aboutsummaryrefslogtreecommitdiffstats
path: root/security
AgeCommit message (Expand)AuthorFilesLines
2014-01-12SELinux: Fix possible NULL pointer dereference in selinux_inode_permission()Steven Rostedt2-3/+22
2013-12-23selinux: selinux_setprocattr()->ptrace_parent() needs rcu_read_lock()Oleg Nesterov1-2/+2
2013-12-23selinux: fix broken peer recv checkChad Hanson1-1/+3
2013-12-15Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmo...Linus Torvalds3-42/+165
2013-12-15Revert "selinux: consider filesystem subtype in policies"Linus Torvalds2-60/+22
2013-12-13Merge branch 'master' of git://git.infradead.org/users/pcmoore/selinux_fixes ...James Morris3-42/+165
2013-12-12selinux: process labeled IPsec TCP SYN-ACK packets properly in selinux_ip_pos...Paul Moore1-7/+35
2013-12-12selinux: look for IPsec labels on both inbound and outbound packetsPaul Moore3-14/+47
2013-12-12selinux: handle TCP SYN-ACK packets correctly in selinux_ip_postroute()Paul Moore1-15/+53
2013-12-12selinux: handle TCP SYN-ACK packets correctly in selinux_ip_output()Paul Moore1-2/+23
2013-12-12Merge tag 'keys-devel-20131210' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds3-17/+10
2013-12-04selinux: fix possible memory leakGeyslan G. Bem1-4/+7
2013-12-02ima: properly free ima_template_entry structuresRoberto Sassu3-5/+19
2013-12-02ima: Do not free 'entry' before it is initializedChristoph Paasch1-1/+0
2013-12-02security: shmem: implement kernel private shmem inodesEric Paris1-1/+1
2013-12-02KEYS: Fix searching of nested keyringsDavid Howells1-1/+1
2013-12-02KEYS: Fix multiple key add into associative arrayDavid Howells1-4/+3
2013-12-02KEYS: Fix the keyring hash functionDavid Howells1-4/+4
2013-12-02KEYS: Pre-clear struct key on allocationDavid Howells1-7/+1
2013-11-30ima: store address of template_fmt_copy in a pointer before calling strsepRoberto Sassu1-2/+4
2013-11-26Merge tag 'v3.12'Paul Moore33-619/+1720
2013-11-25ima: make a copy of template_fmt in template_desc_init_fields()Roberto Sassu1-7/+14
2013-11-25ima: do not send field length to userspace for digest of ima templateRoberto Sassu3-5/+18
2013-11-25ima: do not include field length in template digest calc for ima templateRoberto Sassu3-6/+15
2013-11-23Revert "ima: define '_ima' as a builtin 'trusted' keyring"Linus Torvalds4-55/+1
2013-11-21Merge branch 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/jm...Linus Torvalds65-1596/+3204
2013-11-21Merge git://git.infradead.org/users/eparis/auditLinus Torvalds2-1/+4
2013-11-14KEYS: Fix keyring content gc scannerDavid Howells2-51/+36
2013-11-13KEYS: Fix error handling in big_key instantiationDavid Howells1-0/+1
2013-11-13Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-nextLinus Torvalds2-9/+10
2013-11-13Merge branch 'for-3.13' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/c...Linus Torvalds1-11/+0
2013-11-06KEYS: Fix UID check in keyctl_get_persistent()David Howells1-4/+2
2013-11-05audit: suppress stock memalloc failure warnings since already managedRichard Guy Briggs1-1/+2
2013-11-05selinux: apply selinux checks on new audit message typesEric Paris1-0/+2
2013-10-31ima: define '_ima' as a builtin 'trusted' keyringMimi Zohar4-1/+55
2013-10-31ima: extend the measurement list to include the file signatureMimi Zohar8-12/+73
2013-10-31Merge branch 'keys-devel' of git://git.kernel.org/pub/scm/linux/kernel/git/dh...James Morris5-16/+25
2013-10-30KEYS: fix error return code in big_key_instantiate()Wei Yongjun1-1/+3
