Security modules development

Show patches with: none | 16326 patches

« 1 2 ... 3 4 5 … 163 164 »

Patch	Series	A/R/T	S/W/F	Date	Submitter	Delegate	State
[bpf-next,v4,06/20] lsm: Refactor return value of LSM hook getselfattr	Add return value range check for BPF LSM	- - -	---	2024-07-11	Xu Kuohai	pcmoore	Changes Requested
[bpf-next,v4,05/20] lsm: Refactor return value of LSM hook inode_copy_up_xattr	Add return value range check for BPF LSM	- - -	---	2024-07-11	Xu Kuohai	pcmoore	Changes Requested
[bpf-next,v4,04/20] lsm: Refactor return value of LSM hook inode_listsecurity	Add return value range check for BPF LSM	- - -	---	2024-07-11	Xu Kuohai	pcmoore	Changes Requested
[bpf-next,v4,03/20] lsm: Refactor return value of LSM hook inode_getsecurity	Add return value range check for BPF LSM	- - -	---	2024-07-11	Xu Kuohai	pcmoore	Changes Requested
[bpf-next,v4,02/20] lsm: Refactor return value of LSM hook inode_need_killpriv	Add return value range check for BPF LSM	- - -	---	2024-07-11	Xu Kuohai	pcmoore	Changes Requested
[bpf-next,v4,01/20] lsm: Refactor return value of LSM hook vm_enough_memory	Add return value range check for BPF LSM	- - -	---	2024-07-11	Xu Kuohai	pcmoore	Changes Requested
[v2,6/6] LSM: Infrastructure management of the perf_event security blob	LSM: Infrastructure blob allocation	- 1 -	---	2024-07-10	Casey Schaufler	pcmoore	Accepted
[v2,5/6] LSM: Infrastructure management of the infiniband blob	LSM: Infrastructure blob allocation	- 1 -	---	2024-07-10	Casey Schaufler	pcmoore	Accepted
[v2,4/6] LSM: Infrastructure management of the dev_tun blob	LSM: Infrastructure blob allocation	- 1 -	---	2024-07-10	Casey Schaufler	pcmoore	Accepted
[v2,3/6] LSM: Add helper for blob allocations	LSM: Infrastructure blob allocation	- 1 -	---	2024-07-10	Casey Schaufler	pcmoore	Accepted
[v2,2/6] LSM: Infrastructure management of the key security blob	LSM: Infrastructure blob allocation	- 1 -	---	2024-07-10	Casey Schaufler	pcmoore	Accepted
[v2,1/6] LSM: Infrastructure management of the sock security	LSM: Infrastructure blob allocation	2 2 -	---	2024-07-10	Casey Schaufler	pcmoore	Accepted
[v4,16/21] mm/mmap: Use vms accounted pages in mmap_region()	Untitled series #870217	- 3 -	---	2024-07-10	Liam R. Howlett	pcmoore	Handled Elsewhere
landlock: Clarify documentation for struct landlock_ruleset_attr	landlock: Clarify documentation for struct landlock_ruleset_attr	- 1 -	---	2024-07-10	Günther Noack		Handled Elsewhere
[RFC] lsm: add the inode_free_security_rcu() LSM implementation hook	[RFC] lsm: add the inode_free_security_rcu() LSM implementation hook	- - -	---	2024-07-10	Paul Moore		RFC
[v14,3/3] security: Replace indirect LSM hook calls with static calls	Reduce overhead of LSMs with static calls	2 2 -	---	2024-07-10	KP Singh	pcmoore	Accepted
[v14,2/3] security: Count the LSMs enabled at compile time	Reduce overhead of LSMs with static calls	2 2 -	---	2024-07-10	KP Singh	pcmoore	Accepted
[v14,1/3] kernel: Add helper macros for loop unrolling	Reduce overhead of LSMs with static calls	2 2 -	---	2024-07-10	KP Singh	pcmoore	Accepted
