Security modules development

Show patches with: none | 14612 patches

« 1 2 3 4 … 146 147 »

Patch	Series	A/R/T	S/W/F	Date	Submitter	State
[16/16] vfs: return -EOPNOTSUPP for fscaps from vfs_*xattr()	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee (DigitalOcean)	New
[15/16] commoncap: use vfs fscaps interfaces for killpriv checks	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee (DigitalOcean)	New
[14/16] commoncap: remove cap_inode_getsecurity()	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee (DigitalOcean)	New
[13/16] fs: use vfs interfaces for capabilities xattrs	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee (DigitalOcean)	New
[12/16] ovl: use vfs_{get,set}_fscaps() for copy-up	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee (DigitalOcean)	New
[11/16] ovl: add fscaps handlers	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee (DigitalOcean)	New
[10/16] fs: add vfs_remove_fscaps()	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee (DigitalOcean)	New
[09/16] fs: add vfs_set_fscaps()	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee (DigitalOcean)	New
[08/16] fs: add vfs_get_fscaps()	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee (DigitalOcean)	New
[07/16] fs: add inode operations to get/set/remove fscaps	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee (DigitalOcean)	New
[06/16] capability: provide a helper for converting vfs_caps to xattr for userspace	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee (DigitalOcean)	New
[05/16] capability: provide helpers for converting between xattrs and vfs_caps	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee (DigitalOcean)	New
[04/16] capability: use vfsuid_t for vfs_caps rootids	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee (DigitalOcean)	New
[03/16] capability: rename cpu_vfs_cap_data to vfs_caps	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee (DigitalOcean)	New
[02/16] mnt_idmapping: include cred.h	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee (DigitalOcean)	New
[01/16] mnt_idmapping: split out core vfs[ug]id_t definitions into vfsid.h	fs: use type-safe uid representation for filesystem capabilities	- - -	---	2023-11-29	Seth Forshee (DigitalOcean)	New
[v14,bpf-next,6/6] selftests/bpf: Add test that uses fsverity and xattr to sign a file	bpf: File verification with LSM and fsverity	- - -	---	2023-11-29	Song Liu	New
[v14,bpf-next,5/6] selftests/bpf: Add tests for filesystem kfuncs	bpf: File verification with LSM and fsverity	- - -	---	2023-11-29	Song Liu	New
[v14,bpf-next,4/6] selftests/bpf: Sort config in alphabetic order	bpf: File verification with LSM and fsverity	- - -	---	2023-11-29	Song Liu	New
[v14,bpf-next,3/6] Documentation/bpf: Add documentation for filesystem kfuncs	bpf: File verification with LSM and fsverity	- - -	---	2023-11-29	Song Liu	New
[v14,bpf-next,2/6] bpf, fsverity: Add kfunc bpf_get_fsverity_digest	bpf: File verification with LSM and fsverity	1 - -	---	2023-11-29	Song Liu	New
[v14,bpf-next,1/6] bpf: Add kfunc bpf_get_file_xattr	bpf: File verification with LSM and fsverity	2 - -	---	2023-11-29	Song Liu	New
[4/4] listmount: allow continuing	listmount changes	- - -	---	2023-11-28	Miklos Szeredi	New
[3/4] listmount: small changes in semantics	listmount changes	- - -	---	2023-11-28	Miklos Szeredi	New
[2/4] listmount: list mounts in ID order	listmount changes	- - -	---	2023-11-28	Miklos Szeredi	New
[1/4] listmount: rip out flags	listmount changes	- - -	---	2023-11-28	Miklos Szeredi	New
[v11,bpf-next,17/17] bpf,selinux: allocate bpf_security_struct per BPF token	BPF token and BPF FS-based delegation	- - -	---	2023-11-27	Andrii Nakryiko	New
