Show patches with: Archived = No       |   4782 patches
« 1 2 3 447 48 »
Patch Series A/R/T S/W/F Date Submitter Delegate State
[v20,5/6] samples/check-exec: Add set-exec Script execution control (was O_MAYEXEC) - - - --- 2024-10-11 Mickaël Salaün Under Review
[v20,4/6] selftests/landlock: Add tests for execveat + AT_CHECK Script execution control (was O_MAYEXEC) - - - --- 2024-10-11 Mickaël Salaün Under Review
[v20,3/6] selftests/exec: Add 32 tests for AT_CHECK and exec securebits Script execution control (was O_MAYEXEC) - - - --- 2024-10-11 Mickaël Salaün Under Review
[v20,2/6] security: Add EXEC_RESTRICT_FILE and EXEC_DENY_INTERACTIVE securebits Script execution control (was O_MAYEXEC) - 1 - --- 2024-10-11 Mickaël Salaün Under Review
[v20,1/6] exec: Add a new AT_CHECK flag to execveat(2) Script execution control (was O_MAYEXEC) - 1 - --- 2024-10-11 Mickaël Salaün Under Review
ima: Suspend PCR extends and log appends when rebooting ima: Suspend PCR extends and log appends when rebooting - - - --- 2024-10-11 Stefan Berger pcmoore New
apparmor: test: Fix memory leak for aa_unpack_strdup() apparmor: test: Fix memory leak for aa_unpack_strdup() - - - --- 2024-10-11 Jinjie Ruan Handled Elsewhere
[v1] ipe: add 'anonymous_memory' property for policy decisions [v1] ipe: add 'anonymous_memory' property for policy decisions - - - --- 2024-10-10 Fan Wu New
[RFC,v1,7/7] tomoyo: Fix inode numbers in logs [RFC,v1,1/7] fs: Add inode_get_ino() and implement get_ino() for NFS - - - --- 2024-10-10 Mickaël Salaün pcmoore Under Review
[RFC,v1,6/7] smack: Fix inode numbers in logs [RFC,v1,1/7] fs: Add inode_get_ino() and implement get_ino() for NFS 1 - - --- 2024-10-10 Mickaël Salaün pcmoore Under Review
[RFC,v1,5/7] ipe: Fix inode numbers in audit records [RFC,v1,1/7] fs: Add inode_get_ino() and implement get_ino() for NFS 1 - - --- 2024-10-10 Mickaël Salaün pcmoore Under Review
[RFC,v1,4/7] integrity: Fix inode numbers in audit records [RFC,v1,1/7] fs: Add inode_get_ino() and implement get_ino() for NFS - - - --- 2024-10-10 Mickaël Salaün pcmoore Under Review
[RFC,v1,3/7] selinux: Fix inode numbers in error messages [RFC,v1,1/7] fs: Add inode_get_ino() and implement get_ino() for NFS 1 - - --- 2024-10-10 Mickaël Salaün pcmoore Under Review
[RFC,v1,2/7] audit: Fix inode numbers [RFC,v1,1/7] fs: Add inode_get_ino() and implement get_ino() for NFS 1 - - --- 2024-10-10 Mickaël Salaün pcmoore Under Review
[RFC,v1,1/7] fs: Add inode_get_ino() and implement get_ino() for NFS [RFC,v1,1/7] fs: Add inode_get_ino() and implement get_ino() for NFS - 1 - --- 2024-10-10 Mickaël Salaün pcmoore Under Review
[v3,-next,15/15] sysctl: remove unneeded include sysctl: move sysctls from vm_table into its own files - 1 - --- 2024-10-10 yukaixiong Handled Elsewhere
[v3,-next,14/15] sh: vdso: move the sysctl to arch/sh/kernel/vsyscall/vsyscall.c sysctl: move sysctls from vm_table into its own files - 1 - --- 2024-10-10 yukaixiong Handled Elsewhere
[v3,-next,13/15] x86: vdso: move the sysctl to arch/x86/entry/vdso/vdso32-setup.c sysctl: move sysctls from vm_table into its own files - 1 - --- 2024-10-10 yukaixiong Handled Elsewhere
