aboutsummaryrefslogtreecommitdiffstats
path: root/security
AgeCommit message (Expand)AuthorFilesLines
2021-10-21Merge branch 'ucount-fixes-for-v5.15' of git://git.kernel.org/pub/scm/linux/k...Linus Torvalds1-0/+8
2021-10-20ucounts: Move get_ucounts from cred_alloc_blank to key_change_session_keyringEric W. Biederman1-0/+8
2021-10-07Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/David S. Miller1-1/+3
2021-09-23selinux,smack: fix subjective/objective credential use mixupsPaul Moore2-4/+4
2021-09-14include/uapi/linux/xfrm.h: Fix XFRM_MSG_MAPPING ABI breakageEugene Syromiatnikov1-1/+3
2021-09-03Merge tag 'kbuild-v5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/mas...Linus Torvalds1-11/+0
2021-09-03Merge branch 'akpm' (patches from Andrew)Linus Torvalds1-4/+9
2021-09-03mm/pagemap: add mmap_assert_locked() annotations to find_vma*()Luigi Rizzo1-4/+9
2021-09-03security: remove unneeded subdir-$(CONFIG_...)Masahiro Yamada1-11/+0
2021-09-02Merge tag 'integrity-v5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds11-67/+320
2021-09-02Merge tag 'hardening-v5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-20/+51
2021-08-31Merge tag 'net-next-5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/ne...Linus Torvalds2-2/+6
2021-08-31Merge tag 'for-5.15/dm-changes' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-0/+1
2021-08-31Merge tag 'Smack-for-5.15' of git://github.com/cschaufler/smack-nextLinus Torvalds3-11/+10
2021-08-31Merge tag 'selinux-pr-20210830' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds2-0/+6
2021-08-30Merge tag 'efi-core-2021-08-30' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-1/+1
2021-08-27efi: Don't use knowledge about efi_guid_t internalsAndy Shevchenko1-1/+1
2021-08-23IMA: reject unknown hash algorithms in ima_get_hash_algoTHOBY Simon1-1/+2
2021-08-16IMA: prevent SETXATTR_CHECK policy rules with unavailable algorithmsTHOBY Simon1-0/+6
2021-08-16IMA: introduce a new policy option func=SETXATTR_CHECKTHOBY Simon4-17/+96
2021-08-16IMA: add a policy option to restrict xattr hash algorithms on appraisalTHOBY Simon1-4/+70
2021-08-16IMA: add support to restrict the hash algorithms used for file appraisalTHOBY Simon5-12/+41
2021-08-16IMA: block writes of the security.ima xattr with unsupported algorithmsTHOBY Simon2-4/+47
2021-08-16IMA: remove the dependency on CRYPTO_MD5THOBY Simon1-1/+0
2021-08-13Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski1-1/+2
2021-08-10dm ima: measure data on table loadTushar Sugandhi1-0/+1
2021-08-10bpf: Add lockdown check for probe_write_user helperDaniel Borkmann1-0/+1
2021-08-09bpf: Add _kernel suffix to internal lockdown_bpf_readDaniel Borkmann1-1/+1
2021-08-05Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski1-6/+4
2021-08-05Merge tag 'selinux-pr-20210805' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-6/+4
2021-08-02selinux: correct the return value when loads initial sidsXiu Jianfeng1-6/+4
2021-07-29mctp: Add MCTP baseJeremy Kerr2-2/+6
2021-07-23ima: Add digest and digest_len params to the functions to measure a bufferRoberto Sassu7-17/+36
2021-07-23ima: Return int in the functions to measure a bufferRoberto Sassu2-22/+28
2021-07-23ima: Introduce ima_get_current_hash_algo()Roberto Sassu1-1/+6
2021-07-23IMA: remove -Wmissing-prototypes warningAustin Kim1-1/+1
2021-07-20hardening: Clarify Kconfig text for auto-var-initKees Cook1-20/+32
2021-07-20hardening: Introduce CONFIG_ZERO_CALL_USED_REGSKees Cook1-0/+19
