Security modules development

Show patches with: Archived = No | 5476 patches

« 1 2 3 4 … 54 55 »

Patch	Series	A/R/T	S/W/F	Date	Submitter	Delegate	State
[v2,01/11] coccinelle: Add script to reorder capable() calls	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 1 -	---	2025-03-02	Christian Göttsche		New
[v2,11/11] infiniband: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 1 -	---	2025-03-02	Christian Göttsche		New
[v2,10/11] skbuff: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 1 -	---	2025-03-02	Christian Göttsche		New
[v2,09/11] fs: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 2 -	---	2025-03-02	Christian Göttsche		New
[v2,08/11] ipv4: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 2 -	---	2025-03-02	Christian Göttsche		New
[v2,07/11] drm/panthor: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 2 -	---	2025-03-02	Christian Göttsche		New
[v2,06/11] ubifs: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	1 1 -	---	2025-03-02	Christian Göttsche		New
[v2,05/11] genwqe: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 1 -	---	2025-03-02	Christian Göttsche		New
[v2,04/11] hugetlbfs: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 1 -	---	2025-03-02	Christian Göttsche		New
[v2,03/11] ext4: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 1 -	---	2025-03-02	Christian Göttsche		New
[v2,02/11] quota: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 1 -	---	2025-03-02	Christian Göttsche		New
[V3] loadpin: remove MODULE_COMPRESS_NONE as it is no longer supported	[V3] loadpin: remove MODULE_COMPRESS_NONE as it is no longer supported	- - -	---	2025-03-02	Arulpandiyan Vadivel		New
[v3] ipe: add errno field to IPE policy load auditing	[v3] ipe: add errno field to IPE policy load auditing	- - -	---	2025-02-28	Jasjiv Singh		New
[1/1] security: Propagate caller information in bpf hooks	v2 security: Propagate caller information in bpf hooks	- - -	---	2025-02-28	Blaise Boscaccy		New
[v2] ipe: add errno field to IPE policy load auditing	[v2] ipe: add errno field to IPE policy load auditing	- - -	---	2025-02-27	Jasjiv Singh		New
[v2,3/3] landlock.7: Clarify IPC scoping documentation in line with kernel side	landlock: Clarify IPC scoping documentation	- - -	---	2025-02-26	Günther Noack		Handled Elsewhere
[v2,2/3] landlock.7: Move over documentation for ABI version 6	landlock: Clarify IPC scoping documentation	- - -	---	2025-02-26	Günther Noack		Handled Elsewhere
[v2,1/3] landlock.7: Update description of Landlock rules	[v2,1/3] landlock.7: Update description of Landlock rules	- - -	---	2025-02-26	Günther Noack		Handled Elsewhere
[v2,1/1] landlock: Clarify IPC scoping documentation	landlock: Clarify IPC scoping documentation	- - -	---	2025-02-26	Günther Noack		Handled Elsewhere
[GIT,PULL] Landlock fix for v6.14-rc5	[GIT,PULL] Landlock fix for v6.14-rc5	- - -	---	2025-02-26	Mickaël Salaün		Handled Elsewhere
[1/1] security: Propagate universal pointer data in bpf hooks	security: Propagate universal pointer data in bpf hooks	- - -	---	2025-02-26	Blaise Boscaccy	pcmoore	Under Review
selinux: add FILE__WATCH_MOUNTNS	selinux: add FILE__WATCH_MOUNTNS	1 - -	---	2025-02-24	Miklos Szeredi	pcmoore	Under Review
[RFC,2/2] landlock: selftests for LANDLOCK_RESTRICT_SELF_TSYNC	landlock: Multithreaded policy enforcement	- - -	---	2025-02-21	Günther Noack		Handled Elsewhere
