Security modules development

Show patches with: Archived = No | 4760 patches

« 1 2 3 4 … 47 48 »

Patch	Series	A/R/T	S/W/F	Date	Submitter	Delegate	State
[v3,-next,07/15] security: min_addr: move sysctl to security/min_addr.c	sysctl: move sysctls from vm_table into its own files	1 1 -	---	2024-10-10	yukaixiong		Handled Elsewhere
[v3,-next,06/15] mm: mmap: move sysctl to mm/mmap.c	sysctl: move sysctls from vm_table into its own files	- 1 -	---	2024-10-10	yukaixiong		Handled Elsewhere
[v3,-next,05/15] mm: util: move sysctls to mm/util.c	sysctl: move sysctls from vm_table into its own files	- 1 -	---	2024-10-10	yukaixiong		Handled Elsewhere
[v3,-next,04/15] mm: vmscan: move vmscan sysctls to mm/vmscan.c	sysctl: move sysctls from vm_table into its own files	- 1 -	---	2024-10-10	yukaixiong		Handled Elsewhere
[v3,-next,03/15] mm: swap: move sysctl to mm/swap.c	sysctl: move sysctls from vm_table into its own files	- 1 -	---	2024-10-10	yukaixiong		Handled Elsewhere
[v3,-next,02/15] mm: filemap: move sysctl to mm/filemap.c	sysctl: move sysctls from vm_table into its own files	- 1 -	---	2024-10-10	yukaixiong		Handled Elsewhere
[v3,-next,01/15] mm: vmstat: move sysctls to mm/vmstat.c	sysctl: move sysctls from vm_table into its own files	- 1 -	---	2024-10-10	yukaixiong		Handled Elsewhere
[v4,13/13] LSM: Remove lsm_prop scaffolding	LSM: Move away from secids	- - -	---	2024-10-09	Casey Schaufler	pcmoore	Accepted
[v4,12/13] Use lsm_prop for audit data	LSM: Move away from secids	- - -	---	2024-10-09	Casey Schaufler	pcmoore	Accepted
[v4,11/13] Audit: Change context data from secid to lsm_prop	LSM: Move away from secids	- - -	---	2024-10-09	Casey Schaufler	pcmoore	Accepted
[v4,10/13] LSM: Create new security_cred_getlsmprop LSM hook	LSM: Move away from secids	- - -	---	2024-10-09	Casey Schaufler	pcmoore	Accepted
[v4,09/13] Audit: use an lsm_prop in audit_names	LSM: Move away from secids	- - -	---	2024-10-09	Casey Schaufler	pcmoore	Accepted
[v4,08/13] LSM: Use lsm_prop in security_inode_getsecid	LSM: Move away from secids	- - -	---	2024-10-09	Casey Schaufler	pcmoore	Accepted
[v4,07/13] LSM: Use lsm_prop in security_current_getsecid	LSM: Move away from secids	- - -	---	2024-10-09	Casey Schaufler	pcmoore	Accepted
[v4,06/13] Audit: Update shutdown LSM data	LSM: Move away from secids	- - -	---	2024-10-09	Casey Schaufler	pcmoore	Accepted
[v4,05/13] LSM: Use lsm_prop in security_ipc_getsecid	LSM: Move away from secids	- - -	---	2024-10-09	Casey Schaufler	pcmoore	Accepted
[v4,04/13] Audit: maintain an lsm_prop in audit_context	LSM: Move away from secids	- - -	---	2024-10-09	Casey Schaufler	pcmoore	Accepted
[v4,03/13] LSM: Add lsmprop_to_secctx hook	LSM: Move away from secids	- - -	---	2024-10-09	Casey Schaufler	pcmoore	Accepted
[v4,02/13] LSM: Use lsm_prop in security_audit_rule_match	LSM: Move away from secids	- - -	---	2024-10-09	Casey Schaufler	pcmoore	Accepted
[v4,01/13] LSM: Add the lsm_prop data structure.	LSM: Move away from secids	1 - -	---	2024-10-09	Casey Schaufler	pcmoore	Accepted
ima: Fix OOB read when violation occurs with ima template.	ima: Fix OOB read when violation occurs with ima template.	- - -	---	2024-10-09	David Fernandez Gonzalez		Handled Elsewhere
