Security modules development

Show patches with: none | 15583 patches

« 1 2 ... 5 6 7 … 155 156 »

Patch	Series	A/R/T	S/W/F	Date	Submitter	Delegate	State
[v2,04/25] capability: rename cpu_vfs_cap_data to vfs_caps	fs: use type-safe uid representation for filesystem capabilities	1 1 -	---	2024-02-21	Seth Forshee	pcmoore	Changes Requested
[v2,03/25] capability: add static asserts for comapatibility of vfs_cap_data and vfs_ns_cap_data	fs: use type-safe uid representation for filesystem capabilities	- 1 -	---	2024-02-21	Seth Forshee	pcmoore	Changes Requested
[v2,02/25] mnt_idmapping: include cred.h	fs: use type-safe uid representation for filesystem capabilities	- 1 -	---	2024-02-21	Seth Forshee	pcmoore	Changes Requested
[v2,01/25] mnt_idmapping: split out core vfs[ug]id_t definitions into vfsid.h	fs: use type-safe uid representation for filesystem capabilities	- 1 -	---	2024-02-21	Seth Forshee	pcmoore	Changes Requested
proc: allow restricting /proc/pid/mem writes	proc: allow restricting /proc/pid/mem writes	- - -	---	2024-02-21	Adrian Ratiu		Superseded
[net-next,v3,11/11] selftests: ip_local_port_range: use XFAIL instead of SKIP	selftests: kselftest_harness: support using xfail	- 1 1	---	2024-02-20	Jakub Kicinski		Handled Elsewhere
[net-next,v3,10/11] selftests: kselftest_harness: support using xfail	selftests: kselftest_harness: support using xfail	- 1 -	---	2024-02-20	Jakub Kicinski		Handled Elsewhere
[net-next,v3,09/11] selftests: kselftest_harness: let PASS / FAIL provide diagnostic	selftests: kselftest_harness: support using xfail	- 1 -	---	2024-02-20	Jakub Kicinski		Handled Elsewhere
[net-next,v3,08/11] selftests: kselftest_harness: separate diagnostic message with # in ksft_test_r…	selftests: kselftest_harness: support using xfail	- 1 -	---	2024-02-20	Jakub Kicinski		Handled Elsewhere
[net-next,v3,07/11] selftests: kselftest_harness: print test name for SKIP	selftests: kselftest_harness: support using xfail	- 1 -	---	2024-02-20	Jakub Kicinski		Handled Elsewhere
[net-next,v3,06/11] selftests: kselftest: add ksft_test_result_code(), handling all exit codes	selftests: kselftest_harness: support using xfail	- 1 -	---	2024-02-20	Jakub Kicinski		Handled Elsewhere
[net-next,v3,05/11] selftests: kselftest_harness: use exit code to store skip	selftests: kselftest_harness: support using xfail	- 1 -	---	2024-02-20	Jakub Kicinski		Handled Elsewhere
[net-next,v3,04/11] selftests: kselftest_harness: save full exit code in metadata	selftests: kselftest_harness: support using xfail	- - -	---	2024-02-20	Jakub Kicinski		Handled Elsewhere
[net-next,v3,03/11] selftests: kselftest_harness: generate test name once	selftests: kselftest_harness: support using xfail	1 - -	---	2024-02-20	Jakub Kicinski		Handled Elsewhere
[net-next,v3,02/11] selftests: kselftest_harness: use KSFT_* exit codes	selftests: kselftest_harness: support using xfail	1 - 1	---	2024-02-20	Jakub Kicinski		Handled Elsewhere
[net-next,v3,01/11] selftests: kselftest_harness: pass step via shared memory	selftests: kselftest_harness: support using xfail	1 - 1	---	2024-02-20	Jakub Kicinski		Handled Elsewhere
landlock: Warn once if a Landlock action is requested while disabled	landlock: Warn once if a Landlock action is requested while disabled	- 2 -	---	2024-02-19	Mickaël Salaün		Handled Elsewhere
landlock: Fix asymmetric private inodes referring	landlock: Fix asymmetric private inodes referring	- - -	---	2024-02-19	Mickaël Salaün		Handled Elsewhere
[RFC] fs: Add vfs_masks_device_ioctl*() helpers	[RFC] fs: Add vfs_masks_device_ioctl*() helpers	- - -	---	2024-02-19	Mickaël Salaün		Handled Elsewhere
LSM: Fix typos in security/security.c comment headers	LSM: Fix typos in security/security.c comment headers	- - -	---	2024-02-17	Pairman Guo	pcmoore	Accepted
[GIT,PULL] lsm/lsm-pr-20240215	[GIT,PULL] lsm/lsm-pr-20240215	- - -	---	2024-02-15	Paul Moore	pcmoore	Accepted
