Show patches with: Archived = No       |   4924 patches
« 1 2 ... 38 39 4049 50 »
Patch Series A/R/T S/W/F Date Submitter Delegate State
[v3,09/10] KEYS: CA link restriction Add CA enforcement keyring restrictions - - - --- 2022-12-14 Eric Snowberg Handled Elsewhere
[v3,08/10] integrity: Use root of trust signature restriction Add CA enforcement keyring restrictions - - - --- 2022-12-14 Eric Snowberg Handled Elsewhere
[v3,07/10] KEYS: X.509: Flag Intermediate CA certs as endorsed Add CA enforcement keyring restrictions - - - --- 2022-12-14 Eric Snowberg Handled Elsewhere
[v3,06/10] KEYS: Introduce keyring restriction that validates ca trust Add CA enforcement keyring restrictions - - - --- 2022-12-14 Eric Snowberg Handled Elsewhere
[v3,05/10] KEYS: Introduce a CA endorsed flag Add CA enforcement keyring restrictions - - - --- 2022-12-14 Eric Snowberg Handled Elsewhere
[v3,04/10] KEYS: X.509: Parse Key Usage Add CA enforcement keyring restrictions - - - --- 2022-12-14 Eric Snowberg Handled Elsewhere
[v3,03/10] KEYS: X.509: Parse Basic Constraints for CA Add CA enforcement keyring restrictions - - - --- 2022-12-14 Eric Snowberg Handled Elsewhere
[v3,02/10] KEYS: Add missing function documentation Add CA enforcement keyring restrictions - 1 - --- 2022-12-14 Eric Snowberg Handled Elsewhere
[v3,01/10] KEYS: Create static version of public_key_verify_signature Add CA enforcement keyring restrictions - 2 - --- 2022-12-14 Eric Snowberg Handled Elsewhere
[v2,1/1] selftests/landlock: skip ptrace_test according to YAMA selftests/landlock: Fix selftest ptrace_test run fail - - - --- 2022-12-13 Jeff Xu Handled Elsewhere
[1/1,RFC] SELINUX: Remove obsolete deferred inode security init list. SELINUX: Remove obsolete deferred inode security - - - --- 2022-12-13 Alexander Kozhevnikov Handled Elsewhere
[GIT,PULL] LSM patches for v6.2 [GIT,PULL] LSM patches for v6.2 - - - --- 2022-12-13 Paul Moore pcmoore Accepted
[GIT,PULL] SELinux patches for v6.2 [GIT,PULL] SELinux patches for v6.2 - - - --- 2022-12-13 Paul Moore Handled Elsewhere
[GIT,PULL] Landlock updates for v6.2 [GIT,PULL] Landlock updates for v6.2 - - - --- 2022-12-12 Mickaël Salaün Handled Elsewhere
[4/4] LoadPin: Allow filesystem switch when not enforcing LoadPin: Allow filesystem switch when not enforcing - - - --- 2022-12-09 Kees Cook Handled Elsewhere
[3/4] LoadPin: Move pin reporting cleanly out of locking LoadPin: Allow filesystem switch when not enforcing - - - --- 2022-12-09 Kees Cook Handled Elsewhere
[2/4] LoadPin: Refactor sysctl initialization LoadPin: Allow filesystem switch when not enforcing - - - --- 2022-12-09 Kees Cook Handled Elsewhere
[1/4] LoadPin: Refactor read-only check into a helper LoadPin: Allow filesystem switch when not enforcing - - - --- 2022-12-09 Kees Cook Handled Elsewhere
LoadPin: Ignore the "contents" argument of the LSM hooks LoadPin: Ignore the "contents" argument of the LSM hooks 1 - - --- 2022-12-09 Kees Cook pcmoore Handled Elsewhere
[v2] landlock: Explain file descriptor access rights [v2] landlock: Explain file descriptor access rights - 1 - --- 2022-12-09 Mickaël Salaün Handled Elsewhere
[v7,6/6] mm/memfd: security hook for memfd_create mm/memfd: introduce MFD_NOEXEC_SEAL and MFD_EXEC - - - --- 2022-12-09 Jeff Xu pcmoore Changes Requested
