aboutsummaryrefslogtreecommitdiffstats
path: root/security
AgeCommit message (Expand)AuthorFilesLines
2016-02-26Merge branch 'stable-4.5' of git://git.infradead.org/users/pcmoore/selinux in...James Morris1-1/+1
2016-02-19selinux: Don't sleep inside inode_getsecid hookAndreas Gruenbacher1-1/+1
2016-02-12EVM: Use crypto_memneq() for digest comparisonsRyan Ware1-1/+2
2016-02-09selinux: nlmsgtab: add SOCK_DESTROY to the netlink mapping tablesLorenzo Colitti1-0/+1
2016-01-28KEYS: Only apply KEY_FLAG_KEEP to a key if a parent keyring has it setDavid Howells1-1/+2
2016-01-22wrappers for ->i_mutex accessAl Viro3-11/+11
2016-01-20ptrace: use fsuid, fsgid, effective creds for fs access checksJann Horn1-1/+6
2016-01-20security: let security modules use PTRACE_MODE_* with bitmasksJann Horn2-7/+5
2016-01-20KEYS: Fix keyring ref leak in join_session_keyring()Yevgeny Pats1-0/+1
2016-01-17Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmo...Linus Torvalds29-160/+967
2016-01-14Merge branch 'upstream' of git://git.infradead.org/users/pcmoore/selinux into...James Morris1-8/+2
2016-01-12Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/vir...Linus Torvalds4-168/+82
2016-01-11Merge branch 'work.xattr' of git://git.kernel.org/pub/scm/linux/kernel/git/vi...Linus Torvalds1-2/+0
2016-01-10Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/li...James Morris3-21/+17
2016-01-08Merge branch 'for-linus' into work.miscAl Viro1-9/+9
2016-01-08selinux: Inode label revalidation performance fixAndreas Gruenbacher1-8/+2
2016-01-07KEYS: refcount bug fixMimi Zohar2-12/+8
2016-01-04fix the leak in integrity_read_file()Al Viro1-5/+6
2016-01-04selinuxfs: switch to memdup_user_nul()Al Viro1-73/+41
2016-01-04convert a bunch of open-coded instances of memdup_user_nul()Al Viro2-90/+35
2016-01-03ima: ima_write_policy() limit lockingPetko Manolov1-9/+9
2015-12-26Merge branch 'smack-for-4.5' of https://github.com/cschaufler/smack-next into...James Morris1-1/+23
2015-12-26Merge branch 'upstream' of git://git.infradead.org/users/pcmoore/selinux into...James Morris8-73/+274
2015-12-26Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/li...James Morris19-84/+623
2015-12-24IMA: policy can be updated zero timesSasha Levin3-0/+14
2015-12-24selinux: rate-limit netlink message warnings in selinux_nlmsg_perm()Vladis Dronov1-4/+5
2015-12-24selinux: export validatetrans decisionsAndrew Perepechko4-8/+111
2015-12-24selinux: Revalidate invalid inode security labelsAndreas Gruenbacher1-8/+68
2015-12-24security: Add hook to invalidate inode security labelsAndreas Gruenbacher3-10/+34
2015-12-24selinux: Add accessor functions for inode->i_securityAndreas Gruenbacher1-41/+56
2015-12-24security: Make inode argument of inode_getsecid non-constAndreas Gruenbacher3-3/+3
2015-12-24security: Make inode argument of inode_getsecurity non-constAndreas Gruenbacher3-3/+3
2015-12-24selinux: Remove unused variable in selinux_inode_init_securityAndreas Gruenbacher1-2/+0
2015-12-20keys, trusted: seal with a TPM2 authorization policyJarkko Sakkinen1-0/+26
2015-12-20keys, trusted: select hash algorithm for TPM2 chipsJarkko Sakkinen2-1/+27
2015-12-20keys, trusted: fix: *do not* allow duplicate key optionsJarkko Sakkinen1-0/+3
2015-12-19KEYS: Fix race between read and revokeDavid Howells1-9/+9
2015-12-17Smack: type confusion in smak sendmsg() handlerRoman Kubiak1-1/+1
2015-12-15security/integrity: make ima/ima_mok.c explicitly non-modularPaul Gortmaker1-3/+2
