Show patches with: Archived = No       |   3644 patches
« 1 2 ... 5 6 736 37 »
Patch Series A/R/T S/W/F Date Submitter Delegate State
[RFC,5/8] ima: Record IMA verification result of digest lists in digest cache ima: Integrate with digest_cache LSM - - - --- 2024-02-14 Roberto Sassu Handled Elsewhere
[RFC,4/8] ima: Add digest_cache_measure and digest_cache_appraise boot-time policies ima: Integrate with digest_cache LSM - - - --- 2024-02-14 Roberto Sassu Handled Elsewhere
[RFC,3/8] ima: Add digest_cache policy keyword ima: Integrate with digest_cache LSM - - - --- 2024-02-14 Roberto Sassu Handled Elsewhere
[RFC,2/8] ima: Nest iint mutex for DIGEST_LIST_CHECK hook ima: Integrate with digest_cache LSM - - - --- 2024-02-14 Roberto Sassu Handled Elsewhere
[RFC,1/8] ima: Introduce hook DIGEST_LIST_CHECK ima: Integrate with digest_cache LSM - - - --- 2024-02-14 Roberto Sassu Handled Elsewhere
[GIT,PULL] Landlock fixes for v6.8-rc5 [GIT,PULL] Landlock fixes for v6.8-rc5 - - - --- 2024-02-14 Mickaël Salaün Handled Elsewhere
[v9,8/8] landlock: Document IOCTL support Landlock: IOCTL support - - - --- 2024-02-09 Günther Noack Handled Elsewhere
[v9,7/8] samples/landlock: Add support for LANDLOCK_ACCESS_FS_IOCTL Landlock: IOCTL support - - - --- 2024-02-09 Günther Noack Handled Elsewhere
[v9,6/8] selftests/landlock: Check IOCTL restrictions for named UNIX domain sockets Landlock: IOCTL support - - - --- 2024-02-09 Günther Noack Handled Elsewhere
[v9,5/8] selftests/landlock: Test IOCTLs on named pipes Landlock: IOCTL support - - - --- 2024-02-09 Günther Noack Handled Elsewhere
[v9,4/8] selftests/landlock: Test ioctl(2) and ftruncate(2) with open(O_PATH) Landlock: IOCTL support - - - --- 2024-02-09 Günther Noack Handled Elsewhere
[v9,3/8] selftests/landlock: Test IOCTL with memfds Landlock: IOCTL support - - - --- 2024-02-09 Günther Noack Handled Elsewhere
[v9,2/8] selftests/landlock: Test IOCTL support Landlock: IOCTL support - - - --- 2024-02-09 Günther Noack Handled Elsewhere
[v9,1/8] landlock: Add IOCTL access right Landlock: IOCTL support - - - --- 2024-02-09 Günther Noack Handled Elsewhere
[v3,13/13] docs: Add documentation of the digest_cache LSM security: digest_cache LSM - - - --- 2024-02-09 Roberto Sassu pcmoore New
[v3,12/13] selftests/digest_cache: Add selftests for digest_cache LSM security: digest_cache LSM - - - --- 2024-02-09 Roberto Sassu pcmoore New
[v3,11/13] digest_cache: Reset digest cache on file/directory change security: digest_cache LSM - - - --- 2024-02-09 Roberto Sassu pcmoore New
[v3,10/13] digest cache: Prefetch digest lists if requested security: digest_cache LSM - - - --- 2024-02-09 Roberto Sassu pcmoore New
[v3,09/13] digest_cache: Add support for directories security: digest_cache LSM - - - --- 2024-02-09 Roberto Sassu pcmoore New
[v3,08/13] digest_cache: Add management of verification data security: digest_cache LSM - - - --- 2024-02-09 Roberto Sassu pcmoore New
[v3,07/13] digest_cache: Parse rpm digest lists security: digest_cache LSM - - - --- 2024-02-09 Roberto Sassu pcmoore New
[v3,06/13] digest_cache: Parse tlv digest lists security: digest_cache LSM - - - --- 2024-02-09 Roberto Sassu pcmoore New
[v3,05/13] digest_cache: Populate the digest cache from a digest list security: digest_cache LSM - - - --- 2024-02-09 Roberto Sassu pcmoore New
[v3,04/13] digest_cache: Add hash tables and operations security: digest_cache LSM - - - --- 2024-02-09 Roberto Sassu pcmoore New
[v3,03/13] digest_cache: Add securityfs interface security: digest_cache LSM - - - --- 2024-02-09 Roberto Sassu pcmoore New
