aboutsummaryrefslogtreecommitdiffstats
path: root/security
AgeCommit message (Expand)AuthorFilesLines
2024-03-06landlock: Fix asymmetric private inodes referringMickaël Salaün1-2/+2
2024-03-06tomoyo: fix UAF write bug in tomoyo_write_control()Tetsuo Handa1-1/+2
2024-02-23apparmor: Free up __cleanup() namePeter Zijlstra1-3/+3
2024-02-23lsm: fix the logic in security_inode_getsecctx()Ondrej Mosnacek1-1/+13
2024-01-31lsm: new security_file_ioctl_compat() hookAlfred Piccioni4-0/+48
2024-01-25Revert "KEYS: encrypted: Add check for strsep"Mimi Zohar1-4/+0
2024-01-25apparmor: avoid crash when parsed profile name is emptyFedor Pchelkin1-0/+4
2024-01-25selinux: Fix error priority for bind with AF_UNSPEC on PF_INET6 socketMickaël Salaün1-0/+7
2024-01-25KEYS: encrypted: Add check for strsepChen Ni1-0/+4
2024-01-01keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiryDavid Howells4-22/+37
2023-11-28ima: detect changes to the backing overlay fileMimi Zohar3-1/+22
2023-11-28ima: annotate iint mutex to avoid lockdep false positive warningsAmir Goldstein1-11/+37
2023-11-28KEYS: trusted: Rollback init_trusted() consistentlyJarkko Sakkinen1-10/+10
2023-11-28KEYS: trusted: tee: Refactor register SHM usageSumit Garg1-44/+20
2023-11-20apparmor: fix invalid reference on profile->disconnectedGeorgia Garcia2-2/+4
2023-11-20apparmor: test: make static symbols visible during kunit testingRae Moar5-168/+196
2023-10-19KEYS: trusted: Remove redundant static calls usageSumit Garg1-8/+5
2023-10-10ima: rework CONFIG_IMA dependency blockArnd Bergmann1-12/+6
2023-10-10ima: Finish deprecation of IMA_TRUSTED_KEYRING KconfigOleksandr Tymoshenko1-2/+2
2023-10-06smack: Retrieve transmuting information in smack_inode_getsecurity()Roberto Sassu1-4/+18
2023-10-06smack: Record transmuting in smk_transmutedRoberto Sassu2-12/+30
2023-09-23selinux: fix handling of empty opts in selinux_fs_context_submount()Ondrej Mosnacek1-2/+8
2023-09-13smackfs: Prevent underflow in smk_set_cipso()Dan Carpenter1-1/+1
2023-09-13ima: Remove deprecated IMA_TRUSTED_KEYRING KconfigNayna Jain1-12/+0
2023-09-13vfs, security: Fix automount superblock LSM init problem, preventing NFS sb s...David Howells3-0/+87
2023-09-13security: keys: perform capable check only on privileged operationsChristian Göttsche1-3/+8
2023-08-30selinux: set next pointer before attaching to listChristian Göttsche1-1/+1
2023-07-27security: keys: Modify mismatched function nameJiapeng Chong1-1/+1
2023-07-27keys: Fix linking a duplicate key to a keyring's assoc_arrayPetr Pavlu1-11/+24
2023-07-19integrity: Fix possible multiple allocation in integrity_inode_get()Tianjia Zhang1-6/+9
2023-07-19apparmor: fix missing error check for rhashtable_insert_fastDanila Chernetsov1-2/+7
2023-07-19ima: Fix build warningsRoberto Sassu2-1/+5
2023-07-19evm: Fix build warningsRoberto Sassu2-2/+2
2023-07-19evm: Complete description of evm_inode_setattr()Roberto Sassu1-0/+2
2023-06-09selinux: don't use make's grouped targets feature yetPaul Moore1-1/+5
2023-05-11selinux: ensure av_permissions.h is built when neededPaul Moore1-1/+1
2023-05-11selinux: fix Makefile dependencies of flask.hOndrej Mosnacek1-2/+2
2023-05-11IMA: allow/fix UML buildsRandy Dunlap1-1/+1
2023-03-30keys: Do not cache key in task struct if key is requested from kernel threadDavid Howells1-3/+6
2023-03-10ima: Align ima_file_mmap() parameters with mmap_file LSM hookRoberto Sassu2-5/+9
2023-03-10ima: fix error handling logic when file measurement failedMatt Bobrowski2-2/+2
