April 2017 Archives by author
Starting: Sat Apr 1 03:32:05 UTC 2017
Ending: Sun Apr 30 23:28:52 UTC 2017
Messages: 621
- [PATCH 0/6] Appended signatures support for IMA appraisal
Thiago Jung Bauermann
- [PATCH 1/6] integrity: Small code improvements
Thiago Jung Bauermann
- [PATCH 2/6] ima: Tidy up constant strings
Thiago Jung Bauermann
- [PATCH 3/6] ima: Simplify policy_func_show.
Thiago Jung Bauermann
- [PATCH 4/6] ima: Log the same audit cause whenever a file has no signature
Thiago Jung Bauermann
- [PATCH 5/6] MODSIGN: Export module signature definitions.
Thiago Jung Bauermann
- [PATCH 6/6] ima: Support appended signatures for appraisal
Thiago Jung Bauermann
- [PATCH 3/6] ima: Simplify policy_func_show.
Thiago Jung Bauermann
- [PATCH 5/6] MODSIGN: Export module signature definitions.
Thiago Jung Bauermann
- [PATCH 6/6] ima: Support appended signatures for appraisal
Thiago Jung Bauermann
- [PATCH 3/6] ima: Simplify policy_func_show.
Thiago Jung Bauermann
- [PATCH 6/6] ima: Support appended signatures for appraisal
Thiago Jung Bauermann
- [PATCH 6/6] ima: Support appended signatures for appraisal
Thiago Jung Bauermann
- [PATCH 0/3] Extend the vTPM proxy driver to pass locality to emulator
Stefan Berger
- [PATCH 1/3] tpm: vtpm_proxy: Add ioctl to get supported flags
Stefan Berger
- [PATCH 2/3] tpm: vtpm_proxy: Implement request_locality
Stefan Berger
- [PATCH 3/3] tpm: vtpm_proxy: Add ioctl to request locality prepended to command
Stefan Berger
- [PATCH] tpm: Fix reference count to main device
Stefan Berger
- [PATCH 2/3] tpm: vtpm_proxy: Implement request_locality
Stefan Berger
- [PATCH 3/3] tpm: vtpm_proxy: Add ioctl to request locality prepended to command
Stefan Berger
- [PATCH v2 0/3] Extend the vTPM proxy driver to pass locality to emulator
Stefan Berger
- [PATCH v2 1/3] tpm: vtpm_proxy: Add ioctl to get supported flags
Stefan Berger
- [PATCH v2 2/3] tpm: vtpm_proxy: Implement request_locality
Stefan Berger
- [PATCH v2 3/3] tpm: vtpm_proxy: Add ioctl to request locality prepended to command
Stefan Berger
- [PATCH 06/12] audit: Use timespec64 to represent audit timestamps
Arnd Bergmann
- [PATCH] Introduce v3 namespaced file capabilities
Eric W. Biederman
- [PATCH] Introduce v3 namespaced file capabilities
Eric W. Biederman
- [PATCH] Introduce v3 namespaced file capabilities
Eric W. Biederman
- [PATCH] Introduce v3 namespaced file capabilities
Eric W. Biederman
- [PATCH] Introduce v3 namespaced file capabilities
Eric W. Biederman
- [PATCH] Introduce v3 namespaced file capabilities
Eric W. Biederman
- [PATCH v2] Introduce v3 namespaced file capabilities
Eric W. Biederman
- [PATCH 01/24] efi: Add EFI_SECURE_BOOT bit
Ard Biesheuvel
- [PATCH 20/24] bpf: Restrict kernel image access functions when the kernel is locked down
Ard Biesheuvel
- [PATCH 06/24] Add a sysrq option to exit secure boot mode
Ard Biesheuvel
- [PATCH] KEYS: fix dereferencing NULL payload with nonzero length
Eric Biggers
- [PATCH] KEYS: fix freeing uninitialized memory in key_update()
Eric Biggers
- [PATCH] KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings
Eric Biggers
- [PATCH] KEYS: fix dereferencing NULL payload with nonzero length
Eric Biggers
- [PATCH v2] KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings
Eric Biggers
- [PATCH] KEYS: fix dereferencing NULL payload with nonzero length
Eric Biggers
- [lkp-robot] [KEYS] bdf7c0f8bf: ltp.add_key02.fail
Eric Biggers
- [LTP] [lkp-robot] [KEYS] bdf7c0f8bf: ltp.add_key02.fail
Eric Biggers
- [PATCH 0/5] KEYS: sanitize key payloads
Eric Biggers
- [PATCH 1/5] KEYS: sanitize add_key() and keyctl() key payloads
Eric Biggers
- [PATCH 2/5] KEYS: user_defined: sanitize key payloads
Eric Biggers
- [PATCH 3/5] KEYS: encrypted: sanitize all key material
Eric Biggers
- [PATCH 4/5] KEYS: trusted: sanitize all key material
Eric Biggers
- [PATCH 5/5] KEYS: sanitize key structs before freeing
Eric Biggers
- [PATCH 3/5] KEYS: encrypted: sanitize all key material
Eric Biggers
- [PATCH 2/5] KEYS: user_defined: sanitize key payloads
Eric Biggers
- [PATCH 0/5] KEYS: sanitize key payloads
Eric Biggers
- [PATCH 1/5] KEYS: sanitize add_key() and keyctl() key payloads
Eric Biggers
- [RFC][PATCH] audit: add ambient capabilities to CAPSET and BPRM_FCAPS records
Richard Guy Briggs
- [PATCH] capabilities: do not audit log BPRM_FCAPS on set*id
Richard Guy Briggs
- [PATCH] capabilities: do not audit log BPRM_FCAPS on set*id
Richard Guy Briggs
- [RFC][PATCH] audit: add ambient capabilities to CAPSET and BPRM_FCAPS records
Richard Guy Briggs
- [RFC][PATCH] audit: add ambient capabilities to CAPSET and BPRM_FCAPS records
Richard Guy Briggs
- Patchset to Restrict Unprivileged TIOCSTI TTY Command Injection
Matt Brown
- [PATCH 1/4] added SECURITY_TIOCSTI_RESTRICT kernel config
Matt Brown
- [PATCH 2/4] add tiocsti_restrict variable
Matt Brown
- [PATCH 3/4] restrict unprivileged TIOCSTI tty ioctl
Matt Brown
- [PATCH 4/4] added kernel.tiocsti_restrict sysctl
Matt Brown
- [kernel-hardening] Re: [PATCH 3/4] restrict unprivileged TIOCSTI tty ioctl
Matt Brown
- [PATCH 1/4] added SECURITY_TIOCSTI_RESTRICT kernel config
Matt Brown
- [PATCH] make TIOCSTI ioctl require CAP_SYS_ADMIN
Matt Brown
- [PATCH] make TIOCSTI ioctl require CAP_SYS_ADMIN
Matt Brown
- [PATCH] make TIOCSTI ioctl require CAP_SYS_ADMIN
Matt Brown
- [PATCH] make TIOCSTI ioctl require CAP_SYS_ADMIN
Matt Brown
- [PATCH] make TIOCSTI ioctl require CAP_SYS_ADMIN
Matt Brown
- [PATCH] make TIOCSTI ioctl require CAP_SYS_ADMIN
Matt Brown
- [PATCH] make TIOCSTI ioctl require CAP_SYS_ADMIN
Matt Brown
- [PATCH v2 1/2] tiocsti-restrict : Add owner user namespace to tty_struct
Matt Brown
- [PATCH v2 2/2] tiocsti-restrict : make TIOCSTI ioctl require CAP_SYS_ADMIN
Matt Brown
- [PATCH v2 1/2] tiocsti-restrict : Add owner user namespace to tty_struct
Matt Brown
- [PATCH v3 0/2] tiocsti-restrict : make TIOCSTI ioctl require CAP_SYS_ADMIN
Matt Brown
- [PATCH v3 1/2] tiocsti-restrict : Add owner user namespace to tty_struct
