aboutsummaryrefslogtreecommitdiffstats
path: root/security
AgeCommit message (Expand)AuthorFilesLines
2020-01-04Merge tag 'apparmor-pr-2020-01-04' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds5-47/+55
2020-01-04apparmor: fix aa_xattrs_match() may sleep while holding a RCU lockJohn Johansen3-42/+46
2020-01-02apparmor: only get a label reference if the fast path check failsJohn Johansen1-4/+8
2020-01-02apparmor: fix bind mounts aborting with -ENOMEMPatrick Steinhardt1-1/+1
2019-12-31Merge tag 'tomoyo-fixes-for-5.5' of git://git.osdn.net/gitroot/tomoyo/tomoyo-...Linus Torvalds5-44/+27
2019-12-18Merge tag 'tpmdd-next-20191219' of git://git.infradead.org/users/jjs/linux-tpmddLinus Torvalds5-12/+4
2019-12-17security: keys: trusted: fix lost handle flushJames Bottomley1-0/+1
2019-12-16tomoyo: Suppress RCU warning at list_for_each_entry_rcu().Tetsuo Handa4-13/+26
2019-12-12KEYS: remove CONFIG_KEYS_COMPATEric Biggers4-12/+3
2019-12-11tomoyo: Don't use nifty names on sockets.Tetsuo Handa1-31/+1
2019-12-09treewide: Use sizeof_field() macroPankaj Bharadiya1-2/+2
2019-12-03Merge tag 'apparmor-pr-2019-12-03' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds15-165/+526
2019-12-01Merge tag 'y2038-cleanups-5.5' of git://git.kernel.org:/pub/scm/linux/kernel/...Linus Torvalds1-7/+3
2019-11-30Merge tag 'selinux-pr-20191126' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds9-5/+74
2019-11-30Merge tag 'powerpc-5.5-1' of git://git.kernel.org/pub/scm/linux/kernel/git/po...Linus Torvalds12-97/+328
2019-11-30Merge tag 'notifications-pipe-prep-20191115' of git://git.kernel.org/pub/scm/...Linus Torvalds1-1/+0
2019-11-29x86/efi: remove unused variablesYueHaibing1-5/+0
2019-11-27Merge tag 'drm-next-2019-11-27' of git://anongit.freedesktop.org/drm/drmLinus Torvalds1-2/+13
2019-11-27Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netLinus Torvalds1-2/+2
2019-11-26Merge branch 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kerne...Linus Torvalds1-2/+2
2019-11-26Merge branch 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds4-1/+103
2019-11-26net: port < inet_prot_sock(net) --> inet_port_requires_bind_service(net, port)Maciej Żenczykowski1-2/+2
2019-11-25Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-nextLinus Torvalds1-1/+3
2019-11-22apparmor: make it so work buffers can be allocated from atomic contextJohn Johansen6-38/+62
2019-11-22apparmor: reduce rcu_read_lock scope for aa_file_perm mediationJohn Johansen1-3/+3
2019-11-22apparmor: fix wrong buffer allocation in aa_new_mountJohn Johansen1-4/+4
2019-11-22apparmor: fix unsigned len comparison with less than zeroColin Ian King1-5/+7
2019-11-15y2038: move itimer reset into itimer.cArnd Bergmann1-7/+3
2019-11-14Merge v5.4-rc7 into drm-nextDave Airlie1-0/+1
2019-11-13Merge branch 'topic/secureboot' into nextMichael Ellerman11-92/+326
2019-11-12KEYS: trusted: Remove set but not used variable 'keyhndl'zhengbin1-2/+0
2019-11-12KEYS: trusted: Move TPM2 trusted keys codeSumit Garg3-2/+317
2019-11-12KEYS: trusted: Create trusted keys subsystemSumit Garg3-2/+9
2019-11-12KEYS: Use common tpm_buf for trusted and asymmetric keysSumit Garg1-55/+43
2019-11-12tpm: Move tpm_buf code to include/linux/Sumit Garg1-6/+6
2019-11-13powerpc: Load firmware trusted keys/hashes into kernel keyringNayna Jain3-1/+108
2019-11-13x86/efi: move common keyring handler functions to new fileNayna Jain4-67/+115
2019-11-12ima: Check against blacklisted hashes for files with modsigNayna Jain5-6/+60
2019-11-12ima: Make process_buffer_measurement() genericNayna Jain2-18/+43