2023-02-25randstruct: disable Clang 15 supportEric Biggers1-0/+3
2023-02-09use less confusing names for iov_iter direction initializersAl Viro1-2/+2
2023-02-01tomoyo: fix broken dependency on *.conf.defaultMasahiro Yamada1-1/+1
2023-01-07device_cgroup: Roll back to original exceptions after copy failureWang Weiyang1-4/+29
2023-01-07ima: Fix memory leak in __ima_inode_hash()Roberto Sassu1-1/+6
2023-01-07ima: Fix a potential NULL pointer access in ima_restore_measurement_listHuaxin Lu1-1/+4
2023-01-07efi: Add iMac Pro 2017 to uefi skip cert quirkAditya Garg1-0/+1
2023-01-07ima: Fix hash dependency to correct algorithmTianjia Zhang1-1/+1
2022-12-31security: Restrict CONFIG_ZERO_CALL_USED_REGS to gcc or clang > 15.0.6Nathan Chancellor1-0/+3
2022-12-31ima: Simplify ima_lsm_copy_ruleGUO Zihua1-7/+3
2022-12-31LoadPin: Ignore the "contents" argument of the LSM hooksKees Cook1-12/+18
2022-12-31apparmor: Fix memleak in alloc_ns()Xiu Jianfeng1-1/+1
2022-12-31apparmor: Use pointer to struct aa_label for lbs_credXiu Jianfeng1-2/+2
2022-12-31apparmor: Fix regression in stacking due to label flagsJohn Johansen1-5/+7
2022-12-31apparmor: Fix abi check to include v8 abiJohn Johansen1-1/+1
2022-12-31apparmor: fix lockdep warning when removing a namespaceJohn Johansen1-1/+1
2022-12-31apparmor: fix a memleak in multi_transaction_new()Gaosheng Cui1-1/+3
2022-12-31ima: Fix misuse of dereference of pointer in template_desc_init_fields()Xiu Jianfeng1-2/+2
2022-12-31integrity: Fix memory leakage in keyring allocation error pathGUO Zihua1-1/+5
2022-12-31ima: Handle -ESTALE returned by ima_filter_rule_match()GUO Zihua1-9/+32
2022-12-21KEYS: encrypted: fix key instantiation with user-provided dataNikolaus Voss1-3/+3
2022-10-31Merge tag 'lsm-pr-20221031' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds1-2/+4
2022-10-28capabilities: fix potential memleak on error path from vfs_getxattr_alloc()Gaosheng Cui1-2/+4
2022-10-19selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context()GONG, Ruiqi3-5/+6
2022-10-10Merge tag 'mm-stable-2022-10-08' of git://git.kernel.org/pub/scm/linux/kernel...Linus Torvalds1-0/+4
2022-10-10Merge tag 'tpmdd-next-v6.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-1/+1
2022-10-09Merge tag 'powerpc-6.1-1' of git://git.kernel.org/pub/scm/linux/kernel/git/po...Linus Torvalds1-0/+2
2022-10-06Merge tag 'pull-path' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfsLinus Torvalds4-5/+5
2022-10-06Merge tag 'pull-tomoyo' of git://git.kernel.org/pub/scm/linux/kernel/git/viro...Linus Torvalds4-10/+5
2022-10-05security/keys: Remove inconsistent __user annotationVincenzo Frascino1-1/+1
2022-10-04Merge tag 'net-next-6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/net...Linus Torvalds1-2/+0
2022-10-04Merge tag 'landlock-6.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds2-21/+21
2022-10-03Merge tag 'fs.acl.rework.prep.v6.1' of git://git.kernel.org/pub/scm/linux/ker...Linus Torvalds1-3/+14
2022-10-03Merge tag 'lsm-pr-20221003' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds5-14/+18
2022-10-03Merge tag 'selinux-pr-20221003' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds6-53/+46
2022-10-03Merge tag 'integrity-v6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds2-5/+9
2022-10-03Merge tag 'Smack-for-6.1' of https://github.com/cschaufler/smack-nextLinus Torvalds2-12/+17
2022-10-03Merge tag 'hardening-v6.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/g...Linus Torvalds3-6/+31