apparmor: domain: clean up duplicated parts of handle_onexec()	apparmor: domain: clean up duplicated parts of handle_onexec()	- - -	---	2024-07-09	Leesoo Ahn		Handled Elsewhere
[6/6] LSM: Infrastructure management of the perf_event security blob	LSM: Infrastructure blob allocation	- - -	---	2024-07-08	Casey Schaufler	pcmoore	Changes Requested
[5/6] LSM: Infrastructure management of the infiniband blob	LSM: Infrastructure blob allocation	- - -	---	2024-07-08	Casey Schaufler	pcmoore	Changes Requested
[4/6] LSM: Infrastructure management of the dev_tun blob	LSM: Infrastructure blob allocation	- - -	---	2024-07-08	Casey Schaufler	pcmoore	Changes Requested
[3/6] LSM: Add helper for blob allocations	LSM: Infrastructure blob allocation	- 1 -	---	2024-07-08	Casey Schaufler	pcmoore	Changes Requested
[2/6] LSM: Infrastructure management of the key security blob	LSM: Infrastructure blob allocation	- - -	---	2024-07-08	Casey Schaufler	pcmoore	Changes Requested
[1/6] LSM: Infrastructure management of the sock security	LSM: Infrastructure blob allocation	2 2 -	---	2024-07-08	Casey Schaufler	pcmoore	Accepted
binfmt_elf: Fail execution of shared objects with ELIBEXEC (was: Re: [RFC PATCH v19 1/5] exec: Add …	binfmt_elf: Fail execution of shared objects with ELIBEXEC (was: Re: [RFC PATCH v19 1/5] exec: Add …	- - -	---	2024-07-08	Florian Weimer		Handled Elsewhere
tpm: validate object type in tpm2_handle_mso()	tpm: validate object type in tpm2_handle_mso()	- - -	---	2024-07-07	Jarkko Sakkinen		Handled Elsewhere
[v1,2/2] Landlock: Signal scoping tests	[v1,1/2] Landlock: Add signal control	- - -	---	2024-07-05	Tahera Fahimi		Handled Elsewhere
[v1,1/2] Landlock: Add signal control	[v1,1/2] Landlock: Add signal control	- - -	---	2024-07-05	Tahera Fahimi		Handled Elsewhere
[0/2] Landlock: Add abstract unix socket connect reastriction		- - -	---	2024-07-05	Tahera Fahimi		Handled Elsewhere
[RFC,v19,5/5] samples/should-exec: Add set-should-exec	Script execution control (was O_MAYEXEC)	- - -	---	2024-07-04	Mickaël Salaün		Under Review
[RFC,v19,4/5] selftests/landlock: Add tests for execveat + AT_CHECK	Script execution control (was O_MAYEXEC)	- - -	---	2024-07-04	Mickaël Salaün		Under Review
[RFC,v19,3/5] selftests/exec: Add tests for AT_CHECK and related securebits	Script execution control (was O_MAYEXEC)	- - -	---	2024-07-04	Mickaël Salaün		Under Review
[RFC,v19,2/5] security: Add new SHOULD_EXEC_CHECK and SHOULD_EXEC_RESTRICT securebits	Script execution control (was O_MAYEXEC)	- - -	---	2024-07-04	Mickaël Salaün		Under Review
[RFC,v19,1/5] exec: Add a new AT_CHECK flag to execveat(2)	Script execution control (was O_MAYEXEC)	- - -	---	2024-07-04	Mickaël Salaün		Under Review
[v4,3/3] tpm: Address !chip->auth in tpm_buf_append_hmac_session*()	Address !chip->auth	- - 1	---	2024-07-04	Jarkko Sakkinen		Handled Elsewhere
[v4,2/3] tpm: Address !chip->auth in tpm_buf_append_name()	Address !chip->auth	- - 1	---	2024-07-04	Jarkko Sakkinen		Handled Elsewhere
[v4,1/3] tpm: Address !chip->auth in tpm2_*_auth_session()	Address !chip->auth	- - 1	---	2024-07-04	Jarkko Sakkinen		Handled Elsewhere
