System Audit Discussions

Show patches with: Archived = No | 335 patches

« 1 2 3 4 »

Patch	Series	A/R/T	S/W/F	Date	Submitter	Delegate	State
kernel: auditfilter: Remove unnecessary ‘0’ values from ret	kernel: auditfilter: Remove unnecessary ‘0’ values from ret	- - -	---	2023-12-28	Li zeming	pcmoore	Accepted
[v39,18/42] LSM: Use lsmcontext in security_lsmblob_to_secctx	Untitled series #810617	- - -	---	2023-12-15	Casey Schaufler	pcmoore	Handled Elsewhere
[v39,17/42] LSM: Use lsmcontext in security_secid_to_secctx	Untitled series #810617	- - -	---	2023-12-15	Casey Schaufler	pcmoore	Handled Elsewhere
[v39,16/42] LSM: Ensure the correct LSM context releaser	Untitled series #810617	3 2 -	---	2023-12-15	Casey Schaufler	pcmoore	Handled Elsewhere
[v39,13/42] LSM: Create new security_cred_getlsmblob LSM hook	Untitled series #810617	2 2 -	---	2023-12-15	Casey Schaufler	pcmoore	Handled Elsewhere
[v39,11/42] LSM: Use lsmblob in security_inode_getsecid	Untitled series #810617	2 2 -	---	2023-12-15	Casey Schaufler	pcmoore	Handled Elsewhere
[v39,08/42] LSM: Use lsmblob in security_ipc_getsecid	Untitled series #810617	2 2 -	---	2023-12-15	Casey Schaufler	pcmoore	Handled Elsewhere
[2/2] audit: Apply special optimizations	audit: Further reduce syscall latency	- - -	---	2023-12-12	Haakon Bugge	pcmoore	Not Applicable
[2/2] audit: Apply codegen optimizations	Untitled series #809161	- - -	---	2023-12-12	Haakon Bugge	pcmoore	Rejected
[1/2] audit: Vary struct audit_entry alignment	audit: Further reduce syscall latency	- - -	---	2023-12-12	Haakon Bugge	pcmoore	Rejected
[16/16] vfs: return -EOPNOTSUPP for fscaps from vfs_*xattr()	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee		Handled Elsewhere
[15/16] commoncap: use vfs fscaps interfaces for killpriv checks	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee		Handled Elsewhere
[14/16] commoncap: remove cap_inode_getsecurity()	fs: use type-safe uid representation for filesystem capabilities	1 - -	---	2023-11-29	Seth Forshee		Handled Elsewhere
[13/16] fs: use vfs interfaces for capabilities xattrs	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee		Handled Elsewhere
[12/16] ovl: use vfs_{get,set}_fscaps() for copy-up	fs: use type-safe uid representation for filesystem capabilities	- 1 -	---	2023-11-29	Seth Forshee		Handled Elsewhere
[11/16] ovl: add fscaps handlers	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee		Handled Elsewhere
[10/16] fs: add vfs_remove_fscaps()	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee		Handled Elsewhere
[09/16] fs: add vfs_set_fscaps()	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee		Handled Elsewhere
[08/16] fs: add vfs_get_fscaps()	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee		Handled Elsewhere
[07/16] fs: add inode operations to get/set/remove fscaps	fs: use type-safe uid representation for filesystem capabilities	- 1 -	---	2023-11-29	Seth Forshee		Handled Elsewhere
[06/16] capability: provide a helper for converting vfs_caps to xattr for userspace	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee		Handled Elsewhere
[05/16] capability: provide helpers for converting between xattrs and vfs_caps	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee		Handled Elsewhere
[04/16] capability: use vfsuid_t for vfs_caps rootids	fs: use type-safe uid representation for filesystem capabilities	1 - -	---	2023-11-29	Seth Forshee		Handled Elsewhere
[03/16] capability: rename cpu_vfs_cap_data to vfs_caps	fs: use type-safe uid representation for filesystem capabilities	1 1 -	---	2023-11-29	Seth Forshee		Handled Elsewhere
[02/16] mnt_idmapping: include cred.h	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee		Handled Elsewhere
[01/16] mnt_idmapping: split out core vfs[ug]id_t definitions into vfsid.h	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee		Handled Elsewhere
[GIT,PULL] audit/audit-pr-20231116	[GIT,PULL] audit/audit-pr-20231116	- - -	---	2023-11-16	Paul Moore	pcmoore	Accepted
MAINTAINERS: update the audit entry	MAINTAINERS: update the audit entry	- - -	---	2023-11-15	Paul Moore	pcmoore	Accepted
audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare()	audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare()	- - -	---	2023-11-15	Paul Moore	pcmoore	Accepted
[GIT,PULL] audit/audit-pr-20231030	[GIT,PULL] audit/audit-pr-20231030	- - -	---	2023-10-31	Paul Moore	pcmoore	Accepted
[v3] audit: don't take task_lock() in audit_exe_compare() code path	[v3] audit: don't take task_lock() in audit_exe_compare() code path	- 2 -	---	2023-10-24	Paul Moore	pcmoore	Accepted
[v2] audit: don't take task_lock() in audit_exe_compare() code path	[v2] audit: don't take task_lock() in audit_exe_compare() code path	- 1 -	---	2023-10-24	Paul Moore	pcmoore	Superseded
audit: use mmget() instead of get_task_exe_file() when auditing @current	audit: use mmget() instead of get_task_exe_file() when auditing @current	- - -	---	2023-10-18	Paul Moore	pcmoore	Superseded
[v2] audit: Send netlink ACK before setting connection in auditd_set	[v2] audit: Send netlink ACK before setting connection in auditd_set	- - -	---	2023-10-18	Chris Riches	pcmoore	Accepted
audit,io_uring: io_uring openat triggers audit reference count underflow	audit,io_uring: io_uring openat triggers audit reference count underflow	1 1 -	---	2023-10-12	Dan Clash	pcmoore	Accepted
