Show patches with: Submitter = Stephen Smalley       |    Archived = No       |   331 patches
« 1 2 3 4 »
Patch Series A/R/T S/W/F Date Submitter Delegate State
selinux: fix bug in conditional rules handling - - - --- 2015-11-23 Stephen Smalley Accepted
libselinux: only mount /proc if necessary - - - --- 2016-02-29 Stephen Smalley Accepted
selinux: distinguish non-init user namespace capability checks - - - --- 2016-04-08 Stephen Smalley Accepted
selinux: apply execstack check on thread stacks - - - --- 2016-04-08 Stephen Smalley Accepted
selinux-testsuite: Update README - - - --- 2016-04-12 Stephen Smalley Accepted
[1/2] libsepol: Only apply bounds checking to source types in rules - - - --- 2016-04-28 Stephen Smalley Not Applicable
[2/2] libsepol: fix type bounds checking for attributes - - - --- 2016-04-28 Stephen Smalley Not Applicable
selinux: Only apply bounds checking to source types - - - --- 2016-04-28 Stephen Smalley Superseded
[v2] selinux: Only apply bounds checking to source types - - - --- 2016-04-29 Stephen Smalley Superseded
libsepol, checkpolicy, secilc: Replace #ifdef DARWIN with __APPLE__. - - - --- 2016-05-03 Stephen Smalley Not Applicable
[v3] selinux: Only apply bounds checking to source types - - - --- 2016-05-03 Stephen Smalley Superseded
Avoid mounting /proc outside of selinux_init_load_policy(). - - - --- 2016-05-13 Stephen Smalley Not Applicable
[v4] selinux: Only apply bounds checking to source types - - - --- 2016-05-23 Stephen Smalley Accepted
libsepol: rewrite sepol_string_to_security_class to use hashtab_search - - - --- 2016-06-20 Stephen Smalley Not Applicable
Extend checkpolicy pathname matching. - - - --- 2016-07-14 Stephen Smalley Not Applicable
selinux-testsuite: Add test for execstack on thread stacks. - - - --- 2016-07-28 Stephen Smalley Accepted
selinux-testsuite: Add tests for non-init userns capability checks - - - --- 2016-07-28 Stephen Smalley Accepted
selinux-testsuite: mmap: add tests for hugetlb anon mappings - - - --- 2016-08-11 Stephen Smalley Not Applicable
selinux-testsuite: mmap: test personality(READ_IMPLIES_EXEC) - - - --- 2016-08-11 Stephen Smalley Not Applicable
libselinux, sefcontext_compile: handle NULL pcre study data - - - --- 2016-08-17 Stephen Smalley Not Applicable
libsemanage: validate and compile file contexts before installing - - - --- 2016-08-17 Stephen Smalley Not Applicable
semanage: Fix semanage fcontext -D - - - --- 2016-08-18 Stephen Smalley Not Applicable
selinux-testsuite: fix file/test failure - - - --- 2016-09-13 Stephen Smalley Not Applicable
libselinux: add support for pcre2 - - - --- 2016-09-15 Stephen Smalley Not Applicable
sefcontext_compile: do not fail silently - - - --- 2016-09-26 Stephen Smalley Not Applicable
policycoreutils: setfiles: reverse the sense of -D - - - --- 2016-09-30 Stephen Smalley Not Applicable
policycoreutils: setfiles: make -I imply -D - - - --- 2016-09-30 Stephen Smalley Not Applicable
libselinux: selinux_restorecon: fix realpath logic - - - --- 2016-10-05 Stephen Smalley Not Applicable
[v2] libselinux: selinux_restorecon: fix realpath logic - - - --- 2016-10-05 Stephen Smalley Not Applicable
libsepol, libsemanage: fix linker scripts / map files - - - --- 2016-10-05 Stephen Smalley Not Applicable
libsemanage: genhomedircon: do not suppress logging from libsepol - - - --- 2016-10-06 Stephen Smalley Not Applicable
libsemanage: genhomedircon: only set MLS level if MLS is enabled - - - --- 2016-10-14 Stephen Smalley Not Applicable
selinux-testsuite: mmap: add shmat SHM_EXEC test - - - --- 2016-10-27 Stephen Smalley Accepted
[1/2] selinux-testsuite: mmap: fix shmat SHM_EXEC test for old kernels - - - --- 2016-10-27 Stephen Smalley Not Applicable
