April 2019 Archives by author
Starting: Mon Apr 1 10:02:03 UTC 2019
Ending: Tue Apr 30 22:39:20 UTC 2019
Messages: 821
- kernel BUG at kernel/cred.c:434!
chengjian (D)
- [PATCH v2 2/2] initmem: introduce CONFIG_INIT_ALL_HEAP
Laura Abbott
- Vidat Advocaten
Vidat Advocaten
- [RFC PATCH v9 00/13] Add support for eXclusive Page Frame Ownership
Nadav Amit
- [RFC PATCH v9 03/13] mm: Add support for eXclusive Page Frame Ownership (XPFO)
Nadav Amit
- [RFC PATCH v9 03/13] mm: Add support for eXclusive Page Frame Ownership (XPFO)
Nadav Amit
- [PATCH v4 03/23] x86/mm: Introduce temporary mm structs
Nadav Amit
- [PATCH v5 00/23] x86: text_poke() fixes and executable lockdowns
Nadav Amit
- [PATCH v5 01/23] Fix "x86/alternatives: Lockdep-enforce text_mutex in text_poke*()"
Nadav Amit
- [PATCH v5 02/23] x86/jump_label: Use text_poke_early() during early init
Nadav Amit
- [PATCH v5 03/23] x86/mm: Introduce temporary mm structs
Nadav Amit
- [PATCH v5 04/23] x86/mm: Save debug registers when loading a temporary mm
Nadav Amit
- [PATCH v5 05/23] fork: Provide a function for copying init_mm
Nadav Amit
- [PATCH v5 06/23] x86/alternative: Initialize temporary mm for patching
Nadav Amit
- [PATCH v5 07/23] x86/alternative: Use temporary mm for text poking
Nadav Amit
- [PATCH v5 08/23] x86/kgdb: Avoid redundant comparison of patched code
Nadav Amit
- [PATCH v5 09/23] x86/ftrace: Set trampoline pages as executable
Nadav Amit
- [PATCH v5 10/23] x86/kprobes: Set instruction page as executable
Nadav Amit
- [PATCH v5 11/23] x86/module: Avoid breaking W^X while loading modules
Nadav Amit
- [PATCH v5 12/23] x86/jump-label: Remove support for custom poker
Nadav Amit
- [PATCH v5 13/23] x86/alternative: Remove the return value of text_poke_*()
Nadav Amit
- [PATCH v5 14/23] x86/mm/cpa: Add set_direct_map_ functions
Nadav Amit
- [PATCH v5 15/23] mm: Make hibernate handle unmapped pages
Nadav Amit
- [PATCH v5 16/23] vmalloc: Add flag for free of special permsissions
Nadav Amit
- [PATCH v5 17/23] modules: Use vmalloc special flag
Nadav Amit
- [PATCH v5 18/23] bpf: Use vmalloc special flag
Nadav Amit
- [PATCH v5 19/23] x86/ftrace: Use vmalloc special flag
Nadav Amit
- [PATCH v5 20/23] x86/kprobes: Use vmalloc special flag
Nadav Amit
- [PATCH v5 21/23] x86/alternative: Comment about module removal races
Nadav Amit
- [PATCH v5 22/23] mm/tlb: Provide default nmi_uaccess_okay()
Nadav Amit
- [PATCH v5 23/23] bpf: Fail bpf_probe_write_user() while mm is switched
Nadav Amit
- [PATCH v5 14/23] x86/mm/cpa: Add set_direct_map_ functions
Nadav Amit
- [RFC PATCH v9 03/13] mm: Add support for eXclusive Page Frame Ownership (XPFO)
Tycho Andersen
- [PATCH V32 01/27] Add the ability to lock down access to the running kernel image
Daniel Axtens
- [PATCH V32 01/27] Add the ability to lock down access to the running kernel image
Daniel Axtens
- [PATCH V32 01/27] Add the ability to lock down access to the running kernel image
Daniel Axtens
- [RFC PATCH v9 00/13] Add support for eXclusive Page Frame Ownership
Khalid Aziz
- [RFC PATCH v9 03/13] mm: Add support for eXclusive Page Frame Ownership (XPFO)
Khalid Aziz
- [RFC PATCH v9 03/13] mm: Add support for eXclusive Page Frame Ownership (XPFO)
Khalid Aziz
- [RFC PATCH v9 03/13] mm: Add support for eXclusive Page Frame Ownership (XPFO)
Khalid Aziz
- [RFC PATCH v9 03/13] mm: Add support for eXclusive Page Frame Ownership (XPFO)
Khalid Aziz
- [RFC PATCH v9 03/13] mm: Add support for eXclusive Page Frame Ownership (XPFO)
Khalid Aziz
- [PATCH] mm: security: introduce CONFIG_INIT_HEAP_ALL
Vlastimil Babka
- [PATCH] mm: security: introduce CONFIG_INIT_HEAP_ALL
Vlastimil Babka
- [PATCH v10 00/12] Appended signatures support for IMA appraisal
Thiago Jung Bauermann
- [PATCH v10 01/12] MODSIGN: Export module signature definitions
Thiago Jung Bauermann
- [PATCH v10 02/12] PKCS#7: Refactor verify_pkcs7_signature()
Thiago Jung Bauermann
- [PATCH v10 03/12] PKCS#7: Introduce pkcs7_get_digest()
Thiago Jung Bauermann
- [PATCH v10 04/12] integrity: Introduce struct evm_xattr
Thiago Jung Bauermann
- [PATCH v10 05/12] integrity: Select CONFIG_KEYS instead of depending on it
Thiago Jung Bauermann
- [PATCH v10 06/12] ima: Use designated initializers for struct ima_event_data
Thiago Jung Bauermann
- [PATCH v10 07/12] ima: Add modsig appraise_type option for module-style appended signatures
Thiago Jung Bauermann
- [PATCH v10 08/12] ima: Factor xattr_verify() out of ima_appraise_measurement()
Thiago Jung Bauermann
- [PATCH v10 09/12] ima: Implement support for module-style appended signatures
Thiago Jung Bauermann
- [PATCH v10 10/12] ima: Collect modsig
Thiago Jung Bauermann
- [PATCH v10 11/12] ima: Define ima-modsig template
Thiago Jung Bauermann
- [PATCH v10 12/12] ima: Store the measurement again when appraising a modsig
Thiago Jung Bauermann
- Urgent!
Dr. Abidi Bello
- [PATCH 1/2] efi: Fix cast to pointer from integer of different size in TPM log code
Ard Biesheuvel
- crypto: Kernel memory overwrite attempt detected to spans multiple pages
Eric Biggers
- crypto: Kernel memory overwrite attempt detected to spans multiple pages
Eric Biggers
- crypto: Kernel memory overwrite attempt detected to spans multiple pages
Eric Biggers
- crypto: Kernel memory overwrite attempt detected to spans multiple pages
Eric Biggers
- crypto: Kernel memory overwrite attempt detected to spans multiple pages
Eric Biggers
- [PATCH] crypto: testmgr - allocate buffers with __GFP_COMP
Eric Biggers
- crypto: Kernel memory overwrite attempt detected to spans multiple pages
Eric Biggers
- [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation
James Bottomley
- [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation
James Bottomley
- [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation
James Bottomley
- [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation
James Bottomley
- [PATCH] mm: security: introduce CONFIG_INIT_HEAP_ALL
Qian Cai
- Dear
Mark Casady
- [PATCH 00/57] Convert files to ReST
Mauro Carvalho Chehab
- [PATCH 23/57] docs: netlabel: convert it to ReST
Mauro Carvalho Chehab
- Avoiding merge conflicts while adding new docs - Was: Re: [PATCH 00/57] Convert files to ReST
Mauro Carvalho Chehab
- [PATCH v2 23/79] docs: netlabel: convert docs to ReST and rename to *.rst
Mauro Carvalho Chehab
- [PATCH v3 bpf-next 00/21] bpf: Sysctl hook
Kees Cook
- [REGRESSION] AppArmor module parameter layout changed with c5459b829b716
Kees Cook
- [PATCH] apparmor: Restore Y/N in /sys for apparmor's "enabled"
Kees Cook
- [PATCH v2 2/2] initmem: introduce CONFIG_INIT_ALL_HEAP
Kees Cook
- [PATCH] apparmor: Restore Y/N in /sys for apparmor's "enabled"
Kees Cook
- [PATCH] apparmor: Restore Y/N in /sys for apparmor's "enabled"
Kees Cook
- [PATCH v3 bpf-next 00/21] bpf: Sysctl hook
Kees Cook
- [PATCH v2 2/2] initmem: introduce CONFIG_INIT_ALL_HEAP
Kees Cook
- [PATCH v3 1/2] initmem: introduce CONFIG_INIT_ALL_MEMORY and CONFIG_INIT_ALL_STACK
Kees Cook
- [PATCH] apparmor: Restore Y/N in /sys for apparmor's "enabled"
Kees Cook
- [PATCH v4 2/3] initmem: introduce CONFIG_INIT_ALL_HEAP
Kees Cook
- [PATCH 0/3] Kconfig: Refactor memory initialization hardening
Kees Cook
- [PATCH 1/3] Kconfig: Create "kernel hardening" config area
Kees Cook
- [PATCH 2/3] kbuild: Move stackleak config to Kconfig.hardening
Kees Cook
- [PATCH 3/3] kbuild: Implement Clang's stack initialization
Kees Cook
- [PATCH 01/10] LSM: SafeSetID: fix pr_warn() to include newline
Kees Cook
- [PATCH 02/10] LSM: SafeSetID: fix check for setresuid(new1, new2, new3)
Kees Cook
- [PATCH 03/10] LSM: SafeSetID: refactor policy hash table
Kees Cook
- [PATCH 04/10] LSM: SafeSetID: refactor safesetid_security_capable()
Kees Cook
- [PATCH 05/10] LSM: SafeSetID: refactor policy parsing
Kees Cook
- [PATCH 06/10] LSM: SafeSetID: fix userns handling in securityfs
Kees Cook
- [PATCH 07/10] LSM: SafeSetID: rewrite userspace API to atomic updates
Kees Cook
- [PATCH 08/10] LSM: SafeSetID: add read handler
Kees Cook
- [PATCH 09/10] LSM: SafeSetID: verify transitive constrainedness
Kees Cook
- [PATCH 10/10] LSM: SafeSetID: fix use of literal -1 in capable hook
Kees Cook
- [PATCH 09/10] LSM: SafeSetID: verify transitive constrainedness
Kees Cook
- [PATCH 07/10] LSM: SafeSetID: rewrite userspace API to atomic updates
Kees Cook
- crypto: Kernel memory overwrite attempt detected to spans multiple pages
Kees Cook
- crypto: Kernel memory overwrite attempt detected to spans multiple pages
Kees Cook
- crypto: Kernel memory overwrite attempt detected to spans multiple pages
Kees Cook
- [PATCH 1/3] Kconfig: Create "kernel hardening" config area
Kees Cook
- [PATCH 3/3] kbuild: Implement Clang's stack initialization
Kees Cook
- [PATCH v4 2/3] initmem: introduce CONFIG_INIT_ALL_HEAP
Kees Cook
- [PATCH v2 0/3] Refactor memory initialization hardening
Kees Cook
- [PATCH v2 1/3] security: Create "kernel hardening" config area
Kees Cook
- [PATCH v2 2/3] security: Move stackleak config to Kconfig.hardening
Kees Cook
- [PATCH v2 3/3] security: Implement Clang's stack initialization
Kees Cook
- crypto: Kernel memory overwrite attempt detected to spans multiple pages
Kees Cook
- [PATCH] crypto: testmgr - allocate buffers with __GFP_COMP
Kees Cook
- crypto: Kernel memory overwrite attempt detected to spans multiple pages
Kees Cook
- [PATCH v2 08/10] LSM: SafeSetID: add read handler
Kees Cook
- [PATCH v2 09/10] LSM: SafeSetID: verify transitive constrainedness
Kees Cook
- [PATCH] crypto: testmgr - allocate buffers with __GFP_COMP
Kees Cook
- kernel BUG at kernel/cred.c:434!