[v11,bpf-next,16/17] selftests/bpf: add BPF token-enabled tests	BPF token and BPF FS-based delegation	- - -	---	2023-11-27	Andrii Nakryiko	New
[v11,bpf-next,15/17] libbpf: add BPF token support to bpf_prog_load() API	BPF token and BPF FS-based delegation	- - -	---	2023-11-27	Andrii Nakryiko	New
[v11,bpf-next,14/17] libbpf: add BPF token support to bpf_btf_load() API	BPF token and BPF FS-based delegation	- - -	---	2023-11-27	Andrii Nakryiko	New
[v11,bpf-next,13/17] libbpf: add BPF token support to bpf_map_create() API	BPF token and BPF FS-based delegation	- - -	---	2023-11-27	Andrii Nakryiko	New
[v11,bpf-next,12/17] libbpf: add bpf_token_create() API	BPF token and BPF FS-based delegation	- - -	---	2023-11-27	Andrii Nakryiko	New
[v11,bpf-next,11/17] bpf,lsm: add BPF token LSM hooks	BPF token and BPF FS-based delegation	1 - -	---	2023-11-27	Andrii Nakryiko	New
[v11,bpf-next,10/17] bpf,lsm: refactor bpf_map_alloc/bpf_map_free LSM hooks	BPF token and BPF FS-based delegation	1 - -	---	2023-11-27	Andrii Nakryiko	New
[v11,bpf-next,09/17] bpf,lsm: refactor bpf_prog_alloc/bpf_prog_free LSM hooks	BPF token and BPF FS-based delegation	1 - -	---	2023-11-27	Andrii Nakryiko	New
[v11,bpf-next,08/17] bpf: consistently use BPF token throughout BPF verifier logic	BPF token and BPF FS-based delegation	- - -	---	2023-11-27	Andrii Nakryiko	New
[v11,bpf-next,07/17] bpf: take into account BPF token when fetching helper protos	BPF token and BPF FS-based delegation	- - -	---	2023-11-27	Andrii Nakryiko	New
[v11,bpf-next,06/17] bpf: add BPF token support to BPF_PROG_LOAD command	BPF token and BPF FS-based delegation	- - -	---	2023-11-27	Andrii Nakryiko	New
[v11,bpf-next,05/17] bpf: add BPF token support to BPF_BTF_LOAD command	BPF token and BPF FS-based delegation	- - -	---	2023-11-27	Andrii Nakryiko	New
[v11,bpf-next,04/17] bpf: add BPF token support to BPF_MAP_CREATE command	BPF token and BPF FS-based delegation	- - -	---	2023-11-27	Andrii Nakryiko	New
[v11,bpf-next,03/17] bpf: introduce BPF token object	BPF token and BPF FS-based delegation	- - -	---	2023-11-27	Andrii Nakryiko	New
[v11,bpf-next,02/17] bpf: add BPF token delegation mount options to BPF FS	BPF token and BPF FS-based delegation	- - -	---	2023-11-27	Andrii Nakryiko	New
[v11,bpf-next,01/17] bpf: align CAP_NET_ADMIN checks with bpf_capable() approach	BPF token and BPF FS-based delegation	1 - -	---	2023-11-27	Andrii Nakryiko	New
apparmor: free the allocated pdb objects	apparmor: free the allocated pdb objects	1 - -	---	2023-11-27	Fedor Pchelkin	New
[v6,9/9] landlock: Document IOCTL support	Landlock: IOCTL support	- - -	---	2023-11-24	Günther Noack	New
[v6,8/9] samples/landlock: Add support for LANDLOCK_ACCESS_FS_IOCTL	Landlock: IOCTL support	- - -	---	2023-11-24	Günther Noack	New
[v6,7/9] selftests/landlock: Test ioctl(2) and ftruncate(2) with open(O_PATH)	Landlock: IOCTL support	- - -	---	2023-11-24	Günther Noack	New
[v6,6/9] selftests/landlock: Test IOCTL with memfds	Landlock: IOCTL support	- - -	---	2023-11-24	Günther Noack	New
[v6,5/9] selftests/landlock: Test IOCTL support	Landlock: IOCTL support	- - -	---	2023-11-24	Günther Noack	New
[v6,4/9] landlock: Add IOCTL access right	Landlock: IOCTL support	- - -	---	2023-11-24	Günther Noack	New
[v6,3/9] landlock: Optimize the number of calls to get_access_mask slightly	Landlock: IOCTL support	- - -	---	2023-11-24	Günther Noack	New
[v6,2/9] selftests/landlock: Rename "permitted" to "allowed" in ftruncate tests	Landlock: IOCTL support	- - -	---	2023-11-24	Günther Noack	New
[v6,1/9] landlock: Remove remaining "inline" modifiers in .c files	Landlock: IOCTL support	- - -	---	2023-11-24	Günther Noack	New
