Show patches with: Submitter = Ondrej Mosnacek       |   527 patches
« 1 2 3 45 6 »
Patch Series A/R/T S/W/F Date Submitter Delegate State
xfs: use has_capability_noaudit() instead of capable() where appropriate xfs: use has_capability_noaudit() instead of capable() where appropriate - - - --- 2021-03-16 Ondrej Mosnacek pcmoore Changes Requested
vfs: fix fsconfig(2) LSM mount option handling for btrfs vfs: fix fsconfig(2) LSM mount option handling for btrfs - - 1 --- 2020-11-18 Ondrej Mosnacek pcmoore Superseded
test_sctp.te: avoid use of corenet_sctp_bind_generic_node() test_sctp.te: avoid use of corenet_sctp_bind_generic_node() - - - --- 2020-10-29 Ondrej Mosnacek omos Accepted
serial: core: fix suspicious security_locked_down() call serial: core: fix suspicious security_locked_down() call 1 - - --- 2021-05-07 Ondrej Mosnacek pcmoore Accepted
selinux: use strlcpy() when copying IB device name selinux: use strlcpy() when copying IB device name - - - --- 2021-05-07 Ondrej Mosnacek pcmoore Changes Requested
selinux: support attributes in type transitions selinux: support attributes in type transitions - - - --- 2019-05-06 Ondrej Mosnacek Changes Requested
selinux: store role transitions in a hash table selinux: store role transitions in a hash table - - - --- 2020-04-06 Ondrej Mosnacek Superseded
selinux: simplify mls_context_to_sid() selinux: simplify mls_context_to_sid() - - - --- 2018-11-09 Ondrej Mosnacek Superseded
selinux: replace BUG_ONs with WARN_ONs in avc.c selinux: replace BUG_ONs with WARN_ONs in avc.c - - - --- 2019-01-26 Ondrej Mosnacek Superseded
selinux: reorder hooks to make runtime disable less broken selinux: reorder hooks to make runtime disable less broken - - - --- 2019-12-09 Ondrej Mosnacek Superseded
selinux: remove useless assignments selinux: remove useless assignments - - - --- 2019-03-25 Ondrej Mosnacek Accepted
selinux: remove some no-op BUG_ONs selinux: remove some no-op BUG_ONs - - - --- 2019-05-04 Ondrej Mosnacek Accepted
selinux: reduce the use of hard-coded hash sizes selinux: reduce the use of hard-coded hash sizes - - - --- 2020-02-17 Ondrej Mosnacek Superseded
selinux: parse contexts for mount options early selinux: parse contexts for mount options early - - - --- 2022-02-02 Ondrej Mosnacek pcmoore Accepted
selinux: optimize MLS context to string conversion selinux: optimize MLS context to string conversion - - - --- 2019-07-30 Ondrej Mosnacek Changes Requested
selinux: move status variables out of selinux_ss selinux: move status variables out of selinux_ss - 1 - --- 2020-01-17 Ondrej Mosnacek Accepted
selinux: make labeled NFS work when mounted before policy load selinux: make labeled NFS work when mounted before policy load - - 1 --- 2023-05-29 Ondrej Mosnacek pcmoore Accepted
selinux: log raw contexts as untrusted strings selinux: log raw contexts as untrusted strings 1 - - --- 2019-06-11 Ondrej Mosnacek Accepted
selinux: introduce an initial SID for early boot processes selinux: introduce an initial SID for early boot processes - - - --- 2023-06-12 Ondrej Mosnacek pcmoore Changes Requested
selinux: implement new format of filename transitions selinux: implement new format of filename transitions - - - --- 2020-03-27 Ondrej Mosnacek Changes Requested
selinux: free str on error in str_read() selinux: free str on error in str_read() - 1 - --- 2020-04-14 Ondrej Mosnacek Accepted
selinux: fix variable scope issue in live sidtab conversion selinux: fix variable scope issue in live sidtab conversion - - - --- 2021-02-08 Ondrej Mosnacek pcmoore Changes Requested
selinux: fix sparse warnings in policydb.c selinux: fix sparse warnings in policydb.c - 1 - --- 2020-01-16 Ondrej Mosnacek Superseded
selinux: fix sidtab string cache locking selinux: fix sidtab string cache locking 1 - - --- 2020-02-03 Ondrej Mosnacek Accepted
selinux: fix return value on error in policydb_read() selinux: fix return value on error in policydb_read() - - - --- 2020-05-01 Ondrej Mosnacek Accepted
selinux: fix race when removing selinuxfs entries selinux: fix race when removing selinuxfs entries - - - --- 2018-10-02 Ondrej Mosnacek Rejected
