Show patches with: State = Action Required       |    Archived = No       |   242 patches
« 1 2 3 »
Patch Series A/R/T S/W/F Date Submitter Delegate State
[01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY 2 1 - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[01/11] coccinelle: Add script to reorder capable() calls [01/11] coccinelle: Add script to reorder capable() calls - 1 - --- 2024-11-25 Christian Göttsche pcmoore New
[02/10] capability: add any wrappers to test for multiple caps with exactly one audit message [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY - 1 - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[02/11] quota: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - - - --- 2024-11-25 Christian Göttsche pcmoore New
[03/10] capability: use new capable_any functionality [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY 1 - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[03/11] ext4: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - - - --- 2024-11-25 Christian Göttsche pcmoore New
[04/10] block: use new capable_any functionality [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY - - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[04/11] hugetlbfs: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - - - --- 2024-11-25 Christian Göttsche pcmoore New
[05/10] drivers: use new capable_any functionality [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY 2 - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[05/11] genwqe: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - - - --- 2024-11-25 Christian Göttsche pcmoore New
[06/10] fs: use new capable_any functionality [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY 1 - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[06/11] ubifs: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls 1 - - --- 2024-11-25 Christian Göttsche pcmoore New
[07/10] kernel: use new capable_any functionality [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY - 2 - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[07/11] ipv4: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - - - --- 2024-11-25 Christian Göttsche pcmoore New
[08/10] net: use new capable_any functionality [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY - 1 - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[08/11] gfs2: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - - - --- 2024-11-25 Christian Göttsche pcmoore New
[09/10] bpf: use new capable_any functionality [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY 1 - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[09/11] fs: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - 1 - --- 2024-11-25 Christian Göttsche pcmoore New
[1/2] fs: add loopback/bind mount specific security hook [1/2] fs: add loopback/bind mount specific security hook - - - --- 2024-12-31 Shervin Oloumi pcmoore Under Review
[1/2] lsm: add LSM hooks for io_uring_setup() [1/2] lsm: add LSM hooks for io_uring_setup() - - - --- 2024-12-19 Hamza Mahfooz New
[1/2] yama: Make sysctl table const security: Constify sysctl tables - 1 - --- 2025-01-23 Ricardo B. Marlière New
[1/6] Audit: Create audit_stamp structure [1/6] Audit: Create audit_stamp structure - - - --- 2024-12-17 Casey Schaufler pcmoore New
[10/10] coccinelle: add script for capable_any() [01/10] capability: introduce new capable flag CAP_OPT_NOAUDIT_ONDENY - - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[10/11] skbuff: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - - - --- 2024-11-25 Christian Göttsche pcmoore New
[11/11] infiniband: reorder capability check last [01/11] coccinelle: Add script to reorder capable() calls - - - --- 2024-11-25 Christian Göttsche pcmoore New