[v2] dm verity: add support for signature verification with platform keyring	[v2] dm verity: add support for signature verification with platform keyring	- - -	---	2024-07-04	Luca Boccassi		New
[v3,3/3] tpm: Address !chip->auth in tpm_buf_append_hmac_session*()	Address !chip->auth	- - -	---	2024-07-04	Jarkko Sakkinen		Handled Elsewhere
[v3,2/3] tpm: Address !chip->auth in tpm_buf_append_name()	Address !chip->auth	- - -	---	2024-07-04	Jarkko Sakkinen		Handled Elsewhere
[v3,1/3] tpm: Address !chip->auth in tpm2_*_auth_session()	Address !chip->auth	- - -	---	2024-07-04	Jarkko Sakkinen		Handled Elsewhere
selinux,smack: remove the capability checks in the removexattr hooks	selinux,smack: remove the capability checks in the removexattr hooks	1 - -	---	2024-07-03	Paul Moore	pcmoore	Accepted
dm-verity: fix dm_is_verity_target() when dm-verity is builtin	dm-verity: fix dm_is_verity_target() when dm-verity is builtin	- 1 -	---	2024-07-03	Eric Biggers		Handled Elsewhere
[v2,3/3] tpm: Address !chip->auth in tpm_buf_append_hmac_session*()	Address !chip->auth	- - -	---	2024-07-03	Jarkko Sakkinen		Handled Elsewhere
[v2,2/3] tpm: Address !chip->auth in tpm_buf_append_name()	Address !chip->auth	- - -	---	2024-07-03	Jarkko Sakkinen		Handled Elsewhere
[v2,1/3] tpm: Address !chip->auth in tpm2_*_auth_session()	Address !chip->auth	- - -	---	2024-07-03	Jarkko Sakkinen		Handled Elsewhere
[3/3] tpm: Address !chip->auth in tpm_buf_append_hmac_session*()	Address !chip->auth	- - -	---	2024-07-03	Jarkko Sakkinen		Handled Elsewhere
[2/3] tpm: Address !chip->auth in tpm_buf_append_name()	Address !chip->auth	- - -	---	2024-07-03	Jarkko Sakkinen		Handled Elsewhere
[1/3] tpm: Address !chip->auth in tpm2_*_auth_session()	Address !chip->auth	- - -	---	2024-07-03	Jarkko Sakkinen		Handled Elsewhere
[2/2] KEYS: trusted: dcp: fix leak of blob encryption key	[1/2] KEYS: trusted: fix DCP blob payload length assignment	- - -	---	2024-07-03	David Gstir		Handled Elsewhere
[1/2] KEYS: trusted: fix DCP blob payload length assignment	[1/2] KEYS: trusted: fix DCP blob payload length assignment	- - -	---	2024-07-03	David Gstir		Handled Elsewhere
tpm: Limit TCG_TPM2_HMAC to known good drivers	tpm: Limit TCG_TPM2_HMAC to known good drivers	- - -	---	2024-07-03	Jarkko Sakkinen		Handled Elsewhere
tpm: Check non-nullity of chip->auth	tpm: Check non-nullity of chip->auth	- 1 -	---	2024-07-01	Jarkko Sakkinen		Handled Elsewhere
[RFC] integrity: wait for completion of i2c initialization using late_initcall_sync()	[RFC] integrity: wait for completion of i2c initialization using late_initcall_sync()	- - -	---	2024-07-01	Romain Naour		Handled Elsewhere
[v13,5/5] bpf: Only enable BPF LSM hooks when an LSM program is attached	Reduce overhead of LSMs with static calls	1 1 -	---	2024-06-29	KP Singh	pcmoore	Changes Requested
[v13,4/5] security: Update non standard hooks to use static calls	Reduce overhead of LSMs with static calls	- 2 -	---	2024-06-29	KP Singh	pcmoore	Changes Requested
[v13,3/5] security: Replace indirect LSM hook calls with static calls	Reduce overhead of LSMs with static calls	2 2 -	---	2024-06-29	KP Singh	pcmoore	Changes Requested
[v13,2/5] security: Count the LSMs enabled at compile time	Reduce overhead of LSMs with static calls	2 2 -	---	2024-06-29	KP Singh	pcmoore	Changes Requested
