Security modules development

Show patches with: State = Action Required | Archived = No | 104 patches

« 1 2 »

Patch	Series	A/R/T	S/W/F	Date	Submitter	Delegate	State
[v3] proc: add config & param to block forcing mem writes	[v3] proc: add config & param to block forcing mem writes	- - -	---	2024-07-26	Adrian Ratiu		New
[GIT,PULL] AppArmor updates for 6.11-rc1	[GIT,PULL] AppArmor updates for 6.11-rc1	- - -	---	2024-07-25	John Johansen		New
security/tomoyo: Prevent message flooding if no Tomoyo loader is present	security/tomoyo: Prevent message flooding if no Tomoyo loader is present	- - -	---	2024-07-25	Yafang Shao		New
[RFC] lsm: add the inode_free_security_rcu() LSM implementation hook	[RFC] lsm: add the inode_free_security_rcu() LSM implementation hook	- - -	---	2024-07-10	Paul Moore		New
binfmt_elf: Fail execution of shared objects with ELIBEXEC (was: Re: [RFC PATCH v19 1/5] exec: Add …	binfmt_elf: Fail execution of shared objects with ELIBEXEC (was: Re: [RFC PATCH v19 1/5] exec: Add …	- - -	---	2024-07-08	Florian Weimer		New
[RFC,v19,5/5] samples/should-exec: Add set-should-exec	Script execution control (was O_MAYEXEC)	- - -	---	2024-07-04	Mickaël Salaün		New
[RFC,v19,4/5] selftests/landlock: Add tests for execveat + AT_CHECK	Script execution control (was O_MAYEXEC)	- - -	---	2024-07-04	Mickaël Salaün		New
[RFC,v19,3/5] selftests/exec: Add tests for AT_CHECK and related securebits	Script execution control (was O_MAYEXEC)	- - -	---	2024-07-04	Mickaël Salaün		New
[RFC,v19,2/5] security: Add new SHOULD_EXEC_CHECK and SHOULD_EXEC_RESTRICT securebits	Script execution control (was O_MAYEXEC)	- - -	---	2024-07-04	Mickaël Salaün		New
[RFC,v19,1/5] exec: Add a new AT_CHECK flag to execveat(2)	Script execution control (was O_MAYEXEC)	- - -	---	2024-07-04	Mickaël Salaün		New
[v2] dm verity: add support for signature verification with platform keyring	[v2] dm verity: add support for signature verification with platform keyring	- - -	---	2024-07-04	Luca Boccassi		New
[RFC,v2,8/8] clavis: Introduce new LSM called clavis	Clavis LSM	- - -	---	2024-05-31	Eric Snowberg	pcmoore	New
[RFC,v2,7/8] clavis: Introduce a new key type called clavis_key_acl	Clavis LSM	- - -	---	2024-05-31	Eric Snowberg	pcmoore	New
[RFC,v2,6/8] keys: Add ability to track intended usage of the public key	Clavis LSM	- - -	---	2024-05-31	Eric Snowberg	pcmoore	New
[RFC,v2,5/8] keys: Add new verification type (VERIFYING_CLAVIS_SIGNATURE)	Clavis LSM	- - -	---	2024-05-31	Eric Snowberg	pcmoore	New
[RFC,v2,4/8] clavis: Prevent clavis boot param from changing during kexec	Clavis LSM	- - -	---	2024-05-31	Eric Snowberg	pcmoore	New
[RFC,v2,3/8] efi: Make clavis boot param persist across kexec	Clavis LSM	- - -	---	2024-05-31	Eric Snowberg	pcmoore	New
[RFC,v2,2/8] clavis: Introduce a new system keyring called clavis	Clavis LSM	- - -	---	2024-05-31	Eric Snowberg	pcmoore	New
[RFC,v2,1/8] certs: Introduce ability to link to a system key	Clavis LSM	- - -	---	2024-05-31	Eric Snowberg	pcmoore	New
cred: plug a hole in struct cred	cred: plug a hole in struct cred	- - -	---	2024-05-30	Mateusz Guzik	pcmoore	New
[v1,1/2] landlock: Fix d_parent walk	Fix warning in collect_domain_accesses()	- - -	---	2024-05-16	Mickaël Salaün	pcmoore	New
[RFC] ima: Use sequence number to wait for policy updates	[RFC] ima: Use sequence number to wait for policy updates	- - -	---	2024-05-07	Roberto Sassu	pcmoore	New
[2/2] selftests/landlock: Create 'listen_zero', 'deny_listen_zero' tests	Forbid illegitimate binding via listen(2)	- 1 -	---	2024-04-08	Ivanov Mikhail	pcmoore	New
[1/2] landlock: Add hook on socket_listen()	Forbid illegitimate binding via listen(2)	- 1 -	---	2024-04-08	Ivanov Mikhail	pcmoore	New
[v3,12/12] Activate the configuration and build of the TSEM LSM.	Implement Trusted Security Event Modeling.	- - -	---	2024-04-01	Dr. Greg	pcmoore	New
[v3,11/12] Implement the internal Trusted Modeling Agent.	Implement Trusted Security Event Modeling.	- - -	---	2024-04-01	Dr. Greg	pcmoore	New
[v3,10/12] Implement security event mapping.	Implement Trusted Security Event Modeling.	- - -	---	2024-04-01	Dr. Greg	pcmoore	New
[v3,09/12] Add event processing implementation.	Implement Trusted Security Event Modeling.	- - -	---	2024-04-01	Dr. Greg	pcmoore	New
[v3,08/12] Add security event description export facility.	Implement Trusted Security Event Modeling.	- - -	---	2024-04-01	Dr. Greg	pcmoore	New
[v3,07/12] Add namespace implementation.	Implement Trusted Security Event Modeling.	- - -	---	2024-04-01	Dr. Greg	pcmoore	New
[v3,06/12] Implement TSEM control plane.	Implement Trusted Security Event Modeling.	- - -	---	2024-04-01	Dr. Greg	pcmoore	New
[v3,05/12] Add root domain trust implementation.	Implement Trusted Security Event Modeling.	- - -	---	2024-04-01	Dr. Greg	pcmoore	New
[v3,04/12] Add primary TSEM implementation file.	Implement Trusted Security Event Modeling.	- - -	---	2024-04-01	Dr. Greg	pcmoore	New