[v3,02/13] security: Introduce the digest_cache LSM security: digest_cache LSM - - - --- 2024-02-09 Roberto Sassu pcmoore New
[v3,01/13] lib: Add TLV parser security: digest_cache LSM - - - --- 2024-02-09 Roberto Sassu pcmoore New
[v9,4/4] bpf: Only enable BPF LSM hooks when an LSM program is attached Reduce overhead of LSMs with static calls 3 2 - --- 2024-02-07 KP Singh pcmoore Changes Requested
[v9,3/4] security: Replace indirect LSM hook calls with static calls Reduce overhead of LSMs with static calls 2 2 - --- 2024-02-07 KP Singh pcmoore Changes Requested
[v9,2/4] security: Count the LSMs enabled at compile time Reduce overhead of LSMs with static calls 2 1 - --- 2024-02-07 KP Singh pcmoore Changes Requested
[v9,1/4] kernel: Add helper macros for loop unrolling Reduce overhead of LSMs with static calls 2 2 - --- 2024-02-07 KP Singh pcmoore Changes Requested
[v3,3/3] fs/exec: remove current->in_execve flag fs/exec: remove current->in_execve flag 1 - - --- 2024-02-06 Tetsuo Handa pcmoore Under Review
[v3,2/3] tomoyo: replace current->in_execve flag with security_execve_abort() hook fs/exec: remove current->in_execve flag 1 - - --- 2024-02-06 Tetsuo Handa pcmoore Under Review
[v3,1/3] LSM: add security_execve_abort() hook fs/exec: remove current->in_execve flag 1 - - --- 2024-02-06 Tetsuo Handa pcmoore Under Review
[5.4,4.19] lsm: new security_file_ioctl_compat() hook [5.4,4.19] lsm: new security_file_ioctl_compat() hook - 1 - --- 2024-02-06 Eric Biggers pcmoore Handled Elsewhere
[v2,9/9] ima: Record i_version of real_inode for change detection evm: Support signatures on stacked filesystem - - - --- 2024-02-05 Stefan Berger Handled Elsewhere
[v2,8/9] evm: Rename is_unsupported_fs to is_unsupported_hmac_fs evm: Support signatures on stacked filesystem - - - --- 2024-02-05 Stefan Berger Handled Elsewhere
[v2,7/9] fs: Rename SB_I_EVM_UNSUPPORTED to SB_I_EVM_HMAC_UNSUPPORTED evm: Support signatures on stacked filesystem 1 - - --- 2024-02-05 Stefan Berger Handled Elsewhere
[v2,6/9] evm: Enforce signatures on unsupported filesystem for EVM_INIT_X509 evm: Support signatures on stacked filesystem - - - --- 2024-02-05 Stefan Berger Handled Elsewhere
[v2,5/9] evm: Use the inode holding the metadata to calculate metadata hash evm: Support signatures on stacked filesystem 1 - - --- 2024-02-05 Stefan Berger Handled Elsewhere
[v2,4/9] ima: Reset EVM status upon detecting changes to the real file evm: Support signatures on stacked filesystem - - - --- 2024-02-05 Stefan Berger Handled Elsewhere
[v2,3/9] evm: Implement per signature type decision in security_inode_copy_up_xattr evm: Support signatures on stacked filesystem - - - --- 2024-02-05 Stefan Berger Handled Elsewhere
[v2,2/9] security: allow finer granularity in permitting copy-up of security xattrs evm: Support signatures on stacked filesystem 2 - - --- 2024-02-05 Stefan Berger Handled Elsewhere
[v2,1/9] ima: Rename backing_inode to real_inode evm: Support signatures on stacked filesystem 1 - - --- 2024-02-05 Stefan Berger Handled Elsewhere
[v2,1/1] netlabel: cleanup struct netlbl_lsm_catmap [v2,1/1] netlabel: cleanup struct netlbl_lsm_catmap 1 - - --- 2024-02-04 George Guo pcmoore Handled Elsewhere
[v2,3/3] fs/exec: remove current->in_execve flag fs/exec: remove current->in_execve flag - 1 - --- 2024-02-03 Tetsuo Handa pcmoore Superseded
[v2,2/3] tomoyo: replace current->in_execve flag with security_execve_abort() hook fs/exec: remove current->in_execve flag - 1 - --- 2024-02-03 Tetsuo Handa pcmoore Superseded
[v2,1/3] LSM: add security_execve_abort() hook fs/exec: remove current->in_execve flag - 1 - --- 2024-02-03 Tetsuo Handa pcmoore Superseded
