Security modules development

Show patches with: none | 17553 patches

« 1 2 3 4 … 175 176 »

Patch	Series	A/R/T	S/W/F	Date	Submitter	Delegate	State
[GIT,PULL] capabilities update for 6.15	[GIT,PULL] capabilities update for 6.15	- - -	---	2025-03-28	Serge E. Hallyn		New
[v3] ima: process_measurement() needlessly takes inode_lock() on MAY_READ	[v3] ima: process_measurement() needlessly takes inode_lock() on MAY_READ	1 - -	---	2025-03-27	Frederick Lawler		New
ima: process_measurement() needlessly takes inode_lock() on MAY_READ	ima: process_measurement() needlessly takes inode_lock() on MAY_READ	- - -	---	2025-03-25	Frederick Lawler		New
[GIT,PULL] Smack patches for 6.15	[GIT,PULL] Smack patches for 6.15	- - -	---	2025-03-25	Casey Schaufler		New
ima: process_measurement() needlessly takes inode_lock() on MAY_READ	ima: process_measurement() needlessly takes inode_lock() on MAY_READ	- - -	---	2025-03-25	Frederick Lawler		New
[GIT,PULL] IPE update for 6.15	[GIT,PULL] IPE update for 6.15	- - -	---	2025-03-24	Fan Wu		New
[GIT,PULL] selinux/selinux-pr-20250323	[GIT,PULL] selinux/selinux-pr-20250323	- - -	---	2025-03-23	Paul Moore		New
[GIT,PULL] lsm/lsm-pr-20250323	[GIT,PULL] lsm/lsm-pr-20250323	- - -	---	2025-03-23	Paul Moore		New
[RFC,v2,13/13] ima: don't re-invalidate unsupported PCR banks after kexec	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-23	Nicolai Stange		New
[RFC,v2,12/13] ima: make ima_free_tfm()'s linkage extern	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-23	Nicolai Stange		New
[RFC,v2,11/13] ima: introduce ima_pcr_invalidated_banks() helper	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-23	Nicolai Stange		New
[RFC,v2,10/13] tpm: authenticate tpm2_pcr_read()	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-23	Nicolai Stange		New
[RFC,v2,09/13] ima: invalidate unsupported PCR banks only once	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-23	Nicolai Stange		New
[RFC,v2,08/13] ima: track the set of PCRs ever extended	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-23	Nicolai Stange		New
[RFC,v2,07/13] tpm: enable bank selection for PCR extend	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-23	Nicolai Stange		New
[RFC,v2,06/13] ima: move INVALID_PCR() to ima.h	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-23	Nicolai Stange		New
[RFC,v2,05/13] ima: select CRYPTO_SHA256 from Kconfig	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-23	Nicolai Stange		New
[RFC,v2,04/13] ima: make SHA1 non-mandatory	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-23	Nicolai Stange		New
[RFC,v2,03/13] ima: invalidate unsupported PCR banks	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-23	Nicolai Stange		New
[RFC,v2,02/13] ima: always create runtime_measurements sysfs file for ima_hash	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-23	Nicolai Stange		New
[RFC,v2,01/13] ima: don't expose runtime_measurements for unsupported hashes	ima: get rid of hard dependency on SHA-1	- 1 -	---	2025-03-23	Nicolai Stange		New
[v4,3/3] fs: introduce getfsxattrat and setfsxattrat syscalls	fs: introduce getfsxattrat and setfsxattrat syscalls	1 1 -	---	2025-03-21	Andrey Albershteyn	pcmoore	Changes Requested
[v4,2/3] fs: split fileattr/fsxattr converters into helpers	fs: introduce getfsxattrat and setfsxattrat syscalls	- 1 -	---	2025-03-21	Andrey Albershteyn	pcmoore	Changes Requested
[v4,1/3] lsm: introduce new hooks for setting/getting inode fsxattr	fs: introduce getfsxattrat and setfsxattrat syscalls	- - -	---	2025-03-21	Andrey Albershteyn	pcmoore	Changes Requested
[RFC,security-next,4/4] selftests/hornet: Add a selftest for the hornet LSM	Introducing Hornet LSM	- - -	---	2025-03-21	Blaise Boscaccy	pcmoore	Under Review
[RFC,security-next,3/4] hornet: Add an example lskel data extactor script	Introducing Hornet LSM	- - -	---	2025-03-21	Blaise Boscaccy	pcmoore	Under Review
