Show patches with: Submitter = Ondrej Mosnacek       |    Archived = No       |   528 patches
« 1 2 3 45 6 »
Patch Series A/R/T S/W/F Date Submitter Delegate State
[testsuite,v2] tests/sctp: add client peeloff tests [testsuite,v2] tests/sctp: add client peeloff tests - - - --- 2022-02-12 Ondrej Mosnacek omos Superseded
[net,v3,2/2] security: implement sctp_assoc_established hook in selinux security: fixups for the security hooks in sctp - - - --- 2022-02-12 Ondrej Mosnacek pcmoore Accepted
[net,v3,1/2] security: add sctp_assoc_established hook security: fixups for the security hooks in sctp - - - --- 2022-02-12 Ondrej Mosnacek pcmoore Accepted
[userspace,v2,6/6] semodule: add command-line option to detect module changes Optionally rebuild policy store only if there were external changes to modules - - - --- 2022-02-03 Ondrej Mosnacek Accepted
[userspace,v2,5/6] libsemanage: optionally rebuild policy when modules are changed externally Optionally rebuild policy store only if there were external changes to modules - - - --- 2022-02-03 Ondrej Mosnacek Accepted
[userspace,v2,4/6] libsemanage: clean up semanage_direct_commit() a bit Optionally rebuild policy store only if there were external changes to modules - - - --- 2022-02-03 Ondrej Mosnacek Accepted
[userspace,v2,3/6] libsemanage: move compressed file handling into a separate object Optionally rebuild policy store only if there were external changes to modules - - - --- 2022-02-03 Ondrej Mosnacek Accepted
[userspace,v2,2/6] semodule,libsemanage: move module hashing into libsemanage Optionally rebuild policy store only if there were external changes to modules - - - --- 2022-02-03 Ondrej Mosnacek Accepted
[userspace,v2,1/6] libsemanage: add missing include to boolean_record.c Optionally rebuild policy store only if there were external changes to modules 1 - - --- 2022-02-03 Ondrej Mosnacek Accepted
selinux: parse contexts for mount options early selinux: parse contexts for mount options early - - - --- 2022-02-02 Ondrej Mosnacek pcmoore Accepted
[RFC,userspace,5/5] semodule: add command-line option to detect module changes Allow rebuilding policy store only if there were external changes to modules - - - --- 2022-01-13 Ondrej Mosnacek Superseded
[RFC,userspace,4/5] libsemanage: optionally rebuild policy when modules are changed externally Allow rebuilding policy store only if there were external changes to modules - - - --- 2022-01-13 Ondrej Mosnacek Superseded
[RFC,userspace,3/5] libsemanage: move compressed file handling into a separate object Allow rebuilding policy store only if there were external changes to modules - - - --- 2022-01-13 Ondrej Mosnacek Superseded
[RFC,userspace,2/5] semodule,libsemanage: move module hashing into libsemanage Allow rebuilding policy store only if there were external changes to modules - - - --- 2022-01-13 Ondrej Mosnacek Superseded
[RFC,userspace,1/5] libsemanage: add missing include to boolean_record.c Allow rebuilding policy store only if there were external changes to modules - - - --- 2022-01-13 Ondrej Mosnacek Superseded
security,selinux: remove security_add_mnt_opt() security,selinux: remove security_add_mnt_opt() 1 1 - --- 2021-12-06 Ondrej Mosnacek pcmoore Accepted
selinux: fix NULL-pointer dereference when hashtab allocation fails selinux: fix NULL-pointer dereference when hashtab allocation fails - - - --- 2021-11-19 Ondrej Mosnacek pcmoore Accepted
