aboutsummaryrefslogtreecommitdiffstats
path: root/security
AgeCommit message (Expand)AuthorFilesLines
2018-09-12Revert "Smack: Mark inode instant in smack_task_to_inode"Ben Hutchings1-1/+0
2018-08-24Smack: Mark inode instant in smack_task_to_inodeCasey Schaufler1-0/+1
2018-06-06selinux: KASAN: slab-out-of-bounds in xattr_getsecuritySachin Grover1-1/+1
2018-06-06Revert "ima: limit file hash setting by user to fix and log modes"Mimi Zohar1-6/+2
2018-05-30ima: Fallback to the builtin hash algorithmPetr Vorel2-0/+15
2018-05-30ima: Fix Kconfig to select TPM 2.0 CRB interfaceJiandi An1-0/+1
2018-04-13selinux: do not check open permission on socketsStephen Smalley1-3/+7
2018-04-08selinux: Remove redundant check for unknown labeling behaviorMatthias Kaehlcke1-16/+0
2018-04-08selinux: Remove unnecessary check of array base in selinux_set_mapping()Matthias Kaehlcke1-1/+1
2018-03-22ima: relax requiring a file signature for new files with zero lengthMimi Zohar1-1/+2
2018-03-22apparmor: Make path_max parameter readonlyJohn Johansen1-1/+1
2018-03-22selinux: check for address length in selinux_socket_bind()Alexander Potapenko1-0/+8
2018-02-25selinux: skip bounded transition processing if the policy isn't loadedPaul Moore1-0/+3
2018-02-25selinux: ensure the context is NUL terminated in security_context_to_sid_core()Paul Moore1-10/+8
2018-02-16KEYS: encrypted: fix buffer overread in valid_master_desc()Eric Biggers1-16/+15
2018-02-03selinux: general protection fault in sock_has_permMark Salyzyn1-0/+2
2018-01-05KPTI: Rename to PAGE_TABLE_ISOLATIONKees Cook1-1/+1
2018-01-05x86/kaiser: Reenable PARAVIRTBorislav Petkov1-1/+1
2018-01-05kaiser: delete KAISER_REAL_SWITCH optionHugh Dickins1-4/+0
2018-01-05kaiser: KAISER depends on SMPHugh Dickins1-4/+6
2018-01-05kaiser: merged updateDave Hansen1-0/+5
2018-01-05KAISER: Kernel Address IsolationRichard Fellner1-0/+7
2017-12-20KEYS: add missing permission check for request_key() destinationEric Biggers1-10/+38
2017-12-09ima: fix hash algorithm initializationBoshi Wang1-0/+4
2017-11-24ima: do not update security.ima if appraisal status is not INTEGRITY_PASSRoberto Sassu1-0/+3
2017-11-18security/keys: add CONFIG_KEYS_COMPAT to KconfigBilal Amarni1-0/+4
2017-11-15KEYS: trusted: fix writing past end of buffer in trusted_read()Eric Biggers1-11/+12
2017-11-15KEYS: trusted: sanitize all key materialEric Biggers1-28/+22
2017-11-08KEYS: return full count in keyring_read() if buffer is too smallEric Biggers1-20/+19
2017-10-27KEYS: Fix race between updating and finding a negative keyDavid Howells12-39/+49
2017-10-27KEYS: don't let add_key() update an uninstantiated keyDavid Howells1-0/+10
2017-10-27KEYS: encrypted: fix dereference of NULL user_key_payloadEric Biggers1-0/+7
2017-10-12lsm: fix smack_inode_removexattr and xattr_getsecurity memleakCasey Schaufler1-30/+25
2017-10-05KEYS: prevent KEYCTL_READ on negative keyEric Biggers1-0/+5
2017-10-05KEYS: prevent creating a different user's keyringsEric Biggers4-12/+23
2017-10-05KEYS: fix writing past end of user-supplied buffer in keyring_read()Eric Biggers1-9/+5
2017-07-15KEYS: Fix an error code in request_master_key()Dan Carpenter1-1/+1
2017-06-14KEYS: fix freeing uninitialized memory in key_update()Eric Biggers1-3/+2
2017-06-14KEYS: fix dereferencing NULL payload with nonzero lengthEric Biggers1-2/+2
2017-05-25ima: accept previously set IMA_NEW_FILEDaniel Glöckner1-2/+3
