Show patches with: Archived = No       |   5451 patches
« 1 2 3 454 55 »
Patch Series A/R/T S/W/F Date Submitter Delegate State
[v11,bpf-next,2/7] selftests/bpf: Extend test fs_kfuncs to cover security.bpf. xattr names Enable writing xattr from BPF programs - - - --- 2025-01-29 Song Liu New
[v11,bpf-next,1/7] fs/xattr: bpf: Introduce security.bpf. xattr name prefix Enable writing xattr from BPF programs 1 2 - --- 2025-01-29 Song Liu New
[RFC,v2,2/2] ipe: add 'anonymous_memory' property for policy decisions ipe support for anonymous memory and memfd - - - --- 2025-01-29 Fan Wu New
[RFC,v2,1/2] memfd,lsm: add a security hook to memfd_create() ipe support for anonymous memory and memfd - - - --- 2025-01-29 Fan Wu New
[v5,3/3] vfs: add notifications for mount attach and detach mount notification - 1 - --- 2025-01-29 Miklos Szeredi New
[v5,2/3] fanotify: notify on mount attach and detach mount notification - 1 - --- 2025-01-29 Miklos Szeredi New
[v5,1/3] fsnotify: add mount notification infrastructure mount notification - 1 - --- 2025-01-29 Miklos Szeredi New
[V3] audit: Initialize lsmctx to avoid memory allocation error [V3] audit: Initialize lsmctx to avoid memory allocation error - - - --- 2025-01-29 Huacai Chen New
apparmor: use the condition in AA_BUG_FMT even with debug disabled apparmor: use the condition in AA_BUG_FMT even with debug disabled 1 - - --- 2025-01-27 Mateusz Guzik New
[v3,2/2] lsm,io_uring: add LSM hooks for io_uring_setup() [v3,1/2] io_uring: refactor io_uring_allowed() - - - --- 2025-01-27 Hamza Mahfooz pcmoore Accepted
[v3,1/2] io_uring: refactor io_uring_allowed() [v3,1/2] io_uring: refactor io_uring_allowed() - - - --- 2025-01-27 Hamza Mahfooz pcmoore Accepted
smack: ipv4/ipv6: tcp/dccp/sctp: fix incorrect child socket label smack: ipv4/ipv6: tcp/dccp/sctp: fix incorrect child socket label - - - --- 2025-01-26 Konstantin Andreev New
[V2] audit: Initialize lsmctx to avoid memory allocation error [V2] audit: Initialize lsmctx to avoid memory allocation error - - - --- 2025-01-25 Huacai Chen New
[7/7] ima: measure kexec load and exec events as critical data ima: kexec: measure events between kexec load and excute - 1 - --- 2025-01-24 steven chen New
[v6,6/7] ima: make the kexec extra memory configurable ima: kexec: measure events between kexec load and excute - 1 - --- 2025-01-24 steven chen New
[v6,5/7] ima: kexec: move IMA log copy from kexec load to execute ima: kexec: measure events between kexec load and excute - 1 - --- 2025-01-24 steven chen New
[v6,4/7] ima: kexec: define functions to copy IMA log at soft boot ima: kexec: measure events between kexec load and excute - 2 - --- 2025-01-24 steven chen New
[v6,3/7] ima: kexec: skip IMA segment validation after kexec soft reboot ima: kexec: measure events between kexec load and excute - 1 - --- 2025-01-24 steven chen New
[v6,2/7] kexec: define functions to map and unmap segments ima: kexec: measure events between kexec load and excute - 2 - --- 2025-01-24 steven chen New
[v6,1/7] ima: define and call ima_alloc_kexec_file_buf ima: kexec: measure events between kexec load and excute - 1 - --- 2025-01-24 steven chen New
[7/7] ima: measure kexec load and exec events as critical data *** SUBJECT HERE *** - 1 - --- 2025-01-24 steven chen New
[v6,6/7] ima: make the kexec extra memory configurable *** SUBJECT HERE *** - - - --- 2025-01-24 steven chen New
[v6,5/7] ima: kexec: move IMA log copy from kexec load to execute *** SUBJECT HERE *** - 1 - --- 2025-01-24 steven chen New
[v6,4/7] ima: kexec: define functions to copy IMA log at soft boot *** SUBJECT HERE *** - 2 - --- 2025-01-24 steven chen New
[v6,3/7] ima: kexec: skip IMA segment validation after kexec soft reboot *** SUBJECT HERE *** - - - --- 2025-01-24 steven chen New
[v6,2/7] kexec: define functions to map and unmap segments *** SUBJECT HERE *** - 2 - --- 2025-01-24 steven chen New
