aboutsummaryrefslogtreecommitdiffstats
path: root/security
AgeCommit message (Expand)AuthorFilesLines
2024-09-27Merge tag 'tomoyo-pr-20240927' of git://git.code.sf.net/p/tomoyo/tomoyoLinus Torvalds12-121/+583
2024-09-25tomoyo: fallback to realpath if symlink's pathname does not existTetsuo Handa1-3/+6
2024-09-24Merge tag 'bpf-next-6.12-struct-fd' of git://git.kernel.org/pub/scm/linux/ker...Linus Torvalds2-2/+2
2024-09-24Merge tag 'landlock-6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds8-9/+269
2024-09-24Merge tag 'lsm-pr-20240923' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds3-11/+5
2024-09-24tomoyo: allow building as a loadable LSM moduleTetsuo Handa8-4/+467
2024-09-23ipe: Add missing terminator to list of unit testsGuenter Roeck1-0/+1
2024-09-23Merge tag 'pull-stable-struct_fd' of git://git.kernel.org/pub/scm/linux/kerne...Linus Torvalds3-15/+15
2024-09-23tomoyo: preparation step for building as a loadable LSM moduleTetsuo Handa6-116/+112
2024-09-21Merge tag 'bpf-next-6.12' of git://git.kernel.org/pub/scm/linux/kernel/git/bp...Linus Torvalds1-1/+0
2024-09-19selinux,smack: properly reference the LSM blob in security_watch_key()Paul Moore2-11/+4
2024-09-19Merge tag 'Smack-for-6.12' of https://github.com/cschaufler/smack-nextLinus Torvalds2-3/+3
2024-09-16landlock: Add signal scopingTahera Fahimi5-2/+90
2024-09-16landlock: Add abstract UNIX socket scopingTahera Fahimi5-8/+180
2024-09-16Merge tag 'lsm-pr-20240911' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds41-409/+4127
2024-09-16Merge tag 'selinux-pr-20240911' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds8-76/+68
2024-09-16Merge tag 'vfs-6.12.procfs' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds1-0/+32
2024-09-16Merge tag 'vfs-6.12.file' of git://git.kernel.org/pub/scm/linux/kernel/git/vf...Linus Torvalds2-2/+2
2024-09-12security,bpf: constify struct path in bpf_token_create() LSM hookAndrii Nakryiko2-2/+2
2024-09-11bpf: lsm: Set bpf_lsm_blob_sizes.lbs_task to 0Song Liu1-1/+0
2024-09-09security: Update file_set_fowner documentationMickaël Salaün1-0/+2
2024-09-03selinux: fix style problems in security/selinux/include/audit.hPaul Moore1-23/+23
2024-09-03smackfs: Use rcu_assign_pointer() to ensure safe assignment in smk_set_cipsoJiawei Ye1-1/+1
2024-09-01Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/...Linus Torvalds1-3/+3
2024-08-31Merge tag 'lsm-pr-20240830' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds2-4/+4
2024-08-30proc: add config & param to block forcing mem writesAdrian Ratiu1-0/+32
2024-08-29lsm: Use IS_ERR_OR_NULL() helper functionHongbo Li1-1/+1
2024-08-28selinux,smack: don't bypass permissions check in inode_setsecctx hookScott Mayhew2-4/+4
2024-08-28selinux: simplify avc_xperms_audit_required()Zhen Lei1-2/+2
2024-08-28selinux: mark both IPv4 and IPv6 accepted connection sockets as labeledGuido Trentalancia1-1/+1
2024-08-28file: reclaim 24 bytes from f_ownerChristian Brauner2-2/+2
2024-08-27selinux: replace kmem_cache_create() with KMEM_CACHE()Eric Suen4-23/+8
2024-08-26lsm: remove LSM_COUNT and LSM_CONFIG_COUNTTetsuo Handa1-33/+4
2024-08-26selinux: annotate false positive data race to avoid KCSAN warningsStephen Smalley1-1/+6
2024-08-25apparmor: fix policy_unpack_test on big endian systemsGuenter Roeck1-3/+3
2024-08-22security: smack: Fix indentation in smack_netfilter.cGiSeong Ji1-2/+2
2024-08-22ipe: Remove duplicated include in ipe.cYang Li1-1/+0
2024-08-22lsm: replace indirect LSM hook calls with static callsKP Singh1-64/+155
