Show patches with: Archived = No       |   1235 patches
« 1 2 3 412 13 »
Patch Series A/R/T S/W/F Date Submitter Delegate State
[25/35] Documentation: security: correct spelling Documentation: correct lots of spelling errors (series 1) - 1 - --- 2023-01-27 Randy Dunlap New
[ima-evm-utils] Add tests for MMAP_CHECK and MMAP_CHECK_REQPROT hooks [ima-evm-utils] Add tests for MMAP_CHECK and MMAP_CHECK_REQPROT hooks - - - --- 2023-01-26 Roberto Sassu New
[v3,2/2] ima: Introduce MMAP_CHECK_REQPROT hook [v3,1/2] ima: Align ima_file_mmap() parameters with mmap_file LSM hook - - - --- 2023-01-26 Roberto Sassu New
[v3,1/2] ima: Align ima_file_mmap() parameters with mmap_file LSM hook [v3,1/2] ima: Align ima_file_mmap() parameters with mmap_file LSM hook - 1 - --- 2023-01-26 Roberto Sassu New
[v3,2/2] vfs: avoid duplicating creds in faccessat if possible [v3,1/2] capability: add cap_isidentical - - - --- 2023-01-25 Mateusz Guzik New
[v3,1/2] capability: add cap_isidentical [v3,1/2] capability: add cap_isidentical - 1 - --- 2023-01-25 Mateusz Guzik New
smackfs: Added check catlen smackfs: Added check catlen - - - --- 2023-01-24 Denis Arefev New
[bpf-next,4/4] bpf: Only enable BPF LSM hooks when an LSM program is attached Reduce overhead of LSMs with static calls - - - --- 2023-01-19 KP Singh Superseded
[bpf-next,3/4] security: Replace indirect LSM hook calls with static calls Reduce overhead of LSMs with static calls - - - --- 2023-01-19 KP Singh Superseded
[bpf-next,2/4] security: Generate a header with the count of enabled LSMs Reduce overhead of LSMs with static calls - - - --- 2023-01-19 KP Singh Superseded
[bpf-next,1/4] kernel: Add helper macros for loop unrolling Reduce overhead of LSMs with static calls - - - --- 2023-01-19 KP Singh Superseded
[V2] bpf: security enhancement by limiting the offensive eBPF helpers [V2] bpf: security enhancement by limiting the offensive eBPF helpers - - - --- 2023-01-19 Yi He Handled Elsewhere
[V2] bpf: security enhancement by limiting the offensive eBPF helpers [V2] bpf: security enhancement by limiting the offensive eBPF helpers - - - --- 2023-01-18 Yi He Handled Elsewhere
[v9,12/12] landlock: Document Landlock's network support Network support for Landlock - - - --- 2023-01-16 Konstantin Meskhidze (A) Handled Elsewhere
[v9,11/12] samples/landlock: Add network demo Network support for Landlock - - - --- 2023-01-16 Konstantin Meskhidze (A) Handled Elsewhere
[v9,10/12] selftests/landlock: Add 10 new test suites dedicated to network Network support for Landlock - - - --- 2023-01-16 Konstantin Meskhidze (A) Handled Elsewhere
[v9,09/12] selftests/landlock: Share enforce_ruleset() Network support for Landlock - - - --- 2023-01-16 Konstantin Meskhidze (A) Handled Elsewhere
[v9,08/12] landlock: Add network rules and TCP hooks support Network support for Landlock - - - --- 2023-01-16 Konstantin Meskhidze (A) Handled Elsewhere
[v9,07/12] landlock: Refactor landlock_add_rule() syscall Network support for Landlock - - - --- 2023-01-16 Konstantin Meskhidze (A) Handled Elsewhere
[v9,06/12] landlock: Refactor _unmask_layers() and _init_layer_masks() Network support for Landlock - - - --- 2023-01-16 Konstantin Meskhidze (A) Handled Elsewhere
