Show patches with: Submitter = Ondrej Mosnacek       |   532 patches
« 1 2 3 45 6 »
Patch Series A/R/T S/W/F Date Submitter Delegate State
selinux,xfrm: fix dangling refcount on deferred skb free selinux,xfrm: fix dangling refcount on deferred skb free - - - --- 2024-11-06 Ondrej Mosnacek New
[testsuite] policy/test_sctp.te: add missing corenet_inout_generic_if() calls [testsuite] policy/test_sctp.te: add missing corenet_inout_generic_if() calls - - - --- 2024-11-06 Ondrej Mosnacek Accepted
[testsuite] policy/test_filesystem.te: fix policy for NFS over a symlinked directory [testsuite] policy/test_filesystem.te: fix policy for NFS over a symlinked directory 1 - - --- 2024-09-09 Ondrej Mosnacek omos Accepted
[testsuite] tests/key_socket: skip the test if CONFIG_NET_KEY is not enabled [testsuite] tests/key_socket: skip the test if CONFIG_NET_KEY is not enabled 1 - - --- 2024-08-27 Ondrej Mosnacek omos Accepted
[net] sctp: fix association labeling in the duplicate COOKIE-ECHO case [net] sctp: fix association labeling in the duplicate COOKIE-ECHO case 2 - - --- 2024-08-26 Ondrej Mosnacek pcmoore Handled Elsewhere
selinux: clarify return code in filename_trans_read_helper_compat() selinux: clarify return code in filename_trans_read_helper_compat() - - - --- 2024-04-04 Ondrej Mosnacek pcmoore Accepted
[testsuite] tests/inet_socket: test CALIPSO also with datagram protocols [testsuite] tests/inet_socket: test CALIPSO also with datagram protocols - - - --- 2024-02-12 Ondrej Mosnacek omos Accepted
[testsuite] policy: fix testsuite_domain_type_minimal() to work with rpm-ostree [testsuite] policy: fix testsuite_domain_type_minimal() to work with rpm-ostree - - - --- 2024-02-08 Ondrej Mosnacek omos Accepted
security: fix no-op hook logic in security_inode_{set,remove}xattr() security: fix no-op hook logic in security_inode_{set,remove}xattr() - - - --- 2024-01-29 Ondrej Mosnacek pcmoore Handled Elsewhere
lsm: fix default return value of the socket_getpeersec_* hooks lsm: fix default return value of the socket_getpeersec_* hooks - - - --- 2024-01-26 Ondrej Mosnacek pcmoore Handled Elsewhere
security: fix the logic in security_inode_getsecctx() security: fix the logic in security_inode_getsecctx() - 1 - --- 2024-01-26 Ondrej Mosnacek pcmoore Handled Elsewhere
[v3] selinux: introduce an initial SID for early boot processes [v3] selinux: introduce an initial SID for early boot processes - 1 1 --- 2023-11-14 Ondrej Mosnacek pcmoore Accepted
selinux: fix handling of empty opts in selinux_fs_context_submount() selinux: fix handling of empty opts in selinux_fs_context_submount() - 2 - --- 2023-09-11 Ondrej Mosnacek pcmoore Accepted
[testsuite] ci: test also on CentOS Stream 9 [testsuite] ci: test also on CentOS Stream 9 - - - --- 2023-07-25 Ondrej Mosnacek omos New
io_uring: don't audit the capability check in io_uring_create() io_uring: don't audit the capability check in io_uring_create() - 1 - --- 2023-07-18 Ondrej Mosnacek pcmoore Handled Elsewhere
[testsuite] policy: allow all test domains to search user/admin home directories [testsuite] policy: allow all test domains to search user/admin home directories - - 1 --- 2023-07-17 Ondrej Mosnacek omos Accepted
[v2] selinux: introduce an initial SID for early boot processes [v2] selinux: introduce an initial SID for early boot processes - - - --- 2023-06-20 Ondrej Mosnacek pcmoore Accepted
[testsuite] tests/inet_socket: cover the MPTCP protocol [testsuite] tests/inet_socket: cover the MPTCP protocol - - - --- 2023-06-19 Ondrej Mosnacek omos Accepted