Matt Brown
- [PATCH v3 2/2] tiocsti-restrict : make TIOCSTI ioctl require CAP_SYS_ADMIN
Matt Brown
- [PATCH v3 1/2] tiocsti-restrict : Add owner user namespace to tty_struct
Matt Brown
- [PATCH v4 0/2] tiocsti-restrict : make TIOCSTI ioctl require CAP_SYS_ADMIN
Matt Brown
- [PATCH v4 1/2] tiocsti-restrict : Add owner user namespace to tty_struct
Matt Brown
- [PATCH v4 2/2] tiocsti-restrict : make TIOCSTI ioctl require CAP_SYS_ADMIN
Matt Brown
- [PATCH v5 0/2] security: tty: make TIOCSTI ioctl require CAP_SYS_ADMIN
Matt Brown
- [PATCH v5 1/2] security: tty: Add owner user namespace to tty_struct
Matt Brown
- [PATCH v5 2/2] security: tty: make TIOCSTI ioctl require CAP_SYS_ADMIN
Matt Brown
- [PATCH v5 0/2] security: tty: make TIOCSTI ioctl require CAP_SYS_ADMIN
Matt Brown
- [PATCH] selinux: add selinux_is_enforced() function
Sebastien Buisson
- [PATCH] selinux: add selinux_status_get_seq() function
Sebastien Buisson
- [PATCH] selinux: add selinux_is_enforced() function
Sebastien Buisson
- [PATCH] selinux: add selinux_is_enforced() function
Sebastien Buisson
- [PATCH] selinux: add selinux_is_enforced() function
Sebastien Buisson
- [PATCH] selinux: add selinux_is_enforced() function
Sebastien Buisson
- [PATCH] selinux: add selinux_is_enforced() function
Sebastien Buisson
- [PATCH 1/3] selinux: Implement LSM notification system
Sebastien Buisson
- [PATCH 2/3] selinux: add checksum to policydb
Sebastien Buisson
- [PATCH 3/3] selinux: expose policy SHA256 checksum via selinuxfs
Sebastien Buisson
- [PATCH 1/3] selinux: Implement LSM notification system
Sebastien Buisson
- [PATCH 2/3] selinux: add checksum to policydb
Sebastien Buisson
- [PATCH 2/3] selinux: add checksum to policydb
Sebastien Buisson
- [PATCH 2/3] selinux: add checksum to policydb
Sebastien Buisson
- [PATCH 2/3] selinux: add checksum to policydb
Sebastien Buisson
- [PATCH] selinux: hooks: security content must be properly cleared
Pirabarlen Cheenaramen
- [PATCH 0/9] convert genericirq.tmpl and kernel-api.tmpl to DocBook
Mauro Carvalho Chehab
- [PATCH v4 2/6] usb: fix some references for /proc/bus/usb
Mauro Carvalho Chehab
- [PATCH 28/38] Annotate hardware config module parameters in drivers/staging/media/
Mauro Carvalho Chehab
- [PATCH 13/38] Annotate hardware config module parameters in drivers/media/
Mauro Carvalho Chehab
- [PATCH 34/38] Annotate hardware config module parameters in fs/pstore/
Kees Cook
- [PATCH 14/24] x86: Restrict MSR access when the kernel is locked down
Kees Cook
- [PATCH RFC v2 0/3] security: Add ModAutoRestrict LSM
Kees Cook
- [kernel-hardening] Re: [PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob.
Kees Cook
- [kernel-hardening] Re: [PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob.
Kees Cook
- [kernel-hardening] Re: [PATCH 1/4] added SECURITY_TIOCSTI_RESTRICT kernel config
Kees Cook
- [PATCH net-next v6 01/11] bpf: Add eBPF program subtype and is_valid_subtype() verifier
Kees Cook
- [PATCH net-next v6 02/11] bpf,landlock: Define an eBPF program type for Landlock
Kees Cook
- [PATCH net-next v6 04/11] landlock: Add LSM hooks related to filesystem
Kees Cook
- [PATCH net-next v6 05/11] seccomp: Split put_seccomp_filter() with put_seccomp()
Kees Cook
- [PATCH net-next v6 06/11] seccomp,landlock: Handle Landlock events per process hierarchy
Kees Cook
- [kernel-hardening] [PATCH net-next v6 06/11] seccomp,landlock: Handle Landlock events per process hierarchy
Kees Cook
- [PATCH net-next v6 08/11] bpf: Add a Landlock sandbox example
Kees Cook
- [PATCH net-next v6 10/11] bpf,landlock: Add tests for Landlock
Kees Cook
- [PATCH net-next v6 00/11] Landlock LSM: Toward unprivileged sandboxing
Kees Cook
- [PATCH net-next v6 04/11] landlock: Add LSM hooks related to filesystem
Kees Cook
- [PATCH net-next v6 04/11] landlock: Add LSM hooks related to filesystem
Kees Cook
- [PATCH net-next v6 06/11] seccomp,landlock: Handle Landlock events per process hierarchy
Kees Cook
- [PATCH net-next v6 10/11] bpf,landlock: Add tests for Landlock
Kees Cook
- [PATCH net-next v6 09/11] seccomp: Enhance test_harness with an assert step mechanism
Kees Cook
- [PATCH] make TIOCSTI ioctl require CAP_SYS_ADMIN
Kees Cook
- [PATCH net-next v6 09/11] seccomp: Enhance test_harness with an assert step mechanism
Kees Cook
- [PATCH v3 2/2] modules:capabilities: add a per-task modules autoload restriction
Kees Cook
- [PATCH net-next v6 04/11] landlock: Add LSM hooks related to filesystem
Kees Cook
- [PATCH net-next v6 09/11] seccomp: Enhance test_harness with an assert step mechanism
Kees Cook
- [PATCH net-next v6 05/11] seccomp: Split put_seccomp_filter() with put_seccomp()
Kees Cook
- [kernel-hardening] Re: [PATCH v3 1/2] modules:capabilities: automatic module loading restriction
Kees Cook
- [PATCH] make TIOCSTI ioctl require CAP_SYS_ADMIN
Kees Cook
- [PATCH v3 2/2] modules:capabilities: add a per-task modules autoload restriction
Kees Cook
- [PATCH v3 2/2] modules:capabilities: add a per-task modules autoload restriction
Kees Cook
- [PATCH v3 2/2] modules:capabilities: add a per-task modules autoload restriction
Kees Cook
- [PATCH v3 2/2] modules:capabilities: add a per-task modules autoload restriction
Kees Cook
- converting Documentation/security/* to .rst
Kees Cook
- [PATCH 0/9] convert genericirq.tmpl and kernel-api.tmpl to DocBook
Jonathan Corbet
- [PATCH 1/4] added SECURITY_TIOCSTI_RESTRICT kernel config
Alan Cox
- [PATCH v5 0/2] security: tty: make TIOCSTI ioctl require CAP_SYS_ADMIN
Alan Cox
- [PATCH v4 1/2] tiocsti-restrict : Add owner user namespace to tty_struct
Alan Cox
- [PATCH 09/38] Annotate hardware config module parameters in drivers/i2c/
Jean Delvare
- [PATCH 00/12] Delete CURRENT_TIME, CURRENT_TIME_SEC and current_fs_time
Deepa Dinamani
- [PATCH 01/12] fs: f2fs: Use ktime_get_real_seconds for sit_info times
Deepa Dinamani
- [PATCH 02/12] trace: Make trace_hwlat timestamp y2038 safe
Deepa Dinamani
- [PATCH 03/12] fs: cifs: Replace CURRENT_TIME by other appropriate apis
Deepa Dinamani
- [PATCH 04/12] fs: ceph: CURRENT_TIME with ktime_get_real_ts()
Deepa Dinamani
- [PATCH 05/12] fs: ufs: Use ktime_get_real_ts64() for birthtime
Deepa Dinamani
- [PATCH 06/12] audit: Use timespec64 to represent audit timestamps
Deepa Dinamani
- [PATCH 07/12] fs: btrfs: Use ktime_get_real_ts for root ctime
Deepa Dinamani
- [PATCH 08/12] fs: ubifs: Replace CURRENT_TIME_SEC with current_time
Deepa Dinamani
- [PATCH 09/12] lustre: Replace CURRENT_TIME macro
Deepa Dinamani
- [PATCH 10/12] apparmorfs: Replace CURRENT_TIME with current_time()
Deepa Dinamani
- [PATCH 11/12] time: Delete CURRENT_TIME_SEC and CURRENT_TIME
Deepa Dinamani
- [PATCH 12/12] time: Delete current_fs_time() function
Deepa Dinamani
- [PATCH 02/12] trace: Make trace_hwlat timestamp y2038 safe
Deepa Dinamani
- [PATCH 06/12] audit: Use timespec64 to represent audit timestamps
Deepa Dinamani
- selinux: Fix an uninitialized variable bug in range_read()
SF Markus Elfring
- [PATCH 0/3] SELinux: Fine-tuning for two function implementations
SF Markus Elfring
- [PATCH 1/3] selinux: Return directly after a failed memory allocation in policydb_index()
SF Markus Elfring
- [PATCH 2/3] selinux: Return an error code only as a constant in sidtab_insert()
SF Markus Elfring
- [PATCH 3/3] selinux: Use an other error code for an input validation failure in sidtab_insert()
SF Markus Elfring
- [PATCH] selinux: Fix SBLABEL_MNT for NFS mounts
J. Bruce Fields
- [PATCH 06/24] Add a sysrq option to exit secure boot mode
Matt Fleming
- [PATCH 00/24] Kernel lockdown
Justin Forbes
- [PATCH 00/24] Kernel lockdown
Justin Forbes
- [PATCH 06/24] Add a sysrq option to exit secure boot mode
Thomas Gleixner
- [PATCH 02/38] Annotate hardware config module parameters in arch/x86/mm/
Thomas Gleixner
- [PATCH 06/38] Annotate hardware config module parameters in drivers/clocksource/
Thomas Gleixner
- [PATCH 13/24] x86: Lock down IO port access when the kernel is locked down
Thomas Gleixner
- [PATCH 14/24] x86: Restrict MSR access when the kernel is locked down
Thomas Gleixner
- [PATCH 06/38] Annotate hardware config module parameters in drivers/clocksource/
Thomas Gleixner
- [PATCH 06/38] Annotate hardware config module parameters in drivers/clocksource/
Thomas Gleixner
- [PATCH 06/38] Annotate hardware config module parameters in drivers/clocksource/
Thomas Gleixner
- [PATCH v5 0/2] security: tty: make TIOCSTI ioctl require CAP_SYS_ADMIN
One Thousand Gnomes
- [PATCH v5 0/2] security: tty: make TIOCSTI ioctl require CAP_SYS_ADMIN
One Thousand Gnomes
- [PATCH v5 0/2] security: tty: make TIOCSTI ioctl require CAP_SYS_ADMIN
One Thousand Gnomes
- [PATCH v5 0/2] security: tty: make TIOCSTI ioctl require CAP_SYS_ADMIN
One Thousand Gnomes
- [PATCH] capabilities: do not audit log BPRM_FCAPS on set*id
Steve Grubb
- [PATCH] capabilities: do not audit log BPRM_FCAPS on set*id
Steve Grubb
- [PATCH 2/3] tpm: vtpm_proxy: Implement request_locality
Jason Gunthorpe
- [RFC][PATCH] audit: add ambient capabilities to CAPSET and BPRM_FCAPS records
Serge E. Hallyn
- [PATCH] capabilities: do not audit log BPRM_FCAPS on set*id
Serge E. Hallyn
- [PATCH v4 2/6] usb: fix some references for /proc/bus/usb
Serge E. Hallyn
- [PATCH] make TIOCSTI ioctl require CAP_SYS_ADMIN
Serge E. Hallyn
- [PATCH] Introduce v3 namespaced file capabilities
Serge E. Hallyn
- [PATCH] make TIOCSTI ioctl require CAP_SYS_ADMIN
Serge E. Hallyn
- [PATCH] make TIOCSTI ioctl require CAP_SYS_ADMIN
Serge E. Hallyn
- [kernel-hardening] Re: [PATCH] make TIOCSTI ioctl require CAP_SYS_ADMIN
Serge E. Hallyn
- [PATCH] make TIOCSTI ioctl require CAP_SYS_ADMIN
Serge E. Hallyn
- [PATCH] make TIOCSTI ioctl require CAP_SYS_ADMIN
Serge E. Hallyn
- [PATCH] Introduce v3 namespaced file capabilities
Serge E. Hallyn
- [PATCH] Introduce v3 namespaced file capabilities
Serge E. Hallyn
- [PATCH] make TIOCSTI ioctl require CAP_SYS_ADMIN
Serge E. Hallyn
- [PATCH v3 1/2] tiocsti-restrict : Add owner user namespace to tty_struct
Serge E. Hallyn
- [PATCH v3 1/2] tiocsti-restrict : Add owner user namespace to tty_struct
Serge E. Hallyn
- [PATCH v3 2/2] tiocsti-restrict : make TIOCSTI ioctl require CAP_SYS_ADMIN
Serge E. Hallyn
- [PATCH v4 1/2] tiocsti-restrict : Add owner user namespace to tty_struct
Serge E. Hallyn
- [PATCH v4 2/2] tiocsti-restrict : make TIOCSTI ioctl require CAP_SYS_ADMIN
Serge E. Hallyn
- [PATCH] Introduce v3 namespaced file capabilities
Serge E. Hallyn
- [PATCH v2] Introduce v3 namespaced file capabilities
Serge E. Hallyn
- [PATCH v2 resend] Introduce v3 namespaced file capabilities
Serge E. Hallyn
- [PATCH] TOMOYO: Switch from per "struct cred" blob to per "struct task_struct" blob.
Tetsuo Handa
- [PATCH RFC 04/11] LSM: general but not extreme module stacking
Tetsuo Handa
- [PATCH] selinux: fix double free in selinux_parse_opts_str()
Tetsuo Handa
- [PATCH v1] LSM: Enable multiple calls to security_add_hooks() for the same LSM
Tetsuo Handa
- [PATCH RFC v2 0/3] security: Add ModAutoRestrict LSM
Djalal Harouni
- [PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob.
Djalal Harouni
- [PATCH RFC v2 2/3] security: add the ModAutoRestrict Linux Security Module
Djalal Harouni
- [PATCH RFC v2 3/3] Documentation: add ModAutoRestrict LSM documentation
Djalal Harouni
- [kernel-hardening] [PATCH net-next v6 07/11] landlock: Add ptrace restrictions
Djalal Harouni
- [PATCH RFC v2 2/3] security: add the ModAutoRestrict Linux Security Module
Djalal Harouni
- [PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob.
Djalal Harouni
- [PATCH RFC v2 2/3] security: add the ModAutoRestrict Linux Security Module
Djalal Harouni
- [PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob.
Djalal Harouni
- [PATCH RFC v2 0/3] security: Add ModAutoRestrict LSM
Djalal Harouni
- [kernel-hardening] Re: [PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob.
Djalal Harouni
- [kernel-hardening] Re: [PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob.
Djalal Harouni
- [PATCH v3 0/2] modules:capabilities: automatic module loading restrictions
Djalal Harouni
- [PATCH v3 1/2] modules:capabilities: automatic module loading restriction
Djalal Harouni
- [PATCH v3 2/2] modules:capabilities: add a per-task modules autoload restriction
Djalal Harouni
- [PATCH v3 2/2] modules:capabilities: add a per-task modules autoload restriction
Djalal Harouni
- [kernel-hardening] Re: [PATCH v3 1/2] modules:capabilities: automatic module loading restriction
Djalal Harouni
- [kernel-hardening] Re: [PATCH v3 1/2] modules:capabilities: automatic module loading restriction
Djalal Harouni
- [PATCH v3 2/2] modules:capabilities: add a per-task modules autoload restriction
Djalal Harouni
- [PATCH v3 2/2] modules:capabilities: add a per-task modules autoload restriction
Djalal Harouni
- [PATCH v3 2/2] modules:capabilities: add a per-task modules autoload restriction
Djalal Harouni
- [PATCH v3 2/2] modules:capabilities: add a per-task modules autoload restriction
Djalal Harouni
- [PATCH v3 2/2] modules:capabilities: add a per-task modules autoload restriction
Djalal Harouni
- [PATCH RFC v2 0/6] proc: support private proc instances per pidnamespace
Djalal Harouni
- [PATCH RFC v2 1/6] proc: add proc_fs_info struct to store proc information
Djalal Harouni
- [PATCH RFC v2 2/6] proc: move /proc/{self|thread-self} dentries to proc_fs_info
Djalal Harouni
- [PATCH RFC v2 3/6] proc: add helpers to set and get proc hidepid and gid mount options
Djalal Harouni
- [PATCH RFC v2 4/6] proc: support mounting private procfs instances inside same pid namespace
Djalal Harouni
- [PATCH RFC v2 5/6] proc: instantiate only pids that we can ptrace on 'limit_pids=1' mount option
Djalal Harouni
- [PATCH RFC v2 6/6] proc: flush task dcache entries from all procfs instances
Djalal Harouni
- [PATCH v3 2/2] modules:capabilities: add a per-task modules autoload restriction
Djalal Harouni
- [PATCH v3 2/2] modules:capabilities: add a per-task modules autoload restriction
Djalal Harouni
- [PATCH 12/24] PCI: Lock down BAR access when the kernel is locked down
Bjorn Helgaas
- [PATCH 00/24] Kernel lockdown
Austin S. Hemmelgarn
- [PATCH v4 1/4] KEYS: Insert incompressible bytes to reserve space in bzImage
Henrique de Moraes Holschuh
- [PATCH v4 1/4] KEYS: Insert incompressible bytes to reserve space in bzImage
Henrique de Moraes Holschuh
- [kernel-hardening] Re: [PATCH 3/4] restrict unprivileged TIOCSTI tty ioctl
Jann Horn
- [PATCH v2 1/2] tiocsti-restrict : Add owner user namespace to tty_struct
Jann Horn
- [PATCH v2 1/2] tiocsti-restrict : Add owner user namespace to tty_struct
Jann Horn
- [PATCH v5 0/2] security: tty: make TIOCSTI ioctl require CAP_SYS_ADMIN
Jann Horn
- [PATCH v5 0/2] security: tty: make TIOCSTI ioctl require CAP_SYS_ADMIN
Jann Horn
- [PATCH v5 0/2] security: tty: make TIOCSTI ioctl require CAP_SYS_ADMIN
Jann Horn
- [PATCH v13 00/10] Make keyring link restrictions accessible from userspace
David Howells
- [PATCH] KEYS: fix dereferencing NULL payload with nonzero length
David Howells
- [PATCH] KEYS: fix freeing uninitialized memory in key_update()
David Howells
- [PATCH] KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings
David Howells
- [PATCH v13 00/10] Make keyring link restrictions accessible from userspace
David Howells
- [PATCH] KEYS: fix dereferencing NULL payload with nonzero length
David Howells
- [PATCH v13 00/10] Make keyring link restrictions accessible from userspace
David Howells
- [PATCH v13 00/10] Make keyring link restrictions accessible from userspace
David Howells
- [PATCH v13 00/10] Make keyring link restrictions accessible from userspace
David Howells
- [PATCH] KEYS: Fix integrity calls to keyring_alloc
David Howells
- [PATCH] KEYS: Fix integrity calls to keyring_alloc
David Howells
- [PATCH 27/39] Annotate hardware config module parameters in drivers/scsi/
David Howells
- [PATCH 00/38] Annotate hw config module params for future lockdown
David Howells
- [PATCH 01/38] Annotate module params that specify hardware parameters (eg. ioport)
David Howells
- [PATCH 02/38] Annotate hardware config module parameters in arch/x86/mm/
David Howells
- [PATCH 03/38] Annotate hardware config module parameters in drivers/char/ipmi/
David Howells
- [PATCH 04/38] Annotate hardware config module parameters in drivers/char/mwave/
David Howells
- [PATCH 05/38] Annotate hardware config module parameters in drivers/char/
David Howells
- [PATCH 06/38] Annotate hardware config module parameters in drivers/clocksource/
David Howells
- [PATCH 07/38] Annotate hardware config module parameters in drivers/cpufreq/
David Howells
- [PATCH 08/38] Annotate hardware config module parameters in drivers/gpio/
David Howells
- [PATCH 09/38] Annotate hardware config module parameters in drivers/i2c/
David Howells
- [PATCH 10/38] Annotate hardware config module parameters in drivers/iio/
David Howells
- [PATCH 11/38] Annotate hardware config module parameters in drivers/input/
David Howells
- [PATCH 12/38] Annotate hardware config module parameters in drivers/isdn/
David Howells
- [PATCH 13/38] Annotate hardware config module parameters in drivers/media/
David Howells
- [PATCH 14/38] Annotate hardware config module parameters in drivers/misc/
David Howells
- [PATCH 15/38] Annotate hardware config module parameters in drivers/mmc/host/
David Howells
- [PATCH 16/38] Annotate hardware config module parameters in drivers/net/appletalk/
David Howells
- [PATCH 17/38] Annotate hardware config module parameters in drivers/net/arcnet/
David Howells
- [PATCH 18/38] Annotate hardware config module parameters in drivers/net/can/
David Howells
- [PATCH 19/38] Annotate hardware config module parameters in drivers/net/ethernet/
David Howells
- [PATCH 20/38] Annotate hardware config module parameters in drivers/net/hamradio/
David Howells
- [PATCH 21/38] Annotate hardware config module parameters in drivers/net/irda/
David Howells
- [PATCH 22/38] Annotate hardware config module parameters in drivers/net/wan/
David Howells
- [PATCH 23/38] Annotate hardware config module parameters in drivers/net/wireless/
David Howells
- [PATCH 24/38] Annotate hardware config module parameters in drivers/parport/
David Howells
- [PATCH 25/38] Annotate hardware config module parameters in drivers/pci/hotplug/
David Howells
- [PATCH 26/38] Annotate hardware config module parameters in drivers/pcmcia/
David Howells
- [PATCH 27/38] Annotate hardware config module parameters in drivers/scsi/
David Howells
- [PATCH 28/38] Annotate hardware config module parameters in drivers/staging/media/
David Howells
- [PATCH 29/38] Annotate hardware config module parameters in drivers/staging/speakup/
David Howells
- [PATCH 30/38] Annotate hardware config module parameters in drivers/staging/vme/
David Howells
- [PATCH 31/38] Annotate hardware config module parameters in drivers/tty/
David Howells
- [PATCH 32/38] Annotate hardware config module parameters in drivers/video/
David Howells
- [PATCH 33/38] Annotate hardware config module parameters in drivers/watchdog/
David Howells
- [PATCH 34/38] Annotate hardware config module parameters in fs/pstore/
David Howells
- [PATCH 35/38] Annotate hardware config module parameters in sound/drivers/
David Howells
- [PATCH 36/38] Annotate hardware config module parameters in sound/isa/
David Howells
- [PATCH 37/38] Annotate hardware config module parameters in sound/oss/
David Howells
- [PATCH 38/38] Annotate hardware config module parameters in sound/pci/
David Howells
- [PATCH 00/24] Kernel lockdown
David Howells
- [PATCH 01/24] efi: Add EFI_SECURE_BOOT bit
David Howells
- [PATCH 02/24] Add the ability to lock down access to the running kernel image
David Howells
- [PATCH 03/24] efi: Lock down the kernel if booted in secure boot mode
David Howells
- [PATCH 04/24] Enforce module signatures if the kernel is locked down
David Howells
- [PATCH 05/24] Restrict /dev/mem and /dev/kmem when the kernel is locked down
David Howells
- [PATCH 06/24] Add a sysrq option to exit secure boot mode
David Howells
- [PATCH 07/24] kexec: Disable at runtime if the kernel is locked down
David Howells
- [PATCH 08/24] Copy secure_boot flag in boot params across kexec reboot
David Howells
- [PATCH 00/24] Kernel lockdown
David Howells
- [PATCH 01/24] efi: Add EFI_SECURE_BOOT bit
David Howells
- [PATCH 02/24] Add the ability to lock down access to the running kernel image
David Howells
- [PATCH 03/24] efi: Lock down the kernel if booted in secure boot mode
David Howells
- [PATCH 04/24] Enforce module signatures if the kernel is locked down
David Howells
- [PATCH 05/24] Restrict /dev/mem and /dev/kmem when the kernel is locked down
David Howells
- [PATCH 06/24] Add a sysrq option to exit secure boot mode
David Howells
- [PATCH 07/24] kexec: Disable at runtime if the kernel is locked down
David Howells
- [PATCH 08/24] Copy secure_boot flag in boot params across kexec reboot
David Howells
- [PATCH 09/24] kexec_file: Disable at runtime if securelevel has been set
David Howells
- [PATCH 10/24] hibernate: Disable when the kernel is locked down
David Howells
- [PATCH 11/24] uswsusp: Disable when the kernel is locked down
David Howells
- [PATCH 12/24] PCI: Lock down BAR access when the kernel is locked down
David Howells
- [PATCH 13/24] x86: Lock down IO port access when the kernel is locked down
David Howells
- [PATCH 14/24] x86: Restrict MSR access when the kernel is locked down
David Howells
- [PATCH 15/24] asus-wmi: Restrict debugfs interface when the kernel is locked down
David Howells
- [PATCH 16/24] ACPI: Limit access to custom_method when the kernel is locked down
David Howells
- [PATCH 17/24] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down
David Howells
- [PATCH 18/24] acpi: Disable ACPI table override if the kernel is locked down
David Howells
- [PATCH 19/24] acpi: Disable APEI error injection if the kernel is locked down
David Howells
- [PATCH 00/24] Kernel lockdown
David Howells
- [PATCH 00/24] Kernel lockdown
David Howells
- [PATCH 01/24] efi: Add EFI_SECURE_BOOT bit
David Howells
- [PATCH 02/24] Add the ability to lock down access to the running kernel image
David Howells
- [PATCH 03/24] efi: Lock down the kernel if booted in secure boot mode
David Howells
- [PATCH 04/24] Enforce module signatures if the kernel is locked down
David Howells
- [PATCH 05/24] Restrict /dev/mem and /dev/kmem when the kernel is locked down
David Howells
- [PATCH 06/24] Add a sysrq option to exit secure boot mode
David Howells
- [PATCH 07/24] kexec: Disable at runtime if the kernel is locked down
David Howells
- [PATCH 08/24] Copy secure_boot flag in boot params across kexec reboot
David Howells
- [PATCH 09/24] kexec_file: Disable at runtime if securelevel has been set
David Howells
- [PATCH 10/24] hibernate: Disable when the kernel is locked down
David Howells
- [PATCH 11/24] uswsusp: Disable when the kernel is locked down
David Howells
- [PATCH 12/24] PCI: Lock down BAR access when the kernel is locked down
David Howells
- [PATCH 13/24] x86: Lock down IO port access when the kernel is locked down
David Howells
- [PATCH 14/24] x86: Restrict MSR access when the kernel is locked down
David Howells
- [PATCH 15/24] asus-wmi: Restrict debugfs interface when the kernel is locked down
David Howells
- [PATCH 16/24] ACPI: Limit access to custom_method when the kernel is locked down
David Howells
- [PATCH 17/24] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down
David Howells
- [PATCH 18/24] acpi: Disable ACPI table override if the kernel is locked down
David Howells
- [PATCH 19/24] acpi: Disable APEI error injection if the kernel is locked down
David Howells
- [PATCH 20/24] bpf: Restrict kernel image access functions when the kernel is locked down
David Howells
- [PATCH 21/24] scsi: Lock down the eata driver
David Howells
- [PATCH 22/24] Prohibit PCMCIA CIS storage when the kernel is locked down
David Howells
- [PATCH 23/24] Lock down TIOCSSERIAL
David Howells
- [PATCH 24/24] Lock down module params that specify hardware parameters (eg. ioport)
David Howells
- [PATCH 11/24] uswsusp: Disable when the kernel is locked down
David Howells
- [PATCH 00/24] Kernel lockdown
David Howells
- [PATCH 11/24] uswsusp: Disable when the kernel is locked down
David Howells
- [PATCH 01/24] efi: Add EFI_SECURE_BOOT bit
David Howells
- [PATCH 02/24] Add the ability to lock down access to the running kernel image
David Howells
- [PATCH 1/5] efi: Move the x86 secure boot switch to generic code
David Howells
- [PATCH 2/5] efi: Add EFI_SECURE_BOOT bit
David Howells
- [PATCH 3/5] Add the ability to lock down access to the running kernel image
David Howells
- [PATCH 4/5] efi: Lock down the kernel if booted in secure boot mode
David Howells
- [PATCH 5/5] Add a sysrq option to exit secure boot mode
David Howells
- [PATCH 1/5] efi: Move the x86 secure boot switch to generic code
David Howells
- [PATCH 17/24] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down
David Howells
- [PATCH 09/24] kexec_file: Disable at runtime if securelevel has been set
David Howells
- [PATCH 09/24] kexec_file: Disable at runtime if securelevel has been set
David Howells
- [PATCH 09/24] kexec_file: Disable at runtime if securelevel has been set
David Howells
- [PATCH 15/24] asus-wmi: Restrict debugfs interface when the kernel is locked down
David Howells
- [PATCH 08/38] Annotate hardware config module parameters in drivers/gpio/
David Howells
- [PATCH 15/24] asus-wmi: Restrict debugfs interface when the kernel is locked down
David Howells
- [PATCH 09/24] kexec_file: Disable at runtime if securelevel has been set
David Howells
- Why kernel lockdown?