2015-12-15ima: update appraise flags after policy update completesMimi Zohar1-2/+5
2015-12-15IMA: prevent keys on the .ima_blacklist from being removedMimi Zohar1-0/+2
2015-12-15KEYS: prevent keys from being removed from specified keyringsMimi Zohar2-11/+51
2015-12-15IMA: allow reading back the current IMA policyPetko Manolov4-8/+253
2015-12-15IMA: create machine owner and blacklist keyringsPetko Manolov4-0/+87
2015-12-15IMA: policy can now be updated multiple timesPetko Manolov3-28/+75
2015-12-15evm: EVM_LOAD_X509 depends on EVMArnd Bergmann1-1/+1
2015-12-15evm: reset EVM status when file attributes changeDmitry Kasatkin1-0/+13
2015-12-15evm: provide a function to set the EVM key from the kernelDmitry Kasatkin2-14/+46
2015-12-15evm: enable EVM when X509 certificate is loadedDmitry Kasatkin4-3/+14
2015-12-15evm: load an x509 certificate from the kernelDmitry Kasatkin4-0/+33
2015-12-13nfs: Move call to security_inode_listsecurity into nfs_listxattrAndreas Gruenbacher1-2/+0
2015-12-09Smack: File receive for socketsCasey Schaufler1-0/+22
2015-11-26Merge branch 'upstream' of git://git.infradead.org/users/pcmoore/selinux into...James Morris1-2/+2
2015-11-25KEYS: Fix handling of stored error in a negatively instantiated user keyDavid Howells3-2/+10
2015-11-24selinux: fix bug in conditional rules handlingStephen Smalley1-2/+2
2015-11-23integrity: define '.evm' as a builtin 'trusted' keyringDmitry Kasatkin7-22/+35
2015-11-10Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds3-9/+10
2015-11-08smack: use skb_to_full_sk() helperEric Dumazet1-4/+7
2015-11-08net: add skb_to_full_sk() helper and use it in selinux_netlbl_skbuff_setsid()Eric Dumazet2-15/+3
2015-11-06mm, page_alloc: rename __GFP_WAIT to __GFP_RECLAIMMel Gorman1-1/+1
2015-11-05Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/...Linus Torvalds25-183/+393
2015-11-05selinux: fix random read in selinux_ip_postroute_compat()Eric Dumazet1-4/+14
2015-11-01Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller2-2/+7
2015-10-23Merge tag 'keys-next-20151021' of git://git.kernel.org/pub/scm/linux/kernel/g...James Morris13-75/+84
2015-10-22Merge branch 'upstream' of git://git.infradead.org/users/pcmoore/selinux into...James Morris5-45/+36
2015-10-22apparmor: clarify CRYPTO dependencyArnd Bergmann1-1/+1
2015-10-21selinux: Use a kmem_cache for allocation struct file_security_structSangwoo1-2/+6
2015-10-21selinux: ioctl_has_perm should be staticGeliang Tang1-1/+1
2015-10-21selinux: use sprintf return valueRasmus Villemoes1-4/+1
2015-10-21selinux: use kstrdup() in security_get_bools()Rasmus Villemoes1-7/+1
2015-10-21selinux: use kmemdup in security_sid_to_context_core()Rasmus Villemoes1-2/+2
2015-10-21selinux: remove pointless cast in selinux_inode_setsecurity()Rasmus Villemoes1-1/+1
2015-10-21selinux: introduce security_context_str_to_sidRasmus Villemoes4-25/+20
2015-10-21selinux: do not check open perm on ftruncate callJeff Vander Stoep1-1/+2
2015-10-21selinux: change CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE defaultPaul Moore1-2/+2
2015-10-21KEYS: Merge the type-specific data with the payload dataDavid Howells13-67/+82
2015-10-21keys: Be more consistent in selection of union members usedInsu Yun1-1/+1
2015-10-21KEYS: use kvfree() in add_keyGeliang Tang1-7/+1
2015-10-21Merge branch 'smack-for-4.4' of https://github.com/cschaufler/smack-next into...James Morris4-47/+238