[v9,05/12] landlock: Move and rename umask_layers() and init_layer_masks() Network support for Landlock - - - --- 2023-01-16 Konstantin Meskhidze (A) Handled Elsewhere
[v9,04/12] landlock: Refactor merge/inherit_ruleset functions Network support for Landlock - - - --- 2023-01-16 Konstantin Meskhidze (A) Handled Elsewhere
[v9,03/12] landlock: Refactor landlock_find_rule/insert_rule Network support for Landlock - - - --- 2023-01-16 Konstantin Meskhidze (A) Handled Elsewhere
[v9,02/12] landlock: Allow filesystem layout changes for domains without such rule type Network support for Landlock - - - --- 2023-01-16 Konstantin Meskhidze (A) Handled Elsewhere
[v9,01/12] landlock: Make ruleset's access masks more generic Network support for Landlock - - - --- 2023-01-16 Konstantin Meskhidze (A) Handled Elsewhere
apparmor: make aa_set_current_onexec return void apparmor: make aa_set_current_onexec return void 1 - - --- 2023-01-14 Quanfa Fu Handled Elsewhere
[v6,1/1] selftests/landlock: skip ptrace_test according to YAMA selftests/landlock: fix ptrace_test - - - --- 2023-01-14 Jeff Xu Handled Elsewhere
selftests/landlock: Improve ptrace_test with Yama selftests/landlock: Improve ptrace_test with Yama - - - --- 2023-01-13 Mickaël Salaün Handled Elsewhere
[v8,1/1] selftests/landlock: skip overlayfs test when not support selftests/landlock: fix fs_tests when overlayfs - 1 - --- 2023-01-13 Jeff Xu Handled Elsewhere
[v5,1/1] selftests/landlock: skip ptrace_test according to YAMA selftests/landlock: fix ptrace_test - - - --- 2023-01-13 Jeff Xu Handled Elsewhere
[rcu,v2,19/20] tomoyo: Remove "select SRCU" Untitled series #711523 - - - --- 2023-01-13 Paul E. McKenney Handled Elsewhere
[5.10,550/783] LoadPin: Ignore the "contents" argument of the LSM hooks Untitled series #711354 1 - 1 --- 2023-01-12 Greg KH Handled Elsewhere
[v4] kernel/watch_queue: NULL the dangling *pipe, and use it for clear check [v4] kernel/watch_queue: NULL the dangling *pipe, and use it for clear check - - - --- 2023-01-11 Siddh Raman Pant Handled Elsewhere
[RESEND,v6,3/3] certs: don't try to update blacklist keys certs: Prevent spurious errors on repeated blacklisting - 1 1 --- 2023-01-09 Thomas Weißschuh Handled Elsewhere
[RESEND,v6,2/3] KEYS: Add new function key_create() certs: Prevent spurious errors on repeated blacklisting - - - --- 2023-01-09 Thomas Weißschuh Handled Elsewhere
[RESEND,v6,1/3] certs: make blacklisted hash available in klog certs: Prevent spurious errors on repeated blacklisting - 1 - --- 2023-01-09 Thomas Weißschuh Handled Elsewhere
tomoyo: remove a temporary output file tomoyo: remove a temporary output file - - - --- 2023-01-09 Masahiro Yamada Handled Elsewhere
[v3,2/2] kernel/watch_queue: NULL the dangling *pipe, and use it for clear check watch_queue: Clean up some code - - - --- 2023-01-08 Siddh Raman Pant Handled Elsewhere
[v3,1/2] include/linux/watch_queue: Improve documentation watch_queue: Clean up some code - - - --- 2023-01-08 Siddh Raman Pant Handled Elsewhere
[3/3] tomoyo: Omit use of bin2c [1/3] tomoyo: fix broken dependency on *.conf.default - - - --- 2023-01-07 Masahiro Yamada Handled Elsewhere