[1/1] Modify macro NETLBL_CATMAP_MAPTYPE to define a type using typedef [1/1] Modify macro NETLBL_CATMAP_MAPTYPE to define a type using typedef - - - --- 2024-02-02 George Guo pcmoore Handled Elsewhere
apparmor: use kvfree_sensitive to free data->data apparmor: use kvfree_sensitive to free data->data - - - --- 2024-02-01 Fedor Pchelkin Handled Elsewhere
[bpf-next] bpf: add security_file_mprotect() to sleepable_lsm_hooks BTF set [bpf-next] bpf: add security_file_mprotect() to sleepable_lsm_hooks BTF set - - - --- 2024-02-01 Matt Bobrowski Handled Elsewhere
[bpf-next] bpf: minor clean-up to sleepable_lsm_hooks BTF set [bpf-next] bpf: minor clean-up to sleepable_lsm_hooks BTF set - - - --- 2024-02-01 Matt Bobrowski Handled Elsewhere
[GIT,PULL] lsm/lsm-pr-20240131 [GIT,PULL] lsm/lsm-pr-20240131 - - - --- 2024-01-31 Paul Moore pcmoore Accepted
[RFC,v12,20/20] documentation: add ipe documentation Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,19/20] ipe: kunit test for parser Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,18/20] scripts: add boot policy generation program Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,17/20] ipe: enable support for fs-verity as a trust provider Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,16/20] fsverity: consume builtin signature via LSM hook Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,15/20] ipe: add support for dm-verity as a trust provider Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,14/20] dm verity: consume root hash digest and signature data via LSM hook Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,13/20] dm: add finalize hook to target_type Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,12/20] dm verity: set DM_TARGET_SINGLETON feature flag Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,11/20] block|security: add LSM blob to block_device Integrity Policy Enforcement LSM (IPE) - 1 - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,10/20] ipe: add permissive toggle Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,09/20] uapi|audit|ipe: add ipe auditing support Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,08/20] ipe: add userspace interface Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,07/20] security: add new securityfs delete function Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,06/20] ipe: introduce 'boot_verified' as a trust provider Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,05/20] initramfs|security: Add security hook to initramfs unpack Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,04/20] ipe: add LSM hooks on execution and kernel read Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,03/20] ipe: add evaluation loop Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,02/20] ipe: add policy parser Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[RFC,v12,01/20] security: add ipe lsm Integrity Policy Enforcement LSM (IPE) - - - --- 2024-01-30 Fan Wu pcmoore Changes Requested
[5/5] evm: Enforce signatures on unsupported filesystem for EVM_INIT_X509 evm: Support signatures on stacked filesystem - - - --- 2024-01-30 Stefan Berger pcmoore Superseded
[4/5] evm: Use the real inode's metadata to calculate metadata hash evm: Support signatures on stacked filesystem - - - --- 2024-01-30 Stefan Berger pcmoore Superseded
[3/5] ima: Reset EVM status upon detecting changes to overlay backing file evm: Support signatures on stacked filesystem - - - --- 2024-01-30 Stefan Berger pcmoore Superseded
[2/5] evm: Implement per signature type decision in security_inode_copy_up_xattr evm: Support signatures on stacked filesystem - - - --- 2024-01-30 Stefan Berger pcmoore Superseded
