Show patches with: Archived = No       |   1257 patches
« 1 2 3 412 13 »
Patch Series A/R/T S/W/F Date Submitter Delegate State
[5.15,697/731] LoadPin: Ignore the "contents" argument of the LSM hooks Untitled series #707359 1 - 1 --- 2022-12-28 Greg KH Handled Elsewhere
[6.0,1012/1073] LoadPin: Ignore the "contents" argument of the LSM hooks Untitled series #707375 1 - 1 --- 2022-12-28 Greg KH Handled Elsewhere
[-next] evm: Use __vfs_setxattr() to update security.evm [-next] evm: Use __vfs_setxattr() to update security.evm - - - --- 2022-12-28 xiujianfeng Handled Elsewhere
[v5,2/2] KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() - 1 - --- 2022-12-27 Roberto Sassu Handled Elsewhere
[v5,1/2] lib/mpi: Fix buffer overrun when SG is too long KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() - 1 - --- 2022-12-27 Roberto Sassu Handled Elsewhere
[v3,1/1] selftests/landlock: skip ptrace_test according to YAMA selftests/landlock: Fix selftest ptrace_test run fail - - - --- 2022-12-27 Jeff Xu Handled Elsewhere
[v4,2/2] KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() [v4,1/2] lib/mpi: Fix buffer overrun when SG is too long - - - --- 2022-12-27 Roberto Sassu Handled Elsewhere
[v4,1/2] lib/mpi: Fix buffer overrun when SG is too long [v4,1/2] lib/mpi: Fix buffer overrun when SG is too long - - - --- 2022-12-27 Roberto Sassu Handled Elsewhere
[-next] evm: Support small xattr in dump_security_xattr() [-next] evm: Support small xattr in dump_security_xattr() - - - --- 2022-12-26 xiujianfeng Handled Elsewhere
[GIT,PULL] kernel hardening fixes for v6.2-rc1 [GIT,PULL] kernel hardening fixes for v6.2-rc1 - - - --- 2022-12-23 Kees Cook Handled Elsewhere
[GIT,PULL] kernel hardening fixes for v6.1-rc1 [GIT,PULL] kernel hardening fixes for v6.1-rc1 - - - --- 2022-12-23 Kees Cook Handled Elsewhere
[v2] mm: new primitive kvmemdup() [v2] mm: new primitive kvmemdup() - - - --- 2022-12-21 Hao Sun Handled Elsewhere
[v2] security: Restore passing final prot to ima_file_mmap() [v2] security: Restore passing final prot to ima_file_mmap() - - - --- 2022-12-21 Roberto Sassu pcmoore New
security: Restore passing final prot to ima_file_mmap() security: Restore passing final prot to ima_file_mmap() - - - --- 2022-12-21 Roberto Sassu Superseded
[v3,2/2] KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() [v3,1/2] lib/mpi: Fix buffer overrun when SG is too long - - - --- 2022-12-21 Roberto Sassu Handled Elsewhere
[v3,1/2] lib/mpi: Fix buffer overrun when SG is too long [v3,1/2] lib/mpi: Fix buffer overrun when SG is too long - - - --- 2022-12-21 Roberto Sassu Handled Elsewhere
[v2] lib/mpi: Fix buffer overrun when SG is too long [v2] lib/mpi: Fix buffer overrun when SG is too long - - - --- 2022-12-21 Herbert Xu Handled Elsewhere
lib/mpi: Fix buffer overrun when SG is too long lib/mpi: Fix buffer overrun when SG is too long - - - --- 2022-12-20 Herbert Xu Handled Elsewhere
[RESEND,2/2] selinux: provide matching audit timestamp in the AVC trace event Provide matching audit timestamp in the SELinux AVC trace event - - - --- 2022-12-19 Ondrej Mosnacek Handled Elsewhere
