System Audit Discussions

Show patches with: Archived = No | 309 patches

« 1 2 3 4 »

Patch	Series	A/R/T	S/W/F	Date	Submitter	Delegate	State
[RFC,v14,06/19] ipe: introduce 'boot_verified' as a trust provider	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-03-06	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v14,05/19] initramfs\|security: Add a security hook to do_populate_rootfs()	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-03-06	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v14,04/19] ipe: add LSM hooks on execution and kernel read	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-03-06	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v14,03/19] ipe: add evaluation loop	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-03-06	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v14,02/19] ipe: add policy parser	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-03-06	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v14,01/19] security: add ipe lsm	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-03-06	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v13,20/20] documentation: add ipe documentation	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-02-29	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v13,19/20] ipe: kunit test for parser	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-02-29	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v13,18/20] scripts: add boot policy generation program	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-02-29	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v13,17/20] ipe: enable support for fs-verity as a trust provider	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-02-29	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v13,16/20] fsverity: consume builtin signature via LSM hook	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-02-29	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v13,15/20] ipe: add support for dm-verity as a trust provider	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-02-29	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v13,14/20] dm verity: consume root hash digest and signature data via LSM hook	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-02-29	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v13,13/20] dm: add finalize hook to target_type	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-02-29	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v13,12/20] dm verity: set DM_TARGET_SINGLETON feature flag	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-02-29	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v13,11/20] block\|security: add LSM blob to block_device	Integrity Policy Enforcement LSM (IPE)	- 1 -	---	2024-02-29	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v13,10/20] ipe: add permissive toggle	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-02-29	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v13,09/20] uapi\|audit\|ipe: add ipe auditing support	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-02-29	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v13,08/20] ipe: add userspace interface	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-02-29	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v13,07/20] security: add new securityfs delete function	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-02-29	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v13,06/20] ipe: introduce 'boot_verified' as a trust provider	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-02-29	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v13,05/20] initramfs\|security: Add a security hook to do_populate_rootfs()	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-02-29	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v13,04/20] ipe: add LSM hooks on execution and kernel read	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-02-29	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v13,03/20] ipe: add evaluation loop	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-02-29	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v13,02/20] ipe: add policy parser	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-02-29	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v13,01/20] security: add ipe lsm	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-02-29	Fan Wu	pcmoore	Handled Elsewhere
[v2,25/25] vfs: return -EOPNOTSUPP for fscaps from vfs_*xattr()	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2024-02-21	Seth Forshee	pcmoore	Handled Elsewhere
[v2,24/25] commoncap: use vfs fscaps interfaces	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2024-02-21	Seth Forshee	pcmoore	Handled Elsewhere
[v2,23/25] commoncap: remove cap_inode_getsecurity()	fs: use type-safe uid representation for filesystem capabilities	1 - -	---	2024-02-21	Seth Forshee	pcmoore	Handled Elsewhere
[v2,22/25] fs: use vfs interfaces for capabilities xattrs	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2024-02-21	Seth Forshee	pcmoore	Handled Elsewhere
[v2,21/25] ovl: use vfs_{get,set}_fscaps() for copy-up	fs: use type-safe uid representation for filesystem capabilities	- 1 -	---	2024-02-21	Seth Forshee	pcmoore	Handled Elsewhere
[v2,20/25] ovl: add fscaps handlers	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2024-02-21	Seth Forshee	pcmoore	Handled Elsewhere
