aboutsummaryrefslogtreecommitdiffstats
path: root/security
AgeCommit message (Expand)AuthorFilesLines
2024-11-30Merge tag 'lsm-pr-20241129' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds1-4/+5
2024-11-26ima: uncover hidden variable in ima_match_rules()Casey Schaufler1-4/+5
2024-11-26apparmor: lift new_profile declaration to remove C23 extension warningJohn Johansen1-2/+1
2024-11-26apparmor: replace misleading 'scrubbing environment' phrase in debug printRyan Lee1-8/+8
2024-11-26parser: drop dead code for XXX_comb macrosJohn Johansen1-24/+0
2024-11-26apparmor: Remove unused parameter L1 in macro next_combJinjie Ruan1-2/+2
2024-11-26apparmor: audit_cap dedup based on subj_cred instead of profileRyan Lee1-6/+4
2024-11-26apparmor: add a cache entry expiration time aging out capability audit cacheRyan Lee1-3/+8
2024-11-26apparmor: document capability.c:profile_capable ad ptr not being NULLRyan Lee1-1/+1
2024-11-26apparmor: fix 'Do simple duplicate message elimination'chao liu1-0/+2
2024-11-26apparmor: document first entry is in packed perms struct is reservedJohn Johansen1-1/+4
2024-11-26apparmor: test: Fix memory leak for aa_unpack_strdup()Jinjie Ruan1-0/+6
2024-11-26apparmor: Remove deadcodeDr. David Alan Gilbert9-146/+0
2024-11-26apparmor: Remove unnecessary NULL check before kvfree()Thorsten Blum1-2/+1
2024-11-26apparmor: domain: clean up duplicated parts of handle_onexec()Leesoo Ahn1-26/+12
2024-11-26apparmor: Use IS_ERR_OR_NULL() helper functionHongbo Li1-1/+1
2024-11-26apparmor: add support for 2^24 states to the dfa state machine.John Johansen3-25/+83
2024-11-26apparmor: properly handle cx/px lookup failure for complainRyan Lee1-2/+7
2024-11-26apparmor: allocate xmatch for nullpdb inside aa_alloc_nullRyan Lee1-0/+1
2024-11-25Merge tag 'mm-nonmm-stable-2024-11-24-02-05' of git://git.kernel.org/pub/scm/...Linus Torvalds2-3/+3
2024-11-21Merge tag 'fsnotify_for_v6.13-rc1' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds1-8/+1
2024-11-19Merge tag 'v6.13-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert...Linus Torvalds1-3/+3
2024-11-18Merge tag 'lsm-pr-20241112' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds16-150/+252
2024-11-18Merge tag 'selinux-pr-20241112' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds13-197/+431
2024-11-18Merge tag 'pull-fd' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfsLinus Torvalds3-42/+18
2024-11-18Merge tag 'vfs-6.13.file' of git://git.kernel.org/pub/scm/linux/kernel/git/vf...Linus Torvalds1-1/+0
2024-11-12Merge tag 'integrity-v6.12' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds3-5/+16
2024-11-12Merge tag 'landlock-6.12-rc7' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds5-57/+96
2024-11-09landlock: Optimize scope enforcementMickaël Salaün1-3/+15
2024-11-09landlock: Refactor network access mask managementMickaël Salaün1-22/+6
2024-11-09landlock: Refactor filesystem access mask managementMickaël Salaün3-32/+75
2024-11-05security: replace memcpy() with get_task_comm()Yafang Shao2-3/+3
2024-11-04KEYS: trusted: dcp: fix NULL dereference in AEAD crypto operationDavid Gstir1-4/+5
2024-11-04security/keys: fix slab-out-of-bounds in key_task_permissionChen Ridong1-2/+5
2024-11-03fdget(), more trivial conversionsAl Viro2-11/+4
2024-11-03fdget(), trivial conversionsAl Viro1-18/+8
2024-11-03fdget_raw() users: switch to CLASS(fd_raw)Al Viro1-13/+6
2024-10-18ipe: fallback to platform keyring also if key in trusted keyring is rejectedLuca Boccassi1-1/+1