[1/5] security: allow finer granularity in permitting copy-up of security xattrs evm: Support signatures on stacked filesystem - - - --- 2024-01-30 Stefan Berger pcmoore Superseded
security: use default hook return value in call_int_hook() security: use default hook return value in call_int_hook() - 1 - --- 2024-01-30 Ondrej Mosnacek pcmoore Accepted
security: fix no-op hook logic in security_inode_{set,remove}xattr() security: fix no-op hook logic in security_inode_{set,remove}xattr() - - - --- 2024-01-29 Ondrej Mosnacek pcmoore Under Review
mm: init_mlocked_on_free_v2 mm: init_mlocked_on_free_v2 - - - --- 2024-01-29 York Jasper Niebuhr pcmoore Handled Elsewhere
[3/3] fs/exec: remove current->in_execve flag fs/exec: remove current->in_execve flag - - - --- 2024-01-28 Tetsuo Handa pcmoore Superseded
[2/3] tomoyo: replace current->in_execve flag with security_bprm_aborting_creds() hook fs/exec: remove current->in_execve flag - - - --- 2024-01-28 Tetsuo Handa pcmoore Superseded
[1/3] LSM: add security_bprm_aborting_creds() hook fs/exec: remove current->in_execve flag - - - --- 2024-01-28 Tetsuo Handa pcmoore Superseded
lsm: fix default return value of the socket_getpeersec_* hooks lsm: fix default return value of the socket_getpeersec_* hooks - - - --- 2024-01-26 Ondrej Mosnacek pcmoore Accepted
security: fix the logic in security_inode_getsecctx() security: fix the logic in security_inode_getsecctx() - 1 - --- 2024-01-26 Ondrej Mosnacek pcmoore Accepted
[v1,2/2] selftests/landlock: Clean up error logs related to capabilities Fix Landlock's net_test for non-root users - - - --- 2024-01-25 Mickaël Salaün Handled Elsewhere
[v1,1/2] selftests/landlock: Fix capability for net_test Fix Landlock's net_test for non-root users - - - --- 2024-01-25 Mickaël Salaün Handled Elsewhere
exec: Check __FMODE_EXEC instead of in_execve for LSMs exec: Check __FMODE_EXEC instead of in_execve for LSMs - - 1 --- 2024-01-24 Kees Cook pcmoore Handled Elsewhere
selftests/landlock:Fix fs_test build issues with old libc selftests/landlock:Fix fs_test build issues with old libc - 1 - --- 2024-01-24 Hu Yadi Handled Elsewhere
[v2,bpf-next,30/30] selftests/bpf: incorporate LSM policy to token-based tests BPF token - - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,29/30] selftests/bpf: add tests for LIBBPF_BPF_TOKEN_PATH envvar BPF token - - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,28/30] libbpf: support BPF token path setting through LIBBPF_BPF_TOKEN_PATH envvar BPF token - - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,27/30] selftests/bpf: add tests for BPF object load with implicit token BPF token 1 - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,26/30] selftests/bpf: add BPF object loading tests with explicit token passing BPF token 1 - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,25/30] libbpf: wire up BPF token support at BPF object level BPF token - - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,24/30] libbpf: wire up token_fd into feature probing logic BPF token 1 - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,23/30] libbpf: move feature detection code into its own file BPF token 1 - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,22/30] libbpf: further decouple feature checking logic from bpf_object BPF token 1 - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
[v2,bpf-next,21/30] libbpf: split feature detectors definitions from cached results BPF token 1 - - --- 2024-01-24 Andrii Nakryiko pcmoore Handled Elsewhere
« 1 2 ... 5 6 736 37 »