Show patches with: State = Action Required       |   181 patches
« 1 2 »
Patch Series A/R/T S/W/F Date Submitter Delegate State
libselinux: Cached security context not accurate libselinux: Cached security context not accurate - - - --- 2022-01-21 Johannes Segitz New
[libselinux] libselinux: make threadsafe for discover_class_cache [libselinux] libselinux: make threadsafe for discover_class_cache - - - --- 2022-01-20 Purushottam Choudhary New
[4/4,v2] libsepol/cil: Limit the amount of reporting for context rule conflicts libsepol/cil: Limit certain error and warning reports - - - --- 2022-01-19 James Carter New
[3/4,v2] libsepol/cil: Limit the neverallow violations reported libsepol/cil: Limit certain error and warning reports - - - --- 2022-01-19 James Carter New
[2/4,v2] libsepol/cil: Provide more control over reporting bounds failures libsepol/cil: Limit certain error and warning reports - - - --- 2022-01-19 James Carter New
[1/4,v2] libsepol/cil: Add cil_get_log_level() function libsepol/cil: Limit certain error and warning reports - - - --- 2022-01-19 James Carter New
libsepol: drop trailing newlines in log messages libsepol: drop trailing newlines in log messages - - - --- 2022-01-19 Christian Göttsche New
libsepol: return failure on saturated class name length libsepol: return failure on saturated class name length - - - --- 2022-01-19 Christian Göttsche New
libsepol: reject invalid roles before inverting libsepol: reject invalid roles before inverting - - - --- 2022-01-17 Christian Göttsche New
[2/2] libsepol/cil: Limit the amount of reporting for context rule conflicts [1/2] libsepol/cil: Limit the amount of reporting for neverallow violations - - - --- 2022-01-14 James Carter New
[1/2] libsepol/cil: Limit the amount of reporting for neverallow violations [1/2] libsepol/cil: Limit the amount of reporting for neverallow violations - - - --- 2022-01-14 James Carter New
libselinux: Strip spaces before values in config libselinux: Strip spaces before values in config - - - --- 2022-01-13 Vit Mojzis New
libsepol/cil: Ensure that the class in a classcommon is a kernel class libsepol/cil: Ensure that the class in a classcommon is a kernel class - - - --- 2022-01-13 James Carter New
[RFC,userspace,5/5] semodule: add command-line option to detect module changes Allow rebuilding policy store only if there were external changes to modules - - - --- 2022-01-13 Ondrej Mosnacek New
[RFC,userspace,4/5] libsemanage: optionally rebuild policy when modules are changed externally Allow rebuilding policy store only if there were external changes to modules - - - --- 2022-01-13 Ondrej Mosnacek New
[RFC,userspace,3/5] libsemanage: move compressed file handling into a separate object Allow rebuilding policy store only if there were external changes to modules - - - --- 2022-01-13 Ondrej Mosnacek New
[RFC,userspace,2/5] semodule,libsemanage: move module hashing into libsemanage Allow rebuilding policy store only if there were external changes to modules - - - --- 2022-01-13 Ondrej Mosnacek New
[RFC,userspace,1/5] libsemanage: add missing include to boolean_record.c Allow rebuilding policy store only if there were external changes to modules - - - --- 2022-01-13 Ondrej Mosnacek New
[2/2,RFC] libsepol/cil: Add notself and minusself support to CIL libsepol: Adding support for not-self rules - - - --- 2022-01-11 James Carter New
[1/2,RFC] libsepol: Add not self support for neverallow rules libsepol: Adding support for not-self rules - - - --- 2022-01-11 James Carter New