2017-04-27KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyringsEric Biggers2-24/+31
2017-04-27KEYS: Change the name of the dead type to ".dead" to prevent user accessDavid Howells1-1/+1
2017-04-27KEYS: Disallow keyrings beginning with '.' to be joined as session keyringsDavid Howells1-2/+7
2017-02-14selinux: fix off-by-one in setprocattrStephen Smalley1-1/+1
2016-12-02apparmor: fix change_hat not finding hat after policy replacementJohn Johansen1-2/+4
2016-11-10KEYS: Fix short sprintf buffer in /proc/keys show functionDavid Howells1-1/+1
2016-10-16ima: use file_dentry()Miklos Szeredi2-3/+3
2016-08-16apparmor: fix ref count leak when profile sha1 hash is readJohn Johansen1-0/+1
2016-07-27KEYS: potential uninitialized variableDan Carpenter1-1/+1
2016-03-03security: let security modules use PTRACE_MODE_* with bitmasksJann Horn2-7/+5
2016-02-25ptrace: use fsuid, fsgid, effective creds for fs access checksJann Horn1-1/+6
2016-02-17EVM: Use crypto_memneq() for digest comparisonsRyan Ware1-1/+2
2016-01-31KEYS: Fix keyring ref leak in join_session_keyring()Yevgeny Pats1-0/+1
2015-12-19KEYS: Fix race between read and revokeDavid Howells1-9/+9
2015-11-26Merge branch 'upstream' of git://git.infradead.org/users/pcmoore/selinux into...James Morris1-2/+2
2015-11-25KEYS: Fix handling of stored error in a negatively instantiated user keyDavid Howells3-2/+10
2015-11-24selinux: fix bug in conditional rules handlingStephen Smalley1-2/+2
2015-11-10Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds3-9/+10
2015-11-08smack: use skb_to_full_sk() helperEric Dumazet1-4/+7
2015-11-08net: add skb_to_full_sk() helper and use it in selinux_netlbl_skbuff_setsid()Eric Dumazet2-15/+3
2015-11-06mm, page_alloc: rename __GFP_WAIT to __GFP_RECLAIMMel Gorman1-1/+1
2015-11-05Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/...Linus Torvalds25-183/+393
2015-11-05selinux: fix random read in selinux_ip_postroute_compat()Eric Dumazet1-4/+14
2015-11-01Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller2-2/+7
2015-10-23Merge tag 'keys-next-20151021' of git://git.kernel.org/pub/scm/linux/kernel/g...James Morris13-75/+84
2015-10-22Merge branch 'upstream' of git://git.infradead.org/users/pcmoore/selinux into...James Morris5-45/+36
2015-10-22apparmor: clarify CRYPTO dependencyArnd Bergmann1-1/+1
2015-10-21selinux: Use a kmem_cache for allocation struct file_security_structSangwoo1-2/+6
2015-10-21selinux: ioctl_has_perm should be staticGeliang Tang1-1/+1
2015-10-21selinux: use sprintf return valueRasmus Villemoes1-4/+1
2015-10-21selinux: use kstrdup() in security_get_bools()Rasmus Villemoes1-7/+1
2015-10-21selinux: use kmemdup in security_sid_to_context_core()Rasmus Villemoes1-2/+2
2015-10-21selinux: remove pointless cast in selinux_inode_setsecurity()Rasmus Villemoes1-1/+1
2015-10-21selinux: introduce security_context_str_to_sidRasmus Villemoes4-25/+20
2015-10-21selinux: do not check open perm on ftruncate callJeff Vander Stoep1-1/+2
2015-10-21selinux: change CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE defaultPaul Moore1-2/+2
2015-10-21KEYS: Merge the type-specific data with the payload dataDavid Howells13-67/+82
2015-10-21keys: Be more consistent in selection of union members usedInsu Yun1-1/+1
2015-10-21KEYS: use kvfree() in add_keyGeliang Tang1-7/+1
2015-10-21Merge branch 'smack-for-4.4' of https://github.com/cschaufler/smack-next into...James Morris4-47/+238