[v13,bpf-next,6/6] selftests/bpf: Add test that uses fsverity and xattr to sign a file	bpf: File verification with LSM and fsverity	- - -	---	2023-11-23	Song Liu	New
[v13,bpf-next,5/6] selftests/bpf: Add tests for filesystem kfuncs	bpf: File verification with LSM and fsverity	- - -	---	2023-11-23	Song Liu	New
[v13,bpf-next,4/6] selftests/bpf: Sort config in alphabetic order	bpf: File verification with LSM and fsverity	- - -	---	2023-11-23	Song Liu	New
[v13,bpf-next,3/6] Documentation/bpf: Add documentation for filesystem kfuncs	bpf: File verification with LSM and fsverity	- - -	---	2023-11-23	Song Liu	New
[v13,bpf-next,2/6] bpf, fsverity: Add kfunc bpf_get_fsverity_digest	bpf: File verification with LSM and fsverity	1 - -	---	2023-11-23	Song Liu	New
[v13,bpf-next,1/6] bpf: Add kfunc bpf_get_file_xattr	bpf: File verification with LSM and fsverity	1 - -	---	2023-11-23	Song Liu	New
[net,v2] calipso: Fix memory leak in netlbl_calipso_add_pass()	[net,v2] calipso: Fix memory leak in netlbl_calipso_add_pass()	1 - -	---	2023-11-23	Gavrilov Ilia	New
selftests: remove the LSM_ID_IMA check in lsm/lsm_list_modules_test	selftests: remove the LSM_ID_IMA check in lsm/lsm_list_modules_test	1 - -	---	2023-11-22	Paul Moore	New
[RFC,v2,6/6] selftests/bpf: Add selftests for set_mempolicy with a lsm prog	mm, security, bpf: Fine-grained control over memory policy adjustments with lsm bpf	- - -	---	2023-11-22	Yafang Shao	New
[RFC,v2,5/6] security: selinux: Implement set_mempolicy hook	mm, security, bpf: Fine-grained control over memory policy adjustments with lsm bpf	- - -	---	2023-11-22	Yafang Shao	New
[RFC,v2,4/6] mm, security: Add lsm hook for memory policy adjustment	mm, security, bpf: Fine-grained control over memory policy adjustments with lsm bpf	- - -	---	2023-11-22	Yafang Shao	New
[RFC,v2,3/6] mm, security: Fix missed security_task_movememory() in mbind(2)	mm, security, bpf: Fine-grained control over memory policy adjustments with lsm bpf	- - -	---	2023-11-22	Yafang Shao	New
[RFC,v2,2/6] mm: mempolicy: Revise comment regarding mempolicy mode flags	mm, security, bpf: Fine-grained control over memory policy adjustments with lsm bpf	- 1 -	---	2023-11-22	Yafang Shao	New
[RFC,v2,1/6] mm, doc: Add doc for MPOL_F_NUMA_BALANCING	mm, security, bpf: Fine-grained control over memory policy adjustments with lsm bpf	- 1 -	---	2023-11-22	Yafang Shao	New
[net] calipso: Fix memory leak in netlbl_calipso_add_pass()	[net] calipso: Fix memory leak in netlbl_calipso_add_pass()	- - -	---	2023-11-22	Gavrilov Ilia	New
apparmor: make stack_msg static	apparmor: make stack_msg static	- - -	---	2023-11-22	Ben Dooks	New
[v1,2/2] selftests/landlock: Add tests to check unhandled rule's access rights	Extend Landlock test to improve rule's coverage	- 1 -	---	2023-11-20	Mickaël Salaün	Handled Elsewhere
[v1,1/2] selftests/landlock: Add tests to check undefined rule's access rights	Extend Landlock test to improve rule's coverage	- 1 -	---	2023-11-20	Mickaël Salaün	Handled Elsewhere
[v5,7/7] landlock: Document IOCTL support	Landlock: IOCTL support	- - -	---	2023-11-17	Günther Noack	Handled Elsewhere
[v5,6/7] samples/landlock: Add support for LANDLOCK_ACCESS_FS_IOCTL	Landlock: IOCTL support	- - -	---	2023-11-17	Günther Noack	Handled Elsewhere
[v5,5/7] selftests/landlock: Test ioctl(2) and ftruncate(2) with open(O_PATH)	Landlock: IOCTL support	- - -	---	2023-11-17	Günther Noack	Handled Elsewhere
[v5,4/7] selftests/landlock: Test IOCTL with memfds	Landlock: IOCTL support	- - -	---	2023-11-17	Günther Noack	Handled Elsewhere
[v5,3/7] selftests/landlock: Test IOCTL support	Landlock: IOCTL support	- - -	---	2023-11-17	Günther Noack	Handled Elsewhere
[v5,2/7] landlock: Add IOCTL access right	Landlock: IOCTL support	- - -	---	2023-11-17	Günther Noack	Handled Elsewhere