[v7,5/6] selftests/memfd: add tests for MFD_NOEXEC_SEAL MFD_EXEC mm/memfd: introduce MFD_NOEXEC_SEAL and MFD_EXEC - 1 - --- 2022-12-09 Jeff Xu pcmoore Changes Requested
[v7,4/6] mm/memfd: Add write seals when apply SEAL_EXEC to executable memfd mm/memfd: introduce MFD_NOEXEC_SEAL and MFD_EXEC - 1 - --- 2022-12-09 Jeff Xu pcmoore Changes Requested
[v7,3/6] mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC mm/memfd: introduce MFD_NOEXEC_SEAL and MFD_EXEC - 1 - --- 2022-12-09 Jeff Xu pcmoore Changes Requested
[v7,2/6] selftests/memfd: add tests for F_SEAL_EXEC mm/memfd: introduce MFD_NOEXEC_SEAL and MFD_EXEC - 1 - --- 2022-12-09 Jeff Xu pcmoore Changes Requested
[v7,1/6] mm/memfd: add F_SEAL_EXEC mm/memfd: introduce MFD_NOEXEC_SEAL and MFD_EXEC - 1 - --- 2022-12-09 Jeff Xu pcmoore Changes Requested
[v2] KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() [v2] KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() - - - --- 2022-12-09 Roberto Sassu Handled Elsewhere
[2/2] doc: Fix fs_context_parse_param description in mount_api.rst [1/2] lsm: Fix description of fs_context_parse_param - - - --- 2022-12-09 Roberto Sassu pcmoore Under Review
[1/2] lsm: Fix description of fs_context_parse_param [1/2] lsm: Fix description of fs_context_parse_param - - - --- 2022-12-09 Roberto Sassu pcmoore Accepted
KEYS: asymmetric: Make a copy of sig and digest in vmalloced stack KEYS: asymmetric: Make a copy of sig and digest in vmalloced stack - - - --- 2022-12-08 Roberto Sassu Handled Elsewhere
[GIT,PULL] tpmdd updates for tpmdd-next-v6.2-rc1 [GIT,PULL] tpmdd updates for tpmdd-next-v6.2-rc1 - - - --- 2022-12-08 Jarkko Sakkinen Handled Elsewhere
[mptcp-net] mptcp: fix LSM labeling for passive msk [mptcp-net] mptcp: fix LSM labeling for passive msk 1 - - --- 2022-12-07 Paolo Abeni pcmoore Changes Requested
[RFC,v2,7/7] selftests/bpf: Change return value in test_libbpf_get_fd_by_id_opts.c bpf-lsm: Check return values of security modules - - - --- 2022-12-07 Roberto Sassu pcmoore Changes Requested
[RFC,v2,6/7] selftests/bpf: Prevent positive ret values in test_lsm and verify_pkcs7_sig bpf-lsm: Check return values of security modules - - - --- 2022-12-07 Roberto Sassu pcmoore Changes Requested
[RFC,v2,5/7] selftests/bpf: Check if return values of LSM programs are allowed bpf-lsm: Check return values of security modules - - - --- 2022-12-07 Roberto Sassu pcmoore Changes Requested
[RFC,v2,4/7] bpf-lsm: Enforce return value limitations on security modules bpf-lsm: Check return values of security modules - - - --- 2022-12-07 Roberto Sassu pcmoore Changes Requested
[RFC,v2,3/7] lsm: Redefine LSM_HOOK() macro to add return value flags as argument bpf-lsm: Check return values of security modules - - - --- 2022-12-07 Roberto Sassu pcmoore Changes Requested
[RFC,v2,2/7] bpf: Mark ALU32 operations in bpf_reg_state structure bpf-lsm: Check return values of security modules - - - --- 2022-12-07 Roberto Sassu pcmoore Changes Requested
[RFC,v2,1/7] bpf: Remove superfluous btf_id_set_contains() declaration bpf-lsm: Check return values of security modules - - - --- 2022-12-07 Roberto Sassu pcmoore Changes Requested
[v2,10/10] integrity: restrict INTEGRITY_KEYRING_MACHINE to restrict_link_by_ca Add CA enforcement keyring restrictions - - - --- 2022-12-07 Eric Snowberg Handled Elsewhere