2024-08-20ipe: kunit test for parserDeven Bowers3-0/+316
2024-08-20scripts: add boot policy generation programDeven Bowers5-0/+43
2024-08-20ipe: enable support for fs-verity as a trust providerFan Wu10-1/+237
2024-08-20lsm: add security_inode_setintegrity() hookFan Wu1-0/+20
2024-08-20ipe: add support for dm-verity as a trust providerDeven Bowers14-15/+460
2024-08-20block,lsm: add LSM blob and new LSM hooks for block devicesDeven Bowers1-0/+103
2024-08-20ipe: add permissive toggleDeven Bowers5-4/+102
2024-08-20audit,ipe: add IPE auditing supportDeven Bowers10-18/+381
2024-08-20ipe: add userspace interfaceDeven Bowers8-0/+727
2024-08-20lsm: add new securityfs delete functionFan Wu1-0/+25
2024-08-20ipe: introduce 'boot_verified' as a trust providerFan Wu8-6/+101
2024-08-20initramfs,lsm: add a security hook to do_populate_rootfs()Fan Wu1-0/+10
2024-08-20ipe: add LSM hooks on execution and kernel readDeven Bowers6-0/+235
2024-08-20ipe: add evaluation loopDeven Bowers3-0/+127
2024-08-20ipe: add policy parserDeven Bowers5-0/+697
2024-08-19lsm: add IPE lsmDeven Bowers7-6/+93
2024-08-15KEYS: trusted: dcp: fix leak of blob encryption keyDavid Gstir1-12/+21
2024-08-15KEYS: trusted: fix DCP blob payload length assignmentDavid Gstir1-1/+1
2024-08-15lockdown: Make lockdown_lsmid staticYue Haibing1-1/+1
2024-08-12introduce fd_file(), convert all accessors to it.Al Viro3-15/+15
2024-08-12lsm: add the inode_free_security_rcu() LSM implementation hookPaul Moore5-33/+32
2024-08-12lsm: cleanup lsm_hooks.hPaul Moore1-1/+1
2024-08-08selinux: revert our use of vma_is_initial_heap()Paul Moore1-1/+11
2024-08-07selinux: add the processing of the failure of avc_add_xperms_decision()Zhen Lei1-1/+5
2024-08-06selinux: fix potential counting error in avc_add_xperms_decision()Zhen Lei1-1/+1
2024-07-31lsm: Refactor return value of LSM hook inode_copy_up_xattrXu Kuohai4-14/+9
2024-07-31lsm: Refactor return value of LSM hook vm_enough_memoryXu Kuohai3-25/+12
2024-07-29lsm: infrastructure management of the perf_event security blobCasey Schaufler3-16/+28
2024-07-29lsm: infrastructure management of the infiniband blobCasey Schaufler3-15/+23
2024-07-29lsm: infrastructure management of the dev_tun blobCasey Schaufler3-18/+26
2024-07-29lsm: add helper for blob allocationsCasey Schaufler1-64/+33
2024-07-29lsm: infrastructure management of the key security blobCasey Schaufler5-37/+68
2024-07-29lsm: infrastructure management of the sock securityCasey Schaufler10-113/+132
2024-07-29selinux: refactor code to return ERR_PTR in selinux_netlbl_sock_genattrGaosheng Cui1-9/+9
2024-07-29selinux: Streamline type determination in security_compute_sidCanfeng Guo1-17/+19
2024-07-27Merge tag 'apparmor-pr-2024-07-25' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds8-34/+65
2024-07-27Merge tag 'landlock-6.11-rc1-houdini-fix' of git://git.kernel.org/pub/scm/lin...Linus Torvalds1-2/+9
2024-07-24sysctl: treewide: constify the ctl_table argument of proc_handlersJoel Granados3-3/+3
2024-07-24apparmor: unpack transition table if dfa is not presentGeorgia Garcia1-17/+25
2024-07-24apparmor: try to avoid refing the label in apparmor_file_openMateusz Guzik2-2/+23
2024-07-24apparmor: test: add MODULE_DESCRIPTION()Jeff Johnson1-0/+1
2024-07-24apparmor: take nosymfollow flag into accountAlexander Mikhalitsyn1-0/+2
2024-07-24landlock: Don't lose track of restrictions on cred_transferJann Horn1-2/+9
2024-07-20Merge tag 'landlock-6.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds4-29/+18
