Show patches with: Archived = No       |   4945 patches
« 1 2 3 449 50 »
Patch Series A/R/T S/W/F Date Submitter Delegate State
[lsm/dev] net: corrections for security_secid_to_secctx returns [lsm/dev] net: corrections for security_secid_to_secctx returns - - - --- 2024-12-11 Casey Schaufler New
[v3,bpf-next,6/6] selftests/bpf: Add __failure tests for set/remove xattr kfuncs Enable writing xattr from BPF programs - - - --- 2024-12-10 Song Liu New
[v3,bpf-next,5/6] selftests/bpf: Test kfuncs that set and remove xattr from BPF programs Enable writing xattr from BPF programs - - - --- 2024-12-10 Song Liu New
[v3,bpf-next,4/6] bpf: fs/xattr: Add BPF kfuncs to set and remove xattrs Enable writing xattr from BPF programs - - - --- 2024-12-10 Song Liu New
[v3,bpf-next,3/6] bpf: lsm: Add two more sleepable hooks Enable writing xattr from BPF programs - - - --- 2024-12-10 Song Liu New
[v3,bpf-next,2/6] selftests/bpf: Extend test fs_kfuncs to cover security.bpf. xattr names Enable writing xattr from BPF programs - - - --- 2024-12-10 Song Liu New
[v3,bpf-next,1/6] fs/xattr: bpf: Introduce security.bpf. xattr name prefix Enable writing xattr from BPF programs 1 - - --- 2024-12-10 Song Liu New
[RESEND] apparmor: Use str_yes_no() helper function [RESEND] apparmor: Use str_yes_no() helper function - - - --- 2024-12-09 Thorsten Blum New
[lsm/dev] Binder: Initialize lsm_context structure [lsm/dev] Binder: Initialize lsm_context structure - - - --- 2024-12-06 Casey Schaufler New
lsm: add reserved flag in lsm_prop struct lsm: add reserved flag in lsm_prop struct - - - --- 2024-12-06 15074444048 New
[v22,8/8] ima: instantiate the bprm_creds_for_exec() hook Script execution control (was O_MAYEXEC) - 1 - --- 2024-12-05 Mickaël Salaün New
[v22,7/8] samples/check-exec: Add an enlighten "inc" interpreter and 28 tests Script execution control (was O_MAYEXEC) - - - --- 2024-12-05 Mickaël Salaün New
[v22,6/8] selftests: ktap_helpers: Fix uninitialized variable Script execution control (was O_MAYEXEC) - - - --- 2024-12-05 Mickaël Salaün New
[v22,5/8] samples/check-exec: Add set-exec Script execution control (was O_MAYEXEC) - - - --- 2024-12-05 Mickaël Salaün New
[v22,4/8] selftests/landlock: Add tests for execveat + AT_EXECVE_CHECK Script execution control (was O_MAYEXEC) - - - --- 2024-12-05 Mickaël Salaün New
[v22,3/8] selftests/exec: Add 32 tests for AT_EXECVE_CHECK and exec securebits Script execution control (was O_MAYEXEC) - - - --- 2024-12-05 Mickaël Salaün New
[v22,2/8] security: Add EXEC_RESTRICT_FILE and EXEC_DENY_INTERACTIVE securebits Script execution control (was O_MAYEXEC) - 2 1 --- 2024-12-05 Mickaël Salaün New
[v22,1/8] exec: Add a new AT_EXECVE_CHECK flag to execveat(2) Script execution control (was O_MAYEXEC) 1 2 1 --- 2024-12-05 Mickaël Salaün New
[v2] ima: instantiate the bprm_creds_for_exec() hook [v2] ima: instantiate the bprm_creds_for_exec() hook - - - --- 2024-12-04 Mimi Zohar New
[v9] security: add trace event for cap_capable [v9] security: add trace event for cap_capable - - - --- 2024-12-04 Jordan Rome New
[v2] ima: instantiate the bprm_creds_for_exec() hook [v2] ima: instantiate the bprm_creds_for_exec() hook - - 1 --- 2024-12-03 Mimi Zohar New
[GIT,PULL] lsm/lsm-pr-20241129 [GIT,PULL] lsm/lsm-pr-20241129 - - - --- 2024-11-30 Paul Moore pcmoore New
[v8] security: add trace event for cap_capable [v8] security: add trace event for cap_capable - 2 - --- 2024-11-28 Jordan Rome New
[v7] security: add trace event for cap_capable [v7] security: add trace event for cap_capable - - - --- 2024-11-28 Jordan Rome New
