aboutsummaryrefslogtreecommitdiffstats
path: root/security
AgeCommit message (Expand)AuthorFilesLines
2025-08-04Merge tag 'apparmor-pr-2025-08-04' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds38-430/+2178
2025-08-04apparmor: fix: oops when trying to free null rulesetJohn Johansen1-1/+4
2025-07-31Merge tag 'integrity-v6.17' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds1-0/+26
2025-07-31Merge tag 'caps-pr-20250729' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds1-12/+8
2025-07-31Merge tag 'ipe-pr-20250728' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds2-28/+6
2025-07-30apparmor: fix Regression on linux-next (next-20250721)John Johansen1-0/+1
2025-07-30apparmor: fix test error: WARNING in apparmor_unix_stream_connectJohn Johansen1-2/+3
2025-07-30apparmor: Remove the unused variable rulesJiapeng Chong1-2/+0
2025-07-29Merge tag 'powerpc-6.17-1' of git://git.kernel.org/pub/scm/linux/kernel/git/p...Linus Torvalds1-2/+3
2025-07-28Merge tag 'landlock-6.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds2-27/+43
2025-07-28ipe: use SHA-256 library API instead of crypto_shash APIEric Biggers2-28/+6
2025-07-28Merge tag 'selinux-pr-20250725' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds9-5/+72
2025-07-28Merge tag 'lsm-pr-20250725' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds1-1/+1
2025-07-28Merge tag 'libcrypto-conversions-for-linus' of git://git.kernel.org/pub/scm/l...Linus Torvalds2-75/+13
2025-07-28Merge tag 'hardening-v6.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-19/+26
2025-07-28Merge tag 'vfs-6.17-rc1.fileattr' of git://git.kernel.org/pub/scm/linux/kerne...Linus Torvalds2-0/+44
2025-07-28Merge tag 'pull-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfsLinus Torvalds2-2/+1
2025-07-28Merge tag 'pull-securityfs' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds5-177/+73
2025-07-26kstack_erase: Support Clang stack depth trackingKees Cook1-1/+4
2025-07-21stackleak: Rename stackleak_track_stack to __sanitizer_cov_stack_depthKees Cook1-2/+2
2025-07-21stackleak: Rename STACKLEAK to KSTACK_ERASEKees Cook1-16/+20
2025-07-20apparmor: fix: accept2 being specifie even when permission table is presntJohn Johansen1-1/+2
2025-07-20apparmor: transition from a list of rules to a vector of rulesJohn Johansen15-113/+85
2025-07-20apparmor: fix documentation mismatches in val_mask_to_str and socket functionsPeng Jiang2-3/+23
2025-07-20apparmor: remove redundant perms.allow MAY_EXEC bitflag setRyan Lee1-3/+1
2025-07-20apparmor: fix kernel doc warnings for kernel test robotJohn Johansen2-4/+10
2025-07-20apparmor: Fix unaligned memory accesses in KUnit testHelge Deller1-2/+4
2025-07-20apparmor: Fix 8-byte alignment for initial dfa blob streamsHelge Deller1-2/+2
2025-07-20apparmor: shift uid when mediating af_unix in usernsGabriel Totev1-2/+6
2025-07-20apparmor: shift ouid when mediating hard links in usernsGabriel Totev1-2/+4
2025-07-20apparmor: make sure unix socket labeling is correctly updated.John Johansen6-62/+231
2025-07-19landlock: Fix cosmetic changeMickaël Salaün1-0/+1
2025-07-15apparmor: fix regression in fs based unix sockets when using old abiJohn Johansen2-51/+71
2025-07-15apparmor: fix AA_DEBUG_LABEL()John Johansen1-1/+1
2025-07-15apparmor: fix af_unix auditing to include all address informationJohn Johansen3-10/+18
2025-07-15apparmor: Remove use of the double lockJohn Johansen5-102/+104
2025-07-15apparmor: update kernel doc comments for xxx_label_crit_sectionJohn Johansen1-0/+8