[16/16,v2] libsepol: Fix two problems with neverallowxperm reporting Refactor and fix assertion checking - - - --- 2022-01-11 James Carter New
[15/16,v2] libsepol: Set args avtab pointer when reporting assertion violations Refactor and fix assertion checking - - - --- 2022-01-11 James Carter New
[14/16,v2] libsepol: The src and tgt must be the same if neverallow uses self Refactor and fix assertion checking - - - --- 2022-01-11 James Carter New
[13/16,v2] libsepol: Make return value clearer when reporting neverallowx errors Refactor and fix assertion checking - - - --- 2022-01-11 James Carter New
[12/16,v2] libsepol: Refactor match_any_class_permissions() to be clearer Refactor and fix assertion checking - - - --- 2022-01-11 James Carter New
[11/16,v2] libsepol: Make use of previously created ebitmap when checking self Refactor and fix assertion checking - - - --- 2022-01-11 James Carter New
[10/16,v2] libsepol: Move assigning outer loop index out of inner loop Refactor and fix assertion checking - - - --- 2022-01-11 James Carter New
[09/16,v2] libsepol: Remove unnessesary check for matching class Refactor and fix assertion checking - - - --- 2022-01-11 James Carter New
[08/16,v2] libsepol: Use (rc < 0) instead of (rc) when calling ebitmap functions Refactor and fix assertion checking - - - --- 2022-01-11 James Carter New
[07/16,v2] libsepol: Create function check_assertion_self_match() and use it Refactor and fix assertion checking - - - --- 2022-01-11 James Carter New
[06/16,v2] libsepol: Move check of target types to before check for self Refactor and fix assertion checking - - - --- 2022-01-11 James Carter New
[05/16,v2] libsepol: Use consistent return checking style Refactor and fix assertion checking - - - --- 2022-01-11 James Carter New
[04/16,v2] libsepol: Check for error from check_assertion_extended_permissions() Refactor and fix assertion checking - - - --- 2022-01-11 James Carter New
[03/16,v2] libsepol: Remove uneeded error messages in assertion checking Refactor and fix assertion checking - - - --- 2022-01-11 James Carter New
[02/16,v2] libsepol: Change label in check_assertion_avtab_match() Refactor and fix assertion checking - - - --- 2022-01-11 James Carter New
[01/16,v2] libsepol: Return an error if check_assertion() returns an error. Refactor and fix assertion checking - - - --- 2022-01-11 James Carter New
[v2] libsepol: handle type gaps [v2] libsepol: handle type gaps - - - --- 2022-01-06 Christian Göttsche New
[3/3] libsepol/cil: Do not resolve names to declarations in abstract blocks [1/3] libsepol/cil: Do not copy blockabstracts when inheriting a block - - - --- 2022-01-05 James Carter New
[2/3] libsepol/cil: Mark as abstract all sub-blocks of an abstract block [1/3] libsepol/cil: Do not copy blockabstracts when inheriting a block - - - --- 2022-01-05 James Carter New
[1/3] libsepol/cil: Do not copy blockabstracts when inheriting a block [1/3] libsepol/cil: Do not copy blockabstracts when inheriting a block - - - --- 2022-01-05 James Carter New
libsepol: handle type gaps when optimizing libsepol: handle type gaps when optimizing - - - --- 2021-12-23 Christian Göttsche New
[v2] secilc: kernel policy language is infix [v2] secilc: kernel policy language is infix - - - --- 2021-12-12 Topi Miettinen New
[RFC,v3,5/5] libsepol: pass avtab to report function [RFC,v3,1/5] libsepol: introduce ebitmap_relative_complement() - - - --- 2021-12-04 Christian Göttsche New
[RFC,v3,4/5] libsepol: free ebitmap on end of function [RFC,v3,1/5] libsepol: introduce ebitmap_relative_complement() - - - --- 2021-12-04 Christian Göttsche New