2024-07-19Merge tag 'v6.11-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert...Linus Torvalds1-2/+1
2024-07-18landlock: Various documentation improvementsGünther Noack1-8/+9
2024-07-16Merge tag 'perf-core-2024-07-16' of git://git.kernel.org/pub/scm/linux/kernel...Linus Torvalds1-1/+1
2024-07-16Merge tag 'Smack-for-6.10' of https://github.com/cschaufler/smack-nextLinus Torvalds1-4/+10
2024-07-16Merge tag 'lsm-pr-20240715' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds3-42/+100
2024-07-16Merge tag 'selinux-pr-20240715' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-1/+1
2024-07-15Merge tag 'keys-next-6.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/g...Linus Torvalds2-0/+2
2024-07-09selinux,smack: remove the capability checks in the removexattr hooksPaul Moore2-10/+3
2024-07-09task_work: s/task_work_cancel()/task_work_cancel_func()/Frederic Weisbecker1-1/+1
2024-07-08landlock: Use bit-fields for storing handled layer access masksGünther Noack3-21/+9
2024-07-05Merge tag 'integrity-v6.10-fix' of ssh://ra.kernel.org/pub/scm/linux/kernel/g...Linus Torvalds1-2/+1
2024-07-02selinux: Use 1UL for EBITMAP_BIT to match maps typeCanfeng Guo1-1/+1
2024-07-01KEYS: encrypted: add missing MODULE_DESCRIPTION()Jeff Johnson1-0/+1
2024-07-01KEYS: trusted: add missing MODULE_DESCRIPTION()Jeff Johnson1-0/+1
2024-06-19smack: unix sockets: fix accept()ed socket labelKonstantin Andreev1-3/+9
2024-06-17Merge tag 'lsm-pr-20240617' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds8-17/+27
2024-06-17Merge tag 'mm-hotfixes-stable-2024-06-17-11-43' of git://git.kernel.org/pub/s...Linus Torvalds1-15/+0
2024-06-17Merge tag 'hardening-v6.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-0/+1
2024-06-15Revert "mm: init_mlocked_on_free_v3"David Hildenbrand1-15/+0
2024-06-13ima: Avoid blocking in RCU read-side critical sectionGUO Zihua8-17/+27
2024-06-07crypto: sm2 - Remove sm2 algorithmHerbert Xu1-2/+1
2024-06-06yama: document function parameterChristian Göttsche1-0/+1
2024-06-05smack: tcp: ipv4, fix incorrect labelingCasey Schaufler1-1/+1
2024-06-03lsm: fixup the inode xattr capability handlingPaul Moore3-32/+97
2024-06-03ima: fix wrong zero-assignment during securityfs dentry removeEnrico Bravi1-2/+1
2024-06-03tomoyo: update project linksTetsuo Handa2-2/+2
2024-05-31landlock: Fix d_parent walkMickaël Salaün1-2/+11
2024-05-24Merge tag 'hardening-v6.10-rc1-fixes' of git://git.kernel.org/pub/scm/linux/k...Linus Torvalds1-0/+3
2024-05-21KEYS: trusted: Do not use WARN when encode failsJarkko Sakkinen1-1/+2
2024-05-21KEYS: trusted: Fix memory leak in tpm2_key_encode()Jarkko Sakkinen1-6/+18
2024-05-19Merge tag 'mm-stable-2024-05-17-19-19' of git://git.kernel.org/pub/scm/linux/...Linus Torvalds1-0/+15
2024-05-18loadpin: Prevent SECURITY_LOADPIN_ENFORCE=y without module decompressionStephen Boyd1-0/+3
2024-05-18Merge tag 'kbuild-v6.10' of git://git.kernel.org/pub/scm/linux/kernel/git/mas...Linus Torvalds1-1/+1
2024-05-18Merge tag 'landlock-6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds3-5/+224
2024-05-15Merge tag 'integrity-v6.10' of ssh://ra.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds17-90/+325
2024-05-15Merge tag 'selinux-pr-20240513' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds12-126/+146
2024-05-15Merge tag 'lsm-pr-20240513' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds4-4/+0
2024-05-14Merge tag 'net-next-6.10' of git://git.kernel.org/pub/scm/linux/kernel/git/ne...Linus Torvalds2-2/+6
