Security modules development

Show patches with: none | 17495 patches

« 1 2 3 4 … 174 175 »

Patch	Series	A/R/T	S/W/F	Date	Submitter	Delegate	State
[v9,5/7] ima: kexec: move IMA log copy from kexec load to execute	ima: kexec: measure events between kexec load and execute	- 1 -	---	2025-03-04	steven chen		Handled Elsewhere
[v9,4/7] ima: kexec: define functions to copy IMA log at soft boot	ima: kexec: measure events between kexec load and execute	- 1 -	---	2025-03-04	steven chen		Handled Elsewhere
[v9,3/7] ima: kexec: skip IMA segment validation after kexec soft reboot	ima: kexec: measure events between kexec load and execute	- 2 -	---	2025-03-04	steven chen		Handled Elsewhere
[v9,2/7] kexec: define functions to map and unmap segments	ima: kexec: measure events between kexec load and execute	- - -	---	2025-03-04	steven chen		Handled Elsewhere
[v9,1/7] ima: copy only complete measurement records across kexec	ima: kexec: measure events between kexec load and execute	- - -	---	2025-03-04	steven chen		Handled Elsewhere
lsm: rust: reword "destroy" -> "release" in SecurityCtx	lsm: rust: reword "destroy" -> "release" in SecurityCtx	1 1 -	---	2025-03-04	Alice Ryhl	pcmoore	Accepted
[v2] lsm: rust: mark SecurityCtx methods inline	[v2] lsm: rust: mark SecurityCtx methods inline	- 2 -	---	2025-03-04	Alice Ryhl	pcmoore	Accepted
[v2] cred: rust: mark Credential methods inline	[v2] cred: rust: mark Credential methods inline	- 3 -	---	2025-03-04	Alice Ryhl	pcmoore	Accepted
[RFC,9/9] Enhance the sandboxer example to support landlock-supervise	Landlock supervise: a mechanism for interactive permission requests	- - -	---	2025-03-04	Tingmao Wang		Handled Elsewhere
[RFC,8/9] Implement fops for supervisor-fd	Landlock supervise: a mechanism for interactive permission requests	- - -	---	2025-03-04	Tingmao Wang		Handled Elsewhere
[RFC,7/9] Implement fdinfo for ruleset and supervisor fd	Landlock supervise: a mechanism for interactive permission requests	- - -	---	2025-03-04	Tingmao Wang		Handled Elsewhere
[RFC,6/9] Creating supervisor events for filesystem operations	Landlock supervise: a mechanism for interactive permission requests	- - -	---	2025-03-04	Tingmao Wang		Handled Elsewhere
[RFC,5/9] Define user structure for events and responses.	Landlock supervise: a mechanism for interactive permission requests	- - -	---	2025-03-04	Tingmao Wang		Handled Elsewhere
[RFC,4/9] User-space API for creating a supervisor-fd	Landlock supervise: a mechanism for interactive permission requests	- - -	---	2025-03-04	Tingmao Wang		Handled Elsewhere
[RFC,3/9] Adds a supervisor reference in the per-layer information	Landlock supervise: a mechanism for interactive permission requests	- - -	---	2025-03-04	Tingmao Wang		Handled Elsewhere
[RFC,2/9] Refactor per-layer information in rulesets and rules	Landlock supervise: a mechanism for interactive permission requests	- - -	---	2025-03-04	Tingmao Wang		Handled Elsewhere
[RFC,1/9] Define the supervisor and event structure	Landlock supervise: a mechanism for interactive permission requests	- - -	---	2025-03-04	Tingmao Wang		Handled Elsewhere
[1/1] security: Propagate caller information in bpf hooks	security: Propagate caller information in bpf hooks	1 - -	---	2025-03-03	Blaise Boscaccy	pcmoore	Changes Requested
hardening: Enable i386 FORTIFY_SOURCE on Clang 16+	hardening: Enable i386 FORTIFY_SOURCE on Clang 16+	- 1 -	---	2025-03-03	Kees Cook		Handled Elsewhere