[RESEND,1/2] audit: introduce a struct to represent an audit timestamp Provide matching audit timestamp in the SELinux AVC trace event - - - --- 2022-12-19 Ondrej Mosnacek Handled Elsewhere
[1/2] audit: introduce a struct to represent an audit timestamp Provide matching audit timestamp in the SELinux AVC trace event - - - --- 2022-12-19 Ondrej Mosnacek pcmoore Handled Elsewhere
[v2,2/2] selinux: Implement mptcp_add_subflow hook lsm: introduce and use security_mptcp_add_subflow() - - - --- 2022-12-19 Paolo Abeni pcmoore Changes Requested
[v2,1/2] security, lsm: Introduce security_mptcp_add_subflow() lsm: introduce and use security_mptcp_add_subflow() 1 - - --- 2022-12-19 Paolo Abeni pcmoore Changes Requested
[v8,5/5] selftests/memfd: add tests for MFD_NOEXEC_SEAL MFD_EXEC mm/memfd: introduce MFD_NOEXEC_SEAL and MFD_EXEC - 1 - --- 2022-12-15 Jeff Xu Handled Elsewhere
[v8,4/5] mm/memfd: Add write seals when apply SEAL_EXEC to executable memfd mm/memfd: introduce MFD_NOEXEC_SEAL and MFD_EXEC - 1 - --- 2022-12-15 Jeff Xu Handled Elsewhere
[v8,3/5] mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC mm/memfd: introduce MFD_NOEXEC_SEAL and MFD_EXEC - 1 - --- 2022-12-15 Jeff Xu Handled Elsewhere
[v8,2/5] selftests/memfd: add tests for F_SEAL_EXEC mm/memfd: introduce MFD_NOEXEC_SEAL and MFD_EXEC - 1 - --- 2022-12-15 Jeff Xu Handled Elsewhere
[v8,1/5] mm/memfd: add F_SEAL_EXEC mm/memfd: introduce MFD_NOEXEC_SEAL and MFD_EXEC - 1 - --- 2022-12-15 Jeff Xu Handled Elsewhere
[2/2] selinux: Implement mptcp_add_subflow hook lsm: introduce and use security_mptcp_add_subflow() - - - --- 2022-12-14 Paolo Abeni Superseded
[1/2] security, lsm: Introduce security_mptcp_add_subflow() lsm: introduce and use security_mptcp_add_subflow() - - - --- 2022-12-14 Paolo Abeni Superseded
[GIT,PULL] apparmor changes for v6.2 [GIT,PULL] apparmor changes for v6.2 - - - --- 2022-12-14 John Johansen Handled Elsewhere
[v3,10/10] integrity: restrict INTEGRITY_KEYRING_MACHINE to restrict_link_by_ca Add CA enforcement keyring restrictions - - - --- 2022-12-14 Eric Snowberg Handled Elsewhere
[v3,09/10] KEYS: CA link restriction Add CA enforcement keyring restrictions - - - --- 2022-12-14 Eric Snowberg Handled Elsewhere
[v3,08/10] integrity: Use root of trust signature restriction Add CA enforcement keyring restrictions - - - --- 2022-12-14 Eric Snowberg Handled Elsewhere
[v3,07/10] KEYS: X.509: Flag Intermediate CA certs as endorsed Add CA enforcement keyring restrictions - - - --- 2022-12-14 Eric Snowberg Handled Elsewhere
[v3,06/10] KEYS: Introduce keyring restriction that validates ca trust Add CA enforcement keyring restrictions - - - --- 2022-12-14 Eric Snowberg Handled Elsewhere
[v3,05/10] KEYS: Introduce a CA endorsed flag Add CA enforcement keyring restrictions - - - --- 2022-12-14 Eric Snowberg Handled Elsewhere
[v3,04/10] KEYS: X.509: Parse Key Usage Add CA enforcement keyring restrictions - - - --- 2022-12-14 Eric Snowberg Handled Elsewhere
[v3,03/10] KEYS: X.509: Parse Basic Constraints for CA Add CA enforcement keyring restrictions - - - --- 2022-12-14 Eric Snowberg Handled Elsewhere
[v3,02/10] KEYS: Add missing function documentation Add CA enforcement keyring restrictions - 1 - --- 2022-12-14 Eric Snowberg Handled Elsewhere
