Security modules development

Show patches with: State = Action Required | 12082 patches

« 1 2 ... 12 13 14 … 120 121 »

Patch	Series	A/R/T	S/W/F	Date	Submitter	State
[v5,1/4] efi: Save location of EFI confidential computing area	Allow guest access to EFI confidential computing secret area	- - -	---	2021-11-18	Dov Murik	New
[-next] apparmor: Fix kernel-doc	[-next] apparmor: Fix kernel-doc	1 - -	---	2021-11-17	Yang Li	New
[v19,4/4] overlayfs: inode_owner_or_capable called during execv	overlayfs override_creds=off & nested get xattr fix	- - -	---	2021-11-17	David Anderson	New
[v19,3/4] overlayfs: override_creds=off option bypass creator_cred	overlayfs override_creds=off & nested get xattr fix	- - -	---	2021-11-17	David Anderson	New
[v19,2/4] overlayfs: handle XATTR_NOSECURITY flag for get xattr method	overlayfs override_creds=off & nested get xattr fix	- - -	---	2021-11-17	David Anderson	New
[v19,1/4] Add flags option to get xattr method paired to __vfs_getxattr	overlayfs override_creds=off & nested get xattr fix	5 1 -	---	2021-11-17	David Anderson	New
[v7,17/17] integrity: Only use machine keyring when uefi_check_trust_mok_keys is true	Enroll kernel keys thru MOK	- - -	---	2021-11-16	Eric Snowberg	New
[v7,16/17] integrity: Trust MOK keys if MokListTrustedRT found	Enroll kernel keys thru MOK	- - -	---	2021-11-16	Eric Snowberg	New
[v7,15/17] efi/mokvar: move up init order	Enroll kernel keys thru MOK	- - -	---	2021-11-16	Eric Snowberg	New
[v7,14/17] integrity: store reference to machine keyring	Enroll kernel keys thru MOK	- - -	---	2021-11-16	Eric Snowberg	New
[v7,13/17] KEYS: link secondary_trusted_keys to machine trusted keys	Enroll kernel keys thru MOK	- - -	---	2021-11-16	Eric Snowberg	New
[v7,12/17] KEYS: integrity: change link restriction to trust the machine keyring	Enroll kernel keys thru MOK	- 1 -	---	2021-11-16	Eric Snowberg	New
[v7,11/17] KEYS: Introduce link restriction for machine keys	Enroll kernel keys thru MOK	- - -	---	2021-11-16	Eric Snowberg	New
[v7,10/17] KEYS: add a reference to machine keyring	Enroll kernel keys thru MOK	- - -	---	2021-11-16	Eric Snowberg	New
[v7,09/17] KEYS: Rename get_builtin_and_secondary_restriction	Enroll kernel keys thru MOK	- 1 -	---	2021-11-16	Eric Snowberg	New
[v7,08/17] integrity: add new keyring handler for mok keys	Enroll kernel keys thru MOK	- 1 -	---	2021-11-16	Eric Snowberg	New
[v7,07/17] integrity: Fix warning about missing prototypes	Enroll kernel keys thru MOK	- 1 -	---	2021-11-16	Eric Snowberg	New
[v7,06/17] integrity: restrict INTEGRITY_KEYRING_MACHINE to restrict_link_by_ca	Enroll kernel keys thru MOK	- - -	---	2021-11-16	Eric Snowberg	New
[v7,05/17] KEYS: CA link restriction	Enroll kernel keys thru MOK	- - -	---	2021-11-16	Eric Snowberg	New
[v7,04/17] X.509: Parse Basic Constraints for CA	Enroll kernel keys thru MOK	- - -	---	2021-11-16	Eric Snowberg	New
[v7,03/17] KEYS: Create static version of public_key_verify_signature	Enroll kernel keys thru MOK	- 1 -	---	2021-11-16	Eric Snowberg	New
[v7,02/17] integrity: Do not allow machine keyring updates following init	Enroll kernel keys thru MOK	- 1 -	---	2021-11-16	Eric Snowberg	New
[v7,01/17] integrity: Introduce a Linux keyring called machine	Enroll kernel keys thru MOK	- 1 -	---	2021-11-16	Eric Snowberg	New
[v17,3/3] selftest/interpreter: Add tests for trusted_for(2) policies	Add trusted_for(2) (was O_MAYEXEC)	- 2 -	---	2021-11-15	Mickaël Salaün	New
[v17,2/3] arch: Wire up trusted_for(2)	Add trusted_for(2) (was O_MAYEXEC)	1 2 -	---	2021-11-15	Mickaël Salaün	New
[v17,1/3] fs: Add trusted_for(2) syscall implementation and related sysctl	Add trusted_for(2) (was O_MAYEXEC)	1 - -	---	2021-11-15	Mickaël Salaün	New