[net] selinux: fix SCTP client peeloff socket labeling [net] selinux: fix SCTP client peeloff socket labeling - - - --- 2021-11-04 Ondrej Mosnacek pcmoore Superseded
[userspace,v4,8/8] setfiles/restorecon: support parallel relabeling Parallel setfiles/restorecon - - - --- 2021-10-26 Ondrej Mosnacek Accepted
[userspace,v4,7/8] selinux_restorecon: introduce selinux_restorecon_parallel(3) Parallel setfiles/restorecon - - - --- 2021-10-26 Ondrej Mosnacek Accepted
[userspace,v4,6/8] selinux_restorecon: add a global mutex to synchronize progress output Parallel setfiles/restorecon - - - --- 2021-10-26 Ondrej Mosnacek Accepted
[userspace,v4,5/8] libselinux: make is_context_customizable() thread-safe Parallel setfiles/restorecon - - 1 --- 2021-10-26 Ondrej Mosnacek Accepted
[userspace,v4,4/8] libselinux: make selinux_log() thread-safe Parallel setfiles/restorecon - - - --- 2021-10-26 Ondrej Mosnacek Accepted
[userspace,v4,3/8] selinux_restorecon: protect file_spec list with a mutex Parallel setfiles/restorecon - - - --- 2021-10-26 Ondrej Mosnacek Accepted
[userspace,v4,2/8] selinux_restorecon: simplify fl_head allocation by using calloc() Parallel setfiles/restorecon - - - --- 2021-10-26 Ondrej Mosnacek Accepted
[userspace,v4,1/8] label_file: fix a data race Parallel setfiles/restorecon - - - --- 2021-10-26 Ondrej Mosnacek Accepted
[testsuite,v2] tests: make kernel iptables support optional [testsuite,v2] tests: make kernel iptables support optional - - - --- 2021-10-25 Ondrej Mosnacek omos Accepted
[testsuite] tests/inet_socket: make kernel iptables support optional [testsuite] tests/inet_socket: make kernel iptables support optional - - - --- 2021-10-25 Ondrej Mosnacek omos Superseded
sctp: initialize endpoint LSM labels also on the client side sctp: initialize endpoint LSM labels also on the client side - - - --- 2021-10-21 Ondrej Mosnacek Rejected
[testsuite] tests/sctp: add client peeloff tests [testsuite] tests/sctp: add client peeloff tests - - - --- 2021-10-21 Ondrej Mosnacek omos Superseded
[userspace,v3,7/7] setfiles/restorecon: support parallel relabeling Parallel setfiles/restorecon - - - --- 2021-10-19 Ondrej Mosnacek Changes Requested
[userspace,v3,6/7] selinux_restorecon: introduce selinux_restorecon_parallel(3) Parallel setfiles/restorecon - - - --- 2021-10-19 Ondrej Mosnacek Changes Requested
[userspace,v3,5/7] selinux_restorecon: add a global mutex to synchronize progress output Parallel setfiles/restorecon - - - --- 2021-10-19 Ondrej Mosnacek Changes Requested
[userspace,v3,4/7] libselinux: make selinux_log() thread-safe Parallel setfiles/restorecon - - - --- 2021-10-19 Ondrej Mosnacek Changes Requested
[userspace,v3,3/7] selinux_restorecon: protect file_spec list with a mutex Parallel setfiles/restorecon - - - --- 2021-10-19 Ondrej Mosnacek Changes Requested
[userspace,v3,2/7] selinux_restorecon: simplify fl_head allocation by using calloc() Parallel setfiles/restorecon - - - --- 2021-10-19 Ondrej Mosnacek Changes Requested
[userspace,v3,1/7] label_file: fix a data race Parallel setfiles/restorecon - - - --- 2021-10-19 Ondrej Mosnacek Changes Requested
[userspace,v2,6/6] setfiles/restorecon: support parallel relabeling Parallel setfiles/restorecon - - - --- 2021-10-14 Ondrej Mosnacek Superseded
[userspace,v2,5/6] selinux_restorecon: introduce selinux_restorecon_parallel(3) Parallel setfiles/restorecon - - - --- 2021-10-14 Ondrej Mosnacek Superseded