[RFC,security-next,2/4] hornet: Introduce sign-ebpf	Introducing Hornet LSM	- - -	---	2025-03-21	Blaise Boscaccy	pcmoore	Under Review
[RFC,security-next,1/4] security: Hornet LSM	Introducing Hornet LSM	- - -	---	2025-03-21	Blaise Boscaccy	pcmoore	Under Review
[2/2] lockdown/kunit: Introduce kunit tests	Allow individual features to be locked down	- - -	---	2025-03-21	Nikolay Borisov	pcmoore	Under Review
[1/2] lockdown: Switch implementation to using bitmap	Allow individual features to be locked down	- 1 -	---	2025-03-21	Nikolay Borisov	pcmoore	Under Review
[v7,28/28] landlock: Add audit documentation	Landlock audit support	- - -	---	2025-03-20	Mickaël Salaün	pcmoore	Handled Elsewhere
[v7,27/28] selftests/landlock: Add audit tests for network	Landlock audit support	- - -	---	2025-03-20	Mickaël Salaün	pcmoore	Handled Elsewhere
[v7,26/28] selftests/landlock: Add audit tests for filesystem	Landlock audit support	- - -	---	2025-03-20	Mickaël Salaün	pcmoore	Handled Elsewhere
[v7,25/28] selftests/landlock: Add audit tests for abstract UNIX socket scoping	Landlock audit support	- - -	---	2025-03-20	Mickaël Salaün	pcmoore	Handled Elsewhere
[v7,24/28] selftests/landlock: Add audit tests for ptrace	Landlock audit support	- - -	---	2025-03-20	Mickaël Salaün	pcmoore	Handled Elsewhere
[v7,23/28] selftests/landlock: Test audit with restrict flags	Landlock audit support	- - -	---	2025-03-20	Mickaël Salaün	pcmoore	Handled Elsewhere
[v7,22/28] selftests/landlock: Add tests for audit flags and domain IDs	Landlock audit support	- - -	---	2025-03-20	Mickaël Salaün	pcmoore	Handled Elsewhere
[v7,21/28] selftests/landlock: Extend tests for landlock_restrict_self(2)'s flags	Landlock audit support	- - -	---	2025-03-20	Mickaël Salaün	pcmoore	Handled Elsewhere
[v7,20/28] selftests/landlock: Add test for invalid ruleset file descriptor	Landlock audit support	- - -	---	2025-03-20	Mickaël Salaün	pcmoore	Handled Elsewhere
[v7,19/28] samples/landlock: Enable users to log sandbox denials	Landlock audit support	- - -	---	2025-03-20	Mickaël Salaün	pcmoore	Handled Elsewhere
[v7,18/28] landlock: Add LANDLOCK_RESTRICT_SELF_LOG_SUBDOMAINS_OFF	Landlock audit support	- - -	---	2025-03-20	Mickaël Salaün	pcmoore	Handled Elsewhere
[v7,17/28] landlock: Add LANDLOCK_RESTRICT_SELF_LOG__EXEC_ flags	Landlock audit support	- - -	---	2025-03-20	Mickaël Salaün	pcmoore	Handled Elsewhere
[v7,16/28] landlock: Log scoped denials	Landlock audit support	- - -	---	2025-03-20	Mickaël Salaün	pcmoore	Handled Elsewhere
[v7,15/28] landlock: Log TCP bind and connect denials	Landlock audit support	- - -	---	2025-03-20	Mickaël Salaün	pcmoore	Handled Elsewhere
[v7,14/28] landlock: Log truncate and IOCTL denials	Landlock audit support	- - -	---	2025-03-20	Mickaël Salaün	pcmoore	Handled Elsewhere
[v7,13/28] landlock: Factor out IOCTL hooks	Landlock audit support	- - -	---	2025-03-20	Mickaël Salaün	pcmoore	Handled Elsewhere
[v7,12/28] landlock: Log file-related denials	Landlock audit support	- - -	---	2025-03-20	Mickaël Salaün	pcmoore	Handled Elsewhere
[v7,11/28] landlock: Log mount-related denials	Landlock audit support	- - -	---	2025-03-20	Mickaël Salaün	pcmoore	Handled Elsewhere
[v7,10/28] landlock: Add AUDIT_LANDLOCK_DOMAIN and log domain status	Landlock audit support	1 - -	---	2025-03-20	Mickaël Salaün	pcmoore	Handled Elsewhere
[v7,09/28] landlock: Add AUDIT_LANDLOCK_ACCESS and log ptrace denials	Landlock audit support	1 - -	---	2025-03-20	Mickaël Salaün	pcmoore	Handled Elsewhere
[v7,08/28] landlock: Identify domain execution crossing	Landlock audit support	- - -	---	2025-03-20	Mickaël Salaün	pcmoore	Handled Elsewhere
[v7,07/28] landlock: Prepare to use credential instead of domain for fowner	Landlock audit support	- - -	---	2025-03-20	Mickaël Salaün	pcmoore	Handled Elsewhere
