Show patches with: none      |   16806 patches
« 1 2 ... 6 7 8168 169 »
Patch Series A/R/T S/W/F Date Submitter Delegate State
[v15,2/4] kernel: Add helper macros for loop unrolling Reduce overhead of LSMs with static calls 3 3 - --- 2024-08-16 KP Singh pcmoore Accepted
[v15,1/4] init/main.c: Initialize early LSMs after arch code, static keys and calls. Reduce overhead of LSMs with static calls - - - --- 2024-08-16 KP Singh pcmoore Accepted
[RFC,v1,4/4] selftests/landlock: Add realworld workload based on find tool Implement performance impact measurement tool - - - --- 2024-08-16 Mikhail Ivanov Handled Elsewhere
[RFC,v1,3/4] selftests/landlock: Implement custom libbpf-based tracer Implement performance impact measurement tool - - - --- 2024-08-16 Mikhail Ivanov Handled Elsewhere
[RFC,v1,2/4] selftests/landlock: Implement per-syscall microbenchmarks Implement performance impact measurement tool - - - --- 2024-08-16 Mikhail Ivanov Handled Elsewhere
[RFC,v1,1/4] selftests/landlock: Implement performance impact measurement tool Implement performance impact measurement tool - - - --- 2024-08-16 Mikhail Ivanov Handled Elsewhere
[v3,6/6] Landlock: Document LANDLOCK_SCOPED_SIGNAL Landlock: Signal Scoping Support - - - --- 2024-08-15 Tahera Fahimi Handled Elsewhere
[v3,5/6] sample/Landlock: Support signal scoping restriction Landlock: Signal Scoping Support - - - --- 2024-08-15 Tahera Fahimi Handled Elsewhere
[v3,4/6] selftest/Landlock: pthread_kill(3) tests Landlock: Signal Scoping Support - - - --- 2024-08-15 Tahera Fahimi Handled Elsewhere
[v3,3/6] selftest/Landlock: Signal restriction tests Landlock: Signal Scoping Support - - - --- 2024-08-15 Tahera Fahimi Handled Elsewhere
[v3,2/6] Landlock: Adding file_send_sigiotask signal scoping support Landlock: Signal Scoping Support - - - --- 2024-08-15 Tahera Fahimi Handled Elsewhere
[v3,1/6] Landlock: Add signal control Landlock: Signal Scoping Support - - - --- 2024-08-15 Tahera Fahimi Handled Elsewhere
[GIT,PULL] selinux/selinux-pr-20240814 [GIT,PULL] selinux/selinux-pr-20240814 - - - --- 2024-08-14 Paul Moore pcmoore Handled Elsewhere
[v9,5/5] Landlock: Document LANDLOCK_SCOPED_ABSTRACT_UNIX_SOCKET and ABI versioning Landlock: Add abstract unix socket connect restriction - - - --- 2024-08-14 Tahera Fahimi Handled Elsewhere
[v9,4/5] sample/Landlock: Support abstract unix socket restriction Landlock: Add abstract unix socket connect restriction - - - --- 2024-08-14 Tahera Fahimi Handled Elsewhere
[v9,3/5] selftests/Landlock: Adding pathname Unix socket tests Landlock: Add abstract unix socket connect restriction - - - --- 2024-08-14 Tahera Fahimi Handled Elsewhere
[v9,2/5] selftests/Landlock: Abstract unix socket restriction tests Landlock: Add abstract unix socket connect restriction - - - --- 2024-08-14 Tahera Fahimi Handled Elsewhere
[v9,1/5] Landlock: Add abstract unix socket connect restriction Landlock: Add abstract unix socket connect restriction - - - --- 2024-08-14 Tahera Fahimi Handled Elsewhere
[-next] lockdown: Make lockdown_lsmid static [-next] lockdown: Make lockdown_lsmid static - 1 - --- 2024-08-14 Yue Haibing pcmoore Accepted
[RFC,v2,9/9] samples/landlock: Support LANDLOCK_ACCESS_NET_LISTEN Support TCP listen access-control - 1 - --- 2024-08-14 Mikhail Ivanov Handled Elsewhere
[RFC,v2,8/9] selftests/landlock: Test changing socket backlog with listen(2) Support TCP listen access-control - - - --- 2024-08-14 Mikhail Ivanov Handled Elsewhere
[RFC,v2,7/9] selftests/landlock: Test listen on ULP socket without clone method Support TCP listen access-control - - - --- 2024-08-14 Mikhail Ivanov Handled Elsewhere
[RFC,v2,6/9] selftests/landlock: Test listening without explicit bind restriction Support TCP listen access-control - - - --- 2024-08-14 Mikhail Ivanov Handled Elsewhere
[RFC,v2,5/9] selftests/landlock: Test listen on connected socket Support TCP listen access-control - - - --- 2024-08-14 Mikhail Ivanov Handled Elsewhere
