Show patches with: Archived = No       |   4908 patches
« 1 2 ... 18 19 2049 50 »
Patch Series A/R/T S/W/F Date Submitter Delegate State
[v2,8/9] evm: Rename is_unsupported_fs to is_unsupported_hmac_fs evm: Support signatures on stacked filesystem - - - --- 2024-02-05 Stefan Berger Handled Elsewhere
[v2,7/9] fs: Rename SB_I_EVM_UNSUPPORTED to SB_I_EVM_HMAC_UNSUPPORTED evm: Support signatures on stacked filesystem 1 - - --- 2024-02-05 Stefan Berger Handled Elsewhere
[v2,6/9] evm: Enforce signatures on unsupported filesystem for EVM_INIT_X509 evm: Support signatures on stacked filesystem - - - --- 2024-02-05 Stefan Berger Handled Elsewhere
[v2,5/9] evm: Use the inode holding the metadata to calculate metadata hash evm: Support signatures on stacked filesystem 1 - - --- 2024-02-05 Stefan Berger Handled Elsewhere
[v2,4/9] ima: Reset EVM status upon detecting changes to the real file evm: Support signatures on stacked filesystem - - - --- 2024-02-05 Stefan Berger Handled Elsewhere
[v2,3/9] evm: Implement per signature type decision in security_inode_copy_up_xattr evm: Support signatures on stacked filesystem - - - --- 2024-02-05 Stefan Berger Handled Elsewhere
[v2,2/9] security: allow finer granularity in permitting copy-up of security xattrs evm: Support signatures on stacked filesystem 2 - - --- 2024-02-05 Stefan Berger Handled Elsewhere
[v2,1/9] ima: Rename backing_inode to real_inode evm: Support signatures on stacked filesystem 1 - - --- 2024-02-05 Stefan Berger Handled Elsewhere
[v2,1/1] netlabel: cleanup struct netlbl_lsm_catmap [v2,1/1] netlabel: cleanup struct netlbl_lsm_catmap 1 - - --- 2024-02-04 George Guo pcmoore Handled Elsewhere
[v2,3/3] fs/exec: remove current->in_execve flag fs/exec: remove current->in_execve flag - 1 - --- 2024-02-03 Tetsuo Handa pcmoore Superseded
[v2,2/3] tomoyo: replace current->in_execve flag with security_execve_abort() hook fs/exec: remove current->in_execve flag - 1 - --- 2024-02-03 Tetsuo Handa pcmoore Superseded
[v2,1/3] LSM: add security_execve_abort() hook fs/exec: remove current->in_execve flag - 1 - --- 2024-02-03 Tetsuo Handa pcmoore Superseded
[1/1] Modify macro NETLBL_CATMAP_MAPTYPE to define a type using typedef [1/1] Modify macro NETLBL_CATMAP_MAPTYPE to define a type using typedef - - - --- 2024-02-02 George Guo pcmoore Handled Elsewhere
apparmor: use kvfree_sensitive to free data->data apparmor: use kvfree_sensitive to free data->data 1 - - --- 2024-02-01 Fedor Pchelkin Handled Elsewhere
[bpf-next] bpf: add security_file_mprotect() to sleepable_lsm_hooks BTF set [bpf-next] bpf: add security_file_mprotect() to sleepable_lsm_hooks BTF set - - - --- 2024-02-01 Matt Bobrowski Handled Elsewhere
[bpf-next] bpf: minor clean-up to sleepable_lsm_hooks BTF set [bpf-next] bpf: minor clean-up to sleepable_lsm_hooks BTF set - - - --- 2024-02-01 Matt Bobrowski Handled Elsewhere
[GIT,PULL] lsm/lsm-pr-20240131 [GIT,PULL] lsm/lsm-pr-20240131 - - - --- 2024-01-31 Paul Moore pcmoore Accepted
[RFC,v12,20/20] documentation: add ipe documentation Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,19/20] ipe: kunit test for parser Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,18/20] scripts: add boot policy generation program Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,17/20] ipe: enable support for fs-verity as a trust provider Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,16/20] fsverity: consume builtin signature via LSM hook Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,15/20] ipe: add support for dm-verity as a trust provider Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,14/20] dm verity: consume root hash digest and signature data via LSM hook Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,13/20] dm: add finalize hook to target_type Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,12/20] dm verity: set DM_TARGET_SINGLETON feature flag Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,11/20] block|security: add LSM blob to block_device Integrity Policy Enforcement LSM (IPE) - 1 - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,10/20] ipe: add permissive toggle Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,09/20] uapi|audit|ipe: add ipe auditing support Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,08/20] ipe: add userspace interface Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,07/20] security: add new securityfs delete function Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,06/20] ipe: introduce 'boot_verified' as a trust provider Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,05/20] initramfs|security: Add security hook to initramfs unpack Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,04/20] ipe: add LSM hooks on execution and kernel read Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,03/20] ipe: add evaluation loop Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,02/20] ipe: add policy parser Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,01/20] security: add ipe lsm Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[5/5] evm: Enforce signatures on unsupported filesystem for EVM_INIT_X509 evm: Support signatures on stacked filesystem - - - --- 2024-01-30 Stefan Berger pcmoore Superseded