2015-10-20Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/li...James Morris1-1/+1
2015-10-19Smack: limited capability for changing process labelZbigniew Jasinski4-41/+229
2015-10-19KEYS: Don't permit request_key() to construct a new keyringDavid Howells1-0/+3
2015-10-19keys, trusted: seal/unseal with TPM 2.0 chipsJarkko Sakkinen1-3/+33
2015-10-19keys, trusted: move struct trusted_key_options to trusted-type.hJarkko Sakkinen1-11/+0
2015-10-17Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/...Pablo Neira Ayuso1-4/+8
2015-10-16netfilter: remove hook owner refcountingFlorian Westphal2-7/+0
2015-10-15KEYS: Fix crash when attempt to garbage collect an uninstantiated keyringDavid Howells1-2/+4
2015-10-11net: synack packets can be attached to request socketsEric Dumazet1-4/+8
2015-10-09Smack: pipefs fix in smack_d_instantiateRoman Kubiak1-0/+3
2015-10-09Smack: Minor initialisation improvementJosé Bollo2-3/+3
2015-10-09smack: smk_ipv6_port_list should be staticGeliang Tang1-1/+1
2015-10-09Smack: fix a NULL dereference in wrong smack_import_entry() usageLukasz Pawelczyk1-2/+2
2015-10-09integrity: prevent loading untrusted certificates on the IMA trusted keyringDmitry Kasatkin1-1/+1
2015-10-02Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller1-4/+4
2015-09-26Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller1-1/+1
2015-09-25KEYS: Fix race between key destruction and finding a keyring by nameDavid Howells1-4/+4
2015-09-18netfilter: Pass priv instead of nf_hook_ops to netfilter hooksEric W. Biederman2-7/+7
2015-09-17Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/ke...Linus Torvalds1-1/+1
2015-09-12Merge branch 'for-mingo' of git://git.kernel.org/pub/scm/linux/kernel/git/pau...Ingo Molnar1-1/+1
2015-09-10mm: mark most vm_operations_struct constKirill A. Shutemov1-1/+1
2015-09-08Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/...Linus Torvalds20-362/+1732
2015-09-04fs: create and use seq_show_option for escapingKees Cook1-1/+1
2015-09-04capabilities: add a securebit to disable PR_CAP_AMBIENT_RAISEAndy Lutomirski1-1/+2
2015-09-04capabilities: ambient capabilitiesAndy Lutomirski2-10/+93
2015-09-03security/device_cgroup: Fix RCU_LOCKDEP_WARN() conditionPaul E. McKenney1-1/+1
2015-09-01Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebi...Linus Torvalds1-1/+1
2015-08-31Merge branch 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kerne...Linus Torvalds1-3/+3
2015-08-26LSM: restore certain default error codesJan Beulich1-5/+6
2015-08-15Merge branch 'next' of git://git.infradead.org/users/pcmoore/selinux into nextJames Morris12-110/+907
2015-08-14Merge branch 'smack-for-4.3' of https://github.com/cschaufler/smack-next into...James Morris1-14/+18
2015-08-12Smack - Fix build error with bringup unconfiguredCasey Schaufler1-14/+18
2015-08-12Merge branch 'for-mingo' of git://git.kernel.org/pub/scm/linux/kernel/git/pau...Ingo Molnar1-3/+3
2015-08-11Merge branch 'smack-for-4.3' of https://github.com/cschaufler/smack-next into...James Morris4-208/+807
2015-08-10Kernel threads excluded from smack checksRoman Kubiak1-0/+6
2015-08-04Adding YAMA hooks also when YAMA is not stacked.Salvatore Mesoraca1-0/+1
2015-07-31Smack: Three symbols that should be staticCasey Schaufler2-3/+3
2015-07-28Smack: IPv6 host labelingCasey Schaufler3-160/+578
2015-07-28Yama: remove needless CONFIG_SECURITY_YAMA_STACKEDKees Cook4-43/+14
2015-07-28KEYS: ensure we free the assoc array edit if edit is validColin Ian King1-3/+5