[nf,v2] netfilter: nf_tables: audit log object reset once per table	[nf,v2] netfilter: nf_tables: audit log object reset once per table	1 1 -	---	2023-10-11	Phil Sutter	pcmoore	Handled Elsewhere
audit: io_uring openat triggers audit reference count underflow in worker thread	audit: io_uring openat triggers audit reference count underflow in worker thread	- - -	---	2023-10-06	Dan Clash	pcmoore	Changes Requested
[RFC,v11,19/19] documentation: add ipe documentation	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-10-04	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v11,18/19] ipe: kunit test for parser	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-10-04	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v11,17/19] scripts: add boot policy generation program	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-10-04	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v11,16/19] ipe: enable support for fs-verity as a trust provider	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-10-04	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v11,15/19] fsverity: consume builtin signature via LSM hook	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-10-04	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v11,14/19] ipe: add support for dm-verity as a trust provider	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-10-04	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v11,13/19] dm verity: consume root hash digest and signature data via LSM hook	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-10-04	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v11,12/19] dm: add finalize hook to target_type	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-10-04	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v11,11/19] dm verity: set DM_TARGET_SINGLETON feature flag	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-10-04	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v11,10/19] block\|security: add LSM blob to block_device	Integrity Policy Enforcement LSM (IPE)	- 1 -	---	2023-10-04	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v11,09/19] ipe: add permissive toggle	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-10-04	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v11,08/19] uapi\|audit\|ipe: add ipe auditing support	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-10-04	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v11,07/19] ipe: add userspace interface	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-10-04	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v11,06/19] security: add new securityfs delete function	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-10-04	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v11,05/19] ipe: introduce 'boot_verified' as a trust provider	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-10-04	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v11,04/19] ipe: add LSM hooks on execution and kernel read	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-10-04	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v11,03/19] ipe: add evaluation loop	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-10-04	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v11,02/19] ipe: add policy parser	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-10-04	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v11,01/19] security: add ipe lsm	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-10-04	Fan Wu	pcmoore	Handled Elsewhere
[nf,3/3] netfilter: nf_tables: Audit log object reset once per table	Review nf_tables audit logging	1 1 -	---	2023-09-23	Phil Sutter		Handled Elsewhere
[nf,2/3] netfilter: nf_tables: Deduplicate nft_register_obj audit logs	Review nf_tables audit logging	1 1 -	---	2023-09-23	Phil Sutter		Handled Elsewhere
[nf,1/3] selftests: netfilter: Extend nft_audit.sh	Review nf_tables audit logging	- - -	---	2023-09-23	Phil Sutter		Handled Elsewhere
[RFC] audit: Send netlink ACK before setting connection in auditd_set	[RFC] audit: Send netlink ACK before setting connection in auditd_set	- - -	---	2023-09-22	Chris Riches	pcmoore	Changes Requested
[RFC,v1,7/7] landlock: Log ptrace requests	Landlock audit support	- - -	---	2023-09-21	Mickaël Salaün	pcmoore	RFC
[RFC,v1,6/7] landlock: Log mount-related requests	Landlock audit support	- - -	---	2023-09-21	Mickaël Salaün	pcmoore	RFC
[RFC,v1,5/7] landlock: Log file-related requests	Landlock audit support	- - -	---	2023-09-21	Mickaël Salaün	pcmoore	RFC
[RFC,v1,4/7] landlock: Log domain creation and enforcement	Landlock audit support	- - -	---	2023-09-21	Mickaël Salaün	pcmoore	RFC
[RFC,v1,3/7] landlock: Log ruleset creation and release	Landlock audit support	- - -	---	2023-09-21	Mickaël Salaün	pcmoore	RFC
[RFC,v1,2/7] landlock: Factor out check_access_path()	Landlock audit support	- - -	---	2023-09-21	Mickaël Salaün	pcmoore	RFC
[RFC,v1,1/7] lsm: Add audit_log_lsm_data() helper	Landlock audit support	1 - -	---	2023-09-21	Mickaël Salaün	pcmoore	RFC
[nf,v3,2/2] selftests: netfilter: Test nf_tables audit logging	nf_tables: follow-up on audit fix, add selftest	- - -	---	2023-09-13	Phil Sutter		Handled Elsewhere
