Show patches with: none      |   13337 patches
« 1 2 3 4133 134 »
Patch Series A/R/T S/W/F Date Submitter Delegate State
Smack: Improve mount process memory use Smack: Improve mount process memory use - - - --- 2023-03-29 Casey Schaufler Handled Elsewhere
[v10,13/13] landlock: Document Landlock's network support Network support for Landlock - - - --- 2023-03-23 Konstantin Meskhidze Handled Elsewhere
[v10,12/13] samples/landlock: Add network demo Network support for Landlock - - - --- 2023-03-23 Konstantin Meskhidze Handled Elsewhere
[v10,11/13] selftests/landlock: Add 10 new test suites dedicated to network Network support for Landlock - - - --- 2023-03-23 Konstantin Meskhidze Handled Elsewhere
[v10,10/13] selftests/landlock: Share enforce_ruleset() Network support for Landlock - - - --- 2023-03-23 Konstantin Meskhidze Handled Elsewhere
[v10,09/13] landlock: Add network rules and TCP hooks support Network support for Landlock - - - --- 2023-03-23 Konstantin Meskhidze Handled Elsewhere
[v10,08/13] landlock: Refactor landlock_add_rule() syscall Network support for Landlock - - - --- 2023-03-23 Konstantin Meskhidze Handled Elsewhere
[v10,07/13] landlock: Refactor layer helpers Network support for Landlock - - - --- 2023-03-23 Konstantin Meskhidze Handled Elsewhere
[v10,06/13] landlock: Move and rename layer helpers Network support for Landlock - - - --- 2023-03-23 Konstantin Meskhidze Handled Elsewhere
[v10,05/13] landlock: Refactor merge/inherit_ruleset functions Network support for Landlock - - - --- 2023-03-23 Konstantin Meskhidze Handled Elsewhere
[v10,04/13] landlock: Refactor landlock_find_rule/insert_rule Network support for Landlock - - - --- 2023-03-23 Konstantin Meskhidze Handled Elsewhere
[v10,03/13] landlock: Remove unnecessary inlining Network support for Landlock - - - --- 2023-03-23 Konstantin Meskhidze Handled Elsewhere
[v10,02/13] landlock: Allow filesystem layout changes for domains without such rule type Network support for Landlock - - - --- 2023-03-23 Konstantin Meskhidze Handled Elsewhere
[v10,01/13] landlock: Make ruleset's access masks more generic Network support for Landlock - - - --- 2023-03-23 Konstantin Meskhidze Handled Elsewhere
[GIT,PULL] fscrypt fix for v6.3-rc4 [GIT,PULL] fscrypt fix for v6.3-rc4 - - - --- 2023-03-20 Eric Biggers Handled Elsewhere
[RESEND] fs_context: drop the unused lsm_flags member [RESEND] fs_context: drop the unused lsm_flags member - - - --- 2023-03-16 Ondrej Mosnacek Handled Elsewhere
[RFC] Randomized slab caches for kmalloc() [RFC] Randomized slab caches for kmalloc() - - - --- 2023-03-15 GONG, Ruiqi Handled Elsewhere
ima: Fix potential NULL pointer access in ima_match_rules() ima: Fix potential NULL pointer access in ima_match_rules() - 1 1 --- 2023-03-14 Roman Danilov Handled Elsewhere
[3/3] fscrypt: check for NULL keyring in fscrypt_put_master_key_activeref() Fix crash with fscrypt + Landlock - - - --- 2023-03-13 Eric Biggers Handled Elsewhere
[2/3] fscrypt: improve fscrypt_destroy_keyring() documentation Fix crash with fscrypt + Landlock - - - --- 2023-03-13 Eric Biggers Handled Elsewhere
[1/3] fscrypt: destroy keyring after security_sb_delete() Fix crash with fscrypt + Landlock - 1 - --- 2023-03-13 Eric Biggers Handled Elsewhere
