Show patches with: Archived = No       |   9250 patches
« 1 2 ... 90 91 92 93 »
Patch Series A/R/T S/W/F Date Submitter Delegate State
[2/2] libsepol: fix type bounds checking for attributes - - - --- 2016-04-28 Stephen Smalley Not Applicable
[1/2] libsepol: Only apply bounds checking to source types in rules - - - --- 2016-04-28 Stephen Smalley Not Applicable
selinux: Build policy on systems not supporting DCCP protocol - - - --- 2016-04-24 Richard Haines Accepted
[v2,8/8] genhomedircon: fix FALLBACK_NAME regex - - - --- 2016-04-23 Jason Zaman Superseded
[v2,7/8] genhomedircon: write contexts for username and userid - - - --- 2016-04-23 Jason Zaman Superseded
[v2,6/8] genhomedircon: make USERID, USERNAME context lists - - - --- 2016-04-23 Jason Zaman Superseded
[v2,5/8] genhomedircon: Add uid and gid to struct user_entry - - - --- 2016-04-23 Jason Zaman Superseded
[v2,4/8] genhomedircon: make all write context funcs take user_entry struct - - - --- 2016-04-23 Jason Zaman Superseded
[v2,3/8] genhomedircon: rename FALLBACK #defines consistent with struct - - - --- 2016-04-23 Jason Zaman Superseded
[v2,2/8] genhomedircon: move fallback user to genhomedircon_user_entry_t - - - --- 2016-04-23 Jason Zaman Superseded
[v2,1/8] genhomedircon: factor out common replacement code - - - --- 2016-04-23 Jason Zaman Superseded
[v3,21/21] fuse: Allow user namespace mounts - - - --- 2016-04-22 Seth Forshee Superseded
[v3,18/21] fuse: Add support for pid namespaces - - - --- 2016-04-22 Seth Forshee Superseded
[v3,17/21] capabilities: Allow privileged user in s_user_ns to set security.* xattrs - - - --- 2016-04-22 Seth Forshee Superseded
[v3,16/21] fs: Allow superblock owner to access do_remount_sb() - - - --- 2016-04-22 Seth Forshee Superseded
[v3,14/21] fs: Allow superblock owner to change ownership of inodes with unmappable ids - - - --- 2016-04-22 Seth Forshee Superseded
[v3,13/21] fs: Update posix_acl support to handle user namespace mounts - - - --- 2016-04-22 Seth Forshee Superseded
[v3,12/21] fs: Refuse uid/gid changes which don't map into s_user_ns - - - --- 2016-04-22 Seth Forshee Superseded
[v3,11/21] cred: Reject inodes with invalid ids in set_create_file_as() - - - --- 2016-04-22 Seth Forshee Superseded
[v3,10/21] fs: Check for invalid i_uid in may_follow_link() - - - --- 2016-04-22 Seth Forshee Superseded
[v3,09/21] Smack: Handle labels consistently in untrusted mounts - - - --- 2016-04-22 Seth Forshee Superseded
[v3,08/21] userns: Replace in_userns with current_in_userns - - - --- 2016-04-22 Seth Forshee Superseded
[v3,07/21] selinux: Add support for unprivileged mounts from user namespaces - - - --- 2016-04-22 Seth Forshee Superseded
[v3,06/21] fs: Treat foreign mounts as nosuid - - - --- 2016-04-22 Seth Forshee Superseded
[v3,04/21] block_dev: Support checking inode permissions in lookup_bdev() - - - --- 2016-04-22 Seth Forshee Superseded
[v3,03/21] fs: Allow sysfs and cgroupfs to share super blocks between user namespaces - - - --- 2016-04-22 Seth Forshee Superseded
[v3,02/21] fs: Remove check of s_user_ns for existing mounts in fs_fully_visible() - - - --- 2016-04-22 Seth Forshee Superseded
[v3,01/21] fs: fix a posible leak of allocated superblock - - - --- 2016-04-22 Seth Forshee Superseded
Fix extended permissions neverallow checking - - - --- 2016-04-20 Jeffrey Vander Stoep Accepted
selinux: check ss_initialized before revalidating an inode label - - - --- 2016-04-19 Paul Moore Accepted
selinux: delay inode label lookup as long as possible - - - --- 2016-04-19 Paul Moore Accepted
selinux: don't revalidate an inode's label when explicitly setting it - - - --- 2016-04-19 Paul Moore Accepted