2022-10-03security: kmsan: fix interoperability with auto-initializationAlexander Potapenko1-0/+4
2022-10-03Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-nextJakub Kicinski1-2/+0
2022-09-30efi: Correct Macmini DMI match in uefi cert quirkOrlando Chamberlain1-1/+1
2022-09-29hardening: Remove Clang's enable flag for -ftrivial-auto-var-init=zeroKees Cook1-4/+10
2022-09-29landlock: Fix documentation styleMickaël Salaün1-20/+20
2022-09-29landlock: Slightly improve documentation and fix spellingMickaël Salaün1-1/+1
2022-09-28powerpc/rtas: block error injection when locked downNathan Lynch1-0/+1
2022-09-28powerpc/pseries: block untrusted device tree changes when locked downNathan Lynch1-0/+1
2022-09-27smack: cleanup obsolete mount option flagsXiu Jianfeng1-9/+0
2022-09-27smack: lsm: remove the unneeded result variableXu Panda1-3/+1
2022-09-27SMACK: Add sk_clone_security LSM hookLontke Michael1-0/+16
2022-09-21KEYS: Move KEY_LOOKUP_ to include/linux/key.h and define KEY_LOOKUP_ALLRoberto Sassu1-2/+0
2022-09-14selinux: remove the unneeded result variableXu Panda1-15/+9
2022-09-14lockdown: ratelimit denial messagesNathan Lynch1-1/+1
2022-09-07LoadPin: Require file with verity root digests to have a headerMatthias Kaehlcke2-2/+21
2022-09-07LoadPin: Fix Kconfig doc about format of file with verity digestsMatthias Kaehlcke1-1/+1
2022-09-02Merge tag 'landlock-6.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds1-23/+25
2022-09-02landlock: Fix file reparenting without explicit LANDLOCK_ACCESS_FS_REFERMickaël Salaün1-23/+25
2022-09-01->getprocattr(): attribute name is const char *, TYVM...Al Viro4-5/+5
2022-08-31Merge tag 'lsm-pr-20220829' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds4-1/+61
2022-08-31acl: move idmapping handling into posix_acl_xattr_set()Christian Brauner1-3/+14
2022-08-30selinux: declare read-only parameters constChristian Göttsche4-29/+31
2022-08-30selinux: use int arrays for boolean valuesChristian Göttsche1-5/+5
2022-08-30selinux: remove an unneeded variable in sel_make_class_dir_entries()ye xingchen1-4/+1
2022-08-26Smack: Provide read control for io_uring_cmdCasey Schaufler1-0/+32
2022-08-26selinux: implement the security_uring_cmd() LSM hookPaul Moore2-1/+25
2022-08-26lsm,io_uring: add LSM hooks for the new uring_cmd file opLuis Chamberlain1-0/+4
2022-08-23ima: fix blocking of security.ima xattrs of unsupported algorithmsMimi Zohar1-4/+8
2022-08-21tomoyo: struct path it might get from LSM callers won't have NULL dentry or mntAl Viro2-8/+3
2022-08-21tomoyo: use vsnprintf() properlyAl Viro2-2/+2
2022-08-19Merge tag 'hardening-v6.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/g...Linus Torvalds1-4/+2
2022-08-16selinux: Implement userns_create hookFrederick Lawler2-0/+11
2022-08-16security, lsm: Introduce security_create_user_ns()Frederick Lawler1-0/+5
2022-08-16LoadPin: Return EFAULT on copy_from_user() failuresKees Cook1-4/+2
2022-08-15lsm: clean up redundant NULL pointer checkXiu Jianfeng1-13/+1
2022-08-10Merge tag 'apparmor-pr-2022-08-08' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds29-338/+486
2022-08-02Merge tag 'linux-kselftest-kunit-5.20-rc1' of git://git.kernel.org/pub/scm/li...Linus Torvalds1-6/+6
2022-08-02Merge tag 'integrity-v6.0' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds1-29/+23
2022-08-02Merge tag 'safesetid-6.0' of https://github.com/micah-morton/linuxLinus Torvalds2-9/+35
2022-08-02Merge tag 'Smack-for-6.0' of https://github.com/cschaufler/smack-nextLinus Torvalds2-12/+2