[v3,03/12] TSEM global declarations.	Implement Trusted Security Event Modeling.	- - -	---	2024-04-01	Dr. Greg	pcmoore	New
[v3,02/12] Add TSEM specific documentation.	Implement Trusted Security Event Modeling.	- - -	---	2024-04-01	Dr. Greg	pcmoore	New
[v3,01/12] Update MAINTAINERS file.	Implement Trusted Security Event Modeling.	- - -	---	2024-04-01	Dr. Greg	pcmoore	New
[v1,2/2] lsm: Refactor return value of LSM hook inode_copy_up_xattr	Refactor return value of two lsm hooks	- - -	---	2024-07-24	Xu Kuohai	pcmoore	Under Review
[v1,1/2] lsm: Refactor return value of LSM hook vm_enough_memory	Refactor return value of two lsm hooks	- - -	---	2024-07-24	Xu Kuohai	pcmoore	Under Review
[v2,6/6] LSM: Infrastructure management of the perf_event security blob	LSM: Infrastructure blob allocation	- 1 -	---	2024-07-10	Casey Schaufler	pcmoore	Under Review
[v2,5/6] LSM: Infrastructure management of the infiniband blob	LSM: Infrastructure blob allocation	- 1 -	---	2024-07-10	Casey Schaufler	pcmoore	Under Review
[v2,4/6] LSM: Infrastructure management of the dev_tun blob	LSM: Infrastructure blob allocation	- 1 -	---	2024-07-10	Casey Schaufler	pcmoore	Under Review
[v2,3/6] LSM: Add helper for blob allocations	LSM: Infrastructure blob allocation	- 1 -	---	2024-07-10	Casey Schaufler	pcmoore	Under Review
[v2,2/6] LSM: Infrastructure management of the key security blob	LSM: Infrastructure blob allocation	- 1 -	---	2024-07-10	Casey Schaufler	pcmoore	Under Review
[v2,1/6] LSM: Infrastructure management of the sock security	LSM: Infrastructure blob allocation	2 2 -	---	2024-07-10	Casey Schaufler	pcmoore	Under Review
[v14,3/3] security: Replace indirect LSM hook calls with static calls	Reduce overhead of LSMs with static calls	2 2 -	---	2024-07-10	KP Singh	pcmoore	Under Review
[v14,2/3] security: Count the LSMs enabled at compile time	Reduce overhead of LSMs with static calls	2 2 -	---	2024-07-10	KP Singh	pcmoore	Under Review
[v14,1/3] kernel: Add helper macros for loop unrolling	Reduce overhead of LSMs with static calls	2 2 -	---	2024-07-10	KP Singh	pcmoore	Under Review
[1/6] LSM: Infrastructure management of the sock security	LSM: Infrastructure blob allocation	2 2 -	---	2024-07-08	Casey Schaufler	pcmoore	Under Review
[RFC,1/2] lsm: introduce new hook security_vm_execstack	[RFC,1/2] lsm: introduce new hook security_vm_execstack	- - -	---	2024-03-15	Christian Göttsche	pcmoore	Under Review
[RFC,2/2] selinux: wire up new execstack LSM hook	[RFC,1/2] lsm: introduce new hook security_vm_execstack	- - -	---	2024-03-15	Christian Göttsche	pcmoore	Under Review
[10/10] coccinelle: add script for capable_any()	[01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY	- - -	---	2024-03-15	Christian Göttsche	pcmoore	Under Review
[09/10] bpf: use new capable_any functionality	[01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY	1 - -	---	2024-03-15	Christian Göttsche	pcmoore	Under Review
[08/10] net: use new capable_any functionality	[01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY	- 1 -	---	2024-03-15	Christian Göttsche	pcmoore	Under Review
[07/10] kernel: use new capable_any functionality	[01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY	- 2 -	---	2024-03-15	Christian Göttsche	pcmoore	Under Review
[06/10] fs: use new capable_any functionality	[01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY	1 - -	---	2024-03-15	Christian Göttsche	pcmoore	Under Review
[05/10] drivers: use new capable_any functionality	[01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY	2 - -	---	2024-03-15	Christian Göttsche	pcmoore	Under Review
[04/10] block: use new capable_any functionality	[01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY	- - -	---	2024-03-15	Christian Göttsche	pcmoore	Under Review
[03/10] capability: use new capable_any functionality	[01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY	1 - -	---	2024-03-15	Christian Göttsche	pcmoore	Under Review
[02/10] capability: add any wrappers to test for multiple caps with exactly one audit message	[01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY	- 1 -	---	2024-03-15	Christian Göttsche	pcmoore	Under Review
[01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY	[01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY	2 1 -	---	2024-03-15	Christian Göttsche	pcmoore	Under Review
[v3,3/3] fs/exec: remove current->in_execve flag	fs/exec: remove current->in_execve flag	1 - -	---	2024-02-06	Tetsuo Handa	pcmoore	Under Review
[v3,2/3] tomoyo: replace current->in_execve flag with security_execve_abort() hook	fs/exec: remove current->in_execve flag	1 - -	---	2024-02-06	Tetsuo Handa	pcmoore	Under Review
[v3,1/3] LSM: add security_execve_abort() hook	fs/exec: remove current->in_execve flag	1 - -	---	2024-02-06	Tetsuo Handa	pcmoore	Under Review
[v39,42/42] Smack: Remove LSM_FLAG_EXCLUSIVE	LSM: General module stacking	- - -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,41/42] LSM: restrict security_cred_getsecid() to a single LSM	LSM: General module stacking	- - -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,40/42] LSM: Allow reservation of netlabel	LSM: General module stacking	- - -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,39/42] LSM: Remove lsmblob scaffolding	LSM: General module stacking	- - -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,38/42] LSM: Correct handling of ENOSYS in inode_setxattr	LSM: General module stacking	- - -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,37/42] LSM: Infrastructure management of the mnt_opts security blob	LSM: General module stacking	- - -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,36/42] LSM: Infrastructure management of the key security blob	LSM: General module stacking	- - -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,35/42] LSM: allocate mnt_opts blobs instead of module specific data	LSM: General module stacking	- - -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,34/42] LSM: Add mount opts blob size tracking	LSM: General module stacking	- - -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,33/42] AppArmor: Remove the exclusive flag	LSM: General module stacking	2 1 -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,32/42] LSM: Identify which LSM handles the context string	LSM: General module stacking	- - -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,31/42] LSM: Exclusive secmark usage	LSM: General module stacking	- - -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,30/42] LSM: Single calls in socket_getpeersec hooks	LSM: General module stacking	- - -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,29/42] LSM: secctx provider check on release	LSM: General module stacking	- - -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,28/42] LSM: Improve logic in security_getprocattr	LSM: General module stacking	- - -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,27/42] LSM: Remove unused lsmcontext_init()	LSM: General module stacking	- - -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,26/42] Audit: Add record for multiple object contexts	LSM: General module stacking	1 - -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,25/42] audit: multiple subject lsm values for netlabel	LSM: General module stacking	1 - -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,24/42] Audit: Add record for multiple task security contexts	LSM: General module stacking	1 - -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,23/42] Audit: Allow multiple records in an audit_buffer	LSM: General module stacking	- - -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,22/42] Audit: Create audit_stamp structure	LSM: General module stacking	1 - -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,21/42] LSM: security_lsmblob_to_secctx module selection	LSM: General module stacking	- - -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,20/42] LSM: Use lsmcontext in security_dentry_init_security	LSM: General module stacking	- - -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,19/42] LSM: Use lsmcontext in security_inode_getsecctx	LSM: General module stacking	3 2 -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,18/42] LSM: Use lsmcontext in security_lsmblob_to_secctx	LSM: General module stacking	- - -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,17/42] LSM: Use lsmcontext in security_secid_to_secctx	LSM: General module stacking	- - -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,16/42] LSM: Ensure the correct LSM context releaser	LSM: General module stacking	3 2 -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,15/42] Netlabel: Use lsmblob for audit data	LSM: General module stacking	- - -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,14/42] Audit: Change context data from secid to lsmblob	LSM: General module stacking	- - -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,13/42] LSM: Create new security_cred_getlsmblob LSM hook	LSM: General module stacking	2 2 -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,12/42] Audit: use an lsmblob in audit_names	LSM: General module stacking	- - -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,11/42] LSM: Use lsmblob in security_inode_getsecid	LSM: General module stacking	2 2 -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,10/42] LSM: Use lsmblob in security_current_getsecid	LSM: General module stacking	2 2 -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,09/42] Audit: Update shutdown LSM data	LSM: General module stacking	- - -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,08/42] LSM: Use lsmblob in security_ipc_getsecid	LSM: General module stacking	2 2 -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,07/42] Audit: maintain an lsmblob in audit_context	LSM: General module stacking	- - -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review
[v39,06/42] LSM: Add lsmblob_to_secctx hook	LSM: General module stacking	- - -	---	2023-12-15	Casey Schaufler	pcmoore	Under Review

« 1 2 »