Kees Cook
- [PATCH v2 1/3] security: Create "kernel hardening" config area
Kees Cook
- [PATCH v2 1/3] security: Create "kernel hardening" config area
Kees Cook
- [RFC PATCH v9 03/13] mm: Add support for eXclusive Page Frame Ownership (XPFO)
Kees Cook
- [RFC PATCH v9 03/13] mm: Add support for eXclusive Page Frame Ownership (XPFO)
Kees Cook
- [PATCH 0/3] RFC: add init_allocations=1 boot option
Kees Cook
- [PATCH 1/3] mm: security: introduce the init_allocations=1 boot option
Kees Cook
- [PATCH 2/3] gfp: mm: introduce __GFP_NOINIT
Kees Cook
- [PATCH 2/3] gfp: mm: introduce __GFP_NOINIT
Kees Cook
- [PATCH 3/3] RFC: net: apply __GFP_NOINIT to AF_UNIX sk_buff allocations
Kees Cook
- [PATCH v2 1/3] security: Create "kernel hardening" config area
Kees Cook
- [PATCH v3 0/3] Refactor memory initialization hardening
Kees Cook
- [PATCH v3 1/3] security: Create "kernel hardening" config area
Kees Cook
- [PATCH v3 2/3] security: Move stackleak config to Kconfig.hardening
Kees Cook
- [PATCH v3 3/3] security: Implement Clang's stack initialization
Kees Cook
- [PATCH v3 0/3] Refactor memory initialization hardening
Kees Cook
- [PATCH v3 2/3] security: Move stackleak config to Kconfig.hardening
Kees Cook
- Avoiding merge conflicts while adding new docs - Was: Re: [PATCH 00/57] Convert files to ReST
Jonathan Corbet
- [PATCH V32 01/27] Add the ability to lock down access to the running kernel image
Andrew Donnellan
- [PATCH V32 01/27] Add the ability to lock down access to the running kernel image
Andrew Donnellan
- [PATCH v3 1/2] initmem: introduce CONFIG_INIT_ALL_MEMORY and CONFIG_INIT_ALL_STACK
Randy Dunlap
- [PATCH 0/3] RFC: add init_allocations=1 boot option
Randy Dunlap
- [PATCH 1/3] mm: security: introduce the init_allocations=1 boot option
Randy Dunlap
- [PATCH v4 00/23] Merge text_poke fixes and executable lockdowns
Rick Edgecombe
- [PATCH v4 01/23] Fix "x86/alternatives: Lockdep-enforce text_mutex in text_poke*()"
Rick Edgecombe
- [PATCH v4 02/23] x86/jump_label: Use text_poke_early() during early init
Rick Edgecombe
- [PATCH v4 03/23] x86/mm: Introduce temporary mm structs
Rick Edgecombe
- [PATCH v4 04/23] x86/mm: Save DRs when loading a temporary mm
Rick Edgecombe
- [PATCH v4 05/23] fork: Provide a function for copying init_mm
Rick Edgecombe
- [PATCH v4 06/23] x86/alternative: Initialize temporary mm for patching
Rick Edgecombe
- [PATCH v4 07/23] x86/alternative: Use temporary mm for text poking
Rick Edgecombe
- [PATCH v4 08/23] x86/kgdb: Avoid redundant comparison of patched code
Rick Edgecombe
- [PATCH v4 09/23] x86/ftrace: Set trampoline pages as executable
Rick Edgecombe
- [PATCH v4 10/23] x86/kprobes: Set instruction page as executable
Rick Edgecombe
- [PATCH v4 11/23] x86/module: Avoid breaking W^X while loading modules
Rick Edgecombe
- [PATCH v4 12/23] x86/jump-label: Remove support for custom poker
Rick Edgecombe
- [PATCH v4 13/23] x86/alternative: Remove the return value of text_poke_*()
Rick Edgecombe
- [PATCH v4 14/23] x86/mm/cpa: Add set_direct_map_ functions
Rick Edgecombe
- [PATCH v4 15/23] mm: Make hibernate handle unmapped pages
Rick Edgecombe
- [PATCH v4 16/23] vmalloc: Add flag for free of special permsissions
Rick Edgecombe
- [PATCH v4 17/23] modules: Use vmalloc special flag
Rick Edgecombe
- [PATCH v4 18/23] bpf: Use vmalloc special flag
Rick Edgecombe
- [PATCH v4 19/23] x86/ftrace: Use vmalloc special flag
Rick Edgecombe
- [PATCH v4 20/23] x86/kprobes: Use vmalloc special flag
Rick Edgecombe
- [PATCH v4 21/23] x86/alternative: Comment about module removal races
Rick Edgecombe
- [PATCH v4 22/23] tlb: provide default nmi_uaccess_okay()
Rick Edgecombe
- [PATCH v4 23/23] bpf: Fail bpf_probe_write_user() while mm is switched
Rick Edgecombe
- [PATCH v4 19/23] x86/ftrace: Use vmalloc special flag
Edgecombe, Rick P
- [PATCH v4 16/23] vmalloc: Add flag for free of special permsissions
Edgecombe, Rick P
- Add support for TCG2 log format on UEFI systems
Matthew Garrett
- Add support for TCG2 log format on UEFI systems
Matthew Garrett
- [PATCH] TCG2 log support build fixes for non-x86_64
Matthew Garrett
- [PATCH 1/2] efi: Fix cast to pointer from integer of different size in TPM log code
Matthew Garrett
- [PATCH 2/2] tpm: Fix builds on platforms that lack early_memremap()
Matthew Garrett
- Should mprotect(..., PROT_EXEC) be checked by IMA?
Matthew Garrett
- [PATCH 1/2] efi: Fix cast to pointer from integer of different size in TPM log code
Matthew Garrett
- Should mprotect(..., PROT_EXEC) be checked by IMA?
Matthew Garrett
- Should mprotect(..., PROT_EXEC) be checked by IMA?
Matthew Garrett
- Should mprotect(..., PROT_EXEC) be checked by IMA?
