aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/security
AgeCommit message (Expand)AuthorFilesLines
2025-12-14Merge tag 'tomoyo-pr-20251212' of git://git.code.sf.net/p/tomoyo/tomoyoLinus Torvalds1-7/+2
2025-12-06Merge tag 'landlock-6.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds4-17/+59
2025-12-05Merge tag 'tpmdd-sessions-next-6.19-rc1' of git://git.kernel.org/pub/scm/linu...Linus Torvalds1-8/+33
2025-12-05Merge tag 'pull-persistency' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds4-134/+101
2025-12-05tpm2-sessions: Open code tpm_buf_append_hmac_session()Jarkko Sakkinen1-2/+10
2025-12-05tpm2-sessions: Fix out of range indexing in name_sizeJarkko Sakkinen1-6/+23
2025-12-04Merge tag 'caps-pr-20251204' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds1-12/+22
2025-12-03KEYS: trusted: Use tpm_ret_to_err() in trusted_tpm2Jarkko Sakkinen1-19/+7
2025-12-03Merge tag 'v6.19-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert...Linus Torvalds1-0/+108
2025-12-03Merge tag 'ipe-pr-20251202' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds4-1/+33
2025-12-03Merge tag 'integrity-v6.19' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds4-24/+106
2025-12-03Merge tag 'Smack-for-6.19' of https://github.com/cschaufler/smack-nextLinus Torvalds3-116/+262
2025-12-03Merge tag 'selinux-pr-20251201' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds9-45/+96
2025-12-03Merge tag 'lsm-pr-20251201' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds51-714/+977
2025-12-03Merge tag 'keys-trusted-next-rc1' of git://git.kernel.org/pub/scm/linux/kerne...Linus Torvalds1-21/+8
2025-12-03Merge tag 'keys-next-6.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/g...Linus Torvalds5-8/+7
2025-12-02ipe: Add AT_EXECVE_CHECK support for script enforcementYanzhu Huang4-0/+32
2025-12-02ipe: Drop a duplicated CONFIG_ prefix in the ifdefferyBorislav Petkov (AMD)1-1/+1
2025-12-01Merge tag 'vfs-6.19-rc1.directory.locking' of git://git.kernel.org/pub/scm/li...Linus Torvalds2-6/+17
2025-12-01Merge tag 'kernel-6.19-rc1.cred' of git://git.kernel.org/pub/scm/linux/kernel...Linus Torvalds1-1/+1
2025-12-01Merge tag 'vfs-6.19-rc1.inode' of git://git.kernel.org/pub/scm/linux/kernel/g...Linus Torvalds1-1/+1
2025-12-01tomoyo: Use local kmap in tomoyo_dump_page()Davidlohr Bueso1-7/+2
2025-11-29KEYS: trusted: Fix a memory leak in tpm2_load_cmdJarkko Sakkinen1-2/+4
2025-11-29KEYS: trusted: Replace a redundant instance of tpm2_hash_mapJarkko Sakkinen1-19/+4
2025-11-28landlock: Improve variable scopeMickaël Salaün1-2/+3
2025-11-28landlock: Fix handling of disconnected directoriesMickaël Salaün2-12/+44
2025-11-27keys: Replace deprecated strncpy in ecryptfs_fill_auth_tokThorsten Blum1-2/+1
2025-11-27keys: Remove redundant less-than-zero checksThorsten Blum4-6/+6
2025-11-26landlock: Minor comments improvementsTingmao Wang3-4/+13
2025-11-22Merge tag 'selinux-pr-20251121' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds2-129/+144
2025-11-21ima: Handle error code returned by ima_filter_rule_match()Zhao Yipeng1-1/+1
2025-11-20selinux: rename the cred_security_struct variables to "crsec"Paul Moore2-117/+117
2025-11-20selinux: move avdcache to per-task security structStephen Smalley2-15/+30
2025-11-20selinux: rename task_security_struct to cred_security_structStephen Smalley2-38/+38
2025-11-19lsm: use unrcu_pointer() for current->cred in security_init()Paul Moore1-1/+2
2025-11-19ima: Access decompressed kernel module to verify appended signatureCoiby Xu4-11/+22
