Show patches with: none      |   7312 patches
« 1 2 3 473 74 »
Patch Series A/R/T S/W/F Date Submitter Delegate State
[RFC,1/2] security: Remove security_add_mnt_opt() as it's unused [RFC,1/2] security: Remove security_add_mnt_opt() as it's unused - - - --- 2021-12-08 David Howells pcmoore In Next
[SYSTEMD,1/7] selinux: add function name to audit data Re-add SELinux checks for unit install operations - - - --- 2021-08-05 Christian Göttsche Handled Elsewhere
[SYSTEMD,2/7] selinux: improve debug log format Re-add SELinux checks for unit install operations - - - --- 2021-08-05 Christian Göttsche Handled Elsewhere
[SYSTEMD,3/7] selinux: mark _mac_selinux_generic_access_check with leading underscore Re-add SELinux checks for unit install operations - - - --- 2021-08-05 Christian Göttsche Handled Elsewhere
[SYSTEMD,4/7] core: add support for MAC checks on unit install operations Re-add SELinux checks for unit install operations - - - --- 2021-08-05 Christian Göttsche Handled Elsewhere
[SYSTEMD,5/7] core: implement the sd-bus generic callback for SELinux Re-add SELinux checks for unit install operations - - - --- 2021-08-05 Christian Göttsche Handled Elsewhere
[SYSTEMD,6/7] core: avoid bypasses in D-BUS SELinux filter Re-add SELinux checks for unit install operations - - - --- 2021-08-05 Christian Göttsche Handled Elsewhere
[SYSTEMD,7/7] core: tweak job_type_to_access_method SELinux permissions Re-add SELinux checks for unit install operations - - - --- 2021-08-05 Christian Göttsche Handled Elsewhere
[4.4,1/2] binder: use euid from cred instead of using task [4.4,1/2] binder: use euid from cred instead of using task 1 - - --- 2021-11-10 Todd Kjos pcmoore Handled Elsewhere
[4.4,2/2] binder: use cred instead of task for selinux checks [4.4,1/2] binder: use euid from cred instead of using task 1 - - --- 2021-11-10 Todd Kjos pcmoore Handled Elsewhere
[4.9,1/2] binder: use euid from cred instead of using task [4.9,1/2] binder: use euid from cred instead of using task 1 - - --- 2021-11-10 Todd Kjos pcmoore Handled Elsewhere
[4.9,2/2] binder: use cred instead of task for selinux checks [4.9,1/2] binder: use euid from cred instead of using task 1 - - --- 2021-11-10 Todd Kjos pcmoore Handled Elsewhere
[4.14,1/2] binder: use euid from cred instead of using task [4.14,1/2] binder: use euid from cred instead of using task 1 - - --- 2021-11-10 Todd Kjos pcmoore Handled Elsewhere
[4.14,2/2] binder: use cred instead of task for selinux checks [4.14,1/2] binder: use euid from cred instead of using task 1 - - --- 2021-11-10 Todd Kjos pcmoore Handled Elsewhere
[4.19,1/2] binder: use euid from cred instead of using task [4.19,1/2] binder: use euid from cred instead of using task 1 - - --- 2021-11-10 Todd Kjos pcmoore Handled Elsewhere
[4.19,2/2] binder: use cred instead of task for selinux checks [4.19,1/2] binder: use euid from cred instead of using task 1 - - --- 2021-11-10 Todd Kjos pcmoore Handled Elsewhere
[5.4,1/3] binder: use euid from cred instead of using task [5.4,1/3] binder: use euid from cred instead of using task 1 - - --- 2021-11-10 Todd Kjos pcmoore Handled Elsewhere
[5.4,2/3] binder: use cred instead of task for selinux checks [5.4,1/3] binder: use euid from cred instead of using task 1 - - --- 2021-11-10 Todd Kjos pcmoore Handled Elsewhere
[5.4,3/3] binder: use cred instead of task for getsecid [5.4,1/3] binder: use euid from cred instead of using task 1 - - --- 2021-11-10 Todd Kjos pcmoore Handled Elsewhere
[5.10,1/3] binder: use euid from cred instead of using task [5.10,1/3] binder: use euid from cred instead of using task 1 - - --- 2021-11-10 Todd Kjos pcmoore Handled Elsewhere
[5.10,2/3] binder: use cred instead of task for selinux checks [5.10,1/3] binder: use euid from cred instead of using task 1 - - --- 2021-11-10 Todd Kjos pcmoore Handled Elsewhere
