Show patches with: State = Action Required       |    Archived = No       |   143 patches
« 1 2 »
Patch Series A/R/T S/W/F Date Submitter Delegate State
[GIT,PULL] capabilities changes for 6.14-rc1 [GIT,PULL] capabilities changes for 6.14-rc1 - - - --- 2025-01-20 Serge E. Hallyn New
[v2,6/6] module: Introduce hash-based integrity checking module: Introduce hash-based integrity checking - - - --- 2025-01-20 Thomas Weißschuh New
[v2,5/6] lockdown: Make the relationship to MODULE_SIG a dependency module: Introduce hash-based integrity checking - - - --- 2025-01-20 Thomas Weißschuh New
[v2,4/6] module: Move lockdown check into generic module loader module: Introduce hash-based integrity checking - - - --- 2025-01-20 Thomas Weißschuh New
[v2,3/6] module: Move integrity checks into dedicated function module: Introduce hash-based integrity checking - - - --- 2025-01-20 Thomas Weißschuh New
[v2,2/6] module: Make module loading policy usable without MODULE_SIG module: Introduce hash-based integrity checking - - - --- 2025-01-20 Thomas Weißschuh New
[v2,1/6] kbuild: add stamp file for vmlinux BTF data module: Introduce hash-based integrity checking - - - --- 2025-01-20 Thomas Weißschuh New
apparmor: Remove unused variable 'sock' in __file_sock_perm() apparmor: Remove unused variable 'sock' in __file_sock_perm() - - - --- 2025-01-20 Nathan Chancellor New
apparmor: Fix checking address of an array in accum_label_info() apparmor: Fix checking address of an array in accum_label_info() - - - --- 2025-01-20 Nathan Chancellor New
smack: remove /smack/logging if audit is not configured smack: remove /smack/logging if audit is not configured - - - --- 2025-01-17 Konstantin Andreev New
smack: dont compile ipv6 code unless ipv6 is configured smack: dont compile ipv6 code unless ipv6 is configured - - - --- 2025-01-17 Konstantin Andreev New
[2/2] smack: recognize ipv4 CIPSO w/o categories smack: recognize ipv4 CIPSO w/o categories - - - --- 2025-01-16 Konstantin Andreev New
[1/2] smack: Revert "smackfs: Added check catlen" smack: recognize ipv4 CIPSO w/o categories - - - --- 2025-01-16 Konstantin Andreev New
[V2] loadpin: remove MODULE_COMPRESS_NONE as it is no longer supported [V2] loadpin: remove MODULE_COMPRESS_NONE as it is no longer supported - - - --- 2025-01-14 Arulpandiyan Vadivel pcmoore Under Review
loadpin: remove MODULE_COMPRESS_NONE as it is no longer supported loadpin: remove MODULE_COMPRESS_NONE as it is no longer supported - - - --- 2025-01-13 Arulpandiyan Vadivel New
ipe: policy_fs: fix kernel-doc warnings ipe: policy_fs: fix kernel-doc warnings - - - --- 2025-01-11 Randy Dunlap New
[v3,2/2] landlock: add support for private bind mount [v3,1/2] fs: add loopback/bind mount specific security hook - - - --- 2025-01-10 Shervin Oloumi pcmoore New
[v3,1/2] fs: add loopback/bind mount specific security hook [v3,1/2] fs: add loopback/bind mount specific security hook - - - --- 2025-01-10 Shervin Oloumi pcmoore New
[2/2] landlock: add support for private bind mount [1/2] fs: add loopback/bind mount specific security hook - - - --- 2024-12-31 Shervin Oloumi pcmoore Under Review
[1/2] fs: add loopback/bind mount specific security hook [1/2] fs: add loopback/bind mount specific security hook - - - --- 2024-12-31 Shervin Oloumi pcmoore Under Review
[linux-next,2/2] perf: Return EACCESS when need perfmon capability Fix perf security check problem - - - --- 2024-12-23 Luo Gengkun pcmoore Under Review
[linux-next,1/2] perf: Remove unnecessary parameter of security check Fix perf security check problem - - - --- 2024-12-23 Luo Gengkun pcmoore Under Review
[2/2] io_uring: use security_uring_allowed() [1/2] lsm: add LSM hooks for io_uring_setup() - - - --- 2024-12-19 Hamza Mahfooz New
[1/2] lsm: add LSM hooks for io_uring_setup() [1/2] lsm: add LSM hooks for io_uring_setup() - - - --- 2024-12-19 Hamza Mahfooz New
lsm,io_uring: add LSM hooks for io_uring_setup() lsm,io_uring: add LSM hooks for io_uring_setup() - - - --- 2024-12-19 Hamza Mahfooz New
[v2] capability: Remove unused has_capability [v2] capability: Remove unused has_capability - 1 - --- 2024-12-19 Dr. David Alan Gilbert Under Review
lsm: integrity: Allow enable/disable ima and evm with lsm= cmdline lsm: integrity: Allow enable/disable ima and evm with lsm= cmdline - - - --- 2024-12-18 Song Liu pcmoore New
[6/6] Audit: Add record for multiple object contexts [1/6] Audit: Create audit_stamp structure - - - --- 2024-12-17 Casey Schaufler pcmoore New
[5/6] Audit: multiple subject lsm values for netlabel [1/6] Audit: Create audit_stamp structure - - - --- 2024-12-17 Casey Schaufler pcmoore New
[4/6] Audit: Add record for multiple task security contexts [1/6] Audit: Create audit_stamp structure - - - --- 2024-12-17 Casey Schaufler pcmoore New
[3/6] LSM: security_lsmblob_to_secctx module selection [1/6] Audit: Create audit_stamp structure - - - --- 2024-12-17 Casey Schaufler pcmoore New