2024-10-17ipe: allow secondary and platform keyrings to install/update policiesLuca Boccassi2-1/+32
2024-10-17ipe: also reject policy updates with the same versionLuca Boccassi1-1/+1
2024-10-17ipe: return -ESTALE instead of -EINVAL on update when new policy has a lower ...Luca Boccassi1-1/+1
2024-10-14fsnotify, lsm: Decouple fsnotify from lsmSong Liu1-8/+1
2024-10-11lsm: remove lsm_prop scaffoldingCasey Schaufler6-64/+7
2024-10-11netlabel,smack: use lsm_prop for audit dataCasey Schaufler1-3/+1
2024-10-11lsm: create new security_cred_getlsmprop LSM hookCasey Schaufler4-5/+43
2024-10-11lsm: use lsm_prop in security_inode_getsecidCasey Schaufler4-19/+22
2024-10-11lsm: use lsm_prop in security_current_getsecidCasey Schaufler9-81/+100
2024-10-11lsm: use lsm_prop in security_ipc_getsecidCasey Schaufler3-17/+22
2024-10-11lsm: add lsmprop_to_secctx hookCasey Schaufler7-10/+89
2024-10-11lsm: use lsm_prop in security_audit_rule_matchCasey Schaufler8-19/+36
2024-10-09integrity: Use static_assert() to check struct sizesGustavo A. R. Silva1-0/+4
2024-10-09evm: stop avoidably reading i_writecount in evm_file_releaseMateusz Guzik1-1/+2
2024-10-09ima: fix buffer overrun in ima_eventdigest_init_commonSamasth Norway Ananda1-4/+10
2024-10-09bcachefs: do not use PF_MEMALLOC_NORECLAIMMichal Hocko1-4/+6
2024-10-07selinux: Deprecate /sys/fs/selinux/userStephen Smalley1-0/+4
2024-10-07selinux: apply clang format to security/selinux/nlmsgtab.cPaul Moore1-118/+118
2024-10-07selinux: streamline selinux_nlmsg_lookup()Paul Moore1-50/+38
2024-10-07selinux: Add netlink xperm supportThiébaud Weksteen8-51/+126
2024-10-07remove pointless includes of <linux/fdtable.h>Al Viro1-1/+0
2024-10-05Merge tag 'hardening-v6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-2/+2
2024-10-05Merge tag 'lsm-pr-20241004' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds11-577/+118
2024-10-05crypto: rsassa-pkcs1 - Migrate to sig_alg backendLukas Wunner1-3/+3
2024-10-04tomoyo: revert CONFIG_SECURITY_TOMOYO_LKM supportPaul Moore11-577/+118
2024-10-03selinux: move genheaders to security/selinux/Masahiro Yamada3-2/+160
2024-10-03selinux: do not include <linux/*.h> headers from host programsMasahiro Yamada2-3/+12
2024-10-02move asm/unaligned.h to linux/unaligned.hAl Viro2-2/+2
2024-09-28hardening: Adjust dependencies in selection of MODVERSIONSNathan Chancellor1-2/+2
2024-09-27Merge tag 'tomoyo-pr-20240927' of git://git.code.sf.net/p/tomoyo/tomoyoLinus Torvalds12-121/+583
2024-09-25tomoyo: fallback to realpath if symlink's pathname does not existTetsuo Handa1-3/+6
2024-09-24Merge tag 'bpf-next-6.12-struct-fd' of git://git.kernel.org/pub/scm/linux/ker...Linus Torvalds2-2/+2
2024-09-24Merge tag 'landlock-6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds8-9/+269
2024-09-24Merge tag 'lsm-pr-20240923' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds3-11/+5
2024-09-24tomoyo: allow building as a loadable LSM moduleTetsuo Handa8-4/+467
2024-09-23ipe: Add missing terminator to list of unit testsGuenter Roeck1-0/+1
2024-09-23Merge tag 'pull-stable-struct_fd' of git://git.kernel.org/pub/scm/linux/kerne...Linus Torvalds3-15/+15
2024-09-23tomoyo: preparation step for building as a loadable LSM moduleTetsuo Handa6-116/+112
2024-09-21Merge tag 'bpf-next-6.12' of git://git.kernel.org/pub/scm/linux/kernel/git/bp...Linus Torvalds1-1/+0
2024-09-19selinux,smack: properly reference the LSM blob in security_watch_key()Paul Moore2-11/+4
2024-09-19Merge tag 'Smack-for-6.12' of https://github.com/cschaufler/smack-nextLinus Torvalds2-3/+3
