Show patches with: State = Action Required       |    Archived = No       |   165 patches
« 1 2 »
Patch Series A/R/T S/W/F Date Submitter Delegate State
[01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY 2 1 - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[02/10] capability: add any wrappers to test for multiple caps with exactly one audit message [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY - 1 - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[03/10] capability: use new capable_any functionality [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY 1 - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[04/10] block: use new capable_any functionality [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY - - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[05/10] drivers: use new capable_any functionality [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY 2 - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[06/10] fs: use new capable_any functionality [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY 1 - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[07/10] kernel: use new capable_any functionality [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY - 2 - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[08/10] net: use new capable_any functionality [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY - 1 - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[09/10] bpf: use new capable_any functionality [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY 1 - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[1/2] landlock: Add hook on socket_listen() Forbid illegitimate binding via listen(2) - 1 - --- 2024-04-08 Mikhail Ivanov pcmoore New
[10/10] coccinelle: add script for capable_any() [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY - - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[2/2] doc: Fix fs_context_parse_param description in mount_api.rst [1/2] lsm: Fix description of fs_context_parse_param - - - --- 2022-12-09 Roberto Sassu pcmoore Under Review
[2/2] selftests/landlock: Create 'listen_zero', 'deny_listen_zero' tests Forbid illegitimate binding via listen(2) - 1 - --- 2024-04-08 Mikhail Ivanov pcmoore New
[RESEND] cred: separate the refcount from frequently read fields [RESEND] cred: separate the refcount from frequently read fields - - - --- 2024-08-22 Mateusz Guzik pcmoore New
[RFC,1/2] lsm: introduce new hook security_vm_execstack [RFC,1/2] lsm: introduce new hook security_vm_execstack - - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[RFC,2/2] selinux: wire up new execstack LSM hook [RFC,1/2] lsm: introduce new hook security_vm_execstack - - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[RFC,v19,1/5] exec: Add a new AT_CHECK flag to execveat(2) Script execution control (was O_MAYEXEC) - - - --- 2024-07-04 Mickaël Salaün Under Review
[RFC,v19,2/5] security: Add new SHOULD_EXEC_CHECK and SHOULD_EXEC_RESTRICT securebits Script execution control (was O_MAYEXEC) - - - --- 2024-07-04 Mickaël Salaün Under Review
[RFC,v19,3/5] selftests/exec: Add tests for AT_CHECK and related securebits Script execution control (was O_MAYEXEC) - - - --- 2024-07-04 Mickaël Salaün Under Review
[RFC,v19,4/5] selftests/landlock: Add tests for execveat + AT_CHECK Script execution control (was O_MAYEXEC) - - - --- 2024-07-04 Mickaël Salaün Under Review
[RFC,v19,5/5] samples/should-exec: Add set-should-exec Script execution control (was O_MAYEXEC) - - - --- 2024-07-04 Mickaël Salaün Under Review
[RFC,v2,1/8] certs: Introduce ability to link to a system key Clavis LSM - - - --- 2024-05-31 Eric Snowberg pcmoore Under Review
[RFC,v2,2/8] clavis: Introduce a new system keyring called clavis Clavis LSM - - - --- 2024-05-31 Eric Snowberg pcmoore Under Review