[v1,1/2] Add release hook to LSM Add destructor hook to LSM modules - 1 - --- 2023-03-10 Mirsad Goran Todorovac Rejected
[v1,5/5] selftests/landlock: Add tests for pseudo filesystems Landlock support for UML - - - --- 2023-03-09 Mickaël Salaün Handled Elsewhere
[v1,4/5] selftests/landlock: Make mounts configurable Landlock support for UML - - - --- 2023-03-09 Mickaël Salaün Handled Elsewhere
[v1,3/5] selftests/landlock: Add supports_filesystem() helper Landlock support for UML - - - --- 2023-03-09 Mickaël Salaün Handled Elsewhere
[v1,2/5] selftests/landlock: Don't create useless file layouts Landlock support for UML - - - --- 2023-03-09 Mickaël Salaün Handled Elsewhere
[v1,1/5] hostfs: Fix ephemeral inodes Landlock support for UML - - - --- 2023-03-09 Mickaël Salaün Handled Elsewhere
Revert "integrity: double check iint_cache was initialized" Revert "integrity: double check iint_cache was initialized" - - - --- 2023-03-08 Roberto Sassu Handled Elsewhere
evm: Complete description of evm_inode_setattr() evm: Complete description of evm_inode_setattr() - - - --- 2023-03-06 Roberto Sassu Handled Elsewhere
[-next] AppArmor: Fix some kernel-doc comments [-next] AppArmor: Fix some kernel-doc comments - - - --- 2023-03-03 Yang Li Handled Elsewhere
[11/11] proc_sysctl: deprecate register_sysctl_paths() sysctl: deprecate register_sysctl_paths() - - - --- 2023-03-02 Luis Chamberlain Handled Elsewhere
[10/11] csky: simplify alignment sysctl registration sysctl: deprecate register_sysctl_paths() - - - --- 2023-03-02 Luis Chamberlain Handled Elsewhere
[09/11] fs-verity: simplify sysctls with register_sysctl() sysctl: deprecate register_sysctl_paths() - - - --- 2023-03-02 Luis Chamberlain Handled Elsewhere
[08/11] kernel: pid_namespace: simplify sysctls with register_sysctl() sysctl: deprecate register_sysctl_paths() 1 - - --- 2023-03-02 Luis Chamberlain Handled Elsewhere
[07/11] seccomp: simplify sysctls with register_sysctl_init() sysctl: deprecate register_sysctl_paths() 1 - - --- 2023-03-02 Luis Chamberlain Handled Elsewhere
[06/11] yama: simplfy sysctls with register_sysctl() sysctl: deprecate register_sysctl_paths() 1 - - --- 2023-03-02 Luis Chamberlain Handled Elsewhere
[05/11] loadpin: simplify sysctls use with register_sysctl() sysctl: deprecate register_sysctl_paths() 1 1 - --- 2023-03-02 Luis Chamberlain Handled Elsewhere
[04/11] apparmor: simplify sysctls with register_sysctl_init() sysctl: deprecate register_sysctl_paths() 1 1 - --- 2023-03-02 Luis Chamberlain Handled Elsewhere
[03/11] sysctl: clarify register_sysctl_init() base directory order sysctl: deprecate register_sysctl_paths() - - - --- 2023-03-02 Luis Chamberlain Handled Elsewhere
[02/11] proc_sysctl: move helper which creates required subdirectories sysctl: deprecate register_sysctl_paths() - 1 - --- 2023-03-02 Luis Chamberlain Handled Elsewhere
[01/11] proc_sysctl: update docs for __register_sysctl_table() sysctl: deprecate register_sysctl_paths() - - - --- 2023-03-02 Luis Chamberlain Handled Elsewhere
[1/1] lsm: adds process attribute getter for Landlock process attribute support for Landlock - - - --- 2023-03-02 Shervin Oloumi Handled Elsewhere