[2/2] selinux-testsuite: mmap: fix shmat SHM_EXEC test for old policies - - - --- 2016-10-27 Stephen Smalley Not Applicable
libselinux: avc_internal.c: allow building with clang - - - --- 2016-11-01 Stephen Smalley Not Applicable
libsemanage: fix kernel pathname in semanage_verify_kernel() - - - --- 2016-11-02 Stephen Smalley Not Applicable
libsepol: sepol_{bool|iface|user}_key_create: copy name - - - --- 2016-11-08 Stephen Smalley Rejected
libsepol: fix checkpolicy dontaudit compiler bug - - - --- 2016-11-14 Stephen Smalley Not Applicable
[v2] libsepol: fix checkpolicy dontaudit compiler bug - - 1 --- 2016-11-14 Stephen Smalley Not Applicable
libselinux: fix subdir build and usage of cmdline CFLAGS - - - --- 2016-11-14 Stephen Smalley Not Applicable
libsepol: cil_lexer: make warnings non-fatal for building - - - --- 2016-11-15 Stephen Smalley Not Applicable
mcstrans: Fix signed/unsigned warnings - - - --- 2016-11-16 Stephen Smalley Not Applicable
selinux: normalize input to /sys/fs/selinux/enforce - - - --- 2016-11-18 Stephen Smalley Accepted
libselinux: normalize enforce values from the kernel - - - --- 2016-11-18 Stephen Smalley Not Applicable
selinux: keep SELinux in sync with new capability definitions - - - --- 2016-11-18 Stephen Smalley Accepted
checkpolicy: treat -self as an error - - - --- 2016-11-18 Stephen Smalley Not Applicable
[1/2] libsepol: do not write object_r types to policy file - - - --- 2016-11-23 Stephen Smalley Not Applicable
[2/2] libsepol, checkpolicy: convert rangetrans and filenametrans to hashtabs - - - --- 2016-11-23 Stephen Smalley Not Applicable
[1/2,v2] libsepol: do not write object_r types to policy file - - - --- 2016-11-28 Stephen Smalley Not Applicable
[2/2,v2] libsepol, checkpolicy: convert rangetrans and filenametrans to hashtabs - - - --- 2016-11-28 Stephen Smalley Not Applicable
libsepol: do not #include <sys/cdefs.h> - - - --- 2016-11-29 Stephen Smalley Not Applicable
libselinux: avcstat: Clean up redundant condition - - - --- 2016-11-29 Stephen Smalley Not Applicable
libsepol: sepol_av_to_string: clear static buffer - - - --- 2016-11-29 Stephen Smalley Not Applicable
libsepol, libselinux, audit2allow: teach audit2why about type bounds failures - - - --- 2016-11-29 Stephen Smalley Not Applicable
[RFC] selinux: support distinctions among all network address families - - - --- 2016-12-01 Stephen Smalley Superseded
[RFC] selinux: support distinctions among all network address families - - - --- 2016-12-01 Stephen Smalley Superseded
[v2] selinux: support distinctions among all network address families - - - --- 2016-12-06 Stephen Smalley Accepted
[RFC] selinux: allow context mounts on tmpfs, ramfs, devpts within user namespaces - - - --- 2016-12-07 Stephen Smalley Rejected
[v2] selinux: allow context mounts on tmpfs, ramfs, devpts within user namespaces - - - --- 2016-12-08 Stephen Smalley Accepted
libsepol: Define extended_socket_class policy capability - - - --- 2016-12-08 Stephen Smalley Not Applicable
[v2] selinux: support distinctions among all network address families - - - --- 2016-12-08 Stephen Smalley Not Applicable
selinux: handle ICMPv6 consistently with ICMP - - - --- 2016-12-08 Stephen Smalley Accepted
selinux-testsuite: Add tests for extended socket classes. - - - --- 2016-12-09 Stephen Smalley Not Applicable
selinux: clean up cred usage and simplify - - - --- 2016-12-09 Stephen Smalley Changes Requested
security,selinux,smack: kill security_task_wait hook 3 - - --- 2017-01-10 Stephen Smalley Accepted
selinux-testsuite: remove wait test - - - --- 2017-01-10 Stephen Smalley Accepted