Matthew Garrett
- [PATCH V32 0/27] Lockdown patches for 5.2
Matthew Garrett
- [PATCH V32 01/27] Add the ability to lock down access to the running kernel image
Matthew Garrett
- [PATCH V32 02/27] Enforce module signatures if the kernel is locked down
Matthew Garrett
- [PATCH V32 03/27] Restrict /dev/{mem,kmem,port} when the kernel is locked down
Matthew Garrett
- [PATCH V32 04/27] kexec_load: Disable at runtime if the kernel is locked down
Matthew Garrett
- [PATCH V32 05/27] Copy secure_boot flag in boot params across kexec reboot
Matthew Garrett
- [PATCH V32 06/27] kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE
Matthew Garrett
- [PATCH V32 07/27] kexec_file: Restrict at runtime if the kernel is locked down
Matthew Garrett
- [PATCH V32 08/27] hibernate: Disable when the kernel is locked down
Matthew Garrett
- [PATCH V32 09/27] uswsusp: Disable when the kernel is locked down
Matthew Garrett
- [PATCH V32 10/27] PCI: Lock down BAR access when the kernel is locked down
Matthew Garrett
- [PATCH V32 11/27] x86: Lock down IO port access when the kernel is locked down
Matthew Garrett
- [PATCH V32 12/27] x86/msr: Restrict MSR access when the kernel is locked down
Matthew Garrett
- [PATCH V32 13/27] ACPI: Limit access to custom_method when the kernel is locked down
Matthew Garrett
- [PATCH V32 14/27] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down
Matthew Garrett
- [PATCH V32 15/27] acpi: Disable ACPI table override if the kernel is locked down
Matthew Garrett
- [PATCH V32 16/27] Prohibit PCMCIA CIS storage when the kernel is locked down
Matthew Garrett
- [PATCH V32 17/27] Lock down TIOCSSERIAL
Matthew Garrett
- [PATCH V32 18/27] Lock down module params that specify hardware parameters (eg. ioport)
Matthew Garrett
- [PATCH V32 19/27] x86/mmiotrace: Lock down the testmmiotrace module
Matthew Garrett
- [PATCH V32 20/27] Lock down /proc/kcore
Matthew Garrett
- [PATCH V32 21/27] Lock down tracing and perf kprobes when in confidentiality mode
Matthew Garrett
- [PATCH V32 22/27] bpf: Restrict bpf when kernel lockdown is in confidentiality mode
Matthew Garrett
- [PATCH V32 23/27] Lock down perf when in confidentiality mode
Matthew Garrett
- [PATCH V32 24/27] kexec: Allow kexec_file() with appropriate IMA policy when locked down
Matthew Garrett
- [PATCH V32 25/27] lockdown: Print current->comm in restriction messages
Matthew Garrett
- [PATCH V32 26/27] debugfs: Restrict debugfs when the kernel is locked down
Matthew Garrett
- [PATCH V32 27/27] tracefs: Restrict tracefs when the kernel is locked down
Matthew Garrett
- [PATCH 1/2] efi: Fix cast to pointer from integer of different size in TPM log code
Matthew Garrett
- [PATCH] TCG2 log support build fixes for non-x86_64
Matthew Garrett
- [PATCH V32 27/27] tracefs: Restrict tracefs when the kernel is locked down
Matthew Garrett
- [PATCH V32 01/27] Add the ability to lock down access to the running kernel image
Matthew Garrett
- [PATCH 26/27] debugfs: Restrict debugfs when the kernel is locked down
Matthew Garrett
- [PATCH V32 01/27] Add the ability to lock down access to the running kernel image
Matthew Garrett
- [PATCH V5 2/4] tpm: Reserve the TPM final events table
Matthew Garrett
- [PATCH V5 2/4] tpm: Reserve the TPM final events table
Matthew Garrett
- Lieber Freund
J Glanzmann
- [PATCH V32 19/27] x86/mmiotrace: Lock down the testmmiotrace module
Thomas Gleixner
- [PATCH V32 11/27] x86: Lock down IO port access when the kernel is locked down
Thomas Gleixner
- [RFC PATCH v9 03/13] mm: Add support for eXclusive Page Frame Ownership (XPFO)
Thomas Gleixner
- [RFC PATCH v9 03/13] mm: Add support for eXclusive Page Frame Ownership (XPFO)
Thomas Gleixner
- [RFC PATCH v9 03/13] mm: Add support for eXclusive Page Frame Ownership (XPFO)
Thomas Gleixner
- fanotify and LSM path hooks
Amir Goldstein
- fanotify and LSM path hooks
Amir Goldstein
- fanotify and LSM path hooks
Amir Goldstein
- fanotify and LSM path hooks
Amir Goldstein
- [PATCH 26/27] debugfs: Restrict debugfs when the kernel is locked down
Vasily Gorbik
- [RFC PATCH v1 1/5] fs: Add support for an O_MAYEXEC flag on sys_open()
Steve Grubb
- [RFC PATCH v1 1/5] fs: Add support for an O_MAYEXEC flag on sys_open()
Steve Grubb
- [PATCH] net: socket: Always initialize family field at move_addr_to_kernel().
Tetsuo Handa
- [PATCH] net: socket: Always initialize family field at move_addr_to_kernel().
Tetsuo Handa
- [PATCH 1/3] selinux: Check address length before reading address family
Tetsuo Handa
- [PATCH 2/3] smack: Check address length before reading address family
Tetsuo Handa
- [PATCH 3/3] tomoyo: Check address length before reading address family
Tetsuo Handa
- [PATCH (resend)] tomoyo: Add a kernel config option for fuzzing testing.
Tetsuo Handa
- [PATCH] tomoyo: Change pathname calculation for read-only filesystems.
Tetsuo Handa
- [PATCH (resend)] tomoyo: Add a kernel config option for fuzzing testing.
Tetsuo Handa
- [PATCH 69/90] LSM: Use full security context in security_inode_setsecctx
Tetsuo Handa
- [PATCH 69/90] LSM: Use full security context in security_inode_setsecctx
Tetsuo Handa
- [PATCH (resend)] tomoyo: Add a kernel config option for fuzzing testing.
Tetsuo Handa
- [PATCH 1/3] mm: security: introduce the init_allocations=1 boot option
Dave Hansen
- [PATCH 2/3] gfp: mm: introduce __GFP_NOINIT
Dave Hansen
- [PATCH 1/3] mm: security: introduce the init_allocations=1 boot option
Dave Hansen
- [PATCH 2/3] gfp: mm: introduce __GFP_NOINIT
Dave Hansen
- [RFC PATCH 0/7] x86: introduce system calls addess space isolation
Dave Hansen
- [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation
Dave Hansen
- [PATCH 1/3] mm: security: introduce the init_allocations=1 boot option
Michal Hocko
- [PATCH v3 2/2] initmem: introduce CONFIG_INIT_ALL_HEAP
Jann Horn
- [PATCH v3 bpf-next 00/21] bpf: Sysctl hook
Jann Horn
- [PATCH v3 bpf-next 00/21] bpf: Sysctl hook
Jann Horn
- [PATCH 09/10] LSM: SafeSetID: verify transitive constrainedness
Jann Horn
- [PATCH 08/10] LSM: SafeSetID: add read handler
Jann Horn
- [PATCH 07/10] LSM: SafeSetID: rewrite userspace API to atomic updates
Jann Horn
- [PATCH 07/11] keys: Move the user and user-session keyrings to the user_namespace
Jann Horn
- [PATCH V32 22/27] bpf: Restrict bpf when kernel lockdown is in confidentiality mode
Jann Horn
- [PATCH 00/11] keys: Namespacing
David Howells
- [PATCH 01/11] keys: Invalidate used request_key authentication keys
David Howells
- [PATCH 02/11] keys: Kill off request_key_async{,_with_auxdata}
David Howells
- [PATCH 03/11] keys: Simplify key description management
David Howells
- [PATCH 04/11] keys: Cache the hash value to avoid lots of recalculation
David Howells
- [PATCH 05/11] keys: Add a 'recurse' flag for keyring searches
David Howells
- [PATCH 06/11] keys: Namespace keyring names
David Howells
- [PATCH 07/11] keys: Move the user and user-session keyrings to the user_namespace
David Howells
- [PATCH 08/11] keys: Include target namespace in match criteria
David Howells
- [PATCH 09/11] keys: Garbage collect keys for which the domain has been removed
David Howells
- [PATCH 10/11] keys: Network namespace domain tag
David Howells
- [PATCH 11/11] keys: Pass the network namespace into request_key mechanism
David Howells
- [PATCH 10/11] keys: Network namespace domain tag
David Howells
- [PATCH 07/11] keys: Move the user and user-session keyrings to the user_namespace
David Howells
- [PATCH 05/11] keys: Add a 'recurse' flag for keyring searches
David Howells
- [PATCH 07/11] keys: Move the user and user-session keyrings to the user_namespace
David Howells
- [PATCH 00/11] keys: Namespacing [ver #2]
David Howells
- [PATCH 01/11] keys: Invalidate used request_key authentication keys [ver #2]
David Howells
- [PATCH 02/11] keys: Kill off request_key_async{, _with_auxdata} [ver #2]
David Howells
- [PATCH 03/11] keys: Simplify key description management [ver #2]
David Howells
- [PATCH 04/11] keys: Cache the hash value to avoid lots of recalculation [ver #2]
David Howells
- [PATCH 05/11] keys: Add a 'recurse' flag for keyring searches [ver #2]
David Howells
- [PATCH 06/11] keys: Namespace keyring names [ver #2]
David Howells
- [PATCH 07/11] keys: Move the user and user-session keyrings to the user_namespace [ver #2]
David Howells
- [PATCH 08/11] keys: Include target namespace in match criteria [ver #2]
David Howells
- [PATCH 09/11] keys: Garbage collect keys for which the domain has been removed [ver #2]
David Howells
- [PATCH 10/11] keys: Network namespace domain tag [ver #2]
David Howells
- [PATCH 11/11] keys: Pass the network namespace into request_key mechanism [ver #2]
David Howells
- [GIT PULL] keys: Namespacing
David Howells
- [PATCH v20 16/28] x86/sgx: Add provisioning
Huang, Kai
- Hi dear,
Katie Huggins
- [PATCH v3 bpf-next 00/21] bpf: Sysctl hook
Andrey Ignatov
- [PATCH v3 bpf-next 00/21] bpf: Sysctl hook
Andrey Ignatov
- [PATCH] apparmor: Restore Y/N in /sys for apparmor's "enabled"
John Johansen
- [PATCH] apparmor: Restore Y/N in /sys for apparmor's "enabled"
John Johansen
- [PATCH] apparmor: Restore Y/N in /sys for apparmor's "enabled"
John Johansen
- [PATCH] apparmor: Restore Y/N in /sys for apparmor's "enabled"
John Johansen
- [GIT PULL] apparmor regression fix for v5.1-rc5
John Johansen
- [PATCH] apparmor: fix spelling mistake "immutible" -> "immutable"
John Johansen
- kernel BUG at kernel/cred.c:434!
John Johansen
- [PATCH] proc: prevent changes to overridden credentials
John Johansen
- smack ( on host ) + apparmor ( on docker ) - possible ?
