aboutsummaryrefslogtreecommitdiffstats
path: root/security
AgeCommit message (Expand)AuthorFilesLines
2017-05-09Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/vir...Linus Torvalds3-4/+4
2017-05-08apparmorfs: replace CURRENT_TIME with current_time()Deepa Dinamani1-1/+1
2017-05-08treewide: use kv[mz]alloc* rather than opencoded variantsMichal Hocko1-16/+6
2017-05-08mm: introduce kv[mz]alloc helpersMichal Hocko5-44/+3
2017-05-03Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/...Linus Torvalds41-590/+851
2017-05-02Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-nextLinus Torvalds1-0/+1
2017-05-02Merge tag 'docs-4.12' of git://git.lwn.net/linuxLinus Torvalds1-4/+8
2017-05-01Merge branch 'work.uaccess' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds2-10/+1
2017-04-26fs: constify tree_descr arrays passed to simple_fill_super()Eric Biggers3-4/+4
2017-04-26HAVE_ARCH_HARDENED_USERCOPY is unconditional nowAl Viro1-9/+0
2017-04-21Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller3-27/+39
2017-04-19Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/li...James Morris2-34/+94
2017-04-19Merge branch 'smack-for-4.12' of git://github.com/cschaufler/smack-next into ...James Morris2-4/+2
2017-04-19Merge branch 'stable-4.12' of git://git.infradead.org/users/pcmoore/selinux i...James Morris8-60/+57
2017-04-18KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyringsEric Biggers2-24/+31
2017-04-18KEYS: Change the name of the dead type to ".dead" to prevent user accessDavid Howells1-1/+1
2017-04-18KEYS: Disallow keyrings beginning with '.' to be joined as session keyringsDavid Howells1-2/+7
2017-04-18Merge tag 'keys-next-20170412' of git://git.kernel.org/pub/scm/linux/kernel/g...James Morris12-49/+568
2017-04-11keys: select CONFIG_CRYPTO when selecting DH / KDFStephan Müller1-0/+1
2017-04-07apparmor: Make path_max parameter readonlyJohn Johansen1-1/+1
2017-04-07apparmor: fix parameters so that the permission test is bypassed at bootJohn Johansen2-26/+23
2017-04-07apparmor: fix invalid reference to index variable of iterator line 836John Johansen1-2/+4
2017-04-07apparmor: use SHASH_DESC_ON_STACKNicolas Iooss1-19/+13
2017-04-07security/apparmor/lsm.c: set debug messagesValentin Rothberg1-1/+1
2017-04-07apparmor: fix boolreturn.cocci warningskbuild test robot1-2/+2
2017-04-04Smack: Use GFP_KERNEL for smk_netlbl_mls().Tetsuo Handa1-1/+1
2017-04-04smack: fix double free in smack_parse_opts_str()Tetsuo Handa1-3/+1
2017-04-04KEYS: add SP800-56A KDF support for DHStephan Mueller7-18/+275
2017-04-04KEYS: Add KEYCTL_RESTRICT_KEYRINGMat Martineau4-0/+170
2017-04-04KEYS: Consistent ordering for __key_link_begin and restrict checkMat Martineau1-11/+13
2017-04-04KEYS: Use structure to capture key restriction function and dataMat Martineau6-16/+108
2017-04-03KEYS: Split role of the keyring pointer for keyring restrict functionsMat Martineau2-4/+7
2017-04-03KEYS: Use a typedef for restrict_link function pointersMat Martineau2-9/+3
2017-04-03security, keys: convert key_user.usage from atomic_t to refcount_tElena Reshetova4-6/+7
2017-04-03security, keys: convert key.usage from atomic_t to refcount_tElena Reshetova5-10/+10
2017-04-02kernel-api.rst: fix a series of errors when parsing C filesmchehab@s-opensource.com1-4/+8
2017-03-31selinux: Fix an uninitialized variable bugDan Carpenter1-1/+1
2017-03-30TOMOYO: Use designated initializersKees Cook2-16/+16
2017-03-29selinux: Remove unnecessary check of array base in selinux_set_mapping()Matthias Kaehlcke1-1/+1