2015-10-20Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/li...James Morris1-1/+1
2015-10-19Smack: limited capability for changing process labelZbigniew Jasinski4-41/+229
2015-10-19KEYS: Don't permit request_key() to construct a new keyringDavid Howells1-0/+3
2015-10-19keys, trusted: seal/unseal with TPM 2.0 chipsJarkko Sakkinen1-3/+33
2015-10-19keys, trusted: move struct trusted_key_options to trusted-type.hJarkko Sakkinen1-11/+0
2015-10-17Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/...Pablo Neira Ayuso1-4/+8
2015-10-16netfilter: remove hook owner refcountingFlorian Westphal2-7/+0
2015-10-15KEYS: Fix crash when attempt to garbage collect an uninstantiated keyringDavid Howells1-2/+4
2015-10-11net: synack packets can be attached to request socketsEric Dumazet1-4/+8
2015-10-09Smack: pipefs fix in smack_d_instantiateRoman Kubiak1-0/+3
2015-10-09Smack: Minor initialisation improvementJosé Bollo2-3/+3
2015-10-09smack: smk_ipv6_port_list should be staticGeliang Tang1-1/+1
2015-10-09Smack: fix a NULL dereference in wrong smack_import_entry() usageLukasz Pawelczyk1-2/+2
2015-10-09integrity: prevent loading untrusted certificates on the IMA trusted keyringDmitry Kasatkin1-1/+1
2015-10-02Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller1-4/+4
2015-09-26Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller1-1/+1
2015-09-25KEYS: Fix race between key destruction and finding a keyring by nameDavid Howells1-4/+4
2015-09-18netfilter: Pass priv instead of nf_hook_ops to netfilter hooksEric W. Biederman2-7/+7
2015-09-17Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/ke...Linus Torvalds1-1/+1
2015-09-12Merge branch 'for-mingo' of git://git.kernel.org/pub/scm/linux/kernel/git/pau...Ingo Molnar1-1/+1
2015-09-10mm: mark most vm_operations_struct constKirill A. Shutemov1-1/+1
2015-09-08Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/...Linus Torvalds20-362/+1732
2015-09-04fs: create and use seq_show_option for escapingKees Cook1-1/+1
2015-09-04capabilities: add a securebit to disable PR_CAP_AMBIENT_RAISEAndy Lutomirski1-1/+2
2015-09-04capabilities: ambient capabilitiesAndy Lutomirski2-10/+93
2015-09-03security/device_cgroup: Fix RCU_LOCKDEP_WARN() conditionPaul E. McKenney1-1/+1
2015-09-01Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebi...Linus Torvalds1-1/+1
2015-08-31Merge branch 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kerne...Linus Torvalds1-3/+3
2015-08-26LSM: restore certain default error codesJan Beulich1-5/+6
2015-08-15Merge branch 'next' of git://git.infradead.org/users/pcmoore/selinux into nextJames Morris12-110/+907
2015-08-14Merge branch 'smack-for-4.3' of https://github.com/cschaufler/smack-next into...James Morris1-14/+18
2015-08-12Smack - Fix build error with bringup unconfiguredCasey Schaufler1-14/+18
2015-08-12Merge branch 'for-mingo' of git://git.kernel.org/pub/scm/linux/kernel/git/pau...Ingo Molnar1-3/+3
2015-08-11Merge branch 'smack-for-4.3' of https://github.com/cschaufler/smack-next into...James Morris4-208/+807
2015-08-10Kernel threads excluded from smack checksRoman Kubiak1-0/+6
2015-08-04Adding YAMA hooks also when YAMA is not stacked.Salvatore Mesoraca1-0/+1
2015-07-31Smack: Three symbols that should be staticCasey Schaufler2-3/+3
2015-07-28Smack: IPv6 host labelingCasey Schaufler3-160/+578
2015-07-28Yama: remove needless CONFIG_SECURITY_YAMA_STACKEDKees Cook4-43/+14