[5.10,3/3] binder: use cred instead of task for getsecid [5.10,1/3] binder: use euid from cred instead of using task 1 - - --- 2021-11-10 Todd Kjos pcmoore Handled Elsewhere
[RFC] capability: add capable_or to test for multiple caps with exactly one audit message [RFC] capability: add capable_or to test for multiple caps with exactly one audit message - - - --- 2021-11-16 Christian Göttsche pcmoore Handled Elsewhere
[RFC,2/2] capability: use new capable_or functionality [RFC,1/2] capability: add capable_or to test for multiple caps with exactly one audit message - - - --- 2022-02-17 Christian Göttsche pcmoore Handled Elsewhere
[RFC,1/2] capability: add capable_or to test for multiple caps with exactly one audit message [RFC,1/2] capability: add capable_or to test for multiple caps with exactly one audit message - - - --- 2022-02-17 Christian Göttsche pcmoore Handled Elsewhere
userfaultfd, capability: introduce CAP_USERFAULTFD userfaultfd, capability: introduce CAP_USERFAULTFD - - - --- 2022-02-24 Axel Rasmussen pcmoore Handled Elsewhere
[RESEND] xfs: don't generate selinux audit messages for capability testing [RESEND] xfs: don't generate selinux audit messages for capability testing 1 2 - --- 2022-03-01 Darrick J. Wong pcmoore Handled Elsewhere
[v4] firmware_loader: use kernel credentials when reading firmware [v4] firmware_loader: use kernel credentials when reading firmware 1 1 - --- 2022-05-02 Thiébaud Weksteen pcmoore Handled Elsewhere
[01/32] netlink: Avoid memcpy() across flexible array boundary Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook pcmoore Handled Elsewhere
[02/32] Introduce flexible array struct memcpy() helpers Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook pcmoore Handled Elsewhere
[03/32] flex_array: Add Kunit tests Introduce flexible array struct memcpy() helpers - 1 - --- 2022-05-04 Kees Cook pcmoore Handled Elsewhere
[04/32] fortify: Add run-time WARN for cross-field memcpy() Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook pcmoore Handled Elsewhere
[05/32] brcmfmac: Use mem_to_flex_dup() with struct brcmf_fweh_queue_item Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook pcmoore Handled Elsewhere
[06/32] iwlwifi: calib: Prepare to use mem_to_flex_dup() Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook pcmoore Handled Elsewhere
[07/32] iwlwifi: calib: Use mem_to_flex_dup() with struct iwl_calib_result Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook pcmoore Handled Elsewhere
[08/32] iwlwifi: mvm: Use mem_to_flex_dup() with struct ieee80211_key_conf Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook pcmoore Handled Elsewhere
[09/32] p54: Use mem_to_flex_dup() with struct p54_cal_database Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook pcmoore Handled Elsewhere
[10/32] wcn36xx: Use mem_to_flex_dup() with struct wcn36xx_hal_ind_msg Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook pcmoore Handled Elsewhere
[11/32] nl80211: Use mem_to_flex_dup() with struct cfg80211_cqm_config Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook pcmoore Handled Elsewhere
[12/32] cfg80211: Use mem_to_flex_dup() with struct cfg80211_bss_ies Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook pcmoore Handled Elsewhere
[13/32] mac80211: Use mem_to_flex_dup() with several structs Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook pcmoore Handled Elsewhere
[14/32] af_unix: Use mem_to_flex_dup() with struct unix_address Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook pcmoore Handled Elsewhere
[15/32] 802/garp: Use mem_to_flex_dup() with struct garp_attr Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook pcmoore Handled Elsewhere