[v3,-next,12/15] fs: dcache: move the sysctl to fs/dcache.c sysctl: move sysctls from vm_table into its own files - 3 - --- 2024-10-10 yukaixiong Handled Elsewhere
[v3,-next,11/15] sunrpc: use vfs_pressure_ratio() helper sysctl: move sysctls from vm_table into its own files 2 1 - --- 2024-10-10 yukaixiong Handled Elsewhere
[v3,-next,10/15] fs: drop_caches: move sysctl to fs/drop_caches.c sysctl: move sysctls from vm_table into its own files - 3 - --- 2024-10-10 yukaixiong Handled Elsewhere
[v3,-next,09/15] fs: fs-writeback: move sysctl to fs/fs-writeback.c sysctl: move sysctls from vm_table into its own files - 2 - --- 2024-10-10 yukaixiong Handled Elsewhere
[v3,-next,08/15] mm: nommu: move sysctl to mm/nommu.c sysctl: move sysctls from vm_table into its own files - - - --- 2024-10-10 yukaixiong Handled Elsewhere
[v3,-next,07/15] security: min_addr: move sysctl to security/min_addr.c sysctl: move sysctls from vm_table into its own files 1 1 - --- 2024-10-10 yukaixiong Handled Elsewhere
[v3,-next,06/15] mm: mmap: move sysctl to mm/mmap.c sysctl: move sysctls from vm_table into its own files - 1 - --- 2024-10-10 yukaixiong Handled Elsewhere
[v3,-next,05/15] mm: util: move sysctls to mm/util.c sysctl: move sysctls from vm_table into its own files - 1 - --- 2024-10-10 yukaixiong Handled Elsewhere
[v3,-next,04/15] mm: vmscan: move vmscan sysctls to mm/vmscan.c sysctl: move sysctls from vm_table into its own files - 1 - --- 2024-10-10 yukaixiong Handled Elsewhere
[v3,-next,03/15] mm: swap: move sysctl to mm/swap.c sysctl: move sysctls from vm_table into its own files - 1 - --- 2024-10-10 yukaixiong Handled Elsewhere
[v3,-next,02/15] mm: filemap: move sysctl to mm/filemap.c sysctl: move sysctls from vm_table into its own files - 1 - --- 2024-10-10 yukaixiong Handled Elsewhere
[v3,-next,01/15] mm: vmstat: move sysctls to mm/vmstat.c sysctl: move sysctls from vm_table into its own files - 1 - --- 2024-10-10 yukaixiong Handled Elsewhere
[v4,13/13] LSM: Remove lsm_prop scaffolding LSM: Move away from secids - - - --- 2024-10-09 Casey Schaufler pcmoore Accepted
[v4,12/13] Use lsm_prop for audit data LSM: Move away from secids - - - --- 2024-10-09 Casey Schaufler pcmoore Accepted
[v4,11/13] Audit: Change context data from secid to lsm_prop LSM: Move away from secids - - - --- 2024-10-09 Casey Schaufler pcmoore Accepted
[v4,10/13] LSM: Create new security_cred_getlsmprop LSM hook LSM: Move away from secids - - - --- 2024-10-09 Casey Schaufler pcmoore Accepted
[v4,09/13] Audit: use an lsm_prop in audit_names LSM: Move away from secids - - - --- 2024-10-09 Casey Schaufler pcmoore Accepted
[v4,08/13] LSM: Use lsm_prop in security_inode_getsecid LSM: Move away from secids - - - --- 2024-10-09 Casey Schaufler pcmoore Accepted
[v4,07/13] LSM: Use lsm_prop in security_current_getsecid LSM: Move away from secids - - - --- 2024-10-09 Casey Schaufler pcmoore Accepted
[v4,06/13] Audit: Update shutdown LSM data LSM: Move away from secids - - - --- 2024-10-09 Casey Schaufler pcmoore Accepted
[v4,05/13] LSM: Use lsm_prop in security_ipc_getsecid LSM: Move away from secids - - - --- 2024-10-09 Casey Schaufler pcmoore Accepted