2013-10-30KEYS: Fix keyring quota misaccounting on key replacement and unlinkDavid Howells1-12/+15
2013-10-30KEYS: Fix a race between negating a key and reading the error setDavid Howells3-2/+6
2013-10-30KEYS: Make BIG_KEYS booleanJosh Boyer1-1/+1
2013-10-29apparmor: remove the "task" arg from may_change_ptraced_domain()Oleg Nesterov1-8/+6
2013-10-29apparmor: remove parent task info from audit loggingJohn Johansen2-7/+0
2013-10-29apparmor: remove tsk field from the apparmor_audit_structJohn Johansen1-8/+2
2013-10-29apparmor: fix capability to not use the current task, during reportingJohn Johansen6-22/+15
2013-10-30Merge branch 'smack-for-3.13' of git://git.gitorious.org/smack-next/kernel in...James Morris4-9/+34
2013-10-28Smack: Ptrace access check modeCasey Schaufler1-1/+1
2013-10-26ima: provide hash algo info in the xattrDmitry Kasatkin2-15/+59
2013-10-26ima: enable support for larger default filedata hash algorithmsMimi Zohar2-2/+59
2013-10-26ima: define kernel parameter 'ima_template=' to change configured defaultRoberto Sassu1-0/+31
2013-10-26ima: add Kconfig default measurement list templateMimi Zohar2-2/+27
2013-10-26ima: defer determining the appraisal hash algorithm for 'ima' templateRoberto Sassu1-1/+5
2013-10-26ima: add audit log support for larger hashesMimi Zohar1-1/+4
2013-10-25ima: switch to new template management mechanismRoberto Sassu5-97/+107
2013-10-25ima: define new template ima-ng and template fields d-ng and n-ngRoberto Sassu3-17/+150
2013-10-25ima: define template fields library and new helpersRoberto Sassu6-8/+242
2013-10-25ima: new templates management mechanismRoberto Sassu4-1/+146
2013-10-25ima: define new function ima_alloc_init_template() to APIRoberto Sassu3-39/+76
2013-10-25ima: pass the filename argument up to ima_add_template_entry()Roberto Sassu4-10/+13
2013-10-25ima: pass the file descriptor to ima_add_violation()Roberto Sassu3-5/+5
2013-10-25ima: ima_calc_boot_agregate must use SHA1Dmitry Kasatkin3-5/+31
2013-10-25ima: support arbitrary hash algorithms in ima_calc_buffer_hashDmitry Kasatkin2-6/+25
2013-10-25ima: provide dedicated hash algo allocation functionDmitry Kasatkin1-14/+29
2013-10-25ima: differentiate between template hash and file data hash sizesMimi Zohar6-12/+12
2013-10-25ima: use dynamically allocated hash storageDmitry Kasatkin4-30/+49
2013-10-25ima: pass full xattr with the signatureDmitry Kasatkin4-5/+7
2013-10-25ima: read and use signature hash algorithmDmitry Kasatkin6-25/+94
2013-10-25ima: provide support for arbitrary hash algorithmsDmitry Kasatkin7-32/+98
2013-10-25Revert "ima: policy for RAMFS"Mimi Zohar1-1/+0
2013-10-25ima: fix script messagesDmitry Kasatkin6-13/+13
2013-10-24device_cgroup: remove can_attachSerge Hallyn1-11/+0
2013-10-23Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller5-30/+17
2013-10-22Merge branch 'master' of git://git.infradead.org/users/pcmoore/selinux into r...James Morris16-392/+432
2013-10-18Smack: Implement lock security modeCasey Schaufler4-8/+33
2013-10-16apparmor: fix bad lock balance when introspecting policyJohn Johansen1-3/+1
2013-10-16apparmor: fix memleak of the profile hashJohn Johansen1-0/+1
2013-10-14netfilter: pass hook ops to hookfnPatrick McHardy1-5/+5
2013-10-09net: fix build errors if ipv6 is disabledEric Dumazet1-0/+2
2013-10-09ipv6: make lookups simpler and fasterEric Dumazet1-3/+2
2013-10-04selinux: remove 'flags' parameter from avc_audit()Linus Torvalds3-4/+4
2013-10-04selinux: avc_has_perm_flags has no more usersLinus Torvalds2-17/+6
