Security modules development

Show patches with: Archived = No | 5569 patches

« 1 2 3 4 … 55 56 »

Patch	Series	A/R/T	S/W/F	Date	Submitter	Delegate	State
[v5,1/1] ipe: add errno field to IPE policy load auditing	ipe: add errno field to IPE policy load auditing	- - -	---	2025-03-13	Jasjiv Singh		New
[RFC,v1,7/7] ima: make SHA1 non-mandatory	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-13	Nicolai Stange		New
[RFC,v1,6/7] ima: invalidate unsupported PCR banks once at first use	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-13	Nicolai Stange		New
[RFC,v1,5/7] tpm: enable bank selection for PCR extend	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-13	Nicolai Stange		New
[RFC,v1,4/7] ima: track the set of PCRs ever extended	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-13	Nicolai Stange		New
[RFC,v1,3/7] ima: move INVALID_PCR() to ima.h	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-13	Nicolai Stange		New
[RFC,v1,2/7] ima: always create runtime_measurements sysfs file for ima_hash	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-13	Nicolai Stange		New
[RFC,v1,1/7] ima: don't expose runtime_measurements for unsupported hashes	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-13	Nicolai Stange		New
[RFC,v1] landlock: Allow signals between threads of the same process	[RFC,v1] landlock: Allow signals between threads of the same process	- - -	---	2025-03-13	Mickaël Salaün		New
RDMA/uverbs: Consider capability of the process that opens the file	RDMA/uverbs: Consider capability of the process that opens the file	- - -	---	2025-03-13	Parav Pandit		New
[RFC,6/6] tomoyo: explicitly skip mediation of O_PATH file descriptors	fs, lsm: mediate O_PATH fd creation in file_open hook	- - -	---	2025-03-12	Ryan Lee		New
[RFC,5/6] smack: explicitly skip mediation of O_PATH file descriptors	fs, lsm: mediate O_PATH fd creation in file_open hook	- - -	---	2025-03-12	Ryan Lee		New
[RFC,4/6] selinux: explicitly skip mediation of O_PATH file descriptors	fs, lsm: mediate O_PATH fd creation in file_open hook	- - -	---	2025-03-12	Ryan Lee		New
[RFC,3/6] landlock: explicitly skip mediation of O_PATH file descriptors	fs, lsm: mediate O_PATH fd creation in file_open hook	- - -	---	2025-03-12	Ryan Lee		New
[RFC,2/6] apparmor: explicitly skip mediation of O_PATH file descriptors	fs, lsm: mediate O_PATH fd creation in file_open hook	- - -	---	2025-03-12	Ryan Lee		New
[RFC,1/6] fs: invoke LSM file_open hook in do_dentry_open for O_PATH fds as well	fs, lsm: mediate O_PATH fd creation in file_open hook	- - -	---	2025-03-12	Ryan Lee		New
[v7,bpf-next,2/2] selftests/bpf: Add a kernel flag test for LSM bpf hook	security: Propagate caller information in bpf hooks	1 - -	---	2025-03-10	Blaise Boscaccy		New
[v7,bpf-next,1/2] security: Propagate caller information in bpf hooks	security: Propagate caller information in bpf hooks	2 - -	---	2025-03-10	Blaise Boscaccy		New
lsm_audit: remove old email address	lsm_audit: remove old email address	- - -	---	2025-03-10	Stephen Smalley	pcmoore	Accepted
MAINTAINERS: add Serge Hallyn as maintainer for creds	MAINTAINERS: add Serge Hallyn as maintainer for creds	- - -	---	2025-03-09	sergeh@kernel.org	pcmoore	Accepted
[v6,26/26] landlock: Add audit documentation	Landlock audit support	- - -	---	2025-03-08	Mickaël Salaün	pcmoore	Handled Elsewhere
[v6,25/26] selftests/landlock: Add audit tests for filesystem	Landlock audit support	- - -	---	2025-03-08	Mickaël Salaün	pcmoore	Handled Elsewhere
[v6,24/26] selftests/landlock: Add audit tests for abstract unix socket scoping	Landlock audit support	- - -	---	2025-03-08	Mickaël Salaün	pcmoore	Handled Elsewhere
[v6,23/26] selftests/landlock: Add audit tests for ptrace	Landlock audit support	- - -	---	2025-03-08	Mickaël Salaün	pcmoore	Handled Elsewhere
[v6,22/26] selftests/landlock: Test audit with restrict flags	Landlock audit support	- - -	---	2025-03-08	Mickaël Salaün	pcmoore	Handled Elsewhere