[6/6] libsepol: When generating CIL use HLL line mark for neverallows - - - --- 2016-04-19 James Carter Rejected
[5/6] libsepol/cil: Remove path field from cil_tree_node struct - - - --- 2016-04-19 James Carter Rejected
[4/6] libsepol/cil: Replace cil_log() calls with cil_tree_log() - - - --- 2016-04-19 James Carter Rejected
[3/6] libsepol/cil: Add cil_tree_log() and supporting functions - - - --- 2016-04-19 James Carter Rejected
[2/6] libsepol/cil: Store CIL filename in parse tree and AST - - - --- 2016-04-19 James Carter Rejected
[1/6] libsepol/cil: Add high-level language line marking support - - - --- 2016-04-19 James Carter Rejected
security/selinux: Change bool variable name to index. - - - --- 2016-04-14 Prarit Bhargava Accepted
[RFC] selinux: always return a value from the netport/netnode/netif caches - - - --- 2016-04-13 Paul Moore Rejected
[3/3] libsepol/cil: Cleanup neverallow checking and fail if bounds checking fails - - - --- 2016-04-13 James Carter Accepted
[2/3] libsepol/cil: Improve type bounds check reporting - - - --- 2016-04-13 James Carter Accepted
[1/3] libsepol/cil: Fixed bug in cil_type_match_any() - - - --- 2016-04-13 James Carter Accepted
fixfiles: make sure $LOGFILE starts with a slash - - - --- 2016-04-12 Oskari Saarenmaa Not Applicable
selinux-testsuite: Update README - - - --- 2016-04-12 Stephen Smalley Accepted
libselinux: Fix typo in sefcontext_compile.8 - - - --- 2016-04-12 Petr Lautrbach Accepted
selinux: apply execstack check on thread stacks - - - --- 2016-04-08 Stephen Smalley Accepted
selinux: distinguish non-init user namespace capability checks - - - --- 2016-04-08 Stephen Smalley Accepted
[7/7] genhomedircon: write contexts for username and userid - - - --- 2016-04-08 Jason Zaman Superseded
[6/7] genhomedircon: make USERID, USERNAME context lists - - - --- 2016-04-08 Jason Zaman Superseded
[5/7] genhomedircon: Add uid and gid to struct user_entry - - - --- 2016-04-08 Jason Zaman Superseded
[4/7] genhomedircon: make all write context funcs take user_entry struct - - - --- 2016-04-08 Jason Zaman Superseded
[3/7] genhomedircon: rename FALLBACK #defines consistent with struct - - - --- 2016-04-08 Jason Zaman Superseded
[2/7] genhomedircon: move fallback user to genhomedircon_user_entry_t - - - --- 2016-04-08 Jason Zaman Superseded
[1/7] genhomedircon: factor out common replacement code - - - --- 2016-04-08 Jason Zaman Superseded
[2/2,v3] checkpolicy: Fail if module name different than output base filename - - - --- 2016-04-08 James Carter Accepted
[1/2,v3] policycoreutils/hll/pp: Warn if module name different than output filename - - - --- 2016-04-08 James Carter Accepted
[net-next] security: drop the unused hook skb_owned_by - - - --- 2016-04-08 Paolo Abeni Accepted
[2/2,v2] checkpolicy: Warn if module name different than output filename - - - --- 2016-04-07 James Carter Superseded
[1/2,v2] policycoreutils/hll/pp: Warn if module name different than output filename - - - --- 2016-04-07 James Carter Superseded
[RFC] selinux-testsuite: Add test for execstack on thread stack - - - --- 2016-04-06 Stephen Smalley Superseded
[RFC] selinux: apply execstack check on thread stacks - - - --- 2016-04-06 Stephen Smalley Superseded
[RFC] selinux-testsuite: Add tests for non-init userns capability checks - - - --- 2016-04-06 Stephen Smalley Superseded
[RFC] selinux-testsuite: Add tests for non-init userns capability checks - - - --- 2016-04-06 Stephen Smalley Superseded
[RFC] selinux: distinguish non-init user namespace capability checks - - - --- 2016-04-06 Stephen Smalley Superseded