[userspace,v2,4/6] selinux_restorecon: add a global mutex to synchronize progress output Parallel setfiles/restorecon - - - --- 2021-10-14 Ondrej Mosnacek Superseded
[userspace,v2,3/6] libselinux: make selinux_log() thread-safe Parallel setfiles/restorecon - - - --- 2021-10-14 Ondrej Mosnacek Superseded
[userspace,v2,2/6] selinux_restorecon: protect file_spec list with a mutex Parallel setfiles/restorecon - - - --- 2021-10-14 Ondrej Mosnacek Superseded
[userspace,v2,1/6] selinux_restorecon: simplify fl_head allocation by using calloc() Parallel setfiles/restorecon - - - --- 2021-10-14 Ondrej Mosnacek Superseded
[testsuite] Remove the lockdown test [testsuite] Remove the lockdown test - - - --- 2021-09-30 Ondrej Mosnacek omos Accepted
[testsuite] tests/perf_event: don't assume CPU#0 is online [testsuite] tests/perf_event: don't assume CPU#0 is online - - - --- 2021-09-23 Ondrej Mosnacek omos Accepted
[v4] lockdown,selinux: fix wrong subject in some SELinux lockdown checks [v4] lockdown,selinux: fix wrong subject in some SELinux lockdown checks 3 - - --- 2021-09-13 Ondrej Mosnacek pcmoore Accepted
[testsuite,v2] tests: exclude vsock_socket test where it wouldn't build [testsuite,v2] tests: exclude vsock_socket test where it wouldn't build - - - --- 2021-09-08 Ondrej Mosnacek omos Accepted
[testsuite] tests: exclude vsock_socket test where it wouldn't build [testsuite] tests: exclude vsock_socket test where it wouldn't build - - - --- 2021-09-07 Ondrej Mosnacek omos Superseded
[testsuite,2/2] tests/module_load: use the right compiler to build kernel modules [testsuite,1/2] tests/module_load: simplify the clean target - - - --- 2021-09-06 Ondrej Mosnacek omos Accepted
[testsuite,1/2] tests/module_load: simplify the clean target [testsuite,1/2] tests/module_load: simplify the clean target - - - --- 2021-09-06 Ondrej Mosnacek omos Accepted
[userspace] libsepol/cil: remove obsolete comment [userspace] libsepol/cil: remove obsolete comment 1 - - --- 2021-08-05 Ondrej Mosnacek Accepted
[testsuite] tests/capable_sys: skip test_rawio on BTRFS [testsuite] tests/capable_sys: skip test_rawio on BTRFS - - - --- 2021-08-04 Ondrej Mosnacek omos Accepted
selinux: fix race condition when computing ocontext SIDs selinux: fix race condition when computing ocontext SIDs - - - --- 2021-07-28 Ondrej Mosnacek pcmoore Accepted
[v3] lockdown,selinux: fix wrong subject in some SELinux lockdown checks [v3] lockdown,selinux: fix wrong subject in some SELinux lockdown checks 2 - - --- 2021-06-16 Ondrej Mosnacek pcmoore Superseded
[v2] lockdown,selinux: avoid bogus SELinux lockdown permission checks [v2] lockdown,selinux: avoid bogus SELinux lockdown permission checks 4 - 2 --- 2021-05-17 Ondrej Mosnacek pcmoore Changes Requested
[v2] lsm_audit,selinux: pass IB device name by reference [v2] lsm_audit,selinux: pass IB device name by reference 1 - - --- 2021-05-12 Ondrej Mosnacek pcmoore Accepted
[userspace,2/2] scripts/ci: use F34 image instead of F33 Bump testsuite CI image to F34 1 - - --- 2021-05-12 Ondrej Mosnacek Accepted
[userspace,1/2] libselinux: fix invalid free in store_stem()/load_mmap() Bump testsuite CI image to F34 - - - --- 2021-05-12 Ondrej Mosnacek Rejected
selinux: use strlcpy() when copying IB device name selinux: use strlcpy() when copying IB device name - - - --- 2021-05-07 Ondrej Mosnacek pcmoore Changes Requested
