Security modules development

Show patches with: Submitter = Ondrej Mosnacek | 81 patches

Patch	Series	A/R/T	S/W/F	Date	Submitter	Delegate	State
[2/2] cipso: make cipso_v4_skbuff_delattr() fully remove the CIPSO options	cipso: make cipso_v4_skbuff_delattr() fully remove the CIPSO options	- - -	---	2024-04-16	Ondrej Mosnacek	pcmoore	Under Review
[1/2] cipso: fix total option length computation	cipso: make cipso_v4_skbuff_delattr() fully remove the CIPSO options	- - -	---	2024-04-16	Ondrej Mosnacek	pcmoore	Under Review
security: use default hook return value in call_int_hook()	security: use default hook return value in call_int_hook()	- 1 -	---	2024-01-30	Ondrej Mosnacek	pcmoore	Accepted
security: fix no-op hook logic in security_inode_{set,remove}xattr()	security: fix no-op hook logic in security_inode_{set,remove}xattr()	- - -	---	2024-01-29	Ondrej Mosnacek	pcmoore	Under Review
lsm: fix default return value of the socket_getpeersec_* hooks	lsm: fix default return value of the socket_getpeersec_* hooks	- - -	---	2024-01-26	Ondrej Mosnacek	pcmoore	Accepted
security: fix the logic in security_inode_getsecctx()	security: fix the logic in security_inode_getsecctx()	- 1 -	---	2024-01-26	Ondrej Mosnacek	pcmoore	Accepted
[2/2] lsm: fix default return value for inode_getsecctx	lsm: fix default return values for some hooks	- - -	---	2023-10-31	Ondrej Mosnacek	pcmoore	Accepted
[1/2] lsm: fix default return value for vm_enough_memory	lsm: fix default return values for some hooks	- - -	---	2023-10-31	Ondrej Mosnacek	pcmoore	Accepted
io_uring: don't audit the capability check in io_uring_create()	io_uring: don't audit the capability check in io_uring_create()	- 1 -	---	2023-07-18	Ondrej Mosnacek		Handled Elsewhere
[RESEND] fs_context: drop the unused lsm_flags member	[RESEND] fs_context: drop the unused lsm_flags member	- - -	---	2023-03-16	Ondrej Mosnacek		Handled Elsewhere
[v2] kernel/sys.c: fix and improve control flow in __sys_setres[ug]id()	[v2] kernel/sys.c: fix and improve control flow in __sys_setres[ug]id()	- - -	---	2023-02-17	Ondrej Mosnacek	pcmoore	Handled Elsewhere
kernel/sys.c: fix and improve control flow in __sys_setres[ug]id()	kernel/sys.c: fix and improve control flow in __sys_setres[ug]id()	- - -	---	2023-02-15	Ondrej Mosnacek		Superseded
[RESEND,2/2] selinux: provide matching audit timestamp in the AVC trace event	Provide matching audit timestamp in the SELinux AVC trace event	- - -	---	2022-12-19	Ondrej Mosnacek		Handled Elsewhere
[RESEND,1/2] audit: introduce a struct to represent an audit timestamp	Provide matching audit timestamp in the SELinux AVC trace event	- - -	---	2022-12-19	Ondrej Mosnacek		Handled Elsewhere
[1/2] audit: introduce a struct to represent an audit timestamp	Provide matching audit timestamp in the SELinux AVC trace event	- - -	---	2022-12-19	Ondrej Mosnacek	pcmoore	Handled Elsewhere
[v2] fs: don't audit the capability check in simple_xattr_list()	[v2] fs: don't audit the capability check in simple_xattr_list()	- 2 -	---	2022-11-03	Ondrej Mosnacek	pcmoore	Handled Elsewhere
[2/2] fs: don't call capable() prematurely in simple_xattr_list()	fs: fix capable() call in simple_xattr_list()	- - -	---	2022-09-01	Ondrej Mosnacek	pcmoore	Handled Elsewhere
[1/2] fs: convert simple_xattrs to RCU list	fs: fix capable() call in simple_xattr_list()	- - -	---	2022-09-01	Ondrej Mosnacek	pcmoore	Handled Elsewhere