2015-07-28KEYS: ensure we free the assoc array edit if edit is validColin Ian King1-3/+5
2015-07-22rcu: Rename rcu_lockdep_assert() to RCU_LOCKDEP_WARN()Paul E. McKenney1-3/+3
2015-07-22sysfs: fix simple_return.cocci warningskbuild test robot1-5/+1
2015-07-22smack: allow mount opts setting over filesystems with binary mount dataVivek Trivedi2-40/+219
2015-07-13selinux: Create a common helper to determine an inode label [ver #3]David Howells1-46/+41
2015-07-13selinux: Augment BUG_ON assertion for secclass_map.Stephen Smalley1-1/+2
2015-07-13selinux: initialize sock security class to default valueStephen Smalley1-0/+1
2015-07-13selinux: reduce locking overhead in inode_free_security()Waiman Long1-3/+14
2015-07-13selinux: extended permissions for ioctlsJeff Vander Stoep11-60/+834
2015-07-13security: add ioctl specific auditing to lsm_auditJeff Vander Stoep1-0/+15
2015-07-11Merge branch 'upstream' of git://git.infradead.org/users/pcmoore/selinux into...James Morris2-1/+8
2015-07-10selinux: fix mprotect PROT_EXEC regression caused by mm changeStephen Smalley1-1/+2
2015-07-10vfs: Commit to never having exectuables on proc and sysfs.Eric W. Biederman1-1/+1
2015-07-09selinux: don't waste ebitmap space when importing NetLabel categoriesPaul Moore1-0/+6
2015-07-04Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/vir...Linus Torvalds1-13/+6
2015-07-03Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebi...Linus Torvalds3-16/+13
2015-07-01Merge tag 'modules-next-for-linus' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds2-4/+4
2015-07-01sysfs: Create mountpoints with sysfs_create_mount_pointEric W. Biederman3-16/+13
2015-06-27Merge branch 'upstream' of git://git.infradead.org/users/pcmoore/auditLinus Torvalds1-1/+1
2015-06-27Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/...Linus Torvalds28-2427/+1767
2015-06-24Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-nextLinus Torvalds1-3/+0
2015-06-23make simple_positive() publicAl Viro1-13/+6
2015-06-18netfilter: Remove spurios included of netfilter.hEric W Biederman1-3/+0
2015-06-16ima: update builtin policiesMimi Zohar1-9/+56
2015-06-16ima: extend "mask" policy matching supportMimi Zohar1-5/+15
2015-06-16ima: add support for new "euid" policy conditionMimi Zohar1-4/+23
2015-06-16ima: fix ima_show_template_data_ascii()Mimi Zohar3-4/+5
2015-06-13Merge branch 'smack-for-4.2-stacked' of https://github.com/cschaufler/smack-n...James Morris1-7/+9
2015-06-12Smack: freeing an error pointer in smk_write_revoke_subj()Dan Carpenter1-7/+9
2015-06-05selinux: fix setting of security labels on NFSJ. Bruce Fields1-0/+1
2015-06-04selinux: Remove unused permission definitionsStephen Smalley1-14/+8
2015-06-04selinux: enable genfscon labeling for sysfs and pstore filesStephen Smalley1-1/+3
2015-06-04selinux: enable per-file labeling for debugfs files.Stephen Smalley2-22/+22
2015-06-04selinux: update netlink socket classesStephen Smalley2-10/+32
2015-06-04signals: don't abuse __flush_signals() in selinux_bprm_committed_creds()Oleg Nesterov1-2/+4
2015-06-04selinux: Print 'sclass' as string when unrecognized netlink message occursMarek Milkovic1-2/+3
2015-06-03Merge branch 'smack-for-4.2-stacked' of https://github.com/cschaufler/smack-n...James Morris4-186/+314
2015-06-02Smack: allow multiple labels in onlycapRafal Krypa3-69/+160
2015-06-02Smack: fix seq operations in smackfsRafal Krypa1-30/+22