selinux: fix race condition when computing ocontext SIDs selinux: fix race condition when computing ocontext SIDs - - - --- 2021-07-28 Ondrej Mosnacek pcmoore Accepted
selinux: fix race between old and new sidtab selinux: fix race between old and new sidtab - - - --- 2021-04-05 Ondrej Mosnacek pcmoore Changes Requested
selinux: fix NULL-pointer dereference when hashtab allocation fails selinux: fix NULL-pointer dereference when hashtab allocation fails - - - --- 2021-11-19 Ondrej Mosnacek pcmoore Accepted
selinux: fix NULL dereference in policydb_destroy() selinux: fix NULL dereference in policydb_destroy() 1 - - --- 2019-03-17 Ondrej Mosnacek Accepted
selinux: fix misuse of mutex_is_locked() selinux: fix misuse of mutex_is_locked() - - - --- 2022-02-21 Ondrej Mosnacek pcmoore Accepted
selinux: fix memory leak in policydb_init() selinux: fix memory leak in policydb_init() - - - --- 2019-07-25 Ondrej Mosnacek Accepted
selinux: fix Makefile dependencies of flask.h selinux: fix Makefile dependencies of flask.h 1 - - --- 2023-04-12 Ondrej Mosnacek pcmoore Accepted
selinux: fix handling of empty opts in selinux_fs_context_submount() selinux: fix handling of empty opts in selinux_fs_context_submount() - 2 - --- 2023-09-11 Ondrej Mosnacek pcmoore Accepted
selinux: fix empty write to keycreate file selinux: fix empty write to keycreate file - - - --- 2019-06-12 Ondrej Mosnacek Accepted
selinux: fix context string corruption in convert_context() selinux: fix context string corruption in convert_context() 1 - - --- 2019-10-03 Ondrej Mosnacek Accepted
selinux: fix bad cleanup on error in hashtab_duplicate() selinux: fix bad cleanup on error in hashtab_duplicate() - - - --- 2022-05-17 Ondrej Mosnacek pcmoore Accepted
selinux: fix a race condition in security_read_policy() selinux: fix a race condition in security_read_policy() - - - --- 2020-08-21 Ondrej Mosnacek Superseded
selinux: fall back to SECURITY_FS_USE_GENFS if no xattr support selinux: fall back to SECURITY_FS_USE_GENFS if no xattr support - - - --- 2021-01-05 Ondrej Mosnacek pcmoore Changes Requested
selinux: drop unnecessary smp_load_acquire() call selinux: drop unnecessary smp_load_acquire() call - - - --- 2020-04-08 Ondrej Mosnacek Accepted
selinux: drop super_block backpointer from superblock_security_struct selinux: drop super_block backpointer from superblock_security_struct - - - --- 2020-11-04 Ondrej Mosnacek pcmoore Accepted
selinux: don't produce incorrect filename_trans_count selinux: don't produce incorrect filename_trans_count - - - --- 2020-04-20 Ondrej Mosnacek Accepted
selinux: clean up error path in policydb_init() selinux: clean up error path in policydb_init() 1 - - --- 2020-03-03 Ondrej Mosnacek Accepted
selinux: clarify return code in filename_trans_read_helper_compat() selinux: clarify return code in filename_trans_read_helper_compat() - - - --- 2024-04-04 Ondrej Mosnacek pcmoore Accepted
selinux: check sidtab limit before adding a new entry selinux: check sidtab limit before adding a new entry - - - --- 2019-07-22 Ondrej Mosnacek Superseded
selinux: cache the SID -> context string translation selinux: cache the SID -> context string translation - - - --- 2019-10-25 Ondrej Mosnacek Changes Requested
selinux: avoid atomic_t usage in sidtab selinux: avoid atomic_t usage in sidtab - - - --- 2019-07-25 Ondrej Mosnacek Superseded
selinux: allow to opt-out from skipping kernel sockets in sock_has_perm() selinux: allow to opt-out from skipping kernel sockets in sock_has_perm() - - - --- 2023-02-15 Ondrej Mosnacek pcmoore Rejected
selinux: add a new warn_on_audited debug flag to selinuxfs selinux: add a new warn_on_audited debug flag to selinuxfs - - - --- 2022-08-08 Ondrej Mosnacek pcmoore Rejected
security: fix the logic in security_inode_getsecctx() security: fix the logic in security_inode_getsecctx() - 1 - --- 2024-01-26 Ondrej Mosnacek pcmoore Handled Elsewhere
security: fix no-op hook logic in security_inode_{set,remove}xattr() security: fix no-op hook logic in security_inode_{set,remove}xattr() - - - --- 2024-01-29 Ondrej Mosnacek pcmoore Handled Elsewhere