[3/3] ima: Mark concurrent accesses to the iint pointer in the inode security blob	[1/3] ima: Remove inode lock	- - -	---	2024-10-08	Roberto Sassu	pcmoore	Handled Elsewhere
[2/3] ima: Ensure lock is held when setting iint pointer in inode security blob	[1/3] ima: Remove inode lock	- - -	---	2024-10-08	Roberto Sassu	pcmoore	Handled Elsewhere
[1/3] ima: Remove inode lock	[1/3] ima: Remove inode lock	- 1 -	---	2024-10-08	Roberto Sassu	pcmoore	Handled Elsewhere
[v2] security/keys: fix slab-out-of-bounds in key_task_permission	[v2] security/keys: fix slab-out-of-bounds in key_task_permission	- 1 -	---	2024-10-08	Chen Ridong		Handled Elsewhere
[v9,7/7] drm: Replace strcpy() with strscpy()	Improve the copy of task comm	1 1 -	---	2024-10-07	Yafang Shao		Handled Elsewhere
[v9,6/7] mm/util: Deduplicate code in {kstrdup,kstrndup,kmemdup_nul}	Improve the copy of task comm	- - -	---	2024-10-07	Yafang Shao		Handled Elsewhere
[v9,5/7] mm/util: Fix possible race condition in kstrdup()	Improve the copy of task comm	- - -	---	2024-10-07	Yafang Shao		Handled Elsewhere
[v9,4/7] bpftool: Ensure task comm is always NUL-terminated	Improve the copy of task comm	- 1 -	---	2024-10-07	Yafang Shao		Handled Elsewhere
[v9,3/7] security: Replace memcpy() with get_task_comm()	Improve the copy of task comm	1 - -	---	2024-10-07	Yafang Shao		Handled Elsewhere
[v9,2/7] auditsc: Replace memcpy() with strscpy()	Improve the copy of task comm	1 1 -	---	2024-10-07	Yafang Shao		Handled Elsewhere
[v9,1/7] Get rid of __get_task_comm()	Improve the copy of task comm	- - -	---	2024-10-07	Yafang Shao		Handled Elsewhere
[GIT,PULL] lsm/lsm-pr-20241004	[GIT,PULL] lsm/lsm-pr-20241004	- - -	---	2024-10-04	Paul Moore	pcmoore	Accepted
[v1] landlock: Improve documentation of previous limitations	[v1] landlock: Improve documentation of previous limitations	- 1 -	---	2024-10-04	Mickaël Salaün		Handled Elsewhere
tomoyo: revert CONFIG_SECURITY_TOMOYO_LKM support	tomoyo: revert CONFIG_SECURITY_TOMOYO_LKM support	1 - -	---	2024-10-03	Paul Moore	pcmoore	Accepted
[RFC,v1,2/2] selftests/landlock: Test non-TCP INET connection-based protocols	Fix non-TCP sockets restriction	- 1 -	---	2024-10-03	Mikhail Ivanov		Handled Elsewhere
[RFC,v1,1/2] landlock: Fix non-TCP sockets restriction	Fix non-TCP sockets restriction	- 1 -	---	2024-10-03	Mikhail Ivanov		Handled Elsewhere
[v2,3/3] samples/landlock: Clarify option parsing behaviour	samples/landlock: Fix port parsing behaviour	- - -	---	2024-10-03	Matthieu Buffet		Handled Elsewhere
[v2,2/3] samples/landlock: Refactor --help message in function	samples/landlock: Fix port parsing behaviour	- - -	---	2024-10-03	Matthieu Buffet		Handled Elsewhere
[v2,1/3] samples/landlock: Fix port parsing in sandboxer	samples/landlock: Fix port parsing behaviour	- - -	---	2024-10-03	Matthieu Buffet		Handled Elsewhere
[v5] rust: add PidNamespace	[v5] rust: add PidNamespace	- 1 -	---	2024-10-02	Christian Brauner		Handled Elsewhere
[v4] rust: add PidNamespace	[v4] rust: add PidNamespace	- - -	---	2024-10-02	Christian Brauner		Handled Elsewhere
