Show patches with: Submitter = Stephen Smalley       |    Archived = No       |   308 patches
« 1 2 3 4 »
Patch Series A/R/T S/W/F Date Submitter Delegate State
[RFC,v2,2/2] selinux: move policy commit after updating selinuxfs [RFC,v4,1/2] selinux: encapsulate policy state, refactor policy load - - - 0 0 0 2020-08-05 Stephen Smalley New
[RFC,v4,1/2] selinux: encapsulate policy state, refactor policy load [RFC,v4,1/2] selinux: encapsulate policy state, refactor policy load - - - 0 0 0 2020-08-05 Stephen Smalley New
[RFC] selinux: move policy commit after updating selinuxfs [RFC] selinux: move policy commit after updating selinuxfs - - - 0 0 0 2020-08-04 Stephen Smalley New
[RFC,v3] selinux: encapsulate policy state, refactor policy load [RFC,v3] selinux: encapsulate policy state, refactor policy load - - - 0 0 0 2020-08-03 Stephen Smalley New
[RFC,5/5] selinux-testsuite: add testing for unprivileged sandboxing capability [RFC,1/5] selinux-testsuite: add tests/sandbox/nodir_no_allow.cil - - - 0 0 0 2020-03-13 Stephen Smalley omos New
[RFC,4/5] selinux-testsuite: add tests/sandbox/rxdir_rx_allow.cil [RFC,1/5] selinux-testsuite: add tests/sandbox/nodir_no_allow.cil - - - 0 0 0 2020-03-13 Stephen Smalley omos New
[RFC,3/5] selinux-testsuite: add tests/sandbox/rxdir_no_allow.cil [RFC,1/5] selinux-testsuite: add tests/sandbox/nodir_no_allow.cil - - - 0 0 0 2020-03-13 Stephen Smalley omos New
[RFC,2/5] selinux-testsuite: add tests/sandbox/nodir_rx_allow.cil [RFC,1/5] selinux-testsuite: add tests/sandbox/nodir_no_allow.cil - - - 0 0 0 2020-03-13 Stephen Smalley omos New
[RFC,1/5] selinux-testsuite: add tests/sandbox/nodir_no_allow.cil [RFC,1/5] selinux-testsuite: add tests/sandbox/nodir_no_allow.cil - - - 0 0 0 2020-03-13 Stephen Smalley omos New
[RFC] libsepol,secilc,policycoreutils: add unprivileged sandboxing capability [RFC] libsepol,secilc,policycoreutils: add unprivileged sandboxing capability - - - 0 0 0 2020-03-13 Stephen Smalley New
[RFC] selinux: add unprivileged sandboxing capability [RFC] selinux: add unprivileged sandboxing capability - - - 0 0 0 2020-03-13 Stephen Smalley pcmoore New
selinux: log error messages on required process class / permissions selinux: log error messages on required process class / permissions - - - 0 0 0 2020-06-17 Stephen Smalley Accepted
scripts/selinux/mdp: fix initial SID handling scripts/selinux/mdp: fix initial SID handling - - - 0 0 0 2020-06-17 Stephen Smalley Accepted
[testsuite] defconfig: add NETFILTER_XT_MATCH_STATE and NFS_V4_1 [testsuite] defconfig: add NETFILTER_XT_MATCH_STATE and NFS_V4_1 1 - - 0 0 0 2020-06-09 Stephen Smalley omos Accepted
libselinux: fix selinux_restorecon() statfs bug libselinux: fix selinux_restorecon() statfs bug 1 - 1 0 0 0 2020-06-04 Stephen Smalley Accepted
[testsuite] policy/test_overlayfs.te: allow mounter to create whiteouts [testsuite] policy/test_overlayfs.te: allow mounter to create whiteouts 1 - - 0 0 0 2020-06-02 Stephen Smalley omos Accepted
libsepol: drop broken warning on duplicate filename transitions libsepol: drop broken warning on duplicate filename transitions 1 - - 0 0 0 2020-05-13 Stephen Smalley Accepted
[v2] libsemanage: fsync final files before rename [v2] libsemanage: fsync final files before rename 1 - - 0 0 0 2020-05-13 Stephen Smalley Accepted
[v5,testsuite,07/15] test_policy.if: use term_use_all_ptys() instead of unconfined_devpts_t Untitled series #286501 1 - - 0 0 0 2020-05-12 Stephen Smalley omos Accepted
[v2,testsuite] tests/filesystem: fix quotas_test [v2,testsuite] tests/filesystem: fix quotas_test 1 - - 0 0 0 2020-05-11 Stephen Smalley omos Accepted
[v4,testsuite,15/15] README.md: Add instructions for Debian Update to work on Debian - - - 0 0 0 2020-05-08 Stephen Smalley omos Accepted
[v4,testsuite,14/15] tests/mmap: skip /dev/zero tests if /dev is noexec Update to work on Debian - - - 0 0 0 2020-05-08 Stephen Smalley omos Accepted
