Security modules development

Show patches with: none | 16761 patches

« 1 2 ... 18 19 20 … 167 168 »

Patch	Series	A/R/T	S/W/F	Date	Submitter	Delegate	State
[RFC,v12,01/20] security: add ipe lsm	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-01-30	Fan Wu	pcmoore	Changes Requested
[5/5] evm: Enforce signatures on unsupported filesystem for EVM_INIT_X509	evm: Support signatures on stacked filesystem	- - -	---	2024-01-30	Stefan Berger	pcmoore	Superseded
[4/5] evm: Use the real inode's metadata to calculate metadata hash	evm: Support signatures on stacked filesystem	- - -	---	2024-01-30	Stefan Berger	pcmoore	Superseded
[3/5] ima: Reset EVM status upon detecting changes to overlay backing file	evm: Support signatures on stacked filesystem	- - -	---	2024-01-30	Stefan Berger	pcmoore	Superseded
[2/5] evm: Implement per signature type decision in security_inode_copy_up_xattr	evm: Support signatures on stacked filesystem	- - -	---	2024-01-30	Stefan Berger	pcmoore	Superseded
[1/5] security: allow finer granularity in permitting copy-up of security xattrs	evm: Support signatures on stacked filesystem	- - -	---	2024-01-30	Stefan Berger	pcmoore	Superseded
security: use default hook return value in call_int_hook()	security: use default hook return value in call_int_hook()	- 1 -	---	2024-01-30	Ondrej Mosnacek	pcmoore	Accepted
security: fix no-op hook logic in security_inode_{set,remove}xattr()	security: fix no-op hook logic in security_inode_{set,remove}xattr()	- - -	---	2024-01-29	Ondrej Mosnacek	pcmoore	Rejected
mm: init_mlocked_on_free_v2	mm: init_mlocked_on_free_v2	- - -	---	2024-01-29	York Jasper Niebuhr	pcmoore	Handled Elsewhere
[3/3] fs/exec: remove current->in_execve flag	fs/exec: remove current->in_execve flag	- - -	---	2024-01-28	Tetsuo Handa	pcmoore	Superseded
[2/3] tomoyo: replace current->in_execve flag with security_bprm_aborting_creds() hook	fs/exec: remove current->in_execve flag	- - -	---	2024-01-28	Tetsuo Handa	pcmoore	Superseded
[1/3] LSM: add security_bprm_aborting_creds() hook	fs/exec: remove current->in_execve flag	- - -	---	2024-01-28	Tetsuo Handa	pcmoore	Superseded
lsm: fix default return value of the socket_getpeersec_* hooks	lsm: fix default return value of the socket_getpeersec_* hooks	- - -	---	2024-01-26	Ondrej Mosnacek	pcmoore	Accepted
security: fix the logic in security_inode_getsecctx()	security: fix the logic in security_inode_getsecctx()	- 1 -	---	2024-01-26	Ondrej Mosnacek	pcmoore	Accepted
[v1,2/2] selftests/landlock: Clean up error logs related to capabilities	Fix Landlock's net_test for non-root users	- - -	---	2024-01-25	Mickaël Salaün		Handled Elsewhere
[v1,1/2] selftests/landlock: Fix capability for net_test	Fix Landlock's net_test for non-root users	- - -	---	2024-01-25	Mickaël Salaün		Handled Elsewhere
exec: Check __FMODE_EXEC instead of in_execve for LSMs	exec: Check __FMODE_EXEC instead of in_execve for LSMs	- - 1	---	2024-01-24	Kees Cook	pcmoore	Handled Elsewhere
selftests/landlock:Fix fs_test build issues with old libc	selftests/landlock:Fix fs_test build issues with old libc	- 1 -	---	2024-01-24	Hu Yadi		Handled Elsewhere
[v2,bpf-next,30/30] selftests/bpf: incorporate LSM policy to token-based tests	BPF token	- - -	---	2024-01-24	Andrii Nakryiko	pcmoore	Handled Elsewhere