[v6,1/7] ima: define and call ima_alloc_kexec_file_buf *** SUBJECT HERE *** - 1 - --- 2025-01-24 steven chen New
[v10,bpf-next,7/7] selftests/bpf: Test kfuncs that set and remove xattr from BPF programs Enable writing xattr from BPF programs - - - --- 2025-01-24 Song Liu New
[v10,bpf-next,6/7] bpf: fs/xattr: Add BPF kfuncs to set and remove xattrs Enable writing xattr from BPF programs 1 - - --- 2025-01-24 Song Liu New
[v10,bpf-next,5/7] bpf: Use btf_kfunc_id_set.remap logic for bpf_dynptr_from_skb Enable writing xattr from BPF programs - - - --- 2025-01-24 Song Liu New
[v10,bpf-next,4/7] bpf: Extend btf_kfunc_id_set to handle kfunc polymorphism Enable writing xattr from BPF programs - - - --- 2025-01-24 Song Liu New
[v10,bpf-next,3/7] bpf: lsm: Add two more sleepable hooks Enable writing xattr from BPF programs - - - --- 2025-01-24 Song Liu New
[v10,bpf-next,2/7] selftests/bpf: Extend test fs_kfuncs to cover security.bpf. xattr names Enable writing xattr from BPF programs - - - --- 2025-01-24 Song Liu New
[v10,bpf-next,1/7] fs/xattr: bpf: Introduce security.bpf. xattr name prefix Enable writing xattr from BPF programs 1 1 - --- 2025-01-24 Song Liu New
[man,3/3] landlock.7: Update wording in line with kernel side proposal [1/2] landlock: Minor typo and grammar fixes in IPC scoping documentation - - - --- 2025-01-24 Günther Noack Handled Elsewhere
[man,2/3] landlock.7: Move over documentation for ABI version 6 Untitled series #928192 - - - --- 2025-01-24 Günther Noack Handled Elsewhere
[man,1/3] landlock.7: Update description of Landlock rules [man,1/3] landlock.7: Update description of Landlock rules - - - --- 2025-01-24 Günther Noack Handled Elsewhere
[2/2] landlock: Clarify IPC scoping documentation [1/2] landlock: Minor typo and grammar fixes in IPC scoping documentation - - - --- 2025-01-24 Günther Noack Handled Elsewhere
[1/2] landlock: Minor typo and grammar fixes in IPC scoping documentation [1/2] landlock: Minor typo and grammar fixes in IPC scoping documentation - - - --- 2025-01-24 Günther Noack Handled Elsewhere
apparmor: Make sysctl table const apparmor: Make sysctl table const - - - --- 2025-01-23 Ricardo B. Marlière New
security: keys: Make sysctl table const security: keys: Make sysctl table const - - - --- 2025-01-23 Ricardo B. Marlière New
tomoyo: fix spelling error tomoyo: fix spelling error - 1 - --- 2025-01-23 Tanya Agarwal Handled Elsewhere
security: smack: fix typos and spelling errors security: smack: fix typos and spelling errors - 1 - --- 2025-01-23 Tanya Agarwal Handled Elsewhere
landlock: fix grammar and spelling error landlock: fix grammar and spelling error - 2 - --- 2025-01-23 Tanya Agarwal Handled Elsewhere
[v4,4/4] vfs: add notifications for mount attribute change mount notification - - - --- 2025-01-23 Miklos Szeredi New
[v4,3/4] vfs: add notifications for mount attach and detach mount notification - - - --- 2025-01-23 Miklos Szeredi New
[v4,2/4] fanotify: notify on mount attach and detach mount notification - - - --- 2025-01-23 Miklos Szeredi New
[v4,1/4] fsnotify: add mount notification infrastructure mount notification - - - --- 2025-01-23 Miklos Szeredi New
integrity: fix typos and spelling errors integrity: fix typos and spelling errors - 1 - --- 2025-01-23 Tanya Agarwal Handled Elsewhere
[2/2] LoadPin: Make sysctl table const security: Constify sysctl tables - 1 - --- 2025-01-23 Ricardo B. Marlière New
[1/2] yama: Make sysctl table const security: Constify sysctl tables - 1 - --- 2025-01-23 Ricardo B. Marlière New
apparmor: fix typos and spelling errors apparmor: fix typos and spelling errors 1 2 - --- 2025-01-23 Tanya Agarwal Handled Elsewhere
[v3,6/6] ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattr ima: Remove unnecessary inode locks - 1 - --- 2025-01-22 Roberto Sassu Handled Elsewhere
[v3,5/6] ima: Defer fixing security.ima to __fput() ima: Remove unnecessary inode locks - - - --- 2025-01-22 Roberto Sassu Handled Elsewhere