[v6] security: add trace event for cap_capable [v6] security: add trace event for cap_capable - - - --- 2024-11-28 Jordan Rome New
[v2,7/7] ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattr ima: Remove unnecessary inode locks - - - --- 2024-11-28 Roberto Sassu New
[v2,6/7] ima: Discard files opened with O_PATH ima: Remove unnecessary inode locks - - - --- 2024-11-28 Roberto Sassu New
[v2,5/7] ima: Set security.ima on file close when ima_appraise=fix ima: Remove unnecessary inode locks - - - --- 2024-11-28 Roberto Sassu New
[v2,4/7] ima: Mark concurrent accesses to the iint pointer in the inode security blob ima: Remove unnecessary inode locks - - - --- 2024-11-28 Roberto Sassu New
[v2,3/7] ima: Ensure lock is held when setting iint pointer in inode security blob ima: Remove unnecessary inode locks - - - --- 2024-11-28 Roberto Sassu New
[v2,2/7] ima: Remove inode lock ima: Remove unnecessary inode locks - 1 - --- 2024-11-28 Roberto Sassu New
[v2,1/7] fs: ima: Remove S_IMA and IS_IMA() ima: Remove unnecessary inode locks 1 1 - --- 2024-11-28 Roberto Sassu New
[v2] samples/landlock: Fix possible NULL dereference in parse_path() [v2] samples/landlock: Fix possible NULL dereference in parse_path() - - - --- 2024-11-28 Gax-c New
ima: instantiate the bprm_creds_for_exec() hook ima: instantiate the bprm_creds_for_exec() hook - - - --- 2024-11-27 Mimi Zohar New
[GIT,PULL] AppArmor updates for 6.13 [GIT,PULL] AppArmor updates for 6.13 - - - --- 2024-11-27 John Johansen New
[v1] selftests: ktap_helpers: Fix uninitialized variable [v1] selftests: ktap_helpers: Fix uninitialized variable - - - --- 2024-11-27 Mickaël Salaün New
[RFC] ima: instantiate the bprm_creds_for_exec() hook [RFC] ima: instantiate the bprm_creds_for_exec() hook - - - --- 2024-11-27 Mimi Zohar New
samples/landlock: Fix possible NULL dereference in parse_path() samples/landlock: Fix possible NULL dereference in parse_path() - - - --- 2024-11-26 Gax-c Handled Elsewhere
IMA,LSM: Uncover hidden variable in ima_match_rules() IMA,LSM: Uncover hidden variable in ima_match_rules() - 1 - --- 2024-11-26 Casey Schaufler pcmoore Accepted
[1/2] lsm: constify function parameters [1/2] lsm: constify function parameters - - - --- 2024-11-25 Christian Göttsche pcmoore New
[2/2] lsm: rename variable to avoid shadowing [1/2] lsm: constify function parameters - - - --- 2024-11-25 Christian Göttsche pcmoore New
trace: constify string literal data member trace: constify string literal data member - - - --- 2024-11-25 Christian Göttsche Handled Elsewhere
[01/11] coccinelle: Add script to reorder capable() calls [01/11] coccinelle: Add script to reorder capable() calls - 1 - --- 2024-11-25 Christian Göttsche pcmoore New
[11/11] infiniband: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - - - --- 2024-11-25 Christian Göttsche pcmoore New
[10/11] skbuff: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - - - --- 2024-11-25 Christian Göttsche pcmoore New
[09/11] fs: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - 1 - --- 2024-11-25 Christian Göttsche pcmoore New
[08/11] gfs2: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - - - --- 2024-11-25 Christian Göttsche pcmoore New
[07/11] ipv4: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - - - --- 2024-11-25 Christian Göttsche pcmoore New
[06/11] ubifs: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls 1 - - --- 2024-11-25 Christian Göttsche pcmoore New
[05/11] genwqe: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - - - --- 2024-11-25 Christian Göttsche pcmoore New
[04/11] hugetlbfs: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - - - --- 2024-11-25 Christian Göttsche pcmoore New