2022-08-02Merge tag 'selinux-pr-20220801' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds5-13/+19
2022-08-02Merge tag 'hardening-v5.20-rc1' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds2-1/+182
2022-08-01smack: Remove the redundant lsm_inode_allocXiu Jianfeng1-7/+0
2022-08-01smack: Replace kzalloc + strncpy with kstrndupGONG, Ruiqi1-5/+2
2022-08-01Merge tag 'x86_kdump_for_v6.0_rc1' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds1-1/+1
2022-08-01Merge tag 'fs.idmapped.vfsuid.v5.20' of git://git.kernel.org/pub/scm/linux/ke...Linus Torvalds2-7/+10
2022-07-20apparmor: correct config reference to intended oneLukas Bulwahn1-1/+1
2022-07-20lockdown: Fix kexec lockdown bypass with ima policyEric Snowberg1-0/+4
2022-07-19apparmor: move ptrace mediation to more logical task.{h,c}John Johansen5-128/+133
2022-07-19apparmor: extend policydb permission set by making use of the xbitsJohn Johansen4-5/+25
2022-07-19apparmor: allow label to carry debug flagsJohn Johansen6-8/+20
2022-07-19apparmor: fix overlapping attachment computationJohn Johansen2-2/+2
2022-07-19apparmor: fix setting unconfined mode on a loaded profileJohn Johansen1-5/+7
2022-07-19apparmor: Fix some kernel-doc commentsYang Li1-6/+6
2022-07-19apparmor: Mark alloc_unconfined() as staticSouptick Joarder (HPE)1-1/+1
2022-07-15LSM: SafeSetID: Add setgroups() security policy handlingMicah Morton1-9/+30
2022-07-15security: Add LSM hook to setgroups() syscallMicah Morton1-0/+5
2022-07-14Merge tag 'integrity-v5.19-fix' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds5-9/+10
2022-07-13apparmor: disable showing the mode as part of a secid to secctxJohn Johansen3-6/+20
2022-07-13apparmor: Convert secid mapping to XArrays instead of IDRMatthew Wilcox3-32/+13
2022-07-13apparmor: add a kernel label to use on kernel objectsJohn Johansen4-13/+37
2022-07-13evm: Use IS_ENABLED to initialize .enabledXiu Jianfeng1-29/+23
2022-07-13ima: Fix potential memory leak in ima_init_crypto()Jianglei Nie1-0/+1
2022-07-13ima: force signature verification when CONFIG_KEXEC_SIG is configuredCoiby Xu1-0/+2
2022-07-09apparmor: test: Remove some casts which are no-longer requiredDavid Gow1-6/+6
2022-07-09apparmor: Fix memleak in aa_simple_write_to_buffer()Xiu Jianfeng1-1/+1
2022-07-09apparmor: fix reference count leak in aa_pivotroot()Xin Xiong1-0/+1
2022-07-09apparmor: Fix some kernel-doc commentsYang Li1-2/+1
2022-07-09apparmor: Fix undefined reference to `zlib_deflate_workspacesize'John Johansen2-31/+40
2022-07-09apparmor: fix aa_label_asxprint return checkTom Rix1-3/+3
2022-07-09apparmor: Fix some kernel-doc commentsYang Li1-4/+4
2022-07-09apparmor: Fix some kernel-doc commentsYang Li1-2/+3
2022-07-09apparmor: Fix match_mnt_path_str() and match_mnt() kernel-doc commentYang Li1-2/+2
2022-07-09apparmor: Use struct_size() helper in kmalloc()Gustavo A. R. Silva1-1/+1
2022-07-09apparmor: Fix failed mount permission check error messageJohn Johansen1-3/+4
2022-07-09security/apparmor: remove redundant ret variableMinghao Chi1-4/+1
2022-07-09apparmor: fix quiet_denied for file rulesJohn Johansen1-1/+1
2022-07-09apparmor: resolve uninitialized symbol warnings in policy_unpack_test.cMike Salvatore1-8/+8
2022-07-09apparmor: don't create raw_sha1 symlink if sha1 hashing is disabledJohn Johansen1-8/+9
2022-07-09apparmor: Enable tuning of policy paranoid load for embedded systemsJohn Johansen3-2/+15
2022-07-09apparmor: make export of raw binary profile to userspace optionalJohn Johansen7-52/+111
