aboutsummaryrefslogtreecommitdiffstats
path: root/security
AgeCommit message (Expand)AuthorFilesLines
2017-07-14KEYS: DH: validate __spare fieldEric Biggers2-0/+7
2017-07-12include/linux/string.h: add the option of fortified string.h functionsDaniel Micay1-0/+7
2017-07-05Merge branch 'work.memdup_user' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-7/+5
2017-07-05Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-nextLinus Torvalds1-1/+2
2017-07-05Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/...Linus Torvalds68-2111/+8342
2017-07-03Merge tag 'docs-4.13' of git://git.lwn.net/linuxLinus Torvalds8-8/+9
2017-07-03Merge branch 'sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/ker...Linus Torvalds1-0/+1
2017-07-03Merge tag 'uuid-for-4.13' of git://git.infradead.org/users/hch/uuidLinus Torvalds2-8/+6
2017-06-30ima_write_policy(): don't open-code memdup_user_nul()Al Viro1-9/+4
2017-06-28apparmor: put back designators in struct initialisersStephen Rothwell1-2/+2
2017-06-23Merge branch 'stable-4.13' of git://git.infradead.org/users/pcmoore/selinux i...James Morris17-108/+821
2017-06-21Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller1-3/+2
2017-06-21ima: Log the same audit cause whenever a file has no signatureThiago Jung Bauermann1-1/+2
2017-06-21ima: Simplify policy_func_show.Thiago Jung Bauermann2-62/+21
2017-06-21integrity: Small code improvementsThiago Jung Bauermann6-9/+11
2017-06-21ima: fix get_binary_runtime_size()Roberto Sassu1-1/+1
2017-06-21ima: use ima_parse_buf() to parse template dataRoberto Sassu1-31/+13
2017-06-21ima: use ima_parse_buf() to parse measurements headersRoberto Sassu1-52/+28
2017-06-21ima: introduce ima_parse_buf()Roberto Sassu2-0/+67
2017-06-21ima: Add cgroups2 to the defaults listLaura Abbott1-0/+3
2017-06-21ima: use memdup_user_nulGeliang Tang1-9/+4
2017-06-21ima: fix up #endif commentsTycho Andersen1-2/+2
2017-06-21IMA: Correct Kconfig dependencies for hash selectionBen Hutchings1-4/+4
2017-06-21ima: define is_ima_appraise_enabled()Mimi Zohar1-0/+10
2017-06-21ima: define Kconfig IMA_APPRAISE_BOOTPARAM optionMimi Zohar2-0/+10
2017-06-21ima: define a set of appraisal rules requiring file signaturesMimi Zohar1-1/+25
2017-06-21ima: extend the "ima_policy" boot command line to support multiple policiesMimi Zohar1-5/+10
2017-06-21rtnetlink: add NEWCACHEREPORT message typeJulien Gomes1-1/+2
2017-06-21Merge branch 'smack-for-4.13' of git://github.com/cschaufler/smack-next into ...James Morris4-18/+31
2017-06-20selinux: enable genfscon labeling for tracefsJeff Vander Stoep1-0/+1
2017-06-20sched/wait: Split out the wait_bit*() APIs from <linux/wait.h> into <linux/wa...Ingo Molnar1-0/+1
2017-06-13selinux: fix double free in selinux_parse_opts_str()Paul Moore1-3/+2
2017-06-10apparmor: export that basic profile namespaces are supportedJohn Johansen1-0/+7
2017-06-10apparmor: add stacked domain labels interfaceJohn Johansen2-0/+8
2017-06-10apparmor: add domain label stacking info to apparmorfsJohn Johansen3-0/+39
2017-06-10apparmor: move change_profile mediation to using labelsJohn Johansen1-68/+123
2017-06-10apparmor: move change_hat mediation to using labelsJohn Johansen1-102/+201
2017-06-10apparmor: move exec domain mediation to using labelsJohn Johansen2-259/+678
2017-06-10apparmor: support v7 transition format compatible with label_parseJohn Johansen2-7/+15
2017-06-10apparmor: mediate files when they are receivedJohn Johansen2-0/+7
