Security modules development

Show patches with: State = Action Required | Archived = No | 179 patches

« 1 2 »

Patch	Series	A/R/T	S/W/F	Date	Submitter	Delegate	State
[bpf-next,v3,01/11] bpf, lsm: Annotate lsm hook return value range	Add check for bpf lsm return value	- - -	---	2024-04-11	Xu Kuohai	pcmoore	New
[bpf-next,v3,02/11] bpf, lsm: Add helper to read lsm hook return value range	Add check for bpf lsm return value	- - -	---	2024-04-11	Xu Kuohai	pcmoore	New
[bpf-next,v3,03/11] bpf, lsm: Check bpf lsm hook return values in verifier	Add check for bpf lsm return value	1 - -	---	2024-04-11	Xu Kuohai	pcmoore	New
[bpf-next,v3,04/11] bpf, lsm: Add bpf lsm disabled hook list	Add check for bpf lsm return value	- - -	---	2024-04-11	Xu Kuohai	pcmoore	New
[bpf-next,v3,05/11] bpf: Avoid progs for different hooks calling each other with tail call	Add check for bpf lsm return value	- - -	---	2024-04-11	Xu Kuohai	pcmoore	New
[bpf-next,v3,06/11] bpf: Fix compare error in function retval_range_within	Add check for bpf lsm return value	- - -	---	2024-04-11	Xu Kuohai	pcmoore	New
[bpf-next,v3,07/11] bpf: Fix a false rejection caused by AND operation	Add check for bpf lsm return value	- - -	---	2024-04-11	Xu Kuohai	pcmoore	New
[bpf-next,v3,08/11] selftests/bpf: Avoid load failure for token_lsm.c	Add check for bpf lsm return value	- - -	---	2024-04-11	Xu Kuohai	pcmoore	New
[bpf-next,v3,09/11] selftests/bpf: Add return value checks for failed tests	Add check for bpf lsm return value	- - -	---	2024-04-11	Xu Kuohai	pcmoore	New
[bpf-next,v3,10/11] selftests/bpf: Add test for lsm tail call	Add check for bpf lsm return value	- - -	---	2024-04-11	Xu Kuohai	pcmoore	New
[bpf-next,v3,11/11] selftests/bpf: Add verifier tests for bpf lsm	Add check for bpf lsm return value	- - -	---	2024-04-11	Xu Kuohai	pcmoore	New
[v3,1/3] LSM: add security_execve_abort() hook	fs/exec: remove current->in_execve flag	1 - -	---	2024-02-06	Tetsuo Handa	pcmoore	Under Review
[v3,2/3] tomoyo: replace current->in_execve flag with security_execve_abort() hook	fs/exec: remove current->in_execve flag	1 - -	---	2024-02-06	Tetsuo Handa	pcmoore	Under Review
[v3,3/3] fs/exec: remove current->in_execve flag	fs/exec: remove current->in_execve flag	1 - -	---	2024-02-06	Tetsuo Handa	pcmoore	Under Review
[2/2] doc: Fix fs_context_parse_param description in mount_api.rst	[1/2] lsm: Fix description of fs_context_parse_param	- - -	---	2022-12-09	Roberto Sassu	pcmoore	Under Review
[1/2] security: Handle dentries without inode in security_path_post_mknod()	[1/2] security: Handle dentries without inode in security_path_post_mknod()	2 - -	---	2024-03-29	Roberto Sassu	pcmoore	Under Review
[2/2] ima: evm: Rename _post_path_mknod() to _path_post_mknod()	[1/2] security: Handle dentries without inode in security_path_post_mknod()	1 1 -	---	2024-03-29	Roberto Sassu	pcmoore	Under Review
[v4,01/14] lib: Add TLV parser	security: digest_cache LSM	- - -	---	2024-04-15	Roberto Sassu	pcmoore	New
[v4,02/14] security: Introduce the digest_cache LSM	security: digest_cache LSM	- - -	---	2024-04-15	Roberto Sassu	pcmoore	New
[v4,03/14] digest_cache: Add securityfs interface	security: digest_cache LSM	- - -	---	2024-04-15	Roberto Sassu	pcmoore	New
[v4,04/14] digest_cache: Add hash tables and operations	security: digest_cache LSM	- - -	---	2024-04-15	Roberto Sassu	pcmoore	New
[v4,05/14] digest_cache: Populate the digest cache from a digest list	security: digest_cache LSM	- - -	---	2024-04-15	Roberto Sassu	pcmoore	New
[v4,06/14] digest_cache: Parse tlv digest lists	security: digest_cache LSM	- - -	---	2024-04-15	Roberto Sassu	pcmoore	New