2015-07-22rcu: Rename rcu_lockdep_assert() to RCU_LOCKDEP_WARN()Paul E. McKenney1-3/+3
2015-07-22sysfs: fix simple_return.cocci warningskbuild test robot1-5/+1
2015-07-22smack: allow mount opts setting over filesystems with binary mount dataVivek Trivedi2-40/+219
2015-07-13selinux: Create a common helper to determine an inode label [ver #3]David Howells1-46/+41
2015-07-13selinux: Augment BUG_ON assertion for secclass_map.Stephen Smalley1-1/+2
2015-07-13selinux: initialize sock security class to default valueStephen Smalley1-0/+1
2015-07-13selinux: reduce locking overhead in inode_free_security()Waiman Long1-3/+14
2015-07-13selinux: extended permissions for ioctlsJeff Vander Stoep11-60/+834
2015-07-13security: add ioctl specific auditing to lsm_auditJeff Vander Stoep1-0/+15
2015-07-11Merge branch 'upstream' of git://git.infradead.org/users/pcmoore/selinux into...James Morris2-1/+8
2015-07-10selinux: fix mprotect PROT_EXEC regression caused by mm changeStephen Smalley1-1/+2
2015-07-10vfs: Commit to never having exectuables on proc and sysfs.Eric W. Biederman1-1/+1
2015-07-09selinux: don't waste ebitmap space when importing NetLabel categoriesPaul Moore1-0/+6
2015-07-04Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/vir...Linus Torvalds1-13/+6
2015-07-03Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebi...Linus Torvalds3-16/+13
2015-07-01Merge tag 'modules-next-for-linus' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds2-4/+4
2015-07-01sysfs: Create mountpoints with sysfs_create_mount_pointEric W. Biederman3-16/+13
2015-06-27Merge branch 'upstream' of git://git.infradead.org/users/pcmoore/auditLinus Torvalds1-1/+1
2015-06-27Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/...Linus Torvalds28-2427/+1767
2015-06-24Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-nextLinus Torvalds1-3/+0
2015-06-23make simple_positive() publicAl Viro1-13/+6
2015-06-18netfilter: Remove spurios included of netfilter.hEric W Biederman1-3/+0
2015-06-16ima: update builtin policiesMimi Zohar1-9/+56
2015-06-16ima: extend "mask" policy matching supportMimi Zohar1-5/+15
2015-06-16ima: add support for new "euid" policy conditionMimi Zohar1-4/+23
2015-06-16ima: fix ima_show_template_data_ascii()Mimi Zohar3-4/+5
2015-06-13Merge branch 'smack-for-4.2-stacked' of https://github.com/cschaufler/smack-n...James Morris1-7/+9
2015-06-12Smack: freeing an error pointer in smk_write_revoke_subj()Dan Carpenter1-7/+9
2015-06-05selinux: fix setting of security labels on NFSJ. Bruce Fields1-0/+1
2015-06-04selinux: Remove unused permission definitionsStephen Smalley1-14/+8
2015-06-04selinux: enable genfscon labeling for sysfs and pstore filesStephen Smalley1-1/+3
2015-06-04selinux: enable per-file labeling for debugfs files.Stephen Smalley2-22/+22
2015-06-04selinux: update netlink socket classesStephen Smalley2-10/+32
2015-06-04signals: don't abuse __flush_signals() in selinux_bprm_committed_creds()Oleg Nesterov1-2/+4
2015-06-04selinux: Print 'sclass' as string when unrecognized netlink message occursMarek Milkovic1-2/+3
2015-06-03Merge branch 'smack-for-4.2-stacked' of https://github.com/cschaufler/smack-n...James Morris4-186/+314
2015-06-02Smack: allow multiple labels in onlycapRafal Krypa3-69/+160
2015-06-02Smack: fix seq operations in smackfsRafal Krypa1-30/+22
2015-05-29lsm: rename duplicate labels in LSM_AUDIT_DATA_TASK audit message typeRichard Guy Briggs1-1/+1