[v2,bpf-next,29/30] selftests/bpf: add tests for LIBBPF_BPF_TOKEN_PATH envvar	BPF token	- - -	---	2024-01-24	Andrii Nakryiko	pcmoore	Handled Elsewhere
[v2,bpf-next,28/30] libbpf: support BPF token path setting through LIBBPF_BPF_TOKEN_PATH envvar	BPF token	- - -	---	2024-01-24	Andrii Nakryiko	pcmoore	Handled Elsewhere
[v2,bpf-next,27/30] selftests/bpf: add tests for BPF object load with implicit token	BPF token	1 - -	---	2024-01-24	Andrii Nakryiko	pcmoore	Handled Elsewhere
[v2,bpf-next,26/30] selftests/bpf: add BPF object loading tests with explicit token passing	BPF token	1 - -	---	2024-01-24	Andrii Nakryiko	pcmoore	Handled Elsewhere
[v2,bpf-next,25/30] libbpf: wire up BPF token support at BPF object level	BPF token	- - -	---	2024-01-24	Andrii Nakryiko	pcmoore	Handled Elsewhere
[v2,bpf-next,24/30] libbpf: wire up token_fd into feature probing logic	BPF token	1 - -	---	2024-01-24	Andrii Nakryiko	pcmoore	Handled Elsewhere
[v2,bpf-next,23/30] libbpf: move feature detection code into its own file	BPF token	1 - -	---	2024-01-24	Andrii Nakryiko	pcmoore	Handled Elsewhere
[v2,bpf-next,22/30] libbpf: further decouple feature checking logic from bpf_object	BPF token	1 - -	---	2024-01-24	Andrii Nakryiko	pcmoore	Handled Elsewhere
[v2,bpf-next,21/30] libbpf: split feature detectors definitions from cached results	BPF token	1 - -	---	2024-01-24	Andrii Nakryiko	pcmoore	Handled Elsewhere
[v2,bpf-next,20/30] selftests/bpf: utilize string values for delegate_xxx mount options	BPF token	1 - -	---	2024-01-24	Andrii Nakryiko	pcmoore	Handled Elsewhere
[v2,bpf-next,19/30] bpf: support symbolic BPF FS delegation mount options	BPF token	1 - -	---	2024-01-24	Andrii Nakryiko	pcmoore	Handled Elsewhere
[v2,bpf-next,18/30] bpf: fail BPF_TOKEN_CREATE if no delegation option was set on BPF FS	BPF token	2 - -	---	2024-01-24	Andrii Nakryiko	pcmoore	Handled Elsewhere
[v2,bpf-next,17/30] bpf,selinux: allocate bpf_security_struct per BPF token	BPF token	- - -	---	2024-01-24	Andrii Nakryiko	pcmoore	Handled Elsewhere
[v2,bpf-next,16/30] selftests/bpf: add BPF token-enabled tests	BPF token	- - -	---	2024-01-24	Andrii Nakryiko	pcmoore	Handled Elsewhere
[v2,bpf-next,15/30] libbpf: add BPF token support to bpf_prog_load() API	BPF token	- - -	---	2024-01-24	Andrii Nakryiko	pcmoore	Handled Elsewhere
[v2,bpf-next,14/30] libbpf: add BPF token support to bpf_btf_load() API	BPF token	- - -	---	2024-01-24	Andrii Nakryiko	pcmoore	Handled Elsewhere
[v2,bpf-next,13/30] libbpf: add BPF token support to bpf_map_create() API	BPF token	- - -	---	2024-01-24	Andrii Nakryiko	pcmoore	Handled Elsewhere
[v2,bpf-next,12/30] libbpf: add bpf_token_create() API	BPF token	- - -	---	2024-01-24	Andrii Nakryiko	pcmoore	Handled Elsewhere
[v2,bpf-next,11/30] bpf,lsm: add BPF token LSM hooks	BPF token	1 - -	---	2024-01-24	Andrii Nakryiko	pcmoore	Handled Elsewhere
[v2,bpf-next,10/30] bpf,lsm: refactor bpf_map_alloc/bpf_map_free LSM hooks	BPF token	1 - -	---	2024-01-24	Andrii Nakryiko	pcmoore	Handled Elsewhere
[v2,bpf-next,09/30] bpf,lsm: refactor bpf_prog_alloc/bpf_prog_free LSM hooks	BPF token	1 - -	---	2024-01-24	Andrii Nakryiko	pcmoore	Handled Elsewhere
[v2,bpf-next,08/30] bpf: consistently use BPF token throughout BPF verifier logic	BPF token	- - -	---	2024-01-24	Andrii Nakryiko	pcmoore	Handled Elsewhere