[v3] rust: add PidNamespace	[v3] rust: add PidNamespace	- - -	---	2024-10-01	Christian Brauner		Handled Elsewhere
[v1,3/3] landlock: Optimize scope enforcement	Refactor Landlock access mask management	- - -	---	2024-10-01	Mickaël Salaün		Handled Elsewhere
[v1,2/3] landlock: Refactor network access mask management	Refactor Landlock access mask management	- - -	---	2024-10-01	Mickaël Salaün		Handled Elsewhere
[v1,1/3] landlock: Refactor filesystem access mask management	Refactor Landlock access mask management	- 1 -	---	2024-10-01	Mickaël Salaün		Handled Elsewhere
[v2] rust: add PidNamespace	[v2] rust: add PidNamespace	- - -	---	2024-10-01	Christian Brauner		Handled Elsewhere
[RFC,v4] mm: move the check of READ_IMPLIES_EXEC out of do_mmap()	[RFC,v4] mm: move the check of READ_IMPLIES_EXEC out of do_mmap()	- - -	---	2024-09-28	Shu Han		Under Review
[v5.15-v6.1] selinux,smack: don't bypass permissions check in inode_setsecctx hook	[v5.15-v6.1] selinux,smack: don't bypass permissions check in inode_setsecctx hook	1 3 1	---	2024-09-28	Shivani Agarwal		Handled Elsewhere
[v5.10] selinux,smack: don't bypass permissions check in inode_setsecctx hook	[v5.10] selinux,smack: don't bypass permissions check in inode_setsecctx hook	1 3 1	---	2024-09-28	Shivani Agarwal		Handled Elsewhere
ipe: fallback to platform keyring also if key in trusted keyring is rejected	ipe: fallback to platform keyring also if key in trusted keyring is rejected	1 - -	---	2024-09-27	Luca Boccassi		Handled Elsewhere
[2/2] Revert "mm: introduce PF_MEMALLOC_NORECLAIM, PF_MEMALLOC_NOWARN"	remove PF_MEMALLOC_NORECLAIM	- 4 -	---	2024-09-26	Michal Hocko		Handled Elsewhere
[1/2] bcachefs: do not use PF_MEMALLOC_NORECLAIM	remove PF_MEMALLOC_NORECLAIM	- 3 -	---	2024-09-26	Michal Hocko		Handled Elsewhere
[RFC] rust: add PidNamespace wrapper	[RFC] rust: add PidNamespace wrapper	- - -	---	2024-09-26	Christian Brauner		Handled Elsewhere
[v3,2/2] ipe: also reject policy updates with the same version	[v3,1/2] ipe: return -ESTALE instead of -EINVAL on update when new policy has a lower version	1 1 -	---	2024-09-25	Luca Boccassi		Handled Elsewhere
[v3,1/2] ipe: return -ESTALE instead of -EINVAL on update when new policy has a lower version	[v3,1/2] ipe: return -ESTALE instead of -EINVAL on update when new policy has a lower version	1 1 -	---	2024-09-25	Luca Boccassi		Handled Elsewhere
[v2,2/2] ipe: also reject policy updates with the same version	[v2,1/2] ipe: return -ESTALE instead of -EINVAL on update when new policy has a lower version	- 1 -	---	2024-09-25	Luca Boccassi		Handled Elsewhere
[v2,1/2] ipe: return -ESTALE instead of -EINVAL on update when new policy has a lower version	[v2,1/2] ipe: return -ESTALE instead of -EINVAL on update when new policy has a lower version	1 1 -	---	2024-09-25	Luca Boccassi		Handled Elsewhere
[RFC] capabilities: remove cap_mmap_file()	[RFC] capabilities: remove cap_mmap_file()	- 2 -	---	2024-09-25	Paul Moore	pcmoore	Handled Elsewhere
[RFC,v3] mm: move the check of READ_IMPLIES_EXEC out of do_mmap()	[RFC,v3] mm: move the check of READ_IMPLIES_EXEC out of do_mmap()	- - -	---	2024-09-25	Shu Han		Superseded