2021-07-20smack: mark 'smack_enabled' global variable as __initdataAustin Kim2-2/+2
2021-07-20Smack: Fix wrong semantics in smk_access_entry()Tianjia Zhang1-9/+8
2021-07-14selinux: return early for possible NULL audit buffersAustin Kim2-0/+6
2021-07-02Merge tag 'asm-generic-unaligned-5.14' of git://git.kernel.org/pub/scm/linux/...Linus Torvalds1-1/+1
2021-06-30Merge tag 'safesetid-5.14' of git://github.com/micah-morton/linuxLinus Torvalds2-2/+2
2021-06-30Merge tag 'Smack-for-5.14' of git://github.com/cschaufler/smack-nextLinus Torvalds2-5/+9
2021-06-30Merge tag 'audit-pr-20210629' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds1-1/+0
2021-06-30Merge tag 'selinux-pr-20210629' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds11-109/+81
2021-06-28Merge tag 'integrity-v5.14' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds18-75/+730
2021-06-21evm: Check xattr size discrepancy between kernel and userRoberto Sassu1-1/+7
2021-06-20evm: output EVM digest calculation infoMimi Zohar2-0/+47
2021-06-16tomoyo: fix doc warningsChenXiaoSong4-9/+9
2021-06-11audit: remove unnecessary 'ret' initializationAustin Kim1-1/+0
2021-06-11selinux: kill 'flags' argument in avc_has_perm_flags() and avc_audit()Al Viro3-31/+5
2021-06-11selinux: slow_avc_audit has become non-blockingAl Viro3-35/+10
2021-06-11selinux: Fix kernel-docYang Li1-1/+22
2021-06-11IMA: support for duplicate measurement recordsTushar Sugandhi2-2/+10
2021-06-11ima: Fix warning: no previous prototype for function 'ima_add_kexec_buffer'Lakshmi Ramasubramanian1-0/+1
2021-06-10selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVCMinchan Kim1-6/+7
2021-06-10ima: differentiate between EVM failures in the audit logMimi Zohar1-1/+2
2021-06-10LSM: SafeSetID: Mark safesetid_initialized as __initdataAustin Kim2-2/+2
2021-06-08ima: Fix fall-through warning for ClangGustavo A. R. Silva1-0/+1
2021-06-08ima: Pass NULL instead of 0 to ima_get_action() in ima_file_mprotect()Roberto Sassu1-1/+1
2021-06-08ima: Include header defining ima_post_key_create_or_update()Roberto Sassu1-0/+1
2021-06-08ima/evm: Fix type mismatchRoberto Sassu4-11/+12
2021-06-08ima: Set correct casting typesRoberto Sassu2-9/+10
2021-06-08Smack: fix doc warningChenXiaoSong1-1/+4
2021-06-03evm: Don't return an error in evm_write_xattrs() if audit is not enabledRoberto Sassu1-1/+1
2021-06-03ima: Define new template evm-sigRoberto Sassu1-1/+4
2021-06-02ima: Define new template fields xattrnames, xattrlengths and xattrvaluesRoberto Sassu4-0/+148
2021-06-01evm: Verify portable signatures against all protected xattrsRoberto Sassu4-12/+68
2021-06-01ima: Define new template field imodeRoberto Sassu3-0/+26
2021-06-01ima: Define new template fields iuid and igidRoberto Sassu3-0/+53
2021-06-01ima: Add ima_show_template_uint() template library functionRoberto Sassu2-1/+39
2021-06-01ima: Don't remove security.ima if file must not be appraisedRoberto Sassu1-2/+0
2021-06-01ima: Introduce template field evmsig and write to field sig as fallbackRoberto Sassu3-1/+36
2021-06-01ima: Allow imasig requirement to be satisfied by EVM portable signaturesRoberto Sassu1-7/+17
2021-06-01evm: Allow setxattr() and setattr() for unmodified metadataRoberto Sassu1-1/+112
2021-05-21evm: Pass user namespace to set/remove xattr hooksRoberto Sassu2-8/+13
2021-05-21evm: Allow xattr/attr operations for portable signaturesRoberto Sassu2-6/+29
2021-05-21evm: Introduce evm_hmac_disabled() to safely ignore verification errorsRoberto Sassu1-1/+38
2021-05-21evm: Introduce evm_revalidate_status()Roberto Sassu2-9/+46
2021-05-21evm: Refuse EVM_ALLOW_METADATA_WRITES only if an HMAC key is loadedRoberto Sassu1-4/+4
2021-05-21evm: Load EVM key in ima_load_x509() to avoid appraisalRoberto Sassu2-1/+7
2021-05-21evm: Execute evm_inode_init_security() only when an HMAC key is loadedRoberto Sassu1-2/+3
2021-05-20evm: fix writing <securityfs>/evm overflowMimi Zohar1-2/+3
2021-05-18Revert "Smack: Handle io_uring kernel thread privileges"Jens Axboe1-3/+2
2021-05-17apparmor: use get_unaligned() only for multi-byte wordsArnd Bergmann1-1/+1
2021-05-14lsm_audit,selinux: pass IB device name by referenceOndrej Mosnacek1-1/+1
2021-05-12trusted-keys: match tpm_get_ops on all return pathsBen Boeckel1-3/+3
2021-05-12KEYS: trusted: Fix memory leak on object tdColin Ian King1-3/+5
2021-05-10selinux: Remove redundant assignment to rcJiapeng Chong2-5/+0
2021-05-10selinux: Corrected comment to match kernel-doc commentSouptick Joarder1-1/+1
2021-05-10selinux: delete selinux_xfrm_policy_lookup() useless argumentZhongjun Tan3-4/+4
2021-05-10selinux: constify some avtab function argumentsOndrej Mosnacek3-21/+26
2021-05-10selinux: simplify duplicate_policydb_cond_list() by using kmemdup()Ondrej Mosnacek1-5/+6
2021-05-10smackfs: restrict bytes count in smk_set_cipso()Tetsuo Handa1-0/+2
2021-05-10security/smack/: fix misspellings using codespell toolXiong Zhenwu1-1/+1
2021-05-05Merge tag 'safesetid-5.13' of git://github.com/micah-morton/linuxLinus Torvalds1-3/+0
2021-05-02Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/vir...Linus Torvalds1-2/+2
2021-05-01Merge tag 'landlock_v34' of git://git.kernel.org/pub/scm/linux/kernel/git/jmo...Linus Torvalds25-75/+2468
2021-05-01Merge tag 'integrity-v5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds5-4/+15
2021-04-29Merge tag 'net-next-5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/ne...Linus Torvalds1-1/+4
2021-04-28Merge tag 'devicetree-for-5.13' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds2-10/+3
2021-04-27Merge tag 'fixes-v5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/jmor...Linus Torvalds1-18/+34
2021-04-27Merge tag 'selinux-pr-20210426' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds14-73/+303
2021-04-26LSM: SafeSetID: Fix code specification by scripts/checkpatch.plYanwei Gao1-3/+0
2021-04-26Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert...Linus Torvalds1-16/+14
2021-04-26Merge tag 'keys-cve-2020-26541-v3' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds2-2/+29
2021-04-26Merge tag 'queue' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/tpmddLinus Torvalds2-13/+16
2021-04-26Merge tag 'tpmdd-next-v5.13' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds7-327/+1038
2021-04-22landlock: Enable user space to infer supported featuresMickaël Salaün1-4/+13
2021-04-22landlock: Add syscall implementationsMickaël Salaün2-1/+443
2021-04-22fs,security: Add sb_delete hookMickaël Salaün1-0/+5
2021-04-22landlock: Support filesystem access-controlMickaël Salaün8-2/+781
2021-04-22LSM: Infrastructure management of the superblockCasey Schaufler6-70/+84
2021-04-22landlock: Add ptrace restrictionsMickaël Salaün4-1/+137
2021-04-22landlock: Set up the security framework and manage credentialsMickaël Salaün7-6/+178
2021-04-22landlock: Add ruleset and domain managementMickaël Salaün4-1/+652
2021-04-22landlock: Add object managementMickaël Salaün6-0/+185
2021-04-21selinux: add proper NULL termination to the secclass_map permissionsPaul Moore1-2/+3
2021-04-21KEYS: trusted: fix TPM trusted keys for generic frameworkJames Bottomley2-13/+16
2021-04-21KEYS: trusted: Fix TPM reservation for seal/unsealJames Bottomley1-1/+1
2021-04-20ima: Fix fall-through warnings for ClangGustavo A. R. Silva2-0/+3
2021-04-17Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski1-2/+2
2021-04-16kasan: remove redundant config optionWalter Wu1-2/+2
2021-04-15security: commoncap: clean up kernel-doc commentsRandy Dunlap1-17/+33
2021-04-14KEYS: trusted: Fix missing null return from kzalloc callColin Ian King1-2/+4
2021-04-14KEYS: trusted: Introduce TEE based Trusted KeysSumit Garg3-0/+324
2021-04-14KEYS: trusted: Add generic trusted keys frameworkSumit Garg3-297/+424
2021-04-14security: keys: trusted: Make sealed key properly interoperableJames Bottomley1-15/+38
2021-04-14security: keys: trusted: use ASN.1 TPM2 key format for the blobsJames Bottomley5-8/+221
2021-04-14security: keys: trusted: fix TPM2 authorizationsJames Bottomley2-10/+32
2021-04-09Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski8-113/+194
2021-04-09Merge tag 'selinux-pr-20210409' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds6-112/+185
2021-04-09integrity: Add declarations to init_once void arguments.Jiele Zhao1-1/+1
2021-04-09ima: Fix function name error in comment.Jiele Zhao1-1/+1
2021-04-09ima: enable loading of build time generated key on .ima keyringNayna Jain1-0/+2
2021-04-07selinux: fix race between old and new sidtabOndrej Mosnacek3-37/+145
2021-04-02selinux: fix cond_list corruption when changing booleansOndrej Mosnacek3-69/+33
2021-04-02selinux: make nslot handling in avtab more robustOndrej Mosnacek1-10/+11
2021-03-28tomoyo: don't special case PF_IO_WORKER for PF_KTHREADJens Axboe1-1/+1
2021-03-26ima: Support EC keys for signature verificationStefan Berger1-16/+14
2021-03-25Merge tag 'integrity-v5.12-fix' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-0/+8
2021-03-25Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netDavid S. Miller4-52/+60
2021-03-24security: commoncap: fix -Wstringop-overread warningArnd Bergmann1-1/+1
2021-03-24apparmor:match_mn() - constify devpath argumentAl Viro1-2/+2
2021-03-24ima: Fix the error code for restoring the PCR valueLi Huafei1-2/+2
2021-03-22smack: differentiate between subjective and objective task credentialsPaul Moore2-14/+44
2021-03-22selinux: clarify task subjective and objective credentialsPaul Moore1-39/+73
2021-03-22lsm: separate security_task_getsecid() into subjective and objective variantsPaul Moore6-14/+24
2021-03-22ima: without an IMA policy loaded, return quicklyMimi Zohar1-0/+6
2021-03-22integrity: double check iint_cache was initializedMimi Zohar1-0/+8
2021-03-22lsm,selinux: add new hook to compare new mount to an existing mountOlga Kornievskaia2-0/+63
2021-03-22Merge tag 'selinux-pr-20210322' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds3-41/+59
2021-03-18selinuxfs: unify policy load error reportingOndrej Mosnacek1-6/+3
2021-03-18selinux: fix variable scope issue in live sidtab conversionOndrej Mosnacek3-33/+55
2021-03-18selinux: don't log MAC_POLICY_LOAD record on failed policy loadOndrej Mosnacek1-2/+1
2021-03-12Revert 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file cap...Eric W. Biederman1-11/+1
2021-03-11nexthop: Add netlink defines and enumerators for resilient NH groupsIdo Schimmel1-1/+4
2021-03-11integrity: Load mokx variables into the blacklist keyringEric Snowberg1-2/+18
2021-03-11certs: Add EFI_CERT_X509_GUID support for dbx entriesEric Snowberg1-0/+11
2021-03-08selinux: fix misspellings using codespell toolXiong Zhenwu1-1/+1
2021-03-08selinux: fix misspellings using codespell toolXiong Zhenwu1-1/+1
2021-03-08selinux: measure state and policy capabilitiesLakshmi Ramasubramanian4-5/+96
2021-03-08selinux: Allow context mounts for unpriviliged overlayfsVivek Goyal1-1/+2
2021-03-08powerpc: Move arch independent ima kexec functions to drivers/of/kexec.cLakshmi Ramasubramanian2-4/+1
2021-03-08powerpc: Move ima buffer fields to struct kimageLakshmi Ramasubramanian1-6/+2
2021-02-23Merge tag 'keys-misc-20210126' of git://git.kernel.org/pub/scm/linux/kernel/g...Linus Torvalds8-21/+18
2021-02-23Merge tag 'idmapped-mounts-v5.12' of git://git.kernel.org/pub/scm/linux/kerne...Linus Torvalds18-115/+240
2021-02-22Merge branch 'userns-for-v5.12' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-1/+11
2021-02-22Merge branch 'work.audit' of git://git.kernel.org/pub/scm/linux/kernel/git/vi...Linus Torvalds1-2/+3
2021-02-21Merge tag 'tpmdd-next-v5.12-rc1-v2' of git://git.kernel.org/pub/scm/linux/ker...Linus Torvalds2-8/+36
2021-02-21Merge tag 'Smack-for-v5.12' of git://github.com/cschaufler/smack-nextLinus Torvalds1-2/+19
2021-02-21Merge tag 'integrity-v5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds16-52/+301
2021-02-21Merge tag 'selinux-pr-20210215' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds16-51/+141
2021-02-21Merge tag 'tomoyo-pr-20210215' of git://git.osdn.net/gitroot/tomoyo/tomoyo-test1Linus Torvalds3-25/+25
2021-02-16KEYS: trusted: Reserve TPM for seal and unseal operationsJarkko Sakkinen1-4/+18
2021-02-16KEYS: trusted: Fix migratable=1 failingJarkko Sakkinen1-1/+1
2021-02-16KEYS: trusted: Fix incorrect handling of tpm_get_random()Jarkko Sakkinen1-3/+17
2021-02-12integrity: Make function integrity_add_key() staticWei Yongjun1-2/+2
2021-02-10Merge branch 'ima-kexec-fixes' into next-integrityMimi Zohar1-0/+3
2021-02-10ima: Free IMA measurement buffer after kexec syscallLakshmi Ramasubramanian1-0/+2
2021-02-10ima: Free IMA measurement buffer on errorLakshmi Ramasubramanian1-0/+1
2021-02-02smackfs: restrict bytes count in smackfs write functionsSabyrzhan Tasbolatov1-2/+19
2021-02-01tomoyo: recognize kernel threads correctlyTetsuo Handa1-1/+1
2021-02-01tomoyo: ignore data race while checking quotaTetsuo Handa3-24/+24
2021-01-28cap: fix conversions on getxattrMiklos Szeredi1-24/+43
2021-01-26IMA: Measure kernel version in early bootRaphael Gianotti1-0/+5
2021-01-24ima: handle idmapped mountsChristian Brauner7-40/+68
2021-01-24apparmor: handle idmapped mountsChristian Brauner3-10/+24
2021-01-24fs: make helpers idmap mount awareChristian Brauner2-2/+3
2021-01-24commoncap: handle idmapped mountsChristian Brauner4-37/+84
2021-01-24xattr: handle idmapped mountsTycho Andersen7-20/+24
2021-01-24acl: handle idmapped mountsChristian Brauner1-7/+38
2021-01-24inode: make init and permission helpers idmapped mount awareChristian Brauner1-2/+2
2021-01-24capability: handle idmapped mountsChristian Brauner1-2/+3
2021-01-21certs: Fix blacklist flag type confusionDavid Howells2-3/+4
2021-01-21KEYS: remove redundant memsetTom Rix1-2/+0
2021-01-21security: keys: delete repeated words in commentsRandy Dunlap2-3/+3
2021-01-21security/keys: use kvfree_sensitive()Denis Efremov1-6/+3
2021-01-21watch_queue: Drop references to /dev/watch_queueGabriel Krisman Bertazi1-4/+4
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-15 06:54:58 +0000