[v2,19/25] fs: add vfs_remove_fscaps()	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2024-02-21	Seth Forshee	pcmoore	Handled Elsewhere
[v2,18/25] fs: add vfs_set_fscaps()	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2024-02-21	Seth Forshee	pcmoore	Handled Elsewhere
[v2,17/25] fs: add vfs_get_fscaps()	fs: use type-safe uid representation for filesystem capabilities	- 1 -	---	2024-02-21	Seth Forshee	pcmoore	Handled Elsewhere
[v2,16/25] fs: add inode operations to get/set/remove fscaps	fs: use type-safe uid representation for filesystem capabilities	- 1 -	---	2024-02-21	Seth Forshee	pcmoore	Handled Elsewhere
[v2,15/25] security: call evm fscaps hooks from generic security hooks	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2024-02-21	Seth Forshee	pcmoore	Handled Elsewhere
[v2,14/25] evm: add support for fscaps security hooks	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2024-02-21	Seth Forshee	pcmoore	Handled Elsewhere
[v2,13/25] smack: add hooks for fscaps operations	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2024-02-21	Seth Forshee	pcmoore	Handled Elsewhere
[v2,12/25] selinux: add hooks for fscaps operations	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2024-02-21	Seth Forshee	pcmoore	Handled Elsewhere
[v2,11/25] security: add hooks for set/get/remove of fscaps	fs: use type-safe uid representation for filesystem capabilities	1 1 -	---	2024-02-21	Seth Forshee	pcmoore	Handled Elsewhere
[v2,10/25] xattr: use is_fscaps_xattr()	fs: use type-safe uid representation for filesystem capabilities	- 1 -	---	2024-02-21	Seth Forshee	pcmoore	Handled Elsewhere
[v2,09/25] commoncap: use is_fscaps_xattr()	fs: use type-safe uid representation for filesystem capabilities	- 1 -	---	2024-02-21	Seth Forshee	pcmoore	Handled Elsewhere
[v2,08/25] xattr: add is_fscaps_xattr() helper	fs: use type-safe uid representation for filesystem capabilities	- 1 -	---	2024-02-21	Seth Forshee	pcmoore	Handled Elsewhere
[v2,07/25] capability: provide a helper for converting vfs_caps to xattr for userspace	fs: use type-safe uid representation for filesystem capabilities	- 1 -	---	2024-02-21	Seth Forshee	pcmoore	Handled Elsewhere
[v2,06/25] capability: provide helpers for converting between xattrs and vfs_caps	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2024-02-21	Seth Forshee	pcmoore	Handled Elsewhere
[v2,05/25] capability: use vfsuid_t for vfs_caps rootids	fs: use type-safe uid representation for filesystem capabilities	1 1 -	---	2024-02-21	Seth Forshee	pcmoore	Handled Elsewhere
[v2,04/25] capability: rename cpu_vfs_cap_data to vfs_caps	fs: use type-safe uid representation for filesystem capabilities	1 1 -	---	2024-02-21	Seth Forshee	pcmoore	Handled Elsewhere
[v2,03/25] capability: add static asserts for comapatibility of vfs_cap_data and vfs_ns_cap_data	fs: use type-safe uid representation for filesystem capabilities	- 1 -	---	2024-02-21	Seth Forshee	pcmoore	Handled Elsewhere
[v2,02/25] mnt_idmapping: include cred.h	fs: use type-safe uid representation for filesystem capabilities	- 1 -	---	2024-02-21	Seth Forshee	pcmoore	Handled Elsewhere
[v2,01/25] mnt_idmapping: split out core vfs[ug]id_t definitions into vfsid.h	fs: use type-safe uid representation for filesystem capabilities	- 1 -	---	2024-02-21	Seth Forshee	pcmoore	Handled Elsewhere
[RFC,v12,20/20] documentation: add ipe documentation	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-01-30	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v12,19/20] ipe: kunit test for parser	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-01-30	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v12,18/20] scripts: add boot policy generation program	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-01-30	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v12,17/20] ipe: enable support for fs-verity as a trust provider	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-01-30	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v12,16/20] fsverity: consume builtin signature via LSM hook	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-01-30	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v12,15/20] ipe: add support for dm-verity as a trust provider	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-01-30	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v12,14/20] dm verity: consume root hash digest and signature data via LSM hook	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-01-30	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v12,13/20] dm: add finalize hook to target_type	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-01-30	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v12,12/20] dm verity: set DM_TARGET_SINGLETON feature flag	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-01-30	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v12,11/20] block\|security: add LSM blob to block_device	Integrity Policy Enforcement LSM (IPE)	- 1 -	---	2024-01-30	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v12,10/20] ipe: add permissive toggle	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-01-30	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v12,09/20] uapi\|audit\|ipe: add ipe auditing support	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-01-30	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v12,08/20] ipe: add userspace interface	