July 2019 Archives by date
Starting: Mon Jul 1 02:59:33 UTC 2019
Ending: Wed Jul 31 22:16:17 UTC 2019
Messages: 615
- [PATCH 2/6] Adjust watch_queue documentation to mention mount and superblock watches. [ver #5]
Randy Dunlap
- [PATCH 2/6] Adjust watch_queue documentation to mention mount and superblock watches. [ver #5]
David Howells
- [RFC PATCH v5 0/1] Add dm verity root hash pkcs7 sig validation.
Milan Broz
- [PATCH v4 2/3] initramfs: read metadata from special file METADATA!!!
Mimi Zohar
- [PATCH] Revert "tpm: pass an array of tpm_extend_digest structures to tpm_pcr_extend()"
Michal Suchanek
- [PATCH v4 0/3] initramfs: add support for xattrs in the initial ram disk
Mimi Zohar
- [PATCH v4 0/3] initramfs: add support for xattrs in the initial ram disk
Roberto Sassu
- [PATCH v4 0/3] initramfs: add support for xattrs in the initial ram disk
Mimi Zohar
- [PATCH v12 00/11] Appended signatures support for IMA appraisal
Mimi Zohar
- [PATCH v12 01/11] MODSIGN: Export module signature definitions
Jessica Yu
- [PATCH 2/6] Adjust watch_queue documentation to mention mount and superblock watches. [ver #5]
Randy Dunlap
- [RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks
Xing, Cedric
- [RFC PATCH v5 0/1] Add dm verity root hash pkcs7 sig validation.
Jaskaran Singh Khurana
- [RFC PATCH v4 10/12] security/selinux: Add enclave_load() implementation
Xing, Cedric
- [RFC PATCH v4 10/12] security/selinux: Add enclave_load() implementation
Andy Lutomirski
- [RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks
Xing, Cedric
- [RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks
Andy Lutomirski
- [RFC PATCH v4 04/12] x86/sgx: Require userspace to define enclave pages' protection bits
Andy Lutomirski
- [RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks
Xing, Cedric
- [RFC PATCH v4 10/12] security/selinux: Add enclave_load() implementation
Xing, Cedric
- [RFC PATCH v6 0/1] Add dm verity root hash pkcs7 sig validation.
Jaskaran Khurana
- [RFC PATCH v6 1/1] Add dm verity root hash pkcs7 sig validation.
Jaskaran Khurana
- [RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks
Xing, Cedric
- [RFC PATCH v4 10/12] security/selinux: Add enclave_load() implementation
Xing, Cedric
- [RFC PATCH v4 10/12] security/selinux: Add enclave_load() implementation
Xing, Cedric
- [RFC PATCH v4 04/12] x86/sgx: Require userspace to define enclave pages' protection bits
Xing, Cedric
- [RFC PATCH v4 10/12] security/selinux: Add enclave_load() implementation
Andy Lutomirski
- [RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks
Andy Lutomirski
- [RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks
Casey Schaufler
- [RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks
Xing, Cedric
- [RFC PATCH v4 10/12] security/selinux: Add enclave_load() implementation
Xing, Cedric
- [RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks
Xing, Cedric
- [RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks
Casey Schaufler
- Fwd: [PATCH v4 15/23] LSM: Specify which LSM to display
James Morris
- Fwd: [PATCH v4 15/23] LSM: Specify which LSM to display
Casey Schaufler
- [RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks
Andy Lutomirski
- Reminder: 1 open syzbot bug in "security/smack" subsystem
Eric Biggers
- Reminder: 2 open syzbot bugs in "security/tomoyo" subsystem
Eric Biggers
- [RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks
Xing, Cedric
- [RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks
Xing, Cedric
- [RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks
Casey Schaufler
- [GIT PULL] SELinux patches for v5.3
Paul Moore
- [PATCH] apparmor: Replace two seq_printf() calls by seq_puts() in aa_label_seq_xprint()
Markus Elfring
- [PATCH] ima: Replace two seq_printf() calls by seq_puts() in ima_show_template_data_ascii()
Markus Elfring
- [PATCH] ima: Replace two seq_printf() calls by seq_puts() in ima_show_template_data_ascii()
Markus Elfring
- [PATCH] ima: Replace two seq_printf() calls by seq_puts() in ima_show_template_data_ascii()
Markus Elfring
- [PATCH] ima: Replace two seq_printf() calls by seq_puts() in ima_show_template_data_ascii()
Markus Elfring
- [PATCH v10 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Andrew Morton
- [RFC PATCH 0/1] security: add SECURE_KEEP_FSUID to preserve fsuid/fsgid across execve