[2/3] tomoyo: avoid unneeded creation of builtin-policy.h [1/3] tomoyo: fix broken dependency on *.conf.default - - - --- 2023-01-07 Masahiro Yamada Handled Elsewhere
[1/3] tomoyo: fix broken dependency on *.conf.default [1/3] tomoyo: fix broken dependency on *.conf.default - - - --- 2023-01-07 Masahiro Yamada Handled Elsewhere
[v4,1/1] selftests/landlock: skip ptrace_test according to YAMA selftests/landlock: Fix selftest ptrace_test - - - --- 2023-01-03 Jeff Xu Handled Elsewhere
KEYS: trusted: tpm2: use correct function name in kernel-doc KEYS: trusted: tpm2: use correct function name in kernel-doc - 1 - --- 2023-01-02 Randy Dunlap Handled Elsewhere
ima: fix ima_delete_rules() kernel-doc warning ima: fix ima_delete_rules() kernel-doc warning - 1 - --- 2023-01-02 Randy Dunlap Handled Elsewhere
apparmor: fix kernel-doc complaints apparmor: fix kernel-doc complaints 1 - - --- 2023-01-02 Randy Dunlap Handled Elsewhere
[v7,1/1] selftests/landlock: skip overlayfs test when kernel not support it selftests/landlock: fix test when overlayfs is - 1 - --- 2022-12-29 Jeff Xu Handled Elsewhere
[v6,1/1] selftests/landlock: skip overlayfs test when kernel not support it selftests/landlock: fix test when overlayfs is - - - --- 2022-12-29 Jeff Xu Handled Elsewhere
[6.1,1079/1146] LoadPin: Ignore the "contents" argument of the LSM hooks Untitled series #707379 1 - 1 --- 2022-12-28 Greg KH Handled Elsewhere
[5.15,697/731] LoadPin: Ignore the "contents" argument of the LSM hooks Untitled series #707359 1 - 1 --- 2022-12-28 Greg KH Handled Elsewhere
[6.0,1012/1073] LoadPin: Ignore the "contents" argument of the LSM hooks Untitled series #707375 1 - 1 --- 2022-12-28 Greg KH Handled Elsewhere
[-next] evm: Use __vfs_setxattr() to update security.evm [-next] evm: Use __vfs_setxattr() to update security.evm - - - --- 2022-12-28 Xiu Jianfeng Handled Elsewhere
[v5,2/2] KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() - 1 - --- 2022-12-27 Roberto Sassu Handled Elsewhere
[v5,1/2] lib/mpi: Fix buffer overrun when SG is too long KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() - 1 - --- 2022-12-27 Roberto Sassu Handled Elsewhere
[v3,1/1] selftests/landlock: skip ptrace_test according to YAMA selftests/landlock: Fix selftest ptrace_test run fail - - - --- 2022-12-27 Jeff Xu Handled Elsewhere
[v4,2/2] KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() [v4,1/2] lib/mpi: Fix buffer overrun when SG is too long - - - --- 2022-12-27 Roberto Sassu Handled Elsewhere
[v4,1/2] lib/mpi: Fix buffer overrun when SG is too long [v4,1/2] lib/mpi: Fix buffer overrun when SG is too long - - - --- 2022-12-27 Roberto Sassu Handled Elsewhere
[-next] evm: Support small xattr in dump_security_xattr() [-next] evm: Support small xattr in dump_security_xattr() - - - --- 2022-12-26 Xiu Jianfeng Handled Elsewhere
[GIT,PULL] kernel hardening fixes for v6.2-rc1 [GIT,PULL] kernel hardening fixes for v6.2-rc1 - - - --- 2022-12-23 Kees Cook Handled Elsewhere
[GIT,PULL] kernel hardening fixes for v6.1-rc1 [GIT,PULL] kernel hardening fixes for v6.1-rc1 - - - --- 2022-12-23 Kees Cook Handled Elsewhere