[v7,06/28] landlock: Prepare to use credential instead of domain for scope	Landlock audit support	- - -	---	2025-03-20	Mickaël Salaün	pcmoore	Handled Elsewhere
[v7,05/28] landlock: Prepare to use credential instead of domain for network	Landlock audit support	- - -	---	2025-03-20	Mickaël Salaün	pcmoore	Handled Elsewhere
[v7,04/28] landlock: Prepare to use credential instead of domain for filesystem	Landlock audit support	- - -	---	2025-03-20	Mickaël Salaün	pcmoore	Handled Elsewhere
[v7,03/28] landlock: Move domain hierarchy management	Landlock audit support	- 1 -	---	2025-03-20	Mickaël Salaün	pcmoore	Handled Elsewhere
[v7,02/28] landlock: Add unique ID generator	Landlock audit support	- - -	---	2025-03-20	Mickaël Salaün	pcmoore	Handled Elsewhere
[v7,01/28] lsm: Add audit_log_lsm_data() helper	Landlock audit support	1 1 -	---	2025-03-20	Mickaël Salaün	pcmoore	Handled Elsewhere
Revert "integrity: Do not load MOK and MOKx when secure boot be disabled"	Revert "integrity: Do not load MOK and MOKx when secure boot be disabled"	- 1 -	---	2025-03-20	Lennart Poettering		Handled Elsewhere
KEYS: trusted: dcp: Use kfree_sensitive() to fix Coccinelle warnings	KEYS: trusted: dcp: Use kfree_sensitive() to fix Coccinelle warnings	- - -	---	2025-03-20	Bo Liu	pcmoore	Handled Elsewhere
[v3,5/5] Audit: Add record for multiple object contexts	[v3,1/5] Audit: Create audit_stamp structure	- - -	---	2025-03-19	Casey Schaufler		New
[v3,4/5] Audit: multiple subject lsm values for netlabel	[v3,1/5] Audit: Create audit_stamp structure	- - -	---	2025-03-19	Casey Schaufler		New
[v3,3/5] Audit: Add record for multiple task security contexts	[v3,1/5] Audit: Create audit_stamp structure	- - -	---	2025-03-19	Casey Schaufler		New
[v3,2/5] LSM: security_lsmblob_to_secctx module selection	[v3,1/5] Audit: Create audit_stamp structure	- - 1	---	2025-03-19	Casey Schaufler		New
[v3,1/5] Audit: Create audit_stamp structure	[v3,1/5] Audit: Create audit_stamp structure	- - -	---	2025-03-19	Casey Schaufler		New
[v2] keys: Fix UAF in key_put()	[v2] keys: Fix UAF in key_put()	- 1 1	---	2025-03-19	David Howells		Handled Elsewhere
apparmor: make __begin_current_label_crit_section() indicate whether put is needed	apparmor: make __begin_current_label_crit_section() indicate whether put is needed	- - -	---	2025-03-18	Mateusz Guzik		Handled Elsewhere
[v2,8/8] landlock: Document errata	Landlock signal scope fix and errata interface	- - -	---	2025-03-18	Mickaël Salaün		Handled Elsewhere
[v2,7/8] selftests/landlock: Add a new test for setuid()	Landlock signal scope fix and errata interface	- - -	---	2025-03-18	Mickaël Salaün		Handled Elsewhere
[v2,6/8] selftests/landlock: Split signal_scoping_threads tests	Landlock signal scope fix and errata interface	- - -	---	2025-03-18	Mickaël Salaün		Handled Elsewhere
[v2,5/8] landlock: Always allow signals between threads of the same process	Landlock signal scope fix and errata interface	1 - -	---	2025-03-18	Mickaël Salaün		Handled Elsewhere
[v2,4/8] landlock: Prepare to add second errata	Landlock signal scope fix and errata interface	- - -	---	2025-03-18	Mickaël Salaün		Handled Elsewhere
[v2,3/8] landlock: Add erratum for TCP fix	Landlock signal scope fix and errata interface	- - -	---	2025-03-18	Mickaël Salaün		Handled Elsewhere
[v2,2/8] landlock: Add the errata interface	Landlock signal scope fix and errata interface	- - -	---	2025-03-18	Mickaël Salaün		Handled Elsewhere
[v2,1/8] landlock: Move code to ease future backports	Landlock signal scope fix and errata interface	- - -	---	2025-03-18	Mickaël Salaün		Handled Elsewhere
keys: Fix UAF in key_put()	keys: Fix UAF in key_put()	- - 1	---	2025-03-18	David Howells		Handled Elsewhere
[v10,8/8] ima: measure kexec load and exec events as critical data	ima: kexec: measure events between kexec load and execute	- 1 -	---	2025-03-18	steven chen		Handled Elsewhere