2019-11-11Merge tag 'v5.4-rc7' into perf/core, to pick up fixesIngo Molnar1-0/+1
2019-11-02Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netDavid S. Miller1-0/+1
2019-10-31efi/efi_test: Lock down /dev/efi_test and require CAP_SYS_ADMINJavier Martinez Canillas1-0/+1
2019-10-31Merge branch 'for-mingo' of git://git.kernel.org/pub/scm/linux/kernel/git/pau...Ingo Molnar1-2/+2
2019-10-30security/safesetid: Replace rcu_swap_protected() with rcu_replace_pointer()Paul E. McKenney1-2/+2
2019-10-28powerpc/xmon: Restrict when kernel is locked downChristopher M. Riedl1-0/+2
2019-10-26Merge tag 'drm-next-5.5-2019-10-09' of git://people.freedesktop.org/~agd5f/li...Dave Airlie1-2/+13
2019-10-23pipe: Reduce #inclusion of pipe_fs_i.hDavid Howells1-1/+0
2019-10-20Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netDavid S. Miller1-1/+8
2019-10-17perf_event: Add support for LSM and SELinux checksJoel Fernandes (Google)4-1/+103
2019-10-08Merge tag 'selinux-pr-20191007' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-1/+8
2019-10-07selinux: default_range glblub implementationJoshua Brindle7-1/+62
2019-10-07device_cgroup: Export devcgroup_check_permissionHarish Kasiviswanathan1-2/+13
2019-10-05Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netDavid S. Miller1-3/+0
2019-10-05integrity: remove pointless subdir-$(CONFIG_...)Masahiro Yamada1-2/+0
2019-10-05integrity: remove unneeded, broken attempt to add -fshort-wcharMasahiro Yamada1-1/+0
2019-10-03selinux: fix context string corruption in convert_context()Ondrej Mosnacek1-1/+8
2019-10-01net: rtnetlink: add linkprop commands to add and delete alternative ifnamesJiri Pirko1-1/+3
2019-10-01selinux: allow labeling before policy is loadedJonathan Lebon1-0/+12
2019-10-01selinux: remove load size limitzhanglin1-4/+0
2019-09-28Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds10-16/+350
2019-09-27Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds15-105/+627
2019-09-25KEYS: trusted: correctly initialize digests and fix locking issueRoberto Sassu1-0/+5
2019-09-23Merge tag 'smack-for-5.4-rc1' of git://github.com/cschaufler/smack-nextLinus Torvalds2-23/+23
2019-09-23Merge tag 'safesetid-bugfix-5.4' of git://github.com/micah-morton/linuxLinus Torvalds1-1/+2
2019-09-23Merge tag 'selinux-pr-20190917' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds12-296/+346
2019-09-17LSM: SafeSetID: Stop releasing uninitialized rulesetMicah Morton1-1/+2
2019-09-10security: constify some arrays in lockdown LSMMatthew Garrett1-2/+2
2019-09-05keys: Fix missing null pointer check in request_key_auth_describe()Hillf Danton1-0/+6
2019-09-04selinux: fix residual uses of current_security() for the SELinux blobStephen Smalley2-11/+11
2019-09-04smack: use GFP_NOFS while holding inode_smack::smk_lockEric Biggers2-4/+4
2019-09-04security: smack: Fix possible null-pointer dereferences in smack_socket_sock_...Jia-Ju Bai1-0/+2
2019-09-04smack: fix some kernel-doc notationsluanshi1-18/+15
2019-09-04Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is setJann Horn1-1/+2
2019-08-30keys: ensure that ->match_free() is called in request_key_and_link()Eric Biggers1-1/+1
2019-08-29ima: ima_api: Use struct_size() in kzalloc()Gustavo A. R. Silva1-2/+2
2019-08-29ima: use struct_size() in kzalloc()Gustavo A. R. Silva1-3/+2
2019-08-28ima: Fix use after free in ima_read_modsig()Thiago Jung Bauermann1-1/+2
2019-08-27selinux: avoid atomic_t usage in sidtabOndrej Mosnacek2-32/+35
2019-08-19lockdown: Print current->comm in restriction messagesMatthew Garrett1-2/+6