[userspace,2/2] libsepol: add support for the new "init" initial SID Introduce an initial SID for early boot processes - - - --- 2023-06-12 Ondrej Mosnacek bachradsusi Accepted
[userspace,1/2] libsepol: stop translating deprecated intial SIDs to strings Introduce an initial SID for early boot processes 1 - - --- 2023-06-12 Ondrej Mosnacek bachradsusi Accepted
selinux: introduce an initial SID for early boot processes selinux: introduce an initial SID for early boot processes - - - --- 2023-06-12 Ondrej Mosnacek pcmoore Changes Requested
selinux: make labeled NFS work when mounted before policy load selinux: make labeled NFS work when mounted before policy load - - 1 --- 2023-05-29 Ondrej Mosnacek pcmoore Accepted
selinux: fix Makefile dependencies of flask.h selinux: fix Makefile dependencies of flask.h 1 - - --- 2023-04-12 Ondrej Mosnacek pcmoore Accepted
[userspace] scripts/ci: install rdma-core-devel for selinux-testsuite [userspace] scripts/ci: install rdma-core-devel for selinux-testsuite 1 - - --- 2023-03-20 Ondrej Mosnacek omos Accepted
[testsuite] tests/atsecure: avoid running bash under test domains [testsuite] tests/atsecure: avoid running bash under test domains - - - --- 2023-03-14 Ondrej Mosnacek omos Accepted
[userspace] libsemanage: include more parameters in the module checksum [userspace] libsemanage: include more parameters in the module checksum 1 - - --- 2023-03-09 Ondrej Mosnacek bachradsusi Accepted
[testsuite,3/3] tests/infiniband*: simplify test activation Infiniband test fixes/improvements - - - --- 2023-03-03 Ondrej Mosnacek omos Accepted
[testsuite,2/3] policy: allow test_ibpkey_access_t to use RDMA netlink sockets Infiniband test fixes/improvements - - - --- 2023-03-03 Ondrej Mosnacek omos Accepted
[testsuite,1/3] policy: make sure test_ibpkey_access_t can lock enough memory Infiniband test fixes/improvements - - - --- 2023-03-03 Ondrej Mosnacek omos Accepted
[testsuite] tests/file: make the SIGIO tests work with CONFIG_LEGACY_TIOCSTI=n [testsuite] tests/file: make the SIGIO tests work with CONFIG_LEGACY_TIOCSTI=n - 1 - --- 2023-03-01 Ondrej Mosnacek omos Accepted
[testsuite,3/3] tests/infiniband*: simplify test activation Infiniband test fixes/improvements - - - --- 2023-02-28 Ondrej Mosnacek omos Superseded
[testsuite,2/3] policy: allow test_ibpkey_access_t to use RDMA netlink sockets Infiniband test fixes/improvements - - - --- 2023-02-28 Ondrej Mosnacek omos Superseded
[testsuite,1/3] policy: make sure test_ibpkey_access_t can lock enough memory Infiniband test fixes/improvements - - - --- 2023-02-28 Ondrej Mosnacek omos Superseded
[v2] kernel/sys.c: fix and improve control flow in __sys_setres[ug]id() [v2] kernel/sys.c: fix and improve control flow in __sys_setres[ug]id() - - - --- 2023-02-17 Ondrej Mosnacek pcmoore Handled Elsewhere
selinux: allow to opt-out from skipping kernel sockets in sock_has_perm() selinux: allow to opt-out from skipping kernel sockets in sock_has_perm() - - - --- 2023-02-15 Ondrej Mosnacek pcmoore Rejected
kernel/sys.c: fix and improve control flow in __sys_setres[ug]id() kernel/sys.c: fix and improve control flow in __sys_setres[ug]id() - - - --- 2023-02-15 Ondrej Mosnacek pcmoore Handled Elsewhere
[testsuite] tests/filesystem: use native quota support for ext4 [testsuite] tests/filesystem: use native quota support for ext4 - - - --- 2023-01-10 Ondrej Mosnacek omos Accepted
[testsuite] tests/keys: remove extraneous zero byte from the DH prime [testsuite] tests/keys: remove extraneous zero byte from the DH prime - - - --- 2023-01-09 Ondrej Mosnacek omos Accepted
