aboutsummaryrefslogtreecommitdiffstats
path: root/security
AgeCommit message (Expand)AuthorFilesLines
17 hoursMerge tag 'integrity-v6.10' of ssh://ra.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds17-90/+325
17 hoursMerge tag 'selinux-pr-20240513' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds12-126/+146
18 hoursMerge tag 'lsm-pr-20240513' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds4-4/+0
30 hoursMerge tag 'net-next-6.10' of git://git.kernel.org/pub/scm/linux/kernel/git/ne...Linus Torvalds2-2/+6
2 daysnetlabel: fix RCU annotation for IPv4 options on socket creationDavide Caratti2-2/+6
3 daysMerge tag 'keys-next-6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/g...Linus Torvalds3-24/+30
3 daysMerge tag 'tpmdd-next-6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds2-53/+106
7 daysKEYS: trusted: Add session encryption protection to the seal/unseal pathJames Bottomley1-27/+61
7 daysKEYS: trusted: tpm2: Use struct tpm_buf for sized buffersJarkko Sakkinen1-23/+31
7 daystpm: Store the length of the tpm_buf data separately.Jarkko Sakkinen1-4/+5
7 daystpm: Remove tpm_send()Jarkko Sakkinen1-2/+12
7 daysdocs: trusted-encrypted: add DCP as new trust sourceDavid Gstir1-0/+19
7 daysKEYS: trusted: Introduce NXP DCP-backed trusted keysDavid Gstir4-1/+328
7 daysKEYS: trusted: improve scalability of trust source configDavid Gstir1-2/+8
7 dayskeys: Fix overwrite of key expiration on instantiationSilvio Gissi1-1/+2
7 dayskeys: update key quotas in key_put()Luis Henriques3-23/+28
2024-04-30selinux: constify source policy in cond_policydb_dup()Christian Göttsche4-14/+17
2024-04-30selinux: avoid printk_ratelimit()Christian Göttsche1-2/+1
2024-04-30selinux: pre-allocate the status pageChristian Göttsche1-0/+6
2024-04-15lsm: remove the now superfluous sentinel element from ctl_table arrayJoel Granados4-4/+0
2024-04-12ima: add crypto agility support for template-hash algorithmEnrico Bravi4-18/+132
2024-04-09evm: Rename is_unsupported_fs to is_unsupported_hmac_fsStefan Berger1-9/+10
2024-04-09fs: Rename SB_I_EVM_UNSUPPORTED to SB_I_EVM_HMAC_UNSUPPORTEDStefan Berger1-1/+1
2024-04-09evm: Enforce signatures on unsupported filesystem for EVM_INIT_X509Stefan Berger1-5/+7
2024-04-09ima: re-evaluate file integrity on file metadata changeStefan Berger1-1/+13
2024-04-09evm: Store and detect metadata inode attributes changesStefan Berger3-10/+49
2024-04-09ima: Move file-change detection variables into new structureStefan Berger4-13/+10
2024-04-09evm: Use the metadata inode to calculate metadata hashStefan Berger1-1/+1
2024-04-09evm: Implement per signature type decision in security_inode_copy_up_xattrStefan Berger1-3/+28
2024-04-09security: allow finer granularity in permitting copy-up of security xattrsStefan Berger4-5/+6
2024-04-09ima: Rename backing_inode to real_inodeStefan Berger1-8/+10
2024-04-08integrity: Avoid -Wflex-array-member-not-at-end warningsGustavo A. R. Silva7-15/+31
2024-04-08ima: define an init_module critical data recordMimi Zohar1-0/+7
2024-04-08ima: Fix use-after-free on a dentry's dname.nameStefan Berger2-7/+26
2024-04-04selinux: clarify return code in filename_trans_read_helper_compat()Ondrej Mosnacek1-0/+1
2024-04-03security: Place security_path_post_mknod() where the original IMA call wasRoberto Sassu1-2/+2
2024-04-01selinux: avoid dereference of garbage after mount failureChristian Göttsche1-5/+7
2024-03-27selinux: use u32 as bit position type in ebitmap codeChristian Göttsche2-35/+34
2024-03-27selinux: improve symtab string hashingChristian Göttsche1-11/+11