[2/2] doc: Fix fs_context_parse_param description in mount_api.rst [1/2] lsm: Fix description of fs_context_parse_param - - - --- 2022-12-09 Roberto Sassu pcmoore Under Review
[2/2] io_uring: use security_uring_allowed() [1/2] lsm: add LSM hooks for io_uring_setup() - - - --- 2024-12-19 Hamza Mahfooz New
[2/2] landlock: add support for private bind mount [1/2] fs: add loopback/bind mount specific security hook - - - --- 2024-12-31 Shervin Oloumi pcmoore Under Review
[2/2] LoadPin: Make sysctl table const security: Constify sysctl tables - 1 - --- 2025-01-23 Ricardo B. Marlière New
[2/6] Audit: Allow multiple records in an audit_buffer [1/6] Audit: Create audit_stamp structure - - - --- 2024-12-17 Casey Schaufler pcmoore New
[3/6] LSM: security_lsmblob_to_secctx module selection [1/6] Audit: Create audit_stamp structure - - - --- 2024-12-17 Casey Schaufler pcmoore New
[4/6] Audit: Add record for multiple task security contexts [1/6] Audit: Create audit_stamp structure - - - --- 2024-12-17 Casey Schaufler pcmoore New
[5/6] Audit: multiple subject lsm values for netlabel [1/6] Audit: Create audit_stamp structure - - - --- 2024-12-17 Casey Schaufler pcmoore New
[6/6] Audit: Add record for multiple object contexts [1/6] Audit: Create audit_stamp structure - - - --- 2024-12-17 Casey Schaufler pcmoore New
[7/7] ima: measure kexec load and exec events as critical data ima: kexec: measure events between kexec load and excute - 1 - --- 2025-01-24 steven chen New
[7/7] ima: measure kexec load and exec events as critical data *** SUBJECT HERE *** - 1 - --- 2025-01-24 steven chen New
[GIT,PULL] lsm/lsm-pr-20250121 [GIT,PULL] lsm/lsm-pr-20250121 - - - --- 2025-01-21 Paul Moore New
[linux-next,1/2] perf: Remove unnecessary parameter of security check Fix perf security check problem - - - --- 2024-12-23 Luo Gengkun pcmoore Under Review
[linux-next,2/2] perf: Return EACCESS when need perfmon capability Fix perf security check problem - - - --- 2024-12-23 Luo Gengkun pcmoore Under Review
[RESEND] cred: separate the refcount from frequently read fields [RESEND] cred: separate the refcount from frequently read fields - - - --- 2024-08-22 Mateusz Guzik pcmoore New
[RFC,1/2] lsm: introduce new hook security_vm_execstack [RFC,1/2] lsm: introduce new hook security_vm_execstack - - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[RFC,2/2] selinux: wire up new execstack LSM hook [RFC,1/2] lsm: introduce new hook security_vm_execstack - - - --- 2024-03-15 Christian Göttsche pcmoore Under Review
[RFC,v1,1/3] landlock: Add landlock_read_domain_id() Expose Landlock domain IDs via pidfd - - - --- 2025-01-31 Mickaël Salaün New
[RFC,v1,2/3] pidfd: Extend PIDFD_GET_INFO with PIDFD_INFO_LANDLOCK_*_DOMAIN Expose Landlock domain IDs via pidfd - - - --- 2025-01-31 Mickaël Salaün New
[RFC,v1,3/3] samples/landlock: Print domain ID Expose Landlock domain IDs via pidfd - - - --- 2025-01-31 Mickaël Salaün New
[RFC,v2,1/2] memfd,lsm: add a security hook to memfd_create() ipe support for anonymous memory and memfd - - - --- 2025-01-29 Fan Wu New
[RFC,v2,2/2] ipe: add 'anonymous_memory' property for policy decisions ipe support for anonymous memory and memfd - - - --- 2025-01-29 Fan Wu New