[RFC,1/2] landlock: Multithreading support for landlock_restrict_self()	landlock: Multithreaded policy enforcement	- - -	---	2025-02-21	Günther Noack		Handled Elsewhere
lsm,nfs: fix NFS4 memory leak of lsm_context	lsm,nfs: fix NFS4 memory leak of lsm_context	- - -	---	2025-02-21	Casey Schaufler		Handled Elsewhere
lsm,nfs: fix memory leak of lsm_context	lsm,nfs: fix memory leak of lsm_context	2 - -	---	2025-02-20	Stephen Smalley		Handled Elsewhere
[net-next] netlabel: Remove unused cfg_calipso funcs	[net-next] netlabel: Remove unused cfg_calipso funcs	- - -	---	2025-02-20	Dr. David Alan Gilbert	pcmoore	Rejected
yama: don't abuse rcu_read_lock/get_task_struct in yama_task_prctl()	yama: don't abuse rcu_read_lock/get_task_struct in yama_task_prctl()	- - -	---	2025-02-19	Oleg Nesterov		Handled Elsewhere
[v8,7/7] ima: measure kexec load and exec events as critical data	ima: kexec: measure events between kexec load and execute	- 1 -	---	2025-02-18	steven chen		Handled Elsewhere
[v8,6/7] ima: make the kexec extra memory configurable	ima: kexec: measure events between kexec load and execute	- 2 -	---	2025-02-18	steven chen		Handled Elsewhere
[v8,5/7] ima: kexec: move IMA log copy from kexec load to execute	ima: kexec: measure events between kexec load and execute	- 1 -	---	2025-02-18	steven chen		Handled Elsewhere
[v8,4/7] ima: kexec: define functions to copy IMA log at soft boot	ima: kexec: measure events between kexec load and execute	- 1 -	---	2025-02-18	steven chen		Handled Elsewhere
[v8,3/7] ima: kexec: skip IMA segment validation after kexec soft reboot	ima: kexec: measure events between kexec load and execute	- 2 -	---	2025-02-18	steven chen		Handled Elsewhere
[v8,2/7] kexec: define functions to map and unmap segments	ima: kexec: measure events between kexec load and execute	- - -	---	2025-02-18	steven chen		Handled Elsewhere
[v8,1/7] ima: define and call ima_alloc_kexec_file_buf	ima: kexec: measure events between kexec load and execute	- - -	---	2025-02-18	steven chen		Handled Elsewhere
[v7,7/7] ima: measure kexec load and exec events as critical data	ima: kexec: measure events between kexec load and execute	- 1 -	---	2025-02-18	steven chen		Handled Elsewhere
[v7,6/7] ima: make the kexec extra memory configurable	ima: kexec: measure events between kexec load and execute	- - -	---	2025-02-18	steven chen		Handled Elsewhere
[v7,5/7] ima: kexec: move IMA log copy from kexec load to execute	ima: kexec: measure events between kexec load and execute	- 1 -	---	2025-02-18	steven chen		Handled Elsewhere
[v7,4/7] ima: kexec: define functions to copy IMA log at soft boot	ima: kexec: measure events between kexec load and execute	- 2 -	---	2025-02-18	steven chen		Handled Elsewhere
[v7,3/7] ima: kexec: skip IMA segment validation after kexec soft reboot	ima: kexec: measure events between kexec load and execute	- - -	---	2025-02-18	steven chen		Handled Elsewhere
[v7,2/7] kexec: define functions to map and unmap segments	ima: kexec: measure events between kexec load and execute	- 2 -	---	2025-02-18	steven chen		Handled Elsewhere
[v7,1/7] ima: define and call ima_alloc_kexec_file_buf	ima: kexec: measure events between kexec load and execute	- 1 -	---	2025-02-18	steven chen		Handled Elsewhere
