Security modules development

Show patches with: State = Action Required | Archived = No | 102 patches

« 1 2 »

Patch	Series	A/R/T	S/W/F	Date	Submitter	Delegate	State
[v4,6/6] integrity: machine keyring CA configuration	Add CA enforcement keyring restrictions	- - -	---	2023-02-07	Eric Snowberg		New
[v4,5/6] KEYS: CA link restriction	Add CA enforcement keyring restrictions	- - -	---	2023-02-07	Eric Snowberg		New
[v4,4/6] KEYS: X.509: Parse Key Usage	Add CA enforcement keyring restrictions	- - -	---	2023-02-07	Eric Snowberg		New
[v4,3/6] KEYS: X.509: Parse Basic Constraints for CA	Add CA enforcement keyring restrictions	- - -	---	2023-02-07	Eric Snowberg		New
[v4,2/6] KEYS: Add missing function documentation	Add CA enforcement keyring restrictions	- 1 -	---	2023-02-07	Eric Snowberg		New
[v4,1/6] KEYS: Create static version of public_key_verify_signature	Add CA enforcement keyring restrictions	- 2 -	---	2023-02-07	Eric Snowberg		New
[v15,26/26] ima: Enable IMA namespaces	ima: Namespace IMA with audit support in IMA-ns	- - -	---	2023-02-06	Stefan Berger		New
[v15,25/26] ima: Restrict informational audit messages to init_ima_ns	ima: Namespace IMA with audit support in IMA-ns	- - -	---	2023-02-06	Stefan Berger		New
[v15,24/26] ima: Limit number of policy rules in non-init_ima_ns	ima: Namespace IMA with audit support in IMA-ns	- - -	---	2023-02-06	Stefan Berger		New
[v15,23/26] ima: Show owning user namespace's uid and gid when displaying policy	ima: Namespace IMA with audit support in IMA-ns	- 2 -	---	2023-02-06	Stefan Berger		New
[v15,22/26] ima: Introduce securityfs file to activate an IMA namespace	ima: Namespace IMA with audit support in IMA-ns	- - -	---	2023-02-06	Stefan Berger		New
[v15,21/26] ima: Setup securityfs for IMA namespace	ima: Namespace IMA with audit support in IMA-ns	2 1 -	---	2023-02-06	Stefan Berger		New
[v15,20/26] ima: Remove unused iints from the integrity_iint_cache	ima: Namespace IMA with audit support in IMA-ns	- - -	---	2023-02-06	Stefan Berger		New
[v15,19/26] ima: Namespace audit status flags	ima: Namespace IMA with audit support in IMA-ns	- - -	---	2023-02-06	Stefan Berger		New
[v15,18/26] integrity: Add optional callback function to integrity_inode_free()	ima: Namespace IMA with audit support in IMA-ns	- - -	---	2023-02-06	Stefan Berger		New
[v15,17/26] integrity/ima: Define ns_status for storing namespaced iint data	ima: Namespace IMA with audit support in IMA-ns	- - -	---	2023-02-06	Stefan Berger		New
[v15,16/26] ima: Add functions for creating and freeing of an ima_namespace	ima: Namespace IMA with audit support in IMA-ns	2 1 -	---	2023-02-06	Stefan Berger		New
[v15,15/26] ima: Implement ima_free_policy_rules() for freeing of an ima_namespace	ima: Namespace IMA with audit support in IMA-ns	- 2 -	---	2023-02-06	Stefan Berger		New
[v15,14/26] ima: Implement hierarchical processing of file accesses	ima: Namespace IMA with audit support in IMA-ns	- 2 -	---	2023-02-06	Stefan Berger		New
[v15,13/26] userns: Add pointer to ima_namespace to user_namespace	ima: Namespace IMA with audit support in IMA-ns	1 1 -	---	2023-02-06	Stefan Berger		New
[v15,12/26] ima: Only accept AUDIT rules for non-init_ima_ns namespaces for now	ima: Namespace IMA with audit support in IMA-ns	1 1 -	---	2023-02-06	Stefan Berger		New
[v15,11/26] ima: Define mac_admin_ns_capable() as a wrapper for ns_capable()	ima: Namespace IMA with audit support in IMA-ns	- - -	---	2023-02-06	Stefan Berger		New
[v15,10/26] ima: Switch to lazy lsm policy updates for better performance	ima: Namespace IMA with audit support in IMA-ns	1 - -	---	2023-02-06	Stefan Berger		New
[v15,09/26] ima: Move ima_lsm_policy_notifier into ima_namespace	ima: Namespace IMA with audit support in IMA-ns	1 1 -	---	2023-02-06	Stefan Berger		New
