Security modules development

Show patches with: State = Action Required | 12149 patches

« 1 2 ... 14 15 16 … 121 122 »

Patch	Series	A/R/T	S/W/F	Date	Submitter	State
[v14,1/3] fs: Add trusted_for(2) syscall implementation and related sysctl	Add trusted_for(2) (was O_MAYEXEC)	2 - -	---	2021-10-08	Mickaël Salaün	New
[v13,3/3] selftest/interpreter: Add tests for trusted_for(2) policies	Add trusted_for(2) (was O_MAYEXEC)	- 1 -	---	2021-10-07	Mickaël Salaün	New
[v13,2/3] arch: Wire up trusted_for(2)	Add trusted_for(2) (was O_MAYEXEC)	1 2 -	---	2021-10-07	Mickaël Salaün	New
[v13,1/3] fs: Add trusted_for(2) syscall implementation and related sysctl	Add trusted_for(2) (was O_MAYEXEC)	1 - -	---	2021-10-07	Mickaël Salaün	New
[v2,4/4] virt: Add sev_secret module to expose confidential computing secrets	Allow access to confidential computing secret area in SEV guests	- - -	---	2021-10-07	Dov Murik	New
[v2,3/4] efi: Reserve confidential computing secret area	Allow access to confidential computing secret area in SEV guests	- - -	---	2021-10-07	Dov Murik	New
[v2,2/4] efi/libstub: Copy confidential computing secret area	Allow access to confidential computing secret area in SEV guests	- - -	---	2021-10-07	Dov Murik	New
[v2,1/4] x86: Export clean_cache_range()	Allow access to confidential computing secret area in SEV guests	- - -	---	2021-10-07	Dov Murik	New
[v4,3/3] binder: use euid from cred instead of using task	binder: use cred instead of task for security context	- - -	---	2021-10-07	Todd Kjos	New
[v4,2/3] binder: use cred instead of task for getsecid	binder: use cred instead of task for security context	- - -	---	2021-10-07	Todd Kjos	New
[v4,1/3] binder: use cred instead of task for selinux checks	binder: use cred instead of task for security context	1 - -	---	2021-10-07	Todd Kjos	New
[v3,3/3] binder: use euid from cred instead of using task	binder: use cred instead of task for security context	- - -	---	2021-10-06	Todd Kjos	New
[v3,2/3] binder: use cred instead of task for getsecid	binder: use cred instead of task for security context	- - -	---	2021-10-06	Todd Kjos	New
[v3,1/3] binder: use cred instead of task for selinux checks	binder: use cred instead of task for security context	1 - -	---	2021-10-06	Todd Kjos	New
[v3] integrity: support including firmware ".platform" keys at build time	[v3] integrity: support including firmware ".platform" keys at build time	- - -	---	2021-10-04	Nayna Jain	New
[v2] binder: use cred instead of task for selinux checks	[v2] binder: use cred instead of task for selinux checks	1 - -	---	2021-10-01	Todd Kjos	New
binder: use cred instead of task for selinux checks	binder: use cred instead of task for selinux checks	- - -	---	2021-10-01	Todd Kjos	New
security: Return xattr name from security_dentry_init_security()	security: Return xattr name from security_dentry_init_security()	- 1 -	---	2021-09-30	Vivek Goyal	New
[RFC,7/7] ima: Add support for appraisal with digest lists	ima: Measure and appraise files with DIGLIM	- - -	---	2021-09-30	Roberto Sassu	New
[RFC,6/7] ima: Skip measurement of files found in DIGLIM hash table	ima: Measure and appraise files with DIGLIM	- - -	---	2021-09-30	Roberto Sassu	New
[RFC,5/7] ima: Query metadata digest and retrieve info from its digest lists	ima: Measure and appraise files with DIGLIM	- - -	---	2021-09-30	Roberto Sassu	New
[RFC,4/7] ima: Query file digest and retrieve info from its digest lists	ima: Measure and appraise files with DIGLIM	- - -	---	2021-09-30	Roberto Sassu	New