[v4,07/14] digest_cache: Parse rpm digest lists	security: digest_cache LSM	- - -	---	2024-04-15	Roberto Sassu	pcmoore	New
[v4,08/14] digest_cache: Add management of verification data	security: digest_cache LSM	- - -	---	2024-04-15	Roberto Sassu	pcmoore	New
[v4,09/14] digest_cache: Add support for directories	security: digest_cache LSM	- - -	---	2024-04-15	Roberto Sassu	pcmoore	New
[v4,10/14] digest cache: Prefetch digest lists if requested	security: digest_cache LSM	- - -	---	2024-04-15	Roberto Sassu	pcmoore	New
[v4,11/14] digest_cache: Reset digest cache on file/directory change	security: digest_cache LSM	- - -	---	2024-04-15	Roberto Sassu	pcmoore	New
[v4,12/14] digest_cache: Notify digest cache events	security: digest_cache LSM	- - -	---	2024-04-15	Roberto Sassu	pcmoore	New
[v4,13/14] selftests/digest_cache: Add selftests for digest_cache LSM	security: digest_cache LSM	- - -	---	2024-04-15	Roberto Sassu	pcmoore	New
[v4,14/14] docs: Add documentation of the digest_cache LSM	security: digest_cache LSM	- - -	---	2024-04-15	Roberto Sassu	pcmoore	New
[RFC,v2,1/9] ima: Introduce hook DIGEST_LIST_CHECK	ima: Integrate with digest_cache LSM	- - -	---	2024-04-15	Roberto Sassu	pcmoore	New
[RFC,v2,2/9] ima: Nest iint mutex for DIGEST_LIST_CHECK hook	ima: Integrate with digest_cache LSM	- - -	---	2024-04-15	Roberto Sassu	pcmoore	New
[RFC,v2,3/9] ima: Add digest_cache policy keyword	ima: Integrate with digest_cache LSM	- - -	---	2024-04-15	Roberto Sassu	pcmoore	New
[RFC,v2,4/9] ima: Add digest_cache_measure/appraise boot-time built-in policies	ima: Integrate with digest_cache LSM	- - -	---	2024-04-15	Roberto Sassu	pcmoore	New
[RFC,v2,5/9] ima: Modify existing boot-time built-in policies with digest cache policies	ima: Integrate with digest_cache LSM	- - -	---	2024-04-15	Roberto Sassu	pcmoore	New
[RFC,v2,6/9] ima: Store allowed usage in digest cache based on integrity metadata flags	ima: Integrate with digest_cache LSM	- - -	---	2024-04-15	Roberto Sassu	pcmoore	New
[RFC,v2,7/9] ima: Use digest caches for measurement	ima: Integrate with digest_cache LSM	- - -	---	2024-04-15	Roberto Sassu	pcmoore	New
[RFC,v2,8/9] ima: Use digest caches for appraisal	ima: Integrate with digest_cache LSM	- - -	---	2024-04-15	Roberto Sassu	pcmoore	New
[RFC,v2,9/9] ima: Register to the digest_cache LSM notifier and process events	ima: Integrate with digest_cache LSM	- - -	---	2024-04-15	Roberto Sassu	pcmoore	New
[RFC] ima: Use sequence number to wait for policy updates	[RFC] ima: Use sequence number to wait for policy updates	- - -	---	2024-05-07	Roberto Sassu	pcmoore	New
[RFC] lsm: fixup the inode xattr capability handling	[RFC] lsm: fixup the inode xattr capability handling	- - -	---	2024-05-03	Paul Moore	pcmoore	New
security: fix no-op hook logic in security_inode_{set,remove}xattr()	security: fix no-op hook logic in security_inode_{set,remove}xattr()	- - -	---	2024-01-29	Ondrej Mosnacek	pcmoore	Under Review
[1/2] cipso: fix total option length computation	cipso: make cipso_v4_skbuff_delattr() fully remove the CIPSO options	- - -	---	2024-04-16	Ondrej Mosnacek	pcmoore	Under Review
[2/2] cipso: make cipso_v4_skbuff_delattr() fully remove the CIPSO options	cipso: make cipso_v4_skbuff_delattr() fully remove the CIPSO options	- - -	---	2024-04-16	Ondrej Mosnacek	pcmoore	Under Review
proc: Update inode upon changing task security attribute	proc: Update inode upon changing task security attribute	- - -	---	2023-11-30	Munehisa Kamata	pcmoore	Under Review
[1/2] landlock: Add hook on socket_listen()	Forbid illegitimate binding via listen(2)	- 1 -	---	2024-04-08	Mikhail Ivanov	pcmoore	New