[v3,12/12] reboot: retire hw_protection_reboot and hw_protection_shutdown helpers	reboot: support runtime configuration of emergency hw_protection action	- 1 -	---	2025-02-17	Ahmad Fatoum		Handled Elsewhere
[v3,11/12] thermal: core: allow user configuration of hardware protection action	reboot: support runtime configuration of emergency hw_protection action	- 1 -	---	2025-02-17	Ahmad Fatoum		Handled Elsewhere
[v3,10/12] dt-bindings: thermal: give OS some leeway in absence of critical-action	reboot: support runtime configuration of emergency hw_protection action	1 - -	---	2025-02-17	Ahmad Fatoum		Handled Elsewhere
[v3,09/12] platform/chrome: cros_ec_lpc: prepare for hw_protection_shutdown removal	reboot: support runtime configuration of emergency hw_protection action	1 - -	---	2025-02-17	Ahmad Fatoum		Handled Elsewhere
[v3,08/12] regulator: allow user configuration of hardware protection action	reboot: support runtime configuration of emergency hw_protection action	- 3 -	---	2025-02-17	Ahmad Fatoum		Handled Elsewhere
[v3,07/12] reboot: add support for configuring emergency hardware protection action	reboot: support runtime configuration of emergency hw_protection action	- 1 -	---	2025-02-17	Ahmad Fatoum		Handled Elsewhere
[v3,06/12] reboot: indicate whether it is a HARDWARE PROTECTION reboot or shutdown	reboot: support runtime configuration of emergency hw_protection action	- 1 -	---	2025-02-17	Ahmad Fatoum		Handled Elsewhere
[v3,05/12] reboot: rename now misleading __hw_protection_shutdown symbols	reboot: support runtime configuration of emergency hw_protection action	- 1 -	---	2025-02-17	Ahmad Fatoum		Handled Elsewhere
[v3,04/12] reboot: describe do_kernel_restart's cmd argument in kernel-doc	reboot: support runtime configuration of emergency hw_protection action	- 1 -	---	2025-02-17	Ahmad Fatoum		Handled Elsewhere
[v3,03/12] docs: thermal: sync hardware protection doc with code	reboot: support runtime configuration of emergency hw_protection action	- 2 -	---	2025-02-17	Ahmad Fatoum		Handled Elsewhere
[v3,02/12] reboot: reboot, not shutdown, on hw_protection_reboot timeout	reboot: support runtime configuration of emergency hw_protection action	- 2 -	---	2025-02-17	Ahmad Fatoum		Handled Elsewhere
[v3,01/12] reboot: replace __hw_protection_shutdown bool action parameter with an enum	reboot: support runtime configuration of emergency hw_protection action	- 1 -	---	2025-02-17	Ahmad Fatoum		Handled Elsewhere
[net,v2] tcp: drop secpath at the same time as we currently drop dst	[net,v2] tcp: drop secpath at the same time as we currently drop dst	- 1 -	---	2025-02-17	Sabrina Dubroca		Handled Elsewhere
[RFC] ipe: add errno field to IPE policy load auditing	[RFC] ipe: add errno field to IPE policy load auditing	- - -	---	2025-02-14	Jasjiv Singh		Handled Elsewhere
[v3] fs: introduce getfsxattrat and setfsxattrat syscalls	[v3] fs: introduce getfsxattrat and setfsxattrat syscalls	1 - -	---	2025-02-11	Andrey Albershteyn	pcmoore	Changes Requested
[v1] selftests/landlock: Enable the new CONFIG_AF_UNIX_OOB	[v1] selftests/landlock: Enable the new CONFIG_AF_UNIX_OOB	1 - -	---	2025-02-11	Mickaël Salaün		Handled Elsewhere
selftests/landlock: add binaries to gitignore	selftests/landlock: add binaries to gitignore	- - -	---	2025-02-10	Bharadwaj Raju		Handled Elsewhere