[v5,6/6] integrity: machine keyring CA configuration Add CA enforcement keyring restrictions 1 - - --- 2023-03-02 Eric Snowberg Handled Elsewhere
[v5,5/6] KEYS: CA link restriction Add CA enforcement keyring restrictions - 1 - --- 2023-03-02 Eric Snowberg Handled Elsewhere
[v5,4/6] KEYS: X.509: Parse Key Usage Add CA enforcement keyring restrictions - 2 - --- 2023-03-02 Eric Snowberg Handled Elsewhere
[v5,3/6] KEYS: X.509: Parse Basic Constraints for CA Add CA enforcement keyring restrictions - 2 - --- 2023-03-02 Eric Snowberg Handled Elsewhere
[v5,2/6] KEYS: Add missing function documentation Add CA enforcement keyring restrictions - 4 - --- 2023-03-02 Eric Snowberg Handled Elsewhere
[v5,1/6] KEYS: Create static version of public_key_verify_signature Add CA enforcement keyring restrictions - 3 - --- 2023-03-02 Eric Snowberg Handled Elsewhere
tomoyo: replace tomoyo_round2() with kmalloc_size_roundup() tomoyo: replace tomoyo_round2() with kmalloc_size_roundup() - - - --- 2023-02-28 Vlastimil Babka Handled Elsewhere
[4.19,v3,6/6] ima: Handle -ESTALE returned by ima_filter_rule_match() Backport handling -ESTALE policy update failure to 4.19 - 1 - --- 2023-02-28 Guozihua (Scott) Handled Elsewhere
[4.19,v3,5/6] ima: Evaluate error in init_ima() Backport handling -ESTALE policy update failure to 4.19 - 1 - --- 2023-02-28 Guozihua (Scott) Handled Elsewhere
[4.19,v3,4/6] ima: ima/lsm policy rule loading logic bug fixes Backport handling -ESTALE policy update failure to 4.19 - - - --- 2023-02-28 Guozihua (Scott) Handled Elsewhere
[4.19,v3,3/6] ima: use the lsm policy update notifier Backport handling -ESTALE policy update failure to 4.19 - - - --- 2023-02-28 Guozihua (Scott) Handled Elsewhere
[4.19,v3,2/6] LSM: switch to blocking policy update notifiers Backport handling -ESTALE policy update failure to 4.19 2 - - --- 2023-02-28 Guozihua (Scott) Handled Elsewhere
[4.19,v3,1/6] IB/core: Don't register each MAD agent for LSM notifier Backport handling -ESTALE policy update failure to 4.19 1 1 - --- 2023-02-28 Guozihua (Scott) Handled Elsewhere
[GIT,PULL] Smack patches for v6.3 [GIT,PULL] Smack patches for v6.3 - - - --- 2023-02-21 Casey Schaufler Handled Elsewhere
[v4] landlock: Clarify documentation for the LANDLOCK_ACCESS_FS_REFER right [v4] landlock: Clarify documentation for the LANDLOCK_ACCESS_FS_REFER right - - - --- 2023-02-21 Günther Noack Handled Elsewhere
[GIT,PULL] Landlock updates for v6.3 [GIT,PULL] Landlock updates for v6.3 - - - --- 2023-02-20 Mickaël Salaün Handled Elsewhere
[v3] apparmor: global buffers spin lock may get contended [v3] apparmor: global buffers spin lock may get contended - - - --- 2023-02-17 John Johansen Handled Elsewhere
[1/1] apparmor: cache buffers on percpu list if there is lock contention Cover letter - - - --- 2023-02-16 Anil Altinay Handled Elsewhere
[v3] landlock: Clarify documentation for the LANDLOCK_ACCESS_FS_REFER right [v3] landlock: Clarify documentation for the LANDLOCK_ACCESS_FS_REFER right - - - --- 2023-02-16 Günther Noack Handled Elsewhere
[4.19,v2,5/5] ima: Handle -ESTALE returned by ima_filter_rule_match() Backport handling -ESTALE policy update failure to 4.19 - 1 - --- 2023-02-16 Guozihua (Scott) Handled Elsewhere