[RFC,v2,3/8] efi: Make clavis boot param persist across kexec Clavis LSM - - - --- 2024-05-31 Eric Snowberg pcmoore Under Review
[RFC,v2,4/8] clavis: Prevent clavis boot param from changing during kexec Clavis LSM - - - --- 2024-05-31 Eric Snowberg pcmoore Under Review
[RFC,v2,5/8] keys: Add new verification type (VERIFYING_CLAVIS_SIGNATURE) Clavis LSM - - - --- 2024-05-31 Eric Snowberg pcmoore Under Review
[RFC,v2,6/8] keys: Add ability to track intended usage of the public key Clavis LSM - - - --- 2024-05-31 Eric Snowberg pcmoore Under Review
[RFC,v2,7/8] clavis: Introduce a new key type called clavis_key_acl Clavis LSM - - - --- 2024-05-31 Eric Snowberg pcmoore Under Review
[RFC,v2,8/8] clavis: Introduce new LSM called clavis Clavis LSM - - - --- 2024-05-31 Eric Snowberg pcmoore Under Review
[RFC,v3,01/10] ima: Introduce hook DIGEST_LIST_CHECK ima: Integrate with Integrity Digest Cache - - - --- 2024-09-05 Roberto Sassu New
[RFC,v3,01/19] landlock: Support socket access-control Support socket access-control - - - --- 2024-09-04 Mikhail Ivanov New
[RFC,v3,02/10] ima: Nest iint mutex for DIGEST_LIST_CHECK hook ima: Integrate with Integrity Digest Cache - - - --- 2024-09-05 Roberto Sassu New
[RFC,v3,02/19] landlock: Add hook on socket creation Support socket access-control - - - --- 2024-09-04 Mikhail Ivanov New
[RFC,v3,03/10] ima: Add digest_cache policy keyword ima: Integrate with Integrity Digest Cache - - - --- 2024-09-05 Roberto Sassu New
[RFC,v3,03/19] selftests/landlock: Test basic socket restriction Support socket access-control - - - --- 2024-09-04 Mikhail Ivanov New
[RFC,v3,04/10] ima: Add digest_cache_measure/appraise boot-time built-in policies ima: Integrate with Integrity Digest Cache - - - --- 2024-09-05 Roberto Sassu New
[RFC,v3,04/19] selftests/landlock: Test adding a rule with each supported access Support socket access-control - - - --- 2024-09-04 Mikhail Ivanov New
[RFC,v3,05/10] ima: Modify existing boot-time built-in policies with digest cache policies ima: Integrate with Integrity Digest Cache - - - --- 2024-09-05 Roberto Sassu New
[RFC,v3,05/19] selftests/landlock: Test adding a rule for each unknown access Support socket access-control - - - --- 2024-09-04 Mikhail Ivanov New
[RFC,v3,06/10] ima: Retrieve digest cache and check if changed ima: Integrate with Integrity Digest Cache - - - --- 2024-09-05 Roberto Sassu New
[RFC,v3,06/19] selftests/landlock: Test adding a rule for unhandled access Support socket access-control - - - --- 2024-09-04 Mikhail Ivanov New
[RFC,v3,07/10] ima: Store verified usage in digest cache based on integrity metadata flags ima: Integrate with Integrity Digest Cache - - - --- 2024-09-05 Roberto Sassu New
[RFC,v3,07/19] selftests/landlock: Test adding a rule for empty access Support socket access-control - - - --- 2024-09-04 Mikhail Ivanov New
[RFC,v3,08/10] ima: Load verified usage from digest cache found from query ima: Integrate with Integrity Digest Cache - - - --- 2024-09-05 Roberto Sassu New
[RFC,v3,08/19] selftests/landlock: Test overlapped restriction Support socket access-control - - - --- 2024-09-04 Mikhail Ivanov New
[RFC,v3,09/10] ima: Use digest caches for measurement ima: Integrate with Integrity Digest Cache - - - --- 2024-09-05 Roberto Sassu New
[RFC,v3,09/19] selftests/landlock: Test creating a ruleset with unknown access Support socket access-control - - - --- 2024-09-04 Mikhail Ivanov New
[RFC,v3,10/10] ima: Use digest caches for appraisal ima: Integrate with Integrity Digest Cache - - - --- 2024-09-05 Roberto Sassu New
[RFC,v3,10/19] selftests/landlock: Test adding a rule with family and type outside the range Support socket access-control - - - --- 2024-09-04 Mikhail Ivanov New
