Show patches with: none      |   16519 patches
« 1 2 3 4165 166 »
Patch Series A/R/T S/W/F Date Submitter Delegate State
[v1] landlock: Improve documentation of previous limitations [v1] landlock: Improve documentation of previous limitations - 1 - --- 2024-10-04 Mickaël Salaün Handled Elsewhere
[RFC,v1,2/2] selftests/landlock: Test non-TCP INET connection-based protocols Fix non-TCP sockets restriction - 1 - --- 2024-10-03 Mikhail Ivanov Handled Elsewhere
[RFC,v1,1/2] landlock: Fix non-TCP sockets restriction Fix non-TCP sockets restriction - 1 - --- 2024-10-03 Mikhail Ivanov Handled Elsewhere
[v2,3/3] samples/landlock: Clarify option parsing behaviour samples/landlock: Fix port parsing behaviour - - - --- 2024-10-03 Matthieu Buffet Handled Elsewhere
[v2,2/3] samples/landlock: Refactor --help message in function samples/landlock: Fix port parsing behaviour - - - --- 2024-10-03 Matthieu Buffet Handled Elsewhere
[v2,1/3] samples/landlock: Fix port parsing in sandboxer samples/landlock: Fix port parsing behaviour - - - --- 2024-10-03 Matthieu Buffet Handled Elsewhere
[v5] rust: add PidNamespace [v5] rust: add PidNamespace - 1 - --- 2024-10-02 Christian Brauner Handled Elsewhere
[v4] rust: add PidNamespace [v4] rust: add PidNamespace - - - --- 2024-10-02 Christian Brauner Handled Elsewhere
[v3] rust: add PidNamespace [v3] rust: add PidNamespace - - - --- 2024-10-01 Christian Brauner Handled Elsewhere
[v1,3/3] landlock: Optimize scope enforcement Refactor Landlock access mask management - - - --- 2024-10-01 Mickaël Salaün Handled Elsewhere
[v1,2/3] landlock: Refactor network access mask management Refactor Landlock access mask management - - - --- 2024-10-01 Mickaël Salaün Handled Elsewhere
[v1,1/3] landlock: Refactor filesystem access mask management Refactor Landlock access mask management - 1 - --- 2024-10-01 Mickaël Salaün Handled Elsewhere
[v2] rust: add PidNamespace [v2] rust: add PidNamespace - - - --- 2024-10-01 Christian Brauner Handled Elsewhere
[RFC,v4] mm: move the check of READ_IMPLIES_EXEC out of do_mmap() [RFC,v4] mm: move the check of READ_IMPLIES_EXEC out of do_mmap() - - - --- 2024-09-28 Shu Han New
[v5.15-v6.1] selinux,smack: don't bypass permissions check in inode_setsecctx hook [v5.15-v6.1] selinux,smack: don't bypass permissions check in inode_setsecctx hook 1 3 1 --- 2024-09-28 Shivani Agarwal Handled Elsewhere
[v5.10] selinux,smack: don't bypass permissions check in inode_setsecctx hook [v5.10] selinux,smack: don't bypass permissions check in inode_setsecctx hook 1 3 1 --- 2024-09-28 Shivani Agarwal Handled Elsewhere
ipe: fallback to platform keyring also if key in trusted keyring is rejected ipe: fallback to platform keyring also if key in trusted keyring is rejected 1 - - --- 2024-09-27 Luca Boccassi Handled Elsewhere
[2/2] Revert "mm: introduce PF_MEMALLOC_NORECLAIM, PF_MEMALLOC_NOWARN" remove PF_MEMALLOC_NORECLAIM - 4 - --- 2024-09-26 Michal Hocko Handled Elsewhere
[1/2] bcachefs: do not use PF_MEMALLOC_NORECLAIM remove PF_MEMALLOC_NORECLAIM - 3 - --- 2024-09-26 Michal Hocko Handled Elsewhere
[RFC] rust: add PidNamespace wrapper [RFC] rust: add PidNamespace wrapper - - - --- 2024-09-26 Christian Brauner Handled Elsewhere