2019-08-19tracefs: Restrict tracefs when the kernel is locked downMatthew Garrett1-0/+1
2019-08-19debugfs: Restrict debugfs when the kernel is locked downDavid Howells1-0/+1
2019-08-19kexec: Allow kexec_file() with appropriate IMA policy when locked downMatthew Garrett3-1/+53
2019-08-19lockdown: Lock down perf when in confidentiality modeDavid Howells1-0/+1
2019-08-19bpf: Restrict bpf when kernel lockdown is in confidentiality modeDavid Howells1-0/+1
2019-08-19lockdown: Lock down tracing and perf kprobes when in confidentiality modeDavid Howells1-0/+1
2019-08-19lockdown: Lock down /proc/kcoreDavid Howells1-0/+1
2019-08-19x86/mmiotrace: Lock down the testmmiotrace moduleDavid Howells1-0/+1
2019-08-19lockdown: Lock down module params that specify hardware parameters (eg. ioport)David Howells1-0/+1
2019-08-19lockdown: Lock down TIOCSSERIALDavid Howells1-0/+1
2019-08-19lockdown: Prohibit PCMCIA CIS storage when the kernel is locked downDavid Howells1-0/+1
2019-08-19ACPI: Limit access to custom_method when the kernel is locked downMatthew Garrett1-0/+1
2019-08-19x86/msr: Restrict MSR access when the kernel is locked downMatthew Garrett1-0/+1
2019-08-19x86: Lock down IO port access when the kernel is locked downMatthew Garrett1-0/+1
2019-08-19PCI: Lock down BAR access when the kernel is locked downMatthew Garrett1-0/+1
2019-08-19hibernate: Disable when the kernel is locked downJosh Boyer1-0/+1
2019-08-19kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCEJiri Bohac2-2/+2
2019-08-19kexec_load: Disable at runtime if the kernel is locked downMatthew Garrett1-0/+1
2019-08-19lockdown: Restrict /dev/{mem,kmem,port} when the kernel is locked downMatthew Garrett1-0/+1
2019-08-19lockdown: Enforce module signatures if the kernel is locked downDavid Howells2-0/+2
2019-08-19security: Add a static lockdown policy LSMMatthew Garrett5-5/+224
2019-08-19security: Add a "locked down" LSM hookMatthew Garrett1-0/+6
2019-08-19security: Support early LSMsMatthew Garrett1-8/+42
2019-08-13KEYS: trusted: allow module init if TPM is inactive or deactivatedRoberto Sassu1-13/+0
2019-08-12fanotify, inotify, dnotify, security: add security hook for fs notificationsAaron Goidel3-2/+56
2019-08-05ima: fix freeing ongoing ahash_requestSascha Hauer1-0/+5
2019-08-05ima: always return negative code for errorSascha Hauer1-1/+4
2019-08-05ima: Store the measurement again when appraising a modsigThiago Jung Bauermann4-7/+47
2019-08-05ima: Define ima-modsig templateThiago Jung Bauermann8-6/+156
2019-08-05ima: Collect modsigThiago Jung Bauermann5-5/+60
2019-08-05ima: Implement support for module-style appended signaturesThiago Jung Bauermann8-23/+209
2019-08-05ima: Factor xattr_verify() out of ima_appraise_measurement()Thiago Jung Bauermann1-60/+81
2019-08-05ima: Add modsig appraise_type option for module-style appended signaturesThiago Jung Bauermann6-2/+62
2019-08-05integrity: Select CONFIG_KEYS instead of depending on itThiago Jung Bauermann1-1/+1
2019-08-05selinux: always return a secid from the network caches if we find onePaul Moore3-47/+38
2019-08-05selinux: policydb - rename type_val_to_struct_arrayOndrej Mosnacek3-11/+11
2019-08-05selinux: policydb - fix some checkpatch.pl warningsOndrej Mosnacek1-4/+8
2019-08-05selinux: shuffle around policydb.c to get rid of forward declarationsPaul Moore1-189/+187
2019-08-02Merge tag 'selinux-pr-20190801' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-1/+5
2019-08-01ima: initialize the "template" field with the default templateMimi Zohar1-2/+4