2022-07-09apparmor: Update help description of policy hash for introspectionJohn Johansen1-1/+4
2022-07-09lsm: Fix kernel-docYang Li1-5/+5
2022-07-09apparmor: Fix kernel-docYang Li3-4/+4
2022-07-09apparmor: fix absroot causing audited secids to begin with =John Johansen2-3/+9
2022-07-08LoadPin: Enable loading from trusted dm-verity devicesMatthias Kaehlcke2-1/+182
2022-07-07ima: Fix a potential integer overflow in ima_appraise_measurementHuaxin Lu1-1/+2
2022-07-06ima: fix violation measurement list recordMimi Zohar1-3/+3
2022-07-06apparmor: test: Remove some casts which are no-longer requiredDavid Gow1-6/+6
2022-07-01x86/kexec: Carry forward IMA measurement log on kexecJonathan McDowell1-1/+1
2022-06-29x86/retbleed: Add fine grained Kconfig knobsPeter Zijlstra1-11/+0
2022-06-26attr: port attribute changes to new typesChristian Brauner1-2/+2
2022-06-26security: pass down mount idmapping to setattr hookChristian Brauner2-5/+8
2022-06-26fs: port to iattr ownership update helpersChristian Brauner1-2/+2
2022-06-20selinux: selinux_add_opt() callers free memoryXiu Jianfeng1-7/+4
2022-06-15selinux: free contexts previously transferred in selinux_add_opt()Christian Göttsche1-7/+4
2022-06-15Revert "evm: Fix memleak in init_desc"Xiu Jianfeng1-5/+2
2022-06-14selinux: Add boundary check in put_entry()Xiu Jianfeng1-0/+2
2022-06-13selinux: fix memleak in security_read_state_kernel()Xiu Jianfeng1-1/+8
2022-06-10selinux: fix typos in commentsJonas Lindner2-3/+3
2022-06-08KEYS: trusted: tpm2: Fix migratable logicDavid Safford1-2/+2
2022-06-07selinux: drop unnecessary NULL checkChristian Göttsche1-1/+1
2022-06-07selinux: add __randomize_layout to selinux_audit_dataGONG, Ruiqi1-1/+1
2022-06-04Merge tag 'pull-18-rc1-work.mount' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds1-0/+1
2022-05-25Merge tag 'linux-kselftest-kunit-5.19-rc1' of git://git.kernel.org/pub/scm/li...Linus Torvalds1-3/+3
2022-05-24Merge tag 'integrity-v5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds16-52/+395
2022-05-24Merge tag 'tpmdd-next-v5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel...Linus Torvalds6-43/+174
2022-05-24Merge tag 'Smack-for-5.19' of https://github.com/cschaufler/smack-nextLinus Torvalds1-1/+0
2022-05-24Merge tag 'landlock-5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds14-286/+848
2022-05-24Merge tag 'selinux-pr-20220523' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds21-81/+93
2022-05-24Merge tag 'kernel-hardening-v5.19-rc1' of git://git.kernel.org/pub/scm/linux/...Linus Torvalds5-58/+115
2022-05-24lockdown: also lock down previous kgdb useDaniel Thompson1-0/+2
2022-05-23smack: Remove redundant assignmentsMichal Orzel1-1/+0
2022-05-23KEYS: trusted: Introduce support for NXP CAAM-based trusted keysAhmad Fatoum4-2/+97
2022-05-23KEYS: trusted: allow use of kernel RNG for key materialAhmad Fatoum1-1/+34
2022-05-23KEYS: trusted: allow use of TEE as backend without TCG_TPM supportAhmad Fatoum4-17/+42
2022-05-23certs: Factor out the blacklist hash creationMickaël Salaün1-24/+2
2022-05-23landlock: Add support for file reparenting with LANDLOCK_ACCESS_FS_REFERMickaël Salaün3-76/+528
2022-05-23LSM: Remove double path_rename hook calls for RENAME_EXCHANGEMickaël Salaün4-15/+46
2022-05-23landlock: Move filesystem helpers and add a new oneMickaël Salaün1-41/+46
2022-05-23landlock: Fix same-layer rule unionsMickaël Salaün2-26/+54
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-15 10:46:48 +0000