[v15,08/26] ima: Move IMA securityfs files into ima_namespace or onto stack	ima: Namespace IMA with audit support in IMA-ns	2 1 -	---	2023-02-06	Stefan Berger		New
[v15,07/26] ima: Move some IMA policy and filesystem related variables into ima_namespace	ima: Namespace IMA with audit support in IMA-ns	2 1 -	---	2023-02-06	Stefan Berger		New
[v15,06/26] ima: Move measurement list related variables into ima_namespace	ima: Namespace IMA with audit support in IMA-ns	- 2 -	---	2023-02-06	Stefan Berger		New
[v15,05/26] ima: Move ima_htable into ima_namespace	ima: Namespace IMA with audit support in IMA-ns	1 2 -	---	2023-02-06	Stefan Berger		New
[v15,04/26] ima: Move arch_policy_entry into ima_namespace	ima: Namespace IMA with audit support in IMA-ns	1 2 -	---	2023-02-06	Stefan Berger		New
[v15,03/26] ima: Define ima_namespace struct and start moving variables into it	ima: Namespace IMA with audit support in IMA-ns	1 1 -	---	2023-02-06	Stefan Berger		New
[v15,02/26] securityfs: Extend securityfs with namespacing support	ima: Namespace IMA with audit support in IMA-ns	1 - -	---	2023-02-06	Stefan Berger		New
[v15,01/26] securityfs: rework dentry creation	ima: Namespace IMA with audit support in IMA-ns	- 2 -	---	2023-02-06	Stefan Berger		New
[14/14] Activate the configuration and build of the TSEM LSM.	Implement Trusted Security Event Modeling.	- - -	---	2023-02-04	Dr. Greg		New
[13/14] Implement an internal Trusted Modeling Agent.	Implement Trusted Security Event Modeling.	- - -	---	2023-02-04	Dr. Greg		New
[12/14] Implement security event mapping.	Implement Trusted Security Event Modeling.	- - -	---	2023-02-04	Dr. Greg		New
[11/14] Add event description implementation.	Implement Trusted Security Event Modeling.	- - -	---	2023-02-04	Dr. Greg		New
[10/14] Add security event description export facility.	Implement Trusted Security Event Modeling.	- - -	---	2023-02-04	Dr. Greg		New
[09/14] Add namespace implementation.	Implement Trusted Security Event Modeling.	- - -	---	2023-02-04	Dr. Greg		New
[08/14] Implement TSEM control plane.	Implement Trusted Security Event Modeling.	- - -	---	2023-02-04	Dr. Greg		New
[07/14] Add root domain trust implementation.	Implement Trusted Security Event Modeling.	- - -	---	2023-02-04	Dr. Greg		New
[06/14] Add primary TSEM implementation file.	Implement Trusted Security Event Modeling.	- - -	---	2023-02-04	Dr. Greg		New
[05/14] Add TSEM master header file.	Implement Trusted Security Event Modeling.	- - -	---	2023-02-04	Dr. Greg		New
[04/14] Implement CAP_TRUST capability.	Implement Trusted Security Event Modeling.	- - -	---	2023-02-04	Dr. Greg		New
[03/14] Add magic number for tsemfs.	Implement Trusted Security Event Modeling.	- - -	---	2023-02-04	Dr. Greg		New
[02/14] Add TSEM specific documentation.	Implement Trusted Security Event Modeling.	- - -	---	2023-02-04	Dr. Greg		New
[01/14] Update MAINTAINERS file.	Implement Trusted Security Event Modeling.	- - -	---	2023-02-04	Dr. Greg		New
[ima-evm-utils,v5] Add tests for MMAP_CHECK and MMAP_CHECK_REQPROT hooks	[ima-evm-utils,v5] Add tests for MMAP_CHECK and MMAP_CHECK_REQPROT hooks	- - -	---	2023-02-03	Roberto Sassu		New
landlock: Clarify documentation for the LANDLOCK_ACCESS_FS_REFER right	landlock: Clarify documentation for the LANDLOCK_ACCESS_FS_REFER right	- - -	---	2023-02-02	Günther Noack		New
[ima-evm-utils,v4] Add tests for MMAP_CHECK and MMAP_CHECK_REQPROT hooks	[ima-evm-utils,v4] Add tests for MMAP_CHECK and MMAP_CHECK_REQPROT hooks	- - -	---	2023-02-02	Roberto Sassu		New
[ima-evm-utils,v3] Add tests for MMAP_CHECK and MMAP_CHECK_REQPROT hooks	[ima-evm-utils,v3] Add tests for MMAP_CHECK and MMAP_CHECK_REQPROT hooks	- - -	---	2023-02-01	Roberto Sassu		New
