Show patches with: Archived = No       |   4868 patches
« 1 2 ... 6 7 848 49 »
Patch Series A/R/T S/W/F Date Submitter Delegate State
[v2,3/4] sample/Landlock: Support signal scoping restriction Landlock: Signal Scoping Support - - - --- 2024-08-06 Tahera Fahimi Handled Elsewhere
[v2,2/4] selftest/Landlock: Signal restriction tests Landlock: Signal Scoping Support - - - --- 2024-08-06 Tahera Fahimi Handled Elsewhere
[v2,1/4] Landlock: Add signal control Landlock: Signal Scoping Support - - - --- 2024-08-06 Tahera Fahimi Handled Elsewhere
[v5] tpm: Add new device/vendor ID 0x50666666 [v5] tpm: Add new device/vendor ID 0x50666666 - - - --- 2024-08-06 Jett Rink Handled Elsewhere
evm: stop avoidably reading i_writecount in evm_file_release evm: stop avoidably reading i_writecount in evm_file_release - 1 - --- 2024-08-06 Mateusz Guzik Handled Elsewhere
[v2,2/2] security: remove unused cred_alloc_blank/cred_transfer helpers get rid of cred_transfer - - - --- 2024-08-05 Jann Horn pcmoore Under Review
[v2,1/2] KEYS: use synchronous task work for changing parent credentials get rid of cred_transfer - - - --- 2024-08-05 Jann Horn pcmoore Under Review
[v5,9/9] drm: Replace strcpy() with __get_task_comm() Improve the copy of task comm 1 - - --- 2024-08-04 Yafang Shao Handled Elsewhere
[v5,8/9] net: Replace strcpy() with __get_task_comm() Improve the copy of task comm - - - --- 2024-08-04 Yafang Shao Handled Elsewhere
[v5,7/9] tracing: Replace strncpy() with __get_task_comm() Improve the copy of task comm 1 - - --- 2024-08-04 Yafang Shao Handled Elsewhere
[v5,6/9] mm/util: Deduplicate code in {kstrdup,kstrndup,kmemdup_nul} Improve the copy of task comm - - - --- 2024-08-04 Yafang Shao Handled Elsewhere
[v5,5/9] mm/util: Fix possible race condition in kstrdup() Improve the copy of task comm - - - --- 2024-08-04 Yafang Shao Handled Elsewhere
[v5,4/9] bpftool: Ensure task comm is always NUL-terminated Improve the copy of task comm - 1 - --- 2024-08-04 Yafang Shao Handled Elsewhere
[v5,3/9] security: Replace memcpy() with __get_task_comm() Improve the copy of task comm 1 - - --- 2024-08-04 Yafang Shao Handled Elsewhere
[v5,2/9] auditsc: Replace memcpy() with __get_task_comm() Improve the copy of task comm 1 - - --- 2024-08-04 Yafang Shao Handled Elsewhere
[v5,1/9] fs/exec: Drop task_lock() inside __get_task_comm() Improve the copy of task comm - - - --- 2024-08-04 Yafang Shao Handled Elsewhere
[v20,20/20] MAINTAINERS: ipe: add ipe maintainer information Integrity Policy Enforcement LSM (IPE) - - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,19/20] Documentation: add ipe documentation Integrity Policy Enforcement LSM (IPE) - - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,18/20] ipe: kunit test for parser Integrity Policy Enforcement LSM (IPE) - - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,17/20] scripts: add boot policy generation program Integrity Policy Enforcement LSM (IPE) - - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,16/20] ipe: enable support for fs-verity as a trust provider Integrity Policy Enforcement LSM (IPE) - - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,15/20] fsverity: expose verified fsverity built-in signatures to LSMs Integrity Policy Enforcement LSM (IPE) 1 - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,14/20] security: add security_inode_setintegrity() hook Integrity Policy Enforcement LSM (IPE) - - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,13/20] ipe: add support for dm-verity as a trust provider Integrity Policy Enforcement LSM (IPE) - - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,12/20] dm verity: expose root hash digest and signature data to LSMs Integrity Policy Enforcement LSM (IPE) - 1 - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,11/20] block|lsm: Add LSM blob and new LSM hooks for block devices Integrity Policy Enforcement LSM (IPE) - - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,10/20] ipe: add permissive toggle Integrity Policy Enforcement LSM (IPE) - - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,09/20] uapi|audit|ipe: add ipe auditing support Integrity Policy Enforcement LSM (IPE) - - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,08/20] ipe: add userspace interface Integrity Policy Enforcement LSM (IPE) - - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,07/20] security: add new securityfs delete function Integrity Policy Enforcement LSM (IPE) - - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,06/20] ipe: introduce 'boot_verified' as a trust provider Integrity Policy Enforcement LSM (IPE) - - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,05/20] initramfs|security: Add a security hook to do_populate_rootfs() Integrity Policy Enforcement LSM (IPE) - - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,04/20] ipe: add LSM hooks on execution and kernel read Integrity Policy Enforcement LSM (IPE) - - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,03/20] ipe: add evaluation loop Integrity Policy Enforcement LSM (IPE) - 1 - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,02/20] ipe: add policy parser Integrity Policy Enforcement LSM (IPE) - - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v20,01/20] security: add ipe lsm Integrity Policy Enforcement LSM (IPE) - - - --- 2024-08-03 Fan Wu pcmoore Accepted
[v4] tpm: Add new device/vendor ID 0x50666666 [v4] tpm: Add new device/vendor ID 0x50666666 - - - --- 2024-08-02 Jett Rink Handled Elsewhere
[v3] tpm: Add new device/vendor ID 0x50666666 [v3] tpm: Add new device/vendor ID 0x50666666 - - - --- 2024-08-02 Jett Rink Handled Elsewhere
[RFC] security/KEYS: get rid of cred_alloc_blank and cred_transfer [RFC] security/KEYS: get rid of cred_alloc_blank and cred_transfer - - - --- 2024-08-02 Jann Horn pcmoore Superseded
[v5] proc: add config & param to block forcing mem writes [v5] proc: add config & param to block forcing mem writes - - - --- 2024-08-02 Adrian Ratiu Handled Elsewhere
[v8,4/4] Landlock: Document LANDLOCK_SCOPED_ABSTRACT_UNIX_SOCKET and ABI versioning Landlock: Add abstract unix socket connect - - - --- 2024-08-02 Tahera Fahimi Handled Elsewhere
[v8,3/4] sample/Landlock: Support abstract unix socket restriction Landlock: Add abstract unix socket connect - - - --- 2024-08-02 Tahera Fahimi Handled Elsewhere
[v8,2/4] selftests/landlock: Abstract unix socket restriction tests Landlock: Add abstract unix socket connect - - - --- 2024-08-02 Tahera Fahimi Handled Elsewhere
[v8,1/4] Landlock: Add abstract unix socket connect restriction Landlock: Add abstract unix socket connect - - - --- 2024-08-02 Tahera Fahimi Handled Elsewhere
init/main.c: Initialize early LSMs after arch code init/main.c: Initialize early LSMs after arch code - - - --- 2024-08-01 KP Singh pcmoore Superseded
init/main.c: Do jump_label_init before early_security_init init/main.c: Do jump_label_init before early_security_init - - - --- 2024-07-31 KP Singh pcmoore Changes Requested
[v4] proc: add config & param to block forcing mem writes [v4] proc: add config & param to block forcing mem writes - - - --- 2024-07-30 Adrian Ratiu Handled Elsewhere
lsm: add the inode_free_security_rcu() LSM implementation hook lsm: add the inode_free_security_rcu() LSM implementation hook - - - --- 2024-07-29 Paul Moore pcmoore Accepted
lsm: cleanup lsm_hooks.h lsm: cleanup lsm_hooks.h - 1 - --- 2024-07-29 Paul Moore pcmoore Accepted
[v1] keys: Restrict KEYCTL_SESSION_TO_PARENT according to ptrace_may_access() [v1] keys: Restrict KEYCTL_SESSION_TO_PARENT according to ptrace_may_access() - - - --- 2024-07-29 Mickaël Salaün Handled Elsewhere
[v4,11/11] drm: Replace strcpy() with __get_task_comm() Improve the copy of task comm 1 - - --- 2024-07-29 Yafang Shao pcmoore Handled Elsewhere
