Show patches with: State = Action Required       |   126 patches
« 1 2 »
Patch Series A/R/T S/W/F Date Submitter Delegate State
cred: Propagate security_prepare_creds() error code cred: Propagate security_prepare_creds() error code - - - --- 2022-05-20 Frederick Lawler New
semodule: avoid toctou on output module semodule: avoid toctou on output module - - - --- 2022-05-20 Christian Göttsche New
libselinux: declare return value of context_str(3) const libselinux: declare return value of context_str(3) const - - - --- 2022-05-20 Christian Göttsche New
[4/4] libselinux: declare parameter of security_load_policy(3) const [1/4] libselinux: add man page redirections - - - --- 2022-05-20 Christian Göttsche New
[3/4] libselinux: name parameters in context.h [1/4] libselinux: add man page redirections - - - --- 2022-05-20 Christian Göttsche New
[2/4] libselinux: enclose macro definition in parenthesis [1/4] libselinux: add man page redirections - - - --- 2022-05-20 Christian Göttsche New
[1/4] libselinux: add man page redirections [1/4] libselinux: add man page redirections - - - --- 2022-05-20 Christian Göttsche New
Makefile: always include and link with DESTDIR Makefile: always include and link with DESTDIR - - - --- 2022-05-20 Christian Göttsche New
python/audit2allow: close file stream on error python/audit2allow: close file stream on error - - - --- 2022-05-20 Christian Göttsche New
[v3,4/4] libselinux: check for truncations Untitled series #643600 - - - --- 2022-05-20 Christian Göttsche New
[GIT,PULL] SELinux fixes for v5.18 (#1) [GIT,PULL] SELinux fixes for v5.18 (#1) - - - --- 2022-05-18 Paul Moore New
selinux: add __randomize_layout to selinux_audit_data selinux: add __randomize_layout to selinux_audit_data - - - --- 2022-05-18 GONG, Ruiqi New
[RFC,v2,4/4] libselinux: check for truncations Untitled series #642403 - - - --- 2022-05-17 Christian Göttsche New
[2/2] libselinux: restorecon: avoid printing NULL pointer [1/2] libselinux: restorecon: add fallback for pre 3.6 Linux - - - --- 2022-05-17 Christian Göttsche New
[1/2] libselinux: restorecon: add fallback for pre 3.6 Linux [1/2] libselinux: restorecon: add fallback for pre 3.6 Linux - - - --- 2022-05-17 Christian Göttsche New
[RFC,3/4] libselinux: introduce strlcpy [RFC,1/4] libselinux: simplify policy path logic to avoid uninitialized read - - - --- 2022-05-10 Christian Göttsche New
[RFC,2/4] libselinux: add header guard for internal header [RFC,1/4] libselinux: simplify policy path logic to avoid uninitialized read - - - --- 2022-05-10 Christian Göttsche New
[RFC,1/4] libselinux: simplify policy path logic to avoid uninitialized read [RFC,1/4] libselinux: simplify policy path logic to avoid uninitialized read 1 - - --- 2022-05-10 Christian Göttsche New
libselinux/utils/getsebool: add options to display en-/disabled booleans libselinux/utils/getsebool: add options to display en-/disabled booleans - - - --- 2022-04-28 Christian Göttsche New
[v2,6/6] Enable missing prototypes [v2,1/6] libsepol/cil: declare file local functions static - - - --- 2022-04-05 Christian Göttsche New
docs: selinux: add '=' signs to kernel boot options docs: selinux: add '=' signs to kernel boot options 1 - - --- 2022-03-01 Randy Dunlap New
[RESEND] xfs: don't generate selinux audit messages for capability testing [RESEND] xfs: don't generate selinux audit messages for capability testing 1 2 - --- 2022-03-01 Darrick J. Wong New
[RFC,1/1] selinuxns: Replace state pointer with namespace id [RFC,1/1] selinuxns: Replace state pointer with namespace id - - - --- 2022-02-16 Igor Baranov New
libselinux: Prevent cached context giving wrong results libselinux: Prevent cached context giving wrong results - - - --- 2022-01-27 Johannes Segitz New