[v10,25/25] integrity: Remove LSM	security: Move IMA and EVM to the LSM infrastructure	2 3 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,24/25] ima: Make it independent from 'integrity' LSM	security: Move IMA and EVM to the LSM infrastructure	1 3 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,23/25] evm: Make it independent from 'integrity' LSM	security: Move IMA and EVM to the LSM infrastructure	2 3 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,22/25] evm: Move to LSM infrastructure	security: Move IMA and EVM to the LSM infrastructure	3 3 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,21/25] ima: Move IMA-Appraisal to LSM infrastructure	security: Move IMA and EVM to the LSM infrastructure	3 3 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,20/25] ima: Move to LSM infrastructure	security: Move IMA and EVM to the LSM infrastructure	5 2 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,19/25] integrity: Move integrity_kernel_module_request() to IMA	security: Move IMA and EVM to the LSM infrastructure	2 2 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,18/25] security: Introduce key_post_create_or_update hook	security: Move IMA and EVM to the LSM infrastructure	2 2 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,17/25] security: Introduce inode_post_remove_acl hook	security: Move IMA and EVM to the LSM infrastructure	3 2 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,16/25] security: Introduce inode_post_set_acl hook	security: Move IMA and EVM to the LSM infrastructure	3 2 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,15/25] security: Introduce inode_post_create_tmpfile hook	security: Move IMA and EVM to the LSM infrastructure	3 2 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,14/25] security: Introduce path_post_mknod hook	security: Move IMA and EVM to the LSM infrastructure	3 2 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,13/25] security: Introduce file_release hook	security: Move IMA and EVM to the LSM infrastructure	2 2 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,12/25] security: Introduce file_post_open hook	security: Move IMA and EVM to the LSM infrastructure	3 2 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,11/25] security: Introduce inode_post_removexattr hook	security: Move IMA and EVM to the LSM infrastructure	2 3 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,10/25] security: Introduce inode_post_setattr hook	security: Move IMA and EVM to the LSM infrastructure	3 2 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,09/25] security: Align inode_setattr hook definition with EVM	security: Move IMA and EVM to the LSM infrastructure	2 2 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,08/25] evm: Align evm_inode_post_setxattr() definition with LSM infrastructure	security: Move IMA and EVM to the LSM infrastructure	2 3 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,07/25] evm: Align evm_inode_setxattr() definition with LSM infrastructure	security: Move IMA and EVM to the LSM infrastructure	2 3 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,06/25] evm: Align evm_inode_post_setattr() definition with LSM infrastructure	security: Move IMA and EVM to the LSM infrastructure	1 4 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,05/25] ima: Align ima_post_read_file() definition with LSM infrastructure	security: Move IMA and EVM to the LSM infrastructure	1 4 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,04/25] ima: Align ima_inode_removexattr() definition with LSM infrastructure	security: Move IMA and EVM to the LSM infrastructure	2 3 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,03/25] ima: Align ima_inode_setxattr() definition with LSM infrastructure	security: Move IMA and EVM to the LSM infrastructure	2 3 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,02/25] ima: Align ima_file_mprotect() definition with LSM infrastructure	security: Move IMA and EVM to the LSM infrastructure	2 3 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
[v10,01/25] ima: Align ima_inode_post_setattr() definition with LSM infrastructure	security: Move IMA and EVM to the LSM infrastructure	1 4 -	---	2024-02-15	Roberto Sassu	pcmoore	Accepted