2015-05-29lsm: rename duplicate labels in LSM_AUDIT_DATA_TASK audit message typeRichard Guy Briggs1-1/+1
2015-05-28kernel/params: constify struct kernel_param_ops usesLuis R. Rodriguez2-4/+4
2015-05-21ima: pass iint to ima_add_violation()Roberto Sassu5-9/+13
2015-05-21ima: wrap event related data to the new ima_event_data structureRoberto Sassu5-79/+61
2015-05-21integrity: add validity checks for 'path' parameterDmitry Kasatkin3-2/+5
2015-05-21evm: fix potential race when removing xattrsDmitry Kasatkin1-4/+3
2015-05-21evm: labeling pseudo filesystems exceptionMimi Zohar1-0/+11
2015-05-21ima: remove definition of IMA_X509_PATHDmitry Kasatkin1-7/+1
2015-05-21ima: limit file hash setting by user to fix and log modesDmitry Kasatkin1-2/+6
2015-05-21ima: do not measure or appraise the NSFS filesystemMimi Zohar1-0/+2
2015-05-21ima: skip measurement of cgroupfs files and update documentationRoberto Sassu1-0/+2
2015-05-15smack: pass error code through pointersLukasz Pawelczyk3-97/+139
2015-05-15Smack: ignore private inode for smack_file_receiveSeung-Woo Kim1-0/+3
2015-05-13ima: cleanup ima_init_policy() a littleDan Carpenter1-10/+6
2015-05-12LSM: Remove unused capability.cCasey Schaufler1-1158/+0
2015-05-12LSM: Switch to lists of hooksCasey Schaufler11-321/+570
2015-05-12LSM: Add security module hook list headsCasey Schaufler5-402/+406
2015-05-12LSM: Introduce security hook calling MacrosCasey Schaufler1-207/+226
2015-05-12LSM: Split security.hCasey Schaufler7-7/+7
2015-05-11security: make inode_follow_link RCU-walk awareNeilBrown3-6/+20
2015-05-11security/selinux: pass 'flags' arg to avc_audit() and avc_has_perm_flags()NeilBrown3-4/+25
2015-05-10SECURITY: remove nameidata arg from inode_follow_link.NeilBrown3-5/+4
2015-04-26Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/vir...Linus Torvalds16-117/+117
2015-04-17tomoyo: reduce mmap_sem hold for mm->exe_fileDavidlohr Bueso1-5/+8
2015-04-15Merge branch 'akpm' (patches from Andrew)Linus Torvalds1-0/+1
2015-04-15kernel: conditionally support non-root users, groups and capabilitiesIulia Manda1-0/+1
2015-04-15VFS: security/: d_inode() annotationsDavid Howells4-12/+12
2015-04-15VFS: security/: d_backing_inode() annotationsDavid Howells12-105/+105
2015-04-15Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/...Linus Torvalds16-115/+324
2015-04-15Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-nextLinus Torvalds5-43/+24
2015-04-15lsm: copy comm before calling audit_log to avoid race in string printingRichard Guy Briggs1-6/+9
2015-04-14Merge branch 'for-linus-1' of git://git.kernel.org/pub/scm/linux/kernel/git/v...Linus Torvalds12-106/+64
2015-04-13selinux/nlmsg: add a build time check for rtnl/xfrm cmdsNicolas Dichtel1-0/+3
2015-04-13Merge branch 'tomoyo-cleanup' of git://git.kernel.org/pub/scm/linux/kernel/gi...James Morris4-45/+15
2015-04-12selinux/nlmsg: add XFRM_MSG_MAPPINGNicolas Dichtel1-0/+1
2015-04-12selinux/nlmsg: add XFRM_MSG_MIGRATENicolas Dichtel1-0/+1
2015-04-12selinux/nlmsg: add XFRM_MSG_REPORTNicolas Dichtel1-0/+1
2015-04-11Merge branch 'for-davem' into for-nextAl Viro5-44/+12
2015-04-11switch keyctl_instantiate_key_common() to iov_iterAl Viro3-72/+40
2015-04-11switch security_inode_getattr() to struct path *Al Viro8-30/+20
2015-04-11constify tomoyo_realpath_from_path()Al Viro2-4/+4
2015-04-08selinux/nlmsg: add XFRM_MSG_[NEW|GET]SADINFONicolas Dichtel1-0/+2
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-15 03:19:21 +0000