[v3,01/10] KEYS: Create static version of public_key_verify_signature Add CA enforcement keyring restrictions - 2 - --- 2022-12-14 Eric Snowberg Handled Elsewhere
[v2,1/1] selftests/landlock: skip ptrace_test according to YAMA selftests/landlock: Fix selftest ptrace_test run fail - - - --- 2022-12-13 Jeff Xu Handled Elsewhere
[1/1,RFC] SELINUX: Remove obsolete deferred inode security init list. SELINUX: Remove obsolete deferred inode security - - - --- 2022-12-13 Alexander Kozhevnikov Handled Elsewhere
[GIT,PULL] LSM patches for v6.2 [GIT,PULL] LSM patches for v6.2 - - - --- 2022-12-13 Paul Moore pcmoore Accepted
[GIT,PULL] SELinux patches for v6.2 [GIT,PULL] SELinux patches for v6.2 - - - --- 2022-12-13 Paul Moore Handled Elsewhere
[GIT,PULL] Landlock updates for v6.2 [GIT,PULL] Landlock updates for v6.2 - - - --- 2022-12-12 Mickaël Salaün Handled Elsewhere
[4/4] LoadPin: Allow filesystem switch when not enforcing LoadPin: Allow filesystem switch when not enforcing - - - --- 2022-12-09 Kees Cook Handled Elsewhere
[3/4] LoadPin: Move pin reporting cleanly out of locking LoadPin: Allow filesystem switch when not enforcing - - - --- 2022-12-09 Kees Cook Handled Elsewhere
[2/4] LoadPin: Refactor sysctl initialization LoadPin: Allow filesystem switch when not enforcing - - - --- 2022-12-09 Kees Cook Handled Elsewhere
[1/4] LoadPin: Refactor read-only check into a helper LoadPin: Allow filesystem switch when not enforcing - - - --- 2022-12-09 Kees Cook Handled Elsewhere
LoadPin: Ignore the "contents" argument of the LSM hooks LoadPin: Ignore the "contents" argument of the LSM hooks 1 - - --- 2022-12-09 Kees Cook pcmoore Handled Elsewhere
[v2] landlock: Explain file descriptor access rights [v2] landlock: Explain file descriptor access rights - 1 - --- 2022-12-09 Mickaël Salaün Handled Elsewhere
[v7,6/6] mm/memfd: security hook for memfd_create mm/memfd: introduce MFD_NOEXEC_SEAL and MFD_EXEC - - - --- 2022-12-09 Jeff Xu pcmoore Changes Requested
[v7,5/6] selftests/memfd: add tests for MFD_NOEXEC_SEAL MFD_EXEC mm/memfd: introduce MFD_NOEXEC_SEAL and MFD_EXEC - 1 - --- 2022-12-09 Jeff Xu pcmoore Changes Requested
[v7,4/6] mm/memfd: Add write seals when apply SEAL_EXEC to executable memfd mm/memfd: introduce MFD_NOEXEC_SEAL and MFD_EXEC - 1 - --- 2022-12-09 Jeff Xu pcmoore Changes Requested
[v7,3/6] mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC mm/memfd: introduce MFD_NOEXEC_SEAL and MFD_EXEC - 1 - --- 2022-12-09 Jeff Xu pcmoore Changes Requested
[v7,2/6] selftests/memfd: add tests for F_SEAL_EXEC mm/memfd: introduce MFD_NOEXEC_SEAL and MFD_EXEC - 1 - --- 2022-12-09 Jeff Xu pcmoore Changes Requested
[v7,1/6] mm/memfd: add F_SEAL_EXEC mm/memfd: introduce MFD_NOEXEC_SEAL and MFD_EXEC - 1 - --- 2022-12-09 Jeff Xu pcmoore Changes Requested
[v2] KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() [v2] KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() - - - --- 2022-12-09 Roberto Sassu Handled Elsewhere
[2/2] doc: Fix fs_context_parse_param description in mount_api.rst [1/2] lsm: Fix description of fs_context_parse_param - - - --- 2022-12-09 Roberto Sassu pcmoore Under Review