[2/2] selftests/landlock: Create 'listen_zero', 'deny_listen_zero' tests	Forbid illegitimate binding via listen(2)	- 1 -	---	2024-04-08	Mikhail Ivanov	pcmoore	New
[RFC,v2,01/12] landlock: Support socket access-control	Socket type control for Landlock	- - -	---	2024-05-24	Mikhail Ivanov		New
[RFC,v2,02/12] landlock: Add hook on socket creation	Socket type control for Landlock	- - -	---	2024-05-24	Mikhail Ivanov		New
[RFC,v2,03/12] selftests/landlock: Add protocol.create to socket tests	Socket type control for Landlock	- - -	---	2024-05-24	Mikhail Ivanov		New
[RFC,v2,04/12] selftests/landlock: Add protocol.socket_access_rights to socket tests	Socket type control for Landlock	- 1 -	---	2024-05-24	Mikhail Ivanov		New
[RFC,v2,05/12] selftests/landlock: Add protocol.rule_with_unknown_access to socket tests	Socket type control for Landlock	- 1 -	---	2024-05-24	Mikhail Ivanov		New
[RFC,v2,06/12] selftests/landlock: Add protocol.rule_with_unhandled_access to socket tests	Socket type control for Landlock	- 1 -	---	2024-05-24	Mikhail Ivanov		New
[RFC,v2,07/12] selftests/landlock: Add protocol.inval to socket tests	Socket type control for Landlock	- - -	---	2024-05-24	Mikhail Ivanov		New
[RFC,v2,08/12] selftests/landlock: Add tcp_layers.ruleset_overlap to socket tests	Socket type control for Landlock	- - -	---	2024-05-24	Mikhail Ivanov		New
[RFC,v2,09/12] selftests/landlock: Add mini.ruleset_with_unknown_access to socket tests	Socket type control for Landlock	- - -	---	2024-05-24	Mikhail Ivanov		New
[RFC,v2,10/12] selftests/landlock: Add mini.socket_overflow to socket tests	Socket type control for Landlock	- - -	---	2024-05-24	Mikhail Ivanov		New
[RFC,v2,11/12] selftests/landlock: Add mini.socket_invalid_type to socket tests	Socket type control for Landlock	- - -	---	2024-05-24	Mikhail Ivanov		New
[RFC,v2,12/12] samples/landlock: Support socket protocol restrictions	Socket type control for Landlock	- - -	---	2024-05-24	Mikhail Ivanov		New
[v1,1/2] landlock: Fix d_parent walk	Fix warning in collect_domain_accesses()	- - -	---	2024-05-16	Mickaël Salaün		New
[v1,2/2] selftests/landlock: Add layout1.refer_mount_root	Fix warning in collect_domain_accesses()	- - -	---	2024-05-16	Mickaël Salaün		New
cred: plug a hole in struct cred	cred: plug a hole in struct cred	- - -	---	2024-05-30	Mateusz Guzik		New
[v12,1/5] kernel: Add helper macros for loop unrolling	Reduce overhead of LSMs with static calls	2 3 -	---	2024-05-16	KP Singh	pcmoore	New
[v12,2/5] security: Count the LSMs enabled at compile time	Reduce overhead of LSMs with static calls	2 3 -	---	2024-05-16	KP Singh	pcmoore	New
[v12,3/5] security: Replace indirect LSM hook calls with static calls	Reduce overhead of LSMs with static calls	2 2 -	---	2024-05-16	KP Singh	pcmoore	New
[v12,4/5] security: Update non standard hooks to use static calls	Reduce overhead of LSMs with static calls	- 2 -	---	2024-05-16	KP Singh	pcmoore	New
[v12,5/5] bpf: Only enable BPF LSM hooks when an LSM program is attached	Reduce overhead of LSMs with static calls	1 1 -	---	2024-05-16	KP Singh	pcmoore	New
[1/3] capabilities: user namespace capabilities	Introduce user namespace capabilities	- 1 -	---	2024-05-16	Jonathan Calmels	pcmoore	New
[2/3] capabilities: add securebit for strict userns caps	Introduce user namespace capabilities	- 1 -	---	2024-05-16	Jonathan Calmels	pcmoore	New
[3/3] capabilities: add cap userns sysctl mask	Introduce user namespace capabilities	- 1 -	---	2024-05-16	Jonathan Calmels	pcmoore	New
KEYS: trusted: add MODULE_DESCRIPTION()	KEYS: trusted: add MODULE_DESCRIPTION()	- - -	---	2024-05-30	Jeff Johnson		New
