Show patches with: State = Action Required       |   175 patches
« 1 2 »
Patch Series A/R/T S/W/F Date Submitter Delegate State
security,selinux: remove security_add_mnt_opt() security,selinux: remove security_add_mnt_opt() - 1 - --- 2021-12-06 Ondrej Mosnacek New
[v2] security/selinux: fix potential memleak in error branch [v2] security/selinux: fix potential memleak in error branch - - - --- 2021-12-06 Bernard Zhao New
[RFC,v3,5/5] libsepol: pass avtab to report function [RFC,v3,1/5] libsepol: introduce ebitmap_relative_complement() - - - --- 2021-12-04 Christian Göttsche New
[RFC,v3,4/5] libsepol: free ebitmap on end of function [RFC,v3,1/5] libsepol: introduce ebitmap_relative_complement() - - - --- 2021-12-04 Christian Göttsche New
[RFC,v3,3/5] checkpolicy: add not-self neverallow support [RFC,v3,1/5] libsepol: introduce ebitmap_relative_complement() - - - --- 2021-12-04 Christian Göttsche New
[RFC,v3,2/5] libsepol: add not-self neverallow support [RFC,v3,1/5] libsepol: introduce ebitmap_relative_complement() - - - --- 2021-12-04 Christian Göttsche New
[RFC,v3,1/5] libsepol: introduce ebitmap_relative_complement() [RFC,v3,1/5] libsepol: introduce ebitmap_relative_complement() - - - --- 2021-12-04 Christian Göttsche New
[v2,1/3] mcstrans: port to new PCRE2 from end-of-life PCRE [v2,1/3] mcstrans: port to new PCRE2 from end-of-life PCRE 1 - - --- 2021-11-30 Christian Göttsche New
[2/2] checkpolicy: warn on bogus IP address or netmask in nodecon statement [1/2] libsepol/cil: support IPv4/IPv6 address embedding - - - --- 2021-11-30 Christian Göttsche New
[1/2] libsepol/cil: support IPv4/IPv6 address embedding [1/2] libsepol/cil: support IPv4/IPv6 address embedding - - - --- 2021-11-30 Christian Göttsche New
[XSERVER,2/2] selinux: log events with appropriate audit type [XSERVER,1/2] selinux: remap security classes on policyload - - - --- 2021-11-25 Christian Göttsche New
[XSERVER,1/2] selinux: remap security classes on policyload [XSERVER,1/2] selinux: remap security classes on policyload - - - --- 2021-11-25 Christian Göttsche New
libsepol: free ebitmap on end of function libsepol: free ebitmap on end of function - - - --- 2021-11-25 Christian Göttsche New
[V2,testsuite] tests/inet_socket: Add socket transition tests [V2,testsuite] tests/inet_socket: Add socket transition tests - - - --- 2021-11-25 Richard Haines New
[RFC,v2,4/4] libsepol: free ebitmap on end of function [RFC,v2,1/4] libsepol: introduce ebitmap_subtract() - - - --- 2021-11-24 Christian Göttsche New
[RFC,v2,3/4] checkpolicy: add not-self neverallow support [RFC,v2,1/4] libsepol: introduce ebitmap_subtract() - - - --- 2021-11-24 Christian Göttsche New
[RFC,v2,2/4] libsepol: add not-self neverallow support [RFC,v2,1/4] libsepol: introduce ebitmap_subtract() - - - --- 2021-11-24 Christian Göttsche New
[RFC,v2,1/4] libsepol: introduce ebitmap_subtract() [RFC,v2,1/4] libsepol: introduce ebitmap_subtract() - - - --- 2021-11-24 Christian Göttsche New
[RFC,3/3] checkpolicy: add not-self neverallow support [RFC,1/3] libsepol: introduce ebitmap_subtract() - - - --- 2021-11-23 Christian Göttsche New
[RFC,2/3] libsepol: add not-self neverallow support [RFC,1/3] libsepol: introduce ebitmap_subtract() - - - --- 2021-11-23 Christian Göttsche New
[RFC,1/3] libsepol: introduce ebitmap_subtract() [RFC,1/3] libsepol: introduce ebitmap_subtract() - - - --- 2021-11-23 Christian Göttsche New
[3/3] Replace PCRE with PCRE2 build dependencies [1/3] mcstrans: port to new PCRE2 from end-of-life PCRE 1 - - --- 2021-11-23 Christian Göttsche New
[2/3] libselinux: use PCRE2 by default [1/3] mcstrans: port to new PCRE2 from end-of-life PCRE 1 - - --- 2021-11-23 Christian Göttsche New
[1/3] mcstrans: port to new PCRE2 from end-of-life PCRE [1/3] mcstrans: port to new PCRE2 from end-of-life PCRE - - - --- 2021-11-23 Christian Göttsche New
[2/2] dbus: Add filetrans for /tmp/dbus-* session socket [1/2] selinux: Add map perms - - - --- 2021-11-21 Jason Zaman New
[1/2] selinux: Add map perms [1/2] selinux: Add map perms - - - --- 2021-11-21 Jason Zaman New
Kernel policy language is infix Kernel policy language is infix - - - --- 2021-11-19 Topi Miettinen New
Kernel policy language is infix Kernel policy language is infix - - - --- 2021-11-19 Topi Miettinen New