2017-03-29selinuxfs: Use seq_puts() in sel_avc_stats_seq_show()Markus Elfring1-4/+4
2017-03-29selinux: Adjust two checks for null pointersMarkus Elfring1-2/+2
2017-03-29selinux: Use kmalloc_array() in sidtab_init()Markus Elfring1-1/+1
2017-03-29selinux: Return directly after a failed kzalloc() in roles_init()Markus Elfring1-2/+1
2017-03-29selinux: Return directly after a failed kzalloc() in perm_read()Markus Elfring1-2/+1
2017-03-29selinux: Return directly after a failed kzalloc() in common_read()Markus Elfring1-2/+1
2017-03-29selinux: Return directly after a failed kzalloc() in class_read()Markus Elfring1-2/+1
2017-03-29selinux: Return directly after a failed kzalloc() in role_read()Markus Elfring1-2/+1
2017-03-29selinux: Return directly after a failed kzalloc() in type_read()Markus Elfring1-2/+1
2017-03-29selinux: Return directly after a failed kzalloc() in user_read()Markus Elfring1-2/+1
2017-03-29selinux: Improve another size determination in sens_read()Markus Elfring1-1/+1
2017-03-29selinux: Return directly after a failed kzalloc() in sens_read()Markus Elfring1-2/+1
2017-03-29selinux: Return directly after a failed kzalloc() in cat_read()Markus Elfring1-2/+1
2017-03-28rtnetlink: Add RTM_DELNETCONFDavid Ahern1-0/+1
2017-03-28new helper: uaccess_kernel()Al Viro1-1/+1
2017-03-28LSM: Revive security_task_alloc() hook and per "struct task_struct" security ...Tetsuo Handa1-0/+5
2017-03-24LSM: Initialize security_hook_heads upon registration.Tetsuo Handa1-354/+7
2017-03-23selinux: Delete an unnecessary variable initialisation in range_read()Markus Elfring1-1/+1
2017-03-23selinux: Return directly after a failed next_entry() in range_read()Markus Elfring1-1/+1
2017-03-23selinux: Delete an unnecessary variable assignment in filename_trans_read()Markus Elfring1-1/+0
2017-03-23selinux: One function call less in genfs_read() after null pointer detectionMarkus Elfring1-2/+3
2017-03-23selinux: Return directly after a failed next_entry() in genfs_read()Markus Elfring1-1/+1
2017-03-23selinux: Delete an unnecessary return statement in policydb_destroy()Markus Elfring1-2/+0
2017-03-23selinux: Use kcalloc() in policydb_index()Markus Elfring1-9/+9
2017-03-23selinux: Adjust four checks for null pointersMarkus Elfring1-4/+4
2017-03-23selinux: Use kmalloc_array() in hashtab_create()Markus Elfring1-1/+1
2017-03-23selinux: Improve size determinations in four functionsMarkus Elfring1-4/+4
2017-03-23selinux: Delete an unnecessary return statement in cond_compute_av()Markus Elfring1-1/+0
2017-03-23selinux: Use kmalloc_array() in cond_init_bool_indexes()Markus Elfring1-2/+3
2017-03-13ima: provide ">" and "<" operators for fowner/uid/euid rules.Mikhail Kurinnoi1-28/+87
2017-03-10selinux: check for address length in selinux_socket_bind()Alexander Potapenko1-0/+8
2017-03-07ima: accept previously set IMA_NEW_FILEDaniel Glöckner1-2/+3
2017-03-06integrity: mark default IMA rules as __ro_after_initJames Morris1-4/+4
2017-03-06selinux: constify nlmsg permission tablesJames Morris1-5/+5
2017-03-06security: mark LSM hooks as __ro_after_initJames Morris8-8/+8
2017-03-06security: introduce CONFIG_SECURITY_WRITABLE_HOOKSJames Morris2-0/+11
2017-03-06selinux: fix kernel BUG on prlimit(..., NULL, NULL)Stephen Smalley1-0/+2
2017-03-06prlimit,security,selinux: add a security hook for prlimitStephen Smalley3-1/+23
2017-03-03Merge branch 'WIP.sched-core-for-linus' of git://git.kernel.org/pub/scm/linux...Linus Torvalds10-1/+18
2017-03-02sched/headers: Prepare to remove the <linux/magic.h> include from <linux/sche...Ingo Molnar1-0/+2