[v4,testsuite,13/15] tests/cap_userns: set /proc/sys/kernel/unprivileged_userns_clone if needed Update to work on Debian - - - 0 0 0 2020-05-08 Stephen Smalley omos Accepted
[v4,testsuite,12/15] policy/Makefile: conditionalize setting of allow_domain_fd_use Update to work on Debian - - - 0 0 0 2020-05-08 Stephen Smalley omos Accepted
[v4,testsuite,11/15] test_filesystem.te,tests/{fs_}filesystem: do not force user identity to syst... Update to work on Debian - - - 0 0 0 2020-05-08 Stephen Smalley omos Accepted
[v4,testsuite,10/15] policy: Add defaultrange rules for overlay tests Update to work on Debian - - - 0 0 0 2020-05-08 Stephen Smalley omos Accepted
[v4,testsuite,09/15] policy: Add MCS constraint on peer recv Update to work on Debian - - - 0 0 0 2020-05-08 Stephen Smalley omos Accepted
[v4,testsuite,08/15] test_overlayfs.te: allow test_overlay_mounter_t to read user tmp files Update to work on Debian - - - 0 0 0 2020-05-08 Stephen Smalley omos Accepted
[v4,testsuite,06/15] test_sctp.te: make netlabel_peer_t a MCS-constrained type Update to work on Debian - - - 0 0 0 2020-05-08 Stephen Smalley omos Accepted
[v4,testsuite,05/15] test_inet_socket.te: switch from generic_port to _all_unreserved_ports() Update to work on Debian - - - 0 0 0 2020-05-08 Stephen Smalley omos Accepted
[v4,testsuite,04/15] test_global.te: allow test domains to statfs selinuxfs Update to work on Debian - - - 0 0 0 2020-05-08 Stephen Smalley omos Accepted
[v4,testsuite,03/15] test_ibendport.te: use dev_rw_infiniband_mgmt_dev() Update to work on Debian - - - 0 0 0 2020-05-08 Stephen Smalley omos Accepted
[v4,testsuite,02/15] test_execute_no_trans.te: stop using mmap_file_perms Update to work on Debian - - - 0 0 0 2020-05-08 Stephen Smalley omos Accepted
[v4,testsuite,01/15] test_capable_net.te: remove corenet_tcp/udp_sendrecv_all_ports() Update to work on Debian - - - 0 0 0 2020-05-08 Stephen Smalley omos Accepted
MAINTAINERS: Update my email address MAINTAINERS: Update my email address - - - 0 0 0 2020-03-11 Stephen Smalley Accepted
[v3,2/2] testsuite: add further nfs tests [v3,1/2] testsuite: provide support for testing labeled NFS - - - 0 0 0 2020-01-30 Stephen Smalley Accepted
[v3,1/2] testsuite: provide support for testing labeled NFS [v3,1/2] testsuite: provide support for testing labeled NFS - - - 0 0 0 2020-01-30 Stephen Smalley Accepted
testsuite: enable running over labeled NFS testsuite: enable running over labeled NFS - - - 0 0 0 2020-01-29 Stephen Smalley Accepted
[v2] libsepol,checkpolicy: support omitting unused initial sid contexts [v2] libsepol,checkpolicy: support omitting unused initial sid contexts 1 - - 0 0 0 2020-01-29 Stephen Smalley Accepted
testsuite/policy: fixes for running on a labeled NFS mount testsuite/policy: fixes for running on a labeled NFS mount - - - 0 0 0 2020-01-23 Stephen Smalley Accepted
[v4] libsepol,checkpolicy: remove use of hardcoded security class values [v4] libsepol,checkpolicy: remove use of hardcoded security class values 1 - - 0 0 0 2020-01-21 Stephen Smalley Accepted
libselinux: export flush_class_cache(), call it on policyload libselinux: export flush_class_cache(), call it on policyload - - - 0 0 0 2020-01-21 Stephen Smalley Accepted
[v2] selinux: fix regression introduced by move_mount(2) syscall [v2] selinux: fix regression introduced by move_mount(2) syscall - 2 - 0 0 0 2020-01-17 Stephen Smalley Accepted
libselinux: update man pages for userspace policy enforcers libselinux: update man pages for userspace policy enforcers - - - 0 0 0 2020-01-17 Stephen Smalley Accepted
libselinux: remove flask.h and av_permissions.h libselinux: remove flask.h and av_permissions.h 1 - - 0 0 0 2020-01-15 Stephen Smalley Accepted
selinux: make default_noexec read-only after init selinux: make default_noexec read-only after init - - - 0 0 0 2020-01-08 Stephen Smalley Accepted