[1/2] lsm: Fix description of fs_context_parse_param [1/2] lsm: Fix description of fs_context_parse_param - - - --- 2022-12-09 Roberto Sassu pcmoore Accepted
KEYS: asymmetric: Make a copy of sig and digest in vmalloced stack KEYS: asymmetric: Make a copy of sig and digest in vmalloced stack - - - --- 2022-12-08 Roberto Sassu Handled Elsewhere
[GIT,PULL] tpmdd updates for tpmdd-next-v6.2-rc1 [GIT,PULL] tpmdd updates for tpmdd-next-v6.2-rc1 - - - --- 2022-12-08 Jarkko Sakkinen Handled Elsewhere
[mptcp-net] mptcp: fix LSM labeling for passive msk [mptcp-net] mptcp: fix LSM labeling for passive msk 1 - - --- 2022-12-07 Paolo Abeni pcmoore Changes Requested
[RFC,v2,7/7] selftests/bpf: Change return value in test_libbpf_get_fd_by_id_opts.c bpf-lsm: Check return values of security modules - - - --- 2022-12-07 Roberto Sassu New
[RFC,v2,6/7] selftests/bpf: Prevent positive ret values in test_lsm and verify_pkcs7_sig bpf-lsm: Check return values of security modules - - - --- 2022-12-07 Roberto Sassu New
[RFC,v2,5/7] selftests/bpf: Check if return values of LSM programs are allowed bpf-lsm: Check return values of security modules - - - --- 2022-12-07 Roberto Sassu New
[RFC,v2,4/7] bpf-lsm: Enforce return value limitations on security modules bpf-lsm: Check return values of security modules - - - --- 2022-12-07 Roberto Sassu New
[RFC,v2,3/7] lsm: Redefine LSM_HOOK() macro to add return value flags as argument bpf-lsm: Check return values of security modules - - - --- 2022-12-07 Roberto Sassu New
[RFC,v2,2/7] bpf: Mark ALU32 operations in bpf_reg_state structure bpf-lsm: Check return values of security modules - - - --- 2022-12-07 Roberto Sassu New
[RFC,v2,1/7] bpf: Remove superfluous btf_id_set_contains() declaration bpf-lsm: Check return values of security modules - - - --- 2022-12-07 Roberto Sassu New
[v2,10/10] integrity: restrict INTEGRITY_KEYRING_MACHINE to restrict_link_by_ca Add CA enforcement keyring restrictions - - - --- 2022-12-07 Eric Snowberg Handled Elsewhere
[v2,09/10] KEYS: CA link restriction Add CA enforcement keyring restrictions - - - --- 2022-12-07 Eric Snowberg Handled Elsewhere
[v2,08/10] integrity: Use root of trust signature restriction Add CA enforcement keyring restrictions - - - --- 2022-12-07 Eric Snowberg Handled Elsewhere
[v2,07/10] KEYS: X.509: Flag Intermediate CA certs as endorsed Add CA enforcement keyring restrictions - - - --- 2022-12-07 Eric Snowberg Handled Elsewhere
[v2,06/10] KEYS: Introduce keyring restriction that validates ca trust Add CA enforcement keyring restrictions - - - --- 2022-12-07 Eric Snowberg Handled Elsewhere
[v2,05/10] KEYS: Introduce a CA endorsed flag Add CA enforcement keyring restrictions - - - --- 2022-12-07 Eric Snowberg Handled Elsewhere
[v2,04/10] KEYS: X.509: Parse Key Usage Add CA enforcement keyring restrictions - - - --- 2022-12-07 Eric Snowberg Handled Elsewhere
[v2,03/10] KEYS: X.509: Parse Basic Constraints for CA Add CA enforcement keyring restrictions - - - --- 2022-12-07 Eric Snowberg Handled Elsewhere
[v2,02/10] KEYS: Add missing function documentation Add CA enforcement keyring restrictions - 1 - --- 2022-12-07 Eric Snowberg Handled Elsewhere