2019-07-31selinux: fix memory leak in policydb_init()Ondrej Mosnacek1-1/+5
2019-07-28Merge tag 'meminit-v5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds1-0/+7
2019-07-26Merge tag 'selinux-pr-20190726' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-0/+5
2019-07-25structleak: disable STRUCTLEAK_BYREF in combination with KASAN_STACKArnd Bergmann1-0/+7
2019-07-24selinux: check sidtab limit before adding a new entryOndrej Mosnacek1-0/+5
2019-07-19Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/v...Linus Torvalds4-28/+67
2019-07-18proc/sysctl: add shared variables for range checkMatteo Croce3-20/+15
2019-07-16Merge tag 'docs/v5.3-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mche...Linus Torvalds2-2/+2
2019-07-15LSM: SafeSetID: fix use of literal -1 in capable hookJann Horn1-1/+1
2019-07-15LSM: SafeSetID: verify transitive constrainednessJann Horn1-1/+37
2019-07-15LSM: SafeSetID: add read handlerJann Horn2-4/+32
2019-07-15LSM: SafeSetID: rewrite userspace API to atomic updatesJann Horn3-158/+144
2019-07-15LSM: SafeSetID: fix userns handling in securityfsJann Horn1-3/+3
2019-07-15LSM: SafeSetID: refactor policy parsingJann Horn1-51/+33
2019-07-15LSM: SafeSetID: refactor safesetid_security_capable()Jann Horn1-15/+26
2019-07-15LSM: SafeSetID: refactor policy hash tableJann Horn2-44/+37
2019-07-15LSM: SafeSetID: fix check for setresuid(new1, new2, new3)Jann Horn1-90/+35
2019-07-15LSM: SafeSetID: fix pr_warn() to include newlineJann Horn1-2/+2
2019-07-15docs: cgroup-v1: add it to the admin-guide bookMauro Carvalho Chehab1-1/+1
2019-07-15docs: x86: move two x86-specific files to x86 arch dirMauro Carvalho Chehab1-1/+1
2019-07-12Merge branch 'akpm' (patches from Andrew)Linus Torvalds1-0/+29
2019-07-12mm: security: introduce init_on_alloc=1 and init_on_free=1 boot optionsAlexander Potapenko1-0/+29
2019-07-11Merge tag 'loadpin-v5.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds1-0/+48
2019-07-11Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-nextLinus Torvalds1-1/+4
2019-07-10Revert "Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/k...Linus Torvalds22-629/+187
2019-07-09Merge tag 'docs-5.3' of git://git.lwn.net/linuxLinus Torvalds1-1/+1
2019-07-09Merge branch 'next-lsm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmor...Linus Torvalds1-3/+3
2019-07-08Merge branch 'siginfo-linus' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds1-2/+2
2019-07-08Merge branch 'for-5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cg...Linus Torvalds1-1/+1
2019-07-08Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds16-79/+378
2019-07-08Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds22-187/+629
2019-07-08Merge tag 'keys-namespace-20190627' of git://git.kernel.org/pub/scm/linux/ker...Linus Torvalds11-243/+389
2019-07-08Merge tag 'keys-request-20190626' of git://git.kernel.org/pub/scm/linux/kerne...Linus Torvalds8-106/+180
2019-07-08Merge tag 'keys-misc-20190619' of git://git.kernel.org/pub/scm/linux/kernel/g...Linus Torvalds8-78/+369
2019-07-08Merge tag 'selinux-pr-20190702' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds3-23/+31
2019-07-08Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/k...Linus Torvalds1-4/+4
2019-07-07security/commoncap: Use xattr security prefix lenCarmeli Tamir1-2/+2
2019-07-04vfs: Convert smackfs to use the new mount APIDavid Howells1-12/+22
2019-07-04vfs: Convert selinuxfs to use the new mount APIDavid Howells1-5/+15
2019-07-04vfs: Convert securityfs to use the new mount APIDavid Howells1-6/+15
2019-07-04vfs: Convert apparmorfs to use the new mount APIDavid Howells1-5/+15