[v3,4/6] ima: Mark concurrent accesses to the iint pointer in the inode security blob ima: Remove unnecessary inode locks - 2 - --- 2025-01-22 Roberto Sassu Handled Elsewhere
[v3,3/6] ima: Detect if lock is held when iint pointer is set in inode security blob ima: Remove unnecessary inode locks - 1 - --- 2025-01-22 Roberto Sassu Handled Elsewhere
[v3,2/6] ima: Remove inode lock ima: Remove unnecessary inode locks - 2 - --- 2025-01-22 Roberto Sassu Handled Elsewhere
[v3,1/6] fs: ima: Remove S_IMA and IS_IMA() ima: Remove unnecessary inode locks 1 1 - --- 2025-01-22 Roberto Sassu Handled Elsewhere
[GIT,PULL] Landlock updates for v6.14 [GIT,PULL] Landlock updates for v6.14 - - - --- 2025-01-22 Mickaël Salaün Handled Elsewhere
[v2] fs: introduce getfsxattrat and setfsxattrat syscalls [v2] fs: introduce getfsxattrat and setfsxattrat syscalls - - - --- 2025-01-22 Andrey Albershteyn New
ipe: Search for the boot policy file in the source tree ipe: Search for the boot policy file in the source tree - - - --- 2025-01-22 Tyler Hicks Handled Elsewhere
apparmor: remove unused variable apparmor: remove unused variable 1 - - --- 2025-01-22 Arnd Bergmann Handled Elsewhere
[GIT,PULL] selinux/selinux-pr-20250121 [GIT,PULL] selinux/selinux-pr-20250121 - - - --- 2025-01-21 Paul Moore Handled Elsewhere
[GIT,PULL] lsm/lsm-pr-20250121 [GIT,PULL] lsm/lsm-pr-20250121 - - - --- 2025-01-21 Paul Moore New
[GIT,PULL] Smack patches for 6.14 [GIT,PULL] Smack patches for 6.14 - - - --- 2025-01-21 Casey Schaufler Handled Elsewhere
[security] apparmor: fix logical error in signal range validation [security] apparmor: fix logical error in signal range validation - - - --- 2025-01-21 Dheeraj Reddy Jonnalagadda Handled Elsewhere
[-next,1/2] apparmor: Modify mismatched function name [-next,1/2] apparmor: Modify mismatched function name 1 - - --- 2025-01-21 Jiapeng Chong Handled Elsewhere
[-next,2/2] apparmor: Modify mismatched function name [-next,1/2] apparmor: Modify mismatched function name 1 - - --- 2025-01-21 Jiapeng Chong Handled Elsewhere
[GIT,PULL] capabilities changes for 6.14-rc1 [GIT,PULL] capabilities changes for 6.14-rc1 - - - --- 2025-01-20 Serge E. Hallyn Handled Elsewhere
[v2,6/6] module: Introduce hash-based integrity checking module: Introduce hash-based integrity checking - - - --- 2025-01-20 Thomas Weißschuh New
[v2,5/6] lockdown: Make the relationship to MODULE_SIG a dependency module: Introduce hash-based integrity checking - - - --- 2025-01-20 Thomas Weißschuh New
[v2,4/6] module: Move lockdown check into generic module loader module: Introduce hash-based integrity checking - - - --- 2025-01-20 Thomas Weißschuh New
[v2,3/6] module: Move integrity checks into dedicated function module: Introduce hash-based integrity checking - - - --- 2025-01-20 Thomas Weißschuh New
[v2,2/6] module: Make module loading policy usable without MODULE_SIG module: Introduce hash-based integrity checking - - - --- 2025-01-20 Thomas Weißschuh New
[v2,1/6] kbuild: add stamp file for vmlinux BTF data module: Introduce hash-based integrity checking - - - --- 2025-01-20 Thomas Weißschuh New
apparmor: Remove unused variable 'sock' in __file_sock_perm() apparmor: Remove unused variable 'sock' in __file_sock_perm() 1 - - --- 2025-01-20 Nathan Chancellor Handled Elsewhere
apparmor: Fix checking address of an array in accum_label_info() apparmor: Fix checking address of an array in accum_label_info() 1 - - --- 2025-01-20 Nathan Chancellor Handled Elsewhere
smack: remove /smack/logging if audit is not configured smack: remove /smack/logging if audit is not configured - - - --- 2025-01-17 Konstantin Andreev Handled Elsewhere
smack: dont compile ipv6 code unless ipv6 is configured smack: dont compile ipv6 code unless ipv6 is configured - - - --- 2025-01-17 Konstantin Andreev Handled Elsewhere
