Security modules development

Show patches with: Archived = No | 5655 patches

« 1 2 3 4 … 56 57 »

Patch	Series	A/R/T	S/W/F	Date	Submitter	State
[GIT,PULL] Smack patches for 6.15	[GIT,PULL] Smack patches for 6.15	- - -	---	2025-03-25	Casey Schaufler	New
ima: process_measurement() needlessly takes inode_lock() on MAY_READ	ima: process_measurement() needlessly takes inode_lock() on MAY_READ	- - -	---	2025-03-25	Frederick Lawler	New
[GIT,PULL] IPE update for 6.15	[GIT,PULL] IPE update for 6.15	- - -	---	2025-03-24	Fan Wu	New
[GIT,PULL] selinux/selinux-pr-20250323	[GIT,PULL] selinux/selinux-pr-20250323	- - -	---	2025-03-23	Paul Moore	New
[GIT,PULL] lsm/lsm-pr-20250323	[GIT,PULL] lsm/lsm-pr-20250323	- - -	---	2025-03-23	Paul Moore	New
[RFC,v2,13/13] ima: don't re-invalidate unsupported PCR banks after kexec	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-23	Nicolai Stange	New
[RFC,v2,12/13] ima: make ima_free_tfm()'s linkage extern	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-23	Nicolai Stange	New
[RFC,v2,11/13] ima: introduce ima_pcr_invalidated_banks() helper	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-23	Nicolai Stange	New
[RFC,v2,10/13] tpm: authenticate tpm2_pcr_read()	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-23	Nicolai Stange	New
[RFC,v2,09/13] ima: invalidate unsupported PCR banks only once	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-23	Nicolai Stange	New
[RFC,v2,08/13] ima: track the set of PCRs ever extended	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-23	Nicolai Stange	New
[RFC,v2,07/13] tpm: enable bank selection for PCR extend	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-23	Nicolai Stange	New
[RFC,v2,06/13] ima: move INVALID_PCR() to ima.h	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-23	Nicolai Stange	New
[RFC,v2,05/13] ima: select CRYPTO_SHA256 from Kconfig	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-23	Nicolai Stange	New
[RFC,v2,04/13] ima: make SHA1 non-mandatory	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-23	Nicolai Stange	New
[RFC,v2,03/13] ima: invalidate unsupported PCR banks	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-23	Nicolai Stange	New
[RFC,v2,02/13] ima: always create runtime_measurements sysfs file for ima_hash	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-23	Nicolai Stange	New
[RFC,v2,01/13] ima: don't expose runtime_measurements for unsupported hashes	ima: get rid of hard dependency on SHA-1	- 1 -	---	2025-03-23	Nicolai Stange	New
Revert "integrity: Do not load MOK and MOKx when secure boot be disabled"	Revert "integrity: Do not load MOK and MOKx when secure boot be disabled"	- 1 -	---	2025-03-20	Lennart Poettering	Handled Elsewhere
[v3,5/5] Audit: Add record for multiple object contexts	[v3,1/5] Audit: Create audit_stamp structure	- - -	---	2025-03-19	Casey Schaufler	New
[v3,4/5] Audit: multiple subject lsm values for netlabel	[v3,1/5] Audit: Create audit_stamp structure	- - -	---	2025-03-19	Casey Schaufler	New
[v3,3/5] Audit: Add record for multiple task security contexts	[v3,1/5] Audit: Create audit_stamp structure	- - -	---	2025-03-19	Casey Schaufler	New
[v3,2/5] LSM: security_lsmblob_to_secctx module selection	[v3,1/5] Audit: Create audit_stamp structure	- - -	---	2025-03-19	Casey Schaufler	New
[v3,1/5] Audit: Create audit_stamp structure	[v3,1/5] Audit: Create audit_stamp structure	- - -	---	2025-03-19	Casey Schaufler	New
[v2] keys: Fix UAF in key_put()	[v2] keys: Fix UAF in key_put()	- 1 1	---	2025-03-19	David Howells	Handled Elsewhere
apparmor: make __begin_current_label_crit_section() indicate whether put is needed	apparmor: make __begin_current_label_crit_section() indicate whether put is needed	- - -	---	2025-03-18	Mateusz Guzik	Handled Elsewhere
[v2,8/8] landlock: Document errata	Landlock signal scope fix and errata interface	- - -	---	2025-03-18	Mickaël Salaün	Handled Elsewhere