2025-07-15apparmor: make __begin_current_label_crit_section() indicate whether put is n...Mateusz Guzik3-41/+67
2025-07-15Revert "apparmor: use SHA-256 library API instead of crypto_shash API"John Johansen2-13/+75
2025-07-15apparmor: mitigate parser generating large xtablesJohn Johansen3-6/+45
2025-07-14apparmor: use SHA-256 library API instead of crypto_shash APIEric Biggers2-75/+13
2025-07-09integrity/platform_certs: Allow loading of keys in the static key management ...Srish Srinivasan1-2/+3
2025-07-04tree-wide: s/struct fileattr/struct file_kattr/gChristian Brauner2-4/+4
2025-07-01selinux: implement inode_file_[g|s]etattr hooksAndrey Albershteyn1-0/+14
2025-07-01lsm: introduce new hooks for setting/getting inode fsxattrAndrey Albershteyn1-0/+30
2025-06-27landlock: Fix warning from KUnit testsTingmao Wang1-27/+42
2025-06-24selinux: don't bother with selinuxfs_info_free() on failuresAl Viro1-2/+0
2025-06-23exec: Correct the permission check for unsafe execEric W. Biederman1-12/+8
2025-06-19selinux: add __GFP_NOWARN to hashtab_init() allocationsPaul Moore1-1/+2
2025-06-19selinux: optimize selinux_inode_getattr/permission() based on neveraudit|perm...Stephen Smalley2-1/+21
2025-06-19selinux: introduce neveraudit typesStephen Smalley5-1/+48
2025-06-19selinux: change security_compute_sid to return the ssid or tsid on matchStephen Smalley1-5/+11
2025-06-17ipe: don't bother with removal of files in directory we'll be removingAl Viro2-22/+14
2025-06-17evm_secfs: clear securityfs interactionsAl Viro1-8/+7
2025-06-17ima_fs: get rid of lookup-by-dentry stuffAl Viro1-66/+16
2025-06-17ima_fs: don't bother with removal of files in directory we'll be removingAl Viro1-39/+18
2025-06-17apparmor: file never has NULL f_path.mntAl Viro1-1/+1
2025-06-17landlock: opened file never has a negative dentryAl Viro1-1/+0
2025-06-16selinux: fix selinux_xfrm_alloc_user() to set correct ctx_lenStephen Smalley1-1/+1
2025-06-16selinux: add a 5 second sleep to /sys/fs/selinux/userPaul Moore1-0/+1
2025-06-16lsm: trivial comment fixKalevi Kolttonen1-1/+1
2025-06-16ima: add a knob ima= to allow disabling IMA in kdump kernelBaoquan He1-0/+26
2025-06-11make securityfs_remove() remove the entire subtreeAl Viro1-37/+10
2025-06-11securityfs: pin filesystem only for objects directly in rootAl Viro1-8/+13
2025-06-11securityfs: don't pin dentries twice, once is enough...Al Viro1-2/+0
2025-06-11KEYS: Invert FINAL_PUT bitHerbert Xu2-4/+5
2025-05-31Merge tag 'gcc-minimum-version-6.16' of git://git.kernel.org/pub/scm/linux/ke...Linus Torvalds1-76/+0
2025-05-29Merge tag 'ipe-pr-20250527' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds4-26/+63
2025-05-28Merge tag 'net-next-6.16' of git://git.kernel.org/pub/scm/linux/kernel/git/ne...Linus Torvalds5-70/+2
2025-05-28Merge tag 'selinux-pr-20250527' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds11-85/+232
2025-05-28Merge tag 'lsm-pr-20250527' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds1-18/+18
2025-05-28Merge tag 'integrity-v6.16' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds4-33/+185
2025-05-28Merge tag 'Smack-for-6.16' of https://github.com/cschaufler/smack-nextLinus Torvalds1-7/+5
2025-05-28Merge tag 'hardening-v6.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-1/+1
2025-05-27ipe: add errno field to IPE policy load auditingJasjiv Singh4-26/+63
2025-05-26Merge tag 'vfs-6.16-rc1.async.dir' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds3-5/+5