[man,v3,2/2] landlock.7: Add IPC scoping documentation in line with kernel side	landlock: Clarify IPC scoping documentation	- - -	---	2025-03-03	Günther Noack		Handled Elsewhere
[man,v3,1/2] landlock.7: Copy introductory description of Landlock rules	[man,v3,1/2] landlock.7: Copy introductory description of Landlock rules	- - -	---	2025-03-03	Günther Noack		Handled Elsewhere
[v3,1/1] landlock: Clarify IPC scoping documentation	landlock: Clarify IPC scoping documentation	- - -	---	2025-03-03	Günther Noack		Handled Elsewhere
lsm: rust: mark SecurityCtx methods inline	lsm: rust: mark SecurityCtx methods inline	- 1 -	---	2025-03-03	Alice Ryhl	pcmoore	Changes Requested
cred: rust: mark Credential methods inline	cred: rust: mark Credential methods inline	- 3 -	---	2025-03-03	Alice Ryhl	pcmoore	Changes Requested
[v2,01/11] coccinelle: Add script to reorder capable() calls	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 1 -	---	2025-03-02	Christian Göttsche		Handled Elsewhere
[v2,11/11] infiniband: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 1 -	---	2025-03-02	Christian Göttsche		Handled Elsewhere
[v2,10/11] skbuff: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 1 -	---	2025-03-02	Christian Göttsche		Handled Elsewhere
[v2,09/11] fs: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 2 -	---	2025-03-02	Christian Göttsche		Handled Elsewhere
[v2,08/11] ipv4: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 2 -	---	2025-03-02	Christian Göttsche		Handled Elsewhere
[v2,07/11] drm/panthor: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 2 -	---	2025-03-02	Christian Göttsche		Handled Elsewhere
[v2,06/11] ubifs: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	1 2 -	---	2025-03-02	Christian Göttsche		Handled Elsewhere
[v2,05/11] genwqe: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 1 -	---	2025-03-02	Christian Göttsche		Handled Elsewhere
[v2,04/11] hugetlbfs: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 1 -	---	2025-03-02	Christian Göttsche		Handled Elsewhere
[v2,03/11] ext4: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 2 -	---	2025-03-02	Christian Göttsche		Handled Elsewhere
[v2,02/11] quota: reorder capability check last	[v2,01/11] coccinelle: Add script to reorder capable() calls	- 1 -	---	2025-03-02	Christian Göttsche		Handled Elsewhere
[V3] loadpin: remove MODULE_COMPRESS_NONE as it is no longer supported	[V3] loadpin: remove MODULE_COMPRESS_NONE as it is no longer supported	- - -	---	2025-03-02	Arulpandiyan Vadivel		Handled Elsewhere
[v3] ipe: add errno field to IPE policy load auditing	[v3] ipe: add errno field to IPE policy load auditing	- - -	---	2025-02-28	Jasjiv Singh		Handled Elsewhere
[1/1] security: Propagate caller information in bpf hooks	v2 security: Propagate caller information in bpf hooks	- - -	---	2025-02-28	Blaise Boscaccy		Changes Requested
[v2] ipe: add errno field to IPE policy load auditing	[v2] ipe: add errno field to IPE policy load auditing	- - -	---	2025-02-27	Jasjiv Singh		Handled Elsewhere
[v2,3/3] landlock.7: Clarify IPC scoping documentation in line with kernel side	landlock: Clarify IPC scoping documentation	- - -	---	2025-02-26	Günther Noack		Handled Elsewhere
[v2,2/3] landlock.7: Move over documentation for ABI version 6	landlock: Clarify IPC scoping documentation	- - -	---	2025-02-26	Günther Noack		Handled Elsewhere