[v2] mm: new primitive kvmemdup() [v2] mm: new primitive kvmemdup() - - - --- 2022-12-21 Hao Sun Handled Elsewhere
security: Restore passing final prot to ima_file_mmap() security: Restore passing final prot to ima_file_mmap() - - - --- 2022-12-21 Roberto Sassu Superseded
[v3,2/2] KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() [v3,1/2] lib/mpi: Fix buffer overrun when SG is too long - - - --- 2022-12-21 Roberto Sassu Handled Elsewhere
[v3,1/2] lib/mpi: Fix buffer overrun when SG is too long [v3,1/2] lib/mpi: Fix buffer overrun when SG is too long - - - --- 2022-12-21 Roberto Sassu Handled Elsewhere
[v2] lib/mpi: Fix buffer overrun when SG is too long [v2] lib/mpi: Fix buffer overrun when SG is too long - - - --- 2022-12-21 Herbert Xu Handled Elsewhere
lib/mpi: Fix buffer overrun when SG is too long lib/mpi: Fix buffer overrun when SG is too long - - - --- 2022-12-20 Herbert Xu Handled Elsewhere
[RESEND,2/2] selinux: provide matching audit timestamp in the AVC trace event Provide matching audit timestamp in the SELinux AVC trace event - - - --- 2022-12-19 Ondrej Mosnacek Handled Elsewhere
[RESEND,1/2] audit: introduce a struct to represent an audit timestamp Provide matching audit timestamp in the SELinux AVC trace event - - - --- 2022-12-19 Ondrej Mosnacek Handled Elsewhere
[v8,5/5] selftests/memfd: add tests for MFD_NOEXEC_SEAL MFD_EXEC mm/memfd: introduce MFD_NOEXEC_SEAL and MFD_EXEC - 1 - --- 2022-12-15 Jeff Xu Handled Elsewhere
[v8,4/5] mm/memfd: Add write seals when apply SEAL_EXEC to executable memfd mm/memfd: introduce MFD_NOEXEC_SEAL and MFD_EXEC - 1 - --- 2022-12-15 Jeff Xu Handled Elsewhere
[v8,3/5] mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC mm/memfd: introduce MFD_NOEXEC_SEAL and MFD_EXEC - 1 - --- 2022-12-15 Jeff Xu Handled Elsewhere
[v8,2/5] selftests/memfd: add tests for F_SEAL_EXEC mm/memfd: introduce MFD_NOEXEC_SEAL and MFD_EXEC - 1 - --- 2022-12-15 Jeff Xu Handled Elsewhere
[v8,1/5] mm/memfd: add F_SEAL_EXEC mm/memfd: introduce MFD_NOEXEC_SEAL and MFD_EXEC - 1 - --- 2022-12-15 Jeff Xu Handled Elsewhere
[2/2] selinux: Implement mptcp_add_subflow hook lsm: introduce and use security_mptcp_add_subflow() - - - --- 2022-12-14 Paolo Abeni Superseded
[1/2] security, lsm: Introduce security_mptcp_add_subflow() lsm: introduce and use security_mptcp_add_subflow() - - - --- 2022-12-14 Paolo Abeni Superseded
[GIT,PULL] apparmor changes for v6.2 [GIT,PULL] apparmor changes for v6.2 - - - --- 2022-12-14 John Johansen Handled Elsewhere
[v3,10/10] integrity: restrict INTEGRITY_KEYRING_MACHINE to restrict_link_by_ca Add CA enforcement keyring restrictions - - - --- 2022-12-14 Eric Snowberg Handled Elsewhere
[v3,09/10] KEYS: CA link restriction Add CA enforcement keyring restrictions - - - --- 2022-12-14 Eric Snowberg Handled Elsewhere
[v3,08/10] integrity: Use root of trust signature restriction Add CA enforcement keyring restrictions - - - --- 2022-12-14 Eric Snowberg Handled Elsewhere
[v3,07/10] KEYS: X.509: Flag Intermediate CA certs as endorsed Add CA enforcement keyring restrictions - - - --- 2022-12-14 Eric Snowberg Handled Elsewhere