[libselinux] libselinux: make threadsafe for discover_class_cache [libselinux] libselinux: make threadsafe for discover_class_cache - - - --- 2022-01-20 Purushottam Choudhary New
[2/2,RFC] libsepol/cil: Add notself and minusself support to CIL libsepol: Adding support for not-self rules - - - --- 2022-01-11 James Carter New
[1/2,RFC] libsepol: Add not self support for neverallow rules libsepol: Adding support for not-self rules - - - --- 2022-01-11 James Carter New
[RFC,v3,5/5] libsepol: pass avtab to report function [RFC,v3,1/5] libsepol: introduce ebitmap_relative_complement() - - - --- 2021-12-04 Christian Göttsche New
[RFC,v3,4/5] libsepol: free ebitmap on end of function [RFC,v3,1/5] libsepol: introduce ebitmap_relative_complement() - - - --- 2021-12-04 Christian Göttsche New
[RFC,v3,3/5] checkpolicy: add not-self neverallow support [RFC,v3,1/5] libsepol: introduce ebitmap_relative_complement() - - - --- 2021-12-04 Christian Göttsche New
[RFC,v3,2/5] libsepol: add not-self neverallow support [RFC,v3,1/5] libsepol: introduce ebitmap_relative_complement() - - - --- 2021-12-04 Christian Göttsche New
[RFC,v3,1/5] libsepol: introduce ebitmap_relative_complement() [RFC,v3,1/5] libsepol: introduce ebitmap_relative_complement() - - - --- 2021-12-04 Christian Göttsche New
[XSERVER,2/2] selinux: log events with appropriate audit type [XSERVER,1/2] selinux: remap security classes on policyload - - - --- 2021-11-25 Christian Göttsche New
[XSERVER,1/2] selinux: remap security classes on policyload [XSERVER,1/2] selinux: remap security classes on policyload - - - --- 2021-11-25 Christian Göttsche New
[2/2] dbus: Add filetrans for /tmp/dbus-* session socket [1/2] selinux: Add map perms - - - --- 2021-11-21 Jason Zaman New
[1/2] selinux: Add map perms [1/2] selinux: Add map perms - - - --- 2021-11-21 Jason Zaman New
[v2] Support static-only builds [v2] Support static-only builds - - - --- 2021-11-13 Alyssa Ross New
[v4,21/21] fuse: Allow user namespace mounts 1 - - --- 2016-04-26 Seth Forshee New
[v4,20/21] fuse: Restrict allow_other to the superblock's namespace or a descendant 2 - - --- 2016-04-26 Seth Forshee New
[v4,19/21] fuse: Support fuse filesystems outside of init_user_ns - - - --- 2016-04-26 Seth Forshee New
[v4,18/21] fuse: Add support for pid namespaces 1 - - --- 2016-04-26 Seth Forshee New
[v4,17/21] capabilities: Allow privileged user in s_user_ns to set security.* xattrs 2 - - --- 2016-04-26 Seth Forshee New
[v4,16/21] fs: Allow superblock owner to access do_remount_sb() 2 - - --- 2016-04-26 Seth Forshee New
[v4,15/21] fs: Don't remove suid for CAP_FSETID in s_user_ns 1 - - --- 2016-04-26 Seth Forshee New
[v4,14/21] fs: Allow superblock owner to change ownership of inodes with unmappable ids 1 - - --- 2016-04-26 Seth Forshee New
[v4,13/21] fs: Update posix_acl support to handle user namespace mounts 1 - - --- 2016-04-26 Seth Forshee New
[v4,12/21] fs: Refuse uid/gid changes which don't map into s_user_ns 1 - - --- 2016-04-26 Seth Forshee New
[v4,11/21] cred: Reject inodes with invalid ids in set_create_file_as() 1 - - --- 2016-04-26 Seth Forshee New
[v4,10/21] fs: Check for invalid i_uid in may_follow_link() 1 1 - --- 2016-04-26 Seth Forshee New
[v4,09/21] Smack: Handle labels consistently in untrusted mounts 1 - - --- 2016-04-26 Seth Forshee New
[v4,08/21] userns: Replace in_userns with current_in_userns 2 - - --- 2016-04-26 Seth Forshee New
[v4,07/21] selinux: Add support for unprivileged mounts from user namespaces 2 - - --- 2016-04-26 Seth Forshee New
[v4,06/21] fs: Treat foreign mounts as nosuid 2 - - --- 2016-04-26 Seth Forshee New