security,selinux: remove security_add_mnt_opt() security,selinux: remove security_add_mnt_opt() 1 1 - --- 2021-12-06 Ondrej Mosnacek pcmoore Accepted
secilc: add basic test for policy optimization secilc: add basic test for policy optimization - - - --- 2020-03-13 Ondrej Mosnacek Changes Requested
sctp: initialize endpoint LSM labels also on the client side sctp: initialize endpoint LSM labels also on the client side - - - --- 2021-10-21 Ondrej Mosnacek Rejected
Revert "libsepol: cache ebitmap cardinality value" Revert "libsepol: cache ebitmap cardinality value" 1 - - --- 2020-03-03 Ondrej Mosnacek Accepted
restorecond: Do not ignore the -f option restorecond: Do not ignore the -f option - - - --- 2018-10-03 Ondrej Mosnacek Not Applicable
policy: fix some build errors under refpolicy policy: fix some build errors under refpolicy - - - --- 2019-09-19 Ondrej Mosnacek Accepted
perf/core: fix unconditional security_locked_down() call perf/core: fix unconditional security_locked_down() call - 1 - --- 2021-02-24 Ondrej Mosnacek pcmoore Accepted
NFSv4.2: fix return value of _nfs4_get_security_label() NFSv4.2: fix return value of _nfs4_get_security_label() - 2 - --- 2021-01-15 Ondrej Mosnacek pcmoore Accepted
LSM: lsm_hooks.h - fix missing colon in docstring LSM: lsm_hooks.h - fix missing colon in docstring - - - --- 2019-03-25 Ondrej Mosnacek Accepted
lsm: fix default return value of the socket_getpeersec_* hooks lsm: fix default return value of the socket_getpeersec_* hooks - - - --- 2024-01-26 Ondrej Mosnacek pcmoore Handled Elsewhere
LSM: allow an LSM to disable all hooks at once LSM: allow an LSM to disable all hooks at once - - - --- 2019-12-11 Ondrej Mosnacek Rejected
lockdown,selinux: fix bogus SELinux lockdown permission checks lockdown,selinux: fix bogus SELinux lockdown permission checks - - - --- 2021-05-07 Ondrej Mosnacek pcmoore Superseded
libsepol: fix endianity in ibpkey range checks libsepol: fix endianity in ibpkey range checks 1 - - --- 2018-10-17 Ondrej Mosnacek Not Applicable
libsepol: add missing ibendport port validity check libsepol: add missing ibendport port validity check - - - --- 2018-10-22 Ondrej Mosnacek Not Applicable
kernfs: fix xattr name handling in LSM helpers kernfs: fix xattr name handling in LSM helpers - - - --- 2019-03-26 Ondrej Mosnacek Superseded
kernel/sys.c: fix and improve control flow in __sys_setres[ug]id() kernel/sys.c: fix and improve control flow in __sys_setres[ug]id() - - - --- 2023-02-15 Ondrej Mosnacek pcmoore Handled Elsewhere
io_uring: don't audit the capability check in io_uring_create() io_uring: don't audit the capability check in io_uring_create() - 1 - --- 2023-07-18 Ondrej Mosnacek pcmoore Handled Elsewhere
debugfs: fix security_locked_down() call for SELinux debugfs: fix security_locked_down() call for SELinux - - - --- 2021-05-07 Ondrej Mosnacek pcmoore Superseded
[v7,7/7] kernfs: initialize security of newly created nodes Allow initializing the kernfs node's secctx based on its parent - - - --- 2019-02-22 Ondrej Mosnacek Accepted
[v7,6/7] selinux: implement the kernfs_init_security hook Allow initializing the kernfs node's secctx based on its parent - - - --- 2019-02-22 Ondrej Mosnacek Accepted
[v7,5/7] LSM: add new hook for kernfs node initialization Allow initializing the kernfs node's secctx based on its parent - - - --- 2019-02-22 Ondrej Mosnacek Accepted
[v7,4/7] kernfs: use simple_xattrs for security attributes Allow initializing the kernfs node's secctx based on its parent - - - --- 2019-02-22 Ondrej Mosnacek Accepted
[v7,3/7] selinux: try security xattr after genfs for kernfs filesystems Allow initializing the kernfs node's secctx based on its parent 1 - - --- 2019-02-22 Ondrej Mosnacek Accepted
[v7,2/7] kernfs: do not alloc iattrs in kernfs_xattr_get Allow initializing the kernfs node's secctx based on its parent - - - --- 2019-02-22 Ondrej Mosnacek Accepted
[v7,1/7] kernfs: clean up struct kernfs_iattrs Allow initializing the kernfs node's secctx based on its parent - - - --- 2019-02-22 Ondrej Mosnacek Accepted