[v4,10/11] net: Replace strcpy() with __get_task_comm() Improve the copy of task comm - - - --- 2024-07-29 Yafang Shao pcmoore Handled Elsewhere
[v4,09/11] tracing: Replace strncpy() with __get_task_comm() Improve the copy of task comm 1 - - --- 2024-07-29 Yafang Shao pcmoore Handled Elsewhere
[v4,08/11] tsacct: Replace strncpy() with __get_task_comm() Improve the copy of task comm - - - --- 2024-07-29 Yafang Shao pcmoore Handled Elsewhere
[v4,07/11] mm/kmemleak: Replace strncpy() with __get_task_comm() Improve the copy of task comm 1 - - --- 2024-07-29 Yafang Shao pcmoore Handled Elsewhere
[v4,06/11] mm/util: Deduplicate code in {kstrdup,kstrndup,kmemdup_nul} Improve the copy of task comm - - - --- 2024-07-29 Yafang Shao pcmoore Handled Elsewhere
[v4,05/11] mm/util: Fix possible race condition in kstrdup() Improve the copy of task comm - - - --- 2024-07-29 Yafang Shao pcmoore Handled Elsewhere
[v4,04/11] bpftool: Ensure task comm is always NUL-terminated Improve the copy of task comm - 1 - --- 2024-07-29 Yafang Shao pcmoore Handled Elsewhere
[v4,03/11] security: Replace memcpy() with __get_task_comm() Improve the copy of task comm 1 - - --- 2024-07-29 Yafang Shao pcmoore Handled Elsewhere
[v4,02/11] auditsc: Replace memcpy() with __get_task_comm() Improve the copy of task comm 1 - - --- 2024-07-29 Yafang Shao pcmoore Handled Elsewhere
[v4,01/11] fs/exec: Drop task_lock() inside __get_task_comm() Improve the copy of task comm - - - --- 2024-07-29 Yafang Shao pcmoore Handled Elsewhere
[RFC] security: tomoyo: Add default builtin-policy.h for default policy [RFC] security: tomoyo: Add default builtin-policy.h for default policy - - - --- 2024-07-28 Marcos Paulo de Souza Handled Elsewhere
[RFC,v1,9/9] samples/landlock: Support LANDLOCK_ACCESS_NET_LISTEN Support TCP listen access-control - - - --- 2024-07-28 Mikhail Ivanov Handled Elsewhere
[RFC,v1,8/9] selftests/landlock: Test changing socket backlog with listen(2) Support TCP listen access-control - - - --- 2024-07-28 Mikhail Ivanov Handled Elsewhere
[RFC,v1,7/9] selftests/landlock: Test listen on ULP socket without clone method Support TCP listen access-control - - - --- 2024-07-28 Mikhail Ivanov Handled Elsewhere
[RFC,v1,6/9] selftests/landlock: Test listening without explicit bind restriction Support TCP listen access-control - - - --- 2024-07-28 Mikhail Ivanov Handled Elsewhere
[RFC,v1,5/9] selftests/landlock: Test listen on connected socket Support TCP listen access-control - - - --- 2024-07-28 Mikhail Ivanov Handled Elsewhere
[RFC,v1,4/9] selftests/landlock: Test listening restriction Support TCP listen access-control - - - --- 2024-07-28 Mikhail Ivanov Handled Elsewhere
[RFC,v1,3/9] selftests/landlock: Support LANDLOCK_ACCESS_NET_LISTEN_TCP Support TCP listen access-control - - - --- 2024-07-28 Mikhail Ivanov Handled Elsewhere
[RFC,v1,2/9] landlock: Support TCP listen access-control Support TCP listen access-control - - - --- 2024-07-28 Mikhail Ivanov Handled Elsewhere
[RFC,v1,1/9] landlock: Refactor current_check_access_socket() access right check Support TCP listen access-control - - - --- 2024-07-28 Mikhail Ivanov Handled Elsewhere
[v3] proc: add config & param to block forcing mem writes [v3] proc: add config & param to block forcing mem writes - - - --- 2024-07-26 Adrian Ratiu Handled Elsewhere
[GIT,PULL] AppArmor updates for 6.11-rc1 [GIT,PULL] AppArmor updates for 6.11-rc1 - - - --- 2024-07-25 John Johansen Handled Elsewhere
security/tomoyo: Prevent message flooding if no Tomoyo loader is present security/tomoyo: Prevent message flooding if no Tomoyo loader is present - - - --- 2024-07-25 Yafang Shao Handled Elsewhere
[GIT,PULL] sysctl constification changes for v6.11-rc1 [GIT,PULL] sysctl constification changes for v6.11-rc1 - - - --- 2024-07-24 Joel Granados Handled Elsewhere
[v1,2/2] lsm: Refactor return value of LSM hook inode_copy_up_xattr Refactor return value of two lsm hooks - - - --- 2024-07-24 Xu Kuohai pcmoore Accepted