2017-06-10apparmor: rework file permission to cache file access in file->ctxJohn Johansen1-6/+76
2017-06-10apparmor: move path_link mediation to using labelsJohn Johansen3-47/+59
2017-06-10apparmor: refactor path name lookup and permission checks around labelsJohn Johansen3-45/+85
2017-06-10apparmor: update aa_audit_file() to use labelsJohn Johansen3-9/+18
2017-06-10apparmor: move aa_file_perm() to use labelsJohn Johansen3-37/+64
2017-06-10apparmor: allow ptrace checks to be finer grained than just capabilityJohn Johansen3-0/+68
2017-06-10apparmor: move ptrace checks to using labelsJohn Johansen5-80/+58
2017-06-10apparmor: add cross check permission helper macrosJohn Johansen1-1/+41
2017-06-10apparmor: move resource checks to using labelsJohn Johansen3-42/+80
2017-06-10apparmor: move capability checks to using labelsJohn Johansen5-29/+58
2017-06-10apparmor: update query interface to support label queriesJohn Johansen1-7/+39
2017-06-10apparmor: switch getprocattr to using label_print fns()John Johansen3-37/+27
2017-06-10apparmor: switch from profiles to using labels on contextsJohn Johansen20-529/+686
2017-06-10apparmor: add the base fns() for domain labelsJohn Johansen2-0/+2561
2017-06-10apparmor: revalidate files during execJohn Johansen4-0/+81
2017-06-10apparmor: cleanup rename XXX_file_context() to XXX_file_ctx()John Johansen2-11/+16
2017-06-10apparmor: convert aa_change_XXX bool parameters to flagsJohn Johansen5-32/+29
2017-06-10apparmor: cleanup remove unused and not fully implemented profile renameJohn Johansen1-37/+2
2017-06-10apparmor: refactor updating profiles to the newest parentJohn Johansen1-4/+31
2017-06-10apparmor: share profile name on replacementJohn Johansen3-9/+72
2017-06-10apparmor: convert to profile block critical sectionsJohn Johansen8-56/+162
2017-06-10apparmor: move bprm_committing_creds/committed_creds to lsm.cJohn Johansen3-32/+30
2017-06-10apparmor: fix display of ns nameJohn Johansen1-1/+1
2017-06-10apparmor: fix apparmor_query dataJohn Johansen1-2/+6
2017-06-10apparmor: fix policy load/remove semanticsJohn Johansen2-15/+13
2017-06-10apparmor: add namespace lookup fns()John Johansen3-4/+73
2017-06-10apparmor: cleanup __find_child()John Johansen1-8/+8
2017-06-10apparmor: provide information about path buffer size at bootJohn Johansen1-2/+9
2017-06-10apparmor: add profile permission query abilityJohn Johansen1-1/+102
2017-06-10apparmor: switch from file_perms to aa_permsJohn Johansen5-48/+29
2017-06-10apparmor: add gerneric permissions struct and support fnsJohn Johansen4-17/+153
2017-06-10apparmor: add fn to test if profile supports a given mediation classJohn Johansen1-0/+10
2017-06-10apparmor: speed up transactional queriesJohn Johansen1-11/+114
2017-06-10apparmor: add label data availability to the feature setJohn Johansen1-0/+10
2017-06-10apparmor: add mkdir/rmdir interface to manage policy namespacesJohn Johansen1-1/+94
2017-06-10apparmor: add policy revision file interfaceJohn Johansen4-1/+116
2017-06-10apparmor: provide finer control over policy managementJohn Johansen3-23/+35
2017-06-09security/selinux: allow security_sb_clone_mnt_opts to enable/disable native l...Scott Mayhew2-4/+38
2017-06-09selinux: use kmem_cache for ebitmapJunil Lee3-6/+27
2017-06-09apparmor: rework perm mapping to a slightly broader setJohn Johansen5-53/+133
2017-06-09KEYS: fix refcount_inc() on zeroMark Rutland1-7/+4