[v4,05/21] block_dev: Check permissions towards block device inode when mounting 1 - - --- 2016-04-26 Seth Forshee New
[v4,04/21] block_dev: Support checking inode permissions in lookup_bdev() 1 - - --- 2016-04-26 Seth Forshee New
[v4,03/21] fs: Allow sysfs and cgroupfs to share super blocks between user namespaces 1 - - --- 2016-04-26 Seth Forshee New
[v4,02/21] fs: Remove check of s_user_ns for existing mounts in fs_fully_visible() - - - --- 2016-04-26 Seth Forshee New
[v4,01/21] fs: fix a posible leak of allocated superblock 1 - - --- 2016-04-26 Seth Forshee New
[v4,19/21] fuse: Support fuse filesystems outside of init_user_ns - - - --- 2016-04-26 Seth Forshee New
[v4,18/21] fuse: Add support for pid namespaces 1 - - --- 2016-04-26 Seth Forshee New
[v4,16/21] fs: Allow superblock owner to access do_remount_sb() 2 - - --- 2016-04-26 Seth Forshee New
[v4,14/21] fs: Allow superblock owner to change ownership of inodes with unmappable ids 1 - - --- 2016-04-26 Seth Forshee New
[v4,13/21] fs: Update posix_acl support to handle user namespace mounts 1 - - --- 2016-04-26 Seth Forshee New
[v4,11/21] cred: Reject inodes with invalid ids in set_create_file_as() 1 - - --- 2016-04-26 Seth Forshee New
[v4,10/21] fs: Check for invalid i_uid in may_follow_link() 1 - - --- 2016-04-26 Seth Forshee New
[v4,08/21] userns: Replace in_userns with current_in_userns 2 - - --- 2016-04-26 Seth Forshee New
[v4,04/21] block_dev: Support checking inode permissions in lookup_bdev() 1 - - --- 2016-04-26 Seth Forshee New
[v4,02/21] fs: Remove check of s_user_ns for existing mounts in fs_fully_visible() - - - --- 2016-04-26 Seth Forshee New
[V2,testsuite] tests/inet_socket: Add socket transition tests [V2,testsuite] tests/inet_socket: Add socket transition tests - - - --- 2021-11-25 Richard Haines omos New
[RFC,1/1] selinux-testsuite: Reduce sctp test runtime selinux-testsuite: Reduce sctp test runtime - - - --- 2020-11-04 Richard Haines omos Under Review
[V2,1/1] selinux-testsuite: Add btrfs support for filesystem tests selinux-testsuite: Add btrfs support for filesystem tests - - - --- 2020-11-03 Richard Haines omos Queued
[RFC,V2,2/2] selinux-testsuite: Run SCTP tests using remote server selinux-testsuite: Run tests using remote server - - - --- 2020-08-26 Richard Haines omos New
[RFC,V2,1/2] selinux-testsuite: Run tests using remote server selinux-testsuite: Run tests using remote server - - - --- 2020-08-26 Richard Haines omos New
[RFC,5/5] selinux-testsuite: add testing for unprivileged sandboxing capability [RFC,1/5] selinux-testsuite: add tests/sandbox/nodir_no_allow.cil - - - --- 2020-03-13 Stephen Smalley omos New
[RFC,4/5] selinux-testsuite: add tests/sandbox/rxdir_rx_allow.cil [RFC,1/5] selinux-testsuite: add tests/sandbox/nodir_no_allow.cil - - - --- 2020-03-13 Stephen Smalley omos New
[RFC,3/5] selinux-testsuite: add tests/sandbox/rxdir_no_allow.cil [RFC,1/5] selinux-testsuite: add tests/sandbox/nodir_no_allow.cil - - - --- 2020-03-13 Stephen Smalley omos New
[RFC,2/5] selinux-testsuite: add tests/sandbox/nodir_rx_allow.cil [RFC,1/5] selinux-testsuite: add tests/sandbox/nodir_no_allow.cil - - - --- 2020-03-13 Stephen Smalley omos New
[RFC,1/5] selinux-testsuite: add tests/sandbox/nodir_no_allow.cil [RFC,1/5] selinux-testsuite: add tests/sandbox/nodir_no_allow.cil - - - --- 2020-03-13 Stephen Smalley omos New
[28/32] selinux: Use mem_to_flex_dup() with xfrm and sidtab Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook pcmoore New
[v2,1/8] capability: add capable_or to test for multiple caps with exactly one audit message [v2,1/8] capability: add capable_or to test for multiple caps with exactly one audit message - - - --- 2022-05-02 Christian Göttsche pcmoore New