2024-09-16landlock: Add signal scopingTahera Fahimi5-2/+90
2024-09-16landlock: Add abstract UNIX socket scopingTahera Fahimi5-8/+180
2024-09-16Merge tag 'lsm-pr-20240911' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds41-409/+4127
2024-09-16Merge tag 'selinux-pr-20240911' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds8-76/+68
2024-09-16Merge tag 'vfs-6.12.procfs' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds1-0/+32
2024-09-16Merge tag 'vfs-6.12.file' of git://git.kernel.org/pub/scm/linux/kernel/git/vf...Linus Torvalds2-2/+2
2024-09-12security,bpf: constify struct path in bpf_token_create() LSM hookAndrii Nakryiko2-2/+2
2024-09-11bpf: lsm: Set bpf_lsm_blob_sizes.lbs_task to 0Song Liu1-1/+0
2024-09-09security: Update file_set_fowner documentationMickaël Salaün1-0/+2
2024-09-03selinux: fix style problems in security/selinux/include/audit.hPaul Moore1-23/+23
2024-09-03smackfs: Use rcu_assign_pointer() to ensure safe assignment in smk_set_cipsoJiawei Ye1-1/+1
2024-09-01Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/...Linus Torvalds1-3/+3
2024-08-31Merge tag 'lsm-pr-20240830' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds2-4/+4
2024-08-30proc: add config & param to block forcing mem writesAdrian Ratiu1-0/+32
2024-08-29lsm: Use IS_ERR_OR_NULL() helper functionHongbo Li1-1/+1
2024-08-28selinux,smack: don't bypass permissions check in inode_setsecctx hookScott Mayhew2-4/+4
2024-08-28selinux: simplify avc_xperms_audit_required()Zhen Lei1-2/+2
2024-08-28selinux: mark both IPv4 and IPv6 accepted connection sockets as labeledGuido Trentalancia1-1/+1
2024-08-28file: reclaim 24 bytes from f_ownerChristian Brauner2-2/+2
2024-08-27selinux: replace kmem_cache_create() with KMEM_CACHE()Eric Suen4-23/+8
2024-08-26lsm: remove LSM_COUNT and LSM_CONFIG_COUNTTetsuo Handa1-33/+4
2024-08-26selinux: annotate false positive data race to avoid KCSAN warningsStephen Smalley1-1/+6
2024-08-25apparmor: fix policy_unpack_test on big endian systemsGuenter Roeck1-3/+3
2024-08-22security: smack: Fix indentation in smack_netfilter.cGiSeong Ji1-2/+2
2024-08-22ipe: Remove duplicated include in ipe.cYang Li1-1/+0
2024-08-22lsm: replace indirect LSM hook calls with static callsKP Singh1-64/+155
2024-08-20ipe: kunit test for parserDeven Bowers3-0/+316
2024-08-20scripts: add boot policy generation programDeven Bowers5-0/+43
2024-08-20ipe: enable support for fs-verity as a trust providerFan Wu10-1/+237
2024-08-20lsm: add security_inode_setintegrity() hookFan Wu1-0/+20
2024-08-20ipe: add support for dm-verity as a trust providerDeven Bowers14-15/+460
2024-08-20block,lsm: add LSM blob and new LSM hooks for block devicesDeven Bowers1-0/+103
2024-08-20ipe: add permissive toggleDeven Bowers5-4/+102
2024-08-20audit,ipe: add IPE auditing supportDeven Bowers10-18/+381
2024-08-20ipe: add userspace interfaceDeven Bowers8-0/+727
2024-08-20lsm: add new securityfs delete functionFan Wu1-0/+25
2024-08-20ipe: introduce 'boot_verified' as a trust providerFan Wu8-6/+101
2024-08-20initramfs,lsm: add a security hook to do_populate_rootfs()Fan Wu1-0/+10
2024-08-20ipe: add LSM hooks on execution and kernel readDeven Bowers6-0/+235
2024-08-20ipe: add evaluation loopDeven Bowers3-0/+127
2024-08-20ipe: add policy parserDeven Bowers5-0/+697
2024-08-19lsm: add IPE lsmDeven Bowers7-6/+93
2024-08-15KEYS: trusted: dcp: fix leak of blob encryption keyDavid Gstir1-12/+21
2024-08-15KEYS: trusted: fix DCP blob payload length assignmentDavid Gstir1-1/+1