[v2,bpf-next,07/30] bpf: take into account BPF token when fetching helper protos	BPF token	- - -	---	2024-01-24	Andrii Nakryiko	pcmoore	Handled Elsewhere
[v2,bpf-next,06/30] bpf: add BPF token support to BPF_PROG_LOAD command	BPF token	- - -	---	2024-01-24	Andrii Nakryiko	pcmoore	Handled Elsewhere
[v2,bpf-next,05/30] bpf: add BPF token support to BPF_BTF_LOAD command	BPF token	- - -	---	2024-01-24	Andrii Nakryiko	pcmoore	Handled Elsewhere
[v2,bpf-next,04/30] bpf: add BPF token support to BPF_MAP_CREATE command	BPF token	- - -	---	2024-01-24	Andrii Nakryiko	pcmoore	Handled Elsewhere
[v2,bpf-next,03/30] bpf: introduce BPF token object	BPF token	1 - -	---	2024-01-24	Andrii Nakryiko	pcmoore	Handled Elsewhere
[v2,bpf-next,02/30] bpf: add BPF token delegation mount options to BPF FS	BPF token	1 - -	---	2024-01-24	Andrii Nakryiko	pcmoore	Handled Elsewhere
[v2,bpf-next,01/30] bpf: align CAP_NET_ADMIN checks with bpf_capable() approach	BPF token	1 - -	---	2024-01-24	Andrii Nakryiko	pcmoore	Handled Elsewhere
io_uring: enable audit and restrict cred override for IORING_OP_FIXED_FD_INSTALL	io_uring: enable audit and restrict cred override for IORING_OP_FIXED_FD_INSTALL	- - -	---	2024-01-23	Paul Moore	pcmoore	Handled Elsewhere
selftests/landlock:Fix net_test build issues with old libc	selftests/landlock:Fix net_test build issues with old libc	- 1 -	---	2024-01-23	Hu Yadi		Handled Elsewhere
[GIT,PULL] BPF token for v6.8	[GIT,PULL] BPF token for v6.8	1 - -	---	2024-01-19	Andrii Nakryiko	pcmoore	Handled Elsewhere
[GIT,PULL] AppArmor updates for 6.8	[GIT,PULL] AppArmor updates for 6.8	- - -	---	2024-01-18	John Johansen		Handled Elsewhere
[v1] landlock: Add support for KUnit tests	[v1] landlock: Add support for KUnit tests	- 1 -	---	2024-01-18	Mickaël Salaün		Handled Elsewhere
lsm: Resolve compiling 'security.c' error	lsm: Resolve compiling 'security.c' error	- - -	---	2024-01-17	Lu Yao	pcmoore	Rejected
preventing executable stack with file_mprotect hook	preventing executable stack with file_mprotect hook	- - -	---	2024-01-16	Dmitry Mastykin	pcmoore	Handled Elsewhere
preventing executable stack with file_mprotect hook	preventing executable stack with file_mprotect hook	- - -	---	2024-01-16	Dmitry Mastykin		Superseded
[v9,25/25] integrity: Remove LSM	security: Move IMA and EVM to the LSM infrastructure	1 2 -	---	2024-01-15	Roberto Sassu	pcmoore	Superseded
[v9,24/25] ima: Make it independent from 'integrity' LSM	security: Move IMA and EVM to the LSM infrastructure	- 2 -	---	2024-01-15	Roberto Sassu	pcmoore	Superseded
[v9,23/25] evm: Make it independent from 'integrity' LSM	security: Move IMA and EVM to the LSM infrastructure	1 2 -	---	2024-01-15	Roberto Sassu	pcmoore	Superseded
[v9,22/25] evm: Move to LSM infrastructure	security: Move IMA and EVM to the LSM infrastructure	2 2 -	---	2024-01-15	Roberto Sassu	pcmoore	Superseded
[v9,21/25] ima: Move IMA-Appraisal to LSM infrastructure	security: Move IMA and EVM to the LSM infrastructure	2 3 -	---	2024-01-15	Roberto Sassu	pcmoore	Superseded
[v9,20/25] ima: Move to LSM infrastructure	security: Move IMA and EVM to the LSM infrastructure	4 1 -	---	2024-01-15	Roberto Sassu	pcmoore	Superseded
[v9,19/25] integrity: Move integrity_kernel_module_request() to IMA	security: Move IMA and EVM to the LSM infrastructure	1 1 -	---	2024-01-15	Roberto Sassu	pcmoore	Superseded