2025-05-25apparmor: Document that label must be last member in struct aa_profileJohn Johansen1-1/+8
2025-05-25apparmor: make debug_values_table staticJohn Johansen1-1/+1
2025-05-25apparmor: force auditing of conflicting attachment execs from confinedRyan Lee1-0/+9
2025-05-25apparmor: include conflicting attachment info for confined ix/ux fallbackRyan Lee1-2/+33
2025-05-25apparmor: move the "conflicting profile attachments" infostr to a const decla...Ryan Lee1-1/+3
2025-05-25apparmor: force audit on unconfined exec if info is set by find_attachRyan Lee1-0/+16
2025-05-25apparmor: make all generated string array headers const char *constRyan Lee1-2/+2
2025-05-25apparmor: fix loop detection used in conflicting attachment resolutionRyan Lee2-15/+12
2025-05-22Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski3-5/+35
2025-05-19security/smack/smackfs: small kernel-doc fixesRandy Dunlap1-7/+5
2025-05-17apparmor: ensure WB_HISTORY_SIZE value is a power of 2Ryan Lee2-1/+3
2025-05-17apparmor: fix some kernel-doc issues in header filesRandy Dunlap5-8/+8
2025-05-17apparmor: Fix incorrect profile->signal range checkColin Ian King1-1/+1
2025-05-17apparmor: use SHA-256 library API instead of crypto_shash APIEric Biggers2-75/+13
2025-05-17security/apparmor: use kfree_sensitive() in unpack_secmark()Zilin Guan1-2/+2
2025-05-14ima: do not copy measurement list to kdump kernelSteven Chen1-0/+3
2025-05-12landlock: Improve bit operations in audit codeMickaël Salaün3-4/+34
2025-05-08Revert "hardening: Disable GCC randstruct for COMPILE_TEST"Kees Cook1-1/+1
2025-05-03landlock: Remove KUnit test that triggers a warningMickaël Salaün1-1/+1
2025-05-01Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski3-17/+16
2025-04-30Kbuild: remove structleak gcc pluginArnd Bergmann1-76/+0
2025-04-29ima: measure kexec load and exec events as critical dataSteven Chen3-0/+32
2025-04-29ima: make the kexec extra memory configurableSteven Chen2-5/+22
2025-04-29ima: verify if the segment size has changedSteven Chen1-0/+10
2025-04-29ima: kexec: move IMA log copy from kexec load to executeSteven Chen1-14/+29
2025-04-29ima: kexec: define functions to copy IMA log at soft bootSteven Chen1-0/+47
2025-04-29ima: kexec: skip IMA segment validation after kexec soft rebootSteven Chen1-0/+3
2025-04-29ima: define and call ima_alloc_kexec_file_buf()Steven Chen1-11/+35
2025-04-29ima: rename variable the seq_file "file" to "ima_kexec_file"Steven Chen1-15/+16
2025-04-24Merge tag 'landlock-6.15-rc4' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds3-17/+16
2025-04-24Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski2-2/+4
2025-04-22lsm: Move security_netlink_send to under CONFIG_SECURITY_NETWORKSong Liu1-18/+18
2025-04-22ima: process_measurement() needlessly takes inode_lock() on MAY_READFrederick Lawler1-1/+3
2025-04-17landlock: Fix documentation for landlock_restrict_self(2)Mickaël Salaün1-6/+6
2025-04-17landlock: Fix documentation for landlock_create_ruleset(2)Mickaël Salaün1-8/+7
2025-04-15hardening: Disable GCC randstruct for COMPILE_TESTKees Cook1-1/+1
2025-04-12selinux: fix the kdoc header for task_avdcache_updatePaul Moore1-1/+1
2025-04-12selinux: remove a duplicated includePaul Moore1-1/+0
2025-04-11net: Retire DCCP socket.Kuniyuki Iwashima5-70/+2
2025-04-11selinux: reduce path walk overheadPaul Moore2-54/+185
2025-04-11selinux: support wildcard match in genfsconTakaya Saeki3-4/+17
2025-04-11selinux: drop copy-paste commentChristian Göttsche1-6/+0
2025-04-11selinux: unify OOM handling in network hashtablesChristian Göttsche4-9/+19
