aboutsummaryrefslogtreecommitdiffstats
path: root/security
AgeCommit message (Expand)AuthorFilesLines
2014-03-09KEYS: Make the keyring cycle detector ignore other keyrings of the same nameDavid Howells1-1/+5
2014-02-24Merge branch 'stable-3.14' of git://git.infradead.org/users/pcmoore/selinux i...James Morris1-4/+4
2014-02-20SELinux: bigendian problems with filename trans rulesEric Paris1-4/+4
2014-02-10Merge branch 'stable-3.14' of git://git.infradead.org/users/pcmoore/selinux i...James Morris2-0/+6
2014-02-05SELinux: Fix kernel BUG on empty security contexts.Stephen Smalley1-0/+4
2014-02-05selinux: add SOCK_DIAG_BY_FAMILY to the list of netlink message typesPaul Moore1-0/+2
2014-02-05Merge tag 'v3.13' into stable-3.14Paul Moore54-1239/+2802
2014-02-05security: select correct default LSM_MMAP_MIN_ADDR on arm on arm64Colin Cross1-1/+1
2014-01-23Merge git://git.infradead.org/users/eparis/auditLinus Torvalds2-11/+6
2014-01-21Merge branch 'for-3.14' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/c...Linus Torvalds1-4/+3
2014-01-21Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmo...Linus Torvalds11-148/+366
2014-01-13smack: call WARN_ONCE() instead of calling audit_log_start()Richard Guy Briggs1-3/+2
2014-01-13selinux: call WARN_ONCE() instead of calling audit_log_start()Richard Guy Briggs1-8/+4
2014-01-12SELinux: Fix possible NULL pointer dereference in selinux_inode_permission()Steven Rostedt2-3/+22
2014-01-08Merge branch 'master' of git://git.infradead.org/users/pcmoore/selinux into nextJames Morris1-1/+13
2014-01-07SELinux: Fix memory leak upon loading policyTetsuo Handa1-1/+13
2014-01-07Merge branch 'master' of git://git.infradead.org/users/pcmoore/selinux into nextJames Morris7-39/+164
2014-01-06Merge to v3.13-rc7 for prerequisite changes in the Xen code for TPMJames Morris29-326/+361
2014-01-03ima: remove unneeded size_limit argument from ima_eventdigest_init_common()Roberto Sassu1-8/+6
2014-01-03ima: pass HASH_ALGO__LAST as hash algo in ima_eventdigest_init()Roberto Sassu1-2/+2
2014-01-03ima: change the default hash algorithm to SHA1 in ima_eventdigest_ng_init()Roberto Sassu1-1/+1
2013-12-31Smack: File receive audit correctionCasey Schaufler1-1/+1
2013-12-31Smack: Rationalize mount restrictionsCasey Schaufler1-54/+29
2013-12-23Smack: change rule cap checkCasey Schaufler1-1/+1
2013-12-23Smack: Make the syslog control configurableCasey Schaufler3-13/+99
2013-12-23selinux: selinux_setprocattr()->ptrace_parent() needs rcu_read_lock()Oleg Nesterov1-2/+2
2013-12-23selinux: fix broken peer recv checkChad Hanson1-1/+3
2013-12-19Smack: Prevent the * and @ labels from being used in SMACK64EXECCasey Schaufler1-16/+37
2013-12-16selinux: selinux_setprocattr()->ptrace_parent() needs rcu_read_lock()Oleg Nesterov1-2/+2
2013-12-16SELinux: remove duplicated include from hooks.cWei Yongjun1-1/+0
2013-12-15Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmo...Linus Torvalds3-42/+165
2013-12-15Revert "selinux: consider filesystem subtype in policies"Linus Torvalds2-60/+22
2013-12-13selinux: revert 102aefdda4d8275ce7d7100bc16c88c74272b260Paul Moore2-60/+22
2013-12-13Merge branch 'master' of git://git.infradead.org/users/pcmoore/selinux_fixes ...James Morris3-42/+165
2013-12-12selinux: process labeled IPsec TCP SYN-ACK packets properly in selinux_ip_pos...Paul Moore1-7/+35
2013-12-12selinux: look for IPsec labels on both inbound and outbound packetsPaul Moore3-14/+47
2013-12-12selinux: handle TCP SYN-ACK packets correctly in selinux_ip_postroute()Paul Moore1-15/+53