2024-05-13netlabel: fix RCU annotation for IPv4 options on socket creationDavide Caratti2-2/+6
2024-05-13Merge tag 'keys-next-6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/g...Linus Torvalds3-24/+30
2024-05-13Merge tag 'tpmdd-next-6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds2-53/+106
2024-05-13landlock: Add IOCTL access right for character and block devicesGünther Noack3-5/+224
2024-05-10apparmor: fix possible NULL pointer dereferenceLeesoo Ahn1-0/+4
2024-05-10apparmor: fix typo in kernel docChristian Göttsche1-1/+1
2024-05-10apparmor: remove useless static inline function is_deletedColin Ian King1-13/+0
2024-05-10apparmor: use kvfree_sensitive to free data->dataFedor Pchelkin2-1/+2
2024-05-10apparmor: Fix null pointer deref when receiving skb during sock creationXiao Liang1-0/+7
2024-05-10kbuild: use $(src) instead of $(srctree)/$(src) for source directoryMasahiro Yamada1-1/+1
2024-05-09KEYS: trusted: Add session encryption protection to the seal/unseal pathJames Bottomley1-27/+61
2024-05-09KEYS: trusted: tpm2: Use struct tpm_buf for sized buffersJarkko Sakkinen1-23/+31
2024-05-09tpm: Store the length of the tpm_buf data separately.Jarkko Sakkinen1-4/+5
2024-05-09tpm: Remove tpm_send()Jarkko Sakkinen1-2/+12
2024-05-09docs: trusted-encrypted: add DCP as new trust sourceDavid Gstir1-0/+19
2024-05-09KEYS: trusted: Introduce NXP DCP-backed trusted keysDavid Gstir4-1/+328
2024-05-09KEYS: trusted: improve scalability of trust source configDavid Gstir1-2/+8
2024-05-09keys: Fix overwrite of key expiration on instantiationSilvio Gissi1-1/+2
2024-05-09keys: update key quotas in key_put()Luis Henriques3-23/+28
2024-04-30selinux: constify source policy in cond_policydb_dup()Christian Göttsche4-14/+17
2024-04-30selinux: avoid printk_ratelimit()Christian Göttsche1-2/+1
2024-04-30selinux: pre-allocate the status pageChristian Göttsche1-0/+6
2024-04-25mm: init_mlocked_on_free_v3York Jasper Niebuhr1-0/+15
2024-04-15lsm: remove the now superfluous sentinel element from ctl_table arrayJoel Granados4-4/+0
2024-04-12ima: add crypto agility support for template-hash algorithmEnrico Bravi4-18/+132
2024-04-09evm: Rename is_unsupported_fs to is_unsupported_hmac_fsStefan Berger1-9/+10
2024-04-09fs: Rename SB_I_EVM_UNSUPPORTED to SB_I_EVM_HMAC_UNSUPPORTEDStefan Berger1-1/+1
2024-04-09evm: Enforce signatures on unsupported filesystem for EVM_INIT_X509Stefan Berger1-5/+7
2024-04-09ima: re-evaluate file integrity on file metadata changeStefan Berger1-1/+13
2024-04-09evm: Store and detect metadata inode attributes changesStefan Berger3-10/+49
2024-04-09ima: Move file-change detection variables into new structureStefan Berger4-13/+10
2024-04-09evm: Use the metadata inode to calculate metadata hashStefan Berger1-1/+1
2024-04-09evm: Implement per signature type decision in security_inode_copy_up_xattrStefan Berger1-3/+28
2024-04-09security: allow finer granularity in permitting copy-up of security xattrsStefan Berger4-5/+6
2024-04-09ima: Rename backing_inode to real_inodeStefan Berger1-8/+10
2024-04-08integrity: Avoid -Wflex-array-member-not-at-end warningsGustavo A. R. Silva7-15/+31
2024-04-08ima: define an init_module critical data recordMimi Zohar1-0/+7
2024-04-08ima: Fix use-after-free on a dentry's dname.nameStefan Berger2-7/+26
2024-04-04selinux: clarify return code in filename_trans_read_helper_compat()Ondrej Mosnacek1-0/+1
2024-04-03security: Place security_path_post_mknod() where the original IMA call wasRoberto Sassu1-2/+2
2024-04-01selinux: avoid dereference of garbage after mount failureChristian Göttsche1-5/+7