[v2,7/8] selftests/landlock: Add a new test for setuid()	Landlock signal scope fix and errata interface	- - -	---	2025-03-18	Mickaël Salaün	Handled Elsewhere
[v2,6/8] selftests/landlock: Split signal_scoping_threads tests	Landlock signal scope fix and errata interface	- - -	---	2025-03-18	Mickaël Salaün	Handled Elsewhere
[v2,5/8] landlock: Always allow signals between threads of the same process	Landlock signal scope fix and errata interface	1 - -	---	2025-03-18	Mickaël Salaün	Handled Elsewhere
[v2,4/8] landlock: Prepare to add second errata	Landlock signal scope fix and errata interface	- - -	---	2025-03-18	Mickaël Salaün	Handled Elsewhere
[v2,3/8] landlock: Add erratum for TCP fix	Landlock signal scope fix and errata interface	- - -	---	2025-03-18	Mickaël Salaün	Handled Elsewhere
[v2,2/8] landlock: Add the errata interface	Landlock signal scope fix and errata interface	- - -	---	2025-03-18	Mickaël Salaün	Handled Elsewhere
[v2,1/8] landlock: Move code to ease future backports	Landlock signal scope fix and errata interface	- - -	---	2025-03-18	Mickaël Salaün	Handled Elsewhere
keys: Fix UAF in key_put()	keys: Fix UAF in key_put()	- - 1	---	2025-03-18	David Howells	Handled Elsewhere
[v10,8/8] ima: measure kexec load and exec events as critical data	ima: kexec: measure events between kexec load and execute	- 1 -	---	2025-03-18	steven chen	Handled Elsewhere
[v10,7/8] ima: make the kexec extra memory configurable	ima: kexec: measure events between kexec load and execute	- 2 -	---	2025-03-18	steven chen	Handled Elsewhere
[v10,6/8] ima: kexec: move IMA log copy from kexec load to execute	ima: kexec: measure events between kexec load and execute	- 1 -	---	2025-03-18	steven chen	Handled Elsewhere
[v10,5/8] ima: kexec: define functions to copy IMA log at soft boot	ima: kexec: measure events between kexec load and execute	- 1 -	---	2025-03-18	steven chen	Handled Elsewhere
[v10,4/8] ima: kexec: skip IMA segment validation after kexec soft reboot	ima: kexec: measure events between kexec load and execute	1 2 -	---	2025-03-18	steven chen	Handled Elsewhere
[v10,3/8] kexec: define functions to map and unmap segments	ima: kexec: measure events between kexec load and execute	1 - -	---	2025-03-18	steven chen	Handled Elsewhere
[v10,2/8] ima: define and call ima_alloc_kexec_file_buf()	ima: kexec: measure events between kexec load and execute	- - -	---	2025-03-18	steven chen	Handled Elsewhere
[v10,1/8] ima: rename variable the ser_file "file" to "ima_kexec_file"	ima: kexec: measure events between kexec load and execute	- 1 -	---	2025-03-18	steven chen	Handled Elsewhere
[v2,2/2] smack: fix bug: setting task label silently ignores input garbage	smack: fix two bugs in setting task label	- - -	---	2025-03-15	Konstantin Andreev	Handled Elsewhere
[v2,1/2] smack: fix bug: unprivileged task can create labels	smack: fix two bugs in setting task label	- - -	---	2025-03-15	Konstantin Andreev	Handled Elsewhere
[v2] crypto: lib/Kconfig: hide library options	[v2] crypto: lib/Kconfig: hide library options	1 - -	---	2025-03-14	Arnd Bergmann	Handled Elsewhere
[RFC,1/1] fix NULL mnt [was Re: apparmor NULL pointer dereference on resume [efivarfs]]	[RFC,1/1] fix NULL mnt [was Re: apparmor NULL pointer dereference on resume [efivarfs]]	- - -	---	2025-03-14	James Bottomley	Handled Elsewhere
[v5] hwmon: (pmbus/tps53679) Add support for TPS53685	[v5] hwmon: (pmbus/tps53679) Add support for TPS53685	- - -	---	2025-03-14	Chiang Brian	New
[v5,1/1] ipe: add errno field to IPE policy load auditing	ipe: add errno field to IPE policy load auditing	- - -	---	2025-03-13	Jasjiv Singh	New
[RFC,v1,7/7] ima: make SHA1 non-mandatory	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-13	Nicolai Stange	Handled Elsewhere
[RFC,v1,6/7] ima: invalidate unsupported PCR banks once at first use	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-13	Nicolai Stange	Handled Elsewhere
[RFC,v1,5/7] tpm: enable bank selection for PCR extend	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-13	Nicolai Stange	Handled Elsewhere