[16/32] 802/mrp: Use mem_to_flex_dup() with struct mrp_attr Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook pcmoore Handled Elsewhere
[17/32] net/flow_offload: Use mem_to_flex_dup() with struct flow_action_cookie Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook pcmoore Handled Elsewhere
[18/32] firewire: Use __mem_to_flex_dup() with struct iso_interrupt_event Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook pcmoore Handled Elsewhere
[19/32] afs: Use mem_to_flex_dup() with struct afs_acl Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook pcmoore Handled Elsewhere
[20/32] ASoC: sigmadsp: Use mem_to_flex_dup() with struct sigmadsp_data Introduce flexible array struct memcpy() helpers 1 - - --- 2022-05-04 Kees Cook pcmoore Handled Elsewhere
[21/32] soc: qcom: apr: Use mem_to_flex_dup() with struct apr_rx_buf Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook pcmoore Handled Elsewhere
[22/32] atags_proc: Use mem_to_flex_dup() with struct buffer Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook pcmoore Handled Elsewhere
[23/32] Bluetooth: Use mem_to_flex_dup() with struct hci_op_configure_data_path Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook pcmoore Handled Elsewhere
[24/32] IB/hfi1: Use mem_to_flex_dup() for struct tid_rb_node Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook pcmoore Handled Elsewhere
[25/32] Drivers: hv: utils: Use mem_to_flex_dup() with struct cn_msg Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook pcmoore Handled Elsewhere
[26/32] ima: Use mem_to_flex_dup() with struct modsig Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook pcmoore Handled Elsewhere
[27/32] KEYS: Use mem_to_flex_dup() with struct user_key_payload Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook pcmoore Handled Elsewhere
[29/32] xtensa: Use mem_to_flex_dup() with struct property Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook pcmoore Handled Elsewhere
[30/32] usb: gadget: f_fs: Use mem_to_flex_dup() with struct ffs_buffer Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook pcmoore Handled Elsewhere
[31/32] xenbus: Use mem_to_flex_dup() with struct read_buffer Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook pcmoore Handled Elsewhere
[32/32] esas2r: Use __mem_to_flex() with struct atto_ioctl Introduce flexible array struct memcpy() helpers - - - --- 2022-05-04 Kees Cook pcmoore Handled Elsewhere
[v2] cred: Propagate security_prepare_creds() error code [v2] cred: Propagate security_prepare_creds() error code 2 1 - --- 2022-05-25 Frederick Lawler pcmoore Handled Elsewhere
[v3] cred: Propagate security_prepare_creds() error code [v3] cred: Propagate security_prepare_creds() error code 2 1 - --- 2022-06-08 Frederick Lawler pcmoore Handled Elsewhere
[V2,1/1] selinux-testsuite: Add btrfs support for filesystem tests selinux-testsuite: Add btrfs support for filesystem tests - - - --- 2020-11-03 Richard Haines omos Queued
[04/21] fs: Replace CURRENT_TIME with current_fs_time() for inode timestamps 1 - - --- 2016-06-09 Deepa Dinamani Deferred
libselinux/getconlist: add verbose switch to print more information libselinux/getconlist: add verbose switch to print more information - - - --- 2020-02-19 Christian Göttsche Deferred
[RFC] selinux: runtime disable is deprecated, add some ssleep() discomfort [RFC] selinux: runtime disable is deprecated, add some ssleep() discomfort - - - --- 2020-06-02 Paul Moore Deferred
selinux: make use of variables when defining libdir and includedir selinux: make use of variables when defining libdir and includedir - - - --- 2020-07-16 W. Michael Petullo Deferred
[RFC,1/1] selinux-testsuite: Add GTP tests selinux-testsuite: Add GTP tests - - - --- 2020-09-24 Richard Haines omos Deferred