[v3,06/10] KEYS: Introduce keyring restriction that validates ca trust Add CA enforcement keyring restrictions - - - --- 2022-12-14 Eric Snowberg Handled Elsewhere
[v3,05/10] KEYS: Introduce a CA endorsed flag Add CA enforcement keyring restrictions - - - --- 2022-12-14 Eric Snowberg Handled Elsewhere
[v3,04/10] KEYS: X.509: Parse Key Usage Add CA enforcement keyring restrictions - - - --- 2022-12-14 Eric Snowberg Handled Elsewhere
[v3,03/10] KEYS: X.509: Parse Basic Constraints for CA Add CA enforcement keyring restrictions - - - --- 2022-12-14 Eric Snowberg Handled Elsewhere
[v3,02/10] KEYS: Add missing function documentation Add CA enforcement keyring restrictions - 1 - --- 2022-12-14 Eric Snowberg Handled Elsewhere
[v3,01/10] KEYS: Create static version of public_key_verify_signature Add CA enforcement keyring restrictions - 2 - --- 2022-12-14 Eric Snowberg Handled Elsewhere
[v2,1/1] selftests/landlock: skip ptrace_test according to YAMA selftests/landlock: Fix selftest ptrace_test run fail - - - --- 2022-12-13 Jeff Xu Handled Elsewhere
[1/1,RFC] SELINUX: Remove obsolete deferred inode security init list. SELINUX: Remove obsolete deferred inode security - - - --- 2022-12-13 Alexander Kozhevnikov Handled Elsewhere
[GIT,PULL] SELinux patches for v6.2 [GIT,PULL] SELinux patches for v6.2 - - - --- 2022-12-13 Paul Moore Handled Elsewhere
[GIT,PULL] Landlock updates for v6.2 [GIT,PULL] Landlock updates for v6.2 - - - --- 2022-12-12 Mickaël Salaün Handled Elsewhere
[4/4] LoadPin: Allow filesystem switch when not enforcing LoadPin: Allow filesystem switch when not enforcing - - - --- 2022-12-09 Kees Cook Handled Elsewhere
[3/4] LoadPin: Move pin reporting cleanly out of locking LoadPin: Allow filesystem switch when not enforcing - - - --- 2022-12-09 Kees Cook Handled Elsewhere
[2/4] LoadPin: Refactor sysctl initialization LoadPin: Allow filesystem switch when not enforcing - - - --- 2022-12-09 Kees Cook Handled Elsewhere
[1/4] LoadPin: Refactor read-only check into a helper LoadPin: Allow filesystem switch when not enforcing - - - --- 2022-12-09 Kees Cook Handled Elsewhere
[v2] landlock: Explain file descriptor access rights [v2] landlock: Explain file descriptor access rights - 1 - --- 2022-12-09 Mickaël Salaün Handled Elsewhere
[v2] KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() [v2] KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() - - - --- 2022-12-09 Roberto Sassu Handled Elsewhere
KEYS: asymmetric: Make a copy of sig and digest in vmalloced stack KEYS: asymmetric: Make a copy of sig and digest in vmalloced stack - - - --- 2022-12-08 Roberto Sassu Handled Elsewhere
[GIT,PULL] tpmdd updates for tpmdd-next-v6.2-rc1 [GIT,PULL] tpmdd updates for tpmdd-next-v6.2-rc1 - - - --- 2022-12-08 Jarkko Sakkinen Handled Elsewhere
[RFC,v2,7/7] selftests/bpf: Change return value in test_libbpf_get_fd_by_id_opts.c bpf-lsm: Check return values of security modules - - - --- 2022-12-07 Roberto Sassu New
[RFC,v2,6/7] selftests/bpf: Prevent positive ret values in test_lsm and verify_pkcs7_sig bpf-lsm: Check return values of security modules - - - --- 2022-12-07 Roberto Sassu New
« 1 2 3 412 13 »