John Johansen
- [PATCH 1/2] apparmor: Use a memory pool instead per-CPU caches
John Johansen
- [PATCH v19 17/27] x86/sgx: Add provisioning
Greg KH
- [PATCH v19 17/27] x86/sgx: Add provisioning
Greg KH
- ATTENTION:BENEFICIARY
MRS.ZARA KUMAR
- fanotify and LSM path hooks
Jan Kara
- fanotify and LSM path hooks
Jan Kara
- fanotify and LSM path hooks
Jan Kara
- fanotify and LSM path hooks
Jan Kara
- [PATCH] apparmor: fix spelling mistake "immutible" -> "immutable"
Colin King
- [RFC PATCH 0/7] x86: introduce system calls addess space isolation
Jiri Kosina
- [PATCH 1/2] efi: Fix cast to pointer from integer of different size in TPM log code
David Laight
- [PATCH] mm: security: introduce CONFIG_INIT_HEAP_ALL
Christopher Lameter
- [PATCH] mm: security: introduce CONFIG_INIT_HEAP_ALL
Christopher Lameter
- [PATCH 1/3] mm: security: introduce the init_allocations=1 boot option
Christopher Lameter
- [PATCH 1/3] mm: security: introduce the init_allocations=1 boot option
Christopher Lameter
- [PATCH AUTOSEL 5.0 52/79] KEYS: trusted: fix -Wvarags warning
Sasha Levin
- [PATCH v19 17/27] x86/sgx: Add provisioning
Andy Lutomirski
- [RFC PATCH v9 03/13] mm: Add support for eXclusive Page Frame Ownership (XPFO)
Andy Lutomirski
- [RFC PATCH v9 03/13] mm: Add support for eXclusive Page Frame Ownership (XPFO)
Andy Lutomirski
- [PATCH v4 03/23] x86/mm: Introduce temporary mm structs
Andy Lutomirski
- [RFC PATCH 0/7] x86: introduce system calls addess space isolation
Andy Lutomirski
- [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation
Andy Lutomirski
- [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation
Andy Lutomirski
- [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation
Andy Lutomirski
- [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation
Andy Lutomirski
- [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation
Andy Lutomirski
- [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation
Andy Lutomirski
- [RFC PATCH 5/7] x86/mm/fault: hook up SCI verification
Andy Lutomirski
- [RFC PATCH v9 03/13] mm: Add support for eXclusive Page Frame Ownership (XPFO)
Ingo Molnar
- [RFC PATCH v9 03/13] mm: Add support for eXclusive Page Frame Ownership (XPFO)
Ingo Molnar
- [RFC PATCH v9 03/13] mm: Add support for eXclusive Page Frame Ownership (XPFO)
Ingo Molnar
- [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation
Ingo Molnar
- [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation
Ingo Molnar
- [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation
Ingo Molnar
- [PATCH v6 00/24] x86: text_poke() fixes and executable lockdowns
Ingo Molnar
- [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation
Ingo Molnar
- [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation
Ingo Molnar
- [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation
Ingo Molnar
- [PATCH] net: socket: Always initialize family field at move_addr_to_kernel().
Paul Moore
- kernel BUG at kernel/cred.c:434!
Paul Moore
- kernel BUG at kernel/cred.c:434!
Paul Moore
- [PATCH 1/3] selinux: Check address length before reading address family
Paul Moore
- kernel BUG at kernel/cred.c:434!
Paul Moore
- [PATCH 23/57] docs: netlabel: convert it to ReST
Paul Moore
- kernel BUG at kernel/cred.c:434!
Paul Moore
- kernel BUG at kernel/cred.c:434!
Paul Moore
- kernel BUG at kernel/cred.c:434!
Paul Moore
- kernel BUG at kernel/cred.c:434!
Paul Moore
- kernel BUG at kernel/cred.c:434!
Paul Moore
- [PATCH] proc: prevent changes to overridden credentials
Paul Moore
- [PATCH] proc: prevent changes to overridden credentials
Paul Moore
- [PATCH v2 23/79] docs: netlabel: convert docs to ReST and rename to *.rst
Paul Moore
- kernel BUG at kernel/cred.c:434!
Paul Moore
- kernel BUG at kernel/cred.c:434!
Paul Moore
- [PATCH] proc: prevent changes to overridden credentials
Paul Moore
- [GIT PULL] SELinux fixes for v5.1 (#3)
Paul Moore
- [GIT PULL] tpmdd fixes for Linux v5.1
James Morris
- [GIT PULL] TPM fixes for v5.1
James Morris
- [PATCH] apparmor: Restore Y/N in /sys for apparmor's "enabled"
James Morris
- [PATCH] apparmor: Restore Y/N in /sys for apparmor's "enabled"
James Morris
- [ANNOUNCE][CFP] Linux Security Summit North America 2019
James Morris
- [PATCH v5 1/2] LSM: SafeSetID: gate setgid transitions
James Morris
- [PATCH] Yama: mark local symbols as static
James Morris
- [PATCH] security: don't use RCU accessors for cred->session_keyring
James Morris
- [PATCH] keys: safe concurrent user->{session,uid}_keyring access
James Morris
- [PATCH] security: inode: fix a missing check for securityfs_create_file
James Morris
- [PATCH] Yama: mark function as static
James Morris
- [PATCH] security: inode: fix a missing check for securityfs_create_file
James Morris
- [GIT PULL] linux-integrity patches for Linux 5.2
James Morris
- [PULL] Smack: Changes for 5.2
James Morris
- [PATCH] proc: prevent changes to overridden credentials
James Morris
- [PATCH (resend)] tomoyo: Add a kernel config option for fuzzing testing.
James Morris
- [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation
James Morris
- [PATCH 2/3] smack: Check address length before reading address family
James Morris
- [PATCH 3/3] tomoyo: Check address length before reading address family
James Morris
- [PATCH (resend)] tomoyo: Add a kernel config option for fuzzing testing.
James Morris
- [PATCH] tomoyo: Change pathname calculation for read-only filesystems.
James Morris
- [PULL] Smack: one more change for 5.2
James Morris
- [PULL] Smack: one more change for 5.2
James Morris
- [PATCH] mm: security: introduce CONFIG_INIT_HEAP_ALL
Andrew Morton
- [PATCH v5 1/2] LSM: SafeSetID: gate setgid transitions
Micah Morton
- [PATCH 01/10] LSM: SafeSetID: fix pr_warn() to include newline
Micah Morton
- [PATCH 02/10] LSM: SafeSetID: fix check for setresuid(new1, new2, new3)
Micah Morton
- [PATCH 03/10] LSM: SafeSetID: refactor policy hash table
Micah Morton
- [PATCH 04/10] LSM: SafeSetID: refactor safesetid_security_capable()
Micah Morton
- [PATCH 05/10] LSM: SafeSetID: refactor policy parsing
Micah Morton
- [PATCH 06/10] LSM: SafeSetID: fix userns handling in securityfs
Micah Morton
- [PATCH 07/10] LSM: SafeSetID: rewrite userspace API to atomic updates
Micah Morton
- [PATCH 08/10] LSM: SafeSetID: add read handler
Micah Morton
- [PATCH 09/10] LSM: SafeSetID: verify transitive constrainedness
Micah Morton
- [PATCH 10/10] LSM: SafeSetID: fix use of literal -1 in capable hook
Micah Morton
- [PATCH v2 08/10] LSM: SafeSetID: add read handler
Micah Morton
- [PATCH v2 09/10] LSM: SafeSetID: verify transitive constrainedness
Micah Morton
- [PATCH] crypto: testmgr - allocate buffers with __GFP_COMP
Robin Murphy
- kernel BUG at kernel/cred.c:434!
Oleg Nesterov
- kernel BUG at kernel/cred.c:434!
Oleg Nesterov
- kernel BUG at kernel/cred.c:434!
Oleg Nesterov
- kernel BUG at kernel/cred.c:434!
Oleg Nesterov
- [PATCH v4 03/23] x86/mm: Introduce temporary mm structs
Borislav Petkov
- [PATCH v4 04/23] x86/mm: Save DRs when loading a temporary mm
Borislav Petkov
- [PATCH v2 1/3] security: Create "kernel hardening" config area
Alexander Popov
- [PATCH v2 1/3] security: Create "kernel hardening" config area
Alexander Popov
- [PATCH v2 1/3] security: Create "kernel hardening" config area
Alexander Popov
- [PATCH v3 2/3] security: Move stackleak config to Kconfig.hardening
Alexander Popov
- [PATCH v2 2/2] initmem: introduce CONFIG_INIT_ALL_HEAP
Alexander Potapenko
- [PATCH v2 1/2] initmem: introduce CONFIG_INIT_ALL_MEMORY and CONFIG_INIT_ALL_STACK
Alexander Potapenko
- [PATCH v3 0/2] RFC: introduce CONFIG_INIT_ALL_MEMORY
Alexander Potapenko
- [PATCH v3 1/2] initmem: introduce CONFIG_INIT_ALL_MEMORY and CONFIG_INIT_ALL_STACK
Alexander Potapenko
- [PATCH v3 2/2] initmem: introduce CONFIG_INIT_ALL_HEAP
Alexander Potapenko
- [PATCH v3 1/2] initmem: introduce CONFIG_INIT_ALL_MEMORY and CONFIG_INIT_ALL_STACK
Alexander Potapenko
- [PATCH v2 2/2] initmem: introduce CONFIG_INIT_ALL_HEAP
Alexander Potapenko
- [PATCH v3 1/2] initmem: introduce CONFIG_INIT_ALL_MEMORY and CONFIG_INIT_ALL_STACK
Alexander Potapenko
- [PATCH v3 1/2] initmem: introduce CONFIG_INIT_ALL_MEMORY and CONFIG_INIT_ALL_STACK
Alexander Potapenko
- [PATCH v3 2/2] initmem: introduce CONFIG_INIT_ALL_HEAP
Alexander Potapenko
- [PATCH v4 0/3] RFC: introduce CONFIG_INIT_ALL_MEMORY
Alexander Potapenko
- [PATCH v4 1/3] initmem: introduce CONFIG_INIT_ALL_MEMORY and CONFIG_INIT_ALL_STACK
Alexander Potapenko
- [PATCH v4 2/3] initmem: introduce CONFIG_INIT_ALL_HEAP
Alexander Potapenko