selinux: drop unused socket security classes - - - --- 2017-01-11 Stephen Smalley Accepted
libselinux: selinux_restorecon: only log no default label warning if recursive - - - --- 2017-01-13 Stephen Smalley Not Applicable
selinux-testsuite: extend sockcreate to support other address families - - - --- 2017-01-13 Stephen Smalley Accepted
libselinux: selinux_restorecon: only log no default label warning for caller-supplied pathname - - - --- 2017-01-13 Stephen Smalley Not Applicable
policycoreutils/setfiles: set up a logging callback for libselinux - - - --- 2017-01-24 Stephen Smalley Not Applicable
libselinux: disable filespec hash table stats on non-debug builds - - - --- 2017-01-24 Stephen Smalley Not Applicable
policycoreutils: remove deprecated -o option from fixfiles verify - - - --- 2017-01-27 Stephen Smalley Not Applicable
selinux: fix off-by-one in setprocattr - - - --- 2017-01-31 Stephen Smalley Accepted
libselinux: do not rely on non-POSIX behavior for write() - - - --- 2017-01-31 Stephen Smalley Not Applicable
selinux-testsuite: fix ptrace test script - - - --- 2017-02-06 Stephen Smalley Accepted
selinux-testsuite: add tests for new netlink socket classes - - - --- 2017-02-06 Stephen Smalley Accepted
[RFC] prlimit,security,selinux: add a security hook for prlimit - - - --- 2017-02-13 Stephen Smalley Accepted
selinux-testsuite: Add tests for prlimit(2) permission checks - - - --- 2017-02-13 Stephen Smalley Accepted
prlimit,security,selinux: add a security hook for prlimit - - - --- 2017-02-16 Stephen Smalley Superseded
[1/2] selinux-testsuite: exclude netlink_socket tests from RHEL7 - - - --- 2017-02-16 Stephen Smalley Accepted
[2/2] selinux-testsuite: fix nnp test for RHEL7 - - - --- 2017-02-16 Stephen Smalley Accepted
[v2] prlimit,security,selinux: add a security hook for prlimit - - - --- 2017-02-17 Stephen Smalley Accepted
timerfd: only check CAP_WAKE_ALARM when it is needed - - - --- 2017-02-17 Stephen Smalley Accepted
fs: switch order of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH checks - - - --- 2017-02-17 Stephen Smalley Superseded
selinux: fix kernel BUG on prlimit(..., NULL, NULL) 1 - - --- 2017-02-28 Stephen Smalley Accepted
selinux: wrap cgroup seclabel support with its own policy capability - - - --- 2017-02-28 Stephen Smalley Accepted
libsepol: Define cgroup_seclabel policy capability - - - --- 2017-02-28 Stephen Smalley Not Applicable
selinux-testsuite: capable_file: Add dac_override and dac_read_search tests - - - --- 2017-03-02 Stephen Smalley Changes Requested
fs: switch order of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH checks 2 1 - --- 2017-03-10 Stephen Smalley Accepted
python/semanage: fix export of fcontext socket entries - - - --- 2017-03-15 Stephen Smalley Not Applicable
Running Java and JVM on SELinux - - - --- 2017-04-04 Stephen Smalley Not Applicable
[1/2] libsepol: do not seg fault on sepol_*_key_free(NULL) - - - --- 2017-04-10 Stephen Smalley Not Applicable
[2/2] libsemanage: revert "Skip policy module re-link when only setting booleans." - - - --- 2017-04-10 Stephen Smalley Not Applicable
libsemanage: Save linked policy, skip re-link when possible - - - --- 2017-04-11 Stephen Smalley Not Applicable
[v2] libsemanage: Save linked policy, skip re-link when possible - - - --- 2017-04-11 Stephen Smalley Not Applicable
selinux: only invoke capabilities and selinux for CAP_MAC_ADMIN checks - - - --- 2017-04-20 Stephen Smalley Accepted
selinux-testsuite: Add CAP_MAC_ADMIN tests - - - --- 2017-04-20 Stephen Smalley Accepted
[v2] selinux-testsuite: Add CAP_MAC_ADMIN tests - - - --- 2017-04-20 Stephen Smalley Accepted
« 1 2 3 4 »