[v2] block: Check ADMIN before NICE for IOPRIO_CLASS_RT	[v2] block: Check ADMIN before NICE for IOPRIO_CLASS_RT	- - -	---	2021-11-15	Alistair Delva	New
block: Check ADMIN before NICE for IOPRIO_CLASS_RT	block: Check ADMIN before NICE for IOPRIO_CLASS_RT	- - -	---	2021-11-15	Alistair Delva	New
[GIT,PULL] SELinux fix / revert for v5.16 (#1)	[GIT,PULL] SELinux fix / revert for v5.16 (#1)	- - -	---	2021-11-12	Paul Moore	New
net,lsm,selinux: revert the security_sctp_assoc_established() hook	net,lsm,selinux: revert the security_sctp_assoc_established() hook	- - -	---	2021-11-12	Paul Moore	New
binder: fix test regression due to sender_euid change	binder: fix test regression due to sender_euid change	2 - -	---	2021-11-12	Todd Kjos	New
[v4,2/2] integrity: support including firmware ".platform" keys at build time	integrity: support including firmware ".platform" keys at build time	- - -	---	2021-11-11	Nayna Jain	New
[v4,1/2] certs: export load_certificate_list() to be used outside certs/	integrity: support including firmware ".platform" keys at build time	- - -	---	2021-11-11	Nayna Jain	New
[5.10,3/3] binder: use cred instead of task for getsecid	[5.10,1/3] binder: use euid from cred instead of using task	1 - -	---	2021-11-10	Todd Kjos	New
[5.10,2/3] binder: use cred instead of task for selinux checks	[5.10,1/3] binder: use euid from cred instead of using task	1 - -	---	2021-11-10	Todd Kjos	New
[5.10,1/3] binder: use euid from cred instead of using task	[5.10,1/3] binder: use euid from cred instead of using task	1 - -	---	2021-11-10	Todd Kjos	New
[5.4,3/3] binder: use cred instead of task for getsecid	[5.4,1/3] binder: use euid from cred instead of using task	1 - -	---	2021-11-10	Todd Kjos	New
[5.4,2/3] binder: use cred instead of task for selinux checks	[5.4,1/3] binder: use euid from cred instead of using task	1 - -	---	2021-11-10	Todd Kjos	New
[5.4,1/3] binder: use euid from cred instead of using task	[5.4,1/3] binder: use euid from cred instead of using task	1 - -	---	2021-11-10	Todd Kjos	New
[4.19,2/2] binder: use cred instead of task for selinux checks	[4.19,1/2] binder: use euid from cred instead of using task	1 - -	---	2021-11-10	Todd Kjos	New
[4.19,1/2] binder: use euid from cred instead of using task	[4.19,1/2] binder: use euid from cred instead of using task	1 - -	---	2021-11-10	Todd Kjos	New
[4.14,2/2] binder: use cred instead of task for selinux checks	[4.14,1/2] binder: use euid from cred instead of using task	1 - -	---	2021-11-10	Todd Kjos	New
[4.14,1/2] binder: use euid from cred instead of using task	[4.14,1/2] binder: use euid from cred instead of using task	1 - -	---	2021-11-10	Todd Kjos	New
[4.9,2/2] binder: use cred instead of task for selinux checks	[4.9,1/2] binder: use euid from cred instead of using task	1 - -	---	2021-11-10	Todd Kjos	New
[4.9,1/2] binder: use euid from cred instead of using task	[4.9,1/2] binder: use euid from cred instead of using task	1 - -	---	2021-11-10	Todd Kjos	New
[4.4,2/2] binder: use cred instead of task for selinux checks	[4.4,1/2] binder: use euid from cred instead of using task	1 - -	---	2021-11-10	Todd Kjos	New
[4.4,1/2] binder: use euid from cred instead of using task	[4.4,1/2] binder: use euid from cred instead of using task	1 - -	---	2021-11-10	Todd Kjos	New
[v3,1/1] fuse: Send security context of inode on file creation	fuse: Send file/inode security context during creation	- - -	---	2021-11-10	Vivek Goyal	New
[GIT,PULL] apparmor changes for 5.16	[GIT,PULL] apparmor changes for 5.16	- - -	---	2021-11-10	John Johansen	New