2024-03-27selinux: dump statistics for more hash tablesChristian Göttsche2-7/+19
2024-03-27selinux: make more use of current_sid()Christian Göttsche2-21/+8
2024-03-27selinux: update numeric format specifiers for ebitmapsChristian Göttsche1-6/+6
2024-03-26selinux: improve error checking in sel_write_load()Paul Moore1-14/+16
2024-03-26selinux: cleanup selinux_lsm_getattr()Paul Moore1-18/+18
2024-03-26selinux: reject invalid ebitmapsChristian Göttsche1-0/+11
2024-03-14Merge tag 'mm-nonmm-stable-2024-03-14-09-36' of git://git.kernel.org/pub/scm/...Linus Torvalds1-2/+0
2024-03-14Merge tag 'lsm-pr-20240314' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds5-18/+24
2024-03-14Merge tag 'landlock-6.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds10-23/+293
2024-03-14lsm: handle the NULL buffer case in lsm_fill_user_ctx()Paul Moore1-1/+7
2024-03-14lsm: use 32-bit compatible data types in LSM syscallsCasey Schaufler5-17/+17
2024-03-12Merge tag 'lsm-pr-20240312' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds21-832/+1020
2024-03-12Merge tag 'selinux-pr-20240312' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds22-731/+724
2024-03-12Merge tag 'net-next-6.9' of git://git.kernel.org/pub/scm/linux/kernel/git/net...Linus Torvalds2-26/+122
2024-03-12Merge tag 'Smack-for-6.9' of https://github.com/cschaufler/smack-nextLinus Torvalds1-46/+56
2024-03-08landlock: Use f_cred in security_file_open() hookMickaël Salaün1-7/+11
2024-03-08landlock: Rename "ptrace" files to "task"Mickaël Salaün4-9/+9
2024-03-08landlock: Simplify current_check_access_socket()Mickaël Salaün1-4/+3
2024-03-07Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski2-2/+4
2024-03-07landlock: Warn once if a Landlock action is requested while disabledMickaël Salaün1-3/+15
2024-03-05Merge tag 'integrity-v6.8-fix' of git://git.kernel.org/pub/scm/linux/kernel/g...Linus Torvalds1-1/+2
2024-03-01tomoyo: fix UAF write bug in tomoyo_write_control()Tetsuo Handa1-1/+2
2024-02-29Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski3-4/+4
2024-02-29Merge tag 'landlock-6.8-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds1-2/+2
2024-02-27Merge tag 'lsm-pr-20240227' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds2-2/+2
2024-02-27landlock: Add support for KUnit testsMickaël Salaün4-0/+255
2024-02-26landlock: Fix asymmetric private inodes referringMickaël Salaün1-2/+2
2024-02-23selinux: fix style issues in security/selinux/ss/symtab.cPaul Moore1-1/+3
2024-02-23selinux: fix style issues in security/selinux/ss/symtab.hPaul Moore1-5/+4
2024-02-23selinux: fix style issues in security/selinux/ss/sidtab.cPaul Moore1-32/+37
2024-02-23selinux: fix style issues in security/selinux/ss/sidtab.hPaul Moore1-17/+19
2024-02-23selinux: fix style issues in security/selinux/ss/services.hPaul Moore1-1/+2
2024-02-23selinux: fix style issues in security/selinux/ss/policydb.cPaul Moore1-192/+213
2024-02-23selinux: fix style issues in security/selinux/ss/policydb.hPaul Moore1-97/+95
2024-02-23selinux: fix style issues in security/selinux/ss/mls_types.hPaul Moore1-16/+16
2024-02-23selinux: fix style issues in security/selinux/ss/mls.cPaul Moore1-50/+33
2024-02-23selinux: fix style issues in security/selinux/ss/mls.hPaul Moore1-39/+19
2024-02-23selinux: fix style issues in security/selinux/ss/hashtab.cPaul Moore1-12/+11
2024-02-23selinux: fix style issues in security/selinux/ss/hashtab.hPaul Moore1-18/+17
2024-02-23selinux: fix style issues in security/selinux/ss/ebitmap.cPaul Moore1-28/+28