[ima-evm-utils,v2] Add tests for MMAP_CHECK and MMAP_CHECK_REQPROT hooks	[ima-evm-utils,v2] Add tests for MMAP_CHECK and MMAP_CHECK_REQPROT hooks	- 1 -	---	2023-01-31	Roberto Sassu		New
[v4,2/2] ima: Introduce MMAP_CHECK_REQPROT hook	[v4,1/2] ima: Align ima_file_mmap() parameters with mmap_file LSM hook	- - -	---	2023-01-31	Roberto Sassu		New
[v4,1/2] ima: Align ima_file_mmap() parameters with mmap_file LSM hook	[v4,1/2] ima: Align ima_file_mmap() parameters with mmap_file LSM hook	- 1 -	---	2023-01-31	Roberto Sassu		New
[-next] evm: call dump_security_xattr() in all cases to remove code duplication	[-next] evm: call dump_security_xattr() in all cases to remove code duplication	- - -	---	2023-01-31	xiujianfeng		New
[RFC,v9,16/16] documentation: add ipe documentation	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-01-30	Fan Wu		New
[RFC,v9,15/16] ipe: kunit test for parser	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-01-30	Fan Wu		New
[RFC,v9,14/16] scripts: add boot policy generation program	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-01-30	Fan Wu		New
[RFC,v9,13/16] ipe: enable support for fs-verity as a trust provider	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-01-30	Fan Wu		New
[RFC,v9,12/16] fsverity: consume builtin signature via LSM hook	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-01-30	Fan Wu		New
[RFC,v9,11/16] ipe: add support for dm-verity as a trust provider	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-01-30	Fan Wu		New
[RFC,v9,10/16] dm-verity: consume root hash digest and signature data via LSM hook	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-01-30	Fan Wu		New
[RFC,v9,09/16] block\|security: add LSM blob to block_device	Integrity Policy Enforcement LSM (IPE)	- 1 -	---	2023-01-30	Fan Wu		New
[RFC,v9,08/16] ipe: add permissive toggle	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-01-30	Fan Wu		New
[RFC,v9,07/16] uapi\|audit\|ipe: add ipe auditing support	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-01-30	Fan Wu		New
[RFC,v9,06/16] ipe: add LSM hooks on execution and kernel read	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-01-30	Fan Wu		New
[RFC,v9,05/16] ipe: add userspace interface	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-01-30	Fan Wu		New
[RFC,v9,04/16] security: add new securityfs delete function	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-01-30	Fan Wu		New
[RFC,v9,03/16] ipe: add evaluation loop and introduce 'boot_verified' as a trust provider	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-01-30	Fan Wu		New
[RFC,v9,02/16] ipe: add policy parser	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-01-30	Fan Wu		New
[RFC,v9,01/16] security: add ipe lsm	Integrity Policy Enforcement LSM (IPE)	- - -	---	2023-01-30	Fan Wu		New
[-next] evm: call dump_security_xattr() in all cases to remove code duplication	[-next] evm: call dump_security_xattr() in all cases to remove code duplication	- - -	---	2023-01-29	xiujianfeng		New
[25/35] Documentation: security: correct spelling	Documentation: correct lots of spelling errors (series 1)	- 1 -	---	2023-01-27	Randy Dunlap		New
[ima-evm-utils] Add tests for MMAP_CHECK and MMAP_CHECK_REQPROT hooks	[ima-evm-utils] Add tests for MMAP_CHECK and MMAP_CHECK_REQPROT hooks	- - -	---	2023-01-26	Roberto Sassu		New
[v3,2/2] ima: Introduce MMAP_CHECK_REQPROT hook	[v3,1/2] ima: Align ima_file_mmap() parameters with mmap_file LSM hook	- - -	---	2023-01-26	Roberto Sassu		New
[v3,1/2] ima: Align ima_file_mmap() parameters with mmap_file LSM hook	[v3,1/2] ima: Align ima_file_mmap() parameters with mmap_file LSM hook	- 1 -	---	2023-01-26	Roberto Sassu		New
[v3,2/2] vfs: avoid duplicating creds in faccessat if possible	[v3,1/2] capability: add cap_isidentical	- - -	---	2023-01-25	Mateusz Guzik		New