[RFC,RESEND] userfaultfd: open userfaultfds with O_RDONLY	[RFC,RESEND] userfaultfd: open userfaultfds with O_RDONLY	2 - -	---	2022-07-08	Ondrej Mosnacek	pcmoore	Accepted
[net,v3,2/2] security: implement sctp_assoc_established hook in selinux	security: fixups for the security hooks in sctp	- - -	---	2022-02-12	Ondrej Mosnacek		New
[net,v3,1/2] security: add sctp_assoc_established hook	security: fixups for the security hooks in sctp	- - -	---	2022-02-12	Ondrej Mosnacek		New
security,selinux: remove security_add_mnt_opt()	security,selinux: remove security_add_mnt_opt()	1 1 -	---	2021-12-06	Ondrej Mosnacek		New
sctp: initialize endpoint LSM labels also on the client side	sctp: initialize endpoint LSM labels also on the client side	- - -	---	2021-10-21	Ondrej Mosnacek		New
lsm_audit: avoid overloading the "key" audit field	lsm_audit: avoid overloading the "key" audit field	- 1 -	---	2021-09-14	Ondrej Mosnacek		New
[v4] lockdown,selinux: fix wrong subject in some SELinux lockdown checks	[v4] lockdown,selinux: fix wrong subject in some SELinux lockdown checks	3 - -	---	2021-09-13	Ondrej Mosnacek		New
[RFC] userfaultfd: open userfaultfds with O_RDONLY	[RFC] userfaultfd: open userfaultfds with O_RDONLY	- - -	---	2021-06-24	Ondrej Mosnacek		New
[v3] lockdown,selinux: fix wrong subject in some SELinux lockdown checks	[v3] lockdown,selinux: fix wrong subject in some SELinux lockdown checks	2 - -	---	2021-06-16	Ondrej Mosnacek		New
[v2,2/2] selinux: fix SECURITY_LSM_NATIVE_LABELS flag handling on double mount	vfs/security/NFS/btrfs: clean up and fix LSM option handling	- - -	---	2021-05-17	Ondrej Mosnacek		New
[v2,1/2] vfs,LSM: introduce the FS_HANDLES_LSM_OPTS flag	vfs/security/NFS/btrfs: clean up and fix LSM option handling	- - 1	---	2021-05-17	Ondrej Mosnacek		New
[v2] lockdown,selinux: avoid bogus SELinux lockdown permission checks	[v2] lockdown,selinux: avoid bogus SELinux lockdown permission checks	4 - 2	---	2021-05-17	Ondrej Mosnacek		New
[v2] debugfs: fix security_locked_down() call for SELinux	[v2] debugfs: fix security_locked_down() call for SELinux	- - -	---	2021-05-07	Ondrej Mosnacek		New
serial: core: fix suspicious security_locked_down() call	serial: core: fix suspicious security_locked_down() call	1 - -	---	2021-05-07	Ondrej Mosnacek		New
debugfs: fix security_locked_down() call for SELinux	debugfs: fix security_locked_down() call for SELinux	- - -	---	2021-05-07	Ondrej Mosnacek		New
lockdown,selinux: fix bogus SELinux lockdown permission checks	lockdown,selinux: fix bogus SELinux lockdown permission checks	- - -	---	2021-05-07	Ondrej Mosnacek		New
[RFC,2/2] selinux: add capability to map anon inode types to separate classes	selinux,anon_inodes: Use a separate SELinux class for each type of anon inode	- - -	---	2021-04-21	Ondrej Mosnacek		New
[RFC,1/2] LSM,anon_inodes: explicitly distinguish anon inode types	selinux,anon_inodes: Use a separate SELinux class for each type of anon inode	- - -	---	2021-04-21	Ondrej Mosnacek		New
[2/2] selinux: fix SECURITY_LSM_NATIVE_LABELS flag handling on double mount	vfs/security/NFS/btrfs: clean up and fix LSM option handling	- - -	---	2021-04-09	Ondrej Mosnacek		New
[1/2] vfs,LSM: introduce the FS_HANDLES_LSM_OPTS flag	vfs/security/NFS/btrfs: clean up and fix LSM option handling	- - -	---	2021-04-09	Ondrej Mosnacek		New
fs_context: drop the unused lsm_flags member	fs_context: drop the unused lsm_flags member	- - -	---	2021-04-09	Ondrej Mosnacek		New