2013-10-04selinux: remove 'flags' parameter from inode_has_permLinus Torvalds1-7/+6
2013-10-01Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller3-20/+21
2013-09-30net ipv4: Convert ipv4.ip_local_port_range to be per netns v3Eric W. Biederman1-1/+1
2013-09-30apparmor: fix suspicious RCU usage warning in policy.c/policy.hJohn Johansen2-2/+5
2013-09-30apparmor: Use shash crypto API interface for profile hashesTyler Hicks1-18/+16
2013-09-26selinux: correct locking in selinux_netlbl_socket_connect)Paul Moore1-4/+2
2013-09-26selinux: Use kmemdup instead of kmalloc + memcpyDuan Jiong1-2/+2
2013-09-25KEYS: initialize root uid and session keyrings earlyMimi Zohar1-0/+10
2013-09-25KEYS: Add a 'trusted' flag and a 'trusted only' flagDavid Howells2-0/+12
2013-09-24KEYS: Add per-user_namespace registers for persistent per-UID kerberos cachesDavid Howells7-0/+213
2013-09-24KEYS: Implement a big key type that can save to tmpfsDavid Howells3-0/+216
2013-09-24KEYS: Expand the capacity of a keyringDavid Howells6-742/+792
2013-09-24KEYS: Drop the permissions argument from __keyring_search_one()David Howells3-9/+5
2013-09-24KEYS: Define a __key_get() wrapper to use rather than atomic_inc()David Howells3-12/+12
2013-09-24KEYS: Search for auth-key by name rather than target key IDDavid Howells1-14/+7
2013-09-24KEYS: Introduce a search context structureDavid Howells7-158/+174
2013-09-24KEYS: Consolidate the concept of an 'index key' for key accessDavid Howells4-62/+67
2013-09-24KEYS: key_is_dead() should take a const key pointer argumentDavid Howells1-1/+1
2013-09-24KEYS: Use bool in make_key_ref() and is_key_possessed()David Howells1-2/+3
2013-09-24KEYS: Skip key state checks when checking for possessionDavid Howells4-6/+11
2013-09-24security: remove erroneous comment about capabilities.o link orderingEric Paris1-1/+0
2013-09-18Merge git://git.infradead.org/users/eparis/selinuxPaul Moore15-388/+430
2013-09-07Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebi...Linus Torvalds1-5/+5
2013-09-07Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/...Linus Torvalds28-547/+1666
2013-09-05Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-nextLinus Torvalds1-1/+6
2013-09-04Merge tag 'modules-next-for-linus' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds1-0/+2
2013-09-03Merge branch 'for-3.12' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/c...Linus Torvalds1-39/+26
2013-08-30capabilities: allow nice if we are privilegedSerge Hallyn1-4/+4
2013-08-30userns: Allow PR_CAPBSET_DROP in a user namespace.Eric W. Biederman1-1/+1
2013-08-28Revert "SELinux: do not handle seclabel as a special flag"Eric Paris2-1/+4
2013-08-28selinux: consider filesystem subtype in policiesAnand Avati2-22/+60
2013-08-23Merge branch 'smack-for-3.12' of git://git.gitorious.org/smack-next/kernel in...James Morris4-114/+150
2013-08-20module/lsm: Have apparmor module parameters work with no argsSteven Rostedt1-0/+2
2013-08-16Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller1-13/+11
2013-08-14apparmor: add the ability to report a sha1 hash of loaded policyJohn Johansen8-6/+199
2013-08-14apparmor: export set of capabilities supported by the apparmor moduleJohn Johansen4-1/+15
2013-08-14apparmor: add the profile introspection file to interfaceJohn Johansen1-0/+236
2013-08-14apparmor: add an optional profile attachment string for profilesJohn Johansen4-0/+40
