Show patches with: State = Action Required       |   173 patches
« 1 2 »
Patch Series A/R/T S/W/F Date Submitter Delegate State
[v4,02/21] fs: Remove check of s_user_ns for existing mounts in fs_fully_visible() - - - --- 2016-04-26 Seth Forshee New
[v4,04/21] block_dev: Support checking inode permissions in lookup_bdev() 1 - - --- 2016-04-26 Seth Forshee New
[v4,08/21] userns: Replace in_userns with current_in_userns 2 - - --- 2016-04-26 Seth Forshee New
[v4,10/21] fs: Check for invalid i_uid in may_follow_link() 1 - - --- 2016-04-26 Seth Forshee New
[v4,11/21] cred: Reject inodes with invalid ids in set_create_file_as() 1 - - --- 2016-04-26 Seth Forshee New
[v4,13/21] fs: Update posix_acl support to handle user namespace mounts 1 - - --- 2016-04-26 Seth Forshee New
[v4,14/21] fs: Allow superblock owner to change ownership of inodes with unmappable ids 1 - - --- 2016-04-26 Seth Forshee New
[v4,16/21] fs: Allow superblock owner to access do_remount_sb() 2 - - --- 2016-04-26 Seth Forshee New
[v4,18/21] fuse: Add support for pid namespaces 1 - - --- 2016-04-26 Seth Forshee New
[v4,19/21] fuse: Support fuse filesystems outside of init_user_ns - - - --- 2016-04-26 Seth Forshee New
[v4,01/21] fs: fix a posible leak of allocated superblock 1 - - --- 2016-04-26 Seth Forshee New
[v4,02/21] fs: Remove check of s_user_ns for existing mounts in fs_fully_visible() - - - --- 2016-04-26 Seth Forshee New
[v4,03/21] fs: Allow sysfs and cgroupfs to share super blocks between user namespaces 1 - - --- 2016-04-26 Seth Forshee New
[v4,04/21] block_dev: Support checking inode permissions in lookup_bdev() 1 - - --- 2016-04-26 Seth Forshee New
[v4,05/21] block_dev: Check permissions towards block device inode when mounting 1 - - --- 2016-04-26 Seth Forshee New
[v4,06/21] fs: Treat foreign mounts as nosuid 2 - - --- 2016-04-26 Seth Forshee New
[v4,07/21] selinux: Add support for unprivileged mounts from user namespaces 2 - - --- 2016-04-26 Seth Forshee New
[v4,08/21] userns: Replace in_userns with current_in_userns 2 - - --- 2016-04-26 Seth Forshee New
[v4,09/21] Smack: Handle labels consistently in untrusted mounts 1 - - --- 2016-04-26 Seth Forshee New
[v4,10/21] fs: Check for invalid i_uid in may_follow_link() 1 1 - --- 2016-04-26 Seth Forshee New
[v4,11/21] cred: Reject inodes with invalid ids in set_create_file_as() 1 - - --- 2016-04-26 Seth Forshee New
[v4,12/21] fs: Refuse uid/gid changes which don't map into s_user_ns 1 - - --- 2016-04-26 Seth Forshee New
[v4,13/21] fs: Update posix_acl support to handle user namespace mounts 1 - - --- 2016-04-26 Seth Forshee New
[v4,14/21] fs: Allow superblock owner to change ownership of inodes with unmappable ids 1 - - --- 2016-04-26 Seth Forshee New
[v4,15/21] fs: Don't remove suid for CAP_FSETID in s_user_ns 1 - - --- 2016-04-26 Seth Forshee New
[v4,16/21] fs: Allow superblock owner to access do_remount_sb() 2 - - --- 2016-04-26 Seth Forshee New
[v4,17/21] capabilities: Allow privileged user in s_user_ns to set security.* xattrs 2 - - --- 2016-04-26 Seth Forshee New
[v4,18/21] fuse: Add support for pid namespaces 1 - - --- 2016-04-26 Seth Forshee New
[v4,19/21] fuse: Support fuse filesystems outside of init_user_ns - - - --- 2016-04-26 Seth Forshee New
[v4,20/21] fuse: Restrict allow_other to the superblock's namespace or a descendant 2 - - --- 2016-04-26 Seth Forshee New
[v4,21/21] fuse: Allow user namespace mounts 1 - - --- 2016-04-26 Seth Forshee New