2017-03-02sched/headers: Prepare to use <linux/rcuupdate.h> instead of <linux/rculist.h...Ingo Molnar4-0/+7
2017-03-02sched/headers: Prepare for new header dependencies before moving code to <lin...Ingo Molnar2-0/+2
2017-03-02sched/headers: Prepare to remove <linux/cred.h> inclusion from <linux/sched.h>Ingo Molnar4-0/+5
2017-03-02sched/headers: Prepare for new header dependencies before moving code to <lin...Ingo Molnar1-0/+1
2017-03-02sched/headers: Prepare for new header dependencies before moving code to <lin...Ingo Molnar1-1/+1
2017-03-02selinux: wrap cgroup seclabel support with its own policy capabilityStephen Smalley4-4/+12
2017-03-02KEYS: Differentiate uses of rcu_dereference_key() and user_key_payload()David Howells4-8/+8
2017-02-27lib/vsprintf.c: remove %Z supportAlexey Dobriyan2-2/+2
2017-02-24mm, fs: reduce fault, page_mkwrite, and pfn_mkwrite to take only vmfDave Jiang1-3/+2
2017-02-23Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebi...Linus Torvalds4-6/+6
2017-02-22Merge tag 'driver-core-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel...Linus Torvalds2-3/+39
2017-02-22Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-nextLinus Torvalds2-3/+8
2017-02-21Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/...Linus Torvalds54-1839/+3314
2017-02-20Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/k...Linus Torvalds2-8/+2
2017-02-11Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller1-1/+1
2017-02-10KEYS: Use memzero_explicit() for secret dataDan Carpenter1-1/+1
2017-02-10KEYS: Fix an error code in request_master_key()Dan Carpenter1-1/+1
2017-02-10Merge branch 'stable-4.11' of git://git.infradead.org/users/pcmoore/selinux i...James Morris9-276/+327
2017-02-08selinux: fix off-by-one in setprocattrStephen Smalley1-1/+1
2017-02-08Merge branch 'stable-4.10' of git://git.infradead.org/users/pcmoore/selinux i...James Morris1-1/+1
2017-02-07selinux: allow changing labels for cgroupfsAntonio Murdaca1-0/+2
2017-02-07selinux: fix off-by-one in setprocattrStephen Smalley1-1/+1
2017-01-27ima: allow to check MAY_APPENDLans Zhang2-4/+5
2017-01-27ima: fix ima_d_path() possible race with renameMimi Zohar3-6/+24
2017-01-27Merge branch 'smack-for-4.11' of git://github.com/cschaufler/smack-next into ...James Morris3-27/+95
2017-01-24Introduce a sysctl that modifies the value of PROT_SOCK.Krister Johansen1-1/+2
2017-01-24exec: Remove LSM_UNSAFE_PTRACE_CAPEric W. Biederman4-5/+4
2017-01-24exec: Test the ptracer's saved cred to see if the tracee can gain capsEric W. Biederman1-1/+2
2017-01-24exec: Don't reset euid and egid when the tracee has CAP_SETUIDEric W. Biederman1-1/+1
2017-01-19Introduce STATIC_USERMODEHELPER to mediate call_usermodehelper()Greg Kroah-Hartman1-0/+35
2017-01-19Make static usermode helper binaries constantGreg Kroah-Hartman1-3/+4
2017-01-19LSM: Add /sys/kernel/security/lsmCasey Schaufler9-9/+71
2017-01-16apparmor: fix undefined reference to `aa_g_hash_policy'John Johansen1-1/+1
2017-01-16apparmor: replace remaining BUG_ON() asserts with AA_BUG()John Johansen4-5/+5
2017-01-16apparmor: fix restricted endian type warnings for policy unpackJohn Johansen1-6/+6
2017-01-16apparmor: fix restricted endian type warnings for dfa unpackJohn Johansen2-12/+12
2017-01-16apparmor: add check for apparmor enabled in module parameters missing itJohn Johansen1-0/+10
2017-01-16apparmor: add per cpu work buffers to avoid allocating buffers at every hookJohn Johansen2-1/+103
2017-01-16apparmor: sysctl to enable unprivileged user ns AppArmor policy loadingTyler Hicks2-1/+47