- [PATCH 3/3] net: make sk_prot_alloc() work with CONFIG_INIT_ALL_HEAP
Alexander Potapenko
- [PATCH v4 2/3] initmem: introduce CONFIG_INIT_ALL_HEAP
Alexander Potapenko
- [PATCH v4 2/3] initmem: introduce CONFIG_INIT_ALL_HEAP
Alexander Potapenko
- [PATCH v2 3/3] security: Implement Clang's stack initialization
Alexander Potapenko
- [PATCH] mm: security: introduce CONFIG_INIT_HEAP_ALL
Alexander Potapenko
- [PATCH] mm: security: introduce CONFIG_INIT_HEAP_ALL
Alexander Potapenko
- [PATCH] mm: security: introduce CONFIG_INIT_HEAP_ALL
Alexander Potapenko
- [PATCH] mm: security: introduce CONFIG_INIT_HEAP_ALL
Alexander Potapenko
- [PATCH] mm: security: introduce CONFIG_INIT_HEAP_ALL
Alexander Potapenko
- [PATCH] mm: security: introduce CONFIG_INIT_HEAP_ALL
Alexander Potapenko
- [PATCH] mm: security: introduce CONFIG_INIT_HEAP_ALL
Alexander Potapenko
- [PATCH v2 2/2] initmem: introduce CONFIG_INIT_ALL_HEAP
Alexander Potapenko
- [PATCH 0/3] RFC: add init_allocations=1 boot option
Alexander Potapenko
- [PATCH 1/3] mm: security: introduce the init_allocations=1 boot option
Alexander Potapenko
- [PATCH 2/3] gfp: mm: introduce __GFP_NOINIT
Alexander Potapenko
- [PATCH 3/3] RFC: net: apply __GFP_NOINIT to AF_UNIX sk_buff allocations
Alexander Potapenko
- [PATCH 0/3] RFC: add init_allocations=1 boot option
Alexander Potapenko
- [PATCH 1/3] mm: security: introduce the init_allocations=1 boot option
Alexander Potapenko
- [PATCH 1/3] mm: security: introduce the init_allocations=1 boot option
Alexander Potapenko
- [PATCH 1/3] mm: security: introduce the init_allocations=1 boot option
Alexander Potapenko
- [PATCH 0/3] RFC: add init_allocations=1 boot option
Alexander Potapenko
- [PATCH 1/3] mm: security: introduce the init_allocations=1 boot option
Alexander Potapenko
- [RFC PATCH 0/7] x86: introduce system calls addess space isolation
Mike Rapoport
- [RFC PATCH 1/7] x86/cpufeatures: add X86_FEATURE_SCI
Mike Rapoport
- [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation
Mike Rapoport
- [RFC PATCH 3/7] x86/entry/64: add infrastructure for switching to isolated syscall context
Mike Rapoport
- [RFC PATCH 4/7] x86/sci: hook up isolated system call entry and exit
Mike Rapoport
- [RFC PATCH 5/7] x86/mm/fault: hook up SCI verification
Mike Rapoport
- [RFC PATCH 6/7] security: enable system call isolation in kernel config
Mike Rapoport
- [RFC PATCH 7/7] sci: add example system calls to exercse SCI
Mike Rapoport
- [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation
Mike Rapoport
- [RFC PATCH 5/7] x86/mm/fault: hook up SCI verification
Mike Rapoport
- [RFC PATCH 0/7] x86: introduce system calls addess space isolation
Mike Rapoport
- [RFC PATCH 0/7] x86: introduce system calls addess space isolation
Mike Rapoport
- [REGRESSION] AppArmor module parameter layout changed with c5459b829b716
David Rheinsberg
- [PATCH] apparmor: Restore Y/N in /sys for apparmor's "enabled"
David Rheinsberg
- [PATCH V32 19/27] x86/mmiotrace: Lock down the testmmiotrace module
Steven Rostedt
- [PATCH V32 27/27] tracefs: Restrict tracefs when the kernel is locked down
Steven Rostedt
- [PATCH v4 19/23] x86/ftrace: Use vmalloc special flag
Steven Rostedt
- [PATCH v3 2/2] initmem: introduce CONFIG_INIT_ALL_HEAP
Mark Rutland
- [GIT PULL] tpmdd fixes for Linux v5.1
Jarkko Sakkinen
- Add support for TCG2 log format on UEFI systems
Jarkko Sakkinen
- Add support for TCG2 log format on UEFI systems
Jarkko Sakkinen
- Add support for TCG2 log format on UEFI systems
Jarkko Sakkinen
- [PATCH 1/2] efi: Fix cast to pointer from integer of different size in TPM log code
Jarkko Sakkinen
- [PATCH 2/2] tpm: Fix builds on platforms that lack early_memremap()
Jarkko Sakkinen
- [PATCH] TCG2 log support build fixes for non-x86_64
Jarkko Sakkinen
- [PATCH v19 17/27] x86/sgx: Add provisioning
Jarkko Sakkinen
- [PATCH v19 17/27] x86/sgx: Add provisioning
Jarkko Sakkinen
- [PATCH v19 17/27] x86/sgx: Add provisioning
Jarkko Sakkinen
- [PATCH] TCG2 log support build fixes for non-x86_64
Jarkko Sakkinen
- [PATCH v20 16/28] x86/sgx: Add provisioning
Jarkko Sakkinen
- [PATCH v20 16/28] x86/sgx: Add provisioning
Jarkko Sakkinen
- [RFC PATCH v1 1/5] fs: Add support for an O_MAYEXEC flag on sys_open()
Mickaël Salaün
- [RFC PATCH v1 1/5] fs: Add support for an O_MAYEXEC flag on sys_open()
Mickaël Salaün
- [PATCH] Smack: Fix IPv6 handling of 0 secmark
Casey Schaufler
- [PATCH 00/59] LSM: Module stacking for AppArmor
Casey Schaufler
- [PATCH 01/59] LSM: Infrastructure management of the superblock
Casey Schaufler
- [PATCH 02/59] LSM: Infrastructure management of the sock security
Casey Schaufler
- [PATCH 03/59] LSM: Infrastructure management of the key security blob
Casey Schaufler
- [PATCH 04/59] LSM: Create an lsm_export data structure.
Casey Schaufler
- [PATCH 05/59] LSM: Use lsm_export in the inode_getsecid hooks
Casey Schaufler
- [PATCH 06/59] LSM: Use lsm_export in the cred_getsecid hooks
Casey Schaufler
- [PATCH 07/59] LSM: Use lsm_export in the ipc_getsecid and task_getsecid hooks
Casey Schaufler
- [PATCH 08/59] LSM: Use lsm_export in the kernel_ask_as hooks
Casey Schaufler
- [PATCH 09/59] LSM: Use lsm_export in the getpeersec_dgram hooks
Casey Schaufler
- [PATCH 10/59] LSM: Use lsm_export in the audit_rule_match hooks
Casey Schaufler
- [PATCH 11/59] LSM: Fix logical operation in lsm_export checks
Casey Schaufler
- [PATCH 12/59] LSM: Use lsm_export in the secid_to_secctx hooks
Casey Schaufler
- [PATCH 13/59] LSM: Use lsm_export in the secctx_to_secid hooks
Casey Schaufler
- [PATCH 14/59] LSM: Use lsm_export in security_audit_rule_match
Casey Schaufler
- [PATCH 15/59] LSM: Use lsm_export in security_kernel_act_as
Casey Schaufler
- [PATCH 16/59] LSM: Use lsm_export in security_socket_getpeersec_dgram
Casey Schaufler
- [PATCH 17/59] LSM: Use lsm_export in security_secctx_to_secid
Casey Schaufler
- [PATCH 18/59] LSM: Use lsm_export in security_secid_to_secctx
Casey Schaufler
- [PATCH 19/59] LSM: Use lsm_export in security_ipc_getsecid
Casey Schaufler
- [PATCH 20/59] LSM: Use lsm_export in security_task_getsecid
Casey Schaufler
- [PATCH 21/59] LSM: Use lsm_export in security_inode_getsecid
Casey Schaufler
- [PATCH 22/59] LSM: Use lsm_export in security_cred_getsecid
Casey Schaufler
- [PATCH 23/59] Audit: Change audit_sig_sid to audit_sig_lsm
Casey Schaufler
- [PATCH 24/59] Audit: Convert target_sid to an lsm_export structure
Casey Schaufler
- [PATCH 25/59] Audit: Convert osid to an lsm_export structure
Casey Schaufler
- [PATCH 26/59] IMA: Clean out lsm_export scaffolding
Casey Schaufler
- [PATCH 27/59] NET: Store LSM access information in the socket blob for UDS
Casey Schaufler
- [PATCH 28/59] NET: Remove scaffolding on secmarks
Casey Schaufler
- [PATCH 29/59] NET: Remove scaffolding on new secmarks
Casey Schaufler
- [PATCH 30/59] NET: Remove netfilter scaffolding for lsm_export
Casey Schaufler
- [PATCH 31/59] Netlabel: Replace secids with lsm_export
Casey Schaufler
- [PATCH 32/59] LSM: Remove lsm_export scaffolding functions
Casey Schaufler
- [PATCH 33/59] IMA: FIXUP prototype using lsm_export
Casey Schaufler
- [PATCH 34/59] Smack: Restore the release_secctx hook
Casey Schaufler
- [PATCH 35/59] AppArmor: Remove unnecessary hook stub
Casey Schaufler
- [PATCH 36/59] LSM: Limit calls to certain module hooks
Casey Schaufler
- [PATCH 37/59] LSM: Create a data structure for a security context
Casey Schaufler
- [PATCH 38/59] LSM: Use lsm_context in secid_to_secctx hooks
Casey Schaufler
- [PATCH 39/59] LSM: Use lsm_context in secctx_to_secid hooks
Casey Schaufler
- [PATCH 40/59] LSM: Use lsm_context in inode_getsecctx hooks
Casey Schaufler
- [PATCH 41/59] LSM: Use lsm_context in inode_notifysecctx hooks
Casey Schaufler
- [PATCH 42/59] LSM: Use lsm_context in dentry_init_security hooks
Casey Schaufler
- [PATCH 43/59] LSM: Use lsm_context in security_dentry_init_security
Casey Schaufler
- [PATCH 44/59] LSM: Use lsm_context in security_inode_notifysecctx
Casey Schaufler
- [PATCH 45/59] LSM: Use lsm_context in security_inode_getsecctx
Casey Schaufler
- [PATCH 46/59] LSM: Use lsm_context in security_secctx_to_secid
Casey Schaufler
- [PATCH 47/59] LSM: Use lsm_context in release_secctx hooks
Casey Schaufler
- [PATCH 00/59] LSM: Module stacking for AppArmor
Casey Schaufler
- [PATCH 01/59] LSM: Infrastructure management of the superblock
Casey Schaufler
- [PATCH 02/59] LSM: Infrastructure management of the sock security
Casey Schaufler
- [PATCH 03/59] LSM: Infrastructure management of the key security blob
Casey Schaufler
- [PATCH 04/59] LSM: Create an lsm_export data structure.