[v2,8/8] net: use new capable_or functionality [v2,1/8] capability: add capable_or to test for multiple caps with exactly one audit message - 1 - --- 2022-05-02 Christian Göttsche pcmoore New
[v2,7/8] kernel/bpf: use new capable_or functionality [v2,1/8] capability: add capable_or to test for multiple caps with exactly one audit message - - - --- 2022-05-02 Christian Göttsche pcmoore New
[v2,6/8] kernel: use new capable_or functionality [v2,1/8] capability: add capable_or to test for multiple caps with exactly one audit message - - - --- 2022-05-02 Christian Göttsche pcmoore New
[v2,5/8] fs: use new capable_or functionality [v2,1/8] capability: add capable_or to test for multiple caps with exactly one audit message - - - --- 2022-05-02 Christian Göttsche pcmoore New
[v2,4/8] drivers: use new capable_or functionality [v2,1/8] capability: add capable_or to test for multiple caps with exactly one audit message 1 1 - --- 2022-05-02 Christian Göttsche pcmoore New
[v2,3/8] block: use new capable_or functionality [v2,1/8] capability: add capable_or to test for multiple caps with exactly one audit message - - - --- 2022-05-02 Christian Göttsche pcmoore New
[v2,2/8] capability: use new capable_or functionality [v2,1/8] capability: add capable_or to test for multiple caps with exactly one audit message - - - --- 2022-05-02 Christian Göttsche pcmoore New
[v2,RFC] sched: only perform capability check on privileged operation [v2,RFC] sched: only perform capability check on privileged operation - - - --- 2022-05-02 Christian Göttsche pcmoore New
selinux: use unsigned char for boolean values selinux: use unsigned char for boolean values - - - --- 2022-05-02 Christian Göttsche pcmoore New
[RFC,7/7] SELINUXNS: Fixing concurrency issues [RFC,1/7] LSM: Infrastructure management of the superblock - - - --- 2022-04-18 Alexander Kozhevnikov pcmoore New
[RFC,6/7] SELINUXNS: Fixing superblock security structure memory leakage [RFC,1/7] LSM: Infrastructure management of the superblock - - - --- 2022-04-18 Alexander Kozhevnikov pcmoore New
[RFC,5/7] SELINUXNS: Migrate all open files and all vma to new namespace [RFC,1/7] LSM: Infrastructure management of the superblock - - - --- 2022-04-18 Alexander Kozhevnikov pcmoore New
[RFC,4/7] SELINUXNS: Namespacing for xattrs [RFC,1/7] LSM: Infrastructure management of the superblock - - - --- 2022-04-18 Alexander Kozhevnikov pcmoore New
[RFC,3/7] SELINUXNS: Fix initilization of the superblock security under spinlock [RFC,1/7] LSM: Infrastructure management of the superblock - - - --- 2022-04-18 Alexander Kozhevnikov pcmoore New
[RFC,2/7] selinux: support per-namespace superblock security structures [RFC,1/7] LSM: Infrastructure management of the superblock - - - --- 2022-04-18 Alexander Kozhevnikov pcmoore New
[RFC,1/7] LSM: Infrastructure management of the superblock [RFC,1/7] LSM: Infrastructure management of the superblock 1 2 - --- 2022-04-18 Alexander Kozhevnikov pcmoore New
[5/5] selinux: drop unnecessary NULL check [1/5] selinux: drop return statement at end of void functions - - - --- 2022-02-17 Christian Göttsche pcmoore New
[RFC] mm: create security context for memfd_secret inodes [RFC] mm: create security context for memfd_secret inodes - - - --- 2022-01-25 Christian Göttsche pcmoore New
[RFC,2/2] security, nfs: Provide a hook for fs_context security initialisation [RFC,1/2] security: Remove security_add_mnt_opt() as it's unused - - - --- 2021-12-08 David Howells pcmoore New
[v3,1/1] fuse: Send security context of inode on file creation fuse: Send file/inode security context during creation - - - --- 2021-11-10 Vivek Goyal pcmoore New
« 1 2 »