[RFC,v3,01/13] certs: Remove CONFIG_INTEGRITY_PLATFORM_KEYRING check Clavis LSM - 1 - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,02/13] certs: Introduce ability to link to a system key Clavis LSM - 1 - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,03/13] clavis: Introduce a new system keyring called clavis Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,04/13] keys: Add new verification type (VERIFYING_CLAVIS_SIGNATURE) Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,05/13] clavis: Introduce a new key type called clavis_key_acl Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,06/13] clavis: Populate clavis keyring acl with kernel module signature Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,07/13] keys: Add ability to track intended usage of the public key Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,08/13] clavis: Introduce new LSM called clavis Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,09/13] clavis: Allow user to define acl at build time Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,1/3] landlock: Fix non-TCP sockets restriction Fix non-TCP sockets restriction - - - --- 2025-02-05 Mikhail Ivanov New
[RFC,v3,10/13] efi: Make clavis boot param persist across kexec Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,11/13] clavis: Prevent boot param change during kexec Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,12/13] clavis: Add function redirection for Kunit support Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,13/13] clavis: Kunit support Clavis LSM - - - --- 2024-10-17 Eric Snowberg pcmoore New
[RFC,v3,2/3] selftests/landlock: Test TCP accesses with protocol=IPPROTO_TCP Fix non-TCP sockets restriction - - - --- 2025-02-05 Mikhail Ivanov New
[RFC,v3,3/3] selftests/landlock: Test that MPTCP actions are not restricted Fix non-TCP sockets restriction - - - --- 2025-02-05 Mikhail Ivanov New
[RFC,v4] mm: move the check of READ_IMPLIES_EXEC out of do_mmap() [RFC,v4] mm: move the check of READ_IMPLIES_EXEC out of do_mmap() - - - --- 2024-09-28 Shu Han Under Review
[v10,bpf-next,1/7] fs/xattr: bpf: Introduce security.bpf. xattr name prefix Enable writing xattr from BPF programs 1 1 - --- 2025-01-24 Song Liu New
[v10,bpf-next,2/7] selftests/bpf: Extend test fs_kfuncs to cover security.bpf. xattr names Enable writing xattr from BPF programs - - - --- 2025-01-24 Song Liu New
[v10,bpf-next,3/7] bpf: lsm: Add two more sleepable hooks Enable writing xattr from BPF programs - - - --- 2025-01-24 Song Liu New
[v10,bpf-next,4/7] bpf: Extend btf_kfunc_id_set to handle kfunc polymorphism Enable writing xattr from BPF programs - - - --- 2025-01-24 Song Liu New
[v10,bpf-next,5/7] bpf: Use btf_kfunc_id_set.remap logic for bpf_dynptr_from_skb Enable writing xattr from BPF programs - - - --- 2025-01-24 Song Liu New
[v10,bpf-next,6/7] bpf: fs/xattr: Add BPF kfuncs to set and remove xattrs Enable writing xattr from BPF programs 1 - - --- 2025-01-24 Song Liu New
[v10,bpf-next,7/7] selftests/bpf: Test kfuncs that set and remove xattr from BPF programs Enable writing xattr from BPF programs - - - --- 2025-01-24 Song Liu New
[v11,bpf-next,1/7] fs/xattr: bpf: Introduce security.bpf. xattr name prefix Enable writing xattr from BPF programs 1 2 - --- 2025-01-29 Song Liu New
[v11,bpf-next,2/7] selftests/bpf: Extend test fs_kfuncs to cover security.bpf. xattr names Enable writing xattr from BPF programs - - - --- 2025-01-29 Song Liu New
[v11,bpf-next,3/7] bpf: lsm: Add two more sleepable hooks Enable writing xattr from BPF programs - - - --- 2025-01-29 Song Liu New
[v11,bpf-next,4/7] bpf: Extend btf_kfunc_id_set to handle kfunc polymorphism Enable writing xattr from BPF programs - - - --- 2025-01-29 Song Liu New
[v11,bpf-next,5/7] bpf: Use btf_kfunc_id_set.remap logic for bpf_dynptr_from_skb Enable writing xattr from BPF programs - - - --- 2025-01-29 Song Liu New
[v11,bpf-next,6/7] bpf: fs/xattr: Add BPF kfuncs to set and remove xattrs Enable writing xattr from BPF programs 1 - - --- 2025-01-29 Song Liu New