2024-02-23selinux: fix style issues in security/selinux/ss/ebitmap.hPaul Moore1-19/+23
2024-02-23selinux: fix style issues in security/selinux/ss/context.hPaul Moore1-1/+1
2024-02-23selinux: fix style issues in security/selinux/ss/context.hPaul Moore1-19/+22
2024-02-23selinux: fix style issues in security/selinux/ss/constraint.hPaul Moore1-33/+34
2024-02-23selinux: fix style issues in security/selinux/ss/conditional.cPaul Moore1-35/+33
2024-02-23selinux: fix style issues in security/selinux/ss/conditional.hPaul Moore1-12/+11
2024-02-23selinux: fix style issues in security/selinux/ss/avtab.cPaul Moore1-54/+51
2024-02-23selinux: fix style issues in security/selinux/ss/avtab.hPaul Moore1-37/+37
2024-02-23apparmor: fix lsm_get_self_attr()Mickaël Salaün1-1/+1
2024-02-23selinux: fix lsm_get_self_attr()Mickaël Salaün1-1/+1
2024-02-22fortify: drop Clang version check for 12.0.1 or newerNathan Chancellor1-2/+0
2024-02-22treewide: update LLVM Bugzilla linksNathan Chancellor1-1/+1
2024-02-22Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski1-2/+5
2024-02-22lsm: use default hook return value in call_int_hook()Ondrej Mosnacek1-307/+225
2024-02-21lsm: fix typos in security/security.c comment headersPairman Guo1-4/+4
2024-02-16Merge tag 'lsm-pr-20240215' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds1-2/+5
2024-02-16integrity: eliminate unnecessary "Problem loading X.509 certificate" msgCoiby Xu1-1/+2
2024-02-15integrity: Remove LSMRoberto Sassu3-222/+2
2024-02-15ima: Make it independent from 'integrity' LSMRoberto Sassu9-116/+308
2024-02-15evm: Make it independent from 'integrity' LSMRoberto Sassu7-26/+81
2024-02-15evm: Move to LSM infrastructureRoberto Sassu2-49/+112
2024-02-15ima: Move IMA-Appraisal to LSM infrastructureRoberto Sassu4-22/+35
2024-02-15ima: Move to LSM infrastructureRoberto Sassu7-80/+79
2024-02-15integrity: Move integrity_kernel_module_request() to IMARoberto Sassu3-24/+34
2024-02-15security: Introduce key_post_create_or_update hookRoberto Sassu2-1/+25
2024-02-15security: Introduce inode_post_remove_acl hookRoberto Sassu1-0/+17
2024-02-15security: Introduce inode_post_set_acl hookRoberto Sassu1-0/+17
2024-02-15security: Introduce inode_post_create_tmpfile hookRoberto Sassu1-0/+15
2024-02-15security: Introduce path_post_mknod hookRoberto Sassu1-0/+14
2024-02-15security: Introduce file_release hookRoberto Sassu1-0/+11
2024-02-15security: Introduce file_post_open hookRoberto Sassu1-0/+17
2024-02-15security: Introduce inode_post_removexattr hookRoberto Sassu1-0/+14
2024-02-15security: Introduce inode_post_setattr hookRoberto Sassu1-0/+16
2024-02-15security: Align inode_setattr hook definition with EVMRoberto Sassu3-3/+6
2024-02-15evm: Align evm_inode_post_setxattr() definition with LSM infrastructureRoberto Sassu2-2/+4
2024-02-15evm: Align evm_inode_setxattr() definition with LSM infrastructureRoberto Sassu2-2/+3
2024-02-15evm: Align evm_inode_post_setattr() definition with LSM infrastructureRoberto Sassu1-1/+3
2024-02-15ima: Align ima_post_read_file() definition with LSM infrastructureRoberto Sassu1-1/+1
2024-02-15ima: Align ima_inode_removexattr() definition with LSM infrastructureRoberto Sassu2-2/+3
2024-02-15ima: Align ima_inode_setxattr() definition with LSM infrastructureRoberto Sassu2-3/+4
2024-02-15ima: Align ima_file_mprotect() definition with LSM infrastructureRoberto Sassu2-3/+5
2024-02-15ima: Align ima_inode_post_setattr() definition with LSM infrastructureRoberto Sassu1-1/+2
2024-02-14lsm: fix integer overflow in lsm_set_self_attr() syscallJann Horn1-2/+5