2025-04-11selinux: add likely hints for fast pathsChristian Göttsche3-3/+3
2025-04-11selinux: contify network namespace pointerChristian Göttsche1-1/+1
2025-04-11selinux: constify network address pointerChristian Göttsche4-8/+8
2025-04-11landlock: Log the TGID of the domain creatorMickaël Salaün1-2/+2
2025-04-08landlock: Remove incorrect warningMickaël Salaün1-1/+1
2025-04-08Use try_lookup_noperm() instead of d_hash_and_lookup() outside of VFSNeilBrown1-2/+2
2025-04-08VFS: rename lookup_one_len family to lookup_noperm and remove permission checkNeilBrown2-3/+3
2025-04-01mseal sysmap: kernel config and header changeJeff Xu1-0/+21
2025-04-01Merge tag 'driver-core-6.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel...Linus Torvalds1-2/+5
2025-03-30Merge tag 'bpf-next-6.15' of git://git.kernel.org/pub/scm/linux/kernel/git/bp...Linus Torvalds2-9/+12
2025-03-29Merge tag 'v6.15-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert...Linus Torvalds1-1/+1
2025-03-28Merge tag 'landlock-6.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds25-264/+2283
2025-03-28Merge tag 'caps-pr-20250327' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds1-4/+5
2025-03-28Merge tag 'integrity-v6.15' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds2-6/+15
2025-03-28Merge tag 'ipe-pr-20250324' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds1-2/+6
2025-03-27ima: limit the number of ToMToU integrity violationsMimi Zohar2-4/+5
2025-03-27ima: limit the number of open-writers integrity violationsMimi Zohar2-2/+10
2025-03-26Merge tag 'sysctl-6.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds1-0/+11
2025-03-26landlock: Add LANDLOCK_RESTRICT_SELF_LOG_SUBDOMAINS_OFFMickaël Salaün3-7/+43
2025-03-26landlock: Add LANDLOCK_RESTRICT_SELF_LOG_*_EXEC_* flagsMickaël Salaün5-12/+63
2025-03-26landlock: Log scoped denialsMickaël Salaün5-18/+97
2025-03-26landlock: Log TCP bind and connect denialsMickaël Salaün3-4/+60
2025-03-26landlock: Log truncate and IOCTL denialsMickaël Salaün7-6/+307
2025-03-26landlock: Factor out IOCTL hooksMickaël Salaün1-21/+11
2025-03-26landlock: Log file-related denialsMickaël Salaün3-16/+233
2025-03-26landlock: Log mount-related denialsMickaël Salaün4-41/+74
2025-03-26landlock: Add AUDIT_LANDLOCK_DOMAIN and log domain statusMickaël Salaün6-4/+285
2025-03-26landlock: Add AUDIT_LANDLOCK_ACCESS and log ptrace denialsMickaël Salaün7-24/+336
2025-03-26landlock: Identify domain execution crossingMickaël Salaün3-6/+59
2025-03-26landlock: Prepare to use credential instead of domain for fownerMickaël Salaün3-21/+39
2025-03-26landlock: Prepare to use credential instead of domain for scopeMickaël Salaün1-24/+28
2025-03-26landlock: Prepare to use credential instead of domain for networkMickaël Salaün1-15/+12
2025-03-26landlock: Prepare to use credential instead of domain for filesystemMickaël Salaün2-30/+92
2025-03-26landlock: Move domain hierarchy managementMickaël Salaün4-34/+53
2025-03-26landlock: Add unique ID generatorMickaël Salaün5-0/+282
2025-03-26lsm: Add audit_log_lsm_data() helperMickaël Salaün1-9/+18
2025-03-26landlock: Always allow signals between threads of the same processMickaël Salaün3-6/+64
2025-03-25Merge tag 'Smack-for-6.15' of https://github.com/cschaufler/smack-nextLinus Torvalds4-52/+43
2025-03-25Merge tag 'selinux-pr-20250323' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds7-16/+73
2025-03-25Merge tag 'lsm-pr-20250323' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds4-6/+31