[RFC,v3,11/19] selftests/landlock: Test unsupported protocol restriction Support socket access-control - - - --- 2024-09-04 Mikhail Ivanov New
[RFC,v3,12/19] selftests/landlock: Test that kernel space sockets are not restricted Support socket access-control - - - --- 2024-09-04 Mikhail Ivanov New
[RFC,v3,13/19] selftests/landlock: Test packet protocol alias Support socket access-control - - - --- 2024-09-04 Mikhail Ivanov New
[RFC,v3,14/19] selftests/landlock: Test socketpair(2) restriction Support socket access-control - - - --- 2024-09-04 Mikhail Ivanov New
[RFC,v3,15/19] selftests/landlock: Test SCTP peeloff restriction Support socket access-control - - - --- 2024-09-04 Mikhail Ivanov New
[RFC,v3,16/19] selftests/landlock: Test that accept(2) is not restricted Support socket access-control - - - --- 2024-09-04 Mikhail Ivanov New
[RFC,v3,17/19] samples/landlock: Replace atoi() with strtoull() in populate_ruleset_net() Support socket access-control - - - --- 2024-09-04 Mikhail Ivanov New
[RFC,v3,18/19] samples/landlock: Support socket protocol restrictions Support socket access-control - - - --- 2024-09-04 Mikhail Ivanov New
[RFC,v3,19/19] landlock: Document socket rule type support Support socket access-control - - - --- 2024-09-04 Mikhail Ivanov New
[RFC] ima: Use sequence number to wait for policy updates [RFC] ima: Use sequence number to wait for policy updates - - - --- 2024-05-07 Roberto Sassu pcmoore New
[v1,1/2] landlock: Fix d_parent walk Fix warning in collect_domain_accesses() - - - --- 2024-05-16 Mickaël Salaün pcmoore New
[v11,1/8] Landlock: Add abstract UNIX socket restriction Landlock: Add abstract UNIX socket restriction - - - --- 2024-09-05 Tahera Fahimi New
[v11,2/8] selftests/landlock: Add test for handling unknown scope Landlock: Add abstract UNIX socket restriction - - - --- 2024-09-05 Tahera Fahimi New
[v11,3/8] selftests/landlock: Add abstract UNIX socket restriction tests Landlock: Add abstract UNIX socket restriction - - - --- 2024-09-05 Tahera Fahimi New
[v11,4/8] selftests/landlock: Add tests for UNIX sockets with any address formats Landlock: Add abstract UNIX socket restriction - - - --- 2024-09-05 Tahera Fahimi New
[v11,5/8] selftests/landlock: Test connected vs non-connected datagram UNIX socket Landlock: Add abstract UNIX socket restriction - - - --- 2024-09-05 Tahera Fahimi New
[v11,6/8] selftests/landlock: Restrict inherited datagram UNIX socket to connect Landlock: Add abstract UNIX socket restriction - - - --- 2024-09-05 Tahera Fahimi New
[v11,7/8] sample/landlock: Add support abstract UNIX socket restriction Landlock: Add abstract UNIX socket restriction - - - --- 2024-09-05 Tahera Fahimi New
[v11,8/8] Landlock: Document LANDLOCK_SCOPED_ABSTRACT_UNIX_SOCKET and ABI version Landlock: Add abstract UNIX socket restriction - - - --- 2024-09-05 Tahera Fahimi New
[v2,1/2] KEYS: use synchronous task work for changing parent credentials get rid of cred_transfer - - - --- 2024-08-05 Jann Horn pcmoore New
[v2,2/2] security: remove unused cred_alloc_blank/cred_transfer helpers get rid of cred_transfer - - - --- 2024-08-05 Jann Horn pcmoore New
[v2] dm verity: add support for signature verification with platform keyring [v2] dm verity: add support for signature verification with platform keyring - - - --- 2024-07-04 Luca Boccassi New
[v2] fs,security: Fix file_set_fowner LSM hook inconsistencies [v2] fs,security: Fix file_set_fowner LSM hook inconsistencies - - - --- 2024-08-12 Mickaël Salaün pcmoore Under Review
[v3,01/12] Update MAINTAINERS file. Implement Trusted Security Event Modeling. - - - --- 2024-04-01 Dr. Greg pcmoore Under Review
[v3,02/12] Add TSEM specific documentation. Implement Trusted Security Event Modeling. - - - --- 2024-04-01 Dr. Greg pcmoore Under Review