Lubashev, Igor
- [PATCH -next] integrity: Remove set but not used variable 'acl'
YueHaibing
- [PATCH] ima: Replace two seq_printf() calls by seq_puts() in ima_show_template_data_ascii()
David Laight
- ima: Replace two seq_printf() calls by seq_puts() in ima_show_template_data_ascii()
Markus Elfring
- [RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks
Dr. Greg
- [PATCH] ima: Replace two seq_printf() calls by seq_puts() in ima_show_template_data_ascii()
Mimi Zohar
- [PATCH v10 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Alexander Potapenko
- [PATCH -next] integrity: Remove set but not used variable 'acl'
David Howells
- [RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks
Casey Schaufler
- [PATCH 8/9] usb: Add USB subsystem notifications [ver #5]
Greg Kroah-Hartman
- [PATCH 1/9] uapi: General notification ring definitions [ver #5]
Greg Kroah-Hartman
- [PATCH 4/9] General notification queue with user mmap()'able ring buffer [ver #5]
Greg Kroah-Hartman
- [PATCH 6/9] Add a general, global device notification watch list [ver #5]
Greg Kroah-Hartman
- [PATCH 6/9] Add a general, global device notification watch list [ver #5]
Greg Kroah-Hartman
- [PATCH v5 00/23] LSM: Module stacking for AppArmor
Casey Schaufler
- [PATCH v5 01/23] LSM: Infrastructure management of the superblock
Casey Schaufler
- [PATCH v5 02/23] LSM: Infrastructure management of the sock security
Casey Schaufler
- [PATCH v5 03/23] LSM: Infrastructure management of the key blob
Casey Schaufler
- [PATCH v5 04/23] LSM: Create and manage the lsmblob data structure.
Casey Schaufler
- [PATCH v5 05/23] LSM: Use lsmblob in security_audit_rule_match
Casey Schaufler
- [PATCH v5 06/23] LSM: Use lsmblob in security_kernel_act_as
Casey Schaufler
- [PATCH v5 07/23] net: Prepare UDS for secuirty module stacking
Casey Schaufler
- [PATCH v5 08/23] LSM: Use lsmblob in security_secctx_to_secid
Casey Schaufler
- [PATCH v5 09/23] LSM: Use lsmblob in security_secid_to_secctx
Casey Schaufler
- [PATCH v5 10/23] LSM: Use lsmblob in security_ipc_getsecid
Casey Schaufler
- [PATCH v5 11/23] LSM: Use lsmblob in security_task_getsecid
Casey Schaufler
- [PATCH v5 12/23] LSM: Use lsmblob in security_inode_getsecid
Casey Schaufler
- [PATCH v5 13/23] LSM: Use lsmblob in security_cred_getsecid
Casey Schaufler
- [PATCH v5 14/23] IMA: Change internal interfaces to use lsmblobs
Casey Schaufler
- [PATCH v5 15/23] LSM: Specify which LSM to display
Casey Schaufler
- [PATCH v5 16/23] LSM: Ensure the correct LSM context releaser
Casey Schaufler
- [PATCH v5 17/23] LSM: Use lsmcontext in security_secid_to_secctx
Casey Schaufler
- [PATCH v5 18/23] LSM: Use lsmcontext in security_dentry_init_security
Casey Schaufler
- [PATCH v5 19/23] LSM: Use lsmcontext in security_inode_getsecctx
Casey Schaufler
- [PATCH v5 20/23] LSM: security_secid_to_secctx in netlink netfilter
Casey Schaufler
- [PATCH v5 21/23] NET: Store LSM netlabel data in a lsmblob
Casey Schaufler
- [PATCH v5 22/23] AppArmor: Remove the exclusive flag
Casey Schaufler
- [PATCH v5 23/23] SELinux: Verify LSM display sanity in binder
Casey Schaufler
- [PATCH v5 17/23] LSM: Use lsmcontext in security_secid_to_secctx
Kees Cook
- [PATCH v5 19/23] LSM: Use lsmcontext in security_inode_getsecctx
Kees Cook
- [RFC PATCH v2 0/3] security/x86/sgx: SGX specific LSM hooks
Jarkko Sakkinen
- [RFC PATCH v2 0/3] security/x86/sgx: SGX specific LSM hooks
Jarkko Sakkinen
- [RFC PATCH v2 0/3] security/x86/sgx: SGX specific LSM hooks
Jarkko Sakkinen
- [PATCH -next] integrity: Remove set but not used variable 'acl'
Yuehaibing
- [PATCH v12 01/11] MODSIGN: Export module signature definitions
Thiago Jung Bauermann
- [PATCH v12 00/11] Appended signatures support for IMA appraisal
Thiago Jung Bauermann
- [PATCH v2] Revert "tpm: pass an array of tpm_extend_digest structures to tpm_pcr_extend()"
Jarkko Sakkinen
- [PATCH] Revert "tpm: pass an array of tpm_extend_digest structures to tpm_pcr_extend()"
Jarkko Sakkinen
- [PATCH v12 01/11] MODSIGN: Export module signature definitions
Philipp Rudo
- [PATCH] Revert "tpm: pass an array of tpm_extend_digest structures to tpm_pcr_extend()"
Roberto Sassu
- [PATCH] Revert "tpm: pass an array of tpm_extend_digest structures to tpm_pcr_extend()"
Mimi Zohar
- [PATCH v2] tomoyo: Don't check open/getattr permission on sockets.