2019-07-03keys: Provide KEYCTL_GRANT_PERMISSIONDavid Howells4-1/+133
2019-07-01selinux: format all invalid context as untrustedRichard Guy Briggs1-10/+19
2019-06-30integrity: Introduce struct evm_xattrThiago Jung Bauermann3-7/+14
2019-06-30ima: Update MAX_TEMPLATE_NAME_LEN to fit largest reasonable definitionThiago Jung Bauermann1-1/+7
2019-06-30IMA: Define a new template field bufPrakhar Srivastava5-1/+33
2019-06-27keys: Replace uid/gid/perm permissions checking with an ACLDavid Howells21-186/+496
2019-06-27keys: Pass the network namespace into request_key mechanismDavid Howells4-17/+36
2019-06-26keys: Network namespace domain tagDavid Howells1-1/+6
2019-06-26keys: Garbage collect keys for which the domain has been removedDavid Howells2-1/+17
2019-06-26keys: Include target namespace in match criteriaDavid Howells5-4/+39
2019-06-26keys: Move the user and user-session keyrings to the user_namespaceDavid Howells5-104/+187
2019-06-26keys: Namespace keyring namesDavid Howells2-57/+45
2019-06-26keys: Add a 'recurse' flag for keyring searchesDavid Howells8-9/+22
2019-06-26keys: Cache the hash value to avoid lots of recalculationDavid Howells3-16/+22
2019-06-26keys: Simplify key description managementDavid Howells4-49/+30
2019-06-26keys: Kill off request_key_async{,_with_auxdata}David Howells1-50/+0
2019-06-24IMA: Define a new hook to measure the kexec boot command line argumentsPrakhar Srivastava4-0/+81
2019-06-22Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller17-71/+65
2019-06-21Merge tag 'spdx-5.2-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gre...Linus Torvalds15-61/+15
2019-06-20apparmor: increase left match history buffer sizeJohn Johansen2-5/+4
2019-06-20apparmor: Switch to GFP_KERNEL where possibleSebastian Andrzej Siewior3-12/+12
2019-06-20apparmor: Use a memory pool instead per-CPU cachesSebastian Andrzej Siewior5-111/+164
2019-06-20apparmor: Force type-casting of current->real_credBharath Vedartham1-1/+1
2019-06-19IMA: support for per policy rule template formatsMatthew Garrett7-27/+76
2019-06-19keys: Cache result of request_key*() temporarily in task_structDavid Howells2-0/+55
2019-06-19keys: Provide request_key_rcu()David Howells1-0/+44
2019-06-19keys: Move the RCU locks outwards from the keyring search functionsDavid Howells6-60/+75
2019-06-19keys: Invalidate used request_key authentication keysDavid Howells2-3/+3
2019-06-19keys: Fix request_key() lack of Link perm check on found keyDavid Howells1-0/+10
2019-06-19treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500Thomas Gleixner15-61/+15
2019-06-19keys: Add capability-checking keyctl functionDavid Howells3-0/+40
2019-06-18apparmor: reset pos on failure to unpack for various functionsMike Salvatore1-8/+39
2019-06-18apparmor: enforce nullbyte at end of tag stringJann Horn1-1/+1
2019-06-18apparmor: fix PROFILE_MEDIATES for untrusted inputJohn Johansen1-1/+10
2019-06-17Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller93-484/+133
2019-06-17integrity: Fix __integrity_init_keyring() section mismatchGeert Uytterhoeven1-2/+3
2019-06-17locking/lockdep: Rename lockdep_assert_held_exclusive() -> lockdep_assert_hel...Nikolay Borisov1-4/+4
2019-06-14Smack: Restore the smackfsdef mount option and add missing prefixesCasey Schaufler1-5/+7
2019-06-14docs: cgroup-v1: convert docs to ReST and rename to *.rstMauro Carvalho Chehab1-1/+1
2019-06-14Merge tag 'v5.2-rc4' into mauroJonathan Corbet131-616/+157
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-15 03:28:17 +0000