[RFC,3/7] ima: Introduce diglim and appraise_diglim policies	ima: Measure and appraise files with DIGLIM	- - -	---	2021-09-30	Roberto Sassu	New
[RFC,2/7] ima: Introduce new policy keyword use_diglim	ima: Measure and appraise files with DIGLIM	- - -	---	2021-09-30	Roberto Sassu	New
[RFC,1/7] integrity: Change type of IMA rule-related flags to u64	ima: Measure and appraise files with DIGLIM	- - -	---	2021-09-30	Roberto Sassu	New
[next] apparmor: Use struct_size() helper in kzalloc()	[next] apparmor: Use struct_size() helper in kzalloc()	1 - -	---	2021-09-29	Gustavo A. R. Silva	New
lsm: security_task_getsecid_subj() -> security_current_getsecid_subj()	lsm: security_task_getsecid_subj() -> security_current_getsecid_subj()	- 2 -	---	2021-09-29	Paul Moore	New
[RESEND] apparmor: avoid -Wempty-body warning	[RESEND] apparmor: avoid -Wempty-body warning	1 - -	---	2021-09-27	Arnd Bergmann	New
[2/2] fuse: Send security context of inode on file creation	fuse: Send file/inode security context during creation	- - -	---	2021-09-24	Vivek Goyal	New
[1/2] fuse: Add a flag FUSE_SECURITY_CTX	fuse: Send file/inode security context during creation	- - -	---	2021-09-24	Vivek Goyal	New
[v29,28/28] AppArmor: Remove the exclusive flag	LSM: Module stacking for AppArmor	2 1 -	---	2021-09-24	Casey Schaufler	New
[v29,27/28] LSM: Add /proc attr entry for full LSM context	LSM: Module stacking for AppArmor	- 1 -	---	2021-09-24	Casey Schaufler	New
[v29,26/28] Audit: Add record for multiple object security contexts	LSM: Module stacking for AppArmor	- - -	---	2021-09-24	Casey Schaufler	New
[v29,25/28] Audit: Add record for multiple task security contexts	LSM: Module stacking for AppArmor	- - -	---	2021-09-24	Casey Schaufler	New
[v29,24/28] Audit: Add framework for auxiliary records	LSM: Module stacking for AppArmor	- - -	---	2021-09-24	Casey Schaufler	New
[v29,23/28] Audit: Create audit_stamp structure	LSM: Module stacking for AppArmor	- - -	---	2021-09-24	Casey Schaufler	New
[v29,22/28] Audit: Keep multiple LSM data in audit_names	LSM: Module stacking for AppArmor	- - -	---	2021-09-24	Casey Schaufler	New
[v29,21/28] LSM: Extend security_secid_to_secctx to include module selection	LSM: Module stacking for AppArmor	- - -	---	2021-09-24	Casey Schaufler	New
[v29,20/28] LSM: Verify LSM display sanity in binder	LSM: Module stacking for AppArmor	2 2 -	---	2021-09-24	Casey Schaufler	New
[v29,19/28] NET: Store LSM netlabel data in a lsmblob	LSM: Module stacking for AppArmor	2 2 -	---	2021-09-24	Casey Schaufler	New
[v29,18/28] LSM: security_secid_to_secctx in netlink netfilter	LSM: Module stacking for AppArmor	3 2 -	---	2021-09-24	Casey Schaufler	New
[v29,17/28] LSM: Use lsmcontext in security_inode_getsecctx	LSM: Module stacking for AppArmor	3 2 -	---	2021-09-24	Casey Schaufler	New
[v29,16/28] LSM: Use lsmcontext in security_secid_to_secctx	LSM: Module stacking for AppArmor	2 1 -	---	2021-09-24	Casey Schaufler	New
[v29,15/28] LSM: Ensure the correct LSM context releaser	LSM: Module stacking for AppArmor	3 2 -	---	2021-09-24	Casey Schaufler	New
[v29,14/28] LSM: Specify which LSM to display	LSM: Module stacking for AppArmor	- - -	---	2021-09-24	Casey Schaufler	New
[v29,13/28] IMA: Change internal interfaces to use lsmblobs	LSM: Module stacking for AppArmor	1 2 -	---	2021-09-24	Casey Schaufler	New
[v29,12/28] LSM: Use lsmblob in security_cred_getsecid	LSM: Module stacking for AppArmor	2 2 -	---	2021-09-24	Casey Schaufler	New
[v29,11/28] LSM: Use lsmblob in security_inode_getsecid	LSM: Module stacking for AppArmor	2 2 -	---	2021-09-24	Casey Schaufler	New