[v2,1/3] landlock.7: Update description of Landlock rules	[v2,1/3] landlock.7: Update description of Landlock rules	- - -	---	2025-02-26	Günther Noack		Handled Elsewhere
[v2,1/1] landlock: Clarify IPC scoping documentation	landlock: Clarify IPC scoping documentation	- - -	---	2025-02-26	Günther Noack		Handled Elsewhere
[GIT,PULL] Landlock fix for v6.14-rc5	[GIT,PULL] Landlock fix for v6.14-rc5	- - -	---	2025-02-26	Mickaël Salaün		Handled Elsewhere
[1/1] security: Propagate universal pointer data in bpf hooks	security: Propagate universal pointer data in bpf hooks	- - -	---	2025-02-26	Blaise Boscaccy	pcmoore	Changes Requested
selinux: add FILE__WATCH_MOUNTNS	selinux: add FILE__WATCH_MOUNTNS	1 - -	---	2025-02-24	Miklos Szeredi	pcmoore	Handled Elsewhere
[RFC,2/2] landlock: selftests for LANDLOCK_RESTRICT_SELF_TSYNC	landlock: Multithreaded policy enforcement	- - -	---	2025-02-21	Günther Noack		Handled Elsewhere
[RFC,1/2] landlock: Multithreading support for landlock_restrict_self()	landlock: Multithreaded policy enforcement	- - -	---	2025-02-21	Günther Noack		Handled Elsewhere
lsm,nfs: fix NFS4 memory leak of lsm_context	lsm,nfs: fix NFS4 memory leak of lsm_context	- - -	---	2025-02-21	Casey Schaufler		Handled Elsewhere
lsm,nfs: fix memory leak of lsm_context	lsm,nfs: fix memory leak of lsm_context	2 - -	---	2025-02-20	Stephen Smalley		Handled Elsewhere
[net-next] netlabel: Remove unused cfg_calipso funcs	[net-next] netlabel: Remove unused cfg_calipso funcs	- - -	---	2025-02-20	Dr. David Alan Gilbert	pcmoore	Rejected
yama: don't abuse rcu_read_lock/get_task_struct in yama_task_prctl()	yama: don't abuse rcu_read_lock/get_task_struct in yama_task_prctl()	- - -	---	2025-02-19	Oleg Nesterov		Handled Elsewhere
[v8,7/7] ima: measure kexec load and exec events as critical data	ima: kexec: measure events between kexec load and execute	- 1 -	---	2025-02-18	steven chen		Handled Elsewhere
[v8,6/7] ima: make the kexec extra memory configurable	ima: kexec: measure events between kexec load and execute	- 2 -	---	2025-02-18	steven chen		Handled Elsewhere
[v8,5/7] ima: kexec: move IMA log copy from kexec load to execute	ima: kexec: measure events between kexec load and execute	- 1 -	---	2025-02-18	steven chen		Handled Elsewhere
[v8,4/7] ima: kexec: define functions to copy IMA log at soft boot	ima: kexec: measure events between kexec load and execute	- 1 -	---	2025-02-18	steven chen		Handled Elsewhere
[v8,3/7] ima: kexec: skip IMA segment validation after kexec soft reboot	ima: kexec: measure events between kexec load and execute	- 2 -	---	2025-02-18	steven chen		Handled Elsewhere
[v8,2/7] kexec: define functions to map and unmap segments	ima: kexec: measure events between kexec load and execute	- - -	---	2025-02-18	steven chen		Handled Elsewhere
[v8,1/7] ima: define and call ima_alloc_kexec_file_buf	ima: kexec: measure events between kexec load and execute	- - -	---	2025-02-18	steven chen		Handled Elsewhere
[v7,7/7] ima: measure kexec load and exec events as critical data	ima: kexec: measure events between kexec load and execute	- 1 -	---	2025-02-18	steven chen		Handled Elsewhere
[v7,6/7] ima: make the kexec extra memory configurable	ima: kexec: measure events between kexec load and execute	- - -	---	2025-02-18	steven chen		Handled Elsewhere
[v7,5/7] ima: kexec: move IMA log copy from kexec load to execute	ima: kexec: measure events between kexec load and execute	- 1 -	---	2025-02-18	steven chen		Handled Elsewhere