[RFC,v1,4/7] ima: track the set of PCRs ever extended	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-13	Nicolai Stange	Handled Elsewhere
[RFC,v1,3/7] ima: move INVALID_PCR() to ima.h	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-13	Nicolai Stange	Handled Elsewhere
[RFC,v1,2/7] ima: always create runtime_measurements sysfs file for ima_hash	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-13	Nicolai Stange	Handled Elsewhere
[RFC,v1,1/7] ima: don't expose runtime_measurements for unsupported hashes	ima: get rid of hard dependency on SHA-1	- - -	---	2025-03-13	Nicolai Stange	Handled Elsewhere
[RFC,v1] landlock: Allow signals between threads of the same process	[RFC,v1] landlock: Allow signals between threads of the same process	1 - -	---	2025-03-13	Mickaël Salaün	Handled Elsewhere
RDMA/uverbs: Consider capability of the process that opens the file	RDMA/uverbs: Consider capability of the process that opens the file	- - -	---	2025-03-13	Parav Pandit	Handled Elsewhere
RDMA/uverbs: Fix CAP_NET_RAW check for flow create in user namespace	RDMA/uverbs: Fix CAP_NET_RAW check for flow create in user namespace	- - -	---	2025-03-08	Parav Pandit	Handled Elsewhere
[v2,2/2] hardening: Enable i386 FORTIFY_SOURCE on Clang 16+	hardening: Enable i386 FORTIFY_SOURCE on Clang 16+	- 1 -	---	2025-03-08	Kees Cook	Handled Elsewhere
[v2,1/2] x86/build: Remove -ffreestanding on i386 with GCC	hardening: Enable i386 FORTIFY_SOURCE on Clang 16+	1 1 -	---	2025-03-08	Kees Cook	Handled Elsewhere
[2/2] smack: fix bug: setting task label silently ignores input garbage	smack: fix two bugs in setting task label	- - -	---	2025-03-06	Konstantin Andreev	Handled Elsewhere
[1/2] smack: fix bug: unprivileged task can create labels	smack: fix two bugs in setting task label	- - -	---	2025-03-06	Konstantin Andreev	Handled Elsewhere
[v1] samples/check-exec: Fix script name	[v1] samples/check-exec: Fix script name	- - -	---	2025-03-06	Mickaël Salaün	Handled Elsewhere
security/commoncap: don't assume "setid" if all ids are identical	security/commoncap: don't assume "setid" if all ids are identical	- - -	---	2025-03-06	Max Kellermann	Handled Elsewhere
[v9,7/7] ima: measure kexec load and exec events as critical data	ima: kexec: measure events between kexec load and execute	- 1 -	---	2025-03-04	steven chen	Handled Elsewhere
[v9,6/7] ima: make the kexec extra memory configurable	ima: kexec: measure events between kexec load and execute	- 2 -	---	2025-03-04	steven chen	Handled Elsewhere
[v9,5/7] ima: kexec: move IMA log copy from kexec load to execute	ima: kexec: measure events between kexec load and execute	- 1 -	---	2025-03-04	steven chen	Handled Elsewhere
[v9,4/7] ima: kexec: define functions to copy IMA log at soft boot	ima: kexec: measure events between kexec load and execute	- 1 -	---	2025-03-04	steven chen	Handled Elsewhere
[v9,3/7] ima: kexec: skip IMA segment validation after kexec soft reboot	ima: kexec: measure events between kexec load and execute	- 2 -	---	2025-03-04	steven chen	Handled Elsewhere
[v9,2/7] kexec: define functions to map and unmap segments	ima: kexec: measure events between kexec load and execute	- - -	---	2025-03-04	steven chen	Handled Elsewhere
[v9,1/7] ima: copy only complete measurement records across kexec	ima: kexec: measure events between kexec load and execute	- - -	---	2025-03-04	steven chen	Handled Elsewhere
[RFC,9/9] Enhance the sandboxer example to support landlock-supervise	Landlock supervise: a mechanism for interactive permission requests	- - -	---	2025-03-04	Tingmao Wang	Handled Elsewhere
[RFC,8/9] Implement fops for supervisor-fd	Landlock supervise: a mechanism for interactive permission requests	- - -	---	2025-03-04	Tingmao Wang	Handled Elsewhere
[RFC,7/9] Implement fdinfo for ruleset and supervisor fd	Landlock supervise: a mechanism for interactive permission requests	- - -	---	2025-03-04	Tingmao Wang	Handled Elsewhere