2017-01-16apparmor: support querying extended trusted helper extra dataWilliam Hua5-0/+245
2017-01-16apparmor: update cap audit to check SECURITY_CAP_NOAUDITJohn Johansen1-6/+10
2017-01-16apparmor: make computing policy hashes conditional on kernel parameterJohn Johansen2-29/+32
2017-01-16apparmor: convert change_profile to use fqname later to give better controlJohn Johansen5-66/+28
2017-01-16apparmor: fix change_hat debug outputJohn Johansen1-4/+5
2017-01-16apparmor: remove unused op parameter from simple_write_to_buffer()John Johansen1-6/+3
2017-01-16apparmor: change aad apparmor_audit_data macro to a fn macroJohn Johansen12-161/+155
2017-01-16apparmor: change op from int to const char *John Johansen10-134/+84
2017-01-16apparmor: rename context abreviation cxt to the more standard ctxJohn Johansen5-144/+150
2017-01-16apparmor: fail task profile update if current_cred isn't real_credJohn Johansen1-0/+3
2017-01-16apparmor: add per policy ns .load, .replace, .remove interface filesJohn Johansen2-22/+130
2017-01-16apparmor: pass the subject profile into profile replace/removeJohn Johansen3-16/+21
2017-01-16apparmor: audit policy ns specified in policy loadJohn Johansen3-24/+77
2017-01-16apparmor: allow introspecting the loaded policy pre internal transformJohn Johansen8-58/+278
2017-01-16apparmor: add ns name to the audit data for policy loadsJohn Johansen2-10/+25
2017-01-16apparmor: add profile and ns params to aa_may_manage_policy()John Johansen3-14/+12
2017-01-16apparmor: add ns being viewed as a param to policy_admin_capable()John Johansen3-10/+16
2017-01-16apparmor: add ns being viewed as a param to policy_view_capable()John Johansen4-8/+35
2017-01-16apparmor: allow specifying the profile doing the managementJohn Johansen1-11/+21
2017-01-16apparmor: allow introspecting the policy namespace nameJohn Johansen1-0/+24
2017-01-16apparmor: Make aa_remove_profile() callable from a different viewJohn Johansen3-5/+7
2017-01-16apparmor: track ns level so it can be used to help in view checksJohn Johansen1-0/+1
2017-01-16apparmor: add special .null file used to "close" fds at execJohn Johansen3-1/+81
2017-01-16apparmor: provide userspace flag indicating binfmt_elf_mmap changeJohn Johansen1-0/+1
2017-01-16apparmor: add a default null dfaJohn Johansen6-2/+46
2017-01-16apparmor: allow policydb to be used as the file dfaJohn Johansen1-4/+8
2017-01-16apparmor: add get_dfa() fnJohn Johansen1-0/+15
2017-01-16apparmor: prepare to support newer versions of policyJohn Johansen2-10/+25
2017-01-16apparmor: add support for force complain flag to support learning modeJohn Johansen1-1/+3
2017-01-16apparmor: remove paranoid load switchJohn Johansen2-16/+10
2017-01-16apparmor: name null-XXX profiles after the executableJohn Johansen3-17/+47
2017-01-16apparmor: pass gfp_t parameter into profile allocationJohn Johansen4-8/+9
2017-01-16apparmor: refactor prepare_ns() and make usable from different viewsJohn Johansen5-38/+79
2017-01-16apparmor: update policy_destroy to use new debug assertsJohn Johansen1-9/+2
2017-01-16apparmor: pass gfp param into aa_policy_init()John Johansen4-7/+7
2017-01-16apparmor: constify policy name and hnameJohn Johansen3-4/+4
2017-01-16apparmor: rename hname_tail to basenameJohn Johansen3-4/+4
2017-01-16apparmor: rename mediated_filesystem() to path_mediated_fs()John Johansen2-8/+8
2017-01-16apparmor: add debug assert AA_BUG and Kconfig to control debug infoJohn Johansen3-4/+43
2017-01-16apparmor: add macro for bug asserts to check that a lock is heldJohn Johansen1-0/+11
2017-01-16apparmor: allow ns visibility question to consider subnsesJohn Johansen4-8/+14