security: fix integer overflow in lsm_set_self_attr() syscall	security: fix integer overflow in lsm_set_self_attr() syscall	1 1 -	---	2024-02-14	Jann Horn	pcmoore	Accepted
[RFC,8/8] ima: Detect if digest cache changed since last measurement/appraisal	ima: Integrate with digest_cache LSM	- - -	---	2024-02-14	Roberto Sassu		Handled Elsewhere
[RFC,7/8] ima: Use digest cache for appraisal	ima: Integrate with digest_cache LSM	- - -	---	2024-02-14	Roberto Sassu		Handled Elsewhere
[RFC,6/8] ima: Use digest cache for measurement	ima: Integrate with digest_cache LSM	- - -	---	2024-02-14	Roberto Sassu		Handled Elsewhere
[RFC,5/8] ima: Record IMA verification result of digest lists in digest cache	ima: Integrate with digest_cache LSM	- - -	---	2024-02-14	Roberto Sassu		Handled Elsewhere
[RFC,4/8] ima: Add digest_cache_measure and digest_cache_appraise boot-time policies	ima: Integrate with digest_cache LSM	- - -	---	2024-02-14	Roberto Sassu		Handled Elsewhere
[RFC,3/8] ima: Add digest_cache policy keyword	ima: Integrate with digest_cache LSM	- - -	---	2024-02-14	Roberto Sassu		Handled Elsewhere
[RFC,2/8] ima: Nest iint mutex for DIGEST_LIST_CHECK hook	ima: Integrate with digest_cache LSM	- - -	---	2024-02-14	Roberto Sassu		Handled Elsewhere
[RFC,1/8] ima: Introduce hook DIGEST_LIST_CHECK	ima: Integrate with digest_cache LSM	- - -	---	2024-02-14	Roberto Sassu		Handled Elsewhere
[GIT,PULL] Landlock fixes for v6.8-rc5	[GIT,PULL] Landlock fixes for v6.8-rc5	- - -	---	2024-02-14	Mickaël Salaün		Handled Elsewhere
[v9,8/8] landlock: Document IOCTL support	Landlock: IOCTL support	- - -	---	2024-02-09	Günther Noack		Handled Elsewhere
[v9,7/8] samples/landlock: Add support for LANDLOCK_ACCESS_FS_IOCTL	Landlock: IOCTL support	- - -	---	2024-02-09	Günther Noack		Handled Elsewhere
[v9,6/8] selftests/landlock: Check IOCTL restrictions for named UNIX domain sockets	Landlock: IOCTL support	- - -	---	2024-02-09	Günther Noack		Handled Elsewhere
[v9,5/8] selftests/landlock: Test IOCTLs on named pipes	Landlock: IOCTL support	- - -	---	2024-02-09	Günther Noack		Handled Elsewhere
[v9,4/8] selftests/landlock: Test ioctl(2) and ftruncate(2) with open(O_PATH)	Landlock: IOCTL support	- - -	---	2024-02-09	Günther Noack		Handled Elsewhere
[v9,3/8] selftests/landlock: Test IOCTL with memfds	Landlock: IOCTL support	- - -	---	2024-02-09	Günther Noack		Handled Elsewhere
[v9,2/8] selftests/landlock: Test IOCTL support	Landlock: IOCTL support	- - -	---	2024-02-09	Günther Noack		Handled Elsewhere
[v9,1/8] landlock: Add IOCTL access right	Landlock: IOCTL support	- - -	---	2024-02-09	Günther Noack		Handled Elsewhere
[v3,13/13] docs: Add documentation of the digest_cache LSM	security: digest_cache LSM	- - -	---	2024-02-09	Roberto Sassu	pcmoore	Superseded
[v3,12/13] selftests/digest_cache: Add selftests for digest_cache LSM	security: digest_cache LSM	- - -	---	2024-02-09	Roberto Sassu	pcmoore	Superseded
[v3,11/13] digest_cache: Reset digest cache on file/directory change	security: digest_cache LSM	- - -	---	2024-02-09	Roberto Sassu	pcmoore	Superseded
[v3,10/13] digest cache: Prefetch digest lists if requested	security: digest_cache LSM	- - -	---	2024-02-09	Roberto Sassu	pcmoore	Superseded
[v3,09/13] digest_cache: Add support for directories	security: digest_cache LSM	- - -	---	2024-02-09	Roberto Sassu	pcmoore	Superseded
[v3,08/13] digest_cache: Add management of verification data	security: digest_cache LSM	- - -	---	2024-02-09	Roberto Sassu	pcmoore	Superseded
[v3,07/13] digest_cache: Parse rpm digest lists	security: digest_cache LSM	- - -	---	2024-02-09	Roberto Sassu	pcmoore	Superseded
[v3,06/13] digest_cache: Parse tlv digest lists	security: digest_cache LSM	- - -	---	2024-02-09	Roberto Sassu	pcmoore	Superseded
[v3,05/13] digest_cache: Populate the digest cache from a digest list	security: digest_cache LSM	- - -	---	2024-02-09	Roberto Sassu	pcmoore	Superseded
[v3,04/13] digest_cache: Add hash tables and operations	security: digest_cache LSM	- - -	---	2024-02-09	Roberto Sassu	pcmoore	Superseded
[v3,03/13] digest_cache: Add securityfs interface	security: digest_cache LSM	- - -	---	2024-02-09	Roberto Sassu	pcmoore	Superseded