[v7,4/7] ima: kexec: define functions to copy IMA log at soft boot	ima: kexec: measure events between kexec load and execute	- 2 -	---	2025-02-18	steven chen		Handled Elsewhere
[v7,3/7] ima: kexec: skip IMA segment validation after kexec soft reboot	ima: kexec: measure events between kexec load and execute	- - -	---	2025-02-18	steven chen		Handled Elsewhere
[v7,2/7] kexec: define functions to map and unmap segments	ima: kexec: measure events between kexec load and execute	- 2 -	---	2025-02-18	steven chen		Handled Elsewhere
[v7,1/7] ima: define and call ima_alloc_kexec_file_buf	ima: kexec: measure events between kexec load and execute	- 1 -	---	2025-02-18	steven chen		Handled Elsewhere
[v3,12/12] reboot: retire hw_protection_reboot and hw_protection_shutdown helpers	reboot: support runtime configuration of emergency hw_protection action	- 1 -	---	2025-02-17	Ahmad Fatoum		Handled Elsewhere
[v3,11/12] thermal: core: allow user configuration of hardware protection action	reboot: support runtime configuration of emergency hw_protection action	- 1 -	---	2025-02-17	Ahmad Fatoum		Handled Elsewhere
[v3,10/12] dt-bindings: thermal: give OS some leeway in absence of critical-action	reboot: support runtime configuration of emergency hw_protection action	1 - -	---	2025-02-17	Ahmad Fatoum		Handled Elsewhere
[v3,09/12] platform/chrome: cros_ec_lpc: prepare for hw_protection_shutdown removal	reboot: support runtime configuration of emergency hw_protection action	1 - -	---	2025-02-17	Ahmad Fatoum		Handled Elsewhere
[v3,08/12] regulator: allow user configuration of hardware protection action	reboot: support runtime configuration of emergency hw_protection action	- 3 -	---	2025-02-17	Ahmad Fatoum		Handled Elsewhere
[v3,07/12] reboot: add support for configuring emergency hardware protection action	reboot: support runtime configuration of emergency hw_protection action	- 1 -	---	2025-02-17	Ahmad Fatoum		Handled Elsewhere
[v3,06/12] reboot: indicate whether it is a HARDWARE PROTECTION reboot or shutdown	reboot: support runtime configuration of emergency hw_protection action	- 1 -	---	2025-02-17	Ahmad Fatoum		Handled Elsewhere
[v3,05/12] reboot: rename now misleading __hw_protection_shutdown symbols	reboot: support runtime configuration of emergency hw_protection action	- 1 -	---	2025-02-17	Ahmad Fatoum		Handled Elsewhere
[v3,04/12] reboot: describe do_kernel_restart's cmd argument in kernel-doc	reboot: support runtime configuration of emergency hw_protection action	- 1 -	---	2025-02-17	Ahmad Fatoum		Handled Elsewhere
[v3,03/12] docs: thermal: sync hardware protection doc with code	reboot: support runtime configuration of emergency hw_protection action	- 2 -	---	2025-02-17	Ahmad Fatoum		Handled Elsewhere
[v3,02/12] reboot: reboot, not shutdown, on hw_protection_reboot timeout	reboot: support runtime configuration of emergency hw_protection action	- 2 -	---	2025-02-17	Ahmad Fatoum		Handled Elsewhere
[v3,01/12] reboot: replace __hw_protection_shutdown bool action parameter with an enum	reboot: support runtime configuration of emergency hw_protection action	- 1 -	---	2025-02-17	Ahmad Fatoum		Handled Elsewhere
[net,v2] tcp: drop secpath at the same time as we currently drop dst	[net,v2] tcp: drop secpath at the same time as we currently drop dst	- 1 -	---	2025-02-17	Sabrina Dubroca		Handled Elsewhere