[RESEND,2/2] selinux: provide matching audit timestamp in the AVC trace event Provide matching audit timestamp in the SELinux AVC trace event - - - --- 2022-12-19 Ondrej Mosnacek pcmoore Rejected
[RESEND,1/2] audit: introduce a struct to represent an audit timestamp Provide matching audit timestamp in the SELinux AVC trace event - - - --- 2022-12-19 Ondrej Mosnacek pcmoore Rejected
[1/2] audit: introduce a struct to represent an audit timestamp Provide matching audit timestamp in the SELinux AVC trace event - - - --- 2022-12-19 Ondrej Mosnacek Superseded
[testsuite] policy: allow user_namespace::create where appropriate [testsuite] policy: allow user_namespace::create where appropriate - - - --- 2022-12-09 Ondrej Mosnacek omos Accepted
[testsuite,4/4] ci: bump Fedora versions Bump Fedora versions in CI - - - --- 2022-12-08 Ondrej Mosnacek omos Accepted
[testsuite,3/4] tests/execshare: remove special cases for arcane architectures Bump Fedora versions in CI - - - --- 2022-12-08 Ondrej Mosnacek omos Accepted
[testsuite,2/4] tests: use correct type for context string variables Bump Fedora versions in CI - - - --- 2022-12-08 Ondrej Mosnacek omos Accepted
[testsuite,1/4] tests: adapt style to new perltidy Bump Fedora versions in CI - - - --- 2022-12-08 Ondrej Mosnacek omos Accepted
[v2] fs: don't audit the capability check in simple_xattr_list() [v2] fs: don't audit the capability check in simple_xattr_list() - 2 - --- 2022-11-03 Ondrej Mosnacek pcmoore Handled Elsewhere
[userspace] fixfiles: do not cross mounts when traversing directories [userspace] fixfiles: do not cross mounts when traversing directories - - - --- 2022-09-19 Ondrej Mosnacek Rejected
[testsuite] tests/Makefile: add missing condition for userfaultfd test [testsuite] tests/Makefile: add missing condition for userfaultfd test - - - --- 2022-09-02 Ondrej Mosnacek omos Accepted
[2/2] fs: don't call capable() prematurely in simple_xattr_list() fs: fix capable() call in simple_xattr_list() - - - --- 2022-09-01 Ondrej Mosnacek pcmoore Handled Elsewhere
[1/2] fs: convert simple_xattrs to RCU list fs: fix capable() call in simple_xattr_list() - - - --- 2022-09-01 Ondrej Mosnacek pcmoore Handled Elsewhere
[testsuite] tests: remove more stray flag/temporary files with 'make clean' [testsuite] tests: remove more stray flag/temporary files with 'make clean' - - - --- 2022-08-26 Ondrej Mosnacek omos Accepted
[testsuite,2/2] test_userfaultfd.te: adapt to upcoming Fedora policy changes Prepare userfaultfd policy for Fedora policy changes - 1 - --- 2022-08-24 Ondrej Mosnacek omos Accepted
[testsuite,1/2] policy: remove CIL workarounds for missing anon_inode class Prepare userfaultfd policy for Fedora policy changes - - - --- 2022-08-24 Ondrej Mosnacek omos Accepted
selinux: add a new warn_on_audited debug flag to selinuxfs selinux: add a new warn_on_audited debug flag to selinuxfs - - - --- 2022-08-08 Ondrej Mosnacek pcmoore Rejected
[testsuite,24/24] ci: add sysadm_t to the test matrix Clean up testsuite policy and support running as sysadm_t - - - --- 2022-07-29 Ondrej Mosnacek omos Superseded
[testsuite,23/24] tests/vsock_socket: use modprobe to check vsock availability Clean up testsuite policy and support running as sysadm_t - - - --- 2022-07-29 Ondrej Mosnacek omos Superseded
[testsuite,22/24] policy: give sysadm_t perms needed to run quotacheck(8) Clean up testsuite policy and support running as sysadm_t - - - --- 2022-07-29 Ondrej Mosnacek omos Superseded
[testsuite,21/24] tests/overlay: don't hard-code SELinux user of the caller Clean up testsuite policy and support running as sysadm_t - - - --- 2022-07-29 Ondrej Mosnacek omos Superseded