[RFC,v3,3/5] checkpolicy: add not-self neverallow support [RFC,v3,1/5] libsepol: introduce ebitmap_relative_complement() - - - --- 2021-12-04 Christian Göttsche New
[RFC,v3,2/5] libsepol: add not-self neverallow support [RFC,v3,1/5] libsepol: introduce ebitmap_relative_complement() - - - --- 2021-12-04 Christian Göttsche New
[RFC,v3,1/5] libsepol: introduce ebitmap_relative_complement() [RFC,v3,1/5] libsepol: introduce ebitmap_relative_complement() - - - --- 2021-12-04 Christian Göttsche New
[XSERVER,2/2] selinux: log events with appropriate audit type [XSERVER,1/2] selinux: remap security classes on policyload - - - --- 2021-11-25 Christian Göttsche New
[XSERVER,1/2] selinux: remap security classes on policyload [XSERVER,1/2] selinux: remap security classes on policyload - - - --- 2021-11-25 Christian Göttsche New
libsepol: free ebitmap on end of function libsepol: free ebitmap on end of function - - - --- 2021-11-25 Christian Göttsche New
[RFC,v2,4/4] libsepol: free ebitmap on end of function [RFC,v2,1/4] libsepol: introduce ebitmap_subtract() - - - --- 2021-11-24 Christian Göttsche New
[RFC,v2,3/4] checkpolicy: add not-self neverallow support [RFC,v2,1/4] libsepol: introduce ebitmap_subtract() - - - --- 2021-11-24 Christian Göttsche New
[RFC,v2,2/4] libsepol: add not-self neverallow support [RFC,v2,1/4] libsepol: introduce ebitmap_subtract() - - - --- 2021-11-24 Christian Göttsche New
[RFC,v2,1/4] libsepol: introduce ebitmap_subtract() [RFC,v2,1/4] libsepol: introduce ebitmap_subtract() - - - --- 2021-11-24 Christian Göttsche New
[RFC,3/3] checkpolicy: add not-self neverallow support [RFC,1/3] libsepol: introduce ebitmap_subtract() - - - --- 2021-11-23 Christian Göttsche New
[RFC,2/3] libsepol: add not-self neverallow support [RFC,1/3] libsepol: introduce ebitmap_subtract() - - - --- 2021-11-23 Christian Göttsche New
[RFC,1/3] libsepol: introduce ebitmap_subtract() [RFC,1/3] libsepol: introduce ebitmap_subtract() - - - --- 2021-11-23 Christian Göttsche New
[2/2] dbus: Add filetrans for /tmp/dbus-* session socket [1/2] selinux: Add map perms - - - --- 2021-11-21 Jason Zaman New
[1/2] selinux: Add map perms [1/2] selinux: Add map perms - - - --- 2021-11-21 Jason Zaman New
Kernel policy language is infix Kernel policy language is infix - - - --- 2021-11-19 Topi Miettinen New
Kernel policy language is infix Kernel policy language is infix - - - --- 2021-11-19 Topi Miettinen New
[v2] Support static-only builds [v2] Support static-only builds - - - --- 2021-11-13 Alyssa Ross New
[RFC] libsepol,checkpolicy: Add netlink xperm support [RFC] libsepol,checkpolicy: Add netlink xperm support - - - --- 2021-11-10 Bram Bonné New
[v2] checkpolicy: fix the leak memory when uses xperms [v2] checkpolicy: fix the leak memory when uses xperms - - 1 --- 2021-06-01 liwugang New
selinux: make use of variables when defining libdir and includedir selinux: make use of variables when defining libdir and includedir - - - --- 2020-07-16 W. Michael Petullo New
[v4,21/21] fuse: Allow user namespace mounts 1 - - --- 2016-04-26 Seth Forshee New
[v4,20/21] fuse: Restrict allow_other to the superblock's namespace or a descendant 2 - - --- 2016-04-26 Seth Forshee New
[v4,19/21] fuse: Support fuse filesystems outside of init_user_ns - - - --- 2016-04-26 Seth Forshee New
[v4,18/21] fuse: Add support for pid namespaces 1 - - --- 2016-04-26 Seth Forshee New
[v4,17/21] capabilities: Allow privileged user in s_user_ns to set security.* xattrs 2 - - --- 2016-04-26 Seth Forshee New