apparmor: test: add MODULE_DESCRIPTION()	apparmor: test: add MODULE_DESCRIPTION()	- - -	---	2024-05-30	Jeff Johnson		New
[v2] KEYS: trusted: add missing MODULE_DESCRIPTION()	[v2] KEYS: trusted: add missing MODULE_DESCRIPTION()	- - -	---	2024-05-30	Jeff Johnson		New
[v5,2/5] KEYS: trusted: Change -EINVAL to -E2BIG	Untitled series #855490	- - -	---	2024-05-23	Jarkko Sakkinen		New
[v5,3/5] KEYS: trusted: Move tpm2_key_decode() to the TPM driver	Untitled series #855490	- - -	---	2024-05-23	Jarkko Sakkinen		New
[v5,4/5] tpm: tpm2_key: Extend parser to TPM_LoadableKey	Untitled series #855490	- - -	---	2024-05-23	Jarkko Sakkinen		New
KEYS: trusted_tpm2: Only check options->keyhandle for ASN.1	KEYS: trusted_tpm2: Only check options->keyhandle for ASN.1	- - -	---	2024-05-25	Jarkko Sakkinen		New
tpm: Open code tpm_buf_parameters()	tpm: Open code tpm_buf_parameters()	- - -	---	2024-05-25	Jarkko Sakkinen		New
[v6,3/6] KEYS: trusted: Change -EINVAL to -E2BIG	Untitled series #856357	- - -	---	2024-05-28	Jarkko Sakkinen		New
[v6,4/6] crypto: tpm2_key: Introduce a TPM2 key type	Untitled series #856357	- - -	---	2024-05-28	Jarkko Sakkinen		New
[v7,2/5] KEYS: trusted: Change -EINVAL to -E2BIG	Untitled series #856714	- 1 -	---	2024-05-28	Jarkko Sakkinen		New
[v7,3/5] crypto: tpm2_key: Introduce a TPM2 key type	Untitled series #856714	- - -	---	2024-05-28	Jarkko Sakkinen		New
KEYS: trusted: Change -EINVAL to -E2BIG	KEYS: trusted: Change -EINVAL to -E2BIG	- 1 -	---	2024-05-29	Jarkko Sakkinen		New
tpm: Remove illict WARN's from tpm2-sessions.c	tpm: Remove illict WARN's from tpm2-sessions.c	- - -	---	2024-05-29	Jarkko Sakkinen		New
[v3] ima: Avoid blocking in RCU read-side critical section	[v3] ima: Avoid blocking in RCU read-side critical section	- 2 -	---	2024-05-07	Guozihua (Scott)	pcmoore	New
[v19,01/20] security: add ipe lsm	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-05-24	Fan Wu	pcmoore	New
[v19,02/20] ipe: add policy parser	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-05-24	Fan Wu	pcmoore	New
[v19,03/20] ipe: add evaluation loop	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-05-24	Fan Wu	pcmoore	New
[v19,04/20] ipe: add LSM hooks on execution and kernel read	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-05-24	Fan Wu	pcmoore	New
[v19,05/20] initramfs\|security: Add a security hook to do_populate_rootfs()	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-05-24	Fan Wu	pcmoore	New
[v19,06/20] ipe: introduce 'boot_verified' as a trust provider	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-05-24	Fan Wu	pcmoore	New
[v19,07/20] security: add new securityfs delete function	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-05-24	Fan Wu	pcmoore	New
[v19,08/20] ipe: add userspace interface	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-05-24	Fan Wu	pcmoore	New
[v19,09/20] uapi\|audit\|ipe: add ipe auditing support	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-05-24	Fan Wu	pcmoore	New
[v19,10/20] ipe: add permissive toggle	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-05-24	Fan Wu	pcmoore	New
[v19,11/20] block,lsm: add LSM blob and new LSM hooks for block device	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-05-24	Fan Wu	pcmoore	New
[v19,12/20] dm verity: expose root hash digest and signature data to LSMs	Integrity Policy Enforcement LSM (IPE)	- 1 -	---	2024-05-24	Fan Wu	pcmoore	New
[v19,13/20] ipe: add support for dm-verity as a trust provider	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-05-24	Fan Wu	pcmoore	New
[v19,14/20] security: add security_inode_setintegrity() hook	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-05-24	Fan Wu	pcmoore	New

« 1 2 »