2017-01-16apparmor: add fn to lookup profiles by fqnameJohn Johansen4-7/+38
2017-01-16apparmor: add lib fn to find the "split" for fqnamesJohn Johansen2-0/+55
2017-01-16apparmor: add strn version of aa_find_nsJohn Johansen2-6/+29
2017-01-16apparmor: add strn version of lookup_profile fnJohn Johansen2-11/+27
2017-01-16apparmor: rename replacedby to proxyJohn Johansen5-65/+65
2017-01-16apparmor: rename PFLAG_INVALID to PFLAG_STALEJohn Johansen3-5/+5
2017-01-16apparmor: rename sid to secidJohn Johansen4-65/+65
2017-01-16apparmor: rename namespace to ns to improve code line lengthsJohn Johansen8-128/+122
2017-01-16apparmor: split apparmor policy namespaces code into its own fileJohn Johansen10-391/+454
2017-01-16apparmor: split out shared policy_XXX fns to libJohn Johansen4-132/+137
2017-01-16apparmor: move lib definitions into separate lib includeJohn Johansen5-82/+99
2017-01-15apparmor: use designated initializersKees Cook2-5/+7
2017-01-15AppArmor: Use GFP_KERNEL for __aa_kvmalloc().Tetsuo Handa1-1/+2
2017-01-14locking/atomic, kref: Use kref_get_unless_zero() morePeter Zijlstra2-8/+2
2017-01-12security,selinux,smack: kill security_task_wait hookStephen Smalley3-33/+0
2017-01-12selinux: drop unused socket security classesStephen Smalley2-12/+0
2017-01-10Smack: ignore private inode for file functionsSeung-Woo Kim1-0/+12
2017-01-10Smack: fix d_instantiate logic for sockfs and pipefsRafal Krypa1-7/+7
2017-01-10SMACK: Use smk_tskacc() instead of smk_access() for proper loggingHimanshu Shukla1-4/+1
2017-01-10Smack: Traverse the smack_known_list using list_for_each_entry_rcu macroVishal Goel1-1/+1
2017-01-10SMACK: Free the i_security blob in inode using RCUHimanshu Shukla2-4/+29
2017-01-10SMACK: Delete list_head repeated initializationHimanshu Shukla1-4/+0
2017-01-10SMACK: Add new lock for adding entry in smack master listVishal Goel1-0/+5
2017-01-10Smack: Fix the issue of wrong SMACK label update in socket bind fail caseVishal Goel2-0/+21
2017-01-10Smack: Fix the issue of permission denied error in ipv6 hookVishal Goel2-2/+4
2017-01-10SMACK: Add the rcu synchronization mechanism in ipv6 hooksVishal Goel1-5/+15
2017-01-09selinux: default to security isid in sel_make_bools() if no sid is foundGary Tierney1-3/+3
2017-01-09selinux: log errors when loading new policyGary Tierney1-5/+16
2017-01-09proc,security: move restriction on writing /proc/pid/attr nodes to procStephen Smalley4-29/+6
2017-01-09selinux: clean up cred usage and simplifyStephen Smalley3-211/+166
2017-01-09selinux: allow context mounts on tmpfs, ramfs, devpts within user namespacesStephen Smalley1-3/+7
2017-01-09selinux: handle ICMPv6 consistently with ICMPStephen Smalley1-1/+2
2017-01-09selinux: add security in-core xattr support for tracefsYongqin Liu1-0/+1
2017-01-09selinux: support distinctions among all network address familiesStephen Smalley5-2/+147
2016-12-24Replace <asm/uaccess.h> with <linux/uaccess.h> globallyLinus Torvalds4-4/+4
2016-12-22Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmo...Linus Torvalds1-0/+2
2016-12-21selinux: use the kernel headers when building scripts/selinuxPaul Moore1-0/+2
2016-12-20ima: platform-independent hash valueAndreas Steffen1-2/+4
2016-12-20ima: define a canonical binary_runtime_measurements list formatMimi Zohar5-13/+62
2016-12-20ima: support restoring multiple template formatsMimi Zohar1-3/+49
2016-12-20ima: store the builtin/custom template definitions in a listMimi Zohar3-11/+43
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-15 23:34:22 +0000