2013-08-14apparmor: add interface files for profiles and namespacesJohn Johansen7-29/+436
2013-08-14apparmor: allow setting any profile into the unconfined stateJohn Johansen5-9/+22
2013-08-14apparmor: make free_profile available outside of policy.cJohn Johansen3-7/+7
2013-08-14apparmor: rework namespace free pathJohn Johansen2-35/+10
2013-08-14apparmor: update how unconfined is handledJohn Johansen3-83/+67
2013-08-14apparmor: change how profile replacement update is doneJohn Johansen6-87/+125
2013-08-14apparmor: convert profile lists to RCU based lockingJohn Johansen4-111/+167
2013-08-14apparmor: provide base for multiple profiles to be replaced at onceJohn Johansen4-146/+283
2013-08-14apparmor: add a features/policy dir to interfaceJohn Johansen1-0/+5
2013-08-14apparmor: enable users to query whether apparmor is enabledJohn Johansen1-1/+1
2013-08-14apparmor: remove minimum size check for vmalloc()Tetsuo Handa1-5/+0
2013-08-12Smack: parse multiple rules per write to load2, up to PAGE_SIZE-1 bytesRafal Krypa1-85/+82
2013-08-08cgroup: make css_for_each_descendant() and friends include the origin css in ...Tejun Heo1-1/+1
2013-08-08cgroup: make hierarchy iterators deal with cgroup_subsys_state instead of cgroupTejun Heo1-8/+3
2013-08-08cgroup: pass around cgroup_subsys_state instead of cgroup in file methodsTejun Heo1-6/+6
2013-08-08cgroup: pass around cgroup_subsys_state instead of cgroup in subsystem methodsTejun Heo1-11/+11
2013-08-08cgroup: add css_parent()Tejun Heo1-13/+5
2013-08-08cgroup: add/update accessors which obtain subsys specific data from cssTejun Heo1-1/+1
2013-08-08cgroup: s/cgroup_subsys_state/cgroup_css/ s/task_subsys_state/task_css/Tejun Heo1-2/+2
2013-08-06Smack: IPv6 casting error fix for 3.11Casey Schaufler1-13/+11
2013-08-01Smack: network label match fixCasey Schaufler3-9/+31
2013-08-01security: smack: add a hash table to quicken smk_find_entry()Tomasz Stanislawski3-9/+37
2013-08-01security: smack: fix memleak in smk_write_rules_list()Tomasz Stanislawski1-22/+11
2013-07-31net: split rt_genid for ipv4 and ipv6fan.du1-1/+6
2013-07-25Add SELinux policy capability for always checking packet and peer classes.Chris PeBenito4-6/+30
2013-07-25selinux: fix problems in netnode when BUG() is compiled outPaul Moore1-0/+2
2013-07-25SELinux: use a helper function to determine seclabelEric Paris1-14/+24
2013-07-25SELinux: pass a superblock to security_fs_useEric Paris3-15/+11
2013-07-25SELinux: do not handle seclabel as a special flagEric Paris2-4/+1
2013-07-25SELinux: change sbsec->behavior to shortEric Paris3-3/+3
2013-07-25SELinux: renumber the superblock optionsEric Paris2-4/+5
2013-07-25SELinux: do all flags twiddling in one placeEric Paris1-7/+5
2013-07-25SELinux: rename SE_SBLABELSUPP to SBLABEL_MNTEric Paris2-15/+15
2013-07-25SELinux: use define for number of bits in the mnt flags maskEric Paris1-1/+4
2013-07-25SELinux: make it harder to get the number of mnt opts wrongEric Paris1-2/+3
2013-07-25SELinux: remove crazy contortions around procEric Paris1-1/+1
2013-07-25SELinux: fix selinuxfs policy file on big endian systemsEric Paris1-2/+1
2013-07-25SELinux: Enable setting security contexts on rootfs inodes.Stephen Smalley1-0/+7
2013-07-25SELinux: Increase ebitmap_node size for 64-bit configurationWaiman Long1-1/+7
2013-07-25SELinux: Reduce overhead of mls_level_isvalid() function callWaiman Long4-19/+27
2013-07-25selinux: remove the BUG_ON() from selinux_skb_xfrm_sid()Paul Moore2-5/+8
2013-07-25selinux: cleanup the XFRM headerPaul Moore1-14/+5