2024-02-14Smack: use init_task_smack() in smack_cred_transfer()Casey Schaufler1-6/+1
2024-02-02selinux: only filter copy-up xattrs following initializationDavid Disseldorp1-2/+3
2024-02-02selinux: correct return values in selinux_socket_getpeersec_dgram()Paul Moore1-6/+8
2024-02-01Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski1-5/+40
2024-02-01Merge tag 'lsm-pr-20240131' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds1-5/+40
2024-01-30lsm: fix default return value of the socket_getpeersec_*() hooksOndrej Mosnacek1-4/+27
2024-01-26Merge tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf...Jakub Kicinski2-26/+122
2024-01-26lsm: fix the logic in security_inode_getsecctx()Ondrej Mosnacek1-1/+13
2024-01-25selinux: reduce the object class calculations at inode init timePaul Moore1-5/+4
2024-01-24Merge tag 'integrity-v6.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/g...Linus Torvalds1-4/+0
2024-01-24bpf,selinux: Allocate bpf_security_struct per BPF tokenAndrii Nakryiko1-0/+25
2024-01-24bpf,lsm: Add BPF token LSM hooksAndrii Nakryiko1-0/+60
2024-01-24bpf,lsm: Refactor bpf_map_alloc/bpf_map_free LSM hooksAndrii Nakryiko2-9/+14
2024-01-24bpf,lsm: Refactor bpf_prog_alloc/bpf_prog_free LSM hooksAndrii Nakryiko2-17/+23
2024-01-24smack: Initialize the in-memory inode in smack_inode_init_security()Roberto Sassu1-1/+6
2024-01-24smack: Always determine inode labels in smack_inode_init_security()Roberto Sassu1-39/+39
2024-01-24smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity()Roberto Sassu1-0/+9
2024-01-24smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr()Roberto Sassu1-1/+2
2024-01-24Revert "KEYS: encrypted: Add check for strsep"Mimi Zohar1-4/+0
2024-01-24exec: Check __FMODE_EXEC instead of in_execve for LSMsKees Cook2-2/+5
2024-01-19Merge tag 'apparmor-pr-2024-01-18' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds9-74/+54
2024-01-11Merge tag 'pull-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfsLinus Torvalds1-6/+1
2024-01-11Merge tag 'for-6.8/io_uring-2024-01-08' of git://git.kernel.dk/linuxLinus Torvalds2-2/+2
2024-01-10Merge tag 'header_cleanup-2024-01-10' of https://evilpiepirate.org/git/bcachefsLinus Torvalds2-0/+2
2024-01-09Merge tag 'integrity-v6.8' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds4-7/+51
2024-01-09Merge tag 'landlock-6.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds2-16/+17
2024-01-09Merge tag 'lsm-pr-20240105' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds21-69/+769
2024-01-09Merge tag 'selinux-pr-20240105' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds19-600/+538
2024-01-09Merge tag 'mm-nonmm-stable-2024-01-09-10-33' of git://git.kernel.org/pub/scm/...Linus Torvalds1-2/+2
2024-01-09Merge tag 'mm-stable-2024-01-08-15-31' of git://git.kernel.org/pub/scm/linux/...Linus Torvalds1-1/+1
2024-01-09apparmor: Fix memory leak in unpack_profile()Gaosheng Cui1-0/+2
2024-01-08mm, treewide: rename MAX_ORDER to MAX_PAGE_ORDERKirill A. Shutemov1-1/+1
2024-01-08Merge tag 'vfs-6.8.iov_iter' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds1-3/+2
2024-01-08Merge tag 'vfs-6.8.rw' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfsLinus Torvalds1-8/+2
2024-01-04selinux: Fix error priority for bind with AF_UNSPEC on PF_INET6 socketMickaël Salaün1-0/+7
2024-01-04apparmor: avoid crash when parsed profile name is emptyFedor Pchelkin1-0/+4
2024-01-04apparmor: fix possible memory leak in unpack_trans_tableFedor Pchelkin2-4/+4