[RFC] audit, security: allow LSMs to selectively enable audit collection [RFC] audit, security: allow LSMs to selectively enable audit collection - - - --- 2019-08-15 Aaron Goidel pcmoore New
[RFC,v3] security,capability: pass object information to security_capable [RFC,v3] security,capability: pass object information to security_capable - - - --- 2019-08-15 Aaron Goidel pcmoore New
[RFC] selinux: add unprivileged sandboxing capability [RFC] selinux: add unprivileged sandboxing capability - - - --- 2020-03-13 Stephen Smalley pcmoore New
[RFC] libsepol,secilc,policycoreutils: add unprivileged sandboxing capability [RFC] libsepol,secilc,policycoreutils: add unprivileged sandboxing capability - - - --- 2020-03-13 Stephen Smalley pcmoore New
[RFC,1/5] selinux-testsuite: add tests/sandbox/nodir_no_allow.cil [RFC,1/5] selinux-testsuite: add tests/sandbox/nodir_no_allow.cil - - - --- 2020-03-13 Stephen Smalley omos New
[RFC,2/5] selinux-testsuite: add tests/sandbox/nodir_rx_allow.cil [RFC,1/5] selinux-testsuite: add tests/sandbox/nodir_no_allow.cil - - - --- 2020-03-13 Stephen Smalley omos New
[RFC,3/5] selinux-testsuite: add tests/sandbox/rxdir_no_allow.cil [RFC,1/5] selinux-testsuite: add tests/sandbox/nodir_no_allow.cil - - - --- 2020-03-13 Stephen Smalley omos New
[RFC,4/5] selinux-testsuite: add tests/sandbox/rxdir_rx_allow.cil [RFC,1/5] selinux-testsuite: add tests/sandbox/nodir_no_allow.cil - - - --- 2020-03-13 Stephen Smalley omos New
[RFC,5/5] selinux-testsuite: add testing for unprivileged sandboxing capability [RFC,1/5] selinux-testsuite: add tests/sandbox/nodir_no_allow.cil - - - --- 2020-03-13 Stephen Smalley omos New
selinux: make use of variables when defining libdir and includedir selinux: make use of variables when defining libdir and includedir - - - --- 2020-07-16 W. Michael Petullo New
[RFC,V2,1/2] selinux-testsuite: Run tests using remote server selinux-testsuite: Run tests using remote server - - - --- 2020-08-26 Richard Haines omos New
[RFC,V2,2/2] selinux-testsuite: Run SCTP tests using remote server selinux-testsuite: Run tests using remote server - - - --- 2020-08-26 Richard Haines omos New
[RESEND,v18,1/4] Add flags option to get xattr method paired to __vfs_getxattr overlayfs override_creds=off & nested get xattr fix 5 1 - --- 2020-10-21 Mark Salyzyn pcmoore New
[RESEND,v18,2/4] overlayfs: handle XATTR_NOSECURITY flag for get xattr method overlayfs override_creds=off & nested get xattr fix - - - --- 2020-10-21 Mark Salyzyn pcmoore New
[RESEND,v18,3/4] overlayfs: override_creds=off option bypass creator_cred overlayfs override_creds=off & nested get xattr fix - - - --- 2020-10-21 Mark Salyzyn pcmoore New
[RESEND,v18,4/4] overlayfs: inode_owner_or_capable called during execv Untitled series #368853 - - - --- 2020-10-22 Mark Salyzyn pcmoore New
[V2,1/1] selinux-testsuite: Add btrfs support for filesystem tests selinux-testsuite: Add btrfs support for filesystem tests - - - --- 2020-11-03 Richard Haines omos Queued
[RFC,1/1] selinux-testsuite: Reduce sctp test runtime selinux-testsuite: Reduce sctp test runtime - - - --- 2020-11-04 Richard Haines omos Under Review
[RESEND,v5] proc: Allow pid_revalidate() during LOOKUP_RCU [RESEND,v5] proc: Allow pid_revalidate() during LOOKUP_RCU - - - --- 2021-02-04 Stephen Brennan pcmoore New
RTIC: selinux: ARM64: Move selinux_state to a separate page RTIC: selinux: ARM64: Move selinux_state to a separate page 1 - - --- 2021-02-16 Preeti Nagar pcmoore New