[RFC,v2,4/9] selftests/landlock: Test listening restriction Support TCP listen access-control - - - --- 2024-08-14 Mikhail Ivanov Handled Elsewhere
[RFC,v2,3/9] selftests/landlock: Support LANDLOCK_ACCESS_NET_LISTEN_TCP Support TCP listen access-control - - - --- 2024-08-14 Mikhail Ivanov Handled Elsewhere
[RFC,v2,2/9] landlock: Support TCP listen access-control Support TCP listen access-control - - - --- 2024-08-14 Mikhail Ivanov Handled Elsewhere
[RFC,v2,1/9] landlock: Refactor current_check_access_socket() access right check Support TCP listen access-control - - - --- 2024-08-14 Mikhail Ivanov Handled Elsewhere
[v2] fs,security: Fix file_set_fowner LSM hook inconsistencies [v2] fs,security: Fix file_set_fowner LSM hook inconsistencies - - - --- 2024-08-12 Mickaël Salaün pcmoore Superseded
fs,security: Fix file_set_fowner LSM hook inconsistencies fs,security: Fix file_set_fowner LSM hook inconsistencies - - - --- 2024-08-12 Mickaël Salaün pcmoore Changes Requested
[v6,9/9] drm: Replace strcpy() with strscpy() Improve the copy of task comm 1 - - --- 2024-08-12 Yafang Shao pcmoore Handled Elsewhere
[v6,8/9] net: Replace strcpy() with strscpy() Improve the copy of task comm - - - --- 2024-08-12 Yafang Shao pcmoore Handled Elsewhere
[v6,7/9] tracing: Replace strncpy() with strscpy() Improve the copy of task comm 1 - - --- 2024-08-12 Yafang Shao pcmoore Handled Elsewhere
[v6,6/9] mm/util: Deduplicate code in {kstrdup,kstrndup,kmemdup_nul} Improve the copy of task comm - - - --- 2024-08-12 Yafang Shao pcmoore Handled Elsewhere
[v6,5/9] mm/util: Fix possible race condition in kstrdup() Improve the copy of task comm - - - --- 2024-08-12 Yafang Shao pcmoore Handled Elsewhere
[v6,4/9] bpftool: Ensure task comm is always NUL-terminated Improve the copy of task comm - 1 - --- 2024-08-12 Yafang Shao pcmoore Handled Elsewhere
[v6,3/9] security: Replace memcpy() with get_task_comm() Improve the copy of task comm 1 - - --- 2024-08-12 Yafang Shao pcmoore Handled Elsewhere
[v6,2/9] auditsc: Replace memcpy() with strscpy() Improve the copy of task comm 1 - - --- 2024-08-12 Yafang Shao pcmoore Handled Elsewhere
[v6,1/9] Get rid of __get_task_comm() Improve the copy of task comm - - - --- 2024-08-12 Yafang Shao pcmoore Handled Elsewhere
[2/2] selinux: move genheaders to security/selinux/ selinux: Do not include <linux/*.h> from host programs (+ extra clean-up) - - - --- 2024-08-09 Masahiro Yamada pcmoore Handled Elsewhere
[1/2] selinux: do not include <linux/*.h> headers from host programs selinux: Do not include <linux/*.h> from host programs (+ extra clean-up) - - - --- 2024-08-09 Masahiro Yamada pcmoore Handled Elsewhere
[next] integrity: Use static_assert() to check struct sizes [next] integrity: Use static_assert() to check struct sizes - 1 1 --- 2024-08-08 Gustavo A. R. Silva Handled Elsewhere
apparmor: fix policy_unpack_test on big endian systems apparmor: fix policy_unpack_test on big endian systems 1 1 - --- 2024-08-08 Guenter Roeck Handled Elsewhere
drivers/perf: arm_spe: Use perf_allow_kernel() for permissions drivers/perf: arm_spe: Use perf_allow_kernel() for permissions - - - --- 2024-08-07 James Clark Handled Elsewhere
[v2,4/4] Landlock: Document LANDLOCK_SCOPED_SIGNAL Landlock: Signal Scoping Support - - - --- 2024-08-06 Tahera Fahimi Handled Elsewhere
[v2,3/4] sample/Landlock: Support signal scoping restriction Landlock: Signal Scoping Support - - - --- 2024-08-06 Tahera Fahimi Handled Elsewhere
[v2,2/4] selftest/Landlock: Signal restriction tests Landlock: Signal Scoping Support - - - --- 2024-08-06 Tahera Fahimi Handled Elsewhere
[v2,1/4] Landlock: Add signal control Landlock: Signal Scoping Support - - - --- 2024-08-06 Tahera Fahimi Handled Elsewhere
[v5] tpm: Add new device/vendor ID 0x50666666 [v5] tpm: Add new device/vendor ID 0x50666666 - - - --- 2024-08-06 Jett Rink Handled Elsewhere