[v16,3/3] selftest/interpreter: Add tests for trusted_for(2) policies	Add trusted_for(2) (was O_MAYEXEC)	- 2 -	---	2021-11-10	Mickaël Salaün	New
[v16,2/3] arch: Wire up trusted_for(2)	Add trusted_for(2) (was O_MAYEXEC)	1 2 -	---	2021-11-10	Mickaël Salaün	New
[v16,1/3] fs: Add trusted_for(2) syscall implementation and related sysctl	Add trusted_for(2) (was O_MAYEXEC)	1 - -	---	2021-11-10	Mickaël Salaün	New
[2/2] module: Move duplicate mod_check_sig users code to mod_parse_sig	[1/2] module: Use key_being_used_for for log messages in verify_appended_signature	- - -	---	2021-11-05	Michal Suchanek	New
[1/2] module: Use key_being_used_for for log messages in verify_appended_signature	[1/2] module: Use key_being_used_for for log messages in verify_appended_signature	- - -	---	2021-11-05	Michal Suchanek	New
[RFC] integrity: disassociate ima_filter_rule from security_audit_rule	[RFC] integrity: disassociate ima_filter_rule from security_audit_rule	- - -	---	2021-11-04	Casey Schaufler	New
apparmor: remove duplicated 'Returns:' comments	apparmor: remove duplicated 'Returns:' comments	- - -	---	2021-11-03	Austin Kim	New
smack: clean up smack_enabled to be more readable	smack: clean up smack_enabled to be more readable	- - -	---	2021-11-03	Austin Kim	New
landlock: Initialize kernel stack variables properly	landlock: Initialize kernel stack variables properly	- - -	---	2021-11-03	Austin Kim	New
[PATCHv2,net,4/4] security: implement sctp_assoc_established hook in selinux	security: fixups for the security hooks in sctp	- 1 1	---	2021-11-02	Xin Long	New
[PATCHv2,net,3/4] security: add sctp_assoc_established hook	security: fixups for the security hooks in sctp	- 1 1	---	2021-11-02	Xin Long	New
[PATCHv2,net,2/4] security: call security_sctp_assoc_request in sctp_sf_do_5_1D_ce	security: fixups for the security hooks in sctp	- 1 1	---	2021-11-02	Xin Long	New
[PATCHv2,net,1/4] security: pass asoc to sctp_assoc_request and sctp_sk_clone	security: fixups for the security hooks in sctp	- 1 1	---	2021-11-02	Xin Long	New
[GIT,PULL] SELinux patches for v5.16	[GIT,PULL] SELinux patches for v5.16	- - -	---	2021-11-01	Paul Moore	New
[GIT,PULL] Smack patches for v5.16	[GIT,PULL] Smack patches for v5.16	- - -	---	2021-11-01	Casey Schaufler	New
[RESEND] KEYS: trusted: Fix trusted key backends when building as module	[RESEND] KEYS: trusted: Fix trusted key backends when building as module	- - 1	---	2021-11-01	Andreas Rammhold	New
[GIT,PULL] hardening updates for v5.16-rc1	[GIT,PULL] hardening updates for v5.16-rc1	- - -	---	2021-11-01	Kees Cook	New
evm: mark evm_fixmode as __ro_after_init	evm: mark evm_fixmode as __ro_after_init	- - -	---	2021-10-28	Austin Kim	New
ima/evm: mark evm_fixmode as __ro_after_init	ima/evm: mark evm_fixmode as __ro_after_init	- 1 -	---	2021-10-26	Austin Kim	New
[v3,2/2] tpm: use SM3 instead of SM3_256	use SM3 instead of SM3_256	- - -	---	2021-10-26	tianjia.zhang	New
[v3,1/2] crypto: use SM3 instead of SM3_256	use SM3 instead of SM3_256	- - -	---	2021-10-26	tianjia.zhang	New
[net,4/4] security: implement sctp_assoc_established hook in selinux	security: fixups for the security hooks in sctp	- - -	---	2021-10-22	Xin Long	New
[net,3/4] security: add sctp_assoc_established hook	security: fixups for the security hooks in sctp	- - -	---	2021-10-22	Xin Long	New
[net,2/4] security: call security_sctp_assoc_request in sctp_sf_do_5_1D_ce	security: fixups for the security hooks in sctp	- - -	---	2021-10-22	Xin Long	New
[net,1/4] security: pass asoc to sctp_assoc_request and sctp_sk_clone	security: fixups for the security hooks in sctp	- - -	---	2021-10-22	Xin Long	New