[09/11] pragma once: convert scripts/selinux/genheaders/genheaders.c Untitled series #439529 - - - --- 2021-02-28 Alexey Dobriyan pcmoore New
[RESEND,v5] proc: Allow pid_revalidate() during LOOKUP_RCU [RESEND,v5] proc: Allow pid_revalidate() during LOOKUP_RCU - - - --- 2021-04-16 Stephen Brennan pcmoore New
[v2,1/2] vfs,LSM: introduce the FS_HANDLES_LSM_OPTS flag vfs/security/NFS/btrfs: clean up and fix LSM option handling - - 1 --- 2021-05-17 Ondrej Mosnacek pcmoore New
[v2,2/2] selinux: fix SECURITY_LSM_NATIVE_LABELS flag handling on double mount vfs/security/NFS/btrfs: clean up and fix LSM option handling - - - --- 2021-05-17 Ondrej Mosnacek pcmoore New
[v2] checkpolicy: fix the leak memory when uses xperms [v2] checkpolicy: fix the leak memory when uses xperms - - 1 --- 2021-06-01 liwugang New
[RFC] userfaultfd: open userfaultfds with O_RDONLY [RFC] userfaultfd: open userfaultfds with O_RDONLY - - - --- 2021-06-24 Ondrej Mosnacek pcmoore New
[1/2] ci: turn on CIFuzz [1/2] ci: turn on CIFuzz 1 - - --- 2021-07-10 Evgeny Vereshchagin New
[2/2] README: add OSS-Fuzz/CIFuzz badges [1/2] ci: turn on CIFuzz - - - --- 2021-07-10 Evgeny Vereshchagin New
[v2] libsepol/cil: move the fuzz target and build script to the selinux repository [v2] libsepol/cil: move the fuzz target and build script to the selinux repository 1 - - --- 2021-07-15 Evgeny Vereshchagin New
[RFC,1/9] sk_buff: track nfct status in newly added skb->_state [RFC,1/9] sk_buff: track nfct status in newly added skb->_state - - - --- 2021-07-21 Paolo Abeni pcmoore New
[RFC,2/9] sk_buff: track dst status in skb->_state [RFC,1/9] sk_buff: track nfct status in newly added skb->_state - - - --- 2021-07-21 Paolo Abeni pcmoore New
[RFC,3/9] sk_buff: move the active_extensions into the state bitfield [RFC,1/9] sk_buff: track nfct status in newly added skb->_state - - - --- 2021-07-21 Paolo Abeni pcmoore New
[RFC,4/9] net: optimize GRO for the common case. [RFC,1/9] sk_buff: track nfct status in newly added skb->_state - - - --- 2021-07-21 Paolo Abeni pcmoore New
[RFC,5/9] skbuff: introduce has_sk state bit. [RFC,1/9] sk_buff: track nfct status in newly added skb->_state - - - --- 2021-07-21 Paolo Abeni pcmoore New
[RFC,6/9] veth: use skb_prepare_for_gro() [RFC,1/9] sk_buff: track nfct status in newly added skb->_state - - - --- 2021-07-21 Paolo Abeni pcmoore New
[RFC,7/9] sk_buff: move inner header fields after tail [RFC,1/9] sk_buff: track nfct status in newly added skb->_state - - - --- 2021-07-21 Paolo Abeni pcmoore New
[RFC,8/9] sk_buff: move vlan field after tail. [RFC,1/9] sk_buff: track nfct status in newly added skb->_state - - - --- 2021-07-21 Paolo Abeni pcmoore New
[RFC,9/9] sk_buff: access secmark via getter/setter [RFC,1/9] sk_buff: track nfct status in newly added skb->_state - - - --- 2021-07-21 Paolo Abeni pcmoore New
libsepol regressions libsepol regressions - - - --- 2021-08-01 Dominick Grift New
cil_container_statements.md: clarify in-statement limitations cil_container_statements.md: clarify in-statement limitations - - - --- 2021-08-12 Dominick Grift New
[v3,1/1] xattr: Allow user.* xattr on symlink and special files Relax restrictions on user.* xattr - - - --- 2021-09-02 Vivek Goyal pcmoore New
[setools] __init__.py: Make NetworkX dep optional [setools] __init__.py: Make NetworkX dep optional - - - --- 2021-09-19 Jason Zaman New
libsepol: avoid passing NULL pointer to memcpy libsepol: avoid passing NULL pointer to memcpy - - - --- 2021-10-21 Christian Göttsche New