ci: run the tests under ASan/UBsan on GHActions ci: run the tests under ASan/UBsan on GHActions - - - --- 2021-11-15 Evgeny Vereshchagin New
[v2] Support static-only builds [v2] Support static-only builds - - - --- 2021-11-13 Alyssa Ross New
[5/5] libsepol: Write out genfscon file type when writing out CIL policy Fix/add optional file type handling for genfscon rules - - - --- 2021-11-10 James Carter New
[4/5,v2] secilc/docs: Document the optional file type for genfscon rules Fix/add optional file type handling for genfscon rules - - - --- 2021-11-10 James Carter New
[3/5,v2] libsepol/cil: Allow optional file type in genfscon rules Fix/add optional file type handling for genfscon rules - - - --- 2021-11-10 James Carter New
[2/5,v2] libsepol/cil: Refactor filecon file type handling Fix/add optional file type handling for genfscon rules - - - --- 2021-11-10 James Carter New
[1/5,v2] libsepol: Add support for file types in writing out policy.conf Fix/add optional file type handling for genfscon rules - - - --- 2021-11-10 James Carter New
[RFC] libsepol,checkpolicy: Add netlink xperm support [RFC] libsepol,checkpolicy: Add netlink xperm support - - - --- 2021-11-10 Bram Bonné New
[RFC,v2,36/36] libsepol: validate class default targets libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,35/36] libsepol: validate fsuse types libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,34/36] libsepol: validate categories libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,33/36] libsepol: validate policy properties libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,32/36] libsepol: validate permissive types libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,31/36] libsepol: validate genfs contexts libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,30/36] libsepol: validate ocontexts libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,29/36] libsepol: validate type of avtab type rules libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,28/36] libsepol: validate constraint expression operators and attributes libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,27/36] libsepol: validate avtab and avrule types libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,26/36] libsepol: resolve log message mismatch libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,25/36] libsepol: validate permission count of classes libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,24/36] libsepol: validate expanded user range and level libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,23/36] libsepol: validate MLS levels libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,22/36] libsepol: split validation of datum array gaps and entries libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,21/36] libsepol: do not create a string list with initial size zero libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,20/36] libsepol: use correct size for initial string list libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,19/36] libsepol: do not crash on user gaps libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,18/36] libsepol: do not crash on class gaps libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,17/36] libsepol: do not underflow on short format arguments libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,16/36] libsepol: use size_t for indexes in strs helpers libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,15/36] libsepol: zero member before potential dereference libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,14/36] libsepol: reject invalid filetrans source type libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,13/36] libsepol: reject abnormal huge sid ids libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,12/36] libsepol: clean memory on conditional insertion failure libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,11/36] libsepol: enforce avtab item limit libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,10/36] libsepol: add checks for read sizes libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,09/36] libsepol: use reallocarray wrapper to avoid overflows libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,08/36] libsepol: use mallocarray wrapper to avoid overflows libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,07/36] libsepol: use logging framework in ebitmap.c libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,06/36] libsepol: use logging framework in conditional.c libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,05/36] libsepol/fuzz: limit element sizes for fuzzing libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,04/36] libsepol: add libfuzz based fuzzer for reading binary policies libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,03/36] libsepol/fuzz: silence secilc-fuzzer libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,02/36] cifuzz: use the default runtime of 600 seconds libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[RFC,v2,01/36] cifuzz: enable report-unreproducible-crashes libsepol: add fuzzer for reading binary policies - - - --- 2021-11-05 Christian Göttsche New
[4/4] libsepol: Write out genfscon file type when writing out CIL policy Fix/add optional file type handling for genfscon rules - - - --- 2021-10-27 James Carter New
[3/4] secilc/docs: Document the optional file type for genfscon rules Fix/add optional file type handling for genfscon rules - - - --- 2021-10-27 James Carter New
[2/4] libsepol/cil: Allow optional file type in genfscon rules Fix/add optional file type handling for genfscon rules - - - --- 2021-10-27 James Carter New
[1/4] libsepol: Add support for file types in writing out policy.conf Fix/add optional file type handling for genfscon rules - - - --- 2021-10-27 James Carter New
libsepol: avoid passing NULL pointer to memcpy libsepol: avoid passing NULL pointer to memcpy - - - --- 2021-10-21 Christian Göttsche New
[setools] __init__.py: Make NetworkX dep optional [setools] __init__.py: Make NetworkX dep optional - - - --- 2021-09-19 Jason Zaman New
cil_container_statements.md: clarify in-statement limitations cil_container_statements.md: clarify in-statement limitations - - - --- 2021-08-12 Dominick Grift New
libsepol regressions libsepol regressions - - - --- 2021-08-01 Dominick Grift New
[v2] libsepol/cil: move the fuzz target and build script to the selinux repository [v2] libsepol/cil: move the fuzz target and build script to the selinux repository 1 - - --- 2021-07-15 Evgeny Vereshchagin New
[2/2] README: add OSS-Fuzz/CIFuzz badges [1/2] ci: turn on CIFuzz - - - --- 2021-07-10 Evgeny Vereshchagin New
[1/2] ci: turn on CIFuzz [1/2] ci: turn on CIFuzz 1 - - --- 2021-07-10 Evgeny Vereshchagin New
[v2] checkpolicy: fix the leak memory when uses xperms [v2] checkpolicy: fix the leak memory when uses xperms - - 1 --- 2021-06-01 liwugang New
selinux: make use of variables when defining libdir and includedir selinux: make use of variables when defining libdir and includedir - - - --- 2020-07-16 W. Michael Petullo New
[v4,21/21] fuse: Allow user namespace mounts 1 - - --- 2016-04-26 Seth Forshee New
[v4,20/21] fuse: Restrict allow_other to the superblock's namespace or a descendant 2 - - --- 2016-04-26 Seth Forshee New
[v4,19/21] fuse: Support fuse filesystems outside of init_user_ns - - - --- 2016-04-26 Seth Forshee New
[v4,18/21] fuse: Add support for pid namespaces 1 - - --- 2016-04-26 Seth Forshee New
[v4,17/21] capabilities: Allow privileged user in s_user_ns to set security.* xattrs 2 - - --- 2016-04-26 Seth Forshee New
[v4,16/21] fs: Allow superblock owner to access do_remount_sb() 2 - - --- 2016-04-26 Seth Forshee New
[v4,15/21] fs: Don't remove suid for CAP_FSETID in s_user_ns 1 - - --- 2016-04-26 Seth Forshee New
[v4,14/21] fs: Allow superblock owner to change ownership of inodes with unmappable ids 1 - - --- 2016-04-26 Seth Forshee New
[v4,13/21] fs: Update posix_acl support to handle user namespace mounts 1 - - --- 2016-04-26 Seth Forshee New
[v4,12/21] fs: Refuse uid/gid changes which don't map into s_user_ns 1 - - --- 2016-04-26 Seth Forshee New
[v4,11/21] cred: Reject inodes with invalid ids in set_create_file_as() 1 - - --- 2016-04-26 Seth Forshee New
[v4,10/21] fs: Check for invalid i_uid in may_follow_link() 1 1 - --- 2016-04-26 Seth Forshee New
[v4,09/21] Smack: Handle labels consistently in untrusted mounts 1 - - --- 2016-04-26 Seth Forshee New
[v4,08/21] userns: Replace in_userns with current_in_userns 2 - - --- 2016-04-26 Seth Forshee New
[v4,07/21] selinux: Add support for unprivileged mounts from user namespaces 2 - - --- 2016-04-26 Seth Forshee New
« 1 2 »