[2/6] Audit: Allow multiple records in an audit_buffer [1/6] Audit: Create audit_stamp structure - - - --- 2024-12-17 Casey Schaufler pcmoore New
[1/6] Audit: Create audit_stamp structure [1/6] Audit: Create audit_stamp structure - - - --- 2024-12-17 Casey Schaufler pcmoore New
capability: Remove unused has_capability capability: Remove unused has_capability - 1 - --- 2024-12-15 Dr. David Alan Gilbert pcmoore Under Review
lsm: add reserved flag in lsm_prop struct lsm: add reserved flag in lsm_prop struct - - - --- 2024-12-06 李豪杰 pcmoore Under Review
[01/11] coccinelle: Add script to reorder capable() calls [01/11] coccinelle: Add script to reorder capable() calls - 1 - --- 2024-11-25 Christian Göttsche pcmoore New
[11/11] infiniband: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - - - --- 2024-11-25 Christian Göttsche pcmoore New
[10/11] skbuff: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - - - --- 2024-11-25 Christian Göttsche pcmoore New
[09/11] fs: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - 1 - --- 2024-11-25 Christian Göttsche pcmoore New
[08/11] gfs2: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - - - --- 2024-11-25 Christian Göttsche pcmoore New
[07/11] ipv4: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - - - --- 2024-11-25 Christian Göttsche pcmoore New
[06/11] ubifs: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls 1 - - --- 2024-11-25 Christian Göttsche pcmoore New
[05/11] genwqe: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - - - --- 2024-11-25 Christian Göttsche pcmoore New
[04/11] hugetlbfs: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - - - --- 2024-11-25 Christian Göttsche pcmoore New
[03/11] ext4: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - - - --- 2024-11-25 Christian Göttsche pcmoore New
[02/11] quota: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - - - --- 2024-11-25 Christian Göttsche pcmoore New
[v21,6/6] samples/check-exec: Add an enlighten "inc" interpreter and 28 tests Script execution control (was O_MAYEXEC) - - - --- 2024-11-12 Mickaël Salaün pcmoore New
[v21,5/6] samples/check-exec: Add set-exec Script execution control (was O_MAYEXEC) - - - --- 2024-11-12 Mickaël Salaün pcmoore New
[v21,4/6] selftests/landlock: Add tests for execveat + AT_EXECVE_CHECK Script execution control (was O_MAYEXEC) - - - --- 2024-11-12 Mickaël Salaün pcmoore New
[v21,3/6] selftests/exec: Add 32 tests for AT_EXECVE_CHECK and exec securebits Script execution control (was O_MAYEXEC) - - - --- 2024-11-12 Mickaël Salaün pcmoore New
[v21,2/6] security: Add EXEC_RESTRICT_FILE and EXEC_DENY_INTERACTIVE securebits Script execution control (was O_MAYEXEC) - 1 - --- 2024-11-12 Mickaël Salaün pcmoore New
[v21,1/6] exec: Add a new AT_EXECVE_CHECK flag to execveat(2) Script execution control (was O_MAYEXEC) 1 1 - --- 2024-11-12 Mickaël Salaün pcmoore New
selinux,xfrm: fix dangling refcount on deferred skb free selinux,xfrm: fix dangling refcount on deferred skb free - - - --- 2024-11-06 Ondrej Mosnacek pcmoore Under Review
[v2] mm: Split critical region in remap_file_pages() and invoke LSMs in between [v2] mm: Split critical region in remap_file_pages() and invoke LSMs in between - 5 2 --- 2024-10-18 Roberto Sassu pcmoore Under Review
[RFC,v3,13/13] clavis: Kunit support Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,12/13] clavis: Add function redirection for Kunit support Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,11/13] clavis: Prevent boot param change during kexec Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,10/13] efi: Make clavis boot param persist across kexec Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,09/13] clavis: Allow user to define acl at build time Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,08/13] clavis: Introduce new LSM called clavis Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,07/13] keys: Add ability to track intended usage of the public key Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,06/13] clavis: Populate clavis keyring acl with kernel module signature Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,05/13] clavis: Introduce a new key type called clavis_key_acl Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,04/13] keys: Add new verification type (VERIFYING_CLAVIS_SIGNATURE) Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,03/13] clavis: Introduce a new system keyring called clavis Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,02/13] certs: Introduce ability to link to a system key Clavis LSM - 1 - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,01/13] certs: Remove CONFIG_INTEGRITY_PLATFORM_KEYRING check Clavis LSM - 1 - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v4] mm: move the check of READ_IMPLIES_EXEC out of do_mmap() [RFC,v4] mm: move the check of READ_IMPLIES_EXEC out of do_mmap() - - - --- 2024-09-28 Shu Han Under Review