[v2] debugfs: fix security_locked_down() call for SELinux [v2] debugfs: fix security_locked_down() call for SELinux - - - --- 2021-05-07 Ondrej Mosnacek pcmoore Accepted
serial: core: fix suspicious security_locked_down() call serial: core: fix suspicious security_locked_down() call 1 - - --- 2021-05-07 Ondrej Mosnacek pcmoore Accepted
debugfs: fix security_locked_down() call for SELinux debugfs: fix security_locked_down() call for SELinux - - - --- 2021-05-07 Ondrej Mosnacek pcmoore Superseded
lockdown,selinux: fix bogus SELinux lockdown permission checks lockdown,selinux: fix bogus SELinux lockdown permission checks - - - --- 2021-05-07 Ondrej Mosnacek pcmoore Superseded
[testsuite] ci: test also on F34 images [testsuite] ci: test also on F34 images - - - --- 2021-05-01 Ondrej Mosnacek Accepted
[testsuite] tests/lockdown: use /sys/kernel/debug/fault_around_bytes for integrity test [testsuite] tests/lockdown: use /sys/kernel/debug/fault_around_bytes for integrity test - - - --- 2021-05-01 Ondrej Mosnacek Accepted
[testsuite] policy: only define anon_inode class if not defined in system policy [testsuite] policy: only define anon_inode class if not defined in system policy - - - --- 2021-04-30 Ondrej Mosnacek omos Accepted
[RFC,testsuite] Add extended_anon_inode_class policy capability support [RFC,testsuite] Add extended_anon_inode_class policy capability support - - - --- 2021-04-21 Ondrej Mosnacek omos Rejected
[RFC,2/2] selinux: add capability to map anon inode types to separate classes selinux,anon_inodes: Use a separate SELinux class for each type of anon inode - - - --- 2021-04-21 Ondrej Mosnacek pcmoore Rejected
[RFC,1/2] LSM,anon_inodes: explicitly distinguish anon inode types selinux,anon_inodes: Use a separate SELinux class for each type of anon inode - - - --- 2021-04-21 Ondrej Mosnacek pcmoore Rejected
[2/2] selinux: fix SECURITY_LSM_NATIVE_LABELS flag handling on double mount vfs/security/NFS/btrfs: clean up and fix LSM option handling - - - --- 2021-04-09 Ondrej Mosnacek pcmoore Superseded
[1/2] vfs,LSM: introduce the FS_HANDLES_LSM_OPTS flag vfs/security/NFS/btrfs: clean up and fix LSM option handling - - - --- 2021-04-09 Ondrej Mosnacek pcmoore Superseded
[v3] selinux: fix race between old and new sidtab [v3] selinux: fix race between old and new sidtab - - - --- 2021-04-07 Ondrej Mosnacek pcmoore Accepted
[testsuite] Deactivate userfaultfd test policy if no xperm support [testsuite] Deactivate userfaultfd test policy if no xperm support - - - --- 2021-04-06 Ondrej Mosnacek omos Accepted
[v2] selinux: fix race between old and new sidtab [v2] selinux: fix race between old and new sidtab - - - --- 2021-04-06 Ondrej Mosnacek pcmoore Changes Requested
selinux: fix race between old and new sidtab selinux: fix race between old and new sidtab - - - --- 2021-04-05 Ondrej Mosnacek pcmoore Changes Requested
[v3,2/2] selinux: fix cond_list corruption when changing booleans selinux: fix changing booleans - - - --- 2021-04-02 Ondrej Mosnacek pcmoore Accepted
[v3,1/2] selinux: make nslot handling in avtab more robust selinux: fix changing booleans - - - --- 2021-04-02 Ondrej Mosnacek pcmoore Accepted
[v2,2/2] selinux: fix cond_list corruption when changing booleans selinux: fix changing booleans - - - --- 2021-04-01 Ondrej Mosnacek pcmoore Changes Requested
[v2,1/2] selinux: make nslot handling in avtab more robust selinux: fix changing booleans - - - --- 2021-04-01 Ondrej Mosnacek pcmoore Changes Requested