[v2,01/10] KEYS: Create static version of public_key_verify_signature Add CA enforcement keyring restrictions - 2 - --- 2022-12-07 Eric Snowberg Handled Elsewhere
public_key: Add a comment to public_key_signature struct definition public_key: Add a comment to public_key_signature struct definition - 1 - --- 2022-12-07 Roberto Sassu pcmoore Superseded
[v1] landlock: Explain file descriptor access rights [v1] landlock: Explain file descriptor access rights - - - --- 2022-12-05 Mickaël Salaün Handled Elsewhere
[v7,6/6] evm: Support multiple LSMs providing an xattr evm: Do HMAC of multiple per LSM xattrs for new inodes - 1 - --- 2022-12-01 Roberto Sassu pcmoore New
[v7,5/6] evm: Align evm_inode_init_security() definition with LSM infrastructure evm: Do HMAC of multiple per LSM xattrs for new inodes - 1 - --- 2022-12-01 Roberto Sassu pcmoore New
[v7,4/6] security: Allow all LSMs to provide xattrs for inode_init_security hook evm: Do HMAC of multiple per LSM xattrs for new inodes - 1 - --- 2022-12-01 Roberto Sassu pcmoore New
[v7,3/6] security: Remove security_old_inode_init_security() evm: Do HMAC of multiple per LSM xattrs for new inodes - 1 - --- 2022-12-01 Roberto Sassu pcmoore New
[v7,2/6] ocfs2: Switch to security_inode_init_security() evm: Do HMAC of multiple per LSM xattrs for new inodes - 1 - --- 2022-12-01 Roberto Sassu pcmoore New
[v7,1/6] reiserfs: Switch to security_inode_init_security() evm: Do HMAC of multiple per LSM xattrs for new inodes - 1 - --- 2022-12-01 Roberto Sassu pcmoore New
[v2,2/2] ima: Alloc ima_max_digest_data in xattr_verify() if CONFIG_VMAP_STACK=y ima/evm: Ensure digest to verify is in linear mapping area - - - --- 2022-12-01 Roberto Sassu Handled Elsewhere
[v2,1/2] evm: Alloc evm_digest in evm_verify_hmac() if CONFIG_VMAP_STACK=y ima/evm: Ensure digest to verify is in linear mapping area - - - --- 2022-12-01 Roberto Sassu Handled Elsewhere
[v2,2/2] lsm: Add/fix return values in lsm_hooks.h and fix formatting lsm: Improve LSM hooks documentation - - - --- 2022-11-28 Roberto Sassu Accepted
[v2,1/2] lsm: Clarify documentation of vm_enough_memory hook lsm: Improve LSM hooks documentation - - - --- 2022-11-28 Roberto Sassu pcmoore Accepted
[-next] selftests/landlock: Fix selftest ptrace_test run fail [-next] selftests/landlock: Fix selftest ptrace_test run fail - - - --- 2022-11-28 limin Handled Elsewhere
[v5] evm: Correct inode_init_security hooks behaviors [v5] evm: Correct inode_init_security hooks behaviors - - - --- 2022-11-25 Nicolas Bouchinet New
ima: Fix hash dependency to correct algorithm ima: Fix hash dependency to correct algorithm - - - --- 2022-11-25 Tianjia Zhang Handled Elsewhere
[v3,9/9] LSM: selftests for Linux Security Module infrastructure syscalls LSM: Three basic syscalls - - - --- 2022-11-23 Casey Schaufler pcmoore Superseded
[v3,8/9] LSM: wireup Linux Security Module syscalls LSM: Three basic syscalls - - - --- 2022-11-23 Casey Schaufler pcmoore Superseded
[v3,7/9] LSM: lsm_set_self_attr syscall for LSM self attributes LSM: Three basic syscalls - - - --- 2022-11-23 Casey Schaufler pcmoore Superseded
[v3,6/9] LSM: Create lsm_module_list system call LSM: Three basic syscalls - - - --- 2022-11-23 Casey Schaufler pcmoore Superseded
« 1 2 3 412 13 »