[01/19] block_dev: Support checking inode permissions in lookup_bdev() - - - --- 2015-12-02 Seth Forshee Superseded
[02/19] block_dev: Check permissions towards block device inode when mounting - - - --- 2015-12-02 Seth Forshee Superseded
[03/19] fs: Treat foreign mounts as nosuid - - - --- 2015-12-02 Seth Forshee Superseded
[04/19] selinux: Add support for unprivileged mounts from user namespaces - - - --- 2015-12-02 Seth Forshee Superseded
[05/19] userns: Replace in_userns with current_in_userns - - - --- 2015-12-02 Seth Forshee Superseded
[06/19] Smack: Handle labels consistently in untrusted mounts - - - --- 2015-12-02 Seth Forshee Superseded
[07/19] fs: Check for invalid i_uid in may_follow_link() - - - --- 2015-12-02 Seth Forshee Superseded
[08/19] cred: Reject inodes with invalid ids in set_create_file_as() - - - --- 2015-12-02 Seth Forshee Superseded
[09/19] fs: Refuse uid/gid changes which don't map into s_user_ns - - - --- 2015-12-02 Seth Forshee Superseded
[10/19] fs: Update posix_acl support to handle user namespace mounts - - - --- 2015-12-02 Seth Forshee Superseded
[11/19] fs: Ensure the mounter of a filesystem is privileged towards its inodes - - - --- 2015-12-02 Seth Forshee Superseded
[12/19] fs: Don't remove suid for CAP_FSETID in s_user_ns - - - --- 2015-12-02 Seth Forshee Superseded
[13/19] fs: Allow superblock owner to access do_remount_sb() - - - --- 2015-12-02 Seth Forshee Superseded
[14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns - - - --- 2015-12-02 Seth Forshee Superseded
[15/19] capabilities: Allow privileged user in s_user_ns to set file caps - - - --- 2015-12-02 Seth Forshee Superseded
[16/19] fuse: Add support for pid namespaces - - - --- 2015-12-02 Seth Forshee Superseded
[17/19] fuse: Support fuse filesystems outside of init_user_ns - - - --- 2015-12-02 Seth Forshee Superseded
[18/19] fuse: Restrict allow_other to the superblock's namespace or a descendant - - - --- 2015-12-02 Seth Forshee Superseded
[19/19] fuse: Allow user namespace mounts - - - --- 2015-12-02 Seth Forshee Superseded
[v2,01/18] block_dev: Support checking inode permissions in lookup_bdev() - - - --- 2015-12-07 Seth Forshee Superseded
[v2,02/18] block_dev: Check permissions towards block device inode when mounting - - - --- 2015-12-07 Seth Forshee Superseded
[v2,03/18] fs: Treat foreign mounts as nosuid - - - --- 2015-12-07 Seth Forshee Superseded
[v2,04/18] selinux: Add support for unprivileged mounts from user namespaces - - - --- 2015-12-07 Seth Forshee Superseded
[v2,05/18] userns: Replace in_userns with current_in_userns - - - --- 2015-12-07 Seth Forshee Superseded
[v2,06/18] Smack: Handle labels consistently in untrusted mounts - - - --- 2015-12-07 Seth Forshee Superseded
[v2,07/18] fs: Check for invalid i_uid in may_follow_link() - - - --- 2015-12-07 Seth Forshee Superseded
[v2,08/18] cred: Reject inodes with invalid ids in set_create_file_as() - - - --- 2015-12-07 Seth Forshee Superseded
[v2,09/18] fs: Refuse uid/gid changes which don't map into s_user_ns - - - --- 2015-12-07 Seth Forshee Superseded
[v2,10/18] fs: Update posix_acl support to handle user namespace mounts - - - --- 2015-12-07 Seth Forshee Superseded
[v2,11/18] fs: Ensure the mounter of a filesystem is privileged towards its inodes - - - --- 2015-12-07 Seth Forshee Superseded
[v2,12/18] fs: Don't remove suid for CAP_FSETID in s_user_ns - - - --- 2015-12-07 Seth Forshee Superseded
[v2,13/18] fs: Allow superblock owner to access do_remount_sb() - - - --- 2015-12-07 Seth Forshee Superseded
[v2,14/18] capabilities: Allow privileged user in s_user_ns to set security.* xattrs - - - --- 2015-12-07 Seth Forshee Superseded
« 1 2 3 473 74 »