sctp: initialize endpoint LSM labels also on the client side	sctp: initialize endpoint LSM labels also on the client side	- - -	---	2021-10-21	Ondrej Mosnacek	New
[2/2] gcc-plugins: Remove cyc_complexity	gcc-plugins: Explicitly document purpose and deprecation schedule	- 2 -	---	2021-10-20	Kees Cook	New
[1/2] gcc-plugins: Explicitly document purpose and deprecation schedule	gcc-plugins: Explicitly document purpose and deprecation schedule	- 2 -	---	2021-10-20	Kees Cook	New
[v4,3/3] virt: Add efi_secret module to expose confidential computing secrets	Allow guest access to EFI confidential computing secret area	- - -	---	2021-10-20	Dov Murik	New
[v4,2/3] efi: Reserve confidential computing secret area	Allow guest access to EFI confidential computing secret area	- - -	---	2021-10-20	Dov Murik	New
[v4,1/3] efi/libstub: Copy confidential computing secret area	Allow guest access to EFI confidential computing secret area	- - -	---	2021-10-20	Dov Murik	New
smackfs: use __GFP_NOFAIL for smk_cipso_doi()	smackfs: use __GFP_NOFAIL for smk_cipso_doi()	- - -	---	2021-10-19	Tetsuo Handa	New
smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi	smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi	- - -	---	2021-10-19	Tetsuo Handa	New
[v2,2/2] tpm: use SM3 instead of SM3_256	use SM3 instead of SM3_256	- - -	---	2021-10-19	tianjia.zhang	New
[v2,1/2] crypto: use SM3 instead of SM3_256	use SM3 instead of SM3_256	- - -	---	2021-10-19	tianjia.zhang	New
[v3,3/3] virt: Add efi_secret module to expose confidential computing secrets	Allow guest access to EFI confidential computing secret area	- - -	---	2021-10-14	Dov Murik	New
[v3,2/3] efi: Reserve confidential computing secret area	Allow guest access to EFI confidential computing secret area	- - -	---	2021-10-14	Dov Murik	New
[v3,1/3] efi/libstub: Copy confidential computing secret area	Allow guest access to EFI confidential computing secret area	- - -	---	2021-10-14	Dov Murik	New
[v1,3/3] security: define a trusted_for hook	[v1,1/3] ima: define ima_trusted_for hook	- - -	---	2021-10-14	Mimi Zohar	New
[v1,2/3] fs: extend the trusted_for syscall to call IMA	[v1,1/3] ima: define ima_trusted_for hook	- - -	---	2021-10-14	Mimi Zohar	New
[v1,1/3] ima: define ima_trusted_for hook	[v1,1/3] ima: define ima_trusted_for hook	- - -	---	2021-10-14	Mimi Zohar	New
[RFC,v7,16/16] documentation: add ipe documentation	Integrity Policy Enforcement (IPE)	- - -	---	2021-10-13	Deven Bowers	New
[RFC,v7,15/16] ipe: kunit tests	Integrity Policy Enforcement (IPE)	- - -	---	2021-10-13	Deven Bowers	New
[RFC,v7,14/16] scripts: add boot policy generation program	Integrity Policy Enforcement (IPE)	- - -	---	2021-10-13	Deven Bowers	New
[RFC,v7,13/16] ipe: enable support for fs-verity as a trust provider	Integrity Policy Enforcement (IPE)	- - -	---	2021-10-13	Deven Bowers	New
[RFC,v7,12/16] fsverity\|security: add security hooks to fsverity digest and signature	Integrity Policy Enforcement (IPE)	- - -	---	2021-10-13	Deven Bowers	New
[RFC,v7,11/16] ipe: add support for dm-verity as a trust provider	Integrity Policy Enforcement (IPE)	- - -	---	2021-10-13	Deven Bowers	New
[RFC,v7,10/16] fs\|dm-verity: add block_dev LSM blob and submit dm-verity data	Integrity Policy Enforcement (IPE)	- - -	---	2021-10-13	Deven Bowers	New
[RFC,v7,09/16] ipe: introduce 'boot_verified' as a trust provider	Integrity Policy Enforcement (IPE)	- - -	---	2021-10-13	Deven Bowers	New
[RFC,v7,08/16] ipe: add permissive toggle	Integrity Policy Enforcement (IPE)	- - -	---	2021-10-13	Deven Bowers	New
[RFC,v7,07/16] ipe: add auditing support	Integrity Policy Enforcement (IPE)	- - -	---	2021-10-13	Deven Bowers	New

« 1 2 ... 12 13 14 … 120 121 »