David Howells
- [GIT PULL] KEYS: Blacklisting, restrictions and DH
David Howells
- [PATCH 20/24] bpf: Restrict kernel image access functions when the kernel is locked down
David Howells
- [PATCH 06/38] Annotate hardware config module parameters in drivers/clocksource/
David Howells
- [PATCH 06/24] Add a sysrq option to exit secure boot mode
David Howells
- [PATCH 06/38] Annotate hardware config module parameters in drivers/clocksource/
David Howells
- [PATCH 02/38] Annotate hardware config module parameters in arch/x86/mm/
David Howells
- [PATCH 06/38] Annotate hardware config module parameters in drivers/clocksource/
David Howells
- [PATCH 18/38] Annotate hardware config module parameters in drivers/net/can/
David Howells
- [PATCH 15/24] asus-wmi: Restrict debugfs interface when the kernel is locked down
David Howells
- [PATCH 15/24] asus-wmi: Restrict debugfs interface when the kernel is locked down
David Howells
- [PATCH 15/24] asus-wmi: Restrict debugfs interface when the kernel is locked down
David Howells
- [PATCH 06/38] Annotate hardware config module parameters in drivers/clocksource/
David Howells
- [PATCH 06/38] Annotate hardware config module parameters in drivers/clocksource/
David Howells
- [PATCH 5/6] MODSIGN: Export module signature definitions.
David Howells
- [PATCH 2/5] KEYS: user_defined: sanitize key payloads
David Howells
- [PATCH 3/5] KEYS: encrypted: sanitize all key material
David Howells
- [PATCH 2/5] KEYS: user_defined: sanitize key payloads
David Howells
- [PATCH 3/5] KEYS: encrypted: sanitize all key material
David Howells
- [PATCH v4 3/4] KEYS: Support for inserting a certificate into x86 bzImage
David Howells
- [PATCH v4 4/4] KEYS: Print insert-sys-cert information to stdout instead of stderr
David Howells
- [PATCH 0/5] KEYS: sanitize key payloads
David Howells
- [PATCH v4 3/4] KEYS: Support for inserting a certificate into x86 bzImage
David Howells
- [LTP] [lkp-robot] [KEYS] bdf7c0f8bf: ltp.add_key02.fail
Cyril Hrubis
- [PATCH 15/24] asus-wmi: Restrict debugfs interface when the kernel is locked down
Ben Hutchings
- [PATCH 15/24] asus-wmi: Restrict debugfs interface when the kernel is locked down
Ben Hutchings
- [PATCH 15/24] asus-wmi: Restrict debugfs interface when the kernel is locked down
Ben Hutchings
- [PATCH v3 1/2] modules:capabilities: automatic module loading restriction
Ben Hutchings
- [kernel-hardening] Re: [PATCH v3 1/2] modules:capabilities: automatic module loading restriction
Ben Hutchings
- [PATCH 35/38] Annotate hardware config module parameters in sound/drivers/
Takashi Iwai
- Greetings.
Sarah JOHNSON
- [GIT PULL] AppArmor fixes for 4.12
John Johansen
- [PATCH 1/6] apparmor: fix boolreturn.cocci warnings
John Johansen
- [PATCH 2/6] security/apparmor/lsm.c: set debug messages
John Johansen
- [PATCH 3/6] apparmor: use SHASH_DESC_ON_STACK
John Johansen
- [PATCH 4/6] apparmor: fix invalid reference to index variable of iterator line 836
John Johansen
- [PATCH 5/6] apparmor: fix parameters so that the permission test is bypassed at boot
John Johansen
- [PATCH 6/6] apparmor: Make path_max parameter readonly
John Johansen
- [PATCH 1/3] selinux: Implement LSM notification system
Daniel Jurgens
- [PATCH 31/38] Annotate hardware config module parameters in drivers/tty/
Greg KH
- [PATCH 05/38] Annotate hardware config module parameters in drivers/char/
Greg KH
- [PATCH 14/38] Annotate hardware config module parameters in drivers/misc/
Greg KH
- [PATCH 28/38] Annotate hardware config module parameters in drivers/staging/media/
Greg KH
- [PATCH 29/38] Annotate hardware config module parameters in drivers/staging/speakup/
Greg KH
- [backport v4.9] tpm_tis: use default timeout value if chip reports it as zero
Greg KH
- [PATCH 1/4] added SECURITY_TIOCSTI_RESTRICT kernel config
Greg KH
- [PATCH 2/4] add tiocsti_restrict variable
Greg KH
- [PATCH 3/4] restrict unprivileged TIOCSTI tty ioctl
Greg KH
- [tpmdd-devel] [backport v4.9] tpm_tis: use default timeout value if chip reports it as zero
Greg KH
- EXTREMELY IMPORTANT
Ms. Katherine
- [PATCH v4 0/4] Certificate insertion support for x86 bzImages
Mehmet Kayaalp
- [PATCH v4 1/4] KEYS: Insert incompressible bytes to reserve space in bzImage
Mehmet Kayaalp
- [PATCH v4 2/4] KEYS: Add ELF class-independent certificate insertion support
Mehmet Kayaalp
- [PATCH v4 3/4] KEYS: Support for inserting a certificate into x86 bzImage
Mehmet Kayaalp
- [PATCH v4 4/4] KEYS: Print insert-sys-cert information to stdout instead of stderr
Mehmet Kayaalp
- [PATCH v4 1/4] KEYS: Insert incompressible bytes to reserve space in bzImage
Mehmet Kayaalp
- [PATCH 6/6] ima: Support appended signatures for appraisal
Mehmet Kayaalp
- [PATCH v4 3/4] KEYS: Support for inserting a certificate into x86 bzImage
Mehmet Kayaalp
- [PATCH 6/6] ima: Support appended signatures for appraisal
Mehmet Kayaalp
- [PATCH 18/38] Annotate hardware config module parameters in drivers/net/can/
Marc Kleine-Budde
- [PATCH 11/24] uswsusp: Disable when the kernel is locked down
Jiri Kosina
- [PATCH v4 2/6] usb: fix some references for /proc/bus/usb
Greg Kroah-Hartman
- [PATCH 07/38] Annotate hardware config module parameters in drivers/cpufreq/
Viresh Kumar
- [PATCH v3 2/2] modules:capabilities: add a per-task modules autoload restriction
Andy Lutomirski
- [PATCH v3 1/2] modules:capabilities: automatic module loading restriction
Andy Lutomirski
- [PATCH v3 2/2] modules:capabilities: add a per-task modules autoload restriction
Andy Lutomirski
- [PATCH v3 2/2] modules:capabilities: add a per-task modules autoload restriction
Andy Lutomirski
- [PATCH v3 2/2] modules:capabilities: add a per-task modules autoload restriction
Andy Lutomirski
- [PATCH v3 2/2] modules:capabilities: add a per-task modules autoload restriction
Andy Lutomirski
- [PATCH v3 2/2] modules:capabilities: add a per-task modules autoload restriction
Andy Lutomirski
- [PATCH v3 2/2] modules:capabilities: add a per-task modules autoload restriction
Andy Lutomirski
- [PATCH RFC v2 5/6] proc: instantiate only pids that we can ptrace on 'limit_pids=1' mount option
Andy Lutomirski
- [PATCH RFC v2 4/6] proc: support mounting private procfs instances inside same pid namespace
Andy Lutomirski
- [PATCH v13 00/10] Make keyring link restrictions accessible from userspace
Mat Martineau
- [PATCH] KEYS: Fix integrity calls to keyring_alloc
Mat Martineau
- [PATCH] KEYS: Fix integrity calls to keyring_alloc
Mat Martineau
- [tpmdd-devel] [backport v4.9] tpm_tis: use default timeout value if chip reports it as zero
Paul Menzel
- selinux: Fix an uninitialized variable bug in range_read()
Paul Moore
- [PATCH] selinux: Fix an uninitialized variable bug