2013-12-12selinux: handle TCP SYN-ACK packets correctly in selinux_ip_output()Paul Moore1-2/+23
2013-12-12Merge tag 'keys-devel-20131210' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds3-17/+10
2013-12-11selinux: fix broken peer recv checkChad Hanson1-1/+3
2013-12-11smack: fix: allow either entry be missing on access/access2 check (v2)Jarkko Sakkinen1-14/+15
2013-12-10selinux: process labeled IPsec TCP SYN-ACK packets properly in selinux_ip_pos...Paul Moore1-7/+35
2013-12-09selinux: look for IPsec labels on both inbound and outbound packetsPaul Moore3-14/+47
2013-12-05cgroup: replace cftype->read_seq_string() with cftype->seq_show()Tejun Heo1-4/+3
2013-12-04selinux: fix possible memory leakGeyslan G. Bem1-4/+7
2013-12-04selinux: pull address family directly from the request_sock structPaul Moore1-5/+1
2013-12-04selinux: ensure that the cached NetLabel secattr matches the desired SIDPaul Moore1-1/+30
2013-12-04selinux: handle TCP SYN-ACK packets correctly in selinux_ip_postroute()Paul Moore1-15/+53
2013-12-04selinux: handle TCP SYN-ACK packets correctly in selinux_ip_output()Paul Moore1-2/+23
2013-12-02ima: properly free ima_template_entry structuresRoberto Sassu3-5/+19
2013-12-02ima: Do not free 'entry' before it is initializedChristoph Paasch1-1/+0
2013-12-02security: shmem: implement kernel private shmem inodesEric Paris1-1/+1
2013-12-02KEYS: Fix searching of nested keyringsDavid Howells1-1/+1
2013-12-02KEYS: Fix multiple key add into associative arrayDavid Howells1-4/+3
2013-12-02KEYS: Fix the keyring hash functionDavid Howells1-4/+4
2013-12-02KEYS: Pre-clear struct key on allocationDavid Howells1-7/+1
2013-11-30ima: store address of template_fmt_copy in a pointer before calling strsepRoberto Sassu1-2/+4
2013-11-26Merge tag 'v3.12'Paul Moore33-619/+1720
2013-11-25selinux: fix possible memory leakGeyslan G. Bem1-4/+7
2013-11-25ima: make a copy of template_fmt in template_desc_init_fields()Roberto Sassu1-7/+14
2013-11-25ima: do not send field length to userspace for digest of ima templateRoberto Sassu3-5/+18
2013-11-25ima: do not include field length in template digest calc for ima templateRoberto Sassu3-6/+15
2013-11-23Revert "ima: define '_ima' as a builtin 'trusted' keyring"Linus Torvalds4-55/+1
2013-11-22Merge tag 'v3.12'Eric Paris33-619/+1720
2013-11-21Merge branch 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/jm...Linus Torvalds65-1596/+3204
2013-11-21Merge git://git.infradead.org/users/eparis/auditLinus Torvalds2-1/+4
2013-11-19SELinux: security_load_policy: Silence frame-larger-than warningTim Gardner1-22/+32
2013-11-19SELinux: Update policy version to support constraints infoRichard Haines4-10/+101
2013-11-14KEYS: Fix keyring content gc scannerDavid Howells2-51/+36
2013-11-13KEYS: Fix error handling in big_key instantiationDavid Howells1-0/+1
2013-11-13Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-nextLinus Torvalds2-9/+10
2013-11-13Merge branch 'for-3.13' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/c...Linus Torvalds1-11/+0
2013-11-08Merge tag 'v3.12'Paul Moore33-619/+1720
2013-11-06KEYS: Fix UID check in keyctl_get_persistent()David Howells1-4/+2
2013-11-05audit: suppress stock memalloc failure warnings since already managedRichard Guy Briggs1-1/+2
2013-11-05selinux: apply selinux checks on new audit message typesEric Paris1-0/+2
2013-10-31ima: define '_ima' as a builtin 'trusted' keyringMimi Zohar4-1/+55
2013-10-31ima: extend the measurement list to include the file signatureMimi Zohar8-12/+73
2013-10-31Merge branch 'keys-devel' of git://git.kernel.org/pub/scm/linux/kernel/git/dh...James Morris5-16/+25
2013-10-30KEYS: fix error return code in big_key_instantiate()Wei Yongjun1-1/+3
2013-10-30KEYS: Fix keyring quota misaccounting on key replacement and unlinkDavid Howells1-12/+15
2013-10-30KEYS: Fix a race between negating a key and reading the error setDavid Howells3-2/+6
2013-10-30KEYS: Make BIG_KEYS booleanJosh Boyer1-1/+1
2013-10-29apparmor: remove the "task" arg from may_change_ptraced_domain()Oleg Nesterov1-8/+6
2013-10-29apparmor: remove parent task info from audit loggingJohn Johansen2-7/+0
2013-10-29apparmor: remove tsk field from the apparmor_audit_structJohn Johansen1-8/+2
2013-10-29apparmor: fix capability to not use the current task, during reportingJohn Johansen6-22/+15
2013-10-30Merge branch 'smack-for-3.13' of git://git.gitorious.org/smack-next/kernel in...James Morris4-9/+34
2013-10-28Smack: Ptrace access check modeCasey Schaufler1-1/+1
2013-10-26ima: provide hash algo info in the xattrDmitry Kasatkin2-15/+59
2013-10-26ima: enable support for larger default filedata hash algorithmsMimi Zohar2-2/+59
2013-10-26ima: define kernel parameter 'ima_template=' to change configured defaultRoberto Sassu1-0/+31
2013-10-26ima: add Kconfig default measurement list templateMimi Zohar2-2/+27
2013-10-26ima: defer determining the appraisal hash algorithm for 'ima' templateRoberto Sassu1-1/+5
2013-10-26ima: add audit log support for larger hashesMimi Zohar1-1/+4
2013-10-25ima: switch to new template management mechanismRoberto Sassu5-97/+107
2013-10-25ima: define new template ima-ng and template fields d-ng and n-ngRoberto Sassu3-17/+150
2013-10-25ima: define template fields library and new helpersRoberto Sassu6-8/+242
2013-10-25ima: new templates management mechanismRoberto Sassu4-1/+146
2013-10-25ima: define new function ima_alloc_init_template() to APIRoberto Sassu3-39/+76
2013-10-25ima: pass the filename argument up to ima_add_template_entry()Roberto Sassu4-10/+13
2013-10-25ima: pass the file descriptor to ima_add_violation()Roberto Sassu3-5/+5
2013-10-25ima: ima_calc_boot_agregate must use SHA1Dmitry Kasatkin3-5/+31
2013-10-25ima: support arbitrary hash algorithms in ima_calc_buffer_hashDmitry Kasatkin2-6/+25
2013-10-25ima: provide dedicated hash algo allocation functionDmitry Kasatkin1-14/+29
2013-10-25ima: differentiate between template hash and file data hash sizesMimi Zohar6-12/+12
2013-10-25ima: use dynamically allocated hash storageDmitry Kasatkin4-30/+49
2013-10-25ima: pass full xattr with the signatureDmitry Kasatkin4-5/+7
2013-10-25ima: read and use signature hash algorithmDmitry Kasatkin6-25/+94
2013-10-25ima: provide support for arbitrary hash algorithmsDmitry Kasatkin7-32/+98
2013-10-25Revert "ima: policy for RAMFS"Mimi Zohar1-1/+0
2013-10-25ima: fix script messagesDmitry Kasatkin6-13/+13
2013-10-24device_cgroup: remove can_attachSerge Hallyn1-11/+0
2013-10-23Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller5-30/+17
2013-10-22Merge branch 'master' of git://git.infradead.org/users/pcmoore/selinux into r...James Morris16-392/+432
2013-10-18Smack: Implement lock security modeCasey Schaufler4-8/+33
2013-10-16apparmor: fix bad lock balance when introspecting policyJohn Johansen1-3/+1
2013-10-16apparmor: fix memleak of the profile hashJohn Johansen1-0/+1
2013-10-14netfilter: pass hook ops to hookfnPatrick McHardy1-5/+5
2013-10-09net: fix build errors if ipv6 is disabledEric Dumazet1-0/+2
