Security modules development

Show patches with: none | 15535 patches

« 1 2 ... 4 5 6 … 155 156 »

Patch	Series	A/R/T	S/W/F	Date	Submitter	Delegate	State
[RFC,v13,08/20] ipe: add userspace interface	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-02-29	Fan Wu	pcmoore	Superseded
[RFC,v13,07/20] security: add new securityfs delete function	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-02-29	Fan Wu	pcmoore	Superseded
[RFC,v13,06/20] ipe: introduce 'boot_verified' as a trust provider	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-02-29	Fan Wu	pcmoore	Superseded
[RFC,v13,05/20] initramfs\|security: Add a security hook to do_populate_rootfs()	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-02-29	Fan Wu	pcmoore	Superseded
[RFC,v13,04/20] ipe: add LSM hooks on execution and kernel read	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-02-29	Fan Wu	pcmoore	Superseded
[RFC,v13,03/20] ipe: add evaluation loop	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-02-29	Fan Wu	pcmoore	Superseded
[RFC,v13,02/20] ipe: add policy parser	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-02-29	Fan Wu	pcmoore	Superseded
[RFC,v13,01/20] security: add ipe lsm	Integrity Policy Enforcement LSM (IPE)	- - -	---	2024-02-29	Fan Wu	pcmoore	Superseded
[GIT,PULL] lsm/lsm-pr-20240227	[GIT,PULL] lsm/lsm-pr-20240227	- - -	---	2024-02-27	Paul Moore	pcmoore	Accepted
[v2,2/2] landlock: Warn once if a Landlock action is requested while disabled	[v2,1/2] landlock: Extend documentation for kernel support	- 2 -	---	2024-02-27	Mickaël Salaün		Handled Elsewhere
[v2,1/2] landlock: Extend documentation for kernel support	[v2,1/2] landlock: Extend documentation for kernel support	- 2 -	---	2024-02-27	Mickaël Salaün		Handled Elsewhere
[net-next] netlabel: remove impossible return value in netlbl_bitmap_walk	[net-next] netlabel: remove impossible return value in netlbl_bitmap_walk	1 1 -	---	2024-02-27	shaozhengchao	pcmoore	Handled Elsewhere
[2/2] selftests/harness: Merge TEST_F_FORK() into TEST_F()	[1/2] selftests/landlock: Redefine TEST_F() as TEST_F_FORK()	- 1 -	---	2024-02-26	Mickaël Salaün		Handled Elsewhere
[1/2] selftests/landlock: Redefine TEST_F() as TEST_F_FORK()	[1/2] selftests/landlock: Redefine TEST_F() as TEST_F_FORK()	- - -	---	2024-02-26	Mickaël Salaün		Handled Elsewhere
[2/2] AppArmor: Fix lsm_get_self_attr()	[1/2] SELinux: Fix lsm_get_self_attr()	- 1 -	---	2024-02-23	Mickaël Salaün	pcmoore	Accepted
[1/2] SELinux: Fix lsm_get_self_attr()	[1/2] SELinux: Fix lsm_get_self_attr()	- - -	---	2024-02-23	Mickaël Salaün	pcmoore	Accepted
[v3,10/10] evm: Rename is_unsupported_fs to is_unsupported_hmac_fs	evm: Support signatures on stacked filesystem	- - -	---	2024-02-23	Stefan Berger	pcmoore	Handled Elsewhere
[v3,09/10] fs: Rename SB_I_EVM_UNSUPPORTED to SB_I_EVM_HMAC_UNSUPPORTED	evm: Support signatures on stacked filesystem	1 - -	---	2024-02-23	Stefan Berger	pcmoore	Handled Elsewhere
[v3,08/10] evm: Enforce signatures on unsupported filesystem for EVM_INIT_X509	evm: Support signatures on stacked filesystem	- - -	---	2024-02-23	Stefan Berger	pcmoore	Handled Elsewhere
[v3,07/10] ima: re-evaluate file integrity on file metadata change	evm: Support signatures on stacked filesystem	- - -	---	2024-02-23	Stefan Berger	pcmoore	Handled Elsewhere
[v3,06/10] evm: Store and detect metadata inode attributes changes	evm: Support signatures on stacked filesystem	- - -	---	2024-02-23	Stefan Berger	pcmoore	Handled Elsewhere
[v3,05/10] ima: Move file-change detection variables into new structure	evm: Support signatures on stacked filesystem	- - -	---	2024-02-23	Stefan Berger	pcmoore	Handled Elsewhere
[v3,04/10] evm: Use the metadata inode to calculate metadata hash	evm: Support signatures on stacked filesystem	1 - -	---	2024-02-23	Stefan Berger	pcmoore	Handled Elsewhere
[v3,03/10] evm: Implement per signature type decision in security_inode_copy_up_xattr	evm: Support signatures on stacked filesystem	- - -	---	2024-02-23	Stefan Berger	pcmoore	Handled Elsewhere
[v3,02/10] security: allow finer granularity in permitting copy-up of security xattrs	evm: Support signatures on stacked filesystem	1 - -	---	2024-02-23	Stefan Berger	pcmoore	Handled Elsewhere