2025-11-18Clarify the rootid_owns_currentnsSerge Hallyn1-12/+22
2025-11-17d_make_discardable(): warn if given a non-persistent dentryAl Viro1-4/+9
2025-11-17convert securityfsAl Viro1-21/+12
2025-11-16convert selinuxfsAl Viro1-4/+6
2025-11-16selinuxfs: new helper for attaching files to treeAl Viro1-94/+66
2025-11-16selinuxfs: don't stash the dentry of /policy_capabilitiesAl Viro1-12/+9
2025-11-16convert smackfsAl Viro1-1/+1
2025-11-16configfs, securityfs: kill_litter_super() not neededAl Viro1-1/+1
2025-11-14Add start_renaming_two_dentries()NeilBrown1-2/+13
2025-11-14VFS: introduce start_removing_dentry()NeilBrown1-4/+4
2025-11-12landlock: fix splats from iput() after it started calling might_sleep()Mateusz Guzik1-4/+3
2025-11-11device_cgroup: Refactor devcgroup_seq_show to use seq_put* helpersThorsten Blum1-31/+25
2025-11-11Smack: function parameter 'gfp' not describedCasey Schaufler1-0/+1
2025-11-04cred: make init_cred staticChristian Brauner1-1/+1
2025-10-23selinux: improve bucket distribution uniformity of avc_hash()Hongru Zhang3-6/+14
2025-10-23selinux: Move avtab_hash() to a shared location for future reuseHongru Zhang2-40/+47
2025-10-23selinux: Introduce a new config to make avc cache slot size adjustableHongru Zhang2-3/+14
2025-10-23KEYS: trusted: Pass argument by pointer in dump_optionsHerbert Xu1-5/+5
2025-10-22memfd,selinux: call security_inode_init_security_anon()Thiébaud Weksteen5-5/+30
2025-10-22lsm: add a LSM_STARTED_ALL notification eventPaul Moore1-0/+1
2025-10-22lsm: consolidate all of the LSM framework initcallsPaul Moore4-6/+36
2025-10-22selinux: move initcalls to the LSM frameworkPaul Moore12-40/+107
2025-10-22ima,evm: move initcalls to the LSM frameworkRoberto Sassu6-10/+35
2025-10-22lockdown: move initcalls to the LSM frameworkPaul Moore1-2/+1
2025-10-22apparmor: move initcalls to the LSM frameworkPaul Moore5-6/+13
2025-10-22safesetid: move initcalls to the LSM frameworkPaul Moore3-2/+4
2025-10-22tomoyo: move initcalls to the LSM frameworkPaul Moore3-3/+4
2025-10-22smack: move initcalls to the LSM frameworkPaul Moore4-6/+25
2025-10-22ipe: move initcalls to the LSM frameworkPaul Moore3-3/+4
2025-10-22loadpin: move initcalls to the LSM frameworkPaul Moore1-6/+7
2025-10-22lsm: introduce an initcall mechanism into the LSM frameworkPaul Moore1-0/+89
2025-10-22lsm: group lsm_order_parse() with the other lsm_order_*() functionsPaul Moore1-70/+70
2025-10-22lsm: output available LSMs when debuggingPaul Moore1-1/+18
2025-10-22lsm: cleanup the debug and console output in lsm_init.cPaul Moore3-70/+66
2025-10-22lsm: add/tweak function header comment blocks in lsm_init.cPaul Moore1-5/+12
2025-10-22lsm: fold lsm_init_ordered() into security_init()Paul Moore1-84/+71
2025-10-22lsm: cleanup initialize_lsm() and rename to lsm_init_single()Paul Moore1-10/+15
2025-10-22lsm: cleanup the LSM blob size codePaul Moore1-24/+33
2025-10-22lsm: rename/rework ordered_lsm_parse() to lsm_order_parse()Paul Moore1-45/+37
2025-10-22lsm: rename/rework append_ordered_lsm() into lsm_order_append()Paul Moore1-33/+43
2025-10-22lsm: rename exists_ordered_lsm() to lsm_order_exists()Paul Moore1-5/+8
2025-10-22lsm: rework the LSM enable/disable setter/getter functionsPaul Moore1-31/+31
2025-10-22lsm: get rid of the lsm_names list and do some cleanupPaul Moore2-51/+41
2025-10-22lsm: rework lsm_active_cnt and lsm_idlist[]Paul Moore4-6/+10
2025-10-22lsm: rename the lsm order variables for consistencyPaul Moore1-38/+48