[3/3] selinux: constify some avtab function arguments selinux: fix changing booleans - - - --- 2021-03-30 Ondrej Mosnacek pcmoore Accepted
[2/3] selinux: simplify duplicate_policydb_cond_list() by using kmemdup() selinux: fix changing booleans - - - --- 2021-03-30 Ondrej Mosnacek pcmoore Accepted
[1/3] selinux: fix cond_list corruption when changing booleans selinux: fix changing booleans - - - --- 2021-03-30 Ondrej Mosnacek pcmoore Changes Requested
[testsuite] tests/userfaultfd: handle __NR_userfaultfd not being defined [testsuite] tests/userfaultfd: handle __NR_userfaultfd not being defined - - - --- 2021-03-24 Ondrej Mosnacek omos Accepted
[RFC,userspace,6/6] setfiles/restorecon: support parallel relabeling Parallel setfiles/restorecon - - - --- 2021-03-23 Ondrej Mosnacek RFC
[RFC,userspace,5/6] selinux_restorecon: introduce selinux_restorecon_parallel(3) Parallel setfiles/restorecon - - - --- 2021-03-23 Ondrej Mosnacek RFC
[RFC,userspace,4/6] selinux_restorecon: add a global mutex to synchronize progress output Parallel setfiles/restorecon - - - --- 2021-03-23 Ondrej Mosnacek RFC
[RFC,userspace,3/6] selinux_restorecon: introduce selinux_log_sync() Parallel setfiles/restorecon - - - --- 2021-03-23 Ondrej Mosnacek RFC
[RFC,userspace,2/6] selinux_restorecon: protect file_spec list with a mutex Parallel setfiles/restorecon - - - --- 2021-03-23 Ondrej Mosnacek RFC
[RFC,userspace,1/6] selinux_restorecon: simplify fl_head allocation by using calloc() Parallel setfiles/restorecon - - - --- 2021-03-23 Ondrej Mosnacek RFC
[userspace] policycoreutils/setfiles: do not create useless setfiles.8.man file [userspace] policycoreutils/setfiles: do not create useless setfiles.8.man file 1 - - --- 2021-03-19 Ondrej Mosnacek Accepted
[v3,3/3] selinuxfs: unify policy load error reporting selinux: policy load fixes - - - --- 2021-03-18 Ondrej Mosnacek Accepted
[v3,2/3] selinux: fix variable scope issue in live sidtab conversion selinux: policy load fixes - 1 1 --- 2021-03-18 Ondrej Mosnacek Accepted
[v3,1/3] selinux: don't log MAC_POLICY_LOAD record on failed policy load selinux: policy load fixes - - - --- 2021-03-18 Ondrej Mosnacek Accepted
xfs: use has_capability_noaudit() instead of capable() where appropriate xfs: use has_capability_noaudit() instead of capable() where appropriate - - - --- 2021-03-16 Ondrej Mosnacek pcmoore Changes Requested
[v2] vfs: fix fsconfig(2) LSM mount option handling for btrfs [v2] vfs: fix fsconfig(2) LSM mount option handling for btrfs - - 1 --- 2021-03-16 Ondrej Mosnacek pcmoore Changes Requested
[testsuite,3/3] perf_event: fix CAP_SYS_ADMIN references perf_event: fixes and cleanups - - - --- 2021-03-02 Ondrej Mosnacek omos Accepted
[testsuite,2/3] perf_event: fix wrong use of perf_event_open(2) API perf_event: fixes and cleanups - - - --- 2021-03-02 Ondrej Mosnacek omos Accepted
[testsuite,1/3] perf_event: measure CPU 0 rather than CPU 1 perf_event: fixes and cleanups - - - --- 2021-03-02 Ondrej Mosnacek omos Accepted
[testsuite] lockdown: use debugfs/tracefs to test lockdown permissions [testsuite] lockdown: use debugfs/tracefs to test lockdown permissions - - - --- 2021-03-02 Ondrej Mosnacek omos Accepted
[userspace] fixfiles: do not exclude /dev and /run in -C mode [userspace] fixfiles: do not exclude /dev and /run in -C mode 1 - - --- 2021-03-01 Ondrej Mosnacek Accepted
« 1 2 3 45 6 »