[v5,1/7] landlock: Optimize the number of calls to get_access_mask slightly	Landlock: IOCTL support	- - -	---	2023-11-17	Günther Noack	Handled Elsewhere
[v3,5/5] ramfs: Initialize security of in-memory inodes	Smack transmute fixes	- - -	---	2023-11-16	Roberto Sassu	Handled Elsewhere
[v3,4/5] smack: Initialize the in-memory inode in smack_inode_init_security()	Smack transmute fixes	- - -	---	2023-11-16	Roberto Sassu	Handled Elsewhere
[v3,3/5] smack: Always determine inode labels in smack_inode_init_security()	Smack transmute fixes	- - -	---	2023-11-16	Roberto Sassu	Handled Elsewhere
[v3,2/5] smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity()	Smack transmute fixes	- - -	---	2023-11-16	Roberto Sassu	Handled Elsewhere
[v3,1/5] smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr()	Smack transmute fixes	- - -	---	2023-11-16	Roberto Sassu	Handled Elsewhere
[RFC,v2,19/19] virt: Add Heki KUnit tests	Hypervisor-Enforced Kernel Integrity	- - -	---	2023-11-13	Mickaël Salaün	Handled Elsewhere
[RFC,v2,18/19] heki: x86: Protect guest kernel memory using the KVM hypervisor	Hypervisor-Enforced Kernel Integrity	- - -	---	2023-11-13	Mickaël Salaün	Handled Elsewhere
[RFC,v2,17/19] heki: x86: Update permissions counters during text patching	Hypervisor-Enforced Kernel Integrity	- - -	---	2023-11-13	Mickaël Salaün	Handled Elsewhere
[RFC,v2,16/19] heki: x86: Update permissions counters when guest page permissions change	Hypervisor-Enforced Kernel Integrity	- - -	---	2023-11-13	Mickaël Salaün	Handled Elsewhere
[RFC,v2,15/19] heki: x86: Initialize permissions counters for pages in vmap()/vunmap()	Hypervisor-Enforced Kernel Integrity	- - -	---	2023-11-13	Mickaël Salaün	Handled Elsewhere
[RFC,v2,14/19] heki: x86: Initialize permissions counters for pages mapped into KVA	Hypervisor-Enforced Kernel Integrity	- - -	---	2023-11-13	Mickaël Salaün	Handled Elsewhere
[RFC,v2,13/19] heki: Implement a kernel page table walker	Hypervisor-Enforced Kernel Integrity	- - -	---	2023-11-13	Mickaël Salaün	Handled Elsewhere
[RFC,v2,12/19] x86: Implement the Memory Table feature to store arbitrary per-page data	Hypervisor-Enforced Kernel Integrity	- - -	---	2023-11-13	Mickaël Salaün	Handled Elsewhere
[RFC,v2,11/19] KVM: x86: Add new hypercall to set EPT permissions	Hypervisor-Enforced Kernel Integrity	- - -	---	2023-11-13	Mickaël Salaün	Handled Elsewhere
[RFC,v2,10/19] KVM: x86: Implement per-guest-page permissions	Hypervisor-Enforced Kernel Integrity	- - -	---	2023-11-13	Mickaël Salaün	Handled Elsewhere
[RFC,v2,09/19] KVM: x86: Extend kvm_range_has_memory_attributes() with match_all	Hypervisor-Enforced Kernel Integrity	- - -	---	2023-11-13	Mickaël Salaün	Handled Elsewhere
[RFC,v2,08/19] KVM: x86: Extend kvm_vm_set_mem_attributes() with a mask	Hypervisor-Enforced Kernel Integrity	- - -	---	2023-11-13	Mickaël Salaün	Handled Elsewhere
[RFC,v2,07/19] KVM: x86: Make memory attribute helpers more generic	Hypervisor-Enforced Kernel Integrity	- - -	---	2023-11-13	Mickaël Salaün	Handled Elsewhere
[RFC,v2,06/19] KVM: x86: Add kvm_x86_ops.fault_gva()	Hypervisor-Enforced Kernel Integrity	- - -	---	2023-11-13	Mickaël Salaün	Handled Elsewhere
[RFC,v2,05/19] KVM: VMX: Add MBEC support	Hypervisor-Enforced Kernel Integrity	- - -	---	2023-11-13	Mickaël Salaün	Handled Elsewhere
[RFC,v2,04/19] heki: Lock guest control registers at the end of guest kernel init	Hypervisor-Enforced Kernel Integrity	- - -	---	2023-11-13	Mickaël Salaün	Handled Elsewhere
[RFC,v2,03/19] KVM: x86: Add notifications for Heki policy configuration and violation	Hypervisor-Enforced Kernel Integrity	- - -	---	2023-11-13	Mickaël Salaün	Handled Elsewhere

« 1 2 3 4 … 146 147 »