2024-03-27selinux: use u32 as bit position type in ebitmap codeChristian Göttsche2-35/+34
2024-03-27selinux: improve symtab string hashingChristian Göttsche1-11/+11
2024-03-27selinux: dump statistics for more hash tablesChristian Göttsche2-7/+19
2024-03-27selinux: make more use of current_sid()Christian Göttsche2-21/+8
2024-03-27selinux: update numeric format specifiers for ebitmapsChristian Göttsche1-6/+6
2024-03-26selinux: improve error checking in sel_write_load()Paul Moore1-14/+16
2024-03-26selinux: cleanup selinux_lsm_getattr()Paul Moore1-18/+18
2024-03-26selinux: reject invalid ebitmapsChristian Göttsche1-0/+11
2024-03-14Merge tag 'mm-nonmm-stable-2024-03-14-09-36' of git://git.kernel.org/pub/scm/...Linus Torvalds1-2/+0
2024-03-14Merge tag 'lsm-pr-20240314' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds5-18/+24
2024-03-14Merge tag 'landlock-6.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds10-23/+293
2024-03-14lsm: handle the NULL buffer case in lsm_fill_user_ctx()Paul Moore1-1/+7
2024-03-14lsm: use 32-bit compatible data types in LSM syscallsCasey Schaufler5-17/+17
2024-03-12Merge tag 'lsm-pr-20240312' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds21-832/+1020
2024-03-12Merge tag 'selinux-pr-20240312' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds22-731/+724
2024-03-12Merge tag 'net-next-6.9' of git://git.kernel.org/pub/scm/linux/kernel/git/net...Linus Torvalds2-26/+122
2024-03-12Merge tag 'Smack-for-6.9' of https://github.com/cschaufler/smack-nextLinus Torvalds1-46/+56
2024-03-08landlock: Use f_cred in security_file_open() hookMickaël Salaün1-7/+11
2024-03-08landlock: Rename "ptrace" files to "task"Mickaël Salaün4-9/+9
2024-03-08landlock: Simplify current_check_access_socket()Mickaël Salaün1-4/+3
2024-03-07Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski2-2/+4
2024-03-07landlock: Warn once if a Landlock action is requested while disabledMickaël Salaün1-3/+15
2024-03-05Merge tag 'integrity-v6.8-fix' of git://git.kernel.org/pub/scm/linux/kernel/g...Linus Torvalds1-1/+2
2024-03-01tomoyo: fix UAF write bug in tomoyo_write_control()Tetsuo Handa1-1/+2
2024-02-29Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski3-4/+4
2024-02-29Merge tag 'landlock-6.8-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds1-2/+2
2024-02-27Merge tag 'lsm-pr-20240227' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds2-2/+2
2024-02-27landlock: Add support for KUnit testsMickaël Salaün4-0/+255
2024-02-26landlock: Fix asymmetric private inodes referringMickaël Salaün1-2/+2
2024-02-23selinux: fix style issues in security/selinux/ss/symtab.cPaul Moore1-1/+3
2024-02-23selinux: fix style issues in security/selinux/ss/symtab.hPaul Moore1-5/+4
2024-02-23selinux: fix style issues in security/selinux/ss/sidtab.cPaul Moore1-32/+37
2024-02-23selinux: fix style issues in security/selinux/ss/sidtab.hPaul Moore1-17/+19
2024-02-23selinux: fix style issues in security/selinux/ss/services.hPaul Moore1-1/+2
2024-02-23selinux: fix style issues in security/selinux/ss/policydb.cPaul Moore1-192/+213
2024-02-23selinux: fix style issues in security/selinux/ss/policydb.hPaul Moore1-97/+95
2024-02-23selinux: fix style issues in security/selinux/ss/mls_types.hPaul Moore1-16/+16
2024-02-23selinux: fix style issues in security/selinux/ss/mls.cPaul Moore1-50/+33
2024-02-23selinux: fix style issues in security/selinux/ss/mls.hPaul Moore1-39/+19
generated by cgit 1.2.3-korg (git 2.43.0) at 2026-01-03 07:30:54 +0000