[v3,2/2] ipe: also reject policy updates with the same version [v3,1/2] ipe: return -ESTALE instead of -EINVAL on update when new policy has a lower version 1 1 - --- 2024-09-25 Luca Boccassi Handled Elsewhere
[v3,1/2] ipe: return -ESTALE instead of -EINVAL on update when new policy has a lower version [v3,1/2] ipe: return -ESTALE instead of -EINVAL on update when new policy has a lower version 1 1 - --- 2024-09-25 Luca Boccassi Handled Elsewhere
[v2,2/2] ipe: also reject policy updates with the same version [v2,1/2] ipe: return -ESTALE instead of -EINVAL on update when new policy has a lower version - 1 - --- 2024-09-25 Luca Boccassi Handled Elsewhere
[v2,1/2] ipe: return -ESTALE instead of -EINVAL on update when new policy has a lower version [v2,1/2] ipe: return -ESTALE instead of -EINVAL on update when new policy has a lower version 1 1 - --- 2024-09-25 Luca Boccassi Handled Elsewhere
[RFC,v3] mm: move the check of READ_IMPLIES_EXEC out of do_mmap() [RFC,v3] mm: move the check of READ_IMPLIES_EXEC out of do_mmap() - - - --- 2024-09-25 Shu Han Superseded
[RFC,v2] mm: move the check of READ_IMPLIES_EXEC out of do_mmap() [RFC,v2] mm: move the check of READ_IMPLIES_EXEC out of do_mmap() - - - --- 2024-09-25 Shu Han Superseded
[RFC,v2] mm: move security_mmap_file() back into do_mmap() [RFC,v2] mm: move security_mmap_file() back into do_mmap() - - - --- 2024-09-25 Shu Han Superseded
tomoyo: fallback to realpath if symlink's pathname does not exist tomoyo: fallback to realpath if symlink's pathname does not exist - - - --- 2024-09-25 Tetsuo Handa Handled Elsewhere
mm: move security_file_mmap() back into do_mmap() mm: move security_file_mmap() back into do_mmap() - - - --- 2024-09-25 Shu Han New
mm: move the check of READ_IMPLIES_EXEC out of do_mmap() mm: move the check of READ_IMPLIES_EXEC out of do_mmap() - - - --- 2024-09-25 Shu Han New
[GIT,PULL] lsm/lsm-pr-20240923 [GIT,PULL] lsm/lsm-pr-20240923 - - - --- 2024-09-23 Paul Moore Accepted
[GIT,PULL] Landlock updates for v6.12 [GIT,PULL] Landlock updates for v6.12 - - - --- 2024-09-23 Mickaël Salaün Handled Elsewhere
[2/2] ipe: also reject policy updates with the same version [1/2] ipe: return -ESTALE instead of -EINVAL on update when new policy has a lower version - 1 - --- 2024-09-22 Luca Boccassi Handled Elsewhere
[1/2] ipe: return -ESTALE instead of -EINVAL on update when new policy has a lower version [1/2] ipe: return -ESTALE instead of -EINVAL on update when new policy has a lower version - - - --- 2024-09-22 Luca Boccassi Handled Elsewhere
[v5,5/5] tpm: flush the auth session only when /dev/tpm0 is open Lazy flush for the auth session - 1 1 --- 2024-09-21 Jarkko Sakkinen Handled Elsewhere
[v5,4/5] tpm: Allocate chip->auth in tpm2_start_auth_session() Lazy flush for the auth session - 1 - --- 2024-09-21 Jarkko Sakkinen Handled Elsewhere
[v5,3/5] tpm: flush the null key only when /dev/tpm0 is accessed Lazy flush for the auth session - - 1 --- 2024-09-21 Jarkko Sakkinen Handled Elsewhere
[v5,2/5] tpm: Implement tpm2_load_null() rollback Lazy flush for the auth session - - - --- 2024-09-21 Jarkko Sakkinen Handled Elsewhere
[v5,1/5] tpm: Return on tpm2_create_null_primary() failure Lazy flush for the auth session - - - --- 2024-09-21 Jarkko Sakkinen Handled Elsewhere