[nf,v3,1/2] netfilter: nf_tables: Fix entries val in rule reset audit log	nf_tables: follow-up on audit fix, add selftest	- 1 -	---	2023-09-13	Phil Sutter		Handled Elsewhere
[nf,v2] netfilter: nf_tables: Fix entries val in rule reset audit log	[nf,v2] netfilter: nf_tables: Fix entries val in rule reset audit log	- - -	---	2023-09-08	Phil Sutter		Superseded
[nf-next,RFC,2/2] selftests: netfilter: Test nf_tables audit logging	nf_tables: follow-up on audit fix, propose kselftest	- - -	---	2023-09-08	Phil Sutter		Superseded
[nf,1/2] netfilter: nf_tables: Fix entries val in rule reset audit log	nf_tables: follow-up on audit fix, propose kselftest	- - -	---	2023-09-08	Phil Sutter	pcmoore	Superseded
[1/1] audit: remove redundant 'fsnotify_put_mark'	[1/1] audit: remove redundant 'fsnotify_put_mark'	- - -	---	2023-09-07	Wu Bo	pcmoore	Rejected
[GIT,PULL] Audit patches for v6.6	[GIT,PULL] Audit patches for v6.6	- - -	---	2023-08-29	Paul Moore	pcmoore	Accepted
audit: Annotate struct audit_chunk with __counted_by	audit: Annotate struct audit_chunk with __counted_by	- 1 -	---	2023-08-17	Kees Cook	pcmoore	Accepted
[v1] kernel: Moves trailing statements to next line	[v1] kernel: Moves trailing statements to next line	- - -	---	2023-08-15	Atul Kumar Pant	pcmoore	Accepted
[v1] kernel: auditsc: Removes use of assignment in if condition and moves open brace following func…	[v1] kernel: auditsc: Removes use of assignment in if condition and moves open brace following func…	- - -	---	2023-08-15	Atul Kumar Pant	pcmoore	Accepted
[v1] kernel: Add space before parenthesis and around '=', "==" and '<'	[v1] kernel: Add space before parenthesis and around '=', "==" and '<'	- - -	---	2023-08-15	Atul Kumar Pant	pcmoore	Accepted
audit: add task history record	audit: add task history record	- - -	---	2023-08-11	Tetsuo Handa	pcmoore	Rejected
[v2] audit: fix possible soft lockup in __audit_inode_child()	[v2] audit: fix possible soft lockup in __audit_inode_child()	- - -	---	2023-08-08	Gaosheng Cui	pcmoore	Accepted
[v2] TaskTracker : Simplified thread information tracker.	[v2] TaskTracker : Simplified thread information tracker.	- - -	---	2023-08-06	Tetsuo Handa	pcmoore	Handled Elsewhere
audit: fix possible soft lockup in __audit_inode_child()	audit: fix possible soft lockup in __audit_inode_child()	- - -	---	2023-08-05	Gaosheng Cui	pcmoore	Changes Requested
[-next] audit: remove out-of-date comment in auditd_reset()	[-next] audit: remove out-of-date comment in auditd_reset()	- - -	---	2023-08-04	Xiu Jianfeng	pcmoore	Rejected
[-next] audit: correct audit_filter_inodes() definition	[-next] audit: correct audit_filter_inodes() definition	- - -	---	2023-07-21	xiujianfeng	pcmoore	Accepted
[-next] audit: Include securiry.h unconditionally	[-next] audit: Include securiry.h unconditionally	- - -	---	2023-07-20	xiujianfeng	pcmoore	Accepted
[RFC,v10,17/17] documentation: add ipe documentation	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-06-28	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v10,16/17] ipe: kunit test for parser	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-06-28	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v10,15/17] scripts: add boot policy generation program	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-06-28	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v10,14/17] ipe: enable support for fs-verity as a trust provider	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-06-28	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v10,13/17] fsverity: consume builtin signature via LSM hook	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-06-28	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v10,12/17] ipe: add support for dm-verity as a trust provider	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-06-28	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v10,11/17] dm-verity: consume root hash digest and signature data via LSM hook	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-06-28	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v10,10/17] block\|security: add LSM blob to block_device	Integrity Policy Enforcement LSM (IPE)	- 1 -	---	2023-06-28	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v10,09/17] ipe: add permissive toggle	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-06-28	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v10,08/17] uapi\|audit\|ipe: add ipe auditing support	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-06-28	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v10,07/17] ipe: add userspace interface	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-06-28	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v10,06/17] security: add new securityfs delete function	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-06-28	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v10,05/17] ipe: introduce 'boot_verified' as a trust provider	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-06-28	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v10,04/17] ipe: add LSM hooks on execution and kernel read	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-06-28	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v10,03/17] ipe: add evaluation loop	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-06-28	Fan Wu	pcmoore	Handled Elsewhere

« 1 2 3 4 »