[RFC] ipe: add errno field to IPE policy load auditing	[RFC] ipe: add errno field to IPE policy load auditing	- - -	---	2025-02-14	Jasjiv Singh		Handled Elsewhere
[v3] fs: introduce getfsxattrat and setfsxattrat syscalls	[v3] fs: introduce getfsxattrat and setfsxattrat syscalls	1 - -	---	2025-02-11	Andrey Albershteyn	pcmoore	Changes Requested
[v1] selftests/landlock: Enable the new CONFIG_AF_UNIX_OOB	[v1] selftests/landlock: Enable the new CONFIG_AF_UNIX_OOB	1 - -	---	2025-02-11	Mickaël Salaün		Handled Elsewhere
selftests/landlock: add binaries to gitignore	selftests/landlock: add binaries to gitignore	- - -	---	2025-02-10	Bharadwaj Raju		Handled Elsewhere
[v1] trusted_dcp.c: Do not return in case of non-secure mode	[v1] trusted_dcp.c: Do not return in case of non-secure mode	- - -	---	2025-02-10	Kshitiz Varshney		Handled Elsewhere
lsm: fix a missing security_uring_allowed() prototype	lsm: fix a missing security_uring_allowed() prototype	- - -	---	2025-02-10	Paul Moore	pcmoore	Accepted
[RFC,v3,3/3] selftests/landlock: Test that MPTCP actions are not restricted	Fix non-TCP sockets restriction	- - -	---	2025-02-05	Mikhail Ivanov		Handled Elsewhere
[RFC,v3,2/3] selftests/landlock: Test TCP accesses with protocol=IPPROTO_TCP	Fix non-TCP sockets restriction	- - -	---	2025-02-05	Mikhail Ivanov		Handled Elsewhere
[RFC,v3,1/3] landlock: Fix non-TCP sockets restriction	Fix non-TCP sockets restriction	- - -	---	2025-02-05	Mikhail Ivanov		Handled Elsewhere
ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattr	ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattr	- - -	---	2025-02-04	Roberto Sassu		Handled Elsewhere
[v7,7/7] ima: measure kexec load and exec events as critical data	ima: kexec: measure events between kexec load and excute	- 1 -	---	2025-02-03	steven chen		Handled Elsewhere
[v7,6/7] ima: make the kexec extra memory configurable	ima: kexec: measure events between kexec load and excute	- - -	---	2025-02-03	steven chen		Handled Elsewhere
[v7,5/7] ima: kexec: move IMA log copy from kexec load to execute	ima: kexec: measure events between kexec load and excute	- 1 -	---	2025-02-03	steven chen		Handled Elsewhere
[v7,4/7] ima: kexec: define functions to copy IMA log at soft boot	Untitled series #930245	- 2 -	---	2025-02-03	steven chen		Handled Elsewhere
[v7,4/7] ima: kexec: define functions to copy IMA log at soft boot	ima: kexec: measure events between kexec load and excute	- 2 -	---	2025-02-03	steven chen		Handled Elsewhere
[v7,3/7] ima: kexec: skip IMA segment validation after kexec soft reboot	ima: kexec: measure events between kexec load and excute	- 1 -	---	2025-02-03	steven chen		Handled Elsewhere
[v7,2/7] kexec: define functions to map and unmap segments	ima: kexec: measure events between kexec load and excute	- 2 -	---	2025-02-03	steven chen		Handled Elsewhere
[v7,1/7] ima: define and call ima_alloc_kexec_file_buf	ima: kexec: measure events between kexec load and excute	- 1 -	---	2025-02-03	steven chen		Handled Elsewhere
[v7,7/7] ima: measure kexec load and exec events as critical data	ima: kexec: measure events between kexec load and excute	- 1 -	---	2025-02-03	steven chen		Handled Elsewhere
[v7,6/7] ima: make the kexec extra memory configurable	ima: kexec: measure events between kexec load and excute	- - -	---	2025-02-03	steven chen		Handled Elsewhere
[v7,4/7] ima: kexec: define functions to copy IMA log at soft boot	Untitled series #930146	- 2 -	---	2025-02-03	steven chen		Handled Elsewhere

« 1 2 3 4 … 174 175 »