[v2,09/10] KEYS: CA link restriction Add CA enforcement keyring restrictions - - - --- 2022-12-07 Eric Snowberg Handled Elsewhere
[v2,08/10] integrity: Use root of trust signature restriction Add CA enforcement keyring restrictions - - - --- 2022-12-07 Eric Snowberg Handled Elsewhere
[v2,07/10] KEYS: X.509: Flag Intermediate CA certs as endorsed Add CA enforcement keyring restrictions - - - --- 2022-12-07 Eric Snowberg Handled Elsewhere
[v2,06/10] KEYS: Introduce keyring restriction that validates ca trust Add CA enforcement keyring restrictions - - - --- 2022-12-07 Eric Snowberg Handled Elsewhere
[v2,05/10] KEYS: Introduce a CA endorsed flag Add CA enforcement keyring restrictions - - - --- 2022-12-07 Eric Snowberg Handled Elsewhere
[v2,04/10] KEYS: X.509: Parse Key Usage Add CA enforcement keyring restrictions - - - --- 2022-12-07 Eric Snowberg Handled Elsewhere
[v2,03/10] KEYS: X.509: Parse Basic Constraints for CA Add CA enforcement keyring restrictions - - - --- 2022-12-07 Eric Snowberg Handled Elsewhere
[v2,02/10] KEYS: Add missing function documentation Add CA enforcement keyring restrictions - 1 - --- 2022-12-07 Eric Snowberg Handled Elsewhere
[v2,01/10] KEYS: Create static version of public_key_verify_signature Add CA enforcement keyring restrictions - 2 - --- 2022-12-07 Eric Snowberg Handled Elsewhere
public_key: Add a comment to public_key_signature struct definition public_key: Add a comment to public_key_signature struct definition - 1 - --- 2022-12-07 Roberto Sassu pcmoore Superseded
[v1] landlock: Explain file descriptor access rights [v1] landlock: Explain file descriptor access rights - - - --- 2022-12-05 Mickaël Salaün Handled Elsewhere
[v7,6/6] evm: Support multiple LSMs providing an xattr evm: Do HMAC of multiple per LSM xattrs for new inodes - 2 - --- 2022-12-01 Roberto Sassu pcmoore Superseded
[v7,5/6] evm: Align evm_inode_init_security() definition with LSM infrastructure evm: Do HMAC of multiple per LSM xattrs for new inodes - 2 - --- 2022-12-01 Roberto Sassu pcmoore Superseded
[v7,4/6] security: Allow all LSMs to provide xattrs for inode_init_security hook evm: Do HMAC of multiple per LSM xattrs for new inodes - 2 - --- 2022-12-01 Roberto Sassu pcmoore Superseded
[v7,3/6] security: Remove security_old_inode_init_security() evm: Do HMAC of multiple per LSM xattrs for new inodes - 2 - --- 2022-12-01 Roberto Sassu pcmoore Superseded
[v7,2/6] ocfs2: Switch to security_inode_init_security() evm: Do HMAC of multiple per LSM xattrs for new inodes 1 1 - --- 2022-12-01 Roberto Sassu pcmoore Superseded
[v7,1/6] reiserfs: Switch to security_inode_init_security() evm: Do HMAC of multiple per LSM xattrs for new inodes - 2 - --- 2022-12-01 Roberto Sassu pcmoore Superseded
[v2,2/2] ima: Alloc ima_max_digest_data in xattr_verify() if CONFIG_VMAP_STACK=y ima/evm: Ensure digest to verify is in linear mapping area - - - --- 2022-12-01 Roberto Sassu Handled Elsewhere
[v2,1/2] evm: Alloc evm_digest in evm_verify_hmac() if CONFIG_VMAP_STACK=y ima/evm: Ensure digest to verify is in linear mapping area - - - --- 2022-12-01 Roberto Sassu Handled Elsewhere