[4/5] evm: Use the real inode's metadata to calculate metadata hash evm: Support signatures on stacked filesystem - - - --- 2024-01-30 Stefan Berger pcmoore Superseded
[3/5] ima: Reset EVM status upon detecting changes to overlay backing file evm: Support signatures on stacked filesystem - - - --- 2024-01-30 Stefan Berger pcmoore Superseded
[2/5] evm: Implement per signature type decision in security_inode_copy_up_xattr evm: Support signatures on stacked filesystem - - - --- 2024-01-30 Stefan Berger pcmoore Superseded
[1/5] security: allow finer granularity in permitting copy-up of security xattrs evm: Support signatures on stacked filesystem - - - --- 2024-01-30 Stefan Berger pcmoore Superseded
security: use default hook return value in call_int_hook() security: use default hook return value in call_int_hook() - 1 - --- 2024-01-30 Ondrej Mosnacek pcmoore Accepted
security: fix no-op hook logic in security_inode_{set,remove}xattr() security: fix no-op hook logic in security_inode_{set,remove}xattr() - - - --- 2024-01-29 Ondrej Mosnacek pcmoore Rejected
mm: init_mlocked_on_free_v2 mm: init_mlocked_on_free_v2 - - - --- 2024-01-29 York Jasper Niebuhr pcmoore Handled Elsewhere
[3/3] fs/exec: remove current->in_execve flag fs/exec: remove current->in_execve flag - - - --- 2024-01-28 Tetsuo Handa pcmoore Superseded
[2/3] tomoyo: replace current->in_execve flag with security_bprm_aborting_creds() hook fs/exec: remove current->in_execve flag - - - --- 2024-01-28 Tetsuo Handa pcmoore Superseded
[1/3] LSM: add security_bprm_aborting_creds() hook fs/exec: remove current->in_execve flag - - - --- 2024-01-28 Tetsuo Handa pcmoore Superseded
lsm: fix default return value of the socket_getpeersec_* hooks lsm: fix default return value of the socket_getpeersec_* hooks - - - --- 2024-01-26 Ondrej Mosnacek pcmoore Accepted
security: fix the logic in security_inode_getsecctx() security: fix the logic in security_inode_getsecctx() - 1 - --- 2024-01-26 Ondrej Mosnacek pcmoore Accepted
[v1,2/2] selftests/landlock: Clean up error logs related to capabilities Fix Landlock's net_test for non-root users - - - --- 2024-01-25 Mickaël Salaün Handled Elsewhere
[v1,1/2] selftests/landlock: Fix capability for net_test Fix Landlock's net_test for non-root users - - - --- 2024-01-25 Mickaël Salaün Handled Elsewhere
exec: Check __FMODE_EXEC instead of in_execve for LSMs exec: Check __FMODE_EXEC instead of in_execve for LSMs - - 1 --- 2024-01-24 Kees Cook pcmoore Handled Elsewhere
selftests/landlock:Fix fs_test build issues with old libc selftests/landlock:Fix fs_test build issues with old libc - 1 - --- 2024-01-24 Hu Yadi Handled Elsewhere
[v2,bpf-next,30/30] selftests/bpf: incorporate LSM policy to token-based tests BPF token - - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,29/30] selftests/bpf: add tests for LIBBPF_BPF_TOKEN_PATH envvar BPF token - - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,28/30] libbpf: support BPF token path setting through LIBBPF_BPF_TOKEN_PATH envvar BPF token - - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,27/30] selftests/bpf: add tests for BPF object load with implicit token BPF token 1 - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,26/30] selftests/bpf: add BPF object loading tests with explicit token passing BPF token 1 - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,25/30] libbpf: wire up BPF token support at BPF object level BPF token - - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,24/30] libbpf: wire up token_fd into feature probing logic BPF token 1 - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,23/30] libbpf: move feature detection code into its own file BPF token 1 - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,22/30] libbpf: further decouple feature checking logic from bpf_object BPF token 1 - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,21/30] libbpf: split feature detectors definitions from cached results BPF token 1 - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,20/30] selftests/bpf: utilize string values for delegate_xxx mount options BPF token 1 - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,19/30] bpf: support symbolic BPF FS delegation mount options BPF token 1 - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,18/30] bpf: fail