[v6] selinux: policydb - fix byte order and alignment issues [v6] selinux: policydb - fix byte order and alignment issues 1 - - --- 2018-10-23 Ondrej Mosnacek Accepted
[v6,5/5] kernfs: initialize security of newly created nodes Allow initializing the kernfs node's secctx based on its parent - - - --- 2019-02-14 Ondrej Mosnacek Superseded
[v6,4/5] selinux: implement the kernfs_init_security hook Allow initializing the kernfs node's secctx based on its parent - - - --- 2019-02-14 Ondrej Mosnacek Superseded
[v6,3/5] LSM: add new hook for kernfs node initialization Allow initializing the kernfs node's secctx based on its parent - - - --- 2019-02-14 Ondrej Mosnacek Superseded
[v6,2/5] kernfs: use simple_xattrs for security attributes Allow initializing the kernfs node's secctx based on its parent - - - --- 2019-02-14 Ondrej Mosnacek Superseded
[v6,2/2] libsepol: implement POLICYDB_VERSION_COMP_FTRANS userspace: Implement new format of filename trans rules 1 - - --- 2020-07-31 Ondrej Mosnacek Accepted
[v6,1/5] selinux: try security xattr after genfs for kernfs filesystems Allow initializing the kernfs node's secctx based on its parent - - - --- 2019-02-14 Ondrej Mosnacek Superseded
[v6,1/2] libsepol,checkpolicy: optimize storage of filename transitions userspace: Implement new format of filename trans rules 1 - - --- 2020-07-31 Ondrej Mosnacek Accepted
[v5] selinux: policydb - fix byte order and alignment issues [v5] selinux: policydb - fix byte order and alignment issues - - - --- 2018-10-22 Ondrej Mosnacek Superseded
[v5] selinux: cache the SID -> context string translation [v5] selinux: cache the SID -> context string translation - 2 1 --- 2019-11-26 Ondrej Mosnacek Accepted
[v5,5/5] kernfs: initialize security of newly created nodes Allow initializing the kernfs node's secctx based on its parent - - - --- 2019-02-05 Ondrej Mosnacek Superseded
[v5,4/5] selinux: implement the kernfs_init_security hook Allow initializing the kernfs node's secctx based on its parent - - - --- 2019-02-05 Ondrej Mosnacek Superseded
[v5,3/5] LSM: add new hook for kernfs node initialization Allow initializing the kernfs node's secctx based on its parent - - - --- 2019-02-05 Ondrej Mosnacek Superseded
[v5,2/5] kernfs: use simple_xattrs for security attributes Allow initializing the kernfs node's secctx based on its parent - - - --- 2019-02-05 Ondrej Mosnacek Superseded
[v5,2/2] libsepol: implement POLICYDB_VERSION_COMP_FTRANS userspace: Implement new format of filename trans rules - - - --- 2020-07-19 Ondrej Mosnacek Superseded
[v5,1/5] selinux: try security xattr after genfs for kernfs filesystems Allow initializing the kernfs node's secctx based on its parent - - - --- 2019-02-05 Ondrej Mosnacek Superseded
[v5,1/2] libsepol,checkpolicy: optimize storage of filename transitions userspace: Implement new format of filename trans rules - - - --- 2020-07-19 Ondrej Mosnacek Superseded
[v4] selinux: policydb - fix byte order and alignment issues [v4] selinux: policydb - fix byte order and alignment issues - - - --- 2018-10-18 Ondrej Mosnacek Superseded
[v4] selinux: cache the SID -> context string translation [v4] selinux: cache the SID -> context string translation 1 1 1 --- 2019-11-11 Ondrej Mosnacek Changes Requested
[v4] lockdown,selinux: fix wrong subject in some SELinux lockdown checks [v4] lockdown,selinux: fix wrong subject in some SELinux lockdown checks 3 - - --- 2021-09-13 Ondrej Mosnacek pcmoore Accepted
[v4] kernfs: fix xattr name handling in LSM helpers [v4] kernfs: fix xattr name handling in LSM helpers - - - --- 2019-04-03 Ondrej Mosnacek Accepted
[v4,5/5] kernfs: initialize security of newly created nodes Allow initializing the kernfs node's secctx based on its parent - - - --- 2019-02-05 Ondrej Mosnacek Superseded
[v4,4/5] selinux: implement the kernfs_init_security hook Allow initializing the kernfs node's secctx based on its parent - - - --- 2019-02-05 Ondrej Mosnacek Superseded
[v4,3/5] LSM: add new hook for kernfs node initialization Allow initializing the kernfs node's secctx based on its parent - - - --- 2019-02-05 Ondrej Mosnacek Superseded
« 1 2 3 45 6 »