[v11,bpf-next,7/7] selftests/bpf: Test kfuncs that set and remove xattr from BPF programs Enable writing xattr from BPF programs - - - --- 2025-01-29 Song Liu New
[v12,bpf-next,1/5] fs/xattr: bpf: Introduce security.bpf. xattr name prefix Enable writing xattr from BPF programs 1 2 - --- 2025-01-30 Song Liu New
[v12,bpf-next,2/5] selftests/bpf: Extend test fs_kfuncs to cover security.bpf. xattr names Enable writing xattr from BPF programs - - - --- 2025-01-30 Song Liu New
[v12,bpf-next,3/5] bpf: lsm: Add two more sleepable hooks Enable writing xattr from BPF programs - 1 - --- 2025-01-30 Song Liu New
[v12,bpf-next,4/5] bpf: fs/xattr: Add BPF kfuncs to set and remove xattrs Enable writing xattr from BPF programs 1 1 - --- 2025-01-30 Song Liu New
[v12,bpf-next,5/5] selftests/bpf: Test kfuncs that set and remove xattr from BPF programs Enable writing xattr from BPF programs - - - --- 2025-01-30 Song Liu New
[v2,1/2] KEYS: use synchronous task work for changing parent credentials get rid of cred_transfer - - - --- 2024-08-05 Jann Horn pcmoore Under Review
[v2,1/6] kbuild: add stamp file for vmlinux BTF data module: Introduce hash-based integrity checking - - - --- 2025-01-20 Thomas Weißschuh New
[v2,2/2] security: remove unused cred_alloc_blank/cred_transfer helpers get rid of cred_transfer - - - --- 2024-08-05 Jann Horn pcmoore Under Review
[v2,2/6] module: Make module loading policy usable without MODULE_SIG module: Introduce hash-based integrity checking - - - --- 2025-01-20 Thomas Weißschuh New
[v2,3/6] module: Move integrity checks into dedicated function module: Introduce hash-based integrity checking - - - --- 2025-01-20 Thomas Weißschuh New
[v2,4/6] module: Move lockdown check into generic module loader module: Introduce hash-based integrity checking - - - --- 2025-01-20 Thomas Weißschuh New
[v2,5/6] lockdown: Make the relationship to MODULE_SIG a dependency module: Introduce hash-based integrity checking - - - --- 2025-01-20 Thomas Weißschuh New
[v2,6/6] module: Introduce hash-based integrity checking module: Introduce hash-based integrity checking - - - --- 2025-01-20 Thomas Weißschuh New
[V2] audit: Initialize lsmctx to avoid memory allocation error [V2] audit: Initialize lsmctx to avoid memory allocation error - - - --- 2025-01-25 Huacai Chen New
[v2] capability: Remove unused has_capability [v2] capability: Remove unused has_capability - 1 - --- 2024-12-19 Dr. David Alan Gilbert Under Review
[v2] fs: introduce getfsxattrat and setfsxattrat syscalls [v2] fs: introduce getfsxattrat and setfsxattrat syscalls - - - --- 2025-01-22 Andrey Albershteyn New
[V2] loadpin: remove MODULE_COMPRESS_NONE as it is no longer supported [V2] loadpin: remove MODULE_COMPRESS_NONE as it is no longer supported - - - --- 2025-01-14 Arulpandiyan Vadivel pcmoore Under Review
[v2] mm: Split critical region in remap_file_pages() and invoke LSMs in between [v2] mm: Split critical region in remap_file_pages() and invoke LSMs in between - 5 2 --- 2024-10-18 Roberto Sassu pcmoore Under Review
[v21,1/6] exec: Add a new AT_EXECVE_CHECK flag to execveat(2) Script execution control (was O_MAYEXEC) 1 1 - --- 2024-11-12 Mickaël Salaün pcmoore New
[v21,2/6] security: Add EXEC_RESTRICT_FILE and EXEC_DENY_INTERACTIVE securebits Script execution control (was O_MAYEXEC) - 1 - --- 2024-11-12 Mickaël Salaün pcmoore New
[v21,3/6] selftests/exec: Add 32 tests for AT_EXECVE_CHECK and exec securebits Script execution control (was O_MAYEXEC) - - - --- 2024-11-12 Mickaël Salaün pcmoore New
[v21,4/6] selftests/landlock: Add tests for execveat + AT_EXECVE_CHECK Script execution control (was O_MAYEXEC) - - - --- 2024-11-12 Mickaël Salaün pcmoore New
« 1 2 3 »