Show patches with: State = Action Required       |    Archived = No       |   163 patches
« 1 2 »
Patch Series A/R/T S/W/F Date Submitter Delegate State
[01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY 2 1 - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[01/11] coccinelle: Add script to reorder capable() calls [01/11] coccinelle: Add script to reorder capable() calls - 1 - --- 2024-11-25 Christian Göttsche pcmoore New
[02/10] capability: add any wrappers to test for multiple caps with exactly one audit message [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY - 1 - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[02/11] quota: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - - - --- 2024-11-25 Christian Göttsche pcmoore New
[03/10] capability: use new capable_any functionality [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY 1 - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[03/11] ext4: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - - - --- 2024-11-25 Christian Göttsche pcmoore New
[04/10] block: use new capable_any functionality [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY - - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[04/11] hugetlbfs: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - - - --- 2024-11-25 Christian Göttsche pcmoore New
[05/10] drivers: use new capable_any functionality [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY 2 - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[05/11] genwqe: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - - - --- 2024-11-25 Christian Göttsche pcmoore New
[06/10] fs: use new capable_any functionality [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY 1 - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[06/11] ubifs: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls 1 - - --- 2024-11-25 Christian Göttsche pcmoore New
[07/10] kernel: use new capable_any functionality [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY - 2 - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[07/11] ipv4: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - - - --- 2024-11-25 Christian Göttsche pcmoore New
[08/10] net: use new capable_any functionality [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY - 1 - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[08/11] gfs2: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - - - --- 2024-11-25 Christian Göttsche pcmoore New
[09/10] bpf: use new capable_any functionality [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY 1 - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[09/11] fs: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - 1 - --- 2024-11-25 Christian Göttsche pcmoore New
[1/2] lsm: constify function parameters [1/2] lsm: constify function parameters - - - --- 2024-11-25 Christian Göttsche pcmoore New
[10/10] coccinelle: add script for capable_any() [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY - - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[10/11] skbuff: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - - - --- 2024-11-25 Christian Göttsche pcmoore New
[11/11] infiniband: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - - - --- 2024-11-25 Christian Göttsche pcmoore New
[2/2] doc: Fix fs_context_parse_param description in mount_api.rst [1/2] lsm: Fix description of fs_context_parse_param - - - --- 2022-12-09 Roberto Sassu pcmoore Under Review
[2/2] lsm: rename variable to avoid shadowing [1/2] lsm: constify function parameters - - - --- 2024-11-25 Christian Göttsche pcmoore New
[GIT,PULL] AppArmor updates for 6.13 [GIT,PULL] AppArmor updates for 6.13 - - - --- 2024-11-27 John Johansen New