2024-08-15lockdown: Make lockdown_lsmid staticYue Haibing1-1/+1
2024-08-12introduce fd_file(), convert all accessors to it.Al Viro3-15/+15
2024-08-12lsm: add the inode_free_security_rcu() LSM implementation hookPaul Moore5-33/+32
2024-08-12lsm: cleanup lsm_hooks.hPaul Moore1-1/+1
2024-08-08selinux: revert our use of vma_is_initial_heap()Paul Moore1-1/+11
2024-08-07selinux: add the processing of the failure of avc_add_xperms_decision()Zhen Lei1-1/+5
2024-08-06selinux: fix potential counting error in avc_add_xperms_decision()Zhen Lei1-1/+1
2024-07-31lsm: Refactor return value of LSM hook inode_copy_up_xattrXu Kuohai4-14/+9
2024-07-31lsm: Refactor return value of LSM hook vm_enough_memoryXu Kuohai3-25/+12
2024-07-29lsm: infrastructure management of the perf_event security blobCasey Schaufler3-16/+28
2024-07-29lsm: infrastructure management of the infiniband blobCasey Schaufler3-15/+23
2024-07-29lsm: infrastructure management of the dev_tun blobCasey Schaufler3-18/+26
2024-07-29lsm: add helper for blob allocationsCasey Schaufler1-64/+33
2024-07-29lsm: infrastructure management of the key security blobCasey Schaufler5-37/+68
2024-07-29lsm: infrastructure management of the sock securityCasey Schaufler10-113/+132
2024-07-29selinux: refactor code to return ERR_PTR in selinux_netlbl_sock_genattrGaosheng Cui1-9/+9
2024-07-29selinux: Streamline type determination in security_compute_sidCanfeng Guo1-17/+19
2024-07-27Merge tag 'apparmor-pr-2024-07-25' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds8-34/+65
2024-07-27Merge tag 'landlock-6.11-rc1-houdini-fix' of git://git.kernel.org/pub/scm/lin...Linus Torvalds1-2/+9
2024-07-24sysctl: treewide: constify the ctl_table argument of proc_handlersJoel Granados3-3/+3
2024-07-24apparmor: unpack transition table if dfa is not presentGeorgia Garcia1-17/+25
2024-07-24apparmor: try to avoid refing the label in apparmor_file_openMateusz Guzik2-2/+23
2024-07-24apparmor: test: add MODULE_DESCRIPTION()Jeff Johnson1-0/+1
2024-07-24apparmor: take nosymfollow flag into accountAlexander Mikhalitsyn1-0/+2
2024-07-24landlock: Don't lose track of restrictions on cred_transferJann Horn1-2/+9
2024-07-20Merge tag 'landlock-6.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds4-29/+18
2024-07-19Merge tag 'v6.11-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert...Linus Torvalds1-2/+1
2024-07-18landlock: Various documentation improvementsGünther Noack1-8/+9
2024-07-16Merge tag 'perf-core-2024-07-16' of git://git.kernel.org/pub/scm/linux/kernel...Linus Torvalds1-1/+1
2024-07-16Merge tag 'Smack-for-6.10' of https://github.com/cschaufler/smack-nextLinus Torvalds1-4/+10
2024-07-16Merge tag 'lsm-pr-20240715' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds3-42/+100
2024-07-16Merge tag 'selinux-pr-20240715' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-1/+1
2024-07-15Merge tag 'keys-next-6.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/g...Linus Torvalds2-0/+2
2024-07-09selinux,smack: remove the capability checks in the removexattr hooksPaul Moore2-10/+3
2024-07-09task_work: s/task_work_cancel()/task_work_cancel_func()/Frederic Weisbecker1-1/+1
2024-07-08landlock: Use bit-fields for storing handled layer access masksGünther Noack3-21/+9
2024-07-05Merge tag 'integrity-v6.10-fix' of ssh://ra.kernel.org/pub/scm/linux/kernel/g...Linus Torvalds1-2/+1
2024-07-02selinux: Use 1UL for EBITMAP_BIT to match maps typeCanfeng Guo1-1/+1
2024-07-01KEYS: encrypted: add missing MODULE_DESCRIPTION()Jeff Johnson1-0/+1