2025-03-24Merge tag 'hardening-v6.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds4-29/+36
2025-03-24ipe: policy_fs: fix kernel-doc warningsRandy Dunlap1-2/+6
2025-03-24Merge tag 'vfs-6.15-rc1.async.dir' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds1-4/+4
2025-03-24Merge tag 'vfs-6.15-rc1.mount' of git://git.kernel.org/pub/scm/linux/kernel/g...Linus Torvalds2-1/+4
2025-03-24Merge tag 'vfs-6.15-rc1.misc' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds1-1/+1
2025-03-22keys: Fix UAF in key_put()David Howells2-1/+5
2025-03-21landlock: Prepare to add second errataMickaël Salaün1-0/+12
2025-03-21landlock: Add erratum for TCP fixMickaël Salaün1-0/+15
2025-03-21landlock: Add the errata interfaceMickaël Salaün4-4/+138
2025-03-21landlock: Move code to ease future backportsMickaël Salaün1-5/+5
2025-03-21crypto: lib/Kconfig - hide library optionsArnd Bergmann1-1/+1
2025-03-17selinux: get netif_wildcard policycap from policy instead of cacheChristian Göttsche1-2/+1
2025-03-15security: Propagate caller information in bpf hooksBlaise Boscaccy2-9/+12
2025-03-10lsm: remove old email address for Stephen SmalleyStephen Smalley1-1/+1
2025-03-10Merge 6.14-rc6 into driver-core-nextGreg Kroah-Hartman6-10/+15
2025-03-08hardening: Enable i386 FORTIFY_SOURCE on Clang 16+Kees Cook1-1/+1
2025-03-08vfs: Remove invalidate_inodes()Jan Kara1-1/+1
2025-03-07capability: Remove unused has_capabilityDr. David Alan Gilbert1-4/+5
2025-03-07yama: don't abuse rcu_read_lock/get_task_struct in yama_task_prctl()Oleg Nesterov1-7/+2
2025-03-07selinux: support wildcard network interface namesChristian Göttsche4-4/+22
2025-03-03loadpin: remove MODULE_COMPRESS_NONE as it is no longer supportedArulpandiyan Vadivel1-1/+1
2025-02-28fortify: Move FORTIFY_SOURCE under 'Kernel hardening options'Mel Gorman2-9/+9
2025-02-28mm: security: Allow default HARDENED_USERCOPY to be set at compile timeMel Gorman1-0/+8
2025-02-28mm: security: Move hardened usercopy under 'Kernel hardening options'Mel Gorman2-12/+16
2025-02-27Change inode_operations.mkdir to return struct dentry *NeilBrown1-4/+4
2025-02-27selinux: add FILE__WATCH_MOUNTNSMiklos Szeredi2-1/+4
2025-02-26selinux: add permission checks for loading other kinds of kernel files"Kipp N. Davis"2-11/+51
2025-02-26Merge tag 'landlock-6.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds2-3/+2
2025-02-26Merge tag 'integrity-v6.14-fix' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds4-7/+13
2025-02-26perf: Remove unnecessary parameter of security checkLuo Gengkun2-4/+3
2025-02-17Merge 6.14-rc3 into driver-core-nextGreg Kroah-Hartman4-41/+117
2025-02-16smack: recognize ipv4 CIPSO w/o categoriesKonstantin Andreev1-0/+4
2025-02-16smack: Revert "smackfs: Added check catlen"Konstantin Andreev1-14/+3
2025-02-15kernfs: Use RCU to access kernfs_node::name.Sebastian Andrzej Siewior1-2/+5
2025-02-14landlock: Fix non-TCP sockets restrictionMikhail Ivanov1-2/+1
2025-02-14landlock: Fix grammar errorTanya Agarwal1-1/+1
2025-02-13smack: remove /smack/logging if audit is not configuredKonstantin Andreev3-6/+14
2025-02-13smack: ipv4/ipv6: tcp/dccp/sctp: fix incorrect child socket labelKonstantin Andreev1-24/+0
2025-02-12smack: dont compile ipv6 code unless ipv6 is configuredKonstantin Andreev2-1/+15
2025-02-11Smack: fix typos and spelling errorsCasey Schaufler4-7/+7
2025-02-11Merge tag 'tomoyo-pr-20250211' of git://git.code.sf.net/p/tomoyo/tomoyoLinus Torvalds4-41/+117
generated by cgit 1.2.3-korg (git 2.43.0) at 2026-01-06 02:21:09 +0000