[v13,1/5] kernel: Add helper macros for loop unrolling	Reduce overhead of LSMs with static calls	2 2 -	---	2024-06-29	KP Singh	pcmoore	Changes Requested
[v4,11/11] drm: Replace strcpy() with __get_task_comm()	Improve the copy of task comm	1 - -	---	2024-06-28	Yafang Shao		Handled Elsewhere
[v4,10/11] net: Replace strcpy() with __get_task_comm()	Improve the copy of task comm	- - -	---	2024-06-28	Yafang Shao		Handled Elsewhere
[v4,09/11] tracing: Replace strncpy() with __get_task_comm()	Improve the copy of task comm	1 - -	---	2024-06-28	Yafang Shao		Handled Elsewhere
[v4,08/11] tsacct: Replace strncpy() with __get_task_comm()	Improve the copy of task comm	- - -	---	2024-06-28	Yafang Shao		Handled Elsewhere
[v4,07/11] mm/kmemleak: Replace strncpy() with __get_task_comm()	Improve the copy of task comm	1 - -	---	2024-06-28	Yafang Shao		Handled Elsewhere
[v4,06/11] mm/util: Deduplicate code in {kstrdup,kstrndup,kmemdup_nul}	Improve the copy of task comm	- - -	---	2024-06-28	Yafang Shao		Handled Elsewhere
[v4,05/11] mm/util: Fix possible race condition in kstrdup()	Improve the copy of task comm	- - -	---	2024-06-28	Yafang Shao		Handled Elsewhere
[v4,04/11] bpftool: Ensure task comm is always NUL-terminated	Improve the copy of task comm	- 1 -	---	2024-06-28	Yafang Shao		Handled Elsewhere
[v4,03/11] security: Replace memcpy() with __get_task_comm()	Improve the copy of task comm	1 - -	---	2024-06-28	Yafang Shao		Handled Elsewhere
[v4,02/11] auditsc: Replace memcpy() with __get_task_comm()	Improve the copy of task comm	1 - -	---	2024-06-28	Yafang Shao		Handled Elsewhere
[v4,01/11] fs/exec: Drop task_lock() inside __get_task_comm()	Improve the copy of task comm	- - -	---	2024-06-28	Yafang Shao		Handled Elsewhere
[v1] landlock: Abstract unix socket restriction tests	[v1] landlock: Abstract unix socket restriction tests	- - -	---	2024-06-27	Tahera Fahimi		Handled Elsewhere
[v6] landlock: Add abstract unix socket connect restriction	[v6] landlock: Add abstract unix socket connect restriction	- - -	---	2024-06-27	Tahera Fahimi		Handled Elsewhere
[v3,11/11] drm: Replace strcpy() with __get_task_comm()	Improve the copy of task comm	1 - -	---	2024-06-21	Yafang Shao		Handled Elsewhere
[v3,10/11] net: Replace strcpy() with __get_task_comm()	Improve the copy of task comm	- - -	---	2024-06-21	Yafang Shao		Handled Elsewhere
[v3,09/11] tracing: Replace strncpy() with __get_task_comm()	Improve the copy of task comm	1 - -	---	2024-06-21	Yafang Shao		Handled Elsewhere
[v3,08/11] tsacct: Replace strncpy() with __get_task_comm()	Improve the copy of task comm	- - -	---	2024-06-21	Yafang Shao		Handled Elsewhere
[v3,07/11] mm/kmemleak: Replace strncpy() with __get_task_comm()	Improve the copy of task comm	1 - -	---	2024-06-21	Yafang Shao		Handled Elsewhere
[v3,06/11] mm/util: Deduplicate code in {kstrdup,kstrndup,kmemdup_nul}	Improve the copy of task comm	- - -	---	2024-06-21	Yafang Shao		Handled Elsewhere
[v3,05/11] mm/util: Fix possible race condition in kstrdup()	Improve the copy of task comm	- - -	---	2024-06-21	Yafang Shao		Handled Elsewhere