[v3,02/13] security: Introduce the digest_cache LSM	security: digest_cache LSM	- - -	---	2024-02-09	Roberto Sassu	pcmoore	Superseded
[v3,01/13] lib: Add TLV parser	security: digest_cache LSM	- - -	---	2024-02-09	Roberto Sassu	pcmoore	Superseded
[v9,4/4] bpf: Only enable BPF LSM hooks when an LSM program is attached	Reduce overhead of LSMs with static calls	3 2 -	---	2024-02-07	KP Singh	pcmoore	Changes Requested
[v9,3/4] security: Replace indirect LSM hook calls with static calls	Reduce overhead of LSMs with static calls	2 2 -	---	2024-02-07	KP Singh	pcmoore	Changes Requested
[v9,2/4] security: Count the LSMs enabled at compile time	Reduce overhead of LSMs with static calls	2 1 -	---	2024-02-07	KP Singh	pcmoore	Changes Requested
[v9,1/4] kernel: Add helper macros for loop unrolling	Reduce overhead of LSMs with static calls	2 2 -	---	2024-02-07	KP Singh	pcmoore	Changes Requested
[v3,3/3] fs/exec: remove current->in_execve flag	fs/exec: remove current->in_execve flag	1 - -	---	2024-02-06	Tetsuo Handa	pcmoore	Under Review
[v3,2/3] tomoyo: replace current->in_execve flag with security_execve_abort() hook	fs/exec: remove current->in_execve flag	1 - -	---	2024-02-06	Tetsuo Handa	pcmoore	Under Review
[v3,1/3] LSM: add security_execve_abort() hook	fs/exec: remove current->in_execve flag	1 - -	---	2024-02-06	Tetsuo Handa	pcmoore	Under Review
[5.4,4.19] lsm: new security_file_ioctl_compat() hook	[5.4,4.19] lsm: new security_file_ioctl_compat() hook	- 1 -	---	2024-02-06	Eric Biggers	pcmoore	Handled Elsewhere
[v2,9/9] ima: Record i_version of real_inode for change detection	evm: Support signatures on stacked filesystem	- - -	---	2024-02-05	Stefan Berger		Handled Elsewhere
[v2,8/9] evm: Rename is_unsupported_fs to is_unsupported_hmac_fs	evm: Support signatures on stacked filesystem	- - -	---	2024-02-05	Stefan Berger		Handled Elsewhere
[v2,7/9] fs: Rename SB_I_EVM_UNSUPPORTED to SB_I_EVM_HMAC_UNSUPPORTED	evm: Support signatures on stacked filesystem	1 - -	---	2024-02-05	Stefan Berger		Handled Elsewhere
[v2,6/9] evm: Enforce signatures on unsupported filesystem for EVM_INIT_X509	evm: Support signatures on stacked filesystem	- - -	---	2024-02-05	Stefan Berger		Handled Elsewhere
[v2,5/9] evm: Use the inode holding the metadata to calculate metadata hash	evm: Support signatures on stacked filesystem	1 - -	---	2024-02-05	Stefan Berger		Handled Elsewhere
[v2,4/9] ima: Reset EVM status upon detecting changes to the real file	evm: Support signatures on stacked filesystem	- - -	---	2024-02-05	Stefan Berger		Handled Elsewhere
[v2,3/9] evm: Implement per signature type decision in security_inode_copy_up_xattr	evm: Support signatures on stacked filesystem	- - -	---	2024-02-05	Stefan Berger		Handled Elsewhere
[v2,2/9] security: allow finer granularity in permitting copy-up of security xattrs	evm: Support signatures on stacked filesystem	2 - -	---	2024-02-05	Stefan Berger		Handled Elsewhere
[v2,1/9] ima: Rename backing_inode to real_inode	evm: Support signatures on stacked filesystem	1 - -	---	2024-02-05	Stefan Berger		Handled Elsewhere
[v2,1/1] netlabel: cleanup struct netlbl_lsm_catmap	[v2,1/1] netlabel: cleanup struct netlbl_lsm_catmap	1 - -	---	2024-02-04	George Guo	pcmoore	Handled Elsewhere
[v2,3/3] fs/exec: remove current->in_execve flag	fs/exec: remove current->in_execve flag	- 1 -	---	2024-02-03	Tetsuo Handa	pcmoore	Superseded
[v2,2/3] tomoyo: replace current->in_execve flag with security_execve_abort() hook	fs/exec: remove current->in_execve flag	- 1 -	---	2024-02-03	Tetsuo Handa	pcmoore	Superseded
[v2,1/3] LSM: add security_execve_abort() hook	fs/exec: remove current->in_execve flag	- 1 -	---	2024-02-03	Tetsuo Handa	pcmoore	Superseded
[1/1] Modify macro NETLBL_CATMAP_MAPTYPE to define a type using typedef	[1/1] Modify macro NETLBL_CATMAP_MAPTYPE to define a type using typedef	- - -	---	2024-02-02	George Guo	pcmoore	Handled Elsewhere
apparmor: use kvfree_sensitive to free data->data	apparmor: use kvfree_sensitive to free data->data	- - -	---	2024-02-01	Fedor Pchelkin		Handled Elsewhere

« 1 2 ... 5 6 7 … 155 156 »