[v6,21/26] selftests/landlock: Add tests for audit flags and domain IDs	Landlock audit support	- - -	---	2025-03-08	Mickaël Salaün	pcmoore	Handled Elsewhere
[v6,20/26] selftests/landlock: Extend tests for landlock_restrict_self(2)'s flags	Landlock audit support	- - -	---	2025-03-08	Mickaël Salaün	pcmoore	Handled Elsewhere
[v6,19/26] selftests/landlock: Add test for invalid ruleset file descriptor	Landlock audit support	- - -	---	2025-03-08	Mickaël Salaün	pcmoore	Handled Elsewhere
[v6,18/26] samples/landlock: Enable users to log sandbox denials	Landlock audit support	- - -	---	2025-03-08	Mickaël Salaün	pcmoore	Handled Elsewhere
[v6,17/26] landlock: Add LANDLOCK_RESTRICT_SELF_LOG_SUBDOMAINS_OFF	Landlock audit support	- - -	---	2025-03-08	Mickaël Salaün	pcmoore	Handled Elsewhere
[v6,16/26] landlock: Add LANDLOCK_RESTRICT_SELF_LOG__EXEC_ flags	Landlock audit support	- - -	---	2025-03-08	Mickaël Salaün	pcmoore	Handled Elsewhere
[v6,15/26] landlock: Log scoped denials	Landlock audit support	- - -	---	2025-03-08	Mickaël Salaün	pcmoore	Handled Elsewhere
[v6,14/26] landlock: Log TCP bind and connect denials	Landlock audit support	- - -	---	2025-03-08	Mickaël Salaün	pcmoore	Handled Elsewhere
[v6,13/26] landlock: Log truncate and IOCTL denials	Landlock audit support	- - -	---	2025-03-08	Mickaël Salaün	pcmoore	Handled Elsewhere
[v6,12/26] landlock: Log file-related denials	Landlock audit support	- - -	---	2025-03-08	Mickaël Salaün	pcmoore	Handled Elsewhere
[v6,11/26] landlock: Log mount-related denials	Landlock audit support	- - -	---	2025-03-08	Mickaël Salaün	pcmoore	Handled Elsewhere
[v6,10/26] landlock: Add AUDIT_LANDLOCK_DOMAIN and log domain status	Landlock audit support	1 - -	---	2025-03-08	Mickaël Salaün	pcmoore	Handled Elsewhere
[v6,09/26] landlock: Add AUDIT_LANDLOCK_ACCESS and log ptrace denials	Landlock audit support	1 - -	---	2025-03-08	Mickaël Salaün	pcmoore	Handled Elsewhere
[v6,08/26] landlock: Identify domain execution crossing	Landlock audit support	- - -	---	2025-03-08	Mickaël Salaün	pcmoore	Handled Elsewhere
[v6,07/26] landlock: Prepare to use credential instead of domain for fowner	Landlock audit support	- - -	---	2025-03-08	Mickaël Salaün	pcmoore	Handled Elsewhere
[v6,06/26] landlock: Prepare to use credential instead of domain for scope	Landlock audit support	- - -	---	2025-03-08	Mickaël Salaün	pcmoore	Handled Elsewhere
[v6,05/26] landlock: Prepare to use credential instead of domain for network	Landlock audit support	- - -	---	2025-03-08	Mickaël Salaün	pcmoore	Handled Elsewhere
[v6,04/26] landlock: Prepare to use credential instead of domain for filesystem	Landlock audit support	- - -	---	2025-03-08	Mickaël Salaün	pcmoore	Handled Elsewhere
[v6,03/26] landlock: Move domain hierarchy management	Landlock audit support	- - -	---	2025-03-08	Mickaël Salaün	pcmoore	Handled Elsewhere
[v6,02/26] landlock: Add unique ID generator	Landlock audit support	- - -	---	2025-03-08	Mickaël Salaün	pcmoore	Handled Elsewhere
[v6,01/26] lsm: Add audit_log_lsm_data() helper	Landlock audit support	1 - -	---	2025-03-08	Mickaël Salaün	pcmoore	Handled Elsewhere
RDMA/uverbs: Fix CAP_NET_RAW check for flow create in user namespace	RDMA/uverbs: Fix CAP_NET_RAW check for flow create in user namespace	- - -	---	2025-03-08	Parav Pandit		Under Review
[v2,2/2] hardening: Enable i386 FORTIFY_SOURCE on Clang 16+	hardening: Enable i386 FORTIFY_SOURCE on Clang 16+	- 1 -	---	2025-03-08	Kees Cook		Handled Elsewhere
[v2,1/2] x86/build: Remove -ffreestanding on i386 with GCC	hardening: Enable i386 FORTIFY_SOURCE on Clang 16+	1 1 -	---	2025-03-08	Kees Cook		Handled Elsewhere
[v6,bpf-next,2/2] selftests/bpf: Add a kernel flag test for LSM bpf hook	security: Propagate caller information in bpf hooks	- - -	---	2025-03-08	Blaise Boscaccy	pcmoore	Under Review
[v6,bpf-next,1/2] security: Propagate caller information in bpf hooks	security: Propagate caller information in bpf hooks	2 - -	---	2025-03-08	Blaise Boscaccy	pcmoore	Under Review
[RFC,v4,1/1] ipe: add errno field to IPE policy load auditing	ipe: add errno field to IPE policy load auditing	- - -	---	2025-03-07	Jasjiv Singh	pcmoore	Changes Requested