selinux: Add support for portcon dccp protocol - - - --- 2016-04-06 Richard Haines Accepted
cil_mem.c: #define _GNU_SOURCE - - - --- 2016-04-06 Nick Kralevich Rejected
[v3] selinux: restrict kernel module loading - - - --- 2016-04-05 Jeffrey Vander Stoep Accepted
[v2] selinux: restrict kernel module loading - - - --- 2016-04-03 Jeffrey Vander Stoep Superseded
selinux: restrict kernel module loading - - - --- 2016-04-01 Jeffrey Vander Stoep Superseded
selinux: consolidate the ptrace parent lookup code - - - --- 2016-04-01 Paul Moore Accepted
selinux: simply inode label states to INVALID and INITIALIZED - - - --- 2016-03-28 Paul Moore Accepted
selinux: don't revalidate inodes in selinux_socket_getpeersec_dgram() - - - --- 2016-03-28 Paul Moore Accepted
[RESEND,v2,11/18] fs: Ensure the mounter of a filesystem is privileged towards its inodes - - - --- 2016-03-28 Seth Forshee Superseded
netlabel: fix a problem with netlbl_secattr_catmap_setrng() - - - --- 2016-03-28 Paul Moore Accepted
[3/3] checkpolicy: Warn if module name different than filenames - - - --- 2016-03-25 James Carter Superseded
[2/3] policycoreutils/hll/pp: Warn if module name different from filenames - - - --- 2016-03-25 James Carter Superseded
[1/3] libsepol: Add function to check if module name matches filename - - - --- 2016-03-25 James Carter Superseded
Just sent a small patch to github to fix the selinuxfs man pages. - - - --- 2016-03-25 Daniel Walsh Accepted
selinux: fix memory leak on node_ptr on error return path - - - --- 2016-03-21 Colin King Rejected
policycoreutils/sepolgen: Add support for TYPEBOUNDS statement in INTERFACE policy files. - - - --- 2016-03-21 Miroslav Grepl Accepted
libsepol/cil: fix bug when resetting class permission values - - - --- 2016-03-17 Steve Lawrence Accepted
fs: remove excess check for in_userns - - - --- 2016-03-15 Pavel Tikhomirov Not Applicable
fs: fix a posible leak of allocated superblock - - - --- 2016-03-15 Pavel Tikhomirov Not Applicable
libselinux: only mount /proc if necessary - - - --- 2016-02-29 Stephen Smalley Accepted
[2/2] libselinux: procattr: return einval for <= 0 pid args. - - - --- 2016-02-23 Daniel Cashman Accepted
[1/2] libselinux: procattr: return error on invalid pid_t input. - - - --- 2016-02-23 Daniel Cashman Accepted
libselinux: selinux_restorecon.3 man page corrections. - - - --- 2016-02-21 Richard Haines Accepted
selinux: Don't sleep inside inode_getsecid hook - - - --- 2016-02-18 Andreas Gruenbacher Accepted
[RFC,v3,19/19] netlabel: Implement CALIPSO config functions for SMACK. - - - --- 2016-02-17 Huw Davies RFC
[RFC,v3,18/19] calipso: Add a label cache. - - - --- 2016-02-17 Huw Davies RFC
[RFC,v3,17/19] calipso: Add validation of CALIPSO option. - - - --- 2016-02-17 Huw Davies RFC
[RFC,v3,16/19] netlabel: Pass a family parameter to netlbl_skbuff_err(). - - - --- 2016-02-17 Huw Davies RFC
[RFC,v3,15/19] calipso: Allow the lsm to label the skbuff directly. - - - --- 2016-02-17 Huw Davies RFC
[RFC,v3,14/19] ipv6: constify the skb pointer of ipv6_find_tlv(). - - - --- 2016-02-17 Huw Davies RFC
[RFC,v3,13/19] calipso: Allow request sockets to be relabelled by the lsm. - - - --- 2016-02-17 Huw Davies RFC
[RFC,v3,12/19] ipv6: Allow request socks to contain IPv6 options. - - - --- 2016-02-17 Huw Davies RFC
[RFC,v3,11/19] netlabel: Prevent setsockopt() from changing the hop-by-hop option. - - - --- 2016-02-17 Huw Davies RFC
[RFC,v3,10/19] calipso: Set the calipso socket label to match the secattr. - - - --- 2016-02-17 Huw Davies RFC
[RFC,v3,09/19] netlabel: Move bitmap manipulation functions to the NetLabel core. - - - --- 2016-02-17 Huw Davies RFC
« 1 2 ... 90 91 92 93 »