[v29,10/28] LSM: Use lsmblob in security_task_getsecid	LSM: Module stacking for AppArmor	2 2 -	---	2021-09-24	Casey Schaufler	New
[v29,09/28] LSM: Use lsmblob in security_ipc_getsecid	LSM: Module stacking for AppArmor	2 2 -	---	2021-09-24	Casey Schaufler	New
[v29,08/28] LSM: Use lsmblob in security_secid_to_secctx	LSM: Module stacking for AppArmor	1 1 -	---	2021-09-24	Casey Schaufler	New
[v29,07/28] LSM: Use lsmblob in security_secctx_to_secid	LSM: Module stacking for AppArmor	1 1 -	---	2021-09-24	Casey Schaufler	New
[v29,06/28] LSM: Use lsmblob in security_kernel_act_as	LSM: Module stacking for AppArmor	2 2 -	---	2021-09-24	Casey Schaufler	New
[v29,05/28] LSM: Use lsmblob in security_audit_rule_match	LSM: Module stacking for AppArmor	2 2 -	---	2021-09-24	Casey Schaufler	New
[v29,04/28] IMA: avoid label collisions with stacked LSMs	LSM: Module stacking for AppArmor	- 1 -	---	2021-09-24	Casey Schaufler	New
[v29,03/28] LSM: provide lsm name and id slot mappings	LSM: Module stacking for AppArmor	1 1 -	---	2021-09-24	Casey Schaufler	New
[v29,02/28] LSM: Add the lsmblob data structure.	LSM: Module stacking for AppArmor	3 - -	---	2021-09-24	Casey Schaufler	New
[v29,01/28] LSM: Infrastructure management of the sock security	LSM: Module stacking for AppArmor	2 2 -	---	2021-09-24	Casey Schaufler	New
[GIT,PULL] SELinux/Smack fixes for v5.15 (#2)	[GIT,PULL] SELinux/Smack fixes for v5.15 (#2)	- - -	---	2021-09-23	Paul Moore	New
[v2] smack: Guard smack_ipv6_lock definition within a SMACK_IPV6_PORT_LABELING block	[v2] smack: Guard smack_ipv6_lock definition within a SMACK_IPV6_PORT_LABELING block	- - -	---	2021-09-23	Sebastian Andrzej Siewior	New
selinux,smack: fix subjective/objective credential use mixups	selinux,smack: fix subjective/objective credential use mixups	2 - -	---	2021-09-23	Paul Moore	New
mm: Remove HARDENED_USERCOPY_FALLBACK	mm: Remove HARDENED_USERCOPY_FALLBACK	2 1 -	---	2021-09-21	Stephen Kitt	New
NET: IPV4: fix error "do not initialise globals to 0"	NET: IPV4: fix error "do not initialise globals to 0"	- - -	---	2021-09-18	wangzhitong	New
ima: fix deadlock when traversing "ima_default_rules".	ima: fix deadlock when traversing "ima_default_rules".	- 1 -	---	2021-09-18	Li Qiong	New
[1/1] Smack:- Use overlay inode label in smack_inode_copy_up()	[1/1] Smack:- Use overlay inode label in smack_inode_copy_up()	- - -	---	2021-09-17	Vishal Goel	New
[GIT,PULL] SELinux fixes for v5.15 (#1)	[GIT,PULL] SELinux fixes for v5.15 (#1)	- - -	---	2021-09-17	Paul Moore	New
[v2] integrity: support including firmware ".platform" keys at build time	[v2] integrity: support including firmware ".platform" keys at build time	- - -	---	2021-09-16	Nayna Jain	New
[v4,8/8] Smack: Brutalist io_uring support	Add LSM access controls and auditing to io_uring	- - -	---	2021-09-15	Paul Moore	New
[v4,7/8] selinux: add support for the io_uring access controls	Add LSM access controls and auditing to io_uring	- - -	---	2021-09-15	Paul Moore	New
[v4,6/8] lsm,io_uring: add LSM hooks to io_uring	Add LSM access controls and auditing to io_uring	- - -	---	2021-09-15	Paul Moore	New
[v4,5/8] io_uring: convert io_uring to the secure anon inode interface	Add LSM access controls and auditing to io_uring	- - -	---	2021-09-15	Paul Moore	New
[v4,4/8] fs: add anon_inode_getfile_secure() similar to anon_inode_getfd_secure()	Add LSM access controls and auditing to io_uring	1 - -	---	2021-09-15	Paul Moore	New
[v4,3/8] audit: add filtering for io_uring records	Add LSM access controls and auditing to io_uring	1 - -	---	2021-09-15	Paul Moore	New