2017-06-09KEYS: Convert KEYCTL_DH_COMPUTE to use the crypto KPP APIMat Martineau2-103/+171
2017-06-09KEYS: DH: ensure the KDF counter is properly alignedEric Biggers1-13/+3
2017-06-09KEYS: DH: don't feed uninitialized "otherinfo" into KDFEric Biggers1-1/+1
2017-06-09KEYS: DH: forbid using digest_null as the KDF hashEric Biggers1-1/+11
2017-06-09KEYS: sanitize key structs before freeingEric Biggers1-3/+1
2017-06-09KEYS: trusted: sanitize all key materialEric Biggers1-28/+22
2017-06-09KEYS: encrypted: sanitize all key materialEric Biggers1-18/+13
2017-06-09KEYS: user_defined: sanitize key payloadsEric Biggers1-4/+12
2017-06-09KEYS: sanitize add_key() and keyctl() key payloadsEric Biggers1-3/+9
2017-06-09KEYS: fix freeing uninitialized memory in key_update()Eric Biggers1-3/+2
2017-06-09KEYS: fix dereferencing NULL payload with nonzero lengthEric Biggers1-2/+2
2017-06-09KEYS: encrypted: use constant-time HMAC comparisonEric Biggers1-2/+3
2017-06-09KEYS: encrypted: fix race causing incorrect HMAC calculationsEric Biggers1-83/+32
2017-06-09KEYS: encrypted: fix buffer overread in valid_master_desc()Eric Biggers1-16/+15
2017-06-09KEYS: encrypted: avoid encrypting/decrypting stack buffersEric Biggers1-8/+9
2017-06-09KEYS: put keyring if install_session_keyring_to_cred() failsEric Biggers1-3/+4
2017-06-09KEYS: Delete an error message for a failed memory allocation in get_derived_k...Markus Elfring1-3/+2
2017-06-09security: use READ_ONCE instead of deprecated ACCESS_ONCEDavidlohr Bueso1-6/+6
2017-06-09security/keys: add CONFIG_KEYS_COMPAT to KconfigBilal Amarni1-0/+4
2017-06-08apparmor: move permissions into their own file to be more easily sharedJohn Johansen4-19/+43
2017-06-08apparmor: convert from securityfs to apparmorfs for policy ns filesJohn Johansen1-26/+37
2017-06-08apparmor: allow specifying an already created dir to create ns entries inJohn Johansen3-7/+8
2017-06-08apparmor: rename apparmor file fns and data to indicate useJohn Johansen9-127/+172
2017-06-08apparmor: add custom apparmorfs that will be used by policy namespace filesJohn Johansen1-17/+336
2017-06-08apparmor: use macro template to simplify namespace seq_filesJohn Johansen1-29/+24
2017-06-08apparmor: use macro template to simplify profile seq_filesJohn Johansen1-61/+36
2017-06-08apparmor: move to per loaddata files, instead of replicating in profilesJohn Johansen7-69/+409
2017-06-08securityfs: add the ability to support symlinksJohn Johansen1-21/+123
2017-06-08apparmor: Move path lookup to using preallocated buffersJohn Johansen4-86/+53
2017-06-08apparmor: allow profiles to provide info to disconnected pathsJohn Johansen6-17/+34
2017-06-08apparmor: make internal lib fn skipn_spaces available to the rest of apparmorJohn Johansen2-1/+2
2017-06-08apparmor: move file context into file.hJohn Johansen2-32/+32
2017-06-08security/apparmor: Use POSIX-compatible "printf '%s'"Thomas Schneider1-2/+2
2017-06-08apparmor: Fix error cod in __aa_fs_profile_mkdir()Dan Carpenter1-2/+4
2017-06-08apparmorfs: Use seq_putc() in two functionsMarkus Elfring1-2/+2
2017-06-08apparmorfs: Combine two function calls into one in aa_fs_seq_raw_abi_show()Markus Elfring1-4/+3
2017-06-05fs: switch ->s_uuid to uuid_tChristoph Hellwig2-2/+2
2017-06-05ima/policy: switch to use uuid_tChristoph Hellwig1-6/+5
2017-06-05block: remove blk_part_pack_uuidChristoph Hellwig1-2/+1
2017-06-02selinux: use pernet operations for hook registrationFlorian Westphal1-4/+20
2017-06-01Smack: Use cap_capable in privilege checkCasey Schaufler2-9/+12
2017-06-01Smack: Safer check for a socket in file_receiveCasey Schaufler1-1/+1
2017-06-01smack: use pernet operations for hook registrationFlorian Westphal1-8/+18
2017-05-25sel_write_validatetrans(): don't open-code memdup_user_nul()Al Viro1-7/+5
2017-05-23selinux: Add a cache for quicker retreival of PKey SIDsDaniel Jurgens5-3/+288
2017-05-23selinux: Add IB Port SMP access vectorDaniel Jurgens5-0/+75
2017-05-23selinux: Implement Infiniband PKey "Access" access vectorDaniel Jurgens5-0/+77
2017-05-23selinux: Allocate and free infiniband security hooksDaniel Jurgens2-1/+29
2017-05-23selinux: Create policydb version for Infiniband supportDaniel Jurgens3-24/+118
2017-05-23IB/core: Enforce security on management datagramsDaniel Jurgens1-0/+6
2017-05-23selinux lsm IB/core: Implement LSM notification systemDaniel Jurgens3-0/+33
2017-05-23IB/core: Enforce PKey security on QPsDaniel Jurgens2-0/+31
2017-05-23selinux: Remove redundant check for unknown labeling behaviorMatthias Kaehlcke1-16/+0
2017-05-23selinux: log policy capability state when a policy is loadedStephen Smalley3-11/+27
2017-05-23selinux: do not check open permission on socketsStephen Smalley1-3/+7
2017-05-23selinux: add a map permission check for mmapStephen Smalley2-1/+13
2017-05-23selinux: only invoke capabilities and selinux for CAP_MAC_ADMIN checksStephen Smalley1-8/+15
2017-05-23selinux: Return an error code only as a constant in sidtab_insert()Markus Elfring1-17/+10
2017-05-23selinux: Return directly after a failed memory allocation in policydb_index()Markus Elfring1-10/+5
2017-05-23selinux: Use task_alloc hook rather than task_create hookTetsuo Handa1-2/+3
2017-05-22Sync to mainline for security submaintainers to work againstJames Morris15-106/+63
2017-05-18doc: ReSTify keys-trusted-encrypted.txtKees Cook3-3/+3
2017-05-18doc: ReSTify keys-request-key.txtKees Cook2-2/+2
2017-05-18doc: ReSTify Yama.txtKees Cook1-1/+2
2017-05-18doc: ReSTify apparmor.txtKees Cook2-2/+2
2017-05-15security: Grammar s/allocates/allocated/Geert Uytterhoeven1-1/+1
2017-05-15LSM: Enable multiple calls to security_add_hooks() for the same LSMMickaël Salaün1-0/+19
2017-05-09Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/vir...Linus Torvalds3-4/+4
2017-05-08apparmorfs: replace CURRENT_TIME with current_time()Deepa Dinamani1-1/+1
2017-05-08treewide: use kv[mz]alloc* rather than opencoded variantsMichal Hocko1-16/+6
2017-05-08mm: introduce kv[mz]alloc helpersMichal Hocko5-44/+3
2017-05-03Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/...Linus Torvalds41-590/+851
2017-05-02Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-nextLinus Torvalds1-0/+1
2017-05-02Merge tag 'docs-4.12' of git://git.lwn.net/linuxLinus Torvalds1-4/+8
2017-05-01Merge branch 'work.uaccess' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds2-10/+1
2017-04-26fs: constify tree_descr arrays passed to simple_fill_super()Eric Biggers3-4/+4
2017-04-26HAVE_ARCH_HARDENED_USERCOPY is unconditional nowAl Viro1-9/+0
2017-04-21Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller3-27/+39
2017-04-19Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/li...James Morris2-34/+94
2017-04-19Merge branch 'smack-for-4.12' of git://github.com/cschaufler/smack-next into ...James Morris2-4/+2
2017-04-19Merge branch 'stable-4.12' of git://git.infradead.org/users/pcmoore/selinux i...James Morris8-60/+57
2017-04-18KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyringsEric Biggers2-24/+31
2017-04-18KEYS: Change the name of the dead type to ".dead" to prevent user accessDavid Howells1-1/+1
2017-04-18KEYS: Disallow keyrings beginning with '.' to be joined as session keyringsDavid Howells1-2/+7
2017-04-18Merge tag 'keys-next-20170412' of git://git.kernel.org/pub/scm/linux/kernel/g...James Morris12-49/+568
2017-04-11keys: select CONFIG_CRYPTO when selecting DH / KDFStephan Müller1-0/+1
2017-04-07apparmor: Make path_max parameter readonlyJohn Johansen1-1/+1
2017-04-07apparmor: fix parameters so that the permission test is bypassed at bootJohn Johansen2-26/+23
2017-04-07apparmor: fix invalid reference to index variable of iterator line 836John Johansen1-2/+4
2017-04-07apparmor: use SHASH_DESC_ON_STACKNicolas Iooss1-19/+13
2017-04-07security/apparmor/lsm.c: set debug messagesValentin Rothberg1-1/+1
2017-04-07apparmor: fix boolreturn.cocci warningskbuild test robot1-2/+2
2017-04-04Smack: Use GFP_KERNEL for smk_netlbl_mls().Tetsuo Handa1-1/+1
2017-04-04smack: fix double free in smack_parse_opts_str()Tetsuo Handa1-3/+1
2017-04-04KEYS: add SP800-56A KDF support for DHStephan Mueller7-18/+275
2017-04-04KEYS: Add KEYCTL_RESTRICT_KEYRINGMat Martineau4-0/+170
2017-04-04KEYS: Consistent ordering for __key_link_begin and restrict checkMat Martineau1-11/+13
2017-04-04KEYS: Use structure to capture key restriction function and dataMat Martineau6-16/+108
2017-04-03KEYS: Split role of the keyring pointer for keyring restrict functionsMat Martineau2-4/+7
2017-04-03KEYS: Use a typedef for restrict_link function pointersMat Martineau2-9/+3
2017-04-03security, keys: convert key_user.usage from atomic_t to refcount_tElena Reshetova4-6/+7
2017-04-03security, keys: convert key.usage from atomic_t to refcount_tElena Reshetova5-10/+10
2017-04-02kernel-api.rst: fix a series of errors when parsing C filesmchehab@s-opensource.com1-4/+8
2017-03-31selinux: Fix an uninitialized variable bugDan Carpenter1-1/+1
2017-03-30TOMOYO: Use designated initializersKees Cook2-16/+16
2017-03-29selinux: Remove unnecessary check of array base in selinux_set_mapping()Matthias Kaehlcke1-1/+1
2017-03-29selinuxfs: Use seq_puts() in sel_avc_stats_seq_show()Markus Elfring1-4/+4
2017-03-29selinux: Adjust two checks for null pointersMarkus Elfring1-2/+2
2017-03-29selinux: Use kmalloc_array() in sidtab_init()Markus Elfring1-1/+1
2017-03-29selinux: Return directly after a failed kzalloc() in roles_init()Markus Elfring1-2/+1
2017-03-29selinux: Return directly after a failed kzalloc() in perm_read()Markus Elfring1-2/+1
2017-03-29selinux: Return directly after a failed kzalloc() in common_read()Markus Elfring1-2/+1
2017-03-29selinux: Return directly after a failed kzalloc() in class_read()Markus Elfring1-2/+1
2017-03-29selinux: Return directly after a failed kzalloc() in role_read()Markus Elfring1-2/+1
2017-03-29selinux: Return directly after a failed kzalloc() in type_read()Markus Elfring1-2/+1
2017-03-29selinux: Return directly after a failed kzalloc() in user_read()Markus Elfring1-2/+1
2017-03-29selinux: Improve another size determination in sens_read()Markus Elfring1-1/+1
2017-03-29selinux: Return directly after a failed kzalloc() in sens_read()Markus Elfring1-2/+1
2017-03-29selinux: Return directly after a failed kzalloc() in cat_read()Markus Elfring1-2/+1
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-15 00:03:15 +0000