2024-07-01KEYS: trusted: add missing MODULE_DESCRIPTION()Jeff Johnson1-0/+1
2024-06-19smack: unix sockets: fix accept()ed socket labelKonstantin Andreev1-3/+9
2024-06-17Merge tag 'lsm-pr-20240617' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds8-17/+27
2024-06-17Merge tag 'mm-hotfixes-stable-2024-06-17-11-43' of git://git.kernel.org/pub/s...Linus Torvalds1-15/+0
2024-06-17Merge tag 'hardening-v6.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-0/+1
2024-06-15Revert "mm: init_mlocked_on_free_v3"David Hildenbrand1-15/+0
2024-06-13ima: Avoid blocking in RCU read-side critical sectionGUO Zihua8-17/+27
2024-06-07crypto: sm2 - Remove sm2 algorithmHerbert Xu1-2/+1
2024-06-06yama: document function parameterChristian Göttsche1-0/+1
2024-06-05smack: tcp: ipv4, fix incorrect labelingCasey Schaufler1-1/+1
2024-06-03lsm: fixup the inode xattr capability handlingPaul Moore3-32/+97
2024-06-03ima: fix wrong zero-assignment during securityfs dentry removeEnrico Bravi1-2/+1
2024-06-03tomoyo: update project linksTetsuo Handa2-2/+2
2024-05-31landlock: Fix d_parent walkMickaël Salaün1-2/+11
2024-05-24Merge tag 'hardening-v6.10-rc1-fixes' of git://git.kernel.org/pub/scm/linux/k...Linus Torvalds1-0/+3
2024-05-21KEYS: trusted: Do not use WARN when encode failsJarkko Sakkinen1-1/+2
2024-05-21KEYS: trusted: Fix memory leak in tpm2_key_encode()Jarkko Sakkinen1-6/+18
2024-05-19Merge tag 'mm-stable-2024-05-17-19-19' of git://git.kernel.org/pub/scm/linux/...Linus Torvalds1-0/+15
2024-05-18loadpin: Prevent SECURITY_LOADPIN_ENFORCE=y without module decompressionStephen Boyd1-0/+3
2024-05-18Merge tag 'kbuild-v6.10' of git://git.kernel.org/pub/scm/linux/kernel/git/mas...Linus Torvalds1-1/+1
2024-05-18Merge tag 'landlock-6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds3-5/+224
2024-05-15Merge tag 'integrity-v6.10' of ssh://ra.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds17-90/+325
2024-05-15Merge tag 'selinux-pr-20240513' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds12-126/+146
2024-05-15Merge tag 'lsm-pr-20240513' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds4-4/+0
2024-05-14Merge tag 'net-next-6.10' of git://git.kernel.org/pub/scm/linux/kernel/git/ne...Linus Torvalds2-2/+6
2024-05-13netlabel: fix RCU annotation for IPv4 options on socket creationDavide Caratti2-2/+6
2024-05-13Merge tag 'keys-next-6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/g...Linus Torvalds3-24/+30
2024-05-13Merge tag 'tpmdd-next-6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds2-53/+106
2024-05-13landlock: Add IOCTL access right for character and block devicesGünther Noack3-5/+224
2024-05-10apparmor: fix possible NULL pointer dereferenceLeesoo Ahn1-0/+4
2024-05-10apparmor: fix typo in kernel docChristian Göttsche1-1/+1
2024-05-10apparmor: remove useless static inline function is_deletedColin Ian King1-13/+0
2024-05-10apparmor: use kvfree_sensitive to free data->dataFedor Pchelkin2-1/+2
2024-05-10apparmor: Fix null pointer deref when receiving skb during sock creationXiao Liang1-0/+7
2024-05-10kbuild: use $(src) instead of $(srctree)/$(src) for source directoryMasahiro Yamada1-1/+1
2024-05-09KEYS: trusted: Add session encryption protection to the seal/unseal pathJames Bottomley1-27/+61
2024-05-09KEYS: trusted: tpm2: Use struct tpm_buf for sized buffersJarkko Sakkinen1-23/+31
2024-05-09tpm: Store the length of the tpm_buf data separately.Jarkko Sakkinen1-4/+5
generated by cgit 1.2.3-korg (git 2.43.0) at 2026-01-06 01:26:04 +0000