2013-07-25selinux: cleanup selinux_xfrm_decode_session()Paul Moore1-11/+12
2013-07-25selinux: cleanup some comment and whitespace issues in the XFRM codePaul Moore1-13/+10
2013-07-25selinux: cleanup selinux_xfrm_sock_rcv_skb() and selinux_xfrm_postroute_last()Paul Moore2-60/+42
2013-07-25selinux: cleanup selinux_xfrm_policy_lookup() and selinux_xfrm_state_pol_flow...Paul Moore1-36/+18
2013-07-25selinux: cleanup and consolidate the XFRM alloc/clone/delete/free codePaul Moore1-31/+40
2013-07-25lsm: split the xfrm_state_alloc_security() hook implementationPaul Moore5-124/+110
2013-07-25xattr: Constify ->name member of "struct xattr".Tetsuo Handa5-24/+14
2013-07-11Merge branch 'for-3.11' of git://linux-nfs.org/~bfields/linuxLinus Torvalds1-1/+1
2013-07-09Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-nextLinus Torvalds1-1/+1
2013-07-09Merge tag 'nfs-for-3.11-1' of git://git.linux-nfs.org/projects/trondmy/linux-nfsLinus Torvalds6-15/+138
2013-07-03Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmo...Linus Torvalds31-583/+949
2013-07-03Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/vir...Linus Torvalds2-7/+19
2013-07-02Merge branch 'for-3.11' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/c...Linus Torvalds1-38/+18
2013-06-29SELinux: Institute file_path_has_perm()David Howells1-6/+18
2013-06-29Replace a bunch of file->dentry->d_inode refs with file_inode()David Howells1-1/+1
2013-06-20evm: audit integrity metadata failuresMimi Zohar1-1/+14
2013-06-20integrity: move integrity_audit_msg()Mimi Zohar7-33/+36
2013-06-08NFS: Extend NFS xattr handlers to accept the security namespaceDavid Quigley1-0/+1
2013-06-08NFS: Client implementation of Labeled-NFSDavid Quigley1-0/+4
2013-06-08SELinux: Add new labeling type native labelsDavid Quigley3-10/+32
2013-06-08LSM: Add flags field to security_sb_set_mnt_opts for in kernel mount data.David Quigley3-5/+19
2013-06-08Security: Add Hook to test if the particular xattr is part of a MAC model.David Quigley4-0/+29
2013-06-08Security: Add hook to calculate context based on a negative dentry.David Quigley3-0/+53
2013-06-05Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller1-20/+14
2013-06-03Smack: Fix the bug smackcipso can't set CIPSO correctlyPassion,Zhao1-1/+1
2013-05-31selinux: fix the labeled xfrm/IPsec reference count handlingPaul Moore1-20/+14
2013-05-28net: pass info struct via netdevice notifierJiri Pirko1-1/+1
2013-05-28Smack: Fix possible NULL pointer dereference at smk_netlbl_mls()Tetsuo Handa1-0/+2
2013-05-28Smack: Add smkfstransmute mount optionCasey Schaufler2-5/+21
2013-05-28Smack: Improve access check performanceCasey Schaufler4-249/+282
2013-05-28Smack: Local IPv6 port based controlsCasey Schaufler2-40/+319
2013-05-24device_cgroup: simplify cgroup tree walk in propagate_exception()Tejun Heo1-38/+18
2013-05-13security: cap_inode_getsecctx returning garbageJ. Bruce Fields1-1/+1
2013-05-12apparmor: no need to delay vfree()Al Viro1-21/+3
2013-05-12Merge tag 'aa-3.10' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux...James Morris19-248/+286
2013-05-07aio: don't include aio.h in sched.hKent Overstreet2-0/+3
2013-05-01Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/vir...Linus Torvalds3-8/+4
2013-05-01Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-nextLinus Torvalds2-4/+3
2013-04-30Merge branch 'akpm' (incoming from Andrew)Linus Torvalds1-3/+10
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-16 15:50:39 +0000