2015-05-28kernel/params: constify struct kernel_param_ops usesLuis R. Rodriguez2-4/+4
2015-05-21ima: pass iint to ima_add_violation()Roberto Sassu5-9/+13
2015-05-21ima: wrap event related data to the new ima_event_data structureRoberto Sassu5-79/+61
2015-05-21integrity: add validity checks for 'path' parameterDmitry Kasatkin3-2/+5
2015-05-21evm: fix potential race when removing xattrsDmitry Kasatkin1-4/+3
2015-05-21evm: labeling pseudo filesystems exceptionMimi Zohar1-0/+11
2015-05-21ima: remove definition of IMA_X509_PATHDmitry Kasatkin1-7/+1
2015-05-21ima: limit file hash setting by user to fix and log modesDmitry Kasatkin1-2/+6
2015-05-21ima: do not measure or appraise the NSFS filesystemMimi Zohar1-0/+2
2015-05-21ima: skip measurement of cgroupfs files and update documentationRoberto Sassu1-0/+2
2015-05-15smack: pass error code through pointersLukasz Pawelczyk3-97/+139
2015-05-15Smack: ignore private inode for smack_file_receiveSeung-Woo Kim1-0/+3
2015-05-13ima: cleanup ima_init_policy() a littleDan Carpenter1-10/+6
2015-05-12LSM: Remove unused capability.cCasey Schaufler1-1158/+0
2015-05-12LSM: Switch to lists of hooksCasey Schaufler11-321/+570
2015-05-12LSM: Add security module hook list headsCasey Schaufler5-402/+406
2015-05-12LSM: Introduce security hook calling MacrosCasey Schaufler1-207/+226
2015-05-12LSM: Split security.hCasey Schaufler7-7/+7
2015-05-11security: make inode_follow_link RCU-walk awareNeilBrown3-6/+20
2015-05-11security/selinux: pass 'flags' arg to avc_audit() and avc_has_perm_flags()NeilBrown3-4/+25
2015-05-10SECURITY: remove nameidata arg from inode_follow_link.NeilBrown3-5/+4
2015-04-26Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/vir...Linus Torvalds16-117/+117
2015-04-17tomoyo: reduce mmap_sem hold for mm->exe_fileDavidlohr Bueso1-5/+8
2015-04-15Merge branch 'akpm' (patches from Andrew)Linus Torvalds1-0/+1
2015-04-15kernel: conditionally support non-root users, groups and capabilitiesIulia Manda1-0/+1
2015-04-15VFS: security/: d_inode() annotationsDavid Howells4-12/+12
2015-04-15VFS: security/: d_backing_inode() annotationsDavid Howells12-105/+105
2015-04-15Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/...Linus Torvalds16-115/+324
2015-04-15Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-nextLinus Torvalds5-43/+24
2015-04-15lsm: copy comm before calling audit_log to avoid race in string printingRichard Guy Briggs1-6/+9
2015-04-14Merge branch 'for-linus-1' of git://git.kernel.org/pub/scm/linux/kernel/git/v...Linus Torvalds12-106/+64
2015-04-13selinux/nlmsg: add a build time check for rtnl/xfrm cmdsNicolas Dichtel1-0/+3
2015-04-13Merge branch 'tomoyo-cleanup' of git://git.kernel.org/pub/scm/linux/kernel/gi...James Morris4-45/+15
2015-04-12selinux/nlmsg: add XFRM_MSG_MAPPINGNicolas Dichtel1-0/+1
2015-04-12selinux/nlmsg: add XFRM_MSG_MIGRATENicolas Dichtel1-0/+1
2015-04-12selinux/nlmsg: add XFRM_MSG_REPORTNicolas Dichtel1-0/+1
2015-04-11Merge branch 'for-davem' into for-nextAl Viro5-44/+12
2015-04-11switch keyctl_instantiate_key_common() to iov_iterAl Viro3-72/+40
2015-04-11switch security_inode_getattr() to struct path *Al Viro8-30/+20
2015-04-11constify tomoyo_realpath_from_path()Al Viro2-4/+4
2015-04-08selinux/nlmsg: add XFRM_MSG_[NEW|GET]SADINFONicolas Dichtel1-0/+2
2015-04-08selinux/nlmsg: add XFRM_MSG_GETSPDINFONicolas Dichtel1-0/+1
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-15 20:23:18 +0000