[v3,01/10] ima: Rename backing_inode to real_inode	evm: Support signatures on stacked filesystem	1 - -	---	2024-02-23	Stefan Berger	pcmoore	Handled Elsewhere
[RFC,5/5] apparmor: parse profiles in sandbox mode	PoC: convert AppArmor parser to SandBox Mode	- - -	---	2024-02-22	Petr Tesarik		RFC
[RFC,4/5] sbm: fix up calls to dynamic memory allocators	PoC: convert AppArmor parser to SandBox Mode	- - -	---	2024-02-22	Petr Tesarik		RFC
[RFC,3/5] sbm: x86: infrastructure to fix up sandbox faults	PoC: convert AppArmor parser to SandBox Mode	- - -	---	2024-02-22	Petr Tesarik		RFC
[RFC,2/5] sbm: enhance buffer mapping API	PoC: convert AppArmor parser to SandBox Mode	- - -	---	2024-02-22	Petr Tesarik		RFC
[RFC,1/5] sbm: x86: fix SBM error entry path	PoC: convert AppArmor parser to SandBox Mode	- - -	---	2024-02-22	Petr Tesarik		RFC
[v2,25/25] vfs: return -EOPNOTSUPP for fscaps from vfs_*xattr()	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2024-02-21	Seth Forshee	pcmoore	Changes Requested
[v2,24/25] commoncap: use vfs fscaps interfaces	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2024-02-21	Seth Forshee	pcmoore	Changes Requested
[v2,23/25] commoncap: remove cap_inode_getsecurity()	fs: use type-safe uid representation for filesystem capabilities	1 - -	---	2024-02-21	Seth Forshee	pcmoore	Changes Requested
[v2,22/25] fs: use vfs interfaces for capabilities xattrs	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2024-02-21	Seth Forshee	pcmoore	Changes Requested
[v2,21/25] ovl: use vfs_{get,set}_fscaps() for copy-up	fs: use type-safe uid representation for filesystem capabilities	- 1 -	---	2024-02-21	Seth Forshee	pcmoore	Changes Requested
[v2,20/25] ovl: add fscaps handlers	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2024-02-21	Seth Forshee	pcmoore	Changes Requested
[v2,19/25] fs: add vfs_remove_fscaps()	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2024-02-21	Seth Forshee	pcmoore	Changes Requested
[v2,18/25] fs: add vfs_set_fscaps()	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2024-02-21	Seth Forshee	pcmoore	Changes Requested
[v2,17/25] fs: add vfs_get_fscaps()	fs: use type-safe uid representation for filesystem capabilities	- 1 -	---	2024-02-21	Seth Forshee	pcmoore	Changes Requested
[v2,16/25] fs: add inode operations to get/set/remove fscaps	fs: use type-safe uid representation for filesystem capabilities	- 1 -	---	2024-02-21	Seth Forshee	pcmoore	Changes Requested
[v2,15/25] security: call evm fscaps hooks from generic security hooks	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2024-02-21	Seth Forshee	pcmoore	Changes Requested
[v2,14/25] evm: add support for fscaps security hooks	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2024-02-21	Seth Forshee	pcmoore	Changes Requested
[v2,13/25] smack: add hooks for fscaps operations	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2024-02-21	Seth Forshee	pcmoore	Changes Requested
[v2,12/25] selinux: add hooks for fscaps operations	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2024-02-21	Seth Forshee	pcmoore	Changes Requested
[v2,11/25] security: add hooks for set/get/remove of fscaps	fs: use type-safe uid representation for filesystem capabilities	1 1 -	---	2024-02-21	Seth Forshee	pcmoore	Changes Requested
[v2,10/25] xattr: use is_fscaps_xattr()	fs: use type-safe uid representation for filesystem capabilities	- 1 -	---	2024-02-21	Seth Forshee	pcmoore	Changes Requested
[v2,09/25] commoncap: use is_fscaps_xattr()	fs: use type-safe uid representation for filesystem capabilities	- 1 -	---	2024-02-21	Seth Forshee	pcmoore	Changes Requested
[v2,08/25] xattr: add is_fscaps_xattr() helper	fs: use type-safe uid representation for filesystem capabilities	- 1 -	---	2024-02-21	Seth Forshee	pcmoore	Changes Requested
[v2,07/25] capability: provide a helper for converting vfs_caps to xattr for userspace	fs: use type-safe uid representation for filesystem capabilities	- 1 -	---	2024-02-21	Seth Forshee	pcmoore	Changes Requested
[v2,06/25] capability: provide helpers for converting between xattrs and vfs_caps	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2024-02-21	Seth Forshee	pcmoore	Changes Requested