Casey Schaufler
- [PATCH 05/59] LSM: Use lsm_export in the inode_getsecid hooks
Casey Schaufler
- [PATCH 06/59] LSM: Use lsm_export in the cred_getsecid hooks
Casey Schaufler
- [PATCH 07/59] LSM: Use lsm_export in the ipc_getsecid and task_getsecid hooks
Casey Schaufler
- [PATCH 08/59] LSM: Use lsm_export in the kernel_ask_as hooks
Casey Schaufler
- [PATCH 09/59] LSM: Use lsm_export in the getpeersec_dgram hooks
Casey Schaufler
- [PATCH 10/59] LSM: Use lsm_export in the audit_rule_match hooks
Casey Schaufler
- [PATCH 11/59] LSM: Fix logical operation in lsm_export checks
Casey Schaufler
- [PATCH 12/59] LSM: Use lsm_export in the secid_to_secctx hooks
Casey Schaufler
- [PATCH 13/59] LSM: Use lsm_export in the secctx_to_secid hooks
Casey Schaufler
- [PATCH 14/59] LSM: Use lsm_export in security_audit_rule_match
Casey Schaufler
- [PATCH 15/59] LSM: Use lsm_export in security_kernel_act_as
Casey Schaufler
- [PATCH 16/59] LSM: Use lsm_export in security_socket_getpeersec_dgram
Casey Schaufler
- [PATCH 17/59] LSM: Use lsm_export in security_secctx_to_secid
Casey Schaufler
- [PATCH 18/59] LSM: Use lsm_export in security_secid_to_secctx
Casey Schaufler
- [PATCH 19/59] LSM: Use lsm_export in security_ipc_getsecid
Casey Schaufler
- [PATCH 20/59] LSM: Use lsm_export in security_task_getsecid
Casey Schaufler
- [PATCH 21/59] LSM: Use lsm_export in security_inode_getsecid
Casey Schaufler
- [PATCH 22/59] LSM: Use lsm_export in security_cred_getsecid
Casey Schaufler
- [PATCH 23/59] Audit: Change audit_sig_sid to audit_sig_lsm
Casey Schaufler
- [PATCH 24/59] Audit: Convert target_sid to an lsm_export structure
Casey Schaufler
- [PATCH 25/59] Audit: Convert osid to an lsm_export structure
Casey Schaufler
- [PATCH 26/59] IMA: Clean out lsm_export scaffolding
Casey Schaufler
- [PATCH 27/59] NET: Store LSM access information in the socket blob for UDS
Casey Schaufler
- [PATCH 28/59] NET: Remove scaffolding on secmarks
Casey Schaufler
- [PATCH 29/59] NET: Remove scaffolding on new secmarks
Casey Schaufler
- [PATCH 30/59] NET: Remove netfilter scaffolding for lsm_export
Casey Schaufler
- [PATCH 31/59] Netlabel: Replace secids with lsm_export
Casey Schaufler
- [PATCH 32/59] LSM: Remove lsm_export scaffolding functions
Casey Schaufler
- [PATCH 33/59] IMA: FIXUP prototype using lsm_export
Casey Schaufler
- [PATCH 34/59] Smack: Restore the release_secctx hook
Casey Schaufler
- [PATCH 35/59] AppArmor: Remove unnecessary hook stub
Casey Schaufler
- [PATCH 36/59] LSM: Limit calls to certain module hooks
Casey Schaufler
- [PATCH 37/59] LSM: Create a data structure for a security context
Casey Schaufler
- [PATCH 38/59] LSM: Use lsm_context in secid_to_secctx hooks
Casey Schaufler
- [PATCH 39/59] LSM: Use lsm_context in secctx_to_secid hooks
Casey Schaufler
- [PATCH 40/59] LSM: Use lsm_context in inode_getsecctx hooks
Casey Schaufler
- [PATCH 00/59] LSM: Module stacking for AppArmor
Casey Schaufler
- [PATCH 01/59] LSM: Infrastructure management of the superblock
Casey Schaufler
- [PATCH 02/59] LSM: Infrastructure management of the sock security
Casey Schaufler
- [PATCH 03/59] LSM: Infrastructure management of the key security blob
Casey Schaufler
- [PATCH 04/59] LSM: Create an lsm_export data structure.
Casey Schaufler
- [PATCH 05/59] LSM: Use lsm_export in the inode_getsecid hooks
Casey Schaufler
- [PATCH 06/59] LSM: Use lsm_export in the cred_getsecid hooks
Casey Schaufler
- [PATCH 07/59] LSM: Use lsm_export in the ipc_getsecid and task_getsecid hooks
Casey Schaufler
- [PATCH 08/59] LSM: Use lsm_export in the kernel_ask_as hooks
Casey Schaufler
- [PATCH 09/59] LSM: Use lsm_export in the getpeersec_dgram hooks
Casey Schaufler
- [PATCH 10/59] LSM: Use lsm_export in the audit_rule_match hooks
Casey Schaufler
- [PATCH 11/59] LSM: Fix logical operation in lsm_export checks
Casey Schaufler
- [PATCH 12/59] LSM: Use lsm_export in the secid_to_secctx hooks
Casey Schaufler
- [PATCH 13/59] LSM: Use lsm_export in the secctx_to_secid hooks
Casey Schaufler
- [PATCH 14/59] LSM: Use lsm_export in security_audit_rule_match
Casey Schaufler
- [PATCH 15/59] LSM: Use lsm_export in security_kernel_act_as
Casey Schaufler
- [PATCH 16/59] LSM: Use lsm_export in security_socket_getpeersec_dgram
Casey Schaufler
- [PATCH 17/59] LSM: Use lsm_export in security_secctx_to_secid
Casey Schaufler
- [PATCH 18/59] LSM: Use lsm_export in security_secid_to_secctx
Casey Schaufler
- [PATCH 19/59] LSM: Use lsm_export in security_ipc_getsecid
Casey Schaufler
- [PATCH 20/59] LSM: Use lsm_export in security_task_getsecid
Casey Schaufler
- [PATCH 21/59] LSM: Use lsm_export in security_inode_getsecid
Casey Schaufler
- [PATCH 22/59] LSM: Use lsm_export in security_cred_getsecid
Casey Schaufler
- [PATCH 23/59] Audit: Change audit_sig_sid to audit_sig_lsm
Casey Schaufler
- [PATCH 24/59] Audit: Convert target_sid to an lsm_export structure
Casey Schaufler
- [PATCH 25/59] Audit: Convert osid to an lsm_export structure
Casey Schaufler
- [PATCH 26/59] IMA: Clean out lsm_export scaffolding
Casey Schaufler
- [PATCH 27/59] NET: Store LSM access information in the socket blob for UDS
Casey Schaufler
- [PATCH 28/59] NET: Remove scaffolding on secmarks
Casey Schaufler
- [PATCH 29/59] NET: Remove scaffolding on new secmarks
Casey Schaufler
- [PATCH 30/59] NET: Remove netfilter scaffolding for lsm_export
Casey Schaufler
- [PATCH 31/59] Netlabel: Replace secids with lsm_export
Casey Schaufler
- [PATCH 32/59] LSM: Remove lsm_export scaffolding functions
Casey Schaufler
- [PATCH 33/59] IMA: FIXUP prototype using lsm_export
Casey Schaufler
- [PATCH 34/59] Smack: Restore the release_secctx hook
Casey Schaufler
- [PATCH 35/59] AppArmor: Remove unnecessary hook stub
Casey Schaufler
- [PATCH 36/59] LSM: Limit calls to certain module hooks
Casey Schaufler
- [PATCH 37/59] LSM: Create a data structure for a security context
Casey Schaufler
- [PATCH 38/59] LSM: Use lsm_context in secid_to_secctx hooks
Casey Schaufler
- [PATCH 39/59] LSM: Use lsm_context in secctx_to_secid hooks
Casey Schaufler
- [PATCH 40/59] LSM: Use lsm_context in inode_getsecctx hooks
Casey Schaufler
- [PATCH 41/59] LSM: Use lsm_context in inode_notifysecctx hooks
Casey Schaufler
- [PATCH 42/59] LSM: Use lsm_context in dentry_init_security hooks
Casey Schaufler
- [PATCH 43/59] LSM: Use lsm_context in security_dentry_init_security
Casey Schaufler
- [PATCH 44/59] LSM: Use lsm_context in security_inode_notifysecctx
Casey Schaufler
- [PATCH 45/59] LSM: Use lsm_context in security_inode_getsecctx
Casey Schaufler
- [PATCH 46/59] LSM: Use lsm_context in security_secctx_to_secid
Casey Schaufler
- [PATCH 47/59] LSM: Use lsm_context in release_secctx hooks
Casey Schaufler
- [PATCH 48/59] LSM: Use lsm_context in security_release_secctx
Casey Schaufler
- [PATCH 49/59] LSM: Use lsm_context in security_secid_to_secctx
Casey Schaufler
- [PATCH 50/59] fs: remove lsm_context scaffolding
Casey Schaufler
- [PATCH 51/59] LSM: Add the release function to the lsm_context
Casey Schaufler
- [PATCH 52/59] LSM: Use lsm_context in inode_setsecctx hooks
Casey Schaufler
- [PATCH 53/59] LSM: Use lsm_context in security_inode_setsecctx
Casey Schaufler
- [PATCH 54/59] kernfs: remove lsm_context scaffolding
Casey Schaufler
- [PATCH 55/59] LSM: Remove unused macro
Casey Schaufler
- [PATCH 56/59] LSM: Special handling for secctx lsm hooks
Casey Schaufler
- [PATCH 57/59] SELinux: Use blob offset in current_sid
Casey Schaufler
- [PATCH 58/59] LSM: Specify which LSM to display with /proc/self/attr/display
Casey Schaufler
- [PATCH 59/59] AppArmor: Remove the exclusive flag
Casey Schaufler
- Sorry about duplicates on the stacking patches
Casey Schaufler
- [PATCH 1/1] Smack :- In this patch, global rule list has been removed. Now all smack rules will be read using "smack_known_list". This list contains all the smack labels and internally each smack label structure maintains the list of smack rules corresponding to that smack label. So there is no need to maintain extra list.