[v1,1/2] lsm: Refactor return value of LSM hook vm_enough_memory Refactor return value of two lsm hooks - - - --- 2024-07-24 Xu Kuohai pcmoore Accepted
proc: add config & param to block forcing mem writes proc: add config & param to block forcing mem writes - - - --- 2024-07-23 Adrian Ratiu Handled Elsewhere
keys: Add tracepoints for the keyrings facility keys: Add tracepoints for the keyrings facility - - - --- 2024-07-22 David Howells Handled Elsewhere
[GIT,PULL] Landlock fix for v6.11 [GIT,PULL] Landlock fix for v6.11 - - - --- 2024-07-20 Mickaël Salaün Handled Elsewhere
[RFC,v1,3/3] landlock: Document network restrictions tied to sockets Use socket's Landlock domain - - - --- 2024-07-19 Mickaël Salaün Handled Elsewhere
[RFC,v1,2/3] selftests/landlock: Add test for socket's domain Use socket's Landlock domain - - - --- 2024-07-19 Mickaël Salaün Handled Elsewhere
[RFC,v1,1/3] landlock: Use socket's domain instead of current's domain Use socket's Landlock domain - - - --- 2024-07-19 Mickaël Salaün Handled Elsewhere
[bpf-next,v2,9/9] selftests/bpf: Add verifier tests for bpf lsm Add BPF LSM return value range check, BPF part - - - --- 2024-07-19 Xu Kuohai pcmoore Handled Elsewhere
[bpf-next,v2,8/9] selftests/bpf: Add test for lsm tail call Add BPF LSM return value range check, BPF part - - - --- 2024-07-19 Xu Kuohai pcmoore Handled Elsewhere
[bpf-next,v2,7/9] selftests/bpf: Add return value checks for failed tests Add BPF LSM return value range check, BPF part - - - --- 2024-07-19 Xu Kuohai pcmoore Handled Elsewhere
[bpf-next,v2,6/9] selftests/bpf: Avoid load failure for token_lsm.c Add BPF LSM return value range check, BPF part - - - --- 2024-07-19 Xu Kuohai pcmoore Handled Elsewhere
[bpf-next,v2,5/9] bpf, verifier: improve signed ranges inference for BPF_AND Add BPF LSM return value range check, BPF part 2 - - --- 2024-07-19 Xu Kuohai pcmoore Handled Elsewhere
[bpf-next,v2,4/9] bpf: Fix compare error in function retval_range_within Add BPF LSM return value range check, BPF part 1 - - --- 2024-07-19 Xu Kuohai pcmoore Handled Elsewhere
[bpf-next,v2,3/9] bpf: Prevent tail call between progs attached to different hooks Add BPF LSM return value range check, BPF part - - - --- 2024-07-19 Xu Kuohai pcmoore Handled Elsewhere
[bpf-next,v2,2/9] bpf, lsm: Add check for BPF LSM return value Add BPF LSM return value range check, BPF part 1 - - --- 2024-07-19 Xu Kuohai pcmoore Handled Elsewhere
[bpf-next,v2,1/9] bpf, lsm: Add disabled BPF LSM hook list Add BPF LSM return value range check, BPF part - - - --- 2024-07-19 Xu Kuohai pcmoore Handled Elsewhere
[bpf-next,v1,9/9] selftests/bpf: Add verifier tests for bpf lsm Add BPF LSM return value range check, BPF part - - - --- 2024-07-19 Xu Kuohai pcmoore Superseded
[bpf-next,v1,8/9] selftests/bpf: Add test for lsm tail call Add BPF LSM return value range check, BPF part - - - --- 2024-07-19 Xu Kuohai pcmoore Superseded
[bpf-next,v1,7/9] selftests/bpf: Add return value checks for failed tests Add BPF LSM return value range check, BPF part - - - --- 2024-07-19 Xu Kuohai pcmoore Superseded
[bpf-next,v1,6/9] selftests/bpf: Avoid load failure for token_lsm.c Add BPF LSM return value range check, BPF part - - - --- 2024-07-19 Xu Kuohai pcmoore Superseded
[bpf-next,v1,5/9] bpf, verifier: improve signed ranges inference for BPF_AND Add BPF LSM return value range check, BPF part 1 - - --- 2024-07-19 Xu Kuohai pcmoore Superseded
[bpf-next,v1,4/9] bpf: Fix compare error in function retval_range_within Add BPF LSM return value range check, BPF part 1 - - --- 2024-07-19 Xu Kuohai pcmoore Superseded
[bpf-next,v1,3/9] bpf: Prevent tail call between progs attached to different hooks Add BPF LSM return value range check, BPF part - - - --- 2024-07-19 Xu Kuohai pcmoore Superseded
[bpf-next,v1,2/9] bpf, lsm: Add check for BPF LSM return value Add BPF LSM return value range check, BPF part 1 - - --- 2024-07-19 Xu Kuohai pcmoore Superseded
« 1 2 ... 6 7 848 49 »