aboutsummaryrefslogtreecommitdiffstats
path: root/security
AgeCommit message (Expand)AuthorFilesLines
2017-03-03Merge branch 'WIP.sched-core-for-linus' of git://git.kernel.org/pub/scm/linux...Linus Torvalds10-1/+18
2017-03-02sched/headers: Prepare to remove the <linux/magic.h> include from <linux/sche...Ingo Molnar1-0/+2
2017-03-02sched/headers: Prepare to use <linux/rcuupdate.h> instead of <linux/rculist.h...Ingo Molnar4-0/+7
2017-03-02sched/headers: Prepare for new header dependencies before moving code to <lin...Ingo Molnar2-0/+2
2017-03-02sched/headers: Prepare to remove <linux/cred.h> inclusion from <linux/sched.h>Ingo Molnar4-0/+5
2017-03-02sched/headers: Prepare for new header dependencies before moving code to <lin...Ingo Molnar1-0/+1
2017-03-02sched/headers: Prepare for new header dependencies before moving code to <lin...Ingo Molnar1-1/+1
2017-03-02selinux: wrap cgroup seclabel support with its own policy capabilityStephen Smalley4-4/+12
2017-03-02KEYS: Differentiate uses of rcu_dereference_key() and user_key_payload()David Howells4-8/+8
2017-02-27lib/vsprintf.c: remove %Z supportAlexey Dobriyan2-2/+2
2017-02-24mm, fs: reduce fault, page_mkwrite, and pfn_mkwrite to take only vmfDave Jiang1-3/+2
2017-02-23Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebi...Linus Torvalds4-6/+6
2017-02-22Merge tag 'driver-core-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel...Linus Torvalds2-3/+39
2017-02-22Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-nextLinus Torvalds2-3/+8
2017-02-21Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/...Linus Torvalds54-1839/+3314
2017-02-20Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/k...Linus Torvalds2-8/+2
2017-02-11Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller1-1/+1
2017-02-10KEYS: Use memzero_explicit() for secret dataDan Carpenter1-1/+1
2017-02-10KEYS: Fix an error code in request_master_key()Dan Carpenter1-1/+1
2017-02-10Merge branch 'stable-4.11' of git://git.infradead.org/users/pcmoore/selinux i...James Morris9-276/+327
2017-02-08selinux: fix off-by-one in setprocattrStephen Smalley1-1/+1
2017-02-08Merge branch 'stable-4.10' of git://git.infradead.org/users/pcmoore/selinux i...James Morris1-1/+1
2017-02-07selinux: allow changing labels for cgroupfsAntonio Murdaca1-0/+2
2017-02-07selinux: fix off-by-one in setprocattrStephen Smalley1-1/+1
2017-01-27ima: allow to check MAY_APPENDLans Zhang2-4/+5
2017-01-27ima: fix ima_d_path() possible race with renameMimi Zohar3-6/+24
2017-01-27Merge branch 'smack-for-4.11' of git://github.com/cschaufler/smack-next into ...James Morris3-27/+95
2017-01-24Introduce a sysctl that modifies the value of PROT_SOCK.Krister Johansen1-1/+2
2017-01-24exec: Remove LSM_UNSAFE_PTRACE_CAPEric W. Biederman4-5/+4
2017-01-24exec: Test the ptracer's saved cred to see if the tracee can gain capsEric W. Biederman1-1/+2
2017-01-24exec: Don't reset euid and egid when the tracee has CAP_SETUIDEric W. Biederman1-1/+1
2017-01-19Introduce STATIC_USERMODEHELPER to mediate call_usermodehelper()Greg Kroah-Hartman1-0/+35
2017-01-19Make static usermode helper binaries constantGreg Kroah-Hartman1-3/+4
2017-01-19LSM: Add /sys/kernel/security/lsmCasey Schaufler9-9/+71
2017-01-16apparmor: fix undefined reference to `aa_g_hash_policy'John Johansen1-1/+1
2017-01-16apparmor: replace remaining BUG_ON() asserts with AA_BUG()John Johansen4-5/+5
2017-01-16apparmor: fix restricted endian type warnings for policy unpackJohn Johansen1-6/+6