apparmor: Remove deadcode apparmor: Remove deadcode - - - --- 2024-09-20 Dr. David Alan Gilbert Handled Elsewhere
[v4,5/5] tpm: flush the auth session only when /dev/tpm0 is open Lazy flush for the auth session - - 1 --- 2024-09-18 Jarkko Sakkinen Handled Elsewhere
[v4,4/5] tpm: Allocate chip->auth in tpm2_start_auth_session() Lazy flush for the auth session - - - --- 2024-09-18 Jarkko Sakkinen Handled Elsewhere
[v4,3/5] tpm: flush the null key only when /dev/tpm0 is accessed Lazy flush for the auth session - - 1 --- 2024-09-18 Jarkko Sakkinen Handled Elsewhere
[v4,2/5] tpm: Return on tpm2_create_primary() failure in tpm2_load_null() Lazy flush for the auth session - - - --- 2024-09-18 Jarkko Sakkinen Handled Elsewhere
[v4,1/5] tpm: Return on tpm2_create_null_primary() failure Lazy flush for the auth session - - - --- 2024-09-18 Jarkko Sakkinen Handled Elsewhere
[v3,7/7] tpm: open code tpm2_create_null_primary() Lazy flush for the auth session - - - --- 2024-09-17 Jarkko Sakkinen Handled Elsewhere
[v3,6/7] tpm: flush the auth session only when /dev/tpm0 is open Lazy flush for the auth session - - - --- 2024-09-17 Jarkko Sakkinen Handled Elsewhere
[v3,5/7] tpm: Allocate chip->auth in tpm2_start_auth_session() Lazy flush for the auth session - - - --- 2024-09-17 Jarkko Sakkinen Handled Elsewhere
[v3,4/7] tpm: flush the null key only when /dev/tpm0 is accessed Lazy flush for the auth session - - 1 --- 2024-09-17 Jarkko Sakkinen Handled Elsewhere
[v3,3/7] tpm: Return on tpm2_create_primary() failure in tpm2_load_null() Lazy flush for the auth session - - - --- 2024-09-17 Jarkko Sakkinen Handled Elsewhere
[v3,2/7] tpm: Return on tpm2_create_null_primary() failure Lazy flush for the auth session - - - --- 2024-09-17 Jarkko Sakkinen Handled Elsewhere
[v3,1/7] tpm: Remove the top-level documentation tpm2-sessions.c Lazy flush for the auth session - - - --- 2024-09-17 Jarkko Sakkinen Handled Elsewhere
[RFC,v1,7/7] selftests/landlock: Add UDP sendmsg/recvmsg tests landlock: Add UDP access control support - - - --- 2024-09-16 Matthieu Buffet Handled Elsewhere
[RFC,v1,6/7] selftests/landlock: Adapt existing tests for UDP landlock: Add UDP access control support - - - --- 2024-09-16 Matthieu Buffet Handled Elsewhere
[RFC,v1,5/7] samples/landlock: Add sandboxer UDP access control landlock: Add UDP access control support - - - --- 2024-09-16 Matthieu Buffet Handled Elsewhere
[RFC,v1,4/7] landlock: Add UDP send+recv access control landlock: Add UDP access control support - - - --- 2024-09-16 Matthieu Buffet Handled Elsewhere
[RFC,v1,3/7] landlock: Add UDP bind+connect access control landlock: Add UDP access control support - - - --- 2024-09-16 Matthieu Buffet Handled Elsewhere
[RFC,v1,2/7] samples/landlock: Clarify option parsing behaviour landlock: Add UDP access control support - - - --- 2024-09-16 Matthieu Buffet Handled Elsewhere
[RFC,v1,1/7] samples/landlock: Fix port parsing in sandboxer landlock: Add UDP access control support - - - --- 2024-09-16 Matthieu Buffet Handled Elsewhere
[GIT,PULL] Smack patches for 6.12 [GIT,PULL] Smack patches for 6.12 - - - --- 2024-09-14 Casey Schaufler Handled Elsewhere