[v1] trusted_dcp.c: Do not return in case of non-secure mode	[v1] trusted_dcp.c: Do not return in case of non-secure mode	- - -	---	2025-02-10	Kshitiz Varshney		Handled Elsewhere
lsm: fix a missing security_uring_allowed() prototype	lsm: fix a missing security_uring_allowed() prototype	- - -	---	2025-02-10	Paul Moore	pcmoore	Accepted
[RFC,v3,3/3] selftests/landlock: Test that MPTCP actions are not restricted	Fix non-TCP sockets restriction	- - -	---	2025-02-05	Mikhail Ivanov		Handled Elsewhere
[RFC,v3,2/3] selftests/landlock: Test TCP accesses with protocol=IPPROTO_TCP	Fix non-TCP sockets restriction	- - -	---	2025-02-05	Mikhail Ivanov		Handled Elsewhere
[RFC,v3,1/3] landlock: Fix non-TCP sockets restriction	Fix non-TCP sockets restriction	- - -	---	2025-02-05	Mikhail Ivanov		Handled Elsewhere
ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattr	ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattr	- - -	---	2025-02-04	Roberto Sassu		Handled Elsewhere
[v7,7/7] ima: measure kexec load and exec events as critical data	ima: kexec: measure events between kexec load and excute	- 1 -	---	2025-02-03	steven chen		Handled Elsewhere
[v7,6/7] ima: make the kexec extra memory configurable	ima: kexec: measure events between kexec load and excute	- - -	---	2025-02-03	steven chen		Handled Elsewhere
[v7,5/7] ima: kexec: move IMA log copy from kexec load to execute	ima: kexec: measure events between kexec load and excute	- 1 -	---	2025-02-03	steven chen		Handled Elsewhere
[v7,4/7] ima: kexec: define functions to copy IMA log at soft boot	Untitled series #930245	- 2 -	---	2025-02-03	steven chen		Handled Elsewhere
[v7,4/7] ima: kexec: define functions to copy IMA log at soft boot	ima: kexec: measure events between kexec load and excute	- 2 -	---	2025-02-03	steven chen		Handled Elsewhere
[v7,3/7] ima: kexec: skip IMA segment validation after kexec soft reboot	ima: kexec: measure events between kexec load and excute	- 1 -	---	2025-02-03	steven chen		Handled Elsewhere
[v7,2/7] kexec: define functions to map and unmap segments	ima: kexec: measure events between kexec load and excute	- 2 -	---	2025-02-03	steven chen		Handled Elsewhere
[v7,1/7] ima: define and call ima_alloc_kexec_file_buf	ima: kexec: measure events between kexec load and excute	- 1 -	---	2025-02-03	steven chen		Handled Elsewhere
[v7,7/7] ima: measure kexec load and exec events as critical data	ima: kexec: measure events between kexec load and excute	- 1 -	---	2025-02-03	steven chen		Handled Elsewhere
[v7,6/7] ima: make the kexec extra memory configurable	ima: kexec: measure events between kexec load and excute	- - -	---	2025-02-03	steven chen		Handled Elsewhere
[v7,4/7] ima: kexec: define functions to copy IMA log at soft boot	Untitled series #930146	- 2 -	---	2025-02-03	steven chen		Handled Elsewhere
[v7,4/7] ima: kexec: define functions to copy IMA log at soft boot	ima: kexec: measure events between kexec load and excute	- 2 -	---	2025-02-03	steven chen		Handled Elsewhere
[v7,3/7] ima: kexec: skip IMA segment validation after kexec soft reboot	ima: kexec: measure events between kexec load and excute	- - -	---	2025-02-03	steven chen		Handled Elsewhere
[v7,2/7] kexec: define functions to map and unmap segments	ima: kexec: measure events between kexec load and excute	- 2 -	---	2025-02-03	steven chen		Handled Elsewhere