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-01-30	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v12,07/20] security: add new securityfs delete function	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-01-30	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v12,06/20] ipe: introduce 'boot_verified' as a trust provider	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-01-30	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v12,05/20] initramfs\|security: Add security hook to initramfs unpack	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-01-30	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v12,04/20] ipe: add LSM hooks on execution and kernel read	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-01-30	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v12,03/20] ipe: add evaluation loop	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-01-30	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v12,02/20] ipe: add policy parser	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-01-30	Fan Wu	pcmoore	Handled Elsewhere
[RFC,v12,01/20] security: add ipe lsm	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-01-30	Fan Wu	pcmoore	Handled Elsewhere
audit: Use KMEM_CACHE instead of kmem_cache_create	audit: Use KMEM_CACHE instead of kmem_cache_create	- - -	---	2024-01-24	Kunwu Chan	pcmoore	Accepted
io_uring: enable audit and restrict cred override for IORING_OP_FIXED_FD_INSTALL	io_uring: enable audit and restrict cred override for IORING_OP_FIXED_FD_INSTALL	- - -	---	2024-01-23	Paul Moore	pcmoore	Handled Elsewhere
[GIT,PULL] audit/audit-pr-20240105	[GIT,PULL] audit/audit-pr-20240105	- - -	---	2024-01-05	Paul Moore	pcmoore	Accepted
kernel: auditfilter: Remove unnecessary ‘0’ values from ret	kernel: auditfilter: Remove unnecessary ‘0’ values from ret	- - -	---	2023-12-28	Li zeming	pcmoore	Accepted
[v39,18/42] LSM: Use lsmcontext in security_lsmblob_to_secctx	Untitled series #810617	- - -	---	2023-12-15	Casey Schaufler	pcmoore	Handled Elsewhere
[v39,17/42] LSM: Use lsmcontext in security_secid_to_secctx	Untitled series #810617	- - -	---	2023-12-15	Casey Schaufler	pcmoore	Handled Elsewhere
[v39,16/42] LSM: Ensure the correct LSM context releaser	Untitled series #810617	3 2 -	---	2023-12-15	Casey Schaufler	pcmoore	Handled Elsewhere
[v39,13/42] LSM: Create new security_cred_getlsmblob LSM hook	Untitled series #810617	2 2 -	---	2023-12-15	Casey Schaufler	pcmoore	Handled Elsewhere
[v39,11/42] LSM: Use lsmblob in security_inode_getsecid	Untitled series #810617	2 2 -	---	2023-12-15	Casey Schaufler	pcmoore	Handled Elsewhere
[v39,08/42] LSM: Use lsmblob in security_ipc_getsecid	Untitled series #810617	2 2 -	---	2023-12-15	Casey Schaufler	pcmoore	Handled Elsewhere
[2/2] audit: Apply special optimizations	audit: Further reduce syscall latency	- - -	---	2023-12-12	Haakon Bugge	pcmoore	Not Applicable
[2/2] audit: Apply codegen optimizations	Untitled series #809161	- - -	---	2023-12-12	Haakon Bugge	pcmoore	Rejected
[1/2] audit: Vary struct audit_entry alignment	audit: Further reduce syscall latency	- - -	---	2023-12-12	Haakon Bugge	pcmoore	Rejected
[16/16] vfs: return -EOPNOTSUPP for fscaps from vfs_*xattr()	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee		Handled Elsewhere
[15/16] commoncap: use vfs fscaps interfaces for killpriv checks	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee		Handled Elsewhere
[14/16] commoncap: remove cap_inode_getsecurity()	fs: use type-safe uid representation for filesystem capabilities	1 - -	---	2023-11-29	Seth Forshee		Handled Elsewhere
[13/16] fs: use vfs interfaces for capabilities xattrs	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee		Handled Elsewhere
[12/16] ovl: use vfs_{get,set}_fscaps() for copy-up	fs: use type-safe uid representation for filesystem capabilities	- 1 -	---	2023-11-29	Seth Forshee		Handled Elsewhere
[11/16] ovl: add fscaps handlers	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee		Handled Elsewhere
[10/16] fs: add vfs_remove_fscaps()	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee		Handled Elsewhere
[09/16] fs: add vfs_set_fscaps()	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee		Handled Elsewhere
[08/16] fs: add vfs_get_fscaps()	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee		Handled Elsewhere
[07/16] fs: add inode operations to get/set/remove fscaps	fs: use type-safe uid representation for filesystem capabilities	- 1 -	---	2023-11-29	Seth Forshee		Handled Elsewhere
[06/16] capability: provide a helper for converting vfs_caps to xattr for userspace	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee		Handled Elsewhere
[05/16] capability: provide helpers for converting between xattrs and vfs_caps	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee		Handled Elsewhere
[04/16] capability: use vfsuid_t for vfs_caps rootids	fs: use type-safe uid representation for filesystem capabilities	1 - -	---	2023-11-29	Seth Forshee		Handled Elsewhere
[03/16] capability: rename cpu_vfs_cap_data to vfs_caps	fs: use type-safe uid representation for filesystem capabilities	1 1 -	---	2023-11-29	Seth Forshee		Handled Elsewhere
[02/16] mnt_idmapping: include cred.h	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee		Handled Elsewhere
[01/16] mnt_idmapping: split out core vfs[ug]id_t definitions into vfsid.h	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee		Handled Elsewhere

« 1 2 3 4 »