[4.19,v2,4/5] ima: Evaluate error in init_ima() Backport handling -ESTALE policy update failure to 4.19 - 1 - --- 2023-02-16 Guozihua (Scott) Handled Elsewhere
[4.19,v2,3/5] ima: use the lsm policy update notifier Backport handling -ESTALE policy update failure to 4.19 - - - --- 2023-02-16 Guozihua (Scott) Handled Elsewhere
[4.19,v2,2/5] LSM: switch to blocking policy update notifiers Backport handling -ESTALE policy update failure to 4.19 2 - - --- 2023-02-16 Guozihua (Scott) Handled Elsewhere
[4.19,v2,1/5] IB/core: Don't register each MAD agent for LSM notifier Backport handling -ESTALE policy update failure to 4.19 1 1 - --- 2023-02-16 Guozihua (Scott) Handled Elsewhere
[GIT,PULL] apparmor fix for v6.2 [GIT,PULL] apparmor fix for v6.2 - - - --- 2023-02-15 John Johansen Handled Elsewhere
kernel/sys.c: fix and improve control flow in __sys_setres[ug]id() kernel/sys.c: fix and improve control flow in __sys_setres[ug]id() - - - --- 2023-02-15 Ondrej Mosnacek Superseded
[v2] landlock: Clarify documentation for the LANDLOCK_ACCESS_FS_REFER right [v2] landlock: Clarify documentation for the LANDLOCK_ACCESS_FS_REFER right - - - --- 2023-02-13 Günther Noack Handled Elsewhere
MAINTAINERS: Update Landlock repository MAINTAINERS: Update Landlock repository - 1 - --- 2023-02-09 Mickaël Salaün Handled Elsewhere
[17/24] Documentation: security: correct spelling Documentation: correct lots of spelling errors (series 1) 2 1 - --- 2023-02-09 Randy Dunlap Handled Elsewhere
[v4,6/6] integrity: machine keyring CA configuration Add CA enforcement keyring restrictions - - - --- 2023-02-07 Eric Snowberg Handled Elsewhere
[v4,5/6] KEYS: CA link restriction Add CA enforcement keyring restrictions - 1 - --- 2023-02-07 Eric Snowberg Handled Elsewhere
[v4,4/6] KEYS: X.509: Parse Key Usage Add CA enforcement keyring restrictions - 1 - --- 2023-02-07 Eric Snowberg Handled Elsewhere
[v4,3/6] KEYS: X.509: Parse Basic Constraints for CA Add CA enforcement keyring restrictions - 2 - --- 2023-02-07 Eric Snowberg Handled Elsewhere
[v4,2/6] KEYS: Add missing function documentation Add CA enforcement keyring restrictions - 3 - --- 2023-02-07 Eric Snowberg Handled Elsewhere
[v4,1/6] KEYS: Create static version of public_key_verify_signature Add CA enforcement keyring restrictions - 2 - --- 2023-02-07 Eric Snowberg Handled Elsewhere
[ima-evm-utils,v5] Add tests for MMAP_CHECK and MMAP_CHECK_REQPROT hooks [ima-evm-utils,v5] Add tests for MMAP_CHECK and MMAP_CHECK_REQPROT hooks - - - --- 2023-02-03 Roberto Sassu Handled Elsewhere
landlock: Clarify documentation for the LANDLOCK_ACCESS_FS_REFER right landlock: Clarify documentation for the LANDLOCK_ACCESS_FS_REFER right - - - --- 2023-02-02 Günther Noack Handled Elsewhere
[ima-evm-utils,v4] Add tests for MMAP_CHECK and MMAP_CHECK_REQPROT hooks [ima-evm-utils,v4] Add tests for MMAP_CHECK and MMAP_CHECK_REQPROT hooks - - - --- 2023-02-02 Roberto Sassu Handled Elsewhere
[ima-evm-utils,v3] Add tests for MMAP_CHECK and MMAP_CHECK_REQPROT hooks [ima-evm-utils,v3] Add tests for MMAP_CHECK and MMAP_CHECK_REQPROT hooks - - - --- 2023-02-01 Roberto Sassu Handled Elsewhere