2017-01-16apparmor: fix restricted endian type warnings for dfa unpackJohn Johansen2-12/+12
2017-01-16apparmor: add check for apparmor enabled in module parameters missing itJohn Johansen1-0/+10
2017-01-16apparmor: add per cpu work buffers to avoid allocating buffers at every hookJohn Johansen2-1/+103
2017-01-16apparmor: sysctl to enable unprivileged user ns AppArmor policy loadingTyler Hicks2-1/+47
2017-01-16apparmor: support querying extended trusted helper extra dataWilliam Hua5-0/+245
2017-01-16apparmor: update cap audit to check SECURITY_CAP_NOAUDITJohn Johansen1-6/+10
2017-01-16apparmor: make computing policy hashes conditional on kernel parameterJohn Johansen2-29/+32
2017-01-16apparmor: convert change_profile to use fqname later to give better controlJohn Johansen5-66/+28
2017-01-16apparmor: fix change_hat debug outputJohn Johansen1-4/+5
2017-01-16apparmor: remove unused op parameter from simple_write_to_buffer()John Johansen1-6/+3
2017-01-16apparmor: change aad apparmor_audit_data macro to a fn macroJohn Johansen12-161/+155
2017-01-16apparmor: change op from int to const char *John Johansen10-134/+84
2017-01-16apparmor: rename context abreviation cxt to the more standard ctxJohn Johansen5-144/+150
2017-01-16apparmor: fail task profile update if current_cred isn't real_credJohn Johansen1-0/+3
2017-01-16apparmor: add per policy ns .load, .replace, .remove interface filesJohn Johansen2-22/+130
2017-01-16apparmor: pass the subject profile into profile replace/removeJohn Johansen3-16/+21
2017-01-16apparmor: audit policy ns specified in policy loadJohn Johansen3-24/+77
2017-01-16apparmor: allow introspecting the loaded policy pre internal transformJohn Johansen8-58/+278
2017-01-16apparmor: add ns name to the audit data for policy loadsJohn Johansen2-10/+25
2017-01-16apparmor: add profile and ns params to aa_may_manage_policy()John Johansen3-14/+12
2017-01-16apparmor: add ns being viewed as a param to policy_admin_capable()John Johansen3-10/+16
2017-01-16apparmor: add ns being viewed as a param to policy_view_capable()John Johansen4-8/+35
2017-01-16apparmor: allow specifying the profile doing the managementJohn Johansen1-11/+21
2017-01-16apparmor: allow introspecting the policy namespace nameJohn Johansen1-0/+24
2017-01-16apparmor: Make aa_remove_profile() callable from a different viewJohn Johansen3-5/+7
2017-01-16apparmor: track ns level so it can be used to help in view checksJohn Johansen1-0/+1
2017-01-16apparmor: add special .null file used to "close" fds at execJohn Johansen3-1/+81
2017-01-16apparmor: provide userspace flag indicating binfmt_elf_mmap changeJohn Johansen1-0/+1
2017-01-16apparmor: add a default null dfaJohn Johansen6-2/+46
2017-01-16apparmor: allow policydb to be used as the file dfaJohn Johansen1-4/+8
2017-01-16apparmor: add get_dfa() fnJohn Johansen1-0/+15
2017-01-16apparmor: prepare to support newer versions of policyJohn Johansen2-10/+25
2017-01-16apparmor: add support for force complain flag to support learning modeJohn Johansen1-1/+3
2017-01-16apparmor: remove paranoid load switchJohn Johansen2-16/+10
2017-01-16apparmor: name null-XXX profiles after the executableJohn Johansen3-17/+47
2017-01-16apparmor: pass gfp_t parameter into profile allocationJohn Johansen4-8/+9
2017-01-16apparmor: refactor prepare_ns() and make usable from different viewsJohn Johansen5-38/+79
2017-01-16apparmor: update policy_destroy to use new debug assertsJohn Johansen1-9/+2
2017-01-16apparmor: pass gfp param into aa_policy_init()John Johansen4-7/+7