[GIT,PULL] capabilities [GIT,PULL] capabilities - - - --- 2024-11-18 sergeh@kernel.org pcmoore New
[GIT,PULL] lsm/lsm-pr-20241129 [GIT,PULL] lsm/lsm-pr-20241129 - - - --- 2024-11-30 Paul Moore pcmoore New
[lsm/dev-staging] selinux: Fix pointer use in selinux_dentry_init_security [lsm/dev-staging] selinux: Fix pointer use in selinux_dentry_init_security - - - --- 2024-11-02 Casey Schaufler pcmoore Under Review
[lsm/dev] Binder: Initialize lsm_context structure [lsm/dev] Binder: Initialize lsm_context structure - - - --- 2024-12-06 Casey Schaufler New
[lsm/dev] net: corrections for security_secid_to_secctx returns [lsm/dev] net: corrections for security_secid_to_secctx returns - - - --- 2024-12-11 Casey Schaufler New
[lsm/dev] netfilter: Use correct length value in ctnetlink_secctx_size [lsm/dev] netfilter: Use correct length value in ctnetlink_secctx_size - - - --- 2024-11-01 Casey Schaufler pcmoore Under Review
[next] security: remove redundant assignment to variable rc [next] security: remove redundant assignment to variable rc - 1 - --- 2024-11-12 Colin Ian King pcmoore New
[RESEND] apparmor: Use str_yes_no() helper function [RESEND] apparmor: Use str_yes_no() helper function - - - --- 2024-12-09 Thorsten Blum New
[RESEND] cred: separate the refcount from frequently read fields [RESEND] cred: separate the refcount from frequently read fields - - - --- 2024-08-22 Mateusz Guzik pcmoore New
[RFC,1/2] lsm: introduce new hook security_vm_execstack [RFC,1/2] lsm: introduce new hook security_vm_execstack - - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[RFC,2/2] selinux: wire up new execstack LSM hook [RFC,1/2] lsm: introduce new hook security_vm_execstack - - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[RFC,v1,1/7] fs: Add inode_get_ino() and implement get_ino() for NFS [RFC,v1,1/7] fs: Add inode_get_ino() and implement get_ino() for NFS - 1 - --- 2024-10-10 Mickaël Salaün pcmoore Under Review
[RFC,v1,2/7] audit: Fix inode numbers [RFC,v1,1/7] fs: Add inode_get_ino() and implement get_ino() for NFS 1 - - --- 2024-10-10 Mickaël Salaün pcmoore Under Review
[RFC,v1,3/7] selinux: Fix inode numbers in error messages [RFC,v1,1/7] fs: Add inode_get_ino() and implement get_ino() for NFS 1 - - --- 2024-10-10 Mickaël Salaün pcmoore Under Review
[RFC,v1,4/7] integrity: Fix inode numbers in audit records [RFC,v1,1/7] fs: Add inode_get_ino() and implement get_ino() for NFS - - - --- 2024-10-10 Mickaël Salaün pcmoore Under Review
[RFC,v1,5/7] ipe: Fix inode numbers in audit records [RFC,v1,1/7] fs: Add inode_get_ino() and implement get_ino() for NFS 1 - - --- 2024-10-10 Mickaël Salaün pcmoore Under Review
[RFC,v1,6/7] smack: Fix inode numbers in logs [RFC,v1,1/7] fs: Add inode_get_ino() and implement get_ino() for NFS 1 - - --- 2024-10-10 Mickaël Salaün pcmoore Under Review
[RFC,v1,7/7] tomoyo: Fix inode numbers in logs [RFC,v1,1/7] fs: Add inode_get_ino() and implement get_ino() for NFS - - - --- 2024-10-10 Mickaël Salaün pcmoore Under Review
[RFC,v3,01/13] certs: Remove CONFIG_INTEGRITY_PLATFORM_KEYRING check Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,02/13] certs: Introduce ability to link to a system key Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,03/13] clavis: Introduce a new system keyring called clavis Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,04/13] keys: Add new verification type (VERIFYING_CLAVIS_SIGNATURE) Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,05/13] clavis: Introduce a new key type called clavis_key_acl Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,06/13] clavis: Populate clavis keyring acl with kernel module signature Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,07/13] keys: Add ability to track intended usage of the public key Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,08/13] clavis: Introduce new LSM called clavis Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,09/13] clavis: Allow user to define acl at build time Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,10/13] efi: Make clavis boot param persist across kexec Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,11/13] clavis: Prevent boot param change during kexec Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,12/13] clavis: Add function redirection for Kunit support Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,13/13] clavis: Kunit support Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v4] mm: move the check of READ_IMPLIES_EXEC out of do_mmap() [RFC,v4] mm: move the check of READ_IMPLIES_EXEC out of do_mmap() - - - --- 2024-09-28 Shu Han Under Review
[RFC] ima: instantiate the bprm_creds_for_exec() hook [RFC] ima: instantiate the bprm_creds_for_exec() hook - - - --- 2024-11-27 Mimi Zohar New
[v1] selftests: ktap_helpers: Fix uninitialized variable [v1] selftests: ktap_helpers: Fix uninitialized variable - - - --- 2024-11-27 Mickaël Salaün New
[v2,1/2] KEYS: use synchronous task work for changing parent credentials get rid of cred_transfer - - - --- 2024-08-05 Jann Horn pcmoore Under Review
[v2,1/7] fs: ima: Remove S_IMA and IS_IMA() ima: Remove unnecessary inode locks 1 1 - --- 2024-11-28 Roberto Sassu New
[v2,2/2] security: remove unused cred_alloc_blank/cred_transfer helpers get rid of cred_transfer - - - --- 2024-08-05 Jann Horn pcmoore Under Review
[v2,2/7] ima: Remove inode lock ima: Remove unnecessary inode locks - 1 - --- 2024-11-28 Roberto Sassu New
[v2,3/7] ima: Ensure lock is held when setting iint pointer in inode security blob ima: Remove unnecessary inode locks - - - --- 2024-11-28 Roberto Sassu New
[v2,4/7] ima: Mark concurrent accesses to the iint pointer in the inode security blob ima: Remove unnecessary inode locks - - - --- 2024-11-28 Roberto Sassu New
[v2,5/7] ima: Set security.ima on file close when ima_appraise=fix ima: Remove unnecessary inode locks - - - --- 2024-11-28 Roberto Sassu New
[v2,6/7] ima: Discard files opened with O_PATH ima: Remove unnecessary inode locks - - - --- 2024-11-28 Roberto Sassu New
[v2,7/7] ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattr ima: Remove unnecessary inode locks - - - --- 2024-11-28 Roberto Sassu New
[v2] ima: instantiate the bprm_creds_for_exec() hook [v2] ima: instantiate the bprm_creds_for_exec() hook - - - --- 2024-12-04 Mimi Zohar New
[v2] ima: instantiate the bprm_creds_for_exec() hook [v2] ima: instantiate the bprm_creds_for_exec() hook - - 1 --- 2024-12-03 Mimi Zohar New
[v2] mm: Split critical region in remap_file_pages() and invoke LSMs in between [v2] mm: Split critical region in remap_file_pages() and invoke LSMs in between - 5 2 --- 2024-10-18 Roberto Sassu pcmoore Under Review
[v2] samples/landlock: Fix possible NULL dereference in parse_path() [v2] samples/landlock: Fix possible NULL dereference in parse_path() - - - --- 2024-11-28 Gax-c New
[V2] selftests: lsm: Refactor `flags_overset_lsm_set_self_attr` test [V2] selftests: lsm: Refactor `flags_overset_lsm_set_self_attr` test - 2 - --- 2024-11-16 Amit pcmoore New
[v21,1/6] exec: Add a new AT_EXECVE_CHECK flag to execveat(2) Script execution control (was O_MAYEXEC) 1 1 - --- 2024-11-12 Mickaël Salaün pcmoore New
[v21,2/6] security: Add EXEC_RESTRICT_FILE and EXEC_DENY_INTERACTIVE securebits Script execution control (was O_MAYEXEC) - 1 - --- 2024-11-12 Mickaël Salaün pcmoore New