[v3,03/12] TSEM global declarations. Implement Trusted Security Event Modeling. - - - --- 2024-04-01 Dr. Greg pcmoore Under Review
[v3,04/12] Add primary TSEM implementation file. Implement Trusted Security Event Modeling. - - - --- 2024-04-01 Dr. Greg pcmoore Under Review
[v3,05/12] Add root domain trust implementation. Implement Trusted Security Event Modeling. - - - --- 2024-04-01 Dr. Greg pcmoore Under Review
[v3,06/12] Implement TSEM control plane. Implement Trusted Security Event Modeling. - - - --- 2024-04-01 Dr. Greg pcmoore Under Review
[v3,07/12] Add namespace implementation. Implement Trusted Security Event Modeling. - - - --- 2024-04-01 Dr. Greg pcmoore Under Review
[v3,08/12] Add security event description export facility. Implement Trusted Security Event Modeling. - - - --- 2024-04-01 Dr. Greg pcmoore Under Review
[v3,09/12] Add event processing implementation. Implement Trusted Security Event Modeling. - - - --- 2024-04-01 Dr. Greg pcmoore Under Review
[v3,1/2] fs: Fix file_set_fowner LSM hook inconsistencies [v3,1/2] fs: Fix file_set_fowner LSM hook inconsistencies - - - --- 2024-08-21 Mickaël Salaün pcmoore Under Review
[v3,1/3] LSM: add security_execve_abort() hook fs/exec: remove current->in_execve flag 1 - - --- 2024-02-06 Tetsuo Handa pcmoore Under Review
[v3,10/12] Implement security event mapping. Implement Trusted Security Event Modeling. - - - --- 2024-04-01 Dr. Greg pcmoore Under Review
[v3,11/12] Implement the internal Trusted Modeling Agent. Implement Trusted Security Event Modeling. - - - --- 2024-04-01 Dr. Greg pcmoore Under Review
[v3,12/12] Activate the configuration and build of the TSEM LSM. Implement Trusted Security Event Modeling. - - - --- 2024-04-01 Dr. Greg pcmoore Under Review
[v3,2/2] security: Update file_set_fowner documentation [v3,1/2] fs: Fix file_set_fowner LSM hook inconsistencies - - - --- 2024-08-21 Mickaël Salaün pcmoore Under Review
[v3,2/3] tomoyo: replace current->in_execve flag with security_execve_abort() hook fs/exec: remove current->in_execve flag 1 - - --- 2024-02-06 Tetsuo Handa pcmoore Under Review
[v3,3/3] fs/exec: remove current->in_execve flag fs/exec: remove current->in_execve flag 1 - - --- 2024-02-06 Tetsuo Handa pcmoore Under Review
[v39,03/42] LSM: Add the lsmblob data structure. LSM: General module stacking - - - --- 2023-12-15 Casey Schaufler pcmoore Under Review
[v39,04/42] IMA: avoid label collisions with stacked LSMs LSM: General module stacking - - - --- 2023-12-15 Casey Schaufler pcmoore Under Review
[v39,05/42] LSM: Use lsmblob in security_audit_rule_match LSM: General module stacking 1 1 - --- 2023-12-15 Casey Schaufler pcmoore Under Review
[v39,06/42] LSM: Add lsmblob_to_secctx hook LSM: General module stacking - - - --- 2023-12-15 Casey Schaufler pcmoore Under Review
[v39,07/42] Audit: maintain an lsmblob in audit_context LSM: General module stacking - - - --- 2023-12-15 Casey Schaufler pcmoore Under Review
[v39,08/42] LSM: Use lsmblob in security_ipc_getsecid LSM: General module stacking 2 2 - --- 2023-12-15 Casey Schaufler pcmoore Under Review
[v39,09/42] Audit: Update shutdown LSM data LSM: General module stacking - - - --- 2023-12-15 Casey Schaufler pcmoore Under Review
[v39,10/42] LSM: Use lsmblob in security_current_getsecid LSM: General module stacking 2 2 - --- 2023-12-15 Casey Schaufler pcmoore Under Review
[v39,11/42] LSM: Use lsmblob in security_inode_getsecid LSM: General module stacking 2 2 - --- 2023-12-15 Casey Schaufler pcmoore Under Review
[v39,12/42] Audit: use an lsmblob in audit_names LSM: General module stacking - - - --- 2023-12-15 Casey Schaufler pcmoore Under Review
[v39,13/42] LSM: Create new security_cred_getlsmblob LSM hook LSM: General module stacking 2 2 - --- 2023-12-15 Casey Schaufler pcmoore Under Review
« 1 2 »