[ima-evm-utils,v2] Add tests for MMAP_CHECK and MMAP_CHECK_REQPROT hooks [ima-evm-utils,v2] Add tests for MMAP_CHECK and MMAP_CHECK_REQPROT hooks - 1 - --- 2023-01-31 Roberto Sassu Handled Elsewhere
[-next] evm: call dump_security_xattr() in all cases to remove code duplication [-next] evm: call dump_security_xattr() in all cases to remove code duplication - - - --- 2023-01-31 xiujianfeng Handled Elsewhere
[-next] evm: call dump_security_xattr() in all cases to remove code duplication [-next] evm: call dump_security_xattr() in all cases to remove code duplication - - - --- 2023-01-29 xiujianfeng Handled Elsewhere
[25/35] Documentation: security: correct spelling Documentation: correct lots of spelling errors (series 1) - 1 - --- 2023-01-27 Randy Dunlap Handled Elsewhere
[ima-evm-utils] Add tests for MMAP_CHECK and MMAP_CHECK_REQPROT hooks [ima-evm-utils] Add tests for MMAP_CHECK and MMAP_CHECK_REQPROT hooks - - - --- 2023-01-26 Roberto Sassu Handled Elsewhere
[v3,2/2] ima: Introduce MMAP_CHECK_REQPROT hook [v3,1/2] ima: Align ima_file_mmap() parameters with mmap_file LSM hook - - - --- 2023-01-26 Roberto Sassu Handled Elsewhere
[v3,1/2] ima: Align ima_file_mmap() parameters with mmap_file LSM hook [v3,1/2] ima: Align ima_file_mmap() parameters with mmap_file LSM hook - 1 - --- 2023-01-26 Roberto Sassu Handled Elsewhere
[v3,2/2] vfs: avoid duplicating creds in faccessat if possible [v3,1/2] capability: add cap_isidentical - - - --- 2023-01-25 Mateusz Guzik Handled Elsewhere
[v3,1/2] capability: add cap_isidentical [v3,1/2] capability: add cap_isidentical - 1 - --- 2023-01-25 Mateusz Guzik Handled Elsewhere
smackfs: Added check catlen smackfs: Added check catlen - - - --- 2023-01-24 Denis Arefev Handled Elsewhere
[bpf-next,4/4] bpf: Only enable BPF LSM hooks when an LSM program is attached Reduce overhead of LSMs with static calls - - - --- 2023-01-19 KP Singh Superseded
[bpf-next,3/4] security: Replace indirect LSM hook calls with static calls Reduce overhead of LSMs with static calls - - - --- 2023-01-19 KP Singh Superseded
[bpf-next,2/4] security: Generate a header with the count of enabled LSMs Reduce overhead of LSMs with static calls - - - --- 2023-01-19 KP Singh Superseded
[bpf-next,1/4] kernel: Add helper macros for loop unrolling Reduce overhead of LSMs with static calls - - - --- 2023-01-19 KP Singh Superseded
[V2] bpf: security enhancement by limiting the offensive eBPF helpers [V2] bpf: security enhancement by limiting the offensive eBPF helpers - - - --- 2023-01-19 Yi He Handled Elsewhere
[V2] bpf: security enhancement by limiting the offensive eBPF helpers [V2] bpf: security enhancement by limiting the offensive eBPF helpers - - - --- 2023-01-18 Yi He Handled Elsewhere
[v9,12/12] landlock: Document Landlock's network support Network support for Landlock - - - --- 2023-01-16 Konstantin Meskhidze Handled Elsewhere
[v9,11/12] samples/landlock: Add network demo Network support for Landlock - - - --- 2023-01-16 Konstantin Meskhidze Handled Elsewhere
[v9,10/12] selftests/landlock: Add 10 new test suites dedicated to network Network support for Landlock - - - --- 2023-01-16 Konstantin Meskhidze Handled Elsewhere
« 1 2 3 4133 134 »