Tetsuo Handa
- [PATCH] Revert "tpm: pass an array of tpm_extend_digest structures to tpm_pcr_extend()"
Mimi Zohar
- [PATCH 6/9] Add a general, global device notification watch list [ver #5]
David Howells
- [PATCH v12 01/11] MODSIGN: Export module signature definitions
Thiago Jung Bauermann
- [PATCH v10 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Andrew Morton
- [PATCH] Revert "tpm: pass an array of tpm_extend_digest structures to tpm_pcr_extend()"
Tyler Hicks
- [PATCH] smack: fix some kernel-doc notations
luanshi
- [PATCH 6/9] Add a general, global device notification watch list [ver #5]
Greg Kroah-Hartman
- [PATCH 6/9] Add a general, global device notification watch list [ver #5]
David Howells
- [PATCH 6/9] Add a general, global device notification watch list [ver #5]
Greg Kroah-Hartman
- [PATCH] Revert "tpm: pass an array of tpm_extend_digest structures to tpm_pcr_extend()"
Jarkko Sakkinen
- [PATCH] Revert "tpm: pass an array of tpm_extend_digest structures to tpm_pcr_extend()"
Jarkko Sakkinen
- [PATCH v10 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Alexander Potapenko
- [PATCH v12 01/11] MODSIGN: Export module signature definitions
Philipp Rudo
- [RFC/RFT] KEYS: trusted: Add generic trusted keys framework
Sumit Garg
- [PATCH 6/9] Add a general, global device notification watch list [ver #5]
Alan Stern
- [PATCH] Revert "tpm: pass an array of tpm_extend_digest structures to tpm_pcr_extend()"
Nayna
- [RFC PATCH v4 00/12] security: x86/sgx: SGX vs. LSM
Jarkko Sakkinen
- [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated
Roberto Sassu
- [GIT PULL] Keys: Set 1 - Miscellany for 5.3
David Howells
- [GIT PULL] Keys: Set 2 - request_key() improvements for 5.3
David Howells
- [GIT PULL] Keys: Set 3 - Keyrings namespacing for 5.3
David Howells
- [GIT PULL] Keys: Set 4 - Key ACLs for 5.3
David Howells
- Quotes needed For July Shipments
Sales -Jpexcc.
- [RFC PATCH v2 0/3] security/x86/sgx: SGX specific LSM hooks
Xing, Cedric
- [PATCH v5 00/12] S.A.R.A. a new stacked LSM
Salvatore Mesoraca
- [PATCH v5 01/12] S.A.R.A.: add documentation
Salvatore Mesoraca
- [PATCH v5 02/12] S.A.R.A.: create framework
Salvatore Mesoraca
- [PATCH v5 03/12] S.A.R.A.: cred blob management
Salvatore Mesoraca
- [PATCH v5 04/12] S.A.R.A.: generic DFA for string matching
Salvatore Mesoraca
- [PATCH v5 05/12] LSM: creation of "check_vmflags" LSM hook
Salvatore Mesoraca
- [PATCH v5 06/12] S.A.R.A.: WX protection
Salvatore Mesoraca
- [PATCH v5 07/12] LSM: creation of "pagefault_handler" LSM hook
Salvatore Mesoraca
- [PATCH v5 08/12] S.A.R.A.: trