aboutsummaryrefslogtreecommitdiffstats
path: root/security
AgeCommit message (Expand)AuthorFilesLines
2022-10-09Merge tag 'powerpc-6.1-1' of git://git.kernel.org/pub/scm/linux/kernel/git/po...Linus Torvalds1-0/+2
2022-10-06Merge tag 'pull-path' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfsLinus Torvalds4-5/+5
2022-10-06Merge tag 'pull-tomoyo' of git://git.kernel.org/pub/scm/linux/kernel/git/viro...Linus Torvalds4-10/+5
2022-10-04Merge tag 'net-next-6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/net...Linus Torvalds1-2/+0
2022-10-04Merge tag 'landlock-6.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds2-21/+21
2022-10-03Merge tag 'fs.acl.rework.prep.v6.1' of git://git.kernel.org/pub/scm/linux/ker...Linus Torvalds1-3/+14
2022-10-03Merge tag 'lsm-pr-20221003' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds5-14/+18
2022-10-03Merge tag 'selinux-pr-20221003' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds6-53/+46
2022-10-03Merge tag 'integrity-v6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds2-5/+9
2022-10-03Merge tag 'Smack-for-6.1' of https://github.com/cschaufler/smack-nextLinus Torvalds2-12/+17
2022-10-03Merge tag 'hardening-v6.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/g...Linus Torvalds3-6/+31
2022-10-03Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-nextJakub Kicinski1-2/+0
2022-09-30efi: Correct Macmini DMI match in uefi cert quirkOrlando Chamberlain1-1/+1
2022-09-29hardening: Remove Clang's enable flag for -ftrivial-auto-var-init=zeroKees Cook1-4/+10
2022-09-29landlock: Fix documentation styleMickaël Salaün1-20/+20
2022-09-29landlock: Slightly improve documentation and fix spellingMickaël Salaün1-1/+1
2022-09-28powerpc/rtas: block error injection when locked downNathan Lynch1-0/+1
2022-09-28powerpc/pseries: block untrusted device tree changes when locked downNathan Lynch1-0/+1
2022-09-27smack: cleanup obsolete mount option flagsXiu Jianfeng1-9/+0
2022-09-27smack: lsm: remove the unneeded result variableXu Panda1-3/+1
2022-09-27SMACK: Add sk_clone_security LSM hookLontke Michael1-0/+16
2022-09-21KEYS: Move KEY_LOOKUP_ to include/linux/key.h and define KEY_LOOKUP_ALLRoberto Sassu1-2/+0
2022-09-14selinux: remove the unneeded result variableXu Panda1-15/+9
2022-09-14lockdown: ratelimit denial messagesNathan Lynch1-1/+1
2022-09-07LoadPin: Require file with verity root digests to have a headerMatthias Kaehlcke2-2/+21
2022-09-07LoadPin: Fix Kconfig doc about format of file with verity digestsMatthias Kaehlcke1-1/+1
2022-09-02Merge tag 'landlock-6.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds1-23/+25
2022-09-02landlock: Fix file reparenting without explicit LANDLOCK_ACCESS_FS_REFERMickaël Salaün1-23/+25
2022-09-01->getprocattr(): attribute name is const char *, TYVM...Al Viro4-5/+5
2022-08-31Merge tag 'lsm-pr-20220829' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds4-1/+61
2022-08-31acl: move idmapping handling into posix_acl_xattr_set()Christian Brauner1-3/+14
2022-08-30selinux: declare read-only parameters constChristian Göttsche4-29/+31
2022-08-30selinux: use int arrays for boolean valuesChristian Göttsche1-5/+5
2022-08-30selinux: remove an unneeded variable in sel_make_class_dir_entries()ye xingchen1-4/+1
2022-08-26Smack: Provide read control for io_uring_cmdCasey Schaufler1-0/+32
2022-08-26selinux: implement the security_uring_cmd() LSM hookPaul Moore2-1/+25
2022-08-26lsm,io_uring: add LSM hooks for the new uring_cmd file opLuis Chamberlain1-0/+4
2022-08-23ima: fix blocking of security.ima xattrs of unsupported algorithmsMimi Zohar1-4/+8
2022-08-21tomoyo: struct path it might get from LSM callers won't have NULL dentry or mntAl Viro2-8/+3
2022-08-21tomoyo: use vsnprintf() properlyAl Viro2-2/+2
2022-08-19Merge tag 'hardening-v6.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/g...Linus Torvalds1-4/+2
2022-08-16selinux: Implement userns_create hookFrederick Lawler2-0/+11
2022-08-16security, lsm: Introduce security_create_user_ns()Frederick Lawler1-0/+5
2022-08-16LoadPin: Return EFAULT on copy_from_user() failuresKees Cook1-4/+2
2022-08-15lsm: clean up redundant NULL pointer checkXiu Jianfeng1-13/+1
2022-08-10Merge tag 'apparmor-pr-2022-08-08' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds29-338/+486
2022-08-02Merge tag 'linux-kselftest-kunit-5.20-rc1' of git://git.kernel.org/pub/scm/li...Linus Torvalds1-6/+6
2022-08-02Merge tag 'integrity-v6.0' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds1-29/+23
2022-08-02Merge tag 'safesetid-6.0' of https://github.com/micah-morton/linuxLinus Torvalds2-9/+35
2022-08-02Merge tag 'Smack-for-6.0' of https://github.com/cschaufler/smack-nextLinus Torvalds2-12/+2
2022-08-02Merge tag 'selinux-pr-20220801' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds5-13/+19
2022-08-02Merge tag 'hardening-v5.20-rc1' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds2-1/+182
2022-08-01smack: Remove the redundant lsm_inode_allocXiu Jianfeng1-7/+0
2022-08-01smack: Replace kzalloc + strncpy with kstrndupGONG, Ruiqi1-5/+2
2022-08-01Merge tag 'x86_kdump_for_v6.0_rc1' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds1-1/+1
2022-08-01Merge tag 'fs.idmapped.vfsuid.v5.20' of git://git.kernel.org/pub/scm/linux/ke...Linus Torvalds2-7/+10
2022-07-20apparmor: correct config reference to intended oneLukas Bulwahn1-1/+1
2022-07-20lockdown: Fix kexec lockdown bypass with ima policyEric Snowberg1-0/+4
2022-07-19apparmor: move ptrace mediation to more logical task.{h,c}John Johansen5-128/+133
2022-07-19apparmor: extend policydb permission set by making use of the xbitsJohn Johansen4-5/+25
2022-07-19apparmor: allow label to carry debug flagsJohn Johansen6-8/+20
2022-07-19apparmor: fix overlapping attachment computationJohn Johansen2-2/+2
2022-07-19apparmor: fix setting unconfined mode on a loaded profileJohn Johansen1-5/+7
2022-07-19apparmor: Fix some kernel-doc commentsYang Li1-6/+6
2022-07-19apparmor: Mark alloc_unconfined() as staticSouptick Joarder (HPE)1-1/+1
2022-07-15LSM: SafeSetID: Add setgroups() security policy handlingMicah Morton1-9/+30
2022-07-15security: Add LSM hook to setgroups() syscallMicah Morton1-0/+5
2022-07-14Merge tag 'integrity-v5.19-fix' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds5-9/+10
2022-07-13apparmor: disable showing the mode as part of a secid to secctxJohn Johansen3-6/+20
2022-07-13apparmor: Convert secid mapping to XArrays instead of IDRMatthew Wilcox3-32/+13
2022-07-13apparmor: add a kernel label to use on kernel objectsJohn Johansen4-13/+37
2022-07-13evm: Use IS_ENABLED to initialize .enabledXiu Jianfeng1-29/+23
2022-07-13ima: Fix potential memory leak in ima_init_crypto()Jianglei Nie1-0/+1
2022-07-13ima: force signature verification when CONFIG_KEXEC_SIG is configuredCoiby Xu1-0/+2
2022-07-09apparmor: test: Remove some casts which are no-longer requiredDavid Gow1-6/+6
2022-07-09apparmor: Fix memleak in aa_simple_write_to_buffer()Xiu Jianfeng1-1/+1
2022-07-09apparmor: fix reference count leak in aa_pivotroot()Xin Xiong1-0/+1
2022-07-09apparmor: Fix some kernel-doc commentsYang Li1-2/+1
2022-07-09apparmor: Fix undefined reference to `zlib_deflate_workspacesize'John Johansen2-31/+40
2022-07-09apparmor: fix aa_label_asxprint return checkTom Rix1-3/+3
2022-07-09apparmor: Fix some kernel-doc commentsYang Li1-4/+4
2022-07-09apparmor: Fix some kernel-doc commentsYang Li1-2/+3
2022-07-09apparmor: Fix match_mnt_path_str() and match_mnt() kernel-doc commentYang Li1-2/+2
2022-07-09apparmor: Use struct_size() helper in kmalloc()Gustavo A. R. Silva1-1/+1
2022-07-09apparmor: Fix failed mount permission check error messageJohn Johansen1-3/+4
2022-07-09security/apparmor: remove redundant ret variableMinghao Chi1-4/+1
2022-07-09apparmor: fix quiet_denied for file rulesJohn Johansen1-1/+1
2022-07-09apparmor: resolve uninitialized symbol warnings in policy_unpack_test.cMike Salvatore1-8/+8
2022-07-09apparmor: don't create raw_sha1 symlink if sha1 hashing is disabledJohn Johansen1-8/+9
2022-07-09apparmor: Enable tuning of policy paranoid load for embedded systemsJohn Johansen3-2/+15
2022-07-09apparmor: make export of raw binary profile to userspace optionalJohn Johansen7-52/+111
2022-07-09apparmor: Update help description of policy hash for introspectionJohn Johansen1-1/+4
2022-07-09lsm: Fix kernel-docYang Li1-5/+5
2022-07-09apparmor: Fix kernel-docYang Li3-4/+4
2022-07-09apparmor: fix absroot causing audited secids to begin with =John Johansen2-3/+9
2022-07-08LoadPin: Enable loading from trusted dm-verity devicesMatthias Kaehlcke2-1/+182
2022-07-07ima: Fix a potential integer overflow in ima_appraise_measurementHuaxin Lu1-1/+2
2022-07-06ima: fix violation measurement list recordMimi Zohar1-3/+3
2022-07-06apparmor: test: Remove some casts which are no-longer requiredDavid Gow1-6/+6
2022-07-01x86/kexec: Carry forward IMA measurement log on kexecJonathan McDowell1-1/+1
2022-06-29x86/retbleed: Add fine grained Kconfig knobsPeter Zijlstra1-11/+0
2022-06-26attr: port attribute changes to new typesChristian Brauner1-2/+2
2022-06-26security: pass down mount idmapping to setattr hookChristian Brauner2-5/+8
2022-06-26fs: port to iattr ownership update helpersChristian Brauner1-2/+2
2022-06-20selinux: selinux_add_opt() callers free memoryXiu Jianfeng1-7/+4
2022-06-15selinux: free contexts previously transferred in selinux_add_opt()Christian Göttsche1-7/+4
2022-06-15Revert "evm: Fix memleak in init_desc"Xiu Jianfeng1-5/+2
2022-06-14selinux: Add boundary check in put_entry()Xiu Jianfeng1-0/+2
2022-06-13selinux: fix memleak in security_read_state_kernel()Xiu Jianfeng1-1/+8
2022-06-10selinux: fix typos in commentsJonas Lindner2-3/+3
2022-06-08KEYS: trusted: tpm2: Fix migratable logicDavid Safford1-2/+2
2022-06-07selinux: drop unnecessary NULL checkChristian Göttsche1-1/+1
2022-06-07selinux: add __randomize_layout to selinux_audit_dataGONG, Ruiqi1-1/+1
2022-06-04Merge tag 'pull-18-rc1-work.mount' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds1-0/+1
2022-05-25Merge tag 'linux-kselftest-kunit-5.19-rc1' of git://git.kernel.org/pub/scm/li...Linus Torvalds1-3/+3
2022-05-24Merge tag 'integrity-v5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds16-52/+395
2022-05-24Merge tag 'tpmdd-next-v5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel...Linus Torvalds6-43/+174
2022-05-24Merge tag 'Smack-for-5.19' of https://github.com/cschaufler/smack-nextLinus Torvalds1-1/+0
2022-05-24Merge tag 'landlock-5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds14-286/+848