2025-10-22lsm: replace the name field with a pointer to the lsm_id structPaul Moore15-41/+32
2025-10-22lsm: rename ordered_lsm_init() to lsm_init_ordered()Paul Moore1-5/+5
2025-10-22lsm: integrate lsm_early_cred() and lsm_early_task() into callerPaul Moore1-30/+5
2025-10-22lsm: integrate report_lsm_order() code into callerPaul Moore1-21/+12
2025-10-22lsm: introduce looping macros for the initialization codePaul Moore1-15/+27
2025-10-22lsm: consolidate lsm_allowed() and prepare_lsm() into lsm_prepare()Paul Moore1-61/+44
2025-10-22lsm: split the init code out into lsm_init.cPaul Moore4-564/+600
2025-10-22lsm: split the notifier code out into lsm_notifier.cPaul Moore3-24/+32
2025-10-20Coccinelle-based conversion to use ->i_state accessorsMateusz Guzik1-1/+1
2025-10-20KEYS: trusted: caam based protected keyMeenakshi Aggarwal1-0/+108
2025-10-16ima: add fs_subtype condition for distinguishing FUSE instancesJann Horn1-4/+39
2025-10-16ima: add dont_audit action to suppress audit actionsJann Horn1-1/+13
2025-10-13ima: Attach CREDS_CHECK IMA hook to bprm_creds_from_file LSM hookRoberto Sassu1-9/+33
2025-10-05Merge tag 'integrity-v6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds2-5/+19
2025-10-04Merge tag 'keys-next-6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/j...Linus Torvalds4-252/+117
2025-10-04security: keys: use menuconfig for KEYS symbolRandy Dunlap1-8/+6
2025-10-04KEYS: encrypted: Use SHA-256 library instead of crypto_shashEric Biggers2-55/+11
2025-10-03Merge tag 'pull-f_path' of git://git.kernel.org/pub/scm/linux/kernel/git/viro...Linus Torvalds1-7/+7
2025-10-03Merge tag 'pull-qstr' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfsLinus Torvalds3-3/+3
2025-10-03ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattrCoiby Xu1-5/+18
2025-10-03integrity: Select CRYPTO from INTEGRITY_ASYMMETRIC_KEYSEric Biggers1-0/+1
2025-10-02Merge tag 'bitmap-for-6.18' of https://github.com/norov/linuxLinus Torvalds1-0/+10
2025-09-30Merge tag 'lsm-pr-20250926' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds5-61/+116
2025-09-30Merge tag 'selinux-pr-20250926' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds6-25/+22
2025-09-30Merge tag 'audit-pr-20250926' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds4-2/+29
2025-09-29Merge tag 'kernel-6.18-rc1.clone3' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds4-4/+4
2025-09-27KEYS: trusted_tpm1: Move private functionality out of public headerEric Biggers1-8/+72
2025-09-27KEYS: trusted_tpm1: Use SHA-1 library instead of crypto_shashEric Biggers2-190/+36
2025-09-27KEYS: trusted_tpm1: Compare HMAC values in constant timeEric Biggers1-3/+4
2025-09-22rust: add bitmap API.Burak Emir1-0/+10
2025-09-15apparmor/af_unix: constify struct path * argumentsAl Viro1-7/+7
2025-09-15security_dentry_init_security(): constify qstr argumentAl Viro3-3/+3
2025-09-11lsm: CONFIG_LSM can depend on CONFIG_SECURITYRandy Dunlap1-0/+1
2025-09-07selinux: enable per-file labeling for functionfsNeill Kapron4-2/+14
2025-09-03selinux: fix sel_read_bool() allocation and error handlingStephen Smalley1-13/+5
2025-09-01copy_process: pass clone_flags as u64 across calltreeSimon Schuster4-4/+4
2025-09-01fs: add an icount_read helperJosef Bacik1-1/+1
2025-08-30audit: add record for multiple object contextsCasey Schaufler2-2/+6
2025-08-30audit: add record for multiple task security contextsCasey Schaufler3-0/+9
2025-08-30lsm: security_lsmblob_to_secctx module selectionCasey Schaufler1-2/+16
2025-08-18security: use umax() to improve codeQianfeng Rong1-4/+2