[v4,04/13] Audit: maintain an lsm_prop in audit_context LSM: Move away from secids - - - --- 2024-10-09 Casey Schaufler pcmoore Accepted
[v4,03/13] LSM: Add lsmprop_to_secctx hook LSM: Move away from secids - - - --- 2024-10-09 Casey Schaufler pcmoore Accepted
[v4,02/13] LSM: Use lsm_prop in security_audit_rule_match LSM: Move away from secids - - - --- 2024-10-09 Casey Schaufler pcmoore Accepted
[v4,01/13] LSM: Add the lsm_prop data structure. LSM: Move away from secids 1 - - --- 2024-10-09 Casey Schaufler pcmoore Accepted
ima: Fix OOB read when violation occurs with ima template. ima: Fix OOB read when violation occurs with ima template. - - - --- 2024-10-09 David Fernandez Gonzalez Handled Elsewhere
[3/3] ima: Mark concurrent accesses to the iint pointer in the inode security blob [1/3] ima: Remove inode lock - - - --- 2024-10-08 Roberto Sassu pcmoore Handled Elsewhere
[2/3] ima: Ensure lock is held when setting iint pointer in inode security blob [1/3] ima: Remove inode lock - - - --- 2024-10-08 Roberto Sassu pcmoore Handled Elsewhere
[1/3] ima: Remove inode lock [1/3] ima: Remove inode lock - 1 - --- 2024-10-08 Roberto Sassu pcmoore Handled Elsewhere
[v2] security/keys: fix slab-out-of-bounds in key_task_permission [v2] security/keys: fix slab-out-of-bounds in key_task_permission - 1 - --- 2024-10-08 Chen Ridong Handled Elsewhere
[v9,7/7] drm: Replace strcpy() with strscpy() Improve the copy of task comm 1 1 - --- 2024-10-07 Yafang Shao Handled Elsewhere
[v9,6/7] mm/util: Deduplicate code in {kstrdup,kstrndup,kmemdup_nul} Improve the copy of task comm - - - --- 2024-10-07 Yafang Shao Handled Elsewhere
[v9,5/7] mm/util: Fix possible race condition in kstrdup() Improve the copy of task comm - - - --- 2024-10-07 Yafang Shao Handled Elsewhere
[v9,4/7] bpftool: Ensure task comm is always NUL-terminated Improve the copy of task comm - 1 - --- 2024-10-07 Yafang Shao Handled Elsewhere
[v9,3/7] security: Replace memcpy() with get_task_comm() Improve the copy of task comm 1 - - --- 2024-10-07 Yafang Shao Handled Elsewhere
[v9,2/7] auditsc: Replace memcpy() with strscpy() Improve the copy of task comm 1 1 - --- 2024-10-07 Yafang Shao Handled Elsewhere
[v9,1/7] Get rid of __get_task_comm() Improve the copy of task comm - - - --- 2024-10-07 Yafang Shao Handled Elsewhere
[GIT,PULL] lsm/lsm-pr-20241004 [GIT,PULL] lsm/lsm-pr-20241004 - - - --- 2024-10-04 Paul Moore pcmoore Accepted
[v1] landlock: Improve documentation of previous limitations [v1] landlock: Improve documentation of previous limitations - 1 - --- 2024-10-04 Mickaël Salaün Handled Elsewhere
tomoyo: revert CONFIG_SECURITY_TOMOYO_LKM support tomoyo: revert CONFIG_SECURITY_TOMOYO_LKM support 1 - - --- 2024-10-03 Paul Moore pcmoore Accepted
[RFC,v1,2/2] selftests/landlock: Test non-TCP INET connection-based protocols Fix non-TCP sockets restriction - 1 - --- 2024-10-03 Mikhail Ivanov Handled Elsewhere
[RFC,v1,1/2] landlock: Fix non-TCP sockets restriction Fix non-TCP sockets restriction - 1 - --- 2024-10-03 Mikhail Ivanov Handled Elsewhere
[v2,3/3] samples/landlock: Clarify option parsing behaviour samples/landlock: Fix port parsing behaviour - - - --- 2024-10-03 Matthieu Buffet Handled Elsewhere