[v2,2/2] lsm: Add/fix return values in lsm_hooks.h and fix formatting lsm: Improve LSM hooks documentation - - - --- 2022-11-28 Roberto Sassu Accepted
[v2,1/2] lsm: Clarify documentation of vm_enough_memory hook lsm: Improve LSM hooks documentation - - - --- 2022-11-28 Roberto Sassu pcmoore Accepted
[-next] selftests/landlock: Fix selftest ptrace_test run fail [-next] selftests/landlock: Fix selftest ptrace_test run fail - - - --- 2022-11-28 limin Handled Elsewhere
[v5] evm: Correct inode_init_security hooks behaviors [v5] evm: Correct inode_init_security hooks behaviors - - - --- 2022-11-25 Nicolas Bouchinet pcmoore Superseded
ima: Fix hash dependency to correct algorithm ima: Fix hash dependency to correct algorithm - - - --- 2022-11-25 tianjia.zhang Handled Elsewhere
[v3,9/9] LSM: selftests for Linux Security Module infrastructure syscalls LSM: Three basic syscalls - - - --- 2022-11-23 Casey Schaufler pcmoore Superseded
[v3,8/9] LSM: wireup Linux Security Module syscalls LSM: Three basic syscalls - - - --- 2022-11-23 Casey Schaufler pcmoore Superseded
[v3,7/9] LSM: lsm_set_self_attr syscall for LSM self attributes LSM: Three basic syscalls - - - --- 2022-11-23 Casey Schaufler pcmoore Superseded
[v3,6/9] LSM: Create lsm_module_list system call LSM: Three basic syscalls - - - --- 2022-11-23 Casey Schaufler pcmoore Superseded
[v3,5/9] LSM: lsm_get_self_attr syscall for LSM self attributes LSM: Three basic syscalls - - - --- 2022-11-23 Casey Schaufler pcmoore Superseded
[v3,4/9] proc: Use lsmids instead of lsm names for attrs LSM: Three basic syscalls - - - --- 2022-11-23 Casey Schaufler pcmoore Superseded
[v3,3/9] LSM: Maintain a table of LSM attribute data LSM: Three basic syscalls - - - --- 2022-11-23 Casey Schaufler pcmoore Superseded
[v3,2/9] LSM: Identify the process attributes for each module LSM: Three basic syscalls - - - --- 2022-11-23 Casey Schaufler pcmoore Superseded
[v3,1/9] LSM: Identify modules by more than name LSM: Three basic syscalls - - - --- 2022-11-23 Casey Schaufler pcmoore Superseded
[v1,8/8] lsm: wireup syscalls lsm_self_attr and lsm_module_list [v1,1/8] LSM: Identify modules by more than name - - - --- 2022-11-23 Casey Schaufler Superseded
[v1,7/8] LSM: Create lsm_module_list system call [v1,1/8] LSM: Identify modules by more than name - - - --- 2022-11-23 Casey Schaufler Superseded
[v1,6/8] LSM: lsm_self_attr syscall for LSM self attributes [v1,1/8] LSM: Identify modules by more than name - - - --- 2022-11-23 Casey Schaufler Superseded
[v1,5/8] proc: Use lsmids instead of lsm names for attrs [v1,1/8] LSM: Identify modules by more than name - - - --- 2022-11-23 Casey Schaufler Superseded
[v1,4/8] LSM: Maintain a table of LSM attribute data [v1,1/8] LSM: Identify modules by more than name - - - --- 2022-11-23 Casey Schaufler Superseded
[v1,3/8] LSM: Identify the process attributes for each module [v1,1/8] LSM: Identify modules by more than name - - - --- 2022-11-23 Casey Schaufler Superseded
[v1,2/8] LSM: Add an LSM identifier for external use [v1,1/8] LSM: Identify modules by more than name - - - --- 2022-11-23 Casey Schaufler Superseded
[v1,1/8] LSM: Identify modules by more than name [v1,1/8] LSM: Identify modules by more than name - - - --- 2022-11-23 Casey Schaufler Superseded