[testsuite,20/24] tests/binder: check only the type part of the context Clean up testsuite policy and support running as sysadm_t - - - --- 2022-07-29 Ondrej Mosnacek omos Superseded
[testsuite,19/24] ci: check for unconfined_t AVCs Clean up testsuite policy and support running as sysadm_t - - - --- 2022-07-29 Ondrej Mosnacek omos Superseded
[testsuite,18/24] policy: don't audit testsuite programs searching the caller's keys Clean up testsuite policy and support running as sysadm_t - - - --- 2022-07-29 Ondrej Mosnacek omos Superseded
[testsuite,17/24] test_general.te: generalize the dontaudit rule Clean up testsuite policy and support running as sysadm_t - - - --- 2022-07-29 Ondrej Mosnacek omos Superseded
[testsuite,16/24] policy: remove last hardcoded references to unconfined_t Clean up testsuite policy and support running as sysadm_t - - - --- 2022-07-29 Ondrej Mosnacek omos Superseded
[testsuite,15/24] tests/*filesystem: remove weird uses of unconfined_t Clean up testsuite policy and support running as sysadm_t - - - --- 2022-07-29 Ondrej Mosnacek omos Superseded
[testsuite,14/24] tests/nnp_nosuid: avoid hardcoding unconfined_t in the policy Clean up testsuite policy and support running as sysadm_t - - - --- 2022-07-29 Ondrej Mosnacek omos Superseded
[testsuite,13/24] test_filesystem.te: remove suspicious rules Clean up testsuite policy and support running as sysadm_t - - - --- 2022-07-29 Ondrej Mosnacek omos Superseded
[testsuite,12/24] test_filesystem.te: remove redundant dontaudit rules Clean up testsuite policy and support running as sysadm_t - - - --- 2022-07-29 Ondrej Mosnacek omos Superseded
[testsuite,11/24] test_general.te: move sysadm-related rules into an optional block Clean up testsuite policy and support running as sysadm_t - - - --- 2022-07-29 Ondrej Mosnacek omos Superseded
[testsuite,10/24] policy: substitute userdom_sysadm_entry_spec_domtrans_to() Clean up testsuite policy and support running as sysadm_t - - - --- 2022-07-29 Ondrej Mosnacek omos Superseded
[testsuite,09/24] policy: move miscfiles_domain_entry_test_files() to general policy Clean up testsuite policy and support running as sysadm_t - - - --- 2022-07-29 Ondrej Mosnacek omos Superseded
[testsuite,08/24] policy: move userdom_sysadm_entry_spec_domtrans_to() to general policy Clean up testsuite policy and support running as sysadm_t - - - --- 2022-07-29 Ondrej Mosnacek omos Superseded
[testsuite,07/24] policy: move unconfined_t-related dontaudit rule to where it fits better Clean up testsuite policy and support running as sysadm_t - - - --- 2022-07-29 Ondrej Mosnacek omos Superseded
[testsuite,06/24] test_policy.if: remove weird rule from testsuite_domain_type_minimal() Clean up testsuite policy and support running as sysadm_t - - - --- 2022-07-29 Ondrej Mosnacek omos Superseded
[testsuite,03/24] test_global.te: don't add domains to system_r Clean up testsuite policy and support running as sysadm_t - - - --- 2022-07-29 Ondrej Mosnacek omos Superseded
[testsuite,02/24] test_global.te: remove unused role require Clean up testsuite policy and support running as sysadm_t - - - --- 2022-07-29 Ondrej Mosnacek omos Superseded
[testsuite,01/24] keys: change test_newcon_key_t to be just an object context Clean up testsuite policy and support running as sysadm_t - - - --- 2022-07-29 Ondrej Mosnacek omos Superseded
[testsuite] tests/module_load: detect the linker to use for module build [testsuite] tests/module_load: detect the linker to use for module build - - - --- 2022-07-18 Ondrej Mosnacek omos Accepted