[03/11] ext4: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - - - --- 2024-11-25 Christian Göttsche pcmoore New
[02/11] quota: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - - - --- 2024-11-25 Christian Göttsche pcmoore New
[v3,fanotify,2/2] samples/fanotify: Add a sample fanotify fiter Fanotify in kernel filter - - - --- 2024-11-22 Song Liu Handled Elsewhere
[v3,fanotify,1/2] fanotify: Introduce fanotify filter Fanotify in kernel filter - - - --- 2024-11-22 Song Liu Handled Elsewhere
[v3,23/23] selftests/landlock: Add audit tests for ptrace Landlock audit support - - - --- 2024-11-22 Mickaël Salaün pcmoore Handled Elsewhere
[v3,22/23] selftests/landlock: Add tests for audit Landlock audit support - - - --- 2024-11-22 Mickaël Salaün pcmoore Handled Elsewhere
[v3,21/23] selftests/landlock: Extend tests for landlock_restrict_self()'s flags Landlock audit support - - - --- 2024-11-22 Mickaël Salaün pcmoore Handled Elsewhere
[v3,20/23] samples/landlock: Do not log denials from the sandboxer by default Landlock audit support - - - --- 2024-11-22 Mickaël Salaün pcmoore Handled Elsewhere
[v3,19/23] landlock: Control log events with LANDLOCK_RESTRICT_SELF_LOGLESS Landlock audit support - - - --- 2024-11-22 Mickaël Salaün pcmoore Handled Elsewhere
[v3,18/23] landlock: Log scoped denials Landlock audit support - - - --- 2024-11-22 Mickaël Salaün pcmoore Handled Elsewhere
[v3,17/23] landlock: Log TCP bind and connect denials Landlock audit support - - - --- 2024-11-22 Mickaël Salaün pcmoore Handled Elsewhere
[v3,16/23] landlock: Log truncate and ioctl denials Landlock audit support - - - --- 2024-11-22 Mickaël Salaün pcmoore Handled Elsewhere
[v3,15/23] landlock: Log file-related denials Landlock audit support - - - --- 2024-11-22 Mickaël Salaün pcmoore Handled Elsewhere
[v3,14/23] landlock: Optimize file path walks and prepare for audit support Landlock audit support - - - --- 2024-11-22 Mickaël Salaün pcmoore Handled Elsewhere
[v3,13/23] selftests/landlock: Add test to check partial access in a mount tree Landlock audit support - - - --- 2024-11-22 Mickaël Salaün pcmoore Handled Elsewhere
[v3,12/23] landlock: Align partial refer access checks with final ones Landlock audit support - - - --- 2024-11-22 Mickaël Salaün pcmoore Handled Elsewhere
[v3,11/23] landlock: Log mount-related denials Landlock audit support - - - --- 2024-11-22 Mickaël Salaün pcmoore Handled Elsewhere
[v3,10/23] landlock: Log domain properties and release Landlock audit support - - - --- 2024-11-22 Mickaël Salaün pcmoore Handled Elsewhere
[v3,09/23] audit: Add a new audit_get_ctime() helper Landlock audit support - - - --- 2024-11-22 Mickaël Salaün pcmoore Handled Elsewhere
[v3,08/23] landlock: Log ptrace denials Landlock audit support - - - --- 2024-11-22 Mickaël Salaün pcmoore Handled Elsewhere
[v3,07/23] landlock: Move domain hierarchy management Landlock audit support - - - --- 2024-11-22 Mickaël Salaün pcmoore Handled Elsewhere
[v3,06/23] landlock: Simplify initially denied access rights Landlock audit support - - - --- 2024-11-22 Mickaël Salaün pcmoore Handled Elsewhere
[v3,05/23] landlock: Move access types Landlock audit support - - - --- 2024-11-22 Mickaël Salaün pcmoore Handled Elsewhere
[v3,04/23] landlock: Add unique ID generator Landlock audit support - - - --- 2024-11-22 Mickaël Salaün pcmoore Handled Elsewhere
[v3,03/23] landlock: Factor out check_access_path() Landlock audit support - - - --- 2024-11-22 Mickaël Salaün pcmoore Handled Elsewhere
[v3,02/23] lsm: Add audit_log_lsm_data() helper Landlock audit support - - - --- 2024-11-22 Mickaël Salaün pcmoore Handled Elsewhere