xfs: use has_capability_noaudit() instead of capable() where appropriate	xfs: use has_capability_noaudit() instead of capable() where appropriate	- - -	---	2021-03-16	Ondrej Mosnacek		New
[v2] vfs: fix fsconfig(2) LSM mount option handling for btrfs	[v2] vfs: fix fsconfig(2) LSM mount option handling for btrfs	- - 1	---	2021-03-16	Ondrej Mosnacek		New
perf/core: fix unconditional security_locked_down() call	perf/core: fix unconditional security_locked_down() call	- 1 -	---	2021-02-24	Ondrej Mosnacek		New
NFSv4.2: fix return value of _nfs4_get_security_label()	NFSv4.2: fix return value of _nfs4_get_security_label()	- 2 -	---	2021-01-15	Ondrej Mosnacek		New
vfs: fix fsconfig(2) LSM mount option handling for btrfs	vfs: fix fsconfig(2) LSM mount option handling for btrfs	- - 1	---	2020-11-18	Ondrej Mosnacek		New
[2/2] security,selinux: get rid of security_delete_hooks()	LSM: Drop security_delete_hooks()	1 1 -	---	2020-01-07	Ondrej Mosnacek		New
[1/2] selinux: treat atomic flags more carefully	LSM: Drop security_delete_hooks()	1 2 -	---	2020-01-07	Ondrej Mosnacek		New
LSM: allow an LSM to disable all hooks at once	LSM: allow an LSM to disable all hooks at once	- - -	---	2019-12-11	Ondrej Mosnacek		New
LSM: lsm_hooks.h - fix missing colon in docstring	LSM: lsm_hooks.h - fix missing colon in docstring	- - -	---	2019-03-25	Ondrej Mosnacek		New
[v7,7/7] kernfs: initialize security of newly created nodes	Allow initializing the kernfs node's secctx based on its parent	- - -	---	2019-02-22	Ondrej Mosnacek		New
[v7,6/7] selinux: implement the kernfs_init_security hook	Allow initializing the kernfs node's secctx based on its parent	- - -	---	2019-02-22	Ondrej Mosnacek		New
[v7,5/7] LSM: add new hook for kernfs node initialization	Allow initializing the kernfs node's secctx based on its parent	- - -	---	2019-02-22	Ondrej Mosnacek		New
[v7,4/7] kernfs: use simple_xattrs for security attributes	Allow initializing the kernfs node's secctx based on its parent	- - -	---	2019-02-22	Ondrej Mosnacek		New
[v7,3/7] selinux: try security xattr after genfs for kernfs filesystems	Allow initializing the kernfs node's secctx based on its parent	1 - -	---	2019-02-22	Ondrej Mosnacek		New
[v7,2/7] kernfs: do not alloc iattrs in kernfs_xattr_get	Allow initializing the kernfs node's secctx based on its parent	- - -	---	2019-02-22	Ondrej Mosnacek		New
[v7,1/7] kernfs: clean up struct kernfs_iattrs	Allow initializing the kernfs node's secctx based on its parent	- - -	---	2019-02-22	Ondrej Mosnacek		New
[v6,5/5] kernfs: initialize security of newly created nodes	Allow initializing the kernfs node's secctx based on its parent	- - -	---	2019-02-14	Ondrej Mosnacek		New
[v6,4/5] selinux: implement the kernfs_init_security hook	Allow initializing the kernfs node's secctx based on its parent	- - -	---	2019-02-14	Ondrej Mosnacek		New
[v6,3/5] LSM: add new hook for kernfs node initialization	Allow initializing the kernfs node's secctx based on its parent	- - -	---	2019-02-14	Ondrej Mosnacek		New
[v6,2/5] kernfs: use simple_xattrs for security attributes	Allow initializing the kernfs node's secctx based on its parent	- - -	---	2019-02-14	Ondrej Mosnacek		New
[v6,1/5] selinux: try security xattr after genfs for kernfs filesystems	Allow initializing the kernfs node's secctx based on its parent	- - -	---	2019-02-14	Ondrej Mosnacek		New