[v5,bpf-next,2/2] selftests/bpf: Add a kernel flag test for LSM bpf hook	security: Propagate caller information in bpf hooks	- - -	---	2025-03-07	Blaise Boscaccy	pcmoore	Under Review
[v5,bpf-next,1/2] security: Propagate caller information in bpf hooks	security: Propagate caller information in bpf hooks	2 - -	---	2025-03-07	Blaise Boscaccy	pcmoore	Under Review
[v2,6/6] Audit: Add record for multiple object contexts	[v2,1/6] Audit: Create audit_stamp structure	- - -	---	2025-03-07	Casey Schaufler	pcmoore	Handled Elsewhere
[v2,5/6] Audit: multiple subject lsm values for netlabel	[v2,1/6] Audit: Create audit_stamp structure	- - -	---	2025-03-07	Casey Schaufler	pcmoore	Handled Elsewhere
[v2,4/6] Audit: Add record for multiple task security contexts	[v2,1/6] Audit: Create audit_stamp structure	- - -	---	2025-03-07	Casey Schaufler	pcmoore	Handled Elsewhere
[v2,3/6] LSM: security_lsmblob_to_secctx module selection	[v2,1/6] Audit: Create audit_stamp structure	- - -	---	2025-03-07	Casey Schaufler	pcmoore	Handled Elsewhere
[v2,2/6] Audit: Allow multiple records in an audit_buffer	[v2,1/6] Audit: Create audit_stamp structure	- - -	---	2025-03-07	Casey Schaufler	pcmoore	Handled Elsewhere
[v2,1/6] Audit: Create audit_stamp structure	[v2,1/6] Audit: Create audit_stamp structure	- - -	---	2025-03-07	Casey Schaufler	pcmoore	Handled Elsewhere
[2/2] smack: fix bug: setting task label silently ignores input garbage	smack: fix two bugs in setting task label	- - -	---	2025-03-06	Konstantin Andreev		Handled Elsewhere
[1/2] smack: fix bug: unprivileged task can create labels	smack: fix two bugs in setting task label	- - -	---	2025-03-06	Konstantin Andreev		Handled Elsewhere
[v1] samples/check-exec: Fix script name	[v1] samples/check-exec: Fix script name	- - -	---	2025-03-06	Mickaël Salaün		Handled Elsewhere
security/commoncap: don't assume "setid" if all ids are identical	security/commoncap: don't assume "setid" if all ids are identical	- - -	---	2025-03-06	Max Kellermann		Handled Elsewhere
[RFC] MAINTAINERS: add an explicit credentials entry	[RFC] MAINTAINERS: add an explicit credentials entry	1 - -	---	2025-03-04	Paul Moore	pcmoore	Under Review
[v4,bpf-next,2/2] selftests/bpf: Add is_kernel parameter to LSM/bpf test programs	security: Propagate caller information in bpf hooks	- - -	---	2025-03-04	Blaise Boscaccy	pcmoore	Under Review
[v4,bpf-next,1/2] security: Propagate caller information in bpf hooks	security: Propagate caller information in bpf hooks	2 - -	---	2025-03-04	Blaise Boscaccy	pcmoore	Under Review
[v9,7/7] ima: measure kexec load and exec events as critical data	ima: kexec: measure events between kexec load and execute	- 1 -	---	2025-03-04	steven chen		Handled Elsewhere
[v9,6/7] ima: make the kexec extra memory configurable	ima: kexec: measure events between kexec load and execute	- 2 -	---	2025-03-04	steven chen		Handled Elsewhere
[v9,5/7] ima: kexec: move IMA log copy from kexec load to execute	ima: kexec: measure events between kexec load and execute	- 1 -	---	2025-03-04	steven chen		Handled Elsewhere
[v9,4/7] ima: kexec: define functions to copy IMA log at soft boot	ima: kexec: measure events between kexec load and execute	- 1 -	---	2025-03-04	steven chen		Handled Elsewhere
[v9,3/7] ima: kexec: skip IMA segment validation after kexec soft reboot	ima: kexec: measure events between kexec load and execute	- 2 -	---	2025-03-04	steven chen		Handled Elsewhere
[v9,2/7] kexec: define functions to map and unmap segments	ima: kexec: measure events between kexec load and execute	- - -	---	2025-03-04	steven chen		Handled Elsewhere
[v9,1/7] ima: copy only complete measurement records across kexec	ima: kexec: measure events between kexec load and execute	- - -	---	2025-03-04	steven chen		Handled Elsewhere
lsm: rust: reword "destroy" -> "release" in SecurityCtx	lsm: rust: reword "destroy" -> "release" in SecurityCtx	1 1 -	---	2025-03-04	Alice Ryhl	pcmoore	Accepted