2017-01-16apparmor: constify policy name and hnameJohn Johansen3-4/+4
2017-01-16apparmor: rename hname_tail to basenameJohn Johansen3-4/+4
2017-01-16apparmor: rename mediated_filesystem() to path_mediated_fs()John Johansen2-8/+8
2017-01-16apparmor: add debug assert AA_BUG and Kconfig to control debug infoJohn Johansen3-4/+43
2017-01-16apparmor: add macro for bug asserts to check that a lock is heldJohn Johansen1-0/+11
2017-01-16apparmor: allow ns visibility question to consider subnsesJohn Johansen4-8/+14
2017-01-16apparmor: add fn to lookup profiles by fqnameJohn Johansen4-7/+38
2017-01-16apparmor: add lib fn to find the "split" for fqnamesJohn Johansen2-0/+55
2017-01-16apparmor: add strn version of aa_find_nsJohn Johansen2-6/+29
2017-01-16apparmor: add strn version of lookup_profile fnJohn Johansen2-11/+27
2017-01-16apparmor: rename replacedby to proxyJohn Johansen5-65/+65
2017-01-16apparmor: rename PFLAG_INVALID to PFLAG_STALEJohn Johansen3-5/+5
2017-01-16apparmor: rename sid to secidJohn Johansen4-65/+65
2017-01-16apparmor: rename namespace to ns to improve code line lengthsJohn Johansen8-128/+122
2017-01-16apparmor: split apparmor policy namespaces code into its own fileJohn Johansen10-391/+454
2017-01-16apparmor: split out shared policy_XXX fns to libJohn Johansen4-132/+137
2017-01-16apparmor: move lib definitions into separate lib includeJohn Johansen5-82/+99
2017-01-15apparmor: use designated initializersKees Cook2-5/+7
2017-01-15AppArmor: Use GFP_KERNEL for __aa_kvmalloc().Tetsuo Handa1-1/+2
2017-01-14locking/atomic, kref: Use kref_get_unless_zero() morePeter Zijlstra2-8/+2
2017-01-12security,selinux,smack: kill security_task_wait hookStephen Smalley3-33/+0
2017-01-12selinux: drop unused socket security classesStephen Smalley2-12/+0
2017-01-10Smack: ignore private inode for file functionsSeung-Woo Kim1-0/+12
2017-01-10Smack: fix d_instantiate logic for sockfs and pipefsRafal Krypa1-7/+7
2017-01-10SMACK: Use smk_tskacc() instead of smk_access() for proper loggingHimanshu Shukla1-4/+1
2017-01-10Smack: Traverse the smack_known_list using list_for_each_entry_rcu macroVishal Goel1-1/+1
2017-01-10SMACK: Free the i_security blob in inode using RCUHimanshu Shukla2-4/+29
2017-01-10SMACK: Delete list_head repeated initializationHimanshu Shukla1-4/+0
2017-01-10SMACK: Add new lock for adding entry in smack master listVishal Goel1-0/+5
2017-01-10Smack: Fix the issue of wrong SMACK label update in socket bind fail caseVishal Goel2-0/+21
2017-01-10Smack: Fix the issue of permission denied error in ipv6 hookVishal Goel2-2/+4
2017-01-10SMACK: Add the rcu synchronization mechanism in ipv6 hooksVishal Goel1-5/+15
2017-01-09selinux: default to security isid in sel_make_bools() if no sid is foundGary Tierney1-3/+3
2017-01-09selinux: log errors when loading new policyGary Tierney1-5/+16
2017-01-09proc,security: move restriction on writing /proc/pid/attr nodes to procStephen Smalley4-29/+6
2017-01-09selinux: clean up cred usage and simplifyStephen Smalley3-211/+166
2017-01-09selinux: allow context mounts on tmpfs, ramfs, devpts within user namespacesStephen Smalley1-3/+7
2017-01-09selinux: handle ICMPv6 consistently with ICMPStephen Smalley1-1/+2
2017-01-09selinux: add security in-core xattr support for tracefsYongqin Liu1-0/+1
2017-01-09selinux: support distinctions among all network address familiesStephen Smalley5-2/+147
2016-12-24Replace <asm/uaccess.h> with <linux/uaccess.h> globallyLinus Torvalds4-4/+4