[RFC,6/9] Creating supervisor events for filesystem operations	Landlock supervise: a mechanism for interactive permission requests	- - -	---	2025-03-04	Tingmao Wang	Handled Elsewhere
[RFC,5/9] Define user structure for events and responses.	Landlock supervise: a mechanism for interactive permission requests	- - -	---	2025-03-04	Tingmao Wang	Handled Elsewhere
[RFC,4/9] User-space API for creating a supervisor-fd	Landlock supervise: a mechanism for interactive permission requests	- - -	---	2025-03-04	Tingmao Wang	Handled Elsewhere
[RFC,3/9] Adds a supervisor reference in the per-layer information	Landlock supervise: a mechanism for interactive permission requests	- - -	---	2025-03-04	Tingmao Wang	Handled Elsewhere
[RFC,2/9] Refactor per-layer information in rulesets and rules	Landlock supervise: a mechanism for interactive permission requests	- - -	---	2025-03-04	Tingmao Wang	Handled Elsewhere
[RFC,1/9] Define the supervisor and event structure	Landlock supervise: a mechanism for interactive permission requests	- - -	---	2025-03-04	Tingmao Wang	Handled Elsewhere
hardening: Enable i386 FORTIFY_SOURCE on Clang 16+	hardening: Enable i386 FORTIFY_SOURCE on Clang 16+	- 1 -	---	2025-03-03	Kees Cook	Handled Elsewhere
[man,v3,2/2] landlock.7: Add IPC scoping documentation in line with kernel side	landlock: Clarify IPC scoping documentation	- - -	---	2025-03-03	Günther Noack	Handled Elsewhere
[man,v3,1/2] landlock.7: Copy introductory description of Landlock rules	[man,v3,1/2] landlock.7: Copy introductory description of Landlock rules	- - -	---	2025-03-03	Günther Noack	Handled Elsewhere
[v3,1/1] landlock: Clarify IPC scoping documentation	landlock: Clarify IPC scoping documentation	- - -	---	2025-03-03	Günther Noack	Handled Elsewhere
[v2,01/11] coccinelle: Add script to reorder capable() calls	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 1 -	---	2025-03-02	Christian Göttsche	Handled Elsewhere
[v2,11/11] infiniband: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 1 -	---	2025-03-02	Christian Göttsche	Handled Elsewhere
[v2,10/11] skbuff: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 1 -	---	2025-03-02	Christian Göttsche	Handled Elsewhere
[v2,09/11] fs: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 2 -	---	2025-03-02	Christian Göttsche	Handled Elsewhere
[v2,08/11] ipv4: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 2 -	---	2025-03-02	Christian Göttsche	Handled Elsewhere
[v2,07/11] drm/panthor: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 2 -	---	2025-03-02	Christian Göttsche	Handled Elsewhere
[v2,06/11] ubifs: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	1 2 -	---	2025-03-02	Christian Göttsche	Handled Elsewhere
[v2,05/11] genwqe: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 1 -	---	2025-03-02	Christian Göttsche	Handled Elsewhere
[v2,04/11] hugetlbfs: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 1 -	---	2025-03-02	Christian Göttsche	Handled Elsewhere
[v2,03/11] ext4: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 2 -	---	2025-03-02	Christian Göttsche	Handled Elsewhere
[v2,02/11] quota: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 1 -	---	2025-03-02	Christian Göttsche	Handled Elsewhere
[V3] loadpin: remove MODULE_COMPRESS_NONE as it is no longer supported	[V3] loadpin: remove MODULE_COMPRESS_NONE as it is no longer supported	- - -	---	2025-03-02	Arulpandiyan Vadivel	Handled Elsewhere
[v3] ipe: add errno field to IPE policy load auditing	[v3] ipe: add errno field to IPE policy load auditing	- - -	---	2025-02-28	Jasjiv Singh	Handled Elsewhere
[1/1] security: Propagate caller information in bpf hooks	v2 security: Propagate caller information in bpf hooks	- - -	---	2025-02-28	Blaise Boscaccy	Changes Requested
[v2] ipe: add errno field to IPE policy load auditing	[v2] ipe: add errno field to IPE policy load auditing	- - -	---	2025-02-27	Jasjiv Singh	Handled Elsewhere

« 1 2 3 4 … 56 57 »