[v10,7/8] ima: make the kexec extra memory configurable	ima: kexec: measure events between kexec load and execute	- 2 -	---	2025-03-18	steven chen		Handled Elsewhere
[v10,6/8] ima: kexec: move IMA log copy from kexec load to execute	ima: kexec: measure events between kexec load and execute	- 1 -	---	2025-03-18	steven chen		Handled Elsewhere
[v10,5/8] ima: kexec: define functions to copy IMA log at soft boot	ima: kexec: measure events between kexec load and execute	- 1 -	---	2025-03-18	steven chen		Handled Elsewhere
[v10,4/8] ima: kexec: skip IMA segment validation after kexec soft reboot	ima: kexec: measure events between kexec load and execute	1 2 -	---	2025-03-18	steven chen		Handled Elsewhere
[v10,3/8] kexec: define functions to map and unmap segments	ima: kexec: measure events between kexec load and execute	1 - -	---	2025-03-18	steven chen		Handled Elsewhere
[v10,2/8] ima: define and call ima_alloc_kexec_file_buf()	ima: kexec: measure events between kexec load and execute	- - -	---	2025-03-18	steven chen		Handled Elsewhere
[v10,1/8] ima: rename variable the ser_file "file" to "ima_kexec_file"	ima: kexec: measure events between kexec load and execute	- 1 -	---	2025-03-18	steven chen		Handled Elsewhere
[v2,2/2] smack: fix bug: setting task label silently ignores input garbage	smack: fix two bugs in setting task label	- - -	---	2025-03-15	Konstantin Andreev		Handled Elsewhere
[v2,1/2] smack: fix bug: unprivileged task can create labels	smack: fix two bugs in setting task label	- - -	---	2025-03-15	Konstantin Andreev		Handled Elsewhere
[v2] crypto: lib/Kconfig: hide library options	[v2] crypto: lib/Kconfig: hide library options	1 - -	---	2025-03-14	Arnd Bergmann		Handled Elsewhere
[RFC,1/1] fix NULL mnt [was Re: apparmor NULL pointer dereference on resume [efivarfs]]	[RFC,1/1] fix NULL mnt [was Re: apparmor NULL pointer dereference on resume [efivarfs]]	- - -	---	2025-03-14	James Bottomley		Handled Elsewhere
[v5] hwmon: (pmbus/tps53679) Add support for TPS53685	[v5] hwmon: (pmbus/tps53679) Add support for TPS53685	- - -	---	2025-03-14	Chiang Brian		New
[v5,1/1] ipe: add errno field to IPE policy load auditing	ipe: add errno field to IPE policy load auditing	- - -	---	2025-03-13	Jasjiv Singh		New
[RFC,v1,7/7] ima: make SHA1 non-mandatory	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-13	Nicolai Stange		Handled Elsewhere
[RFC,v1,6/7] ima: invalidate unsupported PCR banks once at first use	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-13	Nicolai Stange		Handled Elsewhere
[RFC,v1,5/7] tpm: enable bank selection for PCR extend	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-13	Nicolai Stange		Handled Elsewhere
[RFC,v1,4/7] ima: track the set of PCRs ever extended	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-13	Nicolai Stange		Handled Elsewhere
[RFC,v1,3/7] ima: move INVALID_PCR() to ima.h	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-13	Nicolai Stange		Handled Elsewhere
[RFC,v1,2/7] ima: always create runtime_measurements sysfs file for ima_hash	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-13	Nicolai Stange		Handled Elsewhere
[RFC,v1,1/7] ima: don't expose runtime_measurements for unsupported hashes	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-13	Nicolai Stange		Handled Elsewhere
[RFC,v1] landlock: Allow signals between threads of the same process	[RFC,v1] landlock: Allow signals between threads of the same process	1 - -	---	2025-03-13	Mickaël Salaün		Handled Elsewhere
RDMA/uverbs: Consider capability of the process that opens the file	RDMA/uverbs: Consider capability of the process that opens the file	- - -	---	2025-03-13	Parav Pandit		Handled Elsewhere
[RFC,6/6] tomoyo: explicitly skip mediation of O_PATH file descriptors	fs, lsm: mediate O_PATH fd creation in file_open hook	- - -	---	2025-03-12	Ryan Lee	pcmoore	RFC

« 1 2 3 4 … 175 176 »