[v9,18/25] security: Introduce key_post_create_or_update hook	security: Move IMA and EVM to the LSM infrastructure	2 2 -	---	2024-01-15	Roberto Sassu	pcmoore	Superseded
[v9,17/25] security: Introduce inode_post_remove_acl hook	security: Move IMA and EVM to the LSM infrastructure	3 2 -	---	2024-01-15	Roberto Sassu	pcmoore	Superseded
[v9,16/25] security: Introduce inode_post_set_acl hook	security: Move IMA and EVM to the LSM infrastructure	3 2 -	---	2024-01-15	Roberto Sassu	pcmoore	Superseded
[v9,15/25] security: Introduce inode_post_create_tmpfile hook	security: Move IMA and EVM to the LSM infrastructure	3 2 -	---	2024-01-15	Roberto Sassu	pcmoore	Superseded
[v9,14/25] security: Introduce path_post_mknod hook	security: Move IMA and EVM to the LSM infrastructure	3 2 -	---	2024-01-15	Roberto Sassu	pcmoore	Superseded
[v9,13/25] security: Introduce file_release hook	security: Move IMA and EVM to the LSM infrastructure	2 1 -	---	2024-01-15	Roberto Sassu	pcmoore	Superseded
[v9,12/25] security: Introduce file_post_open hook	security: Move IMA and EVM to the LSM infrastructure	3 2 -	---	2024-01-15	Roberto Sassu	pcmoore	Superseded
[v9,11/25] security: Introduce inode_post_removexattr hook	security: Move IMA and EVM to the LSM infrastructure	2 3 -	---	2024-01-15	Roberto Sassu	pcmoore	Superseded
[v9,10/25] security: Introduce inode_post_setattr hook	security: Move IMA and EVM to the LSM infrastructure	3 2 -	---	2024-01-15	Roberto Sassu	pcmoore	Superseded
[v9,09/25] security: Align inode_setattr hook definition with EVM	security: Move IMA and EVM to the LSM infrastructure	2 2 -	---	2024-01-15	Roberto Sassu	pcmoore	Superseded
[v9,08/25] evm: Align evm_inode_post_setxattr() definition with LSM infrastructure	security: Move IMA and EVM to the LSM infrastructure	1 3 -	---	2024-01-15	Roberto Sassu	pcmoore	Superseded
[v9,07/25] evm: Align evm_inode_setxattr() definition with LSM infrastructure	security: Move IMA and EVM to the LSM infrastructure	1 3 -	---	2024-01-15	Roberto Sassu	pcmoore	Superseded
[v9,06/25] evm: Align evm_inode_post_setattr() definition with LSM infrastructure	security: Move IMA and EVM to the LSM infrastructure	- 4 -	---	2024-01-15	Roberto Sassu	pcmoore	Superseded
[v9,05/25] ima: Align ima_post_read_file() definition with LSM infrastructure	security: Move IMA and EVM to the LSM infrastructure	- 4 -	---	2024-01-15	Roberto Sassu	pcmoore	Superseded
[v9,04/25] ima: Align ima_inode_removexattr() definition with LSM infrastructure	security: Move IMA and EVM to the LSM infrastructure	1 3 -	---	2024-01-15	Roberto Sassu	pcmoore	Superseded
[v9,03/25] ima: Align ima_inode_setxattr() definition with LSM infrastructure	security: Move IMA and EVM to the LSM infrastructure	1 3 -	---	2024-01-15	Roberto Sassu	pcmoore	Superseded
[v9,02/25] ima: Align ima_file_mprotect() definition with LSM infrastructure	security: Move IMA and EVM to the LSM infrastructure	1 3 -	---	2024-01-15	Roberto Sassu	pcmoore	Superseded
[v9,01/25] ima: Align ima_inode_post_setattr() definition with LSM infrastructure	security: Move IMA and EVM to the LSM infrastructure	- 4 -	---	2024-01-15	Roberto Sassu	pcmoore	Superseded
[v4] selftests/landlock:Fix two build issues	[v4] selftests/landlock:Fix two build issues	- 1 -	---	2024-01-15	Hu Yadi		Handled Elsewhere