[2/2] smack: recognize ipv4 CIPSO w/o categories smack: recognize ipv4 CIPSO w/o categories - - - --- 2025-01-16 Konstantin Andreev Handled Elsewhere
[1/2] smack: Revert "smackfs: Added check catlen" smack: recognize ipv4 CIPSO w/o categories - - - --- 2025-01-16 Konstantin Andreev Handled Elsewhere
[v1] selftests/landlock: Fix build with non-default pthread linking [v1] selftests/landlock: Fix build with non-default pthread linking - 1 - --- 2025-01-15 Mickaël Salaün Handled Elsewhere
[v1] selftests: Handle old glibc without execveat(2) [v1] selftests: Handle old glibc without execveat(2) - 1 - --- 2025-01-15 Mickaël Salaün Handled Elsewhere
Docs/security: update cmdline keyword usage Docs/security: update cmdline keyword usage - - - --- 2025-01-14 Randy Dunlap pcmoore Rejected
[V2] loadpin: remove MODULE_COMPRESS_NONE as it is no longer supported [V2] loadpin: remove MODULE_COMPRESS_NONE as it is no longer supported - - - --- 2025-01-14 Arulpandiyan Vadivel pcmoore Under Review
loadpin: remove MODULE_COMPRESS_NONE as it is no longer supported loadpin: remove MODULE_COMPRESS_NONE as it is no longer supported - 1 - --- 2025-01-14 Arulpandiyan Vadivel pcmoore Superseded
[v2,12/12] reboot: retire hw_protection_reboot and hw_protection_shutdown helpers reboot: support runtime configuration of emergency hw_protection action - 1 - --- 2025-01-13 Ahmad Fatoum Handled Elsewhere
[v2,11/12] thermal: core: allow user configuration of hardware protection action reboot: support runtime configuration of emergency hw_protection action - 1 - --- 2025-01-13 Ahmad Fatoum Handled Elsewhere
[v2,10/12] dt-bindings: thermal: give OS some leeway in absence of critical-action reboot: support runtime configuration of emergency hw_protection action 1 - - --- 2025-01-13 Ahmad Fatoum Handled Elsewhere
[v2,09/12] platform/chrome: cros_ec_lpc: prepare for hw_protection_shutdown removal reboot: support runtime configuration of emergency hw_protection action 1 - - --- 2025-01-13 Ahmad Fatoum Handled Elsewhere
[v2,08/12] regulator: allow user configuration of hardware protection action reboot: support runtime configuration of emergency hw_protection action - 2 - --- 2025-01-13 Ahmad Fatoum Handled Elsewhere
[v2,07/12] reboot: add support for configuring emergency hardware protection action reboot: support runtime configuration of emergency hw_protection action - 1 - --- 2025-01-13 Ahmad Fatoum Handled Elsewhere
[v2,06/12] reboot: indicate whether it is a HARDWARE PROTECTION reboot or shutdown reboot: support runtime configuration of emergency hw_protection action - 1 - --- 2025-01-13 Ahmad Fatoum Handled Elsewhere
[v2,05/12] reboot: rename now misleading __hw_protection_shutdown symbols reboot: support runtime configuration of emergency hw_protection action - 1 - --- 2025-01-13 Ahmad Fatoum Handled Elsewhere
[v2,04/12] reboot: describe do_kernel_restart's cmd argument in kernel-doc reboot: support runtime configuration of emergency hw_protection action - 1 - --- 2025-01-13 Ahmad Fatoum Handled Elsewhere
[v2,03/12] docs: thermal: sync hardware protection doc with code reboot: support runtime configuration of emergency hw_protection action - 2 - --- 2025-01-13 Ahmad Fatoum Handled Elsewhere
[v2,02/12] reboot: reboot, not shutdown, on hw_protection_reboot timeout reboot: support runtime configuration of emergency hw_protection action - 2 - --- 2025-01-13 Ahmad Fatoum Handled Elsewhere
[v2,01/12] reboot: replace __hw_protection_shutdown bool action parameter with an enum reboot: support runtime configuration of emergency hw_protection action - 1 - --- 2025-01-13 Ahmad Fatoum Handled Elsewhere
[v1,4/4] landlock: Use scoped guards for mutex Use scoped guards on Landlock - 1 - --- 2025-01-13 Mickaël Salaün Handled Elsewhere
[v1,3/4] locking/mutex: Add mutex_nest_1() scoped guard Use scoped guards on Landlock - - - --- 2025-01-13 Mickaël Salaün Handled Elsewhere
« 1 2 3 454 55 »