[RFC,v2] mm: move the check of READ_IMPLIES_EXEC out of do_mmap()	[RFC,v2] mm: move the check of READ_IMPLIES_EXEC out of do_mmap()	- - -	---	2024-09-25	Shu Han		Superseded
[RFC,v2] mm: move security_mmap_file() back into do_mmap()	[RFC,v2] mm: move security_mmap_file() back into do_mmap()	- - -	---	2024-09-25	Shu Han		Superseded
tomoyo: fallback to realpath if symlink's pathname does not exist	tomoyo: fallback to realpath if symlink's pathname does not exist	- - -	---	2024-09-25	Tetsuo Handa		Handled Elsewhere
mm: move security_file_mmap() back into do_mmap()	mm: move security_file_mmap() back into do_mmap()	- - -	---	2024-09-25	Shu Han		Under Review
mm: move the check of READ_IMPLIES_EXEC out of do_mmap()	mm: move the check of READ_IMPLIES_EXEC out of do_mmap()	- - -	---	2024-09-25	Shu Han		Under Review
[GIT,PULL] lsm/lsm-pr-20240923	[GIT,PULL] lsm/lsm-pr-20240923	- - -	---	2024-09-23	Paul Moore		Accepted
[GIT,PULL] Landlock updates for v6.12	[GIT,PULL] Landlock updates for v6.12	- - -	---	2024-09-23	Mickaël Salaün		Handled Elsewhere
ipe: Fix out-of-bound access of kunit_suite_num_test_cases()	ipe: Fix out-of-bound access of kunit_suite_num_test_cases()	- - -	---	2024-09-23	Jinjie Ruan	pcmoore	In Next
[1/1] netlabel: Add missing comment to struct field	[1/1] netlabel: Add missing comment to struct field	1 - -	---	2024-09-23	George Guo	pcmoore	Handled Elsewhere
ipe: Add missing terminator to list of unit tests	ipe: Add missing terminator to list of unit tests	1 - -	---	2024-09-22	Guenter Roeck	pcmoore	Accepted
[2/2] ipe: also reject policy updates with the same version	[1/2] ipe: return -ESTALE instead of -EINVAL on update when new policy has a lower version	- 1 -	---	2024-09-22	Luca Boccassi		Handled Elsewhere
[1/2] ipe: return -ESTALE instead of -EINVAL on update when new policy has a lower version	[1/2] ipe: return -ESTALE instead of -EINVAL on update when new policy has a lower version	- - -	---	2024-09-22	Luca Boccassi		Handled Elsewhere
[v5,5/5] tpm: flush the auth session only when /dev/tpm0 is open	Lazy flush for the auth session	- 1 1	---	2024-09-21	Jarkko Sakkinen		Handled Elsewhere
[v5,4/5] tpm: Allocate chip->auth in tpm2_start_auth_session()	Lazy flush for the auth session	- 1 -	---	2024-09-21	Jarkko Sakkinen		Handled Elsewhere
[v5,3/5] tpm: flush the null key only when /dev/tpm0 is accessed	Lazy flush for the auth session	- - 1	---	2024-09-21	Jarkko Sakkinen		Handled Elsewhere
[v5,2/5] tpm: Implement tpm2_load_null() rollback	Lazy flush for the auth session	- - -	---	2024-09-21	Jarkko Sakkinen		Handled Elsewhere
[v5,1/5] tpm: Return on tpm2_create_null_primary() failure	Lazy flush for the auth session	- - -	---	2024-09-21	Jarkko Sakkinen		Handled Elsewhere
apparmor: Remove deadcode	apparmor: Remove deadcode	- - -	---	2024-09-20	Dr. David Alan Gilbert		Handled Elsewhere
[GIT,PULL] lsm/lsm-pr-20240920	[GIT,PULL] lsm/lsm-pr-20240920	- - -	---	2024-09-20	Paul Moore	pcmoore	Accepted
selinux,smack: properly reference the LSM blob in security_watch_key()	selinux,smack: properly reference the LSM blob in security_watch_key()	- 1 -	---	2024-09-19	Paul Moore	pcmoore	Accepted