[v3,1/2] capability: add cap_isidentical	[v3,1/2] capability: add cap_isidentical	- 1 -	---	2023-01-25	Mateusz Guzik		New
smackfs: Added check catlen	smackfs: Added check catlen	- - -	---	2023-01-24	Denis Arefev		New
[RFC,v2,7/7] selftests/bpf: Change return value in test_libbpf_get_fd_by_id_opts.c	bpf-lsm: Check return values of security modules	- - -	---	2022-12-07	Roberto Sassu		New
[RFC,v2,6/7] selftests/bpf: Prevent positive ret values in test_lsm and verify_pkcs7_sig	bpf-lsm: Check return values of security modules	- - -	---	2022-12-07	Roberto Sassu		New
[RFC,v2,5/7] selftests/bpf: Check if return values of LSM programs are allowed	bpf-lsm: Check return values of security modules	- - -	---	2022-12-07	Roberto Sassu		New
[RFC,v2,4/7] bpf-lsm: Enforce return value limitations on security modules	bpf-lsm: Check return values of security modules	- - -	---	2022-12-07	Roberto Sassu		New
[RFC,v2,3/7] lsm: Redefine LSM_HOOK() macro to add return value flags as argument	bpf-lsm: Check return values of security modules	- - -	---	2022-12-07	Roberto Sassu		New
[RFC,v2,2/7] bpf: Mark ALU32 operations in bpf_reg_state structure	bpf-lsm: Check return values of security modules	- - -	---	2022-12-07	Roberto Sassu		New
[RFC,v2,1/7] bpf: Remove superfluous btf_id_set_contains() declaration	bpf-lsm: Check return values of security modules	- - -	---	2022-12-07	Roberto Sassu		New
[v5] evm: Correct inode_init_security hooks behaviors	[v5] evm: Correct inode_init_security hooks behaviors	- - -	---	2022-11-25	Nicolas Bouchinet		New
[RESEND,bpf-next,4/4] bpf: Only enable BPF LSM hooks when an LSM program is attached	Reduce overhead of LSMs with static calls	- - -	---	2023-01-20	KP Singh	pcmoore	New
[RESEND,bpf-next,3/4] security: Replace indirect LSM hook calls with static calls	Reduce overhead of LSMs with static calls	- - -	---	2023-01-20	KP Singh	pcmoore	New
[RESEND,bpf-next,2/4] security: Generate a header with the count of enabled LSMs	Reduce overhead of LSMs with static calls	- - -	---	2023-01-20	KP Singh	pcmoore	New
[RESEND,bpf-next,1/4] kernel: Add helper macros for loop unrolling	Reduce overhead of LSMs with static calls	- - -	---	2023-01-20	KP Singh	pcmoore	New
[v2,2/2] vfs: avoid duplicating creds in faccessat if possible	[v2,1/2] capability: add cap_isidentical	- - -	---	2023-01-16	Mateusz Guzik	pcmoore	New
[v2,1/2] capability: add cap_isidentical	[v2,1/2] capability: add cap_isidentical	- 1 -	---	2023-01-16	Mateusz Guzik	pcmoore	New
[v2] security: Restore passing final prot to ima_file_mmap()	[v2] security: Restore passing final prot to ima_file_mmap()	- - -	---	2022-12-21	Roberto Sassu	pcmoore	New
[2/2] doc: Fix fs_context_parse_param description in mount_api.rst	[1/2] lsm: Fix description of fs_context_parse_param	- - -	---	2022-12-09	Roberto Sassu	pcmoore	Under Review
[v7,6/6] evm: Support multiple LSMs providing an xattr	evm: Do HMAC of multiple per LSM xattrs for new inodes	- 1 -	---	2022-12-01	Roberto Sassu	pcmoore	New
[v7,5/6] evm: Align evm_inode_init_security() definition with LSM infrastructure	evm: Do HMAC of multiple per LSM xattrs for new inodes	- 1 -	---	2022-12-01	Roberto Sassu	pcmoore	New
[v7,4/6] security: Allow all LSMs to provide xattrs for inode_init_security hook	evm: Do HMAC of multiple per LSM xattrs for new inodes	- 1 -	---	2022-12-01	Roberto Sassu	pcmoore	New
[v7,3/6] security: Remove security_old_inode_init_security()	evm: Do HMAC of multiple per LSM xattrs for new inodes	- 1 -	---	2022-12-01	Roberto Sassu	pcmoore	New
[v7,2/6] ocfs2: Switch to security_inode_init_security()	evm: Do HMAC of multiple per LSM xattrs for new inodes	- 1 -	---	2022-12-01	Roberto Sassu	pcmoore	New
[v7,1/6] reiserfs: Switch to security_inode_init_security()	evm: Do HMAC of multiple per LSM xattrs for new inodes	- 1 -	---	2022-12-01	Roberto Sassu	pcmoore	New

« 1 2 »