[v3,01/23] lsm: Only build lsm_audit.c if CONFIG_SECURITY and CONFIG_AUDIT are set Landlock audit support - - - --- 2024-11-22 Mickaël Salaün pcmoore Handled Elsewhere
[v2] ima: kexec: silence RCU list traversal warning [v2] ima: kexec: silence RCU list traversal warning - - - --- 2024-11-21 Breno Leitao Handled Elsewhere
perf test: remove duplicate word perf test: remove duplicate word - - - --- 2024-11-20 Ruffalo Lavoisier Handled Elsewhere
[GIT,PULL] IPE update for 6.13 [GIT,PULL] IPE update for 6.13 - - - --- 2024-11-19 Fan Wu Handled Elsewhere
[RFC,v4,9/9] ima: Use digest caches for appraisal ima: Integrate with Integrity Digest Cache - - - --- 2024-11-19 Roberto Sassu Handled Elsewhere
[RFC,v4,8/9] ima: Use digest caches for measurement ima: Integrate with Integrity Digest Cache - - - --- 2024-11-19 Roberto Sassu Handled Elsewhere
[RFC,v4,7/9] ima: Load verified usage from digest cache found from query ima: Integrate with Integrity Digest Cache - - - --- 2024-11-19 Roberto Sassu Handled Elsewhere
[RFC,v4,6/9] ima: Store verified usage in digest cache based on integrity metadata flags ima: Integrate with Integrity Digest Cache - - - --- 2024-11-19 Roberto Sassu Handled Elsewhere
[RFC,v4,5/9] ima: Retrieve digest cache and check if changed ima: Integrate with Integrity Digest Cache - - - --- 2024-11-19 Roberto Sassu Handled Elsewhere
[RFC,v4,4/9] ima: Modify existing boot-time built-in policies with digest cache policies ima: Integrate with Integrity Digest Cache - - - --- 2024-11-19 Roberto Sassu Handled Elsewhere
[RFC,v4,3/9] ima: Add digest_cache_measure/appraise boot-time built-in policies ima: Integrate with Integrity Digest Cache - - - --- 2024-11-19 Roberto Sassu Handled Elsewhere
[RFC,v4,2/9] ima: Add digest_cache policy keyword ima: Integrate with Integrity Digest Cache - - - --- 2024-11-19 Roberto Sassu Handled Elsewhere
[RFC,v4,1/9] ima: Introduce hook DIGEST_LIST_CHECK ima: Integrate with Integrity Digest Cache - - - --- 2024-11-19 Roberto Sassu Handled Elsewhere
[v6,15/15] docs: Add documentation of the Integrity Digest Cache integrity: Introduce the Integrity Digest Cache - - - --- 2024-11-19 Roberto Sassu Handled Elsewhere
[v6,14/15] selftests/digest_cache: Add selftests for the Integrity Digest Cache integrity: Introduce the Integrity Digest Cache - - - --- 2024-11-19 Roberto Sassu Handled Elsewhere
[v6,13/15] digest_cache: Reset digest cache on file/directory change integrity: Introduce the Integrity Digest Cache - - - --- 2024-11-19 Roberto Sassu Handled Elsewhere
[v6,12/15] digest cache: Prefetch digest lists if requested integrity: Introduce the Integrity Digest Cache - - - --- 2024-11-19 Roberto Sassu Handled Elsewhere
[v6,11/15] digest_cache: Add support for directories integrity: Introduce the Integrity Digest Cache - - - --- 2024-11-19 Roberto Sassu Handled Elsewhere
[v6,10/15] digest_cache: Add management of verification data integrity: Introduce the Integrity Digest Cache - - - --- 2024-11-19 Roberto Sassu Handled Elsewhere
[v6,09/15] digest_cache: Populate the digest cache from a digest list integrity: Introduce the Integrity Digest Cache - - - --- 2024-11-19 Roberto Sassu Handled Elsewhere
[v6,08/15] digest_cache: Parse tlv digest lists integrity: Introduce the Integrity Digest Cache - - - --- 2024-11-19 Roberto Sassu Handled Elsewhere
[v6,07/15] digest_cache: Allow registration of digest list parsers integrity: Introduce the Integrity Digest Cache - - - --- 2024-11-19 Roberto Sassu Handled Elsewhere
[v6,06/15] digest_cache: Add hash tables and operations integrity: Introduce the Integrity Digest Cache - - - --- 2024-11-19 Roberto Sassu Handled Elsewhere
« 1 2 3 449 50 »