[v4,2/8] audit,io_uring,io-wq: add some basic audit support to io_uring	Add LSM access controls and auditing to io_uring	- - -	---	2021-09-15	Paul Moore	New
[v4,1/8] audit: prepare audit_context for use in calling contexts beyond syscalls	Add LSM access controls and auditing to io_uring	1 - -	---	2021-09-15	Paul Moore	New
[RFC,9/9] diglim: Admin guide	integrity: Introduce DIGLIM advanced features	- - -	---	2021-09-15	Roberto Sassu	New
[RFC,8/9] diglim: RPM parser	integrity: Introduce DIGLIM advanced features	- - -	---	2021-09-15	Roberto Sassu	New
[RFC,7/9] diglim: Digest list uploader	integrity: Introduce DIGLIM advanced features	- - -	---	2021-09-15	Roberto Sassu	New
[RFC,6/9] diglim: RPM digest list generator	integrity: Introduce DIGLIM advanced features	- - -	---	2021-09-15	Roberto Sassu	New
[RFC,5/9] diglim: Compact digest list generator	integrity: Introduce DIGLIM advanced features	- - -	---	2021-09-15	Roberto Sassu	New
[RFC,4/9] diglim: Tests - LSM	integrity: Introduce DIGLIM advanced features	- - -	---	2021-09-15	Roberto Sassu	New
[RFC,3/9] diglim: LSM	integrity: Introduce DIGLIM advanced features	- - -	---	2021-09-15	Roberto Sassu	New
[RFC,2/9] diglim: Loader	integrity: Introduce DIGLIM advanced features	- - -	---	2021-09-15	Roberto Sassu	New
[RFC,1/9] ima: Introduce new hook DIGEST_LIST_CHECK	integrity: Introduce DIGLIM advanced features	- - -	---	2021-09-15	Roberto Sassu	New
[v6,13/13] integrity: Only use machine keyring when uefi_check_trust_mok_keys is true	Enroll kernel keys thru MOK	- - -	---	2021-09-14	Eric Snowberg	New
[v6,12/13] integrity: Trust MOK keys if MokListTrustedRT found	Enroll kernel keys thru MOK	- - -	---	2021-09-14	Eric Snowberg	New
[v6,11/13] integrity: store reference to machine keyring	Enroll kernel keys thru MOK	- - -	---	2021-09-14	Eric Snowberg	New
[v6,10/13] KEYS: link secondary_trusted_keys to machine trusted keys	Enroll kernel keys thru MOK	- - -	---	2021-09-14	Eric Snowberg	New
[v6,09/13] KEYS: integrity: change link restriction to trust the machine keyring	Enroll kernel keys thru MOK	- - -	---	2021-09-14	Eric Snowberg	New
[v6,08/13] KEYS: Introduce link restriction for machine keys	Enroll kernel keys thru MOK	- - -	---	2021-09-14	Eric Snowberg	New
[v6,07/13] KEYS: add a reference to machine keyring	Enroll kernel keys thru MOK	- - -	---	2021-09-14	Eric Snowberg	New
[v6,06/13] KEYS: Rename get_builtin_and_secondary_restriction	Enroll kernel keys thru MOK	- - -	---	2021-09-14	Eric Snowberg	New
[v6,05/13] integrity: add new keyring handler for mok keys	Enroll kernel keys thru MOK	- - -	---	2021-09-14	Eric Snowberg	New
[v6,04/13] integrity: restrict INTEGRITY_KEYRING_MACHINE to restrict_link_by_ca	Enroll kernel keys thru MOK	- - -	---	2021-09-14	Eric Snowberg	New
[v6,03/13] KEYS: CA link restriction	Enroll kernel keys thru MOK	- - -	---	2021-09-14	Eric Snowberg	New
[v6,02/13] integrity: Do not allow machine keyring updates following init	Enroll kernel keys thru MOK	- - -	---	2021-09-14	Eric Snowberg	New
[v6,01/13] integrity: Introduce a Linux keyring called machine	Enroll kernel keys thru MOK	- - -	---	2021-09-14	Eric Snowberg	New
[v2] hardening: Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZERO	[v2] hardening: Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZERO	1 2 -	---	2021-09-14	Kees Cook	New
[v3,13/13] diglim: Tests	integrity: Introduce DIGLIM	- - -	---	2021-09-14	Roberto Sassu	New
[v3,12/13] diglim: Remote Attestation	integrity: Introduce DIGLIM	- - -	---	2021-09-14	Roberto Sassu	New

« 1 2 ... 14 15 16 … 121 122 »