[RFC,RESEND] userfaultfd: open userfaultfds with O_RDONLY [RFC,RESEND] userfaultfd: open userfaultfds with O_RDONLY 2 - - --- 2022-07-08 Ondrej Mosnacek pcmoore Handled Elsewhere
[testsuite,2/2] tests/keys: fix Makefile dependencies Make the keys test pass in FIPS mode - - - --- 2022-06-28 Ondrej Mosnacek omos Accepted
[testsuite,1/2] tests/keys: use a longer prime in DH params Make the keys test pass in FIPS mode - - - --- 2022-06-28 Ondrej Mosnacek omos Accepted
[userspace,2/2] semodule: rename --rebuild-if-modules-changed to --refresh Refine semantics of libsemanage's check_ext_changes - - - --- 2022-06-08 Ondrej Mosnacek Accepted
[userspace,1/2] libsemanage: always write kernel policy when check_ext_changes is specified Refine semantics of libsemanage's check_ext_changes 1 - - --- 2022-06-08 Ondrej Mosnacek Accepted
[testsuite] tests/sctp: temporarily disable ASCONF tests [testsuite] tests/sctp: temporarily disable ASCONF tests - - - --- 2022-06-02 Ondrej Mosnacek omos Accepted
selinux: fix bad cleanup on error in hashtab_duplicate() selinux: fix bad cleanup on error in hashtab_duplicate() - - - --- 2022-05-17 Ondrej Mosnacek pcmoore Accepted
[userspace,v4,2/2] libsepol,checkpolicy: add support for self keyword in type transitions Support the 'self' keyword in type transitions - - - --- 2022-05-13 Ondrej Mosnacek Accepted
[userspace,v4,1/2] libsepol/cil: add support for self keyword in type transitions Support the 'self' keyword in type transitions - - - --- 2022-05-13 Ondrej Mosnacek Accepted
[userspace,v3,2/2] libsepol,checkpolicy: add support for self keyword in type transitions Support the 'self' keyword in type transitions - - - --- 2022-05-10 Ondrej Mosnacek Accepted
[userspace,v3,1/2] libsepol/cil: add support for self keyword in type transitions Support the 'self' keyword in type transitions - - - --- 2022-05-10 Ondrej Mosnacek Accepted
[userspace,v2,2/2] libsepol,checkpolicy: add support for self keyword in type transitions Support the 'self' keyword in type transitions - - - --- 2022-04-26 Ondrej Mosnacek Accepted
[userspace,v2,1/2] libsepol/cil: add support for self keyword in type transitions Support the 'self' keyword in type transitions - - - --- 2022-04-26 Ondrej Mosnacek Accepted
[userspace,2/2] libsepol,checkpolicy: add support for self keyword in type transitions Support the 'self' keyword in type transitions - - - --- 2022-04-22 Ondrej Mosnacek Superseded
[userspace,1/2] libsepol/cil: add support for self keyword in type transitions Support the 'self' keyword in type transitions - - - --- 2022-04-22 Ondrej Mosnacek Superseded
[testsuite,2/2] tests/ioctl: adjust size of variable passed to ioctl(2) FIOQSIZE followup fixes - - - --- 2022-04-21 Ondrej Mosnacek omos Accepted
[testsuite,1/2] policy/test_ioctl_xperms.te: add ioctl numbers for other arches FIOQSIZE followup fixes - - - --- 2022-04-21 Ondrej Mosnacek omos Accepted
[testsuite,2/2] tests: check more thoroughly for SCTP support Make SCTP and Bluetooth support optional - - - --- 2022-04-13 Ondrej Mosnacek omos Accepted
[testsuite,1/2] tests/extended_socket_class: make Bluetooth support optional Make SCTP and Bluetooth support optional - - - --- 2022-04-13 Ondrej Mosnacek omos Accepted
[testsuite,v4] tests/sctp: add client peeloff tests [testsuite,v4] tests/sctp: add client peeloff tests - - 1 --- 2022-04-13 Ondrej Mosnacek omos Accepted
selinux: fix misuse of mutex_is_locked() selinux: fix misuse of mutex_is_locked() - - - --- 2022-02-21 Ondrej Mosnacek pcmoore Accepted
[testsuite] tests/bpf: use new API if version >= 0.6 [testsuite] tests/bpf: use new API if version >= 0.6 - - - --- 2022-02-18 Ondrej Mosnacek Accepted
« 1 2 3 45 6 »