v1,2/7] ima: always create runtime_measurements sysfs file for ima_hash	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-13	Nicolai Stange		New
[RFC,v1,1/7] ima: don't expose runtime_measurements for unsupported hashes	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-13	Nicolai Stange		New
[RFC,v1] landlock: Allow signals between threads of the same process	[RFC,v1] landlock: Allow signals between threads of the same process	1 - -	---	2025-03-13	Mickaël Salaün		New
RDMA/uverbs: Consider capability of the process that opens the file	RDMA/uverbs: Consider capability of the process that opens the file	- - -	---	2025-03-13	Parav Pandit		New
[RFC,6/6] tomoyo: explicitly skip mediation of O_PATH file descriptors	fs, lsm: mediate O_PATH fd creation in file_open hook	- - -	---	2025-03-12	Ryan Lee		New
[RFC,5/6] smack: explicitly skip mediation of O_PATH file descriptors	fs, lsm: mediate O_PATH fd creation in file_open hook	- - -	---	2025-03-12	Ryan Lee		New
[RFC,4/6] selinux: explicitly skip mediation of O_PATH file descriptors	fs, lsm: mediate O_PATH fd creation in file_open hook	- - -	---	2025-03-12	Ryan Lee		New
[RFC,3/6] landlock: explicitly skip mediation of O_PATH file descriptors	fs, lsm: mediate O_PATH fd creation in file_open hook	- - -	---	2025-03-12	Ryan Lee		New
[RFC,2/6] apparmor: explicitly skip mediation of O_PATH file descriptors	fs, lsm: mediate O_PATH fd creation in file_open hook	- - -	---	2025-03-12	Ryan Lee		New
[RFC,1/6] fs: invoke LSM file_open hook in do_dentry_open for O_PATH fds as well	fs, lsm: mediate O_PATH fd creation in file_open hook	- - -	---	2025-03-12	Ryan Lee		New
[v7,bpf-next,2/2] selftests/bpf: Add a kernel flag test for LSM bpf hook	security: Propagate caller information in bpf hooks	1 - -	---	2025-03-10	Blaise Boscaccy		New
[v7,bpf-next,1/2] security: Propagate caller information in bpf hooks	security: Propagate caller information in bpf hooks	2 - -	---	2025-03-10	Blaise Boscaccy		New
RDMA/uverbs: Fix CAP_NET_RAW check for flow create in user namespace	RDMA/uverbs: Fix CAP_NET_RAW check for flow create in user namespace	- - -	---	2025-03-08	Parav Pandit		Under Review
[v6,bpf-next,2/2] selftests/bpf: Add a kernel flag test for LSM bpf hook	security: Propagate caller information in bpf hooks	- - -	---	2025-03-08	Blaise Boscaccy	pcmoore	Under Review
[v6,bpf-next,1/2] security: Propagate caller information in bpf hooks	security: Propagate caller information in bpf hooks	2 - -	---	2025-03-08	Blaise Boscaccy	pcmoore	Under Review
[v5,bpf-next,2/2] selftests/bpf: Add a kernel flag test for LSM bpf hook	security: Propagate caller information in bpf hooks	- - -	---	2025-03-07	Blaise Boscaccy	pcmoore	Under Review
[v5,bpf-next,1/2] security: Propagate caller information in bpf hooks	security: Propagate caller information in bpf hooks	2 - -	---	2025-03-07	Blaise Boscaccy	pcmoore	Under Review
[RFC] MAINTAINERS: add an explicit credentials entry	[RFC] MAINTAINERS: add an explicit credentials entry	1 - -	---	2025-03-04	Paul Moore	pcmoore	Under Review
[v4,bpf-next,2/2] selftests/bpf: Add is_kernel parameter to LSM/bpf test programs	security: Propagate caller information in bpf hooks	- - -	---	2025-03-04	Blaise Boscaccy	pcmoore	Under Review
[v4,bpf-next,1/2] security: Propagate caller information in bpf hooks	security: Propagate caller information in bpf hooks	2 - -	---	2025-03-04	Blaise Boscaccy	pcmoore	Under Review
[v2] capability: Remove unused has_capability	[v2] capability: Remove unused has_capability	1 1 -	---	2024-12-19	Dr. David Alan Gilbert	pcmoore	Under Review