ipe: allow secondary and platform keyrings to install/update policies ipe: allow secondary and platform keyrings to install/update policies - - - --- 2024-09-13 Luca Boccassi Changes Requested
smack: deduplicate access to string conversion smack: deduplicate access to string conversion - - - --- 2024-09-13 Konstantin Andreev Handled Elsewhere
security/keys: fix slab-out-of-bounds in key_task_permission security/keys: fix slab-out-of-bounds in key_task_permission - - - --- 2024-09-13 chenridong Handled Elsewhere
[GIT,PULL] selinux/selinux-pr-20240911 [GIT,PULL] selinux/selinux-pr-20240911 - - - --- 2024-09-13 Paul Moore Handled Elsewhere
[v6] tpm: Add new device/vendor ID 0x50666666 [v6] tpm: Add new device/vendor ID 0x50666666 - 1 - --- 2024-09-10 Jett Rink Handled Elsewhere
apparmor: Remove unnecessary NULL check before kvfree() apparmor: Remove unnecessary NULL check before kvfree() - - - --- 2024-09-10 Thorsten Blum Handled Elsewhere
[v2,06/19] crypto: rsassa-pkcs1 - Migrate to sig_alg backend Migrate to sig_alg and templatize ecdsa - - - --- 2024-09-10 Lukas Wunner Handled Elsewhere
[v4,6/6] landlock: Document LANDLOCK_SCOPED_SIGNAL landlock: Signal scoping support - - - --- 2024-09-06 Tahera Fahimi Handled Elsewhere
[v4,5/6] sample/landlock: Support sample for signal scoping restriction landlock: Signal scoping support - - - --- 2024-09-06 Tahera Fahimi Handled Elsewhere
[v4,4/6] selftest/landlock: Test file_send_sigiotask by sending out-of-bound message landlock: Signal scoping support - - - --- 2024-09-06 Tahera Fahimi Handled Elsewhere
[v4,3/6] selftest/landlock: Add signal_scoping_threads test landlock: Signal scoping support - - - --- 2024-09-06 Tahera Fahimi Handled Elsewhere
[v4,2/6] selftest/landlock: Signal restriction tests landlock: Signal scoping support - - - --- 2024-09-06 Tahera Fahimi Handled Elsewhere
[v4,1/6] landlock: Add signal scoping control landlock: Signal scoping support - - - --- 2024-09-06 Tahera Fahimi Handled Elsewhere
[RFC,v3,10/10] ima: Use digest caches for appraisal ima: Integrate with Integrity Digest Cache - - - --- 2024-09-05 Roberto Sassu Handled Elsewhere
[RFC,v3,09/10] ima: Use digest caches for measurement ima: Integrate with Integrity Digest Cache - - - --- 2024-09-05 Roberto Sassu Handled Elsewhere
[RFC,v3,08/10] ima: Load verified usage from digest cache found from query ima: Integrate with Integrity Digest Cache - - - --- 2024-09-05 Roberto Sassu Handled Elsewhere
[RFC,v3,07/10] ima: Store verified usage in digest cache based on integrity metadata flags ima: Integrate with Integrity Digest Cache - - - --- 2024-09-05 Roberto Sassu Handled Elsewhere
[RFC,v3,06/10] ima: Retrieve digest cache and check if changed ima: Integrate with Integrity Digest Cache - - - --- 2024-09-05 Roberto Sassu Handled Elsewhere
[RFC,v3,05/10] ima: Modify existing boot-time built-in policies with digest cache policies ima: Integrate with Integrity Digest Cache - - - --- 2024-09-05 Roberto Sassu Handled Elsewhere
[RFC,v3,04/10] ima: Add digest_cache_measure/appraise boot-time built-in policies ima: Integrate with Integrity Digest Cache - - - --- 2024-09-05 Roberto Sassu Handled Elsewhere