[v5,5/5] kernfs: initialize security of newly created nodes	Allow initializing the kernfs node's secctx based on its parent	- - -	---	2019-02-05	Ondrej Mosnacek		New
[v5,4/5] selinux: implement the kernfs_init_security hook	Allow initializing the kernfs node's secctx based on its parent	- - -	---	2019-02-05	Ondrej Mosnacek		New
[v5,3/5] LSM: add new hook for kernfs node initialization	Allow initializing the kernfs node's secctx based on its parent	- - -	---	2019-02-05	Ondrej Mosnacek		New
[v5,2/5] kernfs: use simple_xattrs for security attributes	Allow initializing the kernfs node's secctx based on its parent	- - -	---	2019-02-05	Ondrej Mosnacek		New
[v5,1/5] selinux: try security xattr after genfs for kernfs filesystems	Allow initializing the kernfs node's secctx based on its parent	- - -	---	2019-02-05	Ondrej Mosnacek		New
[v4,5/5] kernfs: initialize security of newly created nodes	Allow initializing the kernfs node's secctx based on its parent	- - -	---	2019-02-05	Ondrej Mosnacek		New
[v4,4/5] selinux: implement the kernfs_init_security hook	Allow initializing the kernfs node's secctx based on its parent	- - -	---	2019-02-05	Ondrej Mosnacek		New
[v4,3/5] LSM: add new hook for kernfs node initialization	Allow initializing the kernfs node's secctx based on its parent	- - -	---	2019-02-05	Ondrej Mosnacek		New
[v4,2/5] kernfs: use simple_xattrs for security attributes	Allow initializing the kernfs node's secctx based on its parent	- - -	---	2019-02-05	Ondrej Mosnacek		New
[v4,1/5] selinux: try security xattr after genfs for kernfs filesystems	Allow initializing the kernfs node's secctx based on its parent	- - -	---	2019-02-05	Ondrej Mosnacek		New
[v3,5/5] kernfs: initialize security of newly created nodes	Allow initializing the kernfs node's secctx based on its parent	- - -	---	2019-01-30	Ondrej Mosnacek		New
[v3,4/5] selinux: implement the kernfs_init_security hook	Allow initializing the kernfs node's secctx based on its parent	- - -	---	2019-01-30	Ondrej Mosnacek		New
[v3,3/5] LSM: add new hook for kernfs node initialization	Allow initializing the kernfs node's secctx based on its parent	- - -	---	2019-01-30	Ondrej Mosnacek		New
[v3,2/5] kernfs: use simple_xattrs for security attributes	Allow initializing the kernfs node's secctx based on its parent	- - -	---	2019-01-30	Ondrej Mosnacek		New
[v3,1/5] selinux: try security xattr after genfs for kernfs filesystems	Allow initializing the kernfs node's secctx based on its parent	- - -	---	2019-01-30	Ondrej Mosnacek		New
[v2,3/3] kernfs: Initialize security of newly created nodes	Allow initializing the kernfs node's secctx based on its parent	- 1 -	---	2019-01-09	Ondrej Mosnacek		New
[v2,2/3] selinux: Implement the object_init_security hook	Allow initializing the kernfs node's secctx based on its parent	- 1 -	---	2019-01-09	Ondrej Mosnacek		New
[v2,1/3] LSM: Add new hook for generic node initialization	Allow initializing the kernfs node's secctx based on its parent	- - -	---	2019-01-09	Ondrej Mosnacek		New
[3/3] kernfs: Initialize security of newly created nodes	Allow initializing the kernfs node's secctx based on its parent	- 1 -	---	2019-01-09	Ondrej Mosnacek		New
[2/3] selinux: Implement the object_init_security hook	Allow initializing the kernfs node's secctx based on its parent	- 1 -	---	2019-01-09	Ondrej Mosnacek		New
[1/3] LSM: Add new hook for generic node initialization	Allow initializing the kernfs node's secctx based on its parent	- - -	---	2019-01-09	Ondrej Mosnacek		New