[v6,6/6] evm: Support multiple LSMs providing an xattr evm: Do HMAC of multiple per LSM xattrs for new inodes - - - --- 2022-11-23 Roberto Sassu pcmoore Superseded
[v6,5/6] evm: Align evm_inode_init_security() definition with LSM infrastructure evm: Do HMAC of multiple per LSM xattrs for new inodes - - - --- 2022-11-23 Roberto Sassu pcmoore Superseded
[v6,4/6] security: Allow all LSMs to provide xattrs for inode_init_security hook evm: Do HMAC of multiple per LSM xattrs for new inodes - - - --- 2022-11-23 Roberto Sassu pcmoore Superseded
[v6,3/6] security: Remove security_old_inode_init_security() evm: Do HMAC of multiple per LSM xattrs for new inodes - - - --- 2022-11-23 Roberto Sassu pcmoore Superseded
[v6,2/6] ocfs2: Switch to security_inode_init_security() evm: Do HMAC of multiple per LSM xattrs for new inodes - - - --- 2022-11-23 Roberto Sassu pcmoore Superseded
[v6,1/6] reiserfs: Switch to security_inode_init_security() evm: Do HMAC of multiple per LSM xattrs for new inodes - - - --- 2022-11-23 Roberto Sassu pcmoore Superseded
[v5,6/6] evm: Support multiple LSMs providing an xattr evm: Prepare for moving to the LSM infrastructure - - - --- 2022-11-23 Roberto Sassu pcmoore Superseded
[v5,5/6] evm: Align evm_inode_init_security() definition with LSM infrastructure evm: Prepare for moving to the LSM infrastructure - - - --- 2022-11-23 Roberto Sassu pcmoore Superseded
[v5,4/6] security: Allow all LSMs to provide xattrs for inode_init_security hook evm: Prepare for moving to the LSM infrastructure - - - --- 2022-11-23 Roberto Sassu pcmoore Superseded
[v5,3/6] security: Remove security_old_inode_init_security() evm: Prepare for moving to the LSM infrastructure - - - --- 2022-11-23 Roberto Sassu pcmoore Superseded
[v5,2/6] ocfs2: Switch to security_inode_init_security() evm: Prepare for moving to the LSM infrastructure - - - --- 2022-11-23 Roberto Sassu pcmoore Superseded
[v5,1/6] reiserfs: Switch to security_inode_init_security() evm: Prepare for moving to the LSM infrastructure - - - --- 2022-11-23 Roberto Sassu pcmoore Superseded
[RFC,v2,1/1] Use a fs callback to set security specific data RFC on how to include LSM hooks for io_uring commands - - - --- 2022-11-22 Joel Granados pcmoore Changes Requested
[v3,3/3] certs: don't try to update blacklist keys certs: Prevent spurious errors on repeated blacklisting - - - --- 2022-11-18 Thomas Weißschuh Handled Elsewhere
[v3,2/3] KEYS: Add key_create() certs: Prevent spurious errors on repeated blacklisting - - - --- 2022-11-18 Thomas Weißschuh Handled Elsewhere
[v3,1/3] certs: log hash value on blacklist error certs: Prevent spurious errors on repeated blacklisting - - - --- 2022-11-18 Thomas Weißschuh Handled Elsewhere
landlock: Allow filesystem layout changes for domains without such rule type landlock: Allow filesystem layout changes for domains without such rule type - - - --- 2022-11-17 Mickaël Salaün Handled Elsewhere
[PoC] bpf: Call return value check function in the JITed code [PoC] bpf: Call return value check function in the JITed code - - - --- 2022-11-16 Roberto Sassu pcmoore Handled Elsewhere
[RFC,1/1] Use ioctl selinux callback io_uring commands that implement the ioctl op convention RFC on how to include LSM hooks for io_uring commands - - - --- 2022-11-16 Joel Granados Changes Requested
« 1 2 ... 38 39 4049 50 »