2016-12-22Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmo...Linus Torvalds1-0/+2
2016-12-21selinux: use the kernel headers when building scripts/selinuxPaul Moore1-0/+2
2016-12-20ima: platform-independent hash valueAndreas Steffen1-2/+4
2016-12-20ima: define a canonical binary_runtime_measurements list formatMimi Zohar5-13/+62
2016-12-20ima: support restoring multiple template formatsMimi Zohar1-3/+49
2016-12-20ima: store the builtin/custom template definitions in a listMimi Zohar3-11/+43
2016-12-20ima: on soft reboot, save the measurement listMimi Zohar3-1/+119
2016-12-20ima: maintain memory size needed for serializing the measurement listMimi Zohar3-2/+64
2016-12-20ima: permit duplicate measurement list entriesMimi Zohar1-6/+10
2016-12-20ima: on soft reboot, restore the measurement listMimi Zohar6-0/+255
2016-12-16Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/vir...Linus Torvalds2-2/+2
2016-12-15Merge branches 'work.namei', 'work.dcache' and 'work.iov_iter' into for-linusAl Viro1-1/+1
2016-12-14Merge branch 'akpm' (patches from Andrew)Linus Torvalds1-1/+1
2016-12-14mm: add locked parameter to get_user_pages_remote()Lorenzo Stoakes1-1/+1
2016-12-14Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebi...Linus Torvalds1-2/+10
2016-12-14Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/...Linus Torvalds14-137/+166
2016-12-12Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/ke...Linus Torvalds1-4/+7
2016-12-05[iov_iter] new primitives - copy_from_iter_full() and friendsAl Viro1-1/+1
2016-12-05Yama: allow access for the current ptrace parentJosh Stone1-1/+15
2016-12-04don't open-code file_inode()Al Viro1-1/+1
2016-12-02Revert "evm: Translate user/group ids relative to s_user_ns when computing HMAC"Eric W. Biederman1-2/+10
2016-11-24Merge branch 'stable-4.10' of git://git.infradead.org/users/pcmoore/selinux i...James Morris4-51/+84
2016-11-23Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/li...James Morris5-10/+14
2016-11-22selinux: Convert isec->lock into a spinlockAndreas Gruenbacher2-40/+66
2016-11-22Merge remote branch 'smack/smack-for-4.10' into nextJames Morris4-75/+53
2016-11-21selinux: keep SELinux in sync with new capability definitionsStephen Smalley1-0/+4
2016-11-21apparmor: fix change_hat not finding hat after policy replacementJohn Johansen1-2/+4
2016-11-20selinux: normalize input to /sys/fs/selinux/enforceStephen Smalley1-0/+2
2016-11-16posix-timers: Make them configurableNicolas Pitre1-4/+7
2016-11-15Smack: Remove unnecessary smack_known_invalidCasey Schaufler4-36/+4
2016-11-14Smack: Use GFP_KERNEL for smack_parse_opts_str().Tetsuo Handa1-2/+2
2016-11-14selinux: Clean up initialization of isec->sclassAndreas Gruenbacher1-6/+4
2016-11-14proc: Pass file mode to proc_pid_make_inodeAndreas Gruenbacher1-0/+1
2016-11-14selinux: Minor cleanupsAndreas Gruenbacher2-3/+4
2016-11-14SELinux: Use GFP_KERNEL for selinux_parse_opts_str().Tetsuo Handa1-2/+3
2016-11-13security/integrity: Harden against malformed xattrsSeth Forshee3-2/+9
2016-11-13ima: include the reason for TPM-bypass modeMimi Zohar1-1/+2
2016-11-13Revert "ima: limit file hash setting by user to fix and log modes"Mimi Zohar1-6/+2
2016-11-13ima: fix memory leak in ima_release_policyEric Richter1-1/+1
2016-11-10Smack: ipv6 label match fixCasey Schaufler1-6/+6
2016-11-10SMACK: Fix the memory leak in smack_cred_prepare() hookHimanshu Shukla1-1/+2
2016-11-10SMACK: Do not apply star label in smack_setprocattr hookHimanshu Shukla1-3/+4
2016-11-10smack: parse mnt opts after privileges checkHimanshu Shukla1-25/+25