[testsuite] tests/sctp: add client peeloff tests [testsuite] tests/sctp: add client peeloff tests - - - --- 2021-10-21 Ondrej Mosnacek omos Under Review
[1/4] libsepol: Add support for file types in writing out policy.conf Fix/add optional file type handling for genfscon rules - - - --- 2021-10-27 James Carter New
[2/4] libsepol/cil: Allow optional file type in genfscon rules Fix/add optional file type handling for genfscon rules - - - --- 2021-10-27 James Carter New
[3/4] secilc/docs: Document the optional file type for genfscon rules Fix/add optional file type handling for genfscon rules - - - --- 2021-10-27 James Carter New
[4/4] libsepol: Write out genfscon file type when writing out CIL policy Fix/add optional file type handling for genfscon rules - - - --- 2021-10-27 James Carter New
[PATCHv2,net,1/4] security: pass asoc to sctp_assoc_request and sctp_sk_clone security: fixups for the security hooks in sctp - 1 1 --- 2021-11-02 Xin Long pcmoore New
[PATCHv2,net,2/4] security: call security_sctp_assoc_request in sctp_sf_do_5_1D_ce security: fixups for the security hooks in sctp - 1 1 --- 2021-11-02 Xin Long pcmoore New
[PATCHv2,net,3/4] security: add sctp_assoc_established hook security: fixups for the security hooks in sctp - 1 1 --- 2021-11-02 Xin Long pcmoore New
[PATCHv2,net,4/4] security: implement sctp_assoc_established hook in selinux security: fixups for the security hooks in sctp - 1 1 --- 2021-11-02 Xin Long pcmoore New
[net] selinux: fix SCTP client peeloff socket labeling [net] selinux: fix SCTP client peeloff socket labeling - - - --- 2021-11-04 Ondrej Mosnacek pcmoore New
[RFC,v2,01/36] cifuzz: enable report-unreproducible-crashes libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,02/36] cifuzz: use the default runtime of 600 seconds libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,03/36] libsepol/fuzz: silence secilc-fuzzer libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,04/36] libsepol: add libfuzz based fuzzer for reading binary policies libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,05/36] libsepol/fuzz: limit element sizes for fuzzing libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,06/36] libsepol: use logging framework in conditional.c libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,07/36] libsepol: use logging framework in ebitmap.c libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,08/36] libsepol: use mallocarray wrapper to avoid overflows libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,09/36] libsepol: use reallocarray wrapper to avoid overflows libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,10/36] libsepol: add checks for read sizes libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,11/36] libsepol: enforce avtab item limit libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,12/36] libsepol: clean memory on conditional insertion failure libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,13/36] libsepol: reject abnormal huge sid ids libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,14/36] libsepol: reject invalid filetrans source type libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,15/36] libsepol: zero member before potential dereference libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,16/36] libsepol: use size_t for indexes in strs helpers libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
« 1 2 »