Documentation,selinux: deprecate setting checkreqprot to 1 Documentation,selinux: deprecate setting checkreqprot to 1 - - - 0 0 0 2020-01-08 Stephen Smalley Accepted
Documentation,selinux: fix references to old selinuxfs mount point Documentation,selinux: fix references to old selinuxfs mount point - - - 0 0 0 2020-01-07 Stephen Smalley Accepted
[v2] selinux: clean up selinux_enabled/disabled/enforcing_boot [v2] selinux: clean up selinux_enabled/disabled/enforcing_boot - - - 0 0 0 2019-12-17 Stephen Smalley Accepted
[RFC] selinux: randomize layout of key structures [RFC] selinux: randomize layout of key structures - 1 - 0 0 0 2019-12-13 Stephen Smalley Accepted
security: only build lsm_audit if CONFIG_SECURITY=y security: only build lsm_audit if CONFIG_SECURITY=y - - - 0 0 0 2019-12-10 Stephen Smalley Accepted
[v4] selinux-testsuite: add lockdown tests [v4] selinux-testsuite: add lockdown tests - - - 0 0 0 2019-12-10 Stephen Smalley Accepted
[RFC,v2] security,lockdown,selinux: implement SELinux lockdown [RFC,v2] security,lockdown,selinux: implement SELinux lockdown - 1 - 0 0 0 2019-11-27 Stephen Smalley Accepted
selinux: clean up selinux_inode_permission MAY_NOT_BLOCK tests selinux: clean up selinux_inode_permission MAY_NOT_BLOCK tests - - - 0 0 0 2019-11-22 Stephen Smalley Accepted
[2/2] selinux: fall back to ref-walk if audit is required [1/2] selinux: revert "stop passing MAY_NOT_BLOCK to the AVC upon follow_link" - - - 0 0 0 2019-11-22 Stephen Smalley Accepted
[1/2] selinux: revert "stop passing MAY_NOT_BLOCK to the AVC upon follow_link" [1/2] selinux: revert "stop passing MAY_NOT_BLOCK to the AVC upon follow_link" - - - 0 0 0 2019-11-22 Stephen Smalley Accepted
[v3] selinux-testsuite: add tests for fsnotify [v3] selinux-testsuite: add tests for fsnotify - - - 0 0 0 2019-10-31 Stephen Smalley Accepted
[RFC,11/10] selinux: fix support multiple selinuxfs instances Untitled series #188777 - - - 0 0 0 2019-10-16 Stephen Smalley Accepted
[RFC,10/10] selinuxfs: restrict write operations to the same selinux namespace SELinux namespace series, re-based - - - 0 0 0 2019-10-15 Stephen Smalley Accepted
[RFC,09/10] selinux: add a selinuxfs interface to unshare selinux namespace SELinux namespace series, re-based - - - 0 0 0 2019-10-15 Stephen Smalley Accepted
[RFC,08/10] selinux: introduce cred_selinux_ns() and use it SELinux namespace series, re-based - - - 0 0 0 2019-10-15 Stephen Smalley Accepted
[RFC,07/10] selinux: support per-task/cred selinux namespace SELinux namespace series, re-based - - - 0 0 0 2019-10-15 Stephen Smalley Accepted
[RFC,06/10] netns,selinux: create the selinux netlink socket per network namespace SELinux namespace series, re-based - - - 0 0 0 2019-10-15 Stephen Smalley Accepted
[RFC,05/10] selinux: Annotate lockdep for services locks SELinux namespace series, re-based - - - 0 0 0 2019-10-15 Stephen Smalley Accepted
[RFC,04/10] selinuxns: mark init_selinux_ns as __ro_after_init SELinux namespace series, re-based - - - 0 0 0 2019-10-15 Stephen Smalley Accepted
[RFC,03/10] selinux: dynamically allocate selinux namespace SELinux namespace series, re-based - - - 0 0 0 2019-10-15 Stephen Smalley Accepted
[RFC,02/10] selinux: support multiple selinuxfs instances SELinux namespace series, re-based - - - 0 0 0 2019-10-15 Stephen Smalley Accepted
[v2] python/sepolicy: call segenxml.py with python3 [v2] python/sepolicy: call segenxml.py with python3 1 - - 0 0 0 2019-10-09 Stephen Smalley Accepted
selinux-testsuite: drop use of userdom_read_inherited_user_tmp_files selinux-testsuite: drop use of userdom_read_inherited_user_tmp_files - - 1 0 0 0 2019-09-18 Stephen Smalley Accepted
selinux-testsuite: apply perltidy to infiniband test scripts selinux-testsuite: apply perltidy to infiniband test scripts - - - 0 0 0 2019-09-18 Stephen Smalley Accepted