Paul Moore
- [PATCH 06/12] audit: Use timespec64 to represent audit timestamps
Paul Moore
- [PATCH RFC 00/11] LSM: Stacking for major security modules
Paul Moore
- [PATCH] capabilities: do not audit log BPRM_FCAPS on set*id
Paul Moore
- [PATCH 06/12] audit: Use timespec64 to represent audit timestamps
Paul Moore
- [PATCH] selinux: add selinux_is_enforced() function
Paul Moore
- [PATCH] selinux: add selinux_status_get_seq() function
Paul Moore
- [GIT PULL] SELinux patches for 4.12
Paul Moore
- [RFC][PATCH] audit: add ambient capabilities to CAPSET and BPRM_FCAPS records
Paul Moore
- [PATCH security-next 2/2] selinux: use pernet operations for hook registration
Paul Moore
- [PATCH security-next 2/2] selinux: use pernet operations for hook registration
Paul Moore
- [PATCH] selinux: fix double free in selinux_parse_opts_str()
Paul Moore
- [PATCH 0/2] security, keys refcount conversions
James Morris
- [PATCH] selinux: Fix an uninitialized variable bug
James Morris
- [PATCH] selinux: Fix an uninitialized variable bug
James Morris
- [GIT PULL] tpmdd updates for 4.12
James Morris
- [PATCH 00/24] Kernel lockdown
James Morris
- [PATCH 02/24] Add the ability to lock down access to the running kernel image
James Morris
- [PATCH 02/24] Add the ability to lock down access to the running kernel image
James Morris
- [PATCH RFC 00/11] LSM: Stacking for major security modules
James Morris
- [PATCH 3/5] Add the ability to lock down access to the running kernel image
James Morris
- [GIT PULL] AppArmor fixes for 4.12
James Morris
- Out this week
James Morris
- [GIT PULL] KEYS: Blacklisting, restrictions and DH
James Morris
- [GIT PULL] SELinux patches for 4.12
James Morris
- [PULL] Smack changes for 4.12
James Morris
- [PATCH] make TIOCSTI ioctl require CAP_SYS_ADMIN
James Morris
- [GIT PULL] IMA patches for 4.12
James Morris
- [GIT PULL] Bugfixes for the Keys subsystem
James Morris
- [GIT PULL] tpmdd fixes for 4.12
James Morris
- [PATCH 3/3] selinux: expose policy SHA256 checksum via selinuxfs
James Morris
- [PATCH v1] LSM: Enable multiple calls to security_add_hooks() for the same LSM
James Morris
- [PATCH] KEYS: Fix integrity calls to keyring_alloc
Stephan Müller
- [tpmdd-devel] [RFC PATCH] tpm: msleep() delays - replace with usleep_range() in i2c nuvoton driver
Nayna
- [PATCH 11/24] uswsusp: Disable when the kernel is locked down
Oliver Neukum
- [PATCH] selinux: hooks: security content must be properly cleared
Pirabarlen-Cheenaramen
- [PATCH 02/38] Annotate hardware config module parameters in arch/x86/mm/
Steven Rostedt
- [PATCH 02/12] trace: Make trace_hwlat timestamp y2038 safe
Steven Rostedt
- [PATCH 06/38] Annotate hardware config module parameters in drivers/clocksource/
Jens Rottmann
- [PATCH 06/38] Annotate hardware config module parameters in drivers/clocksource/
Jens Rottmann
- [PATCH v3 2/2] modules:capabilities: add a per-task modules autoload restriction
Rusty Russell
- [PATCH v3 2/2] modules:capabilities: add a per-task modules autoload restriction
Rusty Russell
- [GIT PULL] tpmdd updates for 4.12
Jarkko Sakkinen
- [PATCH] tpm_crb: remove a cruft constant
Jarkko Sakkinen
- [backport v4.9] tpm_tis: use default timeout value if chip reports it as zero
Jarkko Sakkinen
- [backport v4.9] tpm_tis: use default timeout value if chip reports it as zero
Jarkko Sakkinen
- [tpmdd-devel] [backport v4.9] tpm_tis: use default timeout value if chip reports it as zero
Jarkko Sakkinen
- [PATCH] tpm: Fix reference count to main device
Jarkko Sakkinen
- [PATCH 2/3] tpm: vtpm_proxy: Implement request_locality
Jarkko Sakkinen
- [tpmdd-devel] [backport v4.9] tpm_tis: use default timeout value if chip reports it as zero
Jarkko Sakkinen
- [tpmdd-devel] [PATCH 3/3] tpm: vtpm_proxy: Add ioctl to request locality prepended to command
Jarkko Sakkinen
- [GIT PULL] tpmdd fixes for 4.12
Jarkko Sakkinen
- [GIT PULL] tpmdd fixes for 4.12
Jarkko Sakkinen
- [PATCH v2 0/3] Extend the vTPM proxy driver to pass locality to emulator
Jarkko Sakkinen
- [kernel-hardening] [PATCH net-next v6 07/11] landlock: Add ptrace restrictions
Mickaël Salaün
- [PATCH net-next v6 02/11] bpf,landlock: Define an eBPF program type for Landlock
Mickaël Salaün
- [PATCH net-next v6 04/11] landlock: Add LSM hooks related to filesystem
Mickaël Salaün
- [PATCH net-next v6 05/11] seccomp: Split put_seccomp_filter() with put_seccomp()
Mickaël Salaün
- [PATCH net-next v6 06/11] seccomp,landlock: Handle Landlock events per process hierarchy
Mickaël Salaün
- [PATCH net-next v6 08/11] bpf: Add a Landlock sandbox example
Mickaël Salaün
- [PATCH net-next v6 10/11] bpf,landlock: Add tests for Landlock
Mickaël Salaün
- [PATCH net-next v6 00/11] Landlock LSM: Toward unprivileged sandboxing
Mickaël Salaün
- [PATCH net-next v6 09/11] seccomp: Enhance test_harness with an assert step mechanism
Mickaël Salaün
- [PATCH net-next v6 04/11] landlock: Add LSM hooks related to filesystem
Mickaël Salaün
- [PATCH net-next v6 09/11] seccomp: Enhance test_harness with an assert step mechanism
Mickaël Salaün
- [PATCH net-next v6 05/11] seccomp: Split put_seccomp_filter() with put_seccomp()
Mickaël Salaün
- [PATCH v1] LSM: Enable multiple calls to security_add_hooks() for the same LSM
Mickaël Salaün
- [PATCH v1] LSM: Enable multiple calls to security_add_hooks() for the same LSM
Mickaël Salaün
- [PATCH 09/38] Annotate hardware config module parameters in drivers/i2c/
Wolfram Sang
- [PATCH RFC 00/11] LSM: Stacking for major security modules
Casey Schaufler
- [PATCH RFC 01/11] procfs: add smack subdir to attrs
Casey Schaufler
- [PATCH RFC 02/11] LSM: manage credential security blobs
Casey Schaufler
- [PATCH RFC 03/11] LSM: Manage file security blobs
Casey Schaufler
- [PATCH RFC 04/11] LSM: general but not extreme module stacking
Casey Schaufler
- [PATCH RFC 05/11] LSM: Infrastructure management of the remaining blobs
Casey Schaufler
- [PATCH RFC 06/11] Smack: remove socket blob free
Casey Schaufler
- [PATCH RFC 07/11] LSM: Mount option data for extreme stacking
Casey Schaufler
- [PATCH RFC 09/11] netlabel agreement checking
Casey Schaufler
- [PATCH RFC 10/11] Smack: sendmsg compile error fix
Casey Schaufler
- [PATCH RFC 11/11] LSM: manage task security blobs
Casey Schaufler
- FW: [PATCH] Smack: Use GFP_KERNEL for smk_netlbl_mls().
Casey Schaufler
- [PATCH RFC 00/11] LSM: Stacking for major security modules
Casey Schaufler
- [PATCH RFC 00/11] LSM: Stacking for major security modules
Casey Schaufler
- [PATCH RFC 00/11] LSM: Stacking for major security modules
Casey Schaufler
- [PATCH RFC v2 2/3] security: add the ModAutoRestrict Linux Security Module
Casey Schaufler
- [PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob.