mm: call the security_mmap_file() LSM hook in remap_file_pages()	mm: call the security_mmap_file() LSM hook in remap_file_pages()	1 - -	---	2024-09-19	Paul Moore	pcmoore	Accepted
[v4,5/5] tpm: flush the auth session only when /dev/tpm0 is open	Lazy flush for the auth session	- - 1	---	2024-09-18	Jarkko Sakkinen		Handled Elsewhere
[v4,4/5] tpm: Allocate chip->auth in tpm2_start_auth_session()	Lazy flush for the auth session	- - -	---	2024-09-18	Jarkko Sakkinen		Handled Elsewhere
[v4,3/5] tpm: flush the null key only when /dev/tpm0 is accessed	Lazy flush for the auth session	- - 1	---	2024-09-18	Jarkko Sakkinen		Handled Elsewhere
[v4,2/5] tpm: Return on tpm2_create_primary() failure in tpm2_load_null()	Lazy flush for the auth session	- - -	---	2024-09-18	Jarkko Sakkinen		Handled Elsewhere
[v4,1/5] tpm: Return on tpm2_create_null_primary() failure	Lazy flush for the auth session	- - -	---	2024-09-18	Jarkko Sakkinen		Handled Elsewhere
[5/5] LSM: Use lsm_context in security_inode_notifysecctx	LSM: Replace secctx/len pairs with lsm_context	- - -	---	2024-09-17	Casey Schaufler	pcmoore	Superseded
[4/5] LSM: secctx provider check on release	LSM: Replace secctx/len pairs with lsm_context	- - -	---	2024-09-17	Casey Schaufler	pcmoore	Superseded
[3/5] LSM: lsm_context in security_dentry_init_security	LSM: Replace secctx/len pairs with lsm_context	- - -	---	2024-09-17	Casey Schaufler	pcmoore	Superseded
[2/5] LSM: Use lsm_context in security_inode_getsecctx	LSM: Replace secctx/len pairs with lsm_context	- - -	---	2024-09-17	Casey Schaufler	pcmoore	Superseded
[1/5] LSM: Replace context+len with lsm_context	LSM: Replace secctx/len pairs with lsm_context	- 1 -	---	2024-09-17	Casey Schaufler	pcmoore	Superseded
[v3,7/7] tpm: open code tpm2_create_null_primary()	Lazy flush for the auth session	- - -	---	2024-09-17	Jarkko Sakkinen		Handled Elsewhere
[v3,6/7] tpm: flush the auth session only when /dev/tpm0 is open	Lazy flush for the auth session	- - -	---	2024-09-17	Jarkko Sakkinen		Handled Elsewhere
[v3,5/7] tpm: Allocate chip->auth in tpm2_start_auth_session()	Lazy flush for the auth session	- - -	---	2024-09-17	Jarkko Sakkinen		Handled Elsewhere
[v3,4/7] tpm: flush the null key only when /dev/tpm0 is accessed	Lazy flush for the auth session	- - 1	---	2024-09-17	Jarkko Sakkinen		Handled Elsewhere
[v3,3/7] tpm: Return on tpm2_create_primary() failure in tpm2_load_null()	Lazy flush for the auth session	- - -	---	2024-09-17	Jarkko Sakkinen		Handled Elsewhere
[v3,2/7] tpm: Return on tpm2_create_null_primary() failure	Lazy flush for the auth session	- - -	---	2024-09-17	Jarkko Sakkinen		Handled Elsewhere
[v3,1/7] tpm: Remove the top-level documentation tpm2-sessions.c	Lazy flush for the auth session	- - -	---	2024-09-17	Jarkko Sakkinen		Handled Elsewhere
[RFC,v1,7/7] selftests/landlock: Add UDP sendmsg/recvmsg tests	landlock: Add UDP access control support	- - -	---	2024-09-16	Matthieu Buffet		Handled Elsewhere
[RFC,v1,6/7] selftests/landlock: Adapt existing tests for UDP	landlock: Add UDP access control support	- - -	---	2024-09-16	Matthieu Buffet		Handled Elsewhere

« 1 2 3 4 … 47 48 »