mm: move security_file_mmap() back into do_mmap() mm: move security_file_mmap() back into do_mmap() - - - --- 2024-09-25 Shu Han Under Review
mm: move the check of READ_IMPLIES_EXEC out of do_mmap() mm: move the check of READ_IMPLIES_EXEC out of do_mmap() - - - --- 2024-09-25 Shu Han Under Review
[v4,14/14] Activate the configuration and build of the TSEM LSM. Implement Trusted Security Event Modeling. - - - --- 2024-08-26 Dr. Greg pcmoore Under Review
[v4,13/14] Implement infrastructure for loadable security models. Implement Trusted Security Event Modeling. - - - --- 2024-08-26 Dr. Greg pcmoore Under Review
[v4,12/14] Implement configuration and methods for default model. Implement Trusted Security Event Modeling. - - - --- 2024-08-26 Dr. Greg pcmoore Under Review
[v4,11/14] Implement the internal Trusted Modeling Agent. Implement Trusted Security Event Modeling. - - - --- 2024-08-26 Dr. Greg pcmoore Under Review
[v4,10/14] Implement security event mapping. Implement Trusted Security Event Modeling. - - - --- 2024-08-26 Dr. Greg pcmoore Under Review
[v4,09/14] Add event processing implementation. Implement Trusted Security Event Modeling. - - - --- 2024-08-26 Dr. Greg pcmoore Under Review
[v4,08/14] Add security event description export facility. Implement Trusted Security Event Modeling. - - - --- 2024-08-26 Dr. Greg pcmoore Under Review
[v4,07/14] Add namespace implementation. Implement Trusted Security Event Modeling. - - - --- 2024-08-26 Dr. Greg pcmoore Under Review
[v4,06/14] Implement TSEM control plane. Implement Trusted Security Event Modeling. - - - --- 2024-08-26 Dr. Greg pcmoore Under Review
[v4,05/14] Add root domain trust implementation. Implement Trusted Security Event Modeling. - - - --- 2024-08-26 Dr. Greg pcmoore Under Review
[v4,04/14] Add primary TSEM implementation file. Implement Trusted Security Event Modeling. - - - --- 2024-08-26 Dr. Greg pcmoore Under Review
[v4,03/14] TSEM global declarations. Implement Trusted Security Event Modeling. - - - --- 2024-08-26 Dr. Greg pcmoore Under Review
[v4,02/14] Add TSEM specific documentation. Implement Trusted Security Event Modeling. - - - --- 2024-08-26 Dr. Greg pcmoore Under Review
[v4,01/14] Update MAINTAINERS file. Implement Trusted Security Event Modeling. - - - --- 2024-08-26 Dr. Greg pcmoore Under Review
[RESEND] cred: separate the refcount from frequently read fields [RESEND] cred: separate the refcount from frequently read fields - - - --- 2024-08-22 Mateusz Guzik pcmoore New
[v2,2/2] security: remove unused cred_alloc_blank/cred_transfer helpers get rid of cred_transfer - - - --- 2024-08-05 Jann Horn pcmoore Under Review
[v2,1/2] KEYS: use synchronous task work for changing parent credentials get rid of cred_transfer - - - --- 2024-08-05 Jann Horn pcmoore Under Review
[RFC,1/2] lsm: introduce new hook security_vm_execstack [RFC,1/2] lsm: introduce new hook security_vm_execstack - - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[RFC,2/2] selinux: wire up new execstack LSM hook [RFC,1/2] lsm: introduce new hook security_vm_execstack - - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[10/10] coccinelle: add script for capable_any() [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY - - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[09/10] bpf: use new capable_any functionality [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY 1 - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[08/10] net: use new capable_any functionality [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY - 1 - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[07/10] kernel: use new capable_any functionality [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY - 2 - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[06/10] fs: use new capable_any functionality [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY 1 - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[05/10] drivers: use new capable_any functionality [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY 2 - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[04/10] block: use new capable_any functionality [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY - - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[03/10] capability: use new capable_any functionality [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY 1 - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[02/10] capability: add any wrappers to test for multiple caps with exactly one audit message [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY - 1 - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY 2 1 - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[v3,3/3] fs/exec: remove current->in_execve flag fs/exec: remove current->in_execve flag 1 - - --- 2024-02-06 Tetsuo Handa pcmoore Under Review
« 1 2 »