2022-05-24Merge tag 'selinux-pr-20220523' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds21-81/+93
2022-05-24Merge tag 'kernel-hardening-v5.19-rc1' of git://git.kernel.org/pub/scm/linux/...Linus Torvalds5-58/+115
2022-05-24lockdown: also lock down previous kgdb useDaniel Thompson1-0/+2
2022-05-23smack: Remove redundant assignmentsMichal Orzel1-1/+0
2022-05-23KEYS: trusted: Introduce support for NXP CAAM-based trusted keysAhmad Fatoum4-2/+97
2022-05-23KEYS: trusted: allow use of kernel RNG for key materialAhmad Fatoum1-1/+34
2022-05-23KEYS: trusted: allow use of TEE as backend without TCG_TPM supportAhmad Fatoum4-17/+42
2022-05-23certs: Factor out the blacklist hash creationMickaël Salaün1-24/+2
2022-05-23landlock: Add support for file reparenting with LANDLOCK_ACCESS_FS_REFERMickaël Salaün3-76/+528
2022-05-23LSM: Remove double path_rename hook calls for RENAME_EXCHANGEMickaël Salaün4-15/+46
2022-05-23landlock: Move filesystem helpers and add a new oneMickaël Salaün1-41/+46
2022-05-23landlock: Fix same-layer rule unionsMickaël Salaün2-26/+54
2022-05-23landlock: Create find_rule() from unmask_layers()Mickaël Salaün1-13/+28
2022-05-23landlock: Reduce the maximum number of layers to 16Mickaël Salaün3-11/+12
2022-05-23landlock: Define access_mask_t to enforce a consistent access mask sizeMickaël Salaün5-15/+30
2022-05-23landlock: Change landlock_restrict_self(2) check orderingMickaël Salaün1-4/+4
2022-05-23landlock: Change landlock_add_rule(2) argument check orderingMickaël Salaün1-9/+13
2022-05-23landlock: Fix landlock_add_rule(2) documentationMickaël Salaün1-4/+3
2022-05-19move mount-related externs from fs.h to mount.hAl Viro1-0/+1
2022-05-17selinux: fix bad cleanup on error in hashtab_duplicate()Ondrej Mosnacek1-1/+2
2022-05-16loadpin: stop using bdevnameChristoph Hellwig1-4/+1
2022-05-16big_keys: Use struct for internal payloadKees Cook1-37/+36
2022-05-16integrity: Fix sparse warnings in keyring_handlerStefan Berger1-3/+3
2022-05-16evm: Clean up some variablesStefan Berger2-4/+1
2022-05-16evm: Return INTEGRITY_PASS for enum integrity_status value '0'Stefan Berger1-1/+1
2022-05-15efi: Do not import certificates from UEFI Secure Boot for T2 MacsAditya Garg2-0/+41
2022-05-13security: declare member holding string literal constChristian Göttsche1-1/+1
2022-05-09landlock: Format with clang-formatMickaël Salaün10-136/+142
2022-05-09landlock: Add clang-format exceptionsMickaël Salaün2-0/+6
2022-05-08randstruct: Enable Clang supportKees Cook1-2/+12
2022-05-08randstruct: Move seed generation into scripts/basic/Kees Cook1-4/+5
2022-05-08randstruct: Reorganize Kconfigs and attribute macrosKees Cook1-0/+62
2022-05-05ima: support fs-verity file digest based version 3 signaturesMimi Zohar5-16/+177
2022-05-05ima: permit fsverity's file digests in the IMA measurement listMimi Zohar5-8/+90
2022-05-05ima: define a new template field named 'd-ngv2' and templatesMimi Zohar3-11/+73
2022-05-03selinux: log anon inode class nameChristian Göttsche2-2/+5
2022-05-03selinux: declare data arrays constChristian Göttsche9-26/+24
2022-05-03selinux: fix indentation level of mls_ops blockChristian Göttsche1-21/+21
2022-05-03selinux: include necessary headers in headersChristian Göttsche6-1/+12
2022-05-03selinux: avoid extra semicolonChristian Göttsche1-9/+9
2022-05-03selinux: update parameter documentationChristian Göttsche2-1/+2
2022-05-03selinux: resolve checkpatch errorsChristian Göttsche3-18/+9
2022-05-01ima: use IMA default hash algorithm for integrity violationsMimi Zohar1-1/+1