2025-08-12selinux: Remove redundant __GFP_NOWARNQianfeng Rong1-7/+6
2025-08-11lsm,selinux: Add LSM blob support for BPF objectsBlaise Boscaccy3-49/+113
2025-08-11lsm: use lsm_blob_alloc() in lsm_bdev_alloc()Paul Moore1-10/+2
2025-08-11selinux: use a consistent method to get full socket from skbTianjia Zhang1-1/+1
2025-08-11selinux: Remove unused function selinux_policycap_netif_wildcard()Yue Haibing1-6/+0
2025-08-04Merge tag 'apparmor-pr-2025-08-04' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds38-430/+2178
2025-08-04apparmor: fix: oops when trying to free null rulesetJohn Johansen1-1/+4
2025-07-31Merge tag 'integrity-v6.17' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds1-0/+26
2025-07-31Merge tag 'caps-pr-20250729' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds1-12/+8
2025-07-31Merge tag 'ipe-pr-20250728' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds2-28/+6
2025-07-30apparmor: fix Regression on linux-next (next-20250721)John Johansen1-0/+1
2025-07-30apparmor: fix test error: WARNING in apparmor_unix_stream_connectJohn Johansen1-2/+3
2025-07-30apparmor: Remove the unused variable rulesJiapeng Chong1-2/+0
2025-07-29Merge tag 'powerpc-6.17-1' of git://git.kernel.org/pub/scm/linux/kernel/git/p...Linus Torvalds1-2/+3
2025-07-28Merge tag 'landlock-6.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds2-27/+43
2025-07-28ipe: use SHA-256 library API instead of crypto_shash APIEric Biggers2-28/+6
2025-07-28Merge tag 'selinux-pr-20250725' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds9-5/+72
2025-07-28Merge tag 'lsm-pr-20250725' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds1-1/+1
2025-07-28Merge tag 'libcrypto-conversions-for-linus' of git://git.kernel.org/pub/scm/l...Linus Torvalds2-75/+13
2025-07-28Merge tag 'hardening-v6.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-19/+26
2025-07-28Merge tag 'vfs-6.17-rc1.fileattr' of git://git.kernel.org/pub/scm/linux/kerne...Linus Torvalds2-0/+44
2025-07-28Merge tag 'pull-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfsLinus Torvalds2-2/+1
2025-07-28Merge tag 'pull-securityfs' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds5-177/+73
2025-07-26kstack_erase: Support Clang stack depth trackingKees Cook1-1/+4
2025-07-21stackleak: Rename stackleak_track_stack to __sanitizer_cov_stack_depthKees Cook1-2/+2
2025-07-21stackleak: Rename STACKLEAK to KSTACK_ERASEKees Cook1-16/+20
2025-07-20apparmor: fix: accept2 being specifie even when permission table is presntJohn Johansen1-1/+2
2025-07-20apparmor: transition from a list of rules to a vector of rulesJohn Johansen15-113/+85
2025-07-20apparmor: fix documentation mismatches in val_mask_to_str and socket functionsPeng Jiang2-3/+23
2025-07-20apparmor: remove redundant perms.allow MAY_EXEC bitflag setRyan Lee1-3/+1
2025-07-20apparmor: fix kernel doc warnings for kernel test robotJohn Johansen2-4/+10
2025-07-20apparmor: Fix unaligned memory accesses in KUnit testHelge Deller1-2/+4
2025-07-20apparmor: Fix 8-byte alignment for initial dfa blob streamsHelge Deller1-2/+2
2025-07-20apparmor: shift uid when mediating af_unix in usernsGabriel Totev1-2/+6
2025-07-20apparmor: shift ouid when mediating hard links in usernsGabriel Totev1-2/+4
2025-07-20apparmor: make sure unix socket labeling is correctly updated.John Johansen6-62/+231
2025-07-19landlock: Fix cosmetic changeMickaël Salaün1-0/+1
2025-07-15apparmor: fix regression in fs based unix sockets when using old abiJohn Johansen2-51/+71