lsm: integrity: Allow enable/disable ima and evm with lsm= cmdline	lsm: integrity: Allow enable/disable ima and evm with lsm= cmdline	- - -	---	2024-12-18	Song Liu	pcmoore	New
[6/6] Audit: Add record for multiple object contexts	[1/6] Audit: Create audit_stamp structure	- - -	---	2024-12-17	Casey Schaufler	pcmoore	New
[5/6] Audit: multiple subject lsm values for netlabel	[1/6] Audit: Create audit_stamp structure	- - -	---	2024-12-17	Casey Schaufler	pcmoore	New
[4/6] Audit: Add record for multiple task security contexts	[1/6] Audit: Create audit_stamp structure	- - -	---	2024-12-17	Casey Schaufler	pcmoore	New
[3/6] LSM: security_lsmblob_to_secctx module selection	[1/6] Audit: Create audit_stamp structure	- - -	---	2024-12-17	Casey Schaufler	pcmoore	New
[2/6] Audit: Allow multiple records in an audit_buffer	[1/6] Audit: Create audit_stamp structure	- - -	---	2024-12-17	Casey Schaufler	pcmoore	New
[1/6] Audit: Create audit_stamp structure	[1/6] Audit: Create audit_stamp structure	- - -	---	2024-12-17	Casey Schaufler	pcmoore	New
capability: Remove unused has_capability	capability: Remove unused has_capability	- 1 -	---	2024-12-15	Dr. David Alan Gilbert	pcmoore	Under Review
lsm: add reserved flag in lsm_prop struct	lsm: add reserved flag in lsm_prop struct	- - -	---	2024-12-06	李豪杰	pcmoore	Under Review
[01/11] coccinelle: Add script to reorder capable() calls	[01/11] coccinelle: Add script to reorder capable() calls	- 1 -	---	2024-11-25	Christian Göttsche	pcmoore	New
[11/11] infiniband: reorder capability check last	[01/11] coccinelle: Add script to reorder capable() calls	- - -	---	2024-11-25	Christian Göttsche	pcmoore	New
[10/11] skbuff: reorder capability check last	[01/11] coccinelle: Add script to reorder capable() calls	- - -	---	2024-11-25	Christian Göttsche	pcmoore	New
[09/11] fs: reorder capability check last	[01/11] coccinelle: Add script to reorder capable() calls	- 1 -	---	2024-11-25	Christian Göttsche	pcmoore	New
[08/11] gfs2: reorder capability check last	[01/11] coccinelle: Add script to reorder capable() calls	- - -	---	2024-11-25	Christian Göttsche	pcmoore	New
[07/11] ipv4: reorder capability check last	[01/11] coccinelle: Add script to reorder capable() calls	- - -	---	2024-11-25	Christian Göttsche	pcmoore	New
[06/11] ubifs: reorder capability check last	[01/11] coccinelle: Add script to reorder capable() calls	1 - -	---	2024-11-25	Christian Göttsche	pcmoore	New
[05/11] genwqe: reorder capability check last	[01/11] coccinelle: Add script to reorder capable() calls	- - -	---	2024-11-25	Christian Göttsche	pcmoore	New
[04/11] hugetlbfs: reorder capability check last	[01/11] coccinelle: Add script to reorder capable() calls	- - -	---	2024-11-25	Christian Göttsche	pcmoore	New
[03/11] ext4: reorder capability check last	[01/11] coccinelle: Add script to reorder capable() calls	- - -	---	2024-11-25	Christian Göttsche	pcmoore	New
[02/11] quota: reorder capability check last	[01/11] coccinelle: Add script to reorder capable() calls	- - -	---	2024-11-25	Christian Göttsche	pcmoore	New
[v21,6/6] samples/check-exec: Add an enlighten "inc" interpreter and 28 tests	Script execution control (was O_MAYEXEC)	- - -	---	2024-11-12	Mickaël Salaün	pcmoore	New
[v21,5/6] samples/check-exec: Add set-exec	Script execution control (was O_MAYEXEC)	- - -	---	2024-11-12	Mickaël Salaün	pcmoore	New
[v21,4/6] selftests/landlock: Add tests for execveat + AT_EXECVE_CHECK	Script execution control (was O_MAYEXEC)	- - -	---	2024-11-12	Mickaël Salaün	pcmoore	New
[v21,3/6] selftests/exec: Add 32 tests for AT_EXECVE_CHECK and exec securebits	Script execution control (was O_MAYEXEC)	- - -	---	2024-11-12	Mickaël Salaün	pcmoore	New