[v2,2/3] samples/landlock: Refactor --help message in function samples/landlock: Fix port parsing behaviour - - - --- 2024-10-03 Matthieu Buffet Handled Elsewhere
[v2,1/3] samples/landlock: Fix port parsing in sandboxer samples/landlock: Fix port parsing behaviour - - - --- 2024-10-03 Matthieu Buffet Handled Elsewhere
[v5] rust: add PidNamespace [v5] rust: add PidNamespace - 1 - --- 2024-10-02 Christian Brauner Handled Elsewhere
[v4] rust: add PidNamespace [v4] rust: add PidNamespace - - - --- 2024-10-02 Christian Brauner Handled Elsewhere
[v3] rust: add PidNamespace [v3] rust: add PidNamespace - - - --- 2024-10-01 Christian Brauner Handled Elsewhere
[v1,3/3] landlock: Optimize scope enforcement Refactor Landlock access mask management - - - --- 2024-10-01 Mickaël Salaün Handled Elsewhere
[v1,2/3] landlock: Refactor network access mask management Refactor Landlock access mask management - - - --- 2024-10-01 Mickaël Salaün Handled Elsewhere
[v1,1/3] landlock: Refactor filesystem access mask management Refactor Landlock access mask management - 1 - --- 2024-10-01 Mickaël Salaün Handled Elsewhere
[v2] rust: add PidNamespace [v2] rust: add PidNamespace - - - --- 2024-10-01 Christian Brauner Handled Elsewhere
[RFC,v4] mm: move the check of READ_IMPLIES_EXEC out of do_mmap() [RFC,v4] mm: move the check of READ_IMPLIES_EXEC out of do_mmap() - - - --- 2024-09-28 Shu Han Under Review
[v5.15-v6.1] selinux,smack: don't bypass permissions check in inode_setsecctx hook [v5.15-v6.1] selinux,smack: don't bypass permissions check in inode_setsecctx hook 1 3 1 --- 2024-09-28 Shivani Agarwal Handled Elsewhere
[v5.10] selinux,smack: don't bypass permissions check in inode_setsecctx hook [v5.10] selinux,smack: don't bypass permissions check in inode_setsecctx hook 1 3 1 --- 2024-09-28 Shivani Agarwal Handled Elsewhere
ipe: fallback to platform keyring also if key in trusted keyring is rejected ipe: fallback to platform keyring also if key in trusted keyring is rejected 1 - - --- 2024-09-27 Luca Boccassi Handled Elsewhere
[2/2] Revert "mm: introduce PF_MEMALLOC_NORECLAIM, PF_MEMALLOC_NOWARN" remove PF_MEMALLOC_NORECLAIM - 4 - --- 2024-09-26 Michal Hocko Handled Elsewhere
[1/2] bcachefs: do not use PF_MEMALLOC_NORECLAIM remove PF_MEMALLOC_NORECLAIM - 3 - --- 2024-09-26 Michal Hocko Handled Elsewhere
[RFC] rust: add PidNamespace wrapper [RFC] rust: add PidNamespace wrapper - - - --- 2024-09-26 Christian Brauner Handled Elsewhere
[v3,2/2] ipe: also reject policy updates with the same version [v3,1/2] ipe: return -ESTALE instead of -EINVAL on update when new policy has a lower version 1 1 - --- 2024-09-25 Luca Boccassi Handled Elsewhere
[v3,1/2] ipe: return -ESTALE instead of -EINVAL on update when new policy has a lower version [v3,1/2] ipe: return -ESTALE instead of -EINVAL on update when new policy has a lower version 1 1 - --- 2024-09-25 Luca Boccassi Handled Elsewhere
[v2,2/2] ipe: also reject policy updates with the same version [v2,1/2] ipe: return -ESTALE instead of -EINVAL on update when new policy has a lower version - 1 - --- 2024-09-25 Luca Boccassi Handled Elsewhere