2025-07-15apparmor: fix AA_DEBUG_LABEL()John Johansen1-1/+1
2025-07-15apparmor: fix af_unix auditing to include all address informationJohn Johansen3-10/+18
2025-07-15apparmor: Remove use of the double lockJohn Johansen5-102/+104
2025-07-15apparmor: update kernel doc comments for xxx_label_crit_sectionJohn Johansen1-0/+8
2025-07-15apparmor: make __begin_current_label_crit_section() indicate whether put is n...Mateusz Guzik3-41/+67
2025-07-15Revert "apparmor: use SHA-256 library API instead of crypto_shash API"John Johansen2-13/+75
2025-07-15apparmor: mitigate parser generating large xtablesJohn Johansen3-6/+45
2025-07-14apparmor: use SHA-256 library API instead of crypto_shash APIEric Biggers2-75/+13
2025-07-09integrity/platform_certs: Allow loading of keys in the static key management ...Srish Srinivasan1-2/+3
2025-07-04tree-wide: s/struct fileattr/struct file_kattr/gChristian Brauner2-4/+4
2025-07-01selinux: implement inode_file_[g|s]etattr hooksAndrey Albershteyn1-0/+14
2025-07-01lsm: introduce new hooks for setting/getting inode fsxattrAndrey Albershteyn1-0/+30
2025-06-30smack: fix kernel-doc warnings for smk_import_valid_label()Konstantin Andreev1-2/+4
2025-06-27landlock: Fix warning from KUnit testsTingmao Wang1-27/+42
2025-06-24selinux: don't bother with selinuxfs_info_free() on failuresAl Viro1-2/+0
2025-06-24smack: fix bug: setting task label silently ignores input garbageKonstantin Andreev3-63/+148
2025-06-24smack: fix bug: unprivileged task can create labelsKonstantin Andreev1-14/+27
2025-06-23exec: Correct the permission check for unsafe execEric W. Biederman1-12/+8
2025-06-22smack: fix bug: invalid label of unix socket fileKonstantin Andreev1-14/+44
2025-06-22smack: always "instantiate" inode in smack_inode_init_security()Konstantin Andreev1-3/+7
2025-06-22smack: deduplicate xattr setting in smack_inode_init_security()Konstantin Andreev1-27/+29
2025-06-22smack: fix bug: SMACK64TRANSMUTE set on non-directoryKonstantin Andreev1-12/+14
2025-06-22smack: deduplicate "does access rule request transmutation"Konstantin Andreev1-25/+32
2025-06-19selinux: add __GFP_NOWARN to hashtab_init() allocationsPaul Moore1-1/+2
2025-06-19selinux: optimize selinux_inode_getattr/permission() based on neveraudit|perm...Stephen Smalley2-1/+21
2025-06-19selinux: introduce neveraudit typesStephen Smalley5-1/+48
2025-06-19selinux: change security_compute_sid to return the ssid or tsid on matchStephen Smalley1-5/+11
2025-06-17ipe: don't bother with removal of files in directory we'll be removingAl Viro2-22/+14
2025-06-17evm_secfs: clear securityfs interactionsAl Viro1-8/+7
2025-06-17ima_fs: get rid of lookup-by-dentry stuffAl Viro1-66/+16
2025-06-17ima_fs: don't bother with removal of files in directory we'll be removingAl Viro1-39/+18
2025-06-17apparmor: file never has NULL f_path.mntAl Viro1-1/+1
2025-06-17landlock: opened file never has a negative dentryAl Viro1-1/+0
2025-06-16selinux: fix selinux_xfrm_alloc_user() to set correct ctx_lenStephen Smalley1-1/+1
2025-06-16selinux: add a 5 second sleep to /sys/fs/selinux/userPaul Moore1-0/+1
2025-06-16lsm: trivial comment fixKalevi Kolttonen1-1/+1
2025-06-16ima: add a knob ima= to allow disabling IMA in kdump kernelBaoquan He1-0/+26
2025-06-11make securityfs_remove() remove the entire subtreeAl Viro1-37/+10
2025-06-11securityfs: pin filesystem only for objects directly in rootAl Viro1-8/+13
2025-06-11securityfs: don't pin dentries twice, once is enough...Al Viro1-2/+0
generated by cgit 1.2.3-korg (git 2.43.0) at 2026-01-03 07:31:23 +0000