[v21,3/6] selftests/exec: Add 32 tests for AT_EXECVE_CHECK and exec securebits Script execution control (was O_MAYEXEC) - - - --- 2024-11-12 Mickaël Salaün pcmoore New
[v21,4/6] selftests/landlock: Add tests for execveat + AT_EXECVE_CHECK Script execution control (was O_MAYEXEC) - - - --- 2024-11-12 Mickaël Salaün pcmoore New
[v21,5/6] samples/check-exec: Add set-exec Script execution control (was O_MAYEXEC) - - - --- 2024-11-12 Mickaël Salaün pcmoore New
[v21,6/6] samples/check-exec: Add an enlighten "inc" interpreter and 28 tests Script execution control (was O_MAYEXEC) - - - --- 2024-11-12 Mickaël Salaün pcmoore New
[v22,1/8] exec: Add a new AT_EXECVE_CHECK flag to execveat(2) Script execution control (was O_MAYEXEC) 1 2 1 --- 2024-12-05 Mickaël Salaün New
[v22,2/8] security: Add EXEC_RESTRICT_FILE and EXEC_DENY_INTERACTIVE securebits Script execution control (was O_MAYEXEC) - 2 1 --- 2024-12-05 Mickaël Salaün New
[v22,3/8] selftests/exec: Add 32 tests for AT_EXECVE_CHECK and exec securebits Script execution control (was O_MAYEXEC) - - - --- 2024-12-05 Mickaël Salaün New
[v22,4/8] selftests/landlock: Add tests for execveat + AT_EXECVE_CHECK Script execution control (was O_MAYEXEC) - - - --- 2024-12-05 Mickaël Salaün New
[v22,5/8] samples/check-exec: Add set-exec Script execution control (was O_MAYEXEC) - - - --- 2024-12-05 Mickaël Salaün New
[v22,6/8] selftests: ktap_helpers: Fix uninitialized variable Script execution control (was O_MAYEXEC) - - - --- 2024-12-05 Mickaël Salaün New
[v22,7/8] samples/check-exec: Add an enlighten "inc" interpreter and 28 tests Script execution control (was O_MAYEXEC) - - - --- 2024-12-05 Mickaël Salaün New
[v22,8/8] ima: instantiate the bprm_creds_for_exec() hook Script execution control (was O_MAYEXEC) - 1 - --- 2024-12-05 Mickaël Salaün New
[v3,1/3] LSM: add security_execve_abort() hook fs/exec: remove current->in_execve flag 1 - - --- 2024-02-06 Tetsuo Handa pcmoore Under Review
[v3,2/3] tomoyo: replace current->in_execve flag with security_execve_abort() hook fs/exec: remove current->in_execve flag 1 - - --- 2024-02-06 Tetsuo Handa pcmoore Under Review
[v3,3/3] fs/exec: remove current->in_execve flag fs/exec: remove current->in_execve flag 1 - - --- 2024-02-06 Tetsuo Handa pcmoore Under Review
[v3,bpf-next,1/6] fs/xattr: bpf: Introduce security.bpf. xattr name prefix Enable writing xattr from BPF programs 1 - - --- 2024-12-10 Song Liu New
[v3,bpf-next,2/6] selftests/bpf: Extend test fs_kfuncs to cover security.bpf. xattr names Enable writing xattr from BPF programs - - - --- 2024-12-10 Song Liu New
[v3,bpf-next,3/6] bpf: lsm: Add two more sleepable hooks Enable writing xattr from BPF programs - - - --- 2024-12-10 Song Liu New
[v3,bpf-next,4/6] bpf: fs/xattr: Add BPF kfuncs to set and remove xattrs Enable writing xattr from BPF programs - - - --- 2024-12-10 Song Liu New
[v3,bpf-next,5/6] selftests/bpf: Test kfuncs that set and remove xattr from BPF programs Enable writing xattr from BPF programs - - - --- 2024-12-10 Song Liu New
[v3,bpf-next,6/6] selftests/bpf: Add __failure tests for set/remove xattr kfuncs Enable writing xattr from BPF programs - - - --- 2024-12-10 Song Liu New
[v39,03/42] LSM: Add the lsmblob data structure. LSM: General module stacking - - - --- 2023-12-15 Casey Schaufler pcmoore Under Review
[v39,04/42] IMA: avoid label collisions with stacked LSMs LSM: General module stacking - - - --- 2023-12-15 Casey Schaufler pcmoore Under Review
[v39,05/42] LSM: Use lsmblob in security_audit_rule_match LSM: General module stacking 1 1 - --- 2023-12-15 Casey Schaufler pcmoore Under Review
[v39,06/42] LSM: Add lsmblob_to_secctx hook LSM: General module stacking - - - --- 2023-12-15 Casey Schaufler pcmoore Under Review
« 1 2 »