[v2,05/25] capability: use vfsuid_t for vfs_caps rootids	fs: use type-safe uid representation for filesystem capabilities	1 1 -	---	2024-02-21	Seth Forshee	pcmoore	Changes Requested
[v2,04/25] capability: rename cpu_vfs_cap_data to vfs_caps	fs: use type-safe uid representation for filesystem capabilities	1 1 -	---	2024-02-21	Seth Forshee	pcmoore	Changes Requested
[v2,03/25] capability: add static asserts for comapatibility of vfs_cap_data and vfs_ns_cap_data	fs: use type-safe uid representation for filesystem capabilities	- 1 -	---	2024-02-21	Seth Forshee	pcmoore	Changes Requested
[v2,02/25] mnt_idmapping: include cred.h	fs: use type-safe uid representation for filesystem capabilities	- 1 -	---	2024-02-21	Seth Forshee	pcmoore	Changes Requested
[v2,01/25] mnt_idmapping: split out core vfs[ug]id_t definitions into vfsid.h	fs: use type-safe uid representation for filesystem capabilities	- 1 -	---	2024-02-21	Seth Forshee	pcmoore	Changes Requested
proc: allow restricting /proc/pid/mem writes	proc: allow restricting /proc/pid/mem writes	- - -	---	2024-02-21	Adrian Ratiu		Superseded
[net-next,v3,11/11] selftests: ip_local_port_range: use XFAIL instead of SKIP	selftests: kselftest_harness: support using xfail	- 1 1	---	2024-02-20	Jakub Kicinski		Handled Elsewhere
[net-next,v3,10/11] selftests: kselftest_harness: support using xfail	selftests: kselftest_harness: support using xfail	- 1 -	---	2024-02-20	Jakub Kicinski		Handled Elsewhere
[net-next,v3,09/11] selftests: kselftest_harness: let PASS / FAIL provide diagnostic	selftests: kselftest_harness: support using xfail	- 1 -	---	2024-02-20	Jakub Kicinski		Handled Elsewhere
[net-next,v3,08/11] selftests: kselftest_harness: separate diagnostic message with # in ksft_test_r…	selftests: kselftest_harness: support using xfail	- 1 -	---	2024-02-20	Jakub Kicinski		Handled Elsewhere
[net-next,v3,07/11] selftests: kselftest_harness: print test name for SKIP	selftests: kselftest_harness: support using xfail	- 1 -	---	2024-02-20	Jakub Kicinski		Handled Elsewhere
[net-next,v3,06/11] selftests: kselftest: add ksft_test_result_code(), handling all exit codes	selftests: kselftest_harness: support using xfail	- 1 -	---	2024-02-20	Jakub Kicinski		Handled Elsewhere
[net-next,v3,05/11] selftests: kselftest_harness: use exit code to store skip	selftests: kselftest_harness: support using xfail	- 1 -	---	2024-02-20	Jakub Kicinski		Handled Elsewhere
[net-next,v3,04/11] selftests: kselftest_harness: save full exit code in metadata	selftests: kselftest_harness: support using xfail	- - -	---	2024-02-20	Jakub Kicinski		Handled Elsewhere
[net-next,v3,03/11] selftests: kselftest_harness: generate test name once	selftests: kselftest_harness: support using xfail	1 - -	---	2024-02-20	Jakub Kicinski		Handled Elsewhere
[net-next,v3,02/11] selftests: kselftest_harness: use KSFT_* exit codes	selftests: kselftest_harness: support using xfail	1 - 1	---	2024-02-20	Jakub Kicinski		Handled Elsewhere
[net-next,v3,01/11] selftests: kselftest_harness: pass step via shared memory	selftests: kselftest_harness: support using xfail	1 - 1	---	2024-02-20	Jakub Kicinski		Handled Elsewhere
landlock: Warn once if a Landlock action is requested while disabled	landlock: Warn once if a Landlock action is requested while disabled	- 2 -	---	2024-02-19	Mickaël Salaün		Handled Elsewhere
landlock: Fix asymmetric private inodes referring	landlock: Fix asymmetric private inodes referring	- - -	---	2024-02-19	Mickaël Salaün		Handled Elsewhere
[RFC] fs: Add vfs_masks_device_ioctl*() helpers	[RFC] fs: Add vfs_masks_device_ioctl*() helpers	- - -	---	2024-02-19	Mickaël Salaün		Handled Elsewhere
LSM: Fix typos in security/security.c comment headers	LSM: Fix typos in security/security.c comment headers	- - -	---	2024-02-17	Pairman Guo	pcmoore	Accepted
[GIT,PULL] lsm/lsm-pr-20240215	[GIT,PULL] lsm/lsm-pr-20240215	- - -	---	2024-02-15	Paul Moore	pcmoore	Accepted