Casey Schaufler
- [PATCH RFC v2 2/3] security: add the ModAutoRestrict Linux Security Module
Casey Schaufler
- [PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob.
Casey Schaufler
- [kernel-hardening] Re: [PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob.
Casey Schaufler
- [kernel-hardening] Re: [PATCH RFC v2 1/3] LSM: Allow per LSM module per "struct task_struct" blob.
Casey Schaufler
- [PATCH] selinux: add selinux_is_enforced() function
Casey Schaufler
- [PULL] Smack changes for 4.12
Casey Schaufler
- SELinux "filtering" capabilities?
Casey Schaufler
- [PATCH net-next v6 04/11] landlock: Add LSM hooks related to filesystem
Casey Schaufler
- SELinux "filtering" capabilities?
Casey Schaufler
- [kernel-hardening] Re: [PATCH net-next v6 04/11] landlock: Add LSM hooks related to filesystem
Casey Schaufler
- [PATCH security-next 1/2] smack: use pernet operations for hook registration
Casey Schaufler
- [PATCH security-next 1/2] smack: use pernet operations for hook registration
Casey Schaufler
- [PATCH v3 2/2] modules:capabilities: add a per-task modules autoload restriction
Casey Schaufler
- [PATCH v3 2/2] modules:capabilities: add a per-task modules autoload restriction
Casey Schaufler
- [PATCH 1/3] selinux: Implement LSM notification system
Casey Schaufler
- [PATCH 1/3] selinux: Implement LSM notification system
Casey Schaufler
- [PATCH 1/3] selinux: Implement LSM notification system
Casey Schaufler
- [PATCH v1] LSM: Enable multiple calls to security_add_hooks() for the same LSM
Casey Schaufler
- [PATCH 15/24] asus-wmi: Restrict debugfs interface when the kernel is locked down
Andy Shevchenko
- [PATCH 15/24] asus-wmi: Restrict debugfs interface when the kernel is locked down
Andy Shevchenko
- [PATCH 15/24] asus-wmi: Restrict debugfs interface when the kernel is locked down
Andy Shevchenko
- [PATCH RFC 00/11] LSM: Stacking for major security modules
Stephen Smalley
- [PATCH RFC 00/11] LSM: Stacking for major security modules
Stephen Smalley
- [PATCH] selinux: add selinux_is_enforced() function
Stephen Smalley
- [PATCH] selinux: add selinux_status_get_seq() function
Stephen Smalley
- [PATCH] selinux: add selinux_is_enforced() function
Stephen Smalley
- [PATCH] selinux: add selinux_is_enforced() function
Stephen Smalley
- [PATCH] selinux: add selinux_is_enforced() function
Stephen Smalley
- [PATCH] selinux: add selinux_is_enforced() function
Stephen Smalley
- [PATCH] selinux: add selinux_is_enforced() function
Stephen Smalley
- SELinux "filtering" capabilities?
Stephen Smalley
- [PATCH 1/3] selinux: Implement LSM notification system
Stephen Smalley
- [PATCH 2/3] selinux: add checksum to policydb
Stephen Smalley
- [PATCH 3/3] selinux: expose policy SHA256 checksum via selinuxfs
Stephen Smalley
- [PATCH 2/3] selinux: add checksum to policydb
Stephen Smalley
- [PATCH 2/3] selinux: add checksum to policydb
Stephen Smalley
- [PATCH 2/3] selinux: add checksum to policydb
Stephen Smalley
- [PATCH 2/3] selinux: add checksum to policydb
Stephen Smalley
- [PATCH 20/24] bpf: Restrict kernel image access functions when the kernel is locked down
Alexei Starovoitov
- [PATCH 07/12] fs: btrfs: Use ktime_get_real_ts for root ctime
David Sterba
- [backport v4.9] tpm_tis: use default timeout value if chip reports it as zero
Maciej S. Szmigiero
- [PATCH 08/38] Annotate hardware config module parameters in drivers/gpio/
Linus Walleij
- [PATCH security-next 0/2]: switch selinux and smack to pernet ops
Florian Westphal
- [PATCH security-next 1/2] smack: use pernet operations for hook registration
Florian Westphal
- [PATCH security-next 2/2] selinux: use pernet operations for hook registration
Florian Westphal
- [tpmdd-devel] Intel NUC and fTPM issue on 4.9.2
Winkler, Tomas
- [PATCH 11/24] uswsusp: Disable when the kernel is locked down
Rafael J. Wysocki
- [PATCH 17/24] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down
Rafael J. Wysocki
- [PATCH 11/24] uswsusp: Disable when the kernel is locked down
Rafael J. Wysocki
- [PATCH 11/24] uswsusp: Disable when the kernel is locked down
Rafael J. Wysocki
- [PATCH 11/24] uswsusp: Disable when the kernel is locked down
Rafael J. Wysocki
- [PATCH 09/24] kexec_file: Disable at runtime if securelevel has been set
Dave Young
- [PATCH 07/24] kexec: Disable at runtime if the kernel is locked down
Dave Young
- [PATCH 09/24] kexec_file: Disable at runtime if securelevel has been set
Dave Young
- [PATCH 17/24] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down
Dave Young
- [PATCH 17/24] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down
Dave Young
- [PATCH 09/24] kexec_file: Disable at runtime if securelevel has been set
Dave Young
- [PATCH 09/24] kexec_file: Disable at runtime if securelevel has been set
Dave Young
- [PATCH 09/24] kexec_file: Disable at runtime if securelevel has been set
Dave Young
- [PATCH 09/24] kexec_file: Disable at runtime if securelevel has been set
Mimi Zohar
- [PATCH 09/24] kexec_file: Disable at runtime if securelevel has been set
Mimi Zohar
- [PATCH 09/24] kexec_file: Disable at runtime if securelevel has been set
Mimi Zohar
- [PATCH 09/24] kexec_file: Disable at runtime if securelevel has been set
Mimi Zohar
- [PATCH 09/24] kexec_file: Disable at runtime if securelevel has been set
Mimi Zohar
- [GIT PULL] IMA patches for 4.12
Mimi Zohar
- [PATCH 3/6] ima: Simplify policy_func_show.
Mimi Zohar
- [PATCH 5/6] MODSIGN: Export module signature definitions.
Mimi Zohar
- [PATCH 3/6] ima: Simplify policy_func_show.
Mimi Zohar
- [PATCH 6/6] ima: Support appended signatures for appraisal
Mimi Zohar
- [PATCH 32/38] Annotate hardware config module parameters in drivers/video/
Bartlomiej Zolnierkiewicz
- No subject
wendyqzx at gmail.com
- No subject
wendyqzx at gmail.com
- [PATCH 11/24] uswsusp: Disable when the kernel is locked down
joeyli
- [PATCH 20/24] bpf: Restrict kernel image access functions when the kernel is locked down
joeyli
- 49277 linux-security-module
76564 at max.arc.nasa.gov
- No subject
76564 at max.arc.nasa.gov
- [PATCH] make TIOCSTI ioctl require CAP_SYS_ADMIN
matt at nmatt.com
- [PATCH 11/24] uswsusp: Disable when the kernel is locked down
poma
- [PATCH v3 2/2] modules:capabilities: add a per-task modules autoload restriction
kbuild test robot
- [PATCH 6/6] ima: Support appended signatures for appraisal
kbuild test robot
- [PATCH v2 3/3] tpm: vtpm_proxy: Add ioctl to request locality prepended to command
kbuild test robot
- 31050 linux-security-module
linux1 at telus.net
Last message date:
Sun Apr 30 23:28:52 UTC 2017
Archived on: Sun Apr 30 23:29:24 UTC 2017
This archive was generated by
Pipermail 0.09 (Mailman edition).