[v7,1/7] ima: define and call ima_alloc_kexec_file_buf	ima: kexec: measure events between kexec load and excute	- 1 -	---	2025-02-03	steven chen		Handled Elsewhere
[v7,7/7] ima: measure kexec load and exec events as critical data	ima: kexec: measure events between kexec load and excute	- 1 -	---	2025-02-03	steven chen		Handled Elsewhere
[v7,6/7] ima: make the kexec extra memory configurable	ima: kexec: measure events between kexec load and excute	- - -	---	2025-02-03	steven chen		Handled Elsewhere
[v7,4/7] ima: kexec: define functions to copy IMA log at soft boot	Untitled series #930144	- 2 -	---	2025-02-03	steven chen		Handled Elsewhere
[v7,4/7] ima: kexec: define functions to copy IMA log at soft boot	ima: kexec: measure events between kexec load and excute	- 2 -	---	2025-02-03	steven chen		Handled Elsewhere
[v7,3/7] ima: kexec: skip IMA segment validation after kexec soft reboot	ima: kexec: measure events between kexec load and excute	- - -	---	2025-02-03	steven chen		Handled Elsewhere
[v7,2/7] kexec: define functions to map and unmap segments	ima: kexec: measure events between kexec load and excute	- 2 -	---	2025-02-03	steven chen		Handled Elsewhere
[v7,1/7] ima: define and call ima_alloc_kexec_file_buf	ima: kexec: measure events between kexec load and excute	- 1 -	---	2025-02-03	steven chen		Handled Elsewhere
[RFC,v1,3/3] samples/landlock: Print domain ID	Expose Landlock domain IDs via pidfd	- - -	---	2025-01-31	Mickaël Salaün	pcmoore	Changes Requested
[RFC,v1,2/3] pidfd: Extend PIDFD_GET_INFO with PIDFD_INFO_LANDLOCK_*_DOMAIN	Expose Landlock domain IDs via pidfd	- - -	---	2025-01-31	Mickaël Salaün	pcmoore	Changes Requested
[RFC,v1,1/3] landlock: Add landlock_read_domain_id()	Expose Landlock domain IDs via pidfd	- - -	---	2025-01-31	Mickaël Salaün	pcmoore	Changes Requested
[v5,24/24] landlock: Add audit documentation	Landlock audit support	- - -	---	2025-01-31	Mickaël Salaün		Handled Elsewhere
[v5,23/24] selftests/landlock: Add audit tests for ptrace	Landlock audit support	- - -	---	2025-01-31	Mickaël Salaün		Handled Elsewhere
[v5,22/24] selftests/landlock: Test audit with restrict flags	Landlock audit support	- - -	---	2025-01-31	Mickaël Salaün		Handled Elsewhere
[v5,21/24] selftests/landlock: Add tests for audit and LANDLOCK_RESTRICT_SELF_QUIET	Landlock audit support	- - -	---	2025-01-31	Mickaël Salaün		Handled Elsewhere
[v5,20/24] selftests/landlock: Extend tests for landlock_restrict_self()'s flags	Landlock audit support	- - -	---	2025-01-31	Mickaël Salaün		Handled Elsewhere
[v5,19/24] samples/landlock: Enable users to log sandbox denials	Landlock audit support	- - -	---	2025-01-31	Mickaël Salaün		Handled Elsewhere
[v5,18/24] landlock: Add LANDLOCK_RESTRICT_SELF_LOG_CROSS_EXEC	Landlock audit support	- - -	---	2025-01-31	Mickaël Salaün		Handled Elsewhere
[v5,17/24] landlock: Add LANDLOCK_RESTRICT_SELF_QUIET_SUBDOMAINS	Landlock audit support	- - -	---	2025-01-31	Mickaël Salaün		Handled Elsewhere
[v5,16/24] landlock: Add LANDLOCK_RESTRICT_SELF_QUIET	Landlock audit support	- - -	---	2025-01-31	Mickaël Salaün		Handled Elsewhere
[v5,15/24] landlock: Log scoped denials	Landlock audit support	- - -	---	2025-01-31	Mickaël Salaün		Handled Elsewhere

« 1 2 3 4 … 54 55 »