[v4,16/21] fs: Allow superblock owner to access do_remount_sb() 2 - - --- 2016-04-26 Seth Forshee New
[v4,15/21] fs: Don't remove suid for CAP_FSETID in s_user_ns 1 - - --- 2016-04-26 Seth Forshee New
[v4,14/21] fs: Allow superblock owner to change ownership of inodes with unmappable ids 1 - - --- 2016-04-26 Seth Forshee New
[v4,13/21] fs: Update posix_acl support to handle user namespace mounts 1 - - --- 2016-04-26 Seth Forshee New
[v4,12/21] fs: Refuse uid/gid changes which don't map into s_user_ns 1 - - --- 2016-04-26 Seth Forshee New
[v4,11/21] cred: Reject inodes with invalid ids in set_create_file_as() 1 - - --- 2016-04-26 Seth Forshee New
[v4,10/21] fs: Check for invalid i_uid in may_follow_link() 1 1 - --- 2016-04-26 Seth Forshee New
[v4,09/21] Smack: Handle labels consistently in untrusted mounts 1 - - --- 2016-04-26 Seth Forshee New
[v4,08/21] userns: Replace in_userns with current_in_userns 2 - - --- 2016-04-26 Seth Forshee New
[v4,07/21] selinux: Add support for unprivileged mounts from user namespaces 2 - - --- 2016-04-26 Seth Forshee New
[v4,06/21] fs: Treat foreign mounts as nosuid 2 - - --- 2016-04-26 Seth Forshee New
[v4,05/21] block_dev: Check permissions towards block device inode when mounting 1 - - --- 2016-04-26 Seth Forshee New
[v4,04/21] block_dev: Support checking inode permissions in lookup_bdev() 1 - - --- 2016-04-26 Seth Forshee New
[v4,03/21] fs: Allow sysfs and cgroupfs to share super blocks between user namespaces 1 - - --- 2016-04-26 Seth Forshee New
[v4,02/21] fs: Remove check of s_user_ns for existing mounts in fs_fully_visible() - - - --- 2016-04-26 Seth Forshee New
[v4,01/21] fs: fix a posible leak of allocated superblock 1 - - --- 2016-04-26 Seth Forshee New
[v4,19/21] fuse: Support fuse filesystems outside of init_user_ns - - - --- 2016-04-26 Seth Forshee New
[v4,18/21] fuse: Add support for pid namespaces 1 - - --- 2016-04-26 Seth Forshee New
[v4,16/21] fs: Allow superblock owner to access do_remount_sb() 2 - - --- 2016-04-26 Seth Forshee New
[v4,14/21] fs: Allow superblock owner to change ownership of inodes with unmappable ids 1 - - --- 2016-04-26 Seth Forshee New
[v4,13/21] fs: Update posix_acl support to handle user namespace mounts 1 - - --- 2016-04-26 Seth Forshee New
[v4,11/21] cred: Reject inodes with invalid ids in set_create_file_as() 1 - - --- 2016-04-26 Seth Forshee New
[v4,10/21] fs: Check for invalid i_uid in may_follow_link() 1 - - --- 2016-04-26 Seth Forshee New
[v4,08/21] userns: Replace in_userns with current_in_userns 2 - - --- 2016-04-26 Seth Forshee New
[v4,04/21] block_dev: Support checking inode permissions in lookup_bdev() 1 - - --- 2016-04-26 Seth Forshee New
[v4,02/21] fs: Remove check of s_user_ns for existing mounts in fs_fully_visible() - - - --- 2016-04-26 Seth Forshee New
[testsuite] tests/binder: Build only for 4.11 and later kernels [testsuite] tests/binder: Build only for 4.11 and later kernels - - - --- 2022-01-13 GONG, Ruiqi omos New
[V2,testsuite] tests/inet_socket: Add socket transition tests [V2,testsuite] tests/inet_socket: Add socket transition tests - - - --- 2021-11-25 Richard Haines omos New
[testsuite] tests/inet_socket: Add socket transition tests [testsuite] tests/inet_socket: Add socket transition tests - - - --- 2021-11-17 Richard Haines omos New
[RFC,1/1] testsuite sctp: Add tests for sctp_socket transition rules selinux-testsuite: Add tests for sctp_socket transition rules - - - --- 2021-11-07 Richard Haines omos New
« 1 2 »