2013-10-09ipv6: make lookups simpler and fasterEric Dumazet1-3/+2
2013-10-04selinux: remove 'flags' parameter from avc_audit()Linus Torvalds3-4/+4
2013-10-04selinux: avc_has_perm_flags has no more usersLinus Torvalds2-17/+6
2013-10-04selinux: remove 'flags' parameter from inode_has_permLinus Torvalds1-7/+6
2013-10-01Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller3-20/+21
2013-09-30net ipv4: Convert ipv4.ip_local_port_range to be per netns v3Eric W. Biederman1-1/+1
2013-09-30apparmor: fix suspicious RCU usage warning in policy.c/policy.hJohn Johansen2-2/+5
2013-09-30apparmor: Use shash crypto API interface for profile hashesTyler Hicks1-18/+16
2013-09-26selinux: correct locking in selinux_netlbl_socket_connect)Paul Moore1-4/+2
2013-09-26selinux: Use kmemdup instead of kmalloc + memcpyDuan Jiong1-2/+2
2013-09-25KEYS: initialize root uid and session keyrings earlyMimi Zohar1-0/+10
2013-09-25KEYS: Add a 'trusted' flag and a 'trusted only' flagDavid Howells2-0/+12
2013-09-24KEYS: Add per-user_namespace registers for persistent per-UID kerberos cachesDavid Howells7-0/+213
2013-09-24KEYS: Implement a big key type that can save to tmpfsDavid Howells3-0/+216
2013-09-24KEYS: Expand the capacity of a keyringDavid Howells6-742/+792
2013-09-24KEYS: Drop the permissions argument from __keyring_search_one()David Howells3-9/+5
2013-09-24KEYS: Define a __key_get() wrapper to use rather than atomic_inc()David Howells3-12/+12
2013-09-24KEYS: Search for auth-key by name rather than target key IDDavid Howells1-14/+7
2013-09-24KEYS: Introduce a search context structureDavid Howells7-158/+174
2013-09-24KEYS: Consolidate the concept of an 'index key' for key accessDavid Howells4-62/+67
2013-09-24KEYS: key_is_dead() should take a const key pointer argumentDavid Howells1-1/+1
2013-09-24KEYS: Use bool in make_key_ref() and is_key_possessed()David Howells1-2/+3
2013-09-24KEYS: Skip key state checks when checking for possessionDavid Howells4-6/+11
2013-09-24security: remove erroneous comment about capabilities.o link orderingEric Paris1-1/+0
2013-09-18Merge git://git.infradead.org/users/eparis/selinuxPaul Moore15-388/+430
2013-09-07Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebi...Linus Torvalds1-5/+5
2013-09-07Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/...Linus Torvalds28-547/+1666
2013-09-05Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-nextLinus Torvalds1-1/+6
2013-09-04Merge tag 'modules-next-for-linus' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds1-0/+2
2013-09-03Merge branch 'for-3.12' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/c...Linus Torvalds1-39/+26
2013-08-30capabilities: allow nice if we are privilegedSerge Hallyn1-4/+4
2013-08-30userns: Allow PR_CAPBSET_DROP in a user namespace.Eric W. Biederman1-1/+1
2013-08-28Revert "SELinux: do not handle seclabel as a special flag"Eric Paris2-1/+4
2013-08-28selinux: consider filesystem subtype in policiesAnand Avati2-22/+60
2013-08-23Merge branch 'smack-for-3.12' of git://git.gitorious.org/smack-next/kernel in...James Morris4-114/+150
2013-08-20module/lsm: Have apparmor module parameters work with no argsSteven Rostedt1-0/+2
2013-08-16Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller1-13/+11
2013-08-14apparmor: add the ability to report a sha1 hash of loaded policyJohn Johansen8-6/+199
2013-08-14apparmor: export set of capabilities supported by the apparmor moduleJohn Johansen4-1/+15
2013-08-14apparmor: add the profile introspection file to interfaceJohn Johansen1-0/+236