Casey Schaufler
- [PATCH 1/1] Smack: Create smack_rule cache to optimize memory usage
Casey Schaufler
- [PATCH 00/59] LSM: Module stacking for AppArmor
Casey Schaufler
- [PATCH 58/59] LSM: Specify which LSM to display with /proc/self/attr/display
Casey Schaufler
- [PATCH] net: socket: Always initialize family field at move_addr_to_kernel().
Casey Schaufler
- kernel BUG at kernel/cred.c:434!
Casey Schaufler
- [PATCH 2/3] smack: Check address length before reading address family
Casey Schaufler
- [PULL] Smack: Changes for 5.2
Casey Schaufler
- kernel BUG at kernel/cred.c:434!
Casey Schaufler
- kernel BUG at kernel/cred.c:434!
Casey Schaufler
- kernel BUG at kernel/cred.c:434!
Casey Schaufler
- [PATCH 00/90] LSM: Module stacking for all
Casey Schaufler
- [PATCH 01/90] LSM: Infrastructure management of the superblock
Casey Schaufler
- [PATCH 02/90] LSM: Infrastructure management of the sock security
Casey Schaufler
- [PATCH 03/90] LSM: Infrastructure management of the key security blob
Casey Schaufler
- [PATCH 04/90] LSM: Create an lsm_export data structure.
Casey Schaufler
- [PATCH 05/90] LSM: Use lsm_export in the inode_getsecid hooks
Casey Schaufler
- [PATCH 06/90] LSM: Use lsm_export in the cred_getsecid hooks
Casey Schaufler
- [PATCH 07/90] LSM: Use lsm_export in the ipc_getsecid and task_getsecid hooks
Casey Schaufler
- [PATCH 08/90] LSM: Use lsm_export in the kernel_ask_as hooks
Casey Schaufler
- [PATCH 09/90] LSM: Use lsm_export in the getpeersec_dgram hooks
Casey Schaufler
- [PATCH 10/90] LSM: Use lsm_export in the audit_rule_match hooks
Casey Schaufler
- [PATCH 11/90] LSM: Fix logical operation in lsm_export checks
Casey Schaufler
- [PATCH 12/90] LSM: Use lsm_export in the secid_to_secctx hooks
Casey Schaufler
- [PATCH 13/90] LSM: Use lsm_export in the secctx_to_secid hooks
Casey Schaufler
- [PATCH 14/90] LSM: Use lsm_export in security_audit_rule_match
Casey Schaufler
- [PATCH 15/90] LSM: Use lsm_export in security_kernel_act_as
Casey Schaufler
- [PATCH 16/90] LSM: Use lsm_export in security_socket_getpeersec_dgram
Casey Schaufler
- [PATCH 17/90] LSM: Use lsm_export in security_secctx_to_secid
Casey Schaufler
- [PATCH 18/90] LSM: Use lsm_export in security_secid_to_secctx
Casey Schaufler
- [PATCH 19/90] LSM: Use lsm_export in security_ipc_getsecid
Casey Schaufler
- [PATCH 20/90] LSM: Use lsm_export in security_task_getsecid
Casey Schaufler
- [PATCH 21/90] LSM: Use lsm_export in security_inode_getsecid
Casey Schaufler
- [PATCH 22/90] LSM: Use lsm_export in security_cred_getsecid
Casey Schaufler
- [PATCH 23/90] Audit: Change audit_sig_sid to audit_sig_lsm
Casey Schaufler
- [PATCH 24/90] Audit: Convert target_sid to an lsm_export structure
Casey Schaufler
- [PATCH 25/90] Audit: Convert osid to an lsm_export structure
Casey Schaufler
- [PATCH 26/90] IMA: Clean out lsm_export scaffolding
Casey Schaufler
- [PATCH 27/90] NET: Change the UNIXCB from a secid to an lsm_export
Casey Schaufler
- [PATCH 28/90] NET: Remove scaffolding on secmarks
Casey Schaufler
- [PATCH 29/90] NET: Remove scaffolding on new secmarks
Casey Schaufler
- [PATCH 30/90] NET: Remove netfilter scaffolding for lsm_export
Casey Schaufler
- [PATCH 31/90] Netlabel: Replace secids with lsm_export
Casey Schaufler
- [PATCH 32/90] LSM: Remove lsm_export scaffolding functions
Casey Schaufler
- [PATCH 33/90] IMA: FIXUP prototype using lsm_export
Casey Schaufler
- [PATCH 34/90] Smack: Restore the release_secctx hook
Casey Schaufler
- [PATCH 35/90] AppArmor: Remove unnecessary hook stub
Casey Schaufler
- [PATCH 36/90] LSM: Limit calls to certain module hooks
Casey Schaufler
- [PATCH 37/90] LSM: Create a data structure for a security context
Casey Schaufler
- [PATCH 38/90] LSM: Use lsm_context in secid_to_secctx hooks
Casey Schaufler
- [PATCH 39/90] LSM: Use lsm_context in secctx_to_secid hooks
Casey Schaufler
- [PATCH 40/90] LSM: Use lsm_context in inode_getsecctx hooks
Casey Schaufler
- [PATCH 41/90] LSM: Use lsm_context in inode_notifysecctx hooks
Casey Schaufler
- [PATCH 42/90] LSM: Use lsm_context in dentry_init_security hooks
Casey Schaufler
- [PATCH 43/90] LSM: Use lsm_context in security_dentry_init_security
Casey Schaufler
- [PATCH 44/90] LSM: Use lsm_context in security_inode_notifysecctx
Casey Schaufler
- [PATCH 45/90] LSM: Use lsm_context in security_inode_getsecctx
Casey Schaufler
- [PATCH 46/90] LSM: Use lsm_context in security_secctx_to_secid
Casey Schaufler
- [PATCH 47/90] LSM: Use lsm_context in release_secctx hooks
Casey Schaufler
- [PATCH 48/90] LSM: Use lsm_context in security_release_secctx
Casey Schaufler
- [PATCH 49/90] LSM: Use lsm_context in security_secid_to_secctx
Casey Schaufler
- [PATCH 50/90] fs: remove lsm_context scaffolding
Casey Schaufler
- [PATCH 51/90] LSM: Add the release function to the lsm_context
Casey Schaufler
- [PATCH 52/90] LSM: Use lsm_context in inode_setsecctx hooks
Casey Schaufler
- [PATCH 53/90] LSM: Use lsm_context in security_inode_setsecctx
Casey Schaufler
- [PATCH 54/90] kernfs: remove lsm_context scaffolding
Casey Schaufler
- [PATCH 55/90] LSM: Remove unused macro
Casey Schaufler
- [PATCH 56/90] LSM: Special handling for secctx lsm hooks
Casey Schaufler
- [PATCH 57/90] SELinux: Use blob offset in current_sid
Casey Schaufler
- [PATCH 58/90] LSM: Specify which LSM to display
Casey Schaufler
- [PATCH 59/90] AppArmor: Remove the exclusive flag
Casey Schaufler
- [PATCH 60/90] LSM: Add secmark_relabel_packet to the set of one call hooks
Casey Schaufler
- [PATCH 61/90] LSM: Make getting the secmark right cleaner
Casey Schaufler
- [PATCH 62/90] netfilter: Fix memory leak introduced with lsm_context
Casey Schaufler
- [PATCH 63/90] Smack: Consolidate secmark conversions
Casey Schaufler
- [PATCH 64/90] netfilter: Remove unnecessary NULL check in lsm_context
Casey Schaufler
- [PATCH 65/90] LSM: Add secmark refcounting to call_one list
Casey Schaufler
- [PATCH 66/90] LSM: refactor security_setprocattr
Casey Schaufler
- [PATCH 67/90] Smack: Detect if secmarks can be safely used
Casey Schaufler
- [PATCH 68/90] LSM: Support multiple LSMs using inode_init_security
Casey Schaufler
- [PATCH 69/90] LSM: Use full security context in security_inode_setsecctx
Casey Schaufler
- [PATCH 70/90] LSM: Correct handling of ENOSYS in inode_setxattr
Casey Schaufler
- [PATCH 71/90] LSM: Infrastructure security blobs for mount options
Casey Schaufler
- [PATCH 72/90] LSM: Fix for security_init_inode_security
Casey Schaufler
- [PATCH 73/90] Smack: Advertise the secid to netlabel
Casey Schaufler
- [PATCH 74/90] LSM: Change error detection for UDP peer security
Casey Schaufler
- [PATCH 75/90] Smack: Fix setting of the CIPSO MLS_CAT flags
Casey Schaufler
- [PATCH 76/90] Smack: Set netlabel flags properly on new label import
Casey Schaufler
- [PATCH 77/90] Netlabel: Add a secattr comparison API function
Casey Schaufler
- [PATCH 78/90] Smack: Let netlabel do the work on the ambient domain
Casey Schaufler
- [PATCH 79/90] Smack: Don't set the socket label on each send
Casey Schaufler
- [PATCH 80/90] Smack: Let netlabel do the work on connections
Casey Schaufler
- [PATCH 81/90] Netlabel: Return the labeling type on socket
Casey Schaufler
- [PATCH] proc: prevent changes to overridden credentials
Casey Schaufler
- [PATCH 00/90] LSM: Module stacking for all
Casey Schaufler
- [PATCH 00/90] LSM: Module stacking for all
Casey Schaufler
- [PATCH 69/90] LSM: Use full security context in security_inode_setsecctx
Casey Schaufler
- smack ( on host ) + apparmor ( on docker ) - possible ?
Casey Schaufler
- [PATCH 2/3] smack: Check address length before reading address family
Casey Schaufler
- [PULL] Smack: one more change for 5.2
Casey Schaufler
- [PULL] Smack: Repair for 5.2 build issue.
Casey Schaufler
- [PATCH 1/2] apparmor: Use a memory pool instead per-CPU caches
Sebastian Andrzej Siewior
- [PATCH 2/2] apparmor: Switch to GFP_KERNEL where possible
Sebastian Andrzej Siewior
- [PATCH 1/2] apparmor: Use a memory pool instead per-CPU caches
Sebastian Andrzej Siewior
- [PATCH 1/2] apparmor: Use a memory pool instead per-CPU caches
Sebastian Andrzej Siewior
- Should mprotect(..., PROT_EXEC) be checked by IMA?