[v21,2/6] security: Add EXEC_RESTRICT_FILE and EXEC_DENY_INTERACTIVE securebits	Script execution control (was O_MAYEXEC)	- 1 -	---	2024-11-12	Mickaël Salaün	pcmoore	New
[v21,1/6] exec: Add a new AT_EXECVE_CHECK flag to execveat(2)	Script execution control (was O_MAYEXEC)	1 1 -	---	2024-11-12	Mickaël Salaün	pcmoore	New
selinux,xfrm: fix dangling refcount on deferred skb free	selinux,xfrm: fix dangling refcount on deferred skb free	- - -	---	2024-11-06	Ondrej Mosnacek	pcmoore	Under Review
[v2] mm: Split critical region in remap_file_pages() and invoke LSMs in between	[v2] mm: Split critical region in remap_file_pages() and invoke LSMs in between	- 5 2	---	2024-10-18	Roberto Sassu	pcmoore	Under Review
[RFC,v4] mm: move the check of READ_IMPLIES_EXEC out of do_mmap()	[RFC,v4] mm: move the check of READ_IMPLIES_EXEC out of do_mmap()	- - -	---	2024-09-28	Shu Han		Under Review
mm: move security_file_mmap() back into do_mmap()	mm: move security_file_mmap() back into do_mmap()	- - -	---	2024-09-25	Shu Han		Under Review
mm: move the check of READ_IMPLIES_EXEC out of do_mmap()	mm: move the check of READ_IMPLIES_EXEC out of do_mmap()	- - -	---	2024-09-25	Shu Han		Under Review
[v2,2/2] security: remove unused cred_alloc_blank/cred_transfer helpers	get rid of cred_transfer	- - -	---	2024-08-05	Jann Horn	pcmoore	Under Review
[v2,1/2] KEYS: use synchronous task work for changing parent credentials	get rid of cred_transfer	- - -	---	2024-08-05	Jann Horn	pcmoore	Under Review
[RFC,1/2] lsm: introduce new hook security_vm_execstack	[RFC,1/2] lsm: introduce new hook security_vm_execstack	- - -	---	2024-03-15	Christian Göttsche	pcmoore	Under Review
[RFC,2/2] selinux: wire up new execstack LSM hook	[RFC,1/2] lsm: introduce new hook security_vm_execstack	- - -	---	2024-03-15	Christian Göttsche	pcmoore	Under Review
[10/10] coccinelle: add script for capable_any()	[01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY	- - -	---	2024-03-15	Christian Göttsche	pcmoore	Under Review
[09/10] bpf: use new capable_any functionality	[01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY	1 - -	---	2024-03-15	Christian Göttsche	pcmoore	Under Review
[08/10] net: use new capable_any functionality	[01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY	- 1 -	---	2024-03-15	Christian Göttsche	pcmoore	Under Review
[07/10] kernel: use new capable_any functionality	[01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY	- 2 -	---	2024-03-15	Christian Göttsche	pcmoore	Under Review
[06/10] fs: use new capable_any functionality	[01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY	1 - -	---	2024-03-15	Christian Göttsche	pcmoore	Under Review
[05/10] drivers: use new capable_any functionality	[01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY	2 - -	---	2024-03-15	Christian Göttsche	pcmoore	Under Review
[04/10] block: use new capable_any functionality	[01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY	- - -	---	2024-03-15	Christian Göttsche	pcmoore	Under Review
[03/10] capability: use new capable_any functionality	[01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY	1 - -	---	2024-03-15	Christian Göttsche	pcmoore	Under Review
[02/10] capability: add any wrappers to test for multiple caps with exactly one audit message	[01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY	- 1 -	---	2024-03-15	Christian Göttsche	pcmoore	Under Review
[01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY	[01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY	2 1 -	---	2024-03-15	Christian Göttsche	pcmoore	Under Review

« 1 2 »