selinux-testsuite: fix test/file to avoid noise in test output selinux-testsuite: fix test/file to avoid noise in test output - - - 0 0 0 2019-09-18 Stephen Smalley Accepted
selinux: fix residual uses of current_security() for the SELinux blob selinux: fix residual uses of current_security() for the SELinux blob 1 1 - 0 0 0 2019-09-04 Stephen Smalley Accepted
selinux-testsuite: fix old python shebang in tests/overlay/access selinux-testsuite: fix old python shebang in tests/overlay/access - - - 0 0 0 2019-06-19 Stephen Smalley Accepted
scripts/selinux: fix build scripts/selinux: fix build - - - 0 0 0 2019-03-19 Stephen Smalley Accepted
[v3] libselinux: selinux_set_mapping: fix handling of unknown classes/perms [v3] libselinux: selinux_set_mapping: fix handling of unknown classes/perms 1 - - 0 0 0 2019-02-25 Stephen Smalley Accepted
[v6] scripts/selinux: modernize mdp [v6] scripts/selinux: modernize mdp 1 - - 0 0 0 2019-02-21 Stephen Smalley Accepted
selinux-testsuite: fix userspace, refpolicy, and mailing list selinux-testsuite: fix userspace, refpolicy, and mailing list - - - 0 0 0 2019-02-14 Stephen Smalley Accepted
selinux: fix avc audit messages selinux: fix avc audit messages - - - 0 0 0 2019-02-05 Stephen Smalley Accepted
[v2] setsebool: support use of -P on SELinux-disabled hosts [v2] setsebool: support use of -P on SELinux-disabled hosts 1 - - 0 0 0 2019-01-10 Stephen Smalley Accepted
[2/2] selinux: stop passing MAY_NOT_BLOCK to the AVC upon follow_link [1/2] selinux: avoid silent denials in permissive mode under RCU walk - - - 0 0 0 2018-12-12 Stephen Smalley Accepted
[1/2] selinux: avoid silent denials in permissive mode under RCU walk [1/2] selinux: avoid silent denials in permissive mode under RCU walk - - - 0 0 0 2018-12-12 Stephen Smalley Accepted
libselinux: fix selinux_restorecon() on non-SELinux hosts libselinux: fix selinux_restorecon() on non-SELinux hosts - - - 0 0 0 2018-09-26 Stephen Smalley Accepted
selinux: fix mounting of cgroup2 under older policies selinux: fix mounting of cgroup2 under older policies - - 1 0 0 0 2018-09-04 Stephen Smalley Accepted
selinux: fix missing dput() before selinuxfs unmount - - - 0 0 0 2018-04-09 Stephen Smalley Accepted
[2/2] selinux: wrap selinuxfs state - - - 0 0 0 2018-03-20 Stephen Smalley Accepted
[1/2] selinux: fix handling of uninitialized selinux state in get_bools/classes - - - 0 0 0 2018-03-20 Stephen Smalley Accepted
[2/2] selinux: wrap AVC state - 1 - 0 0 0 2018-03-05 Stephen Smalley Accepted
selinux: wrap global selinux state - - - 0 0 0 2018-02-16 Stephen Smalley Accepted
selinux-testsuite: nnp_nosuid: tidy perl style - - - 0 0 0 2017-10-26 Stephen Smalley Accepted
selinux-testsuite: inet_socket: tighten checking - - - 0 0 0 2017-10-26 Stephen Smalley Accepted
[2/2,v2] selinux-testsuite: Move kernel config to a defconfig fragment - - - 0 0 0 2017-09-29 Stephen Smalley Accepted
[1/2,v2] selinux-testsuite: README: Update kernel config requirements - - - 0 0 0 2017-09-29 Stephen Smalley Accepted
usb, signal, security: only pass the cred, not the secid, to kill_pid_info_as_cred and security_t... 4 - - 0 0 0 2017-09-08 Stephen Smalley Accepted
[2/2] lsm_audit: update my email address - - - 0 0 0 2017-08-17 Stephen Smalley Accepted
[1/2] selinux: update my email address - - - 0 0 0 2017-08-17 Stephen Smalley Accepted
[v3] selinux-testsuite: Add tests for transitions under NNP/nosuid - - - 0 0 0 2017-08-01 Stephen Smalley Accepted
[v4] selinux: Generalize support for NNP/nosuid SELinux domain transitions - - - 0 0 0 2017-07-31 Stephen Smalley Accepted
selinux: genheaders should fail if too many permissions are defined - - - 0 0 0 2017-07-25 Stephen Smalley Accepted
selinux-testsuite: Add tests for AT_SECURE - - - 0 0 0 2017-07-19 Stephen Smalley Accepted
selinux-testsuite: allow more instances of map permission - - - 0 0 0 2017-05-25 Stephen Smalley Accepted
« 1 2 3 4 »