[v3,04/11] bpftool: Ensure task comm is always NUL-terminated	Improve the copy of task comm	- 1 -	---	2024-06-21	Yafang Shao		Handled Elsewhere
[v3,03/11] security: Replace memcpy() with __get_task_comm()	Improve the copy of task comm	1 - -	---	2024-06-21	Yafang Shao		Handled Elsewhere
[v3,02/11] auditsc: Replace memcpy() with __get_task_comm()	Improve the copy of task comm	1 - -	---	2024-06-21	Yafang Shao		Handled Elsewhere
[v3,01/11] fs/exec: Drop task_lock() inside __get_task_comm()	Improve the copy of task comm	- - -	---	2024-06-21	Yafang Shao		Handled Elsewhere
[v5] landlock: Add abstract unix socket connect restriction	[v5] landlock: Add abstract unix socket connect restriction	- - -	---	2024-06-20	Tahera Fahimi		Handled Elsewhere
[v2] apparmor: try to avoid refing the label in apparmor_file_open	[v2] apparmor: try to avoid refing the label in apparmor_file_open	- 1 -	---	2024-06-20	Mateusz Guzik		Handled Elsewhere
apparmor: try to avoid refing the label in apparmor_file_open	apparmor: try to avoid refing the label in apparmor_file_open	- - -	---	2024-06-20	Mateusz Guzik		Handled Elsewhere
[v4] landlock: Add abstract unix socket connect restriction	[v4] landlock: Add abstract unix socket connect restriction	- - -	---	2024-06-19	Tahera Fahimi		Handled Elsewhere
bpf: add security_file_post_open() LSM hook to sleepable_lsm_hooks	bpf: add security_file_post_open() LSM hook to sleepable_lsm_hooks	- - -	---	2024-06-18	Matt Bobrowski	pcmoore	Handled Elsewhere
[GIT,PULL] lsm/lsm-pr-20240617	[GIT,PULL] lsm/lsm-pr-20240617	- - -	---	2024-06-17	Paul Moore	pcmoore	Accepted
[v2] smack: unix sockets: fix accept()ed socket label	[v2] smack: unix sockets: fix accept()ed socket label	- - -	---	2024-06-16	Konstantin Andreev		Handled Elsewhere
smack: unix sockets: fix accept()ed socket label	smack: unix sockets: fix accept()ed socket label	- - -	---	2024-06-16	Konstantin Andreev		Handled Elsewhere
[v1] perf trace: Augment enum syscall arguments with BTF	[v1] perf trace: Augment enum syscall arguments with BTF	- 1 1	---	2024-06-15	Howard Chu		Handled Elsewhere
linux++: delete some forward declarations	linux++: delete some forward declarations	- - -	---	2024-06-13	Alexey Dobriyan		Handled Elsewhere
[v6,2/2] proc: restrict /proc/pid/mem	[v6,1/2] proc: pass file instead of inode to proc_mem_open	- 2 1	---	2024-06-13	Adrian Ratiu		Handled Elsewhere
[v6,1/2] proc: pass file instead of inode to proc_mem_open	[v6,1/2] proc: pass file instead of inode to proc_mem_open	- 1 -	---	2024-06-13	Adrian Ratiu		Handled Elsewhere
[v4] perf trace: BTF-based enum pretty printing	[v4] perf trace: BTF-based enum pretty printing	- - -	---	2024-06-13	Howard Chu		Handled Elsewhere
[v2,10/10] drm: Replace strcpy() with __get_task_comm()	Improve the copy of task comm	- - -	---	2024-06-13	Yafang Shao		Handled Elsewhere
[v2,09/10] net: Replace strcpy() with __get_task_comm()	Improve the copy of task comm	- - -	---	2024-06-13	Yafang Shao		Handled Elsewhere
[v2,08/10] tracing: Replace strncpy() with __get_task_comm()	Improve the copy of task comm	- - -	---	2024-06-13	Yafang Shao		Handled Elsewhere

« 1 2 ... 3 4 5 … 163 164 »