evm: stop avoidably reading i_writecount in evm_file_release evm: stop avoidably reading i_writecount in evm_file_release - 1 - --- 2024-08-06 Mateusz Guzik Handled Elsewhere
[v2,2/2] security: remove unused cred_alloc_blank/cred_transfer helpers get rid of cred_transfer - - - --- 2024-08-05 Jann Horn pcmoore Under Review
[v2,1/2] KEYS: use synchronous task work for changing parent credentials get rid of cred_transfer - - - --- 2024-08-05 Jann Horn pcmoore Under Review
[v5,9/9] drm: Replace strcpy() with __get_task_comm() Improve the copy of task comm 1 - - --- 2024-08-04 Yafang Shao Handled Elsewhere
[v5,8/9] net: Replace strcpy() with __get_task_comm() Improve the copy of task comm - - - --- 2024-08-04 Yafang Shao Handled Elsewhere
[v5,7/9] tracing: Replace strncpy() with __get_task_comm() Improve the copy of task comm 1 - - --- 2024-08-04 Yafang Shao Handled Elsewhere
[v5,6/9] mm/util: Deduplicate code in {kstrdup,kstrndup,kmemdup_nul} Improve the copy of task comm - - - --- 2024-08-04 Yafang Shao Handled Elsewhere
[v5,5/9] mm/util: Fix possible race condition in kstrdup() Improve the copy of task comm - - - --- 2024-08-04 Yafang Shao Handled Elsewhere
[v5,4/9] bpftool: Ensure task comm is always NUL-terminated Improve the copy of task comm - 1 - --- 2024-08-04 Yafang Shao Handled Elsewhere
[v5,3/9] security: Replace memcpy() with __get_task_comm() Improve the copy of task comm 1 - - --- 2024-08-04 Yafang Shao Handled Elsewhere
[v5,2/9] auditsc: Replace memcpy() with __get_task_comm() Improve the copy of task comm 1 - - --- 2024-08-04 Yafang Shao Handled Elsewhere
[v5,1/9] fs/exec: Drop task_lock() inside __get_task_comm() Improve the copy of task comm - - - --- 2024-08-04 Yafang Shao Handled Elsewhere
[v20,20/20] MAINTAINERS: ipe: add ipe maintainer information Integrity Policy Enforcement LSM (IPE) - - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,19/20] Documentation: add ipe documentation Integrity Policy Enforcement LSM (IPE) - - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,18/20] ipe: kunit test for parser Integrity Policy Enforcement LSM (IPE) - - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,17/20] scripts: add boot policy generation program Integrity Policy Enforcement LSM (IPE) - - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,16/20] ipe: enable support for fs-verity as a trust provider Integrity Policy Enforcement LSM (IPE) - - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,15/20] fsverity: expose verified fsverity built-in signatures to LSMs Integrity Policy Enforcement LSM (IPE) 1 - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,14/20] security: add security_inode_setintegrity() hook Integrity Policy Enforcement LSM (IPE) - - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,13/20] ipe: add support for dm-verity as a trust provider Integrity Policy Enforcement LSM (IPE) - - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,12/20] dm verity: expose root hash digest and signature data to LSMs Integrity Policy Enforcement LSM (IPE) - 1 - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,11/20] block|lsm: Add LSM blob and new LSM hooks for block devices Integrity Policy Enforcement LSM (IPE) - - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,10/20] ipe: add permissive toggle Integrity Policy Enforcement LSM (IPE) - - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,09/20] uapi|audit|ipe: add ipe auditing support Integrity Policy Enforcement LSM (IPE) - - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,08/20] ipe: add userspace interface Integrity Policy Enforcement LSM (IPE) - - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,07/20] security: add new securityfs delete function Integrity Policy Enforcement LSM (IPE) - - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,06/20] ipe: introduce 'boot_verified' as a trust provider Integrity Policy Enforcement LSM (IPE) - - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,05/20] initramfs|security: Add a security hook to do_populate_rootfs() Integrity Policy Enforcement LSM (IPE) - - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,04/20] ipe: add LSM hooks on execution and kernel read Integrity Policy Enforcement LSM (IPE) - - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,03/20] ipe: add evaluation loop Integrity Policy Enforcement LSM (IPE) - 1 - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,02/20] ipe: add policy parser Integrity Policy Enforcement LSM (IPE) - - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,01/20] security: add ipe lsm Integrity Policy Enforcement LSM (IPE) - - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v4] tpm: Add new device/vendor ID 0x50666666 [v4] tpm: Add new device/vendor ID 0x50666666 - - - --- 2024-08-02 Jett Rink Handled Elsewhere
[v3] tpm: Add new device/vendor ID 0x50666666 [v3] tpm: Add new device/vendor ID 0x50666666 - - - --- 2024-08-02 Jett Rink Handled Elsewhere
[RFC] security/KEYS: get rid of cred_alloc_blank and cred_transfer [RFC] security/KEYS: get rid of cred_alloc_blank and cred_transfer - - - --- 2024-08-02 Jann Horn pcmoore Superseded
[v5] proc: add config & param to block forcing mem writes [v5] proc: add config & param to block forcing mem writes - - - --- 2024-08-02 Adrian Ratiu Handled Elsewhere
[v8,4/4] Landlock: Document LANDLOCK_SCOPED_ABSTRACT_UNIX_SOCKET and ABI versioning Landlock: Add abstract unix socket connect - - - --- 2024-08-02 Tahera Fahimi Handled Elsewhere
[v8,3/4] sample/Landlock: Support abstract unix socket restriction Landlock: Add abstract unix socket connect - - - --- 2024-08-02 Tahera Fahimi Handled Elsewhere
[v8,2/4] selftests/landlock: Abstract unix socket restriction tests Landlock: Add abstract unix socket connect - - - --- 2024-08-02 Tahera Fahimi Handled Elsewhere
[v8,1/4] Landlock: Add abstract unix socket connect restriction Landlock: Add abstract unix socket connect - - - --- 2024-08-02 Tahera Fahimi Handled Elsewhere
init/main.c: Initialize early LSMs after arch code init/main.c: Initialize early LSMs after arch code - - - --- 2024-08-01 KP Singh pcmoore Superseded
init/main.c: Do jump_label_init before early_security_init init/main.c: Do jump_label_init before early_security_init - - - --- 2024-07-31 KP Singh pcmoore Changes Requested
[v4] proc: add config & param to block forcing mem writes [v4] proc: add config & param to block forcing mem writes - - - --- 2024-07-30 Adrian Ratiu Handled Elsewhere
lsm: add the inode_free_security_rcu() LSM implementation hook lsm: add the inode_free_security_rcu() LSM implementation hook - - - --- 2024-07-29 Paul Moore pcmoore Accepted
lsm: cleanup lsm_hooks.h lsm: cleanup lsm_hooks.h - 1 - --- 2024-07-29 Paul Moore pcmoore Accepted
[v1] keys: Restrict KEYCTL_SESSION_TO_PARENT according to ptrace_may_access() [v1] keys: Restrict KEYCTL_SESSION_TO_PARENT according to ptrace_may_access() - - - --- 2024-07-29 Mickaël Salaün Handled Elsewhere
[v4,11/11] drm: Replace strcpy() with __get_task_comm() Improve the copy of task comm 1 - - --- 2024-07-29 Yafang Shao pcmoore Handled Elsewhere
[v4,10/11] net: Replace strcpy() with __get_task_comm() Improve the copy of task comm - - - --- 2024-07-29 Yafang Shao pcmoore Handled Elsewhere
[v4,09/11] tracing: Replace strncpy() with __get_task_comm() Improve the copy of task comm 1 - - --- 2024-07-29 Yafang Shao pcmoore Handled Elsewhere
[v4,08/11] tsacct: Replace strncpy() with __get_task_comm() Improve the copy of task comm - - - --- 2024-07-29 Yafang Shao pcmoore Handled Elsewhere
[v4,07/11] mm/kmemleak: Replace strncpy() with __get_task_comm() Improve the copy of task comm 1 - - --- 2024-07-29 Yafang Shao pcmoore Handled Elsewhere
« 1 2 ... 6 7 8168 169 »