Stephen Smalley
- Should mprotect(..., PROT_EXEC) be checked by IMA?
Stephen Smalley
- [PATCH 27/59] NET: Store LSM access information in the socket blob for UDS
Stephen Smalley
- [PATCH 58/59] LSM: Specify which LSM to display with /proc/self/attr/display
Stephen Smalley
- [PATCH 00/59] LSM: Module stacking for AppArmor
Stephen Smalley
- [PATCH 58/59] LSM: Specify which LSM to display with /proc/self/attr/display
Stephen Smalley
- kernel BUG at kernel/cred.c:434!
Stephen Smalley
- [PATCH 00/90] LSM: Module stacking for all
Stephen Smalley
- [PATCH 00/90] LSM: Module stacking for all
Stephen Smalley
- [PATCHv2] added ima hook for buffer, being enabled as a policy
Prakhar Srivastava
- [PATCHv2] use event name instead of enum to make the call generic
Prakhar Srivastava
- [PATCHv2] since cmdline args can be same for multiple kexec, log entry hash will collide. Prepend the kernel file name to the cmdline args to distinguish between cmdline args passed to subsequent kexec calls
Prakhar Srivastava
- [PATCH v3 bpf-next 00/21] bpf: Sysctl hook
Alexei Starovoitov
- [PATCH v3 bpf-next 00/21] bpf: Sysctl hook
Alexei Starovoitov
- [PATCH V5 2/4] tpm: Reserve the TPM final events table
Bartosz Szczepanek
- fanotify and LSM path hooks
Miklos Szeredi
- fanotify and LSM path hooks
Miklos Szeredi
- KASAN: use-after-free Read in path_lookupat
Linus Torvalds
- [RFC PATCH v9 03/13] mm: Add support for eXclusive Page Frame Ownership (XPFO)
Linus Torvalds
- [PATCH v5 14/23] x86/mm/cpa: Add set_direct_map_ functions
Linus Torvalds
- [PATCH] apparmor: Force type-casting of current->real_cred
Bharath Vedartham
- [PATCH] security: inode: fix a missing check for securityfs_create_file
Al Viro
- KASAN: use-after-free Read in path_lookupat
Al Viro
- fanotify and LSM path hooks
Al Viro
- fanotify and LSM path hooks
Al Viro
- [PATCH] crypto: testmgr - allocate buffers with __GFP_COMP
Dmitry Vyukov
- [RFC PATCH v1 1/5] fs: Add support for an O_MAYEXEC flag on sys_open()
Florian Weimer
- [RFC PATCH v1 1/5] fs: Add support for an O_MAYEXEC flag on sys_open()
Florian Weimer
- [PATCH] crypto: testmgr - allocate buffers with __GFP_COMP
Matthew Wilcox
- [PATCH] crypto: testmgr - allocate buffers with __GFP_COMP
Matthew Wilcox
- [PATCH] crypto: testmgr - allocate buffers with __GFP_COMP
Matthew Wilcox
- [GIT PULL] tpmdd fixes for Linux v5.1
Dan Williams
- [PATCH] crypto: testmgr - allocate buffers with __GFP_COMP
Herbert Xu
- [PATCH v2 1/2] initmem: introduce CONFIG_INIT_ALL_MEMORY and CONFIG_INIT_ALL_STACK
Masahiro Yamada
- [PATCH v2 2/2] initmem: introduce CONFIG_INIT_ALL_HEAP
Masahiro Yamada
- [PATCH v3 1/2] initmem: introduce CONFIG_INIT_ALL_MEMORY and CONFIG_INIT_ALL_STACK
Masahiro Yamada
- [PATCH 0/3] Kconfig: Refactor memory initialization hardening
Masahiro Yamada
- [PATCH 3/3] kbuild: Implement Clang's stack initialization
Masahiro Yamada
- [PATCH 1/3] Kconfig: Create "kernel hardening" config area
Masahiro Yamada
- [PATCH v2 1/3] security: Create "kernel hardening" config area
Masahiro Yamada
- [PATCH v2 1/3] security: Create "kernel hardening" config area
Masahiro Yamada
- [PATCH v3 0/3] Refactor memory initialization hardening
Masahiro Yamada
- kernel BUG at kernel/cred.c:434!
Yang Yingliang
- kernel BUG at kernel/cred.c:434!
Yang Yingliang
- kernel BUG at kernel/cred.c:434!
Yang Yingliang
- kernel BUG at kernel/cred.c:434!
Yang Yingliang
- kernel BUG at kernel/cred.c:434!
Yang Yingliang
- Should mprotect(..., PROT_EXEC) be checked by IMA?
Perez Yves-Alexis
- [PATCH 05/11] keys: Add a 'recurse' flag for keyring searches
Andrew Zaborowski
- Should mprotect(..., PROT_EXEC) be checked by IMA?
Igor Zhbanov
- Should mprotect(..., PROT_EXEC) be checked by IMA?
Igor Zhbanov
- Should mprotect(..., PROT_EXEC) be checked by IMA?
Igor Zhbanov
- Should mprotect(..., PROT_EXEC) be checked by IMA?
Igor Zhbanov
- [PATCH v4 04/23] x86/mm: Save DRs when loading a temporary mm
Peter Zijlstra
- [PATCH v4 16/23] vmalloc: Add flag for free of special permsissions
Peter Zijlstra
- [PATCH v4 00/23] Merge text_poke fixes and executable lockdowns
Peter Zijlstra
- [PATCH v4 00/23] Merge text_poke fixes and executable lockdowns
Peter Zijlstra
- [RFC PATCH 5/7] x86/mm/fault: hook up SCI verification
Peter Zijlstra
- [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation
Peter Zijlstra
- [PATCH v5 00/23] x86: text_poke() fixes and executable lockdowns
Peter Zijlstra
- [PATCH v6 00/24] x86: text_poke() fixes and executable lockdowns
Peter Zijlstra
- [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation
Peter Zijlstra
- Should mprotect(..., PROT_EXEC) be checked by IMA?
Mimi Zohar
- Should mprotect(..., PROT_EXEC) be checked by IMA?
Mimi Zohar
- Should mprotect(..., PROT_EXEC) be checked by IMA?
Mimi Zohar
- Should mprotect(..., PROT_EXEC) be checked by IMA?
Mimi Zohar
- [GIT PULL] linux-integrity patches for Linux 5.2
Mimi Zohar
- [PATCH] kexec_buffer measure
Mimi Zohar
- [PATCH] crypto: testmgr - allocate buffers with __GFP_COMP
Russell King - ARM Linux admin
- [PATCH v6 00/24] x86: text_poke() fixes and executable lockdowns
nadav.amit at gmail.com
- [PATCH v6 01/24] Fix "x86/alternatives: Lockdep-enforce text_mutex in text_poke*()"
nadav.amit at gmail.com
- [PATCH v6 02/24] x86/jump_label: Use text_poke_early() during early init
nadav.amit at gmail.com
- [PATCH v6 03/24] x86/mm: Introduce temporary mm structs
nadav.amit at gmail.com
- [PATCH v6 04/24] x86/mm: Save debug registers when loading a temporary mm
nadav.amit at gmail.com
- [PATCH v6 05/24] uprobes: Initialize uprobes earlier
nadav.amit at gmail.com
- [PATCH v6 06/24] fork: Provide a function for copying init_mm
nadav.amit at gmail.com
- [PATCH v6 07/24] x86/alternative: Initialize temporary mm for patching
nadav.amit at gmail.com
- [PATCH v6 08/24] x86/alternative: Use temporary mm for text poking
nadav.amit at gmail.com
- [PATCH v6 09/24] x86/kgdb: Avoid redundant comparison of patched code
nadav.amit at gmail.com
- [PATCH v6 10/24] x86/ftrace: Set trampoline pages as executable
nadav.amit at gmail.com
- [PATCH v6 11/24] x86/kprobes: Set instruction page as executable
nadav.amit at gmail.com
- [PATCH v6 12/24] x86/module: Avoid breaking W^X while loading modules
nadav.amit at gmail.com
- [PATCH v6 13/24] x86/jump-label: Remove support for custom poker
nadav.amit at gmail.com
- [PATCH v6 14/24] x86/alternative: Remove the return value of text_poke_*()
nadav.amit at gmail.com
- [PATCH v6 15/24] x86/mm/cpa: Add set_direct_map_ functions
nadav.amit at gmail.com
- [PATCH v6 16/24] mm: Make hibernate handle unmapped pages
nadav.amit at gmail.com
- [PATCH v6 17/24] vmalloc: Add flag for free of special permsissions
nadav.amit at gmail.com
- [PATCH v6 18/24] modules: Use vmalloc special flag
nadav.amit at gmail.com
- [PATCH v6 19/24] bpf: Use vmalloc special flag
nadav.amit at gmail.com
- [PATCH v6 20/24] x86/ftrace: Use vmalloc special flag
nadav.amit at gmail.com
- [PATCH v6 21/24] x86/kprobes: Use vmalloc special flag
nadav.amit at gmail.com
- [PATCH v6 22/24] x86/alternative: Comment about module removal races
nadav.amit at gmail.com
- [PATCH v6 23/24] mm/tlb: Provide default nmi_uaccess_okay()
nadav.amit at gmail.com
- [PATCH v6 24/24] bpf: Fail bpf_probe_write_user() while mm is switched
nadav.amit at gmail.com
- [GIT PULL] TPM fixes for v5.1
pr-tracker-bot at kernel.org
- [GIT PULL] apparmor regression fix for v5.1-rc5
pr-tracker-bot at kernel.org
- [GIT PULL] SELinux fixes for v5.1 (#3)
pr-tracker-bot at kernel.org
- Zdravstvuyte! Vas interesuyut kliyentskiye bazy dannykh?
linux-security-module at vger.kernel.org
Last message date:
Tue Apr 30 22:39:20 UTC 2019
Archived on: Tue Apr 30 22:39:37 UTC 2019
This archive was generated by
Pipermail 0.09 (Mailman edition).