2013-08-14apparmor: add an optional profile attachment string for profilesJohn Johansen4-0/+40
2013-08-14apparmor: add interface files for profiles and namespacesJohn Johansen7-29/+436
2013-08-14apparmor: allow setting any profile into the unconfined stateJohn Johansen5-9/+22
2013-08-14apparmor: make free_profile available outside of policy.cJohn Johansen3-7/+7
2013-08-14apparmor: rework namespace free pathJohn Johansen2-35/+10
2013-08-14apparmor: update how unconfined is handledJohn Johansen3-83/+67
2013-08-14apparmor: change how profile replacement update is doneJohn Johansen6-87/+125
2013-08-14apparmor: convert profile lists to RCU based lockingJohn Johansen4-111/+167
2013-08-14apparmor: provide base for multiple profiles to be replaced at onceJohn Johansen4-146/+283
2013-08-14apparmor: add a features/policy dir to interfaceJohn Johansen1-0/+5
2013-08-14apparmor: enable users to query whether apparmor is enabledJohn Johansen1-1/+1
2013-08-14apparmor: remove minimum size check for vmalloc()Tetsuo Handa1-5/+0
2013-08-12Smack: parse multiple rules per write to load2, up to PAGE_SIZE-1 bytesRafal Krypa1-85/+82
2013-08-08cgroup: make css_for_each_descendant() and friends include the origin css in ...Tejun Heo1-1/+1
2013-08-08cgroup: make hierarchy iterators deal with cgroup_subsys_state instead of cgroupTejun Heo1-8/+3
2013-08-08cgroup: pass around cgroup_subsys_state instead of cgroup in file methodsTejun Heo1-6/+6
2013-08-08cgroup: pass around cgroup_subsys_state instead of cgroup in subsystem methodsTejun Heo1-11/+11
2013-08-08cgroup: add css_parent()Tejun Heo1-13/+5
2013-08-08cgroup: add/update accessors which obtain subsys specific data from cssTejun Heo1-1/+1
2013-08-08cgroup: s/cgroup_subsys_state/cgroup_css/ s/task_subsys_state/task_css/Tejun Heo1-2/+2
2013-08-06Smack: IPv6 casting error fix for 3.11Casey Schaufler1-13/+11
2013-08-01Smack: network label match fixCasey Schaufler3-9/+31
2013-08-01security: smack: add a hash table to quicken smk_find_entry()Tomasz Stanislawski3-9/+37
2013-08-01security: smack: fix memleak in smk_write_rules_list()Tomasz Stanislawski1-22/+11
2013-07-31net: split rt_genid for ipv4 and ipv6fan.du1-1/+6
2013-07-25Add SELinux policy capability for always checking packet and peer classes.Chris PeBenito4-6/+30
2013-07-25selinux: fix problems in netnode when BUG() is compiled outPaul Moore1-0/+2
2013-07-25SELinux: use a helper function to determine seclabelEric Paris1-14/+24
2013-07-25SELinux: pass a superblock to security_fs_useEric Paris3-15/+11
2013-07-25SELinux: do not handle seclabel as a special flagEric Paris2-4/+1
2013-07-25SELinux: change sbsec->behavior to shortEric Paris3-3/+3
2013-07-25SELinux: renumber the superblock optionsEric Paris2-4/+5
2013-07-25SELinux: do all flags twiddling in one placeEric Paris1-7/+5
2013-07-25SELinux: rename SE_SBLABELSUPP to SBLABEL_MNTEric Paris2-15/+15
2013-07-25SELinux: use define for number of bits in the mnt flags maskEric Paris1-1/+4
2013-07-25SELinux: make it harder to get the number of mnt opts wrongEric Paris1-2/+3
2013-07-25SELinux: remove crazy contortions around procEric Paris1-1/+1
2013-07-25SELinux: fix selinuxfs policy file on big endian systemsEric Paris1-2/+1
2013-07-25SELinux: Enable setting security contexts on rootfs inodes.Stephen Smalley1-0/+7
2013-07-25SELinux: Increase ebitmap_node size for 64-bit configurationWaiman Long1-1/+7
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-15 01:04:39 +0000