[RFC,v3,03/10] ima: Add digest_cache policy keyword ima: Integrate with Integrity Digest Cache - - - --- 2024-09-05 Roberto Sassu Handled Elsewhere
[RFC,v3,02/10] ima: Nest iint mutex for DIGEST_LIST_CHECK hook ima: Integrate with Integrity Digest Cache - - - --- 2024-09-05 Roberto Sassu Handled Elsewhere
[RFC,v3,01/10] ima: Introduce hook DIGEST_LIST_CHECK ima: Integrate with Integrity Digest Cache - - - --- 2024-09-05 Roberto Sassu Handled Elsewhere
[v5,14/14] docs: Add documentation of the Integrity Digest Cache integrity: Introduce the Integrity Digest Cache - - - --- 2024-09-05 Roberto Sassu Handled Elsewhere
[v5,13/14] selftests/digest_cache: Add selftests for the Integrity Digest Cache integrity: Introduce the Integrity Digest Cache - - - --- 2024-09-05 Roberto Sassu Handled Elsewhere
[v5,12/14] digest_cache: Reset digest cache on file/directory change integrity: Introduce the Integrity Digest Cache - - - --- 2024-09-05 Roberto Sassu Handled Elsewhere
[v5,11/14] digest cache: Prefetch digest lists if requested integrity: Introduce the Integrity Digest Cache - - - --- 2024-09-05 Roberto Sassu Handled Elsewhere
[v5,10/14] digest_cache: Add support for directories integrity: Introduce the Integrity Digest Cache - - - --- 2024-09-05 Roberto Sassu Handled Elsewhere
[v5,09/14] digest_cache: Add management of verification data integrity: Introduce the Integrity Digest Cache - - - --- 2024-09-05 Roberto Sassu Handled Elsewhere
[v5,08/14] digest_cache: Parse rpm digest lists integrity: Introduce the Integrity Digest Cache - - - --- 2024-09-05 Roberto Sassu Handled Elsewhere
[v5,07/14] digest_cache: Parse tlv digest lists integrity: Introduce the Integrity Digest Cache - - - --- 2024-09-05 Roberto Sassu Handled Elsewhere
[v5,06/14] digest_cache: Populate the digest cache from a digest list integrity: Introduce the Integrity Digest Cache - - - --- 2024-09-05 Roberto Sassu Handled Elsewhere
[v5,05/14] digest_cache: Add hash tables and operations integrity: Introduce the Integrity Digest Cache - - - --- 2024-09-05 Roberto Sassu Handled Elsewhere
[v5,04/14] digest_cache: Add securityfs interface integrity: Introduce the Integrity Digest Cache - - - --- 2024-09-05 Roberto Sassu Handled Elsewhere
[v5,03/14] digest_cache: Initialize digest caches integrity: Introduce the Integrity Digest Cache - - - --- 2024-09-05 Roberto Sassu Handled Elsewhere
[v5,02/14] integrity: Introduce the Integrity Digest Cache integrity: Introduce the Integrity Digest Cache - - - --- 2024-09-05 Roberto Sassu Handled Elsewhere
[v5,01/14] lib: Add TLV parser integrity: Introduce the Integrity Digest Cache - - - --- 2024-09-05 Roberto Sassu Handled Elsewhere
[v11,8/8] Landlock: Document LANDLOCK_SCOPED_ABSTRACT_UNIX_SOCKET and ABI version Landlock: Add abstract UNIX socket restriction - - - --- 2024-09-05 Tahera Fahimi Handled Elsewhere
[v11,7/8] sample/landlock: Add support abstract UNIX socket restriction Landlock: Add abstract UNIX socket restriction - - - --- 2024-09-05 Tahera Fahimi Handled Elsewhere
[v11,6/8] selftests/landlock: Restrict inherited datagram UNIX socket to connect Landlock: Add abstract UNIX socket restriction - - - --- 2024-09-05 Tahera Fahimi Handled Elsewhere
« 1 2 3 4165 166 »