2016-11-04Smack: Assign smack_known_web label for kernel thread'sjooseong lee1-2/+10
2016-10-27security/keys: make BIG_KEYS dependent on stdrng.Artem Savkov1-1/+1
2016-10-27KEYS: Sort out big_key initialisationDavid Howells1-27/+32
2016-10-27KEYS: Fix short sprintf buffer in /proc/keys show functionDavid Howells1-1/+1
2016-10-22Merge branch 'mm-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds1-1/+1
2016-10-20mm: Change vm_is_stack_for_task() to vm_is_stack_for_current()Andy Lutomirski1-1/+1
2016-10-19mm: replace get_user_pages_remote() write/force parameters with gup_flagsLorenzo Stoakes1-1/+1
2016-10-10Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/vir...Linus Torvalds4-5/+5
2016-10-10Merge remote-tracking branch 'ovl/rename2' into for-linusAl Viro2-6/+9
2016-10-10Merge branch 'work.xattr' of git://git.kernel.org/pub/scm/linux/kernel/git/vi...Linus Torvalds6-49/+39
2016-10-10Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/vir...Linus Torvalds2-3/+3
2016-10-10Merge branch 'printk-cleanups'Linus Torvalds1-2/+2
2016-10-09printk: reinstate KERN_CONT for printing continuation linesLinus Torvalds1-2/+2
2016-10-08Merge remote-tracking branch 'ovl/misc' into work.miscAl Viro2-3/+3
2016-10-07xattr: Add __vfs_{get,set,remove}xattr helpersAndreas Gruenbacher6-49/+39
2016-10-07Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jik...Linus Torvalds1-4/+3
2016-10-04Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/...Linus Torvalds13-88/+172
2016-10-04Merge branch 'stable-4.9' of git://git.infradead.org/users/pcmoore/auditLinus Torvalds1-2/+2
2016-09-29securityfs: fix securityfs_create_dir commentLaurent Georget1-4/+3
2016-09-27fs: Replace CURRENT_TIME with current_time() for inode timestampsDeepa Dinamani3-3/+3
2016-09-27fs: rename "rename2" i_op to "rename"Miklos Szeredi1-2/+2
2016-09-27vfs: remove unused i_op->renameMiklos Szeredi1-2/+2
2016-09-23Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert...Linus Torvalds1-4/+7
2016-09-22KEYS: Fix skcipher IV clobberingHerbert Xu1-4/+7
2016-09-21Merge branch 'stable-4.9' of git://git.infradead.org/users/pcmoore/selinux in...James Morris2-8/+21
2016-09-19lsm,audit,selinux: Introduce a new audit data type LSM_AUDIT_DATA_FILEVivek Goyal2-8/+21
2016-09-19Merge branch 'stable-4.9' of git://git.infradead.org/users/pcmoore/selinux in...James Morris9-65/+119
2016-09-16ima: use file_dentry()Miklos Szeredi2-3/+3
2016-09-13selinux: fix error return code in policydb_read()Wei Yongjun1-0/+1
2016-09-08Smack: Signal delivery as an append operationCasey Schaufler3-7/+29
2016-09-07Merge tag 'usercopy-v4.8-rc6-part2' of git://git.kernel.org/pub/scm/linux/ker...Linus Torvalds1-0/+11
2016-09-07usercopy: remove page-spanning test for nowKees Cook1-0/+11
2016-08-30audit: consistently record PIDs with task_tgid_nr()Paul Moore1-2/+2
2016-08-30selinux: fix overflow and 0 length allocationsWilliam Roberts2-0/+5
2016-08-29selinux: initialize structuresWilliam Roberts1-4/+4
2016-08-29selinux: detect invalid ebitmapWilliam Roberts1-0/+3
2016-08-23Smack: Use memdup_user() rather than duplicating its implementationMarkus Elfring1-8/+3
2016-08-19Make the hardened user-copy code depend on having a hardened allocatorLinus Torvalds1-0/+1
2016-08-18selinux: drop SECURITY_SELINUX_POLICYDB_VERSION_MAXWilliam Roberts2-42/+0
2016-08-10selinux: Implement dentry_create_files_as() hookVivek Goyal1-0/+22
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-15 22:50:42 +0000