apparmor: lsm: fix kernel-doc typo	apparmor: lsm: fix kernel-doc typo	- - -	---	2024-01-15	Randy Dunlap		Handled Elsewhere
[2/2] apparmor: fix namespace check in serialized stream headers from the same policy load	apparmor: fix namespace check in serialized stream headers from the same policy load	- - -	---	2024-01-13	Fedor Pchelkin		Handled Elsewhere
[1/2] apparmor: rename the data start flag inside verify_header	apparmor: fix namespace check in serialized stream headers from the same policy load	- - -	---	2024-01-13	Fedor Pchelkin		Handled Elsewhere
[v5,4/4] arch/x86: Do not include <asm/bootparam.h> in several files	arch/x86: Remove unnecessary dependencies on bootparam.h	1 - -	---	2024-01-12	Thomas Zimmermann		Handled Elsewhere
[v5,3/4] arch/x86: Implement arch_ima_efi_boot_mode() in source file	arch/x86: Remove unnecessary dependencies on bootparam.h	- - -	---	2024-01-12	Thomas Zimmermann		Handled Elsewhere
[v5,2/4] arch/x86: Move internal setup_data structures into setup_data.h	arch/x86: Remove unnecessary dependencies on bootparam.h	- - -	---	2024-01-12	Thomas Zimmermann		Handled Elsewhere
[v5,1/4] arch/x86: Move UAPI setup structures into setup_data.h	arch/x86: Remove unnecessary dependencies on bootparam.h	- - -	---	2024-01-12	Thomas Zimmermann		Handled Elsewhere
selftests/filesystems:fix build error in overlayfs	selftests/filesystems:fix build error in overlayfs	1 - -	---	2024-01-12	Hu Yadi		Handled Elsewhere
[v3] selftests/landlock:Fix two build issues	[v3] selftests/landlock:Fix two build issues	- 1 -	---	2024-01-12	Hu Yadi		Handled Elsewhere
[v4] selftests/move_mount_set_group:Make tests build with old libc	[v4] selftests/move_mount_set_group:Make tests build with old libc	1 1 -	---	2024-01-11	Hu Yadi		Handled Elsewhere
[v2] selftests/landlock:Fix two build issues	[v2] selftests/landlock:Fix two build issues	- 1 -	---	2024-01-11	Hu Yadi		Handled Elsewhere
selftests/core: Fix build issue with CLOSE_RANGE_UNSHARE	selftests/core: Fix build issue with CLOSE_RANGE_UNSHARE	- 1 -	---	2024-01-11	Hu Yadi		Handled Elsewhere
[v3] selftests/move_mount_set_group:Fix build issue with old libc	[v3] selftests/move_mount_set_group:Fix build issue with old libc	- 1 -	---	2024-01-11	Hu Yadi		Handled Elsewhere
[RFC,9/9] apparmor: Switch unconfined and in tree labels to managed ref mode	Nginx refcount scalability issue with Apparmor enabled and potential solutions	- - -	---	2024-01-10	Neeraj Upadhyay		Handled Elsewhere
[RFC,8/9] apparmor: Switch labels to percpu rcurefcount in unmanaged mode	Nginx refcount scalability issue with Apparmor enabled and potential solutions	- - -	---	2024-01-10	Neeraj Upadhyay		Handled Elsewhere
[RFC,7/9] percpu-rcuref: Add basic infrastructure	Nginx refcount scalability issue with Apparmor enabled and potential solutions	- - -	---	2024-01-10	Neeraj Upadhyay		Handled Elsewhere
[RFC,6/9] apparmor: Initial prototype for optimizing ref switch	Nginx refcount scalability issue with Apparmor enabled and potential solutions	- - -	---	2024-01-10	Neeraj Upadhyay		Handled Elsewhere
[RFC,5/9] apparmor: Switch intree labels to percpu mode	Nginx refcount scalability issue with Apparmor enabled and potential solutions	- - -	---	2024-01-10	Neeraj Upadhyay		Handled Elsewhere

« 1 2 ... 18 19 20 … 167 168 »