[v10,25/25] integrity: Remove LSM	security: Move IMA and EVM to the LSM infrastructure	2 3 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,24/25] ima: Make it independent from 'integrity' LSM	security: Move IMA and EVM to the LSM infrastructure	1 3 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,23/25] evm: Make it independent from 'integrity' LSM	security: Move IMA and EVM to the LSM infrastructure	2 3 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,22/25] evm: Move to LSM infrastructure	security: Move IMA and EVM to the LSM infrastructure	3 3 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,21/25] ima: Move IMA-Appraisal to LSM infrastructure	security: Move IMA and EVM to the LSM infrastructure	3 3 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,20/25] ima: Move to LSM infrastructure	security: Move IMA and EVM to the LSM infrastructure	5 2 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,19/25] integrity: Move integrity_kernel_module_request() to IMA	security: Move IMA and EVM to the LSM infrastructure	2 2 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,18/25] security: Introduce key_post_create_or_update hook	security: Move IMA and EVM to the LSM infrastructure	2 2 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,17/25] security: Introduce inode_post_remove_acl hook	security: Move IMA and EVM to the LSM infrastructure	3 2 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,16/25] security: Introduce inode_post_set_acl hook	security: Move IMA and EVM to the LSM infrastructure	3 2 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,15/25] security: Introduce inode_post_create_tmpfile hook	security: Move IMA and EVM to the LSM infrastructure	3 2 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,14/25] security: Introduce path_post_mknod hook	security: Move IMA and EVM to the LSM infrastructure	3 2 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,13/25] security: Introduce file_release hook	security: Move IMA and EVM to the LSM infrastructure	2 2 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,12/25] security: Introduce file_post_open hook	security: Move IMA and EVM to the LSM infrastructure	3 2 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,11/25] security: Introduce inode_post_removexattr hook	security: Move IMA and EVM to the LSM infrastructure	2 3 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,10/25] security: Introduce inode_post_setattr hook	security: Move IMA and EVM to the LSM infrastructure	3 2 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,09/25] security: Align inode_setattr hook definition with EVM	security: Move IMA and EVM to the LSM infrastructure	2 2 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,08/25] evm: Align evm_inode_post_setxattr() definition with LSM infrastructure	security: Move IMA and EVM to the LSM infrastructure	2 3 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,07/25] evm: Align evm_inode_setxattr() definition with LSM infrastructure	security: Move IMA and EVM to the LSM infrastructure	2 3 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,06/25] evm: Align evm_inode_post_setattr() definition with LSM infrastructure	security: Move IMA and EVM to the LSM infrastructure	1 4 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,05/25] ima: Align ima_post_read_file() definition with LSM infrastructure	security: Move IMA and EVM to the LSM infrastructure	1 4 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,04/25] ima: Align ima_inode_removexattr() definition with LSM infrastructure	security: Move IMA and EVM to the LSM infrastructure	2 3 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,03/25] ima: Align ima_inode_setxattr() definition with LSM infrastructure	security: Move IMA and EVM to the LSM infrastructure	2 3 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,02/25] ima: Align ima_file_mprotect() definition with LSM infrastructure	security: Move IMA and EVM to the LSM infrastructure	2 3 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,01/25] ima: Align ima_inode_post_setattr() definition with LSM infrastructure	security: Move IMA and EVM to the LSM infrastructure	1 4 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
security: fix integer overflow in lsm_set_self_attr() syscall	security: fix integer overflow in lsm_set_self_attr() syscall	1 1 -	---	2024-02-14	Jann Horn	pcmoore	Accepted
[RFC,8/8] ima: Detect if digest cache changed since last measurement/appraisal	ima: Integrate with digest_cache LSM	- - -	---	2024-02-14	Roberto Sassu		Handled Elsewhere

« 1 2 ... 4 5 6 … 155 156 »