[v2] lsm: rust: mark SecurityCtx methods inline	[v2] lsm: rust: mark SecurityCtx methods inline	- 2 -	---	2025-03-04	Alice Ryhl	pcmoore	Accepted
[v2] cred: rust: mark Credential methods inline	[v2] cred: rust: mark Credential methods inline	- 3 -	---	2025-03-04	Alice Ryhl	pcmoore	Accepted
[RFC,9/9] Enhance the sandboxer example to support landlock-supervise	Landlock supervise: a mechanism for interactive permission requests	- - -	---	2025-03-04	Tingmao Wang		Handled Elsewhere
[RFC,8/9] Implement fops for supervisor-fd	Landlock supervise: a mechanism for interactive permission requests	- - -	---	2025-03-04	Tingmao Wang		Handled Elsewhere
[RFC,7/9] Implement fdinfo for ruleset and supervisor fd	Landlock supervise: a mechanism for interactive permission requests	- - -	---	2025-03-04	Tingmao Wang		Handled Elsewhere
[RFC,6/9] Creating supervisor events for filesystem operations	Landlock supervise: a mechanism for interactive permission requests	- - -	---	2025-03-04	Tingmao Wang		Handled Elsewhere
[RFC,5/9] Define user structure for events and responses.	Landlock supervise: a mechanism for interactive permission requests	- - -	---	2025-03-04	Tingmao Wang		Handled Elsewhere
[RFC,4/9] User-space API for creating a supervisor-fd	Landlock supervise: a mechanism for interactive permission requests	- - -	---	2025-03-04	Tingmao Wang		Handled Elsewhere
[RFC,3/9] Adds a supervisor reference in the per-layer information	Landlock supervise: a mechanism for interactive permission requests	- - -	---	2025-03-04	Tingmao Wang		Handled Elsewhere
[RFC,2/9] Refactor per-layer information in rulesets and rules	Landlock supervise: a mechanism for interactive permission requests	- - -	---	2025-03-04	Tingmao Wang		Handled Elsewhere
[RFC,1/9] Define the supervisor and event structure	Landlock supervise: a mechanism for interactive permission requests	- - -	---	2025-03-04	Tingmao Wang		Handled Elsewhere
[1/1] security: Propagate caller information in bpf hooks	security: Propagate caller information in bpf hooks	1 - -	---	2025-03-03	Blaise Boscaccy	pcmoore	Changes Requested
hardening: Enable i386 FORTIFY_SOURCE on Clang 16+	hardening: Enable i386 FORTIFY_SOURCE on Clang 16+	- 1 -	---	2025-03-03	Kees Cook		Handled Elsewhere
[man,v3,2/2] landlock.7: Add IPC scoping documentation in line with kernel side	landlock: Clarify IPC scoping documentation	- - -	---	2025-03-03	Günther Noack		Handled Elsewhere
[man,v3,1/2] landlock.7: Copy introductory description of Landlock rules	[man,v3,1/2] landlock.7: Copy introductory description of Landlock rules	- - -	---	2025-03-03	Günther Noack		Handled Elsewhere
[v3,1/1] landlock: Clarify IPC scoping documentation	landlock: Clarify IPC scoping documentation	- - -	---	2025-03-03	Günther Noack		Handled Elsewhere
lsm: rust: mark SecurityCtx methods inline	lsm: rust: mark SecurityCtx methods inline	- 1 -	---	2025-03-03	Alice Ryhl	pcmoore	Changes Requested
cred: rust: mark Credential methods inline	cred: rust: mark Credential methods inline	- 3 -	---	2025-03-03	Alice Ryhl	pcmoore	Changes Requested
[v2,01/11] coccinelle: Add script to reorder capable() calls	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 1 -	---	2025-03-02	Christian Göttsche		Handled Elsewhere
[v2,11/11] infiniband: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 1 -	---	2025-03-02	Christian Göttsche		Handled Elsewhere
[v2,10/11] skbuff: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 1 -	---	2025-03-02	Christian Göttsche		Handled Elsewhere
[v2,09/11] fs: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 2 -	---	2025-03-02	Christian Göttsche		Handled Elsewhere
[v2,08/11] ipv4: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 2 -	---	2025-03-02	Christian Göttsche		Handled Elsewhere
[v2,07/11] drm/panthor: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 2 -	---	2025-03-02	Christian Göttsche		Handled Elsewhere
[v2,06/11] ubifs: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	1 2 -	---	2025-03-02	Christian Göttsche		Handled Elsewhere

« 1 2 3 4 … 55 56 »