2024-01-03apparmor: Fix move_mount mediation by detecting if source is detachedJohn Johansen2-0/+5
2024-01-03apparmor: free the allocated pdb objectsFedor Pchelkin1-6/+7
2024-01-03landlock: Optimize the number of calls to get_access_mask slightlyGünther Noack1-2/+3
2024-01-03landlock: Remove remaining "inline" modifiers in .c files [v6.6]Günther Noack1-1/+1
2024-01-03landlock: Remove remaining "inline" modifiers in .c files [v6.1]Günther Noack1-9/+9
2024-01-03landlock: Remove remaining "inline" modifiers in .c files [v5.15]Günther Noack2-4/+4
2023-12-29apparmor: Fix ref count leak in task_killJohn Johansen1-1/+0
2023-12-24lsm: new security_file_ioctl_compat() hookAlfred Piccioni4-0/+48
2023-12-22selinux: fix style issues in security/selinux/include/initial_sid_to_string.hPaul Moore1-29/+28
2023-12-22selinux: fix style issues in security/selinux/include/xfrm.hPaul Moore1-2/+2
2023-12-22selinux: fix style issues in security/selinux/include/security.hPaul Moore1-80/+75
2023-12-22selinux: fix style issues with security/selinux/include/policycap_names.hPaul Moore1-0/+3
2023-12-22selinux: fix style issues in security/selinux/include/policycap.hPaul Moore1-0/+1
2023-12-22selinux: fix style issues in security/selinux/include/objsec.hPaul Moore1-64/+65
2023-12-22selinux: fix style issues with security/selinux/include/netlabel.hPaul Moore1-33/+20
2023-12-22selinux: fix style issues in security/selinux/include/netif.hPaul Moore1-2/+2
2023-12-22selinux: fix style issues in security/selinux/include/ima.hPaul Moore1-1/+1
2023-12-22selinux: fix style issues in security/selinux/include/conditional.hPaul Moore1-2/+2
2023-12-22selinux: fix style issues in security/selinux/include/classmap.hPaul Moore1-210/+132
2023-12-22selinux: fix style issues in security/selinux/include/avc_ss.hPaul Moore1-1/+1
2023-12-22selinux: align avc_has_perm_noaudit() prototype with definitionPaul Moore1-1/+1
2023-12-22selinux: fix style issues in security/selinux/include/avc.hPaul Moore1-26/+15
2023-12-22selinux: fix style issues in security/selinux/include/audit.hPaul Moore1-1/+0
2023-12-21apparmorfs: don't duplicate kfree_link()Al Viro1-6/+1
2023-12-21keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiryDavid Howells4-22/+37
2023-12-20shm: Slim down dependenciesKent Overstreet2-0/+2
2023-12-20kexec_file: print out debugging message if requiredBaoquan He1-2/+2
2023-12-20evm: add support to disable EVM on unsupported filesystemsMimi Zohar1-1/+34
2023-12-20evm: don't copy up 'security.evm' xattrMimi Zohar2-1/+8
2023-12-15cred: get rid of CONFIG_DEBUG_CREDENTIALSJens Axboe1-6/+0
2023-12-12fsnotify: optionally pass access range in file permission hooksAmir Goldstein1-7/+1
2023-12-12fsnotify: split fsnotify_perm() into two hooksAmir Goldstein1-2/+2
2023-12-12io_uring: split out cmd api into a separate headerPavel Begunkov2-2/+2
2023-12-07selinux: remove the wrong comment about multithreaded process handlingMunehisa Kamata1-1/+0
2023-12-05iov_iter: replace import_single_range() with import_ubuf()Jens Axboe1-2/+2
2023-12-05iov_iter: remove unused 'iov' argument from import_single_range()Jens Axboe1-2/+1
2023-11-27KEYS: encrypted: Add check for strsepChen Ni1-0/+4
2023-11-27ima: Remove EXPERIMENTAL from KconfigEric Snowberg1-1/+1
2023-11-27ima: Reword IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARYEric Snowberg1-5/+5
2023-11-26apparmor: cleanup network hook commentsJohn Johansen1-44/+16
2023-11-21selinux: introduce an initial SID for early boot processesOndrej Mosnacek7-2/+76
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-16 09:01:46 +0000