[v2,1/2] ipe: return -ESTALE instead of -EINVAL on update when new policy has a lower version [v2,1/2] ipe: return -ESTALE instead of -EINVAL on update when new policy has a lower version 1 1 - --- 2024-09-25 Luca Boccassi Handled Elsewhere
[RFC] capabilities: remove cap_mmap_file() [RFC] capabilities: remove cap_mmap_file() - 2 - --- 2024-09-25 Paul Moore pcmoore Handled Elsewhere
[RFC,v3] mm: move the check of READ_IMPLIES_EXEC out of do_mmap() [RFC,v3] mm: move the check of READ_IMPLIES_EXEC out of do_mmap() - - - --- 2024-09-25 Shu Han Superseded
[RFC,v2] mm: move the check of READ_IMPLIES_EXEC out of do_mmap() [RFC,v2] mm: move the check of READ_IMPLIES_EXEC out of do_mmap() - - - --- 2024-09-25 Shu Han Superseded
[RFC,v2] mm: move security_mmap_file() back into do_mmap() [RFC,v2] mm: move security_mmap_file() back into do_mmap() - - - --- 2024-09-25 Shu Han Superseded
tomoyo: fallback to realpath if symlink's pathname does not exist tomoyo: fallback to realpath if symlink's pathname does not exist - - - --- 2024-09-25 Tetsuo Handa Handled Elsewhere
mm: move security_file_mmap() back into do_mmap() mm: move security_file_mmap() back into do_mmap() - - - --- 2024-09-25 Shu Han Under Review
mm: move the check of READ_IMPLIES_EXEC out of do_mmap() mm: move the check of READ_IMPLIES_EXEC out of do_mmap() - - - --- 2024-09-25 Shu Han Under Review
[GIT,PULL] lsm/lsm-pr-20240923 [GIT,PULL] lsm/lsm-pr-20240923 - - - --- 2024-09-23 Paul Moore Accepted
[GIT,PULL] Landlock updates for v6.12 [GIT,PULL] Landlock updates for v6.12 - - - --- 2024-09-23 Mickaël Salaün Handled Elsewhere
ipe: Fix out-of-bound access of kunit_suite_num_test_cases() ipe: Fix out-of-bound access of kunit_suite_num_test_cases() - - - --- 2024-09-23 Jinjie Ruan pcmoore In Next
[1/1] netlabel: Add missing comment to struct field [1/1] netlabel: Add missing comment to struct field 1 - - --- 2024-09-23 George Guo pcmoore Handled Elsewhere
ipe: Add missing terminator to list of unit tests ipe: Add missing terminator to list of unit tests 1 - - --- 2024-09-22 Guenter Roeck pcmoore Accepted
[2/2] ipe: also reject policy updates with the same version [1/2] ipe: return -ESTALE instead of -EINVAL on update when new policy has a lower version - 1 - --- 2024-09-22 Luca Boccassi Handled Elsewhere
[1/2] ipe: return -ESTALE instead of -EINVAL on update when new policy has a lower version [1/2] ipe: return -ESTALE instead of -EINVAL on update when new policy has a lower version - - - --- 2024-09-22 Luca Boccassi Handled Elsewhere
[v5,5/5] tpm: flush the auth session only when /dev/tpm0 is open Lazy flush for the auth session - 1 1 --- 2024-09-21 Jarkko Sakkinen Handled Elsewhere
[v5,4/5] tpm: Allocate chip->auth in tpm2_start_auth_session() Lazy flush for the auth session - 1 - --- 2024-09-21 Jarkko Sakkinen Handled Elsewhere
[v5,3/5] tpm: flush the null key only when /dev/tpm0 is accessed Lazy flush for the auth session - - 1 --- 2024-09-21 Jarkko Sakkinen Handled Elsewhere
[v5,2/5] tpm: Implement tpm2_load_null() rollback Lazy flush for the auth session - - - --- 2024-09-21 Jarkko Sakkinen Handled Elsewhere
[v5,1/5] tpm: Return on tpm2_create_null_primary() failure Lazy flush for the auth session - - - --- 2024-09-21 Jarkko Sakkinen Handled Elsewhere
« 1 2 3 447 48 »