2022-05-01ima: fix 'd-ng' comments and documentationMimi Zohar1-3/+5
2022-04-14selinux: don't sleep when CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE is truePaul Moore2-3/+3
2022-04-13security: don't treat structure as an array of struct hlist_headBill Wendling1-5/+4
2022-04-13usercopy: Remove HARDENED_USERCOPY_PAGESPANMatthew Wilcox (Oracle)1-12/+1
2022-04-07ima: remove the IMA_TEMPLATE Kconfig optionGUO Zihua1-8/+6
2022-04-04apparmor: test: Use NULL macrosRicardo Ribalda1-3/+3
2022-04-04ima: remove redundant initialization of pointer 'file'.Colin Ian King1-1/+1
2022-04-04selinux: checkreqprot is deprecated, add some ssleep() discomfortPaul Moore3-3/+11
2022-04-04selinux: runtime disable is deprecated, add some ssleep() discomfortPaul Moore1-0/+2
2022-04-04selinux: Remove redundant assignmentsMichal Orzel3-4/+2
2022-03-31Merge tag 'hardening-v5.18-rc1-fix1' of git://git.kernel.org/pub/scm/linux/ke...Linus Torvalds1-1/+1
2022-03-28Merge tag 'ptrace-cleanups-for-v5.18' of git://git.kernel.org/pub/scm/linux/k...Linus Torvalds2-2/+0
2022-03-27Merge tag 'landlock-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds1-1/+1
2022-03-26Merge tag 'memcpy-v5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds1-2/+3
2022-03-24Merge tag 'drm-next-2022-03-24' of git://anongit.freedesktop.org/drm/drmLinus Torvalds3-16/+6
2022-03-24usercopy: Disable CONFIG_HARDENED_USERCOPY_PAGESPANKees Cook1-1/+1
2022-03-24Merge tag 'net-next-5.18' of git://git.kernel.org/pub/scm/linux/kernel/git/ne...Linus Torvalds3-20/+45
2022-03-24Merge tag 'tomoyo-pr-20220322' of git://git.osdn.net/gitroot/tomoyo/tomoyo-test1Linus Torvalds1-2/+2
2022-03-23Merge tag 'arm-drivers-5.18' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds1-14/+9
2022-03-21Merge tag 'selinux-pr-20220321' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds19-214/+223
2022-03-21Merge tag 'integrity-v5.18' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds10-58/+116
2022-03-21Merge tag 'Smack-for-5.18' of https://github.com/cschaufler/smack-nextLinus Torvalds1-1/+1
2022-03-21Merge tag 'hardening-v5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-0/+10
2022-03-21Merge tag 'for-5.18/block-2022-03-18' of git://git.kernel.dk/linux-blockLinus Torvalds1-1/+0
2022-03-21Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert...Linus Torvalds1-1/+1
2022-03-10ima: Always return a file measurement in ima_file_hash()Roberto Sassu1-13/+33
2022-03-10ima: Fix documentation-related warnings in ima_main.cRoberto Sassu1-5/+6
2022-03-10tracehook: Remove tracehook.hEric W. Biederman2-2/+0
2022-03-08integrity: Only use machine keyring when uefi_check_trust_mok_keys is trueEric Snowberg4-2/+23
2022-03-08integrity: Trust MOK keys if MokListTrustedRT foundEric Snowberg1-0/+19
2022-03-08KEYS: store reference to machine keyringEric Snowberg1-0/+2
2022-03-08integrity: add new keyring handler for mok keysEric Snowberg3-3/+23
2022-03-08integrity: Introduce a Linux keyring called machineEric Snowberg5-3/+78
2022-03-08integrity: Fix warning about missing prototypesEric Snowberg1-0/+1
2022-03-08KEYS: trusted: Avoid calling null function trusted_key_exitDave Kleikamp1-1/+1
2022-03-08KEYS: trusted: Fix trusted key backends when building as moduleAndreas Rammhold1-2/+2
2022-03-08KEYS: fix length validation in keyctl_pkey_params_get_2()Eric Biggers1-3/+11
2022-03-03net: rtnetlink: Add RTM_SETSTATSPetr Machata1-0/+1
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-15 16:50:03 +0000