BPF_TOKEN_CREATE if no delegation option was set on BPF FS BPF token 2 - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,17/30] bpf,selinux: allocate bpf_security_struct per BPF token BPF token - - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,16/30] selftests/bpf: add BPF token-enabled tests BPF token - - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,15/30] libbpf: add BPF token support to bpf_prog_load() API BPF token - - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,14/30] libbpf: add BPF token support to bpf_btf_load() API BPF token - - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,13/30] libbpf: add BPF token support to bpf_map_create() API BPF token - - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,12/30] libbpf: add bpf_token_create() API BPF token - - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,11/30] bpf,lsm: add BPF token LSM hooks BPF token 1 - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,10/30] bpf,lsm: refactor bpf_map_alloc/bpf_map_free LSM hooks BPF token 1 - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,09/30] bpf,lsm: refactor bpf_prog_alloc/bpf_prog_free LSM hooks BPF token 1 - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,08/30] bpf: consistently use BPF token throughout BPF verifier logic BPF token - - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,07/30] bpf: take into account BPF token when fetching helper protos BPF token - - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,06/30] bpf: add BPF token support to BPF_PROG_LOAD command BPF token - - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,05/30] bpf: add BPF token support to BPF_BTF_LOAD command BPF token - - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,04/30] bpf: add BPF token support to BPF_MAP_CREATE command BPF token - - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,03/30] bpf: introduce BPF token object BPF token 1 - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,02/30] bpf: add BPF token delegation mount options to BPF FS BPF token 1 - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,01/30] bpf: align CAP_NET_ADMIN checks with bpf_capable() approach BPF token 1 - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
io_uring: enable audit and restrict cred override for IORING_OP_FIXED_FD_INSTALL io_uring: enable audit and restrict cred override for IORING_OP_FIXED_FD_INSTALL - - - --- 2024-01-23 Paul Moore pcmoore Handled Elsewhere
selftests/landlock:Fix net_test build issues with old libc selftests/landlock:Fix net_test build issues with old libc - 1 - --- 2024-01-23 Hu Yadi Handled Elsewhere
[GIT,PULL] BPF token for v6.8 [GIT,PULL] BPF token for v6.8 1 - - --- 2024-01-19 Andrii Nakryiko pcmoore Handled Elsewhere
[GIT,PULL] AppArmor updates for 6.8 [GIT,PULL] AppArmor updates for 6.8 - - - --- 2024-01-18 John Johansen Handled Elsewhere
[v1] landlock: Add support for KUnit tests [v1] landlock: Add support for KUnit tests - 1 - --- 2024-01-18 Mickaël Salaün Handled Elsewhere
lsm: Resolve compiling 'security.c' error lsm: Resolve compiling 'security.c' error - - - --- 2024-01-17 Lu Yao pcmoore Rejected
preventing executable stack with file_mprotect hook preventing executable stack with file_mprotect hook - - - --- 2024-01-16 Dmitry Mastykin pcmoore Handled Elsewhere
preventing executable stack with file_mprotect hook preventing executable stack with file_mprotect hook - - - --- 2024-01-16 Dmitry Mastykin Superseded
[v9,25/25] integrity: Remove LSM security: Move IMA and EVM to the LSM infrastructure 1 2 - --- 2024-01-15 Roberto Sassu pcmoore Superseded
[v9,24/25] ima: Make it independent from 'integrity' LSM security: Move IMA and EVM to the LSM infrastructure - 2 - --- 2024-01-15 Roberto Sassu pcmoore Superseded
[v9,23/25] evm: Make it independent from 'integrity' LSM security: Move IMA and EVM to the LSM infrastructure 1 2 - --- 2024-01-15 Roberto Sassu pcmoore Superseded
[v9,22/25] evm: Move to LSM infrastructure security: Move IMA and EVM to the LSM infrastructure 2 2 - --- 2024-01-15 Roberto Sassu pcmoore Superseded
[v9,21/25] ima: Move IMA-Appraisal to LSM infrastructure security: Move IMA and EVM to the LSM infrastructure 2 3 - --- 2024-01-15 Roberto Sassu pcmoore Superseded
[v9,20/25] ima: Move to LSM infrastructure security: Move IMA and EVM to the LSM infrastructure 4 1 - --- 2024-01-15 Roberto Sassu pcmoore Superseded
[v9,19/25] integrity: Move integrity_kernel_module_request() to IMA security: Move IMA and EVM to the LSM infrastructure 1 1 - --- 2024-01-15 Roberto Sassu pcmoore Superseded
[v9,18/25] security: Introduce key_post_create_or_update hook security: Move IMA and EVM to the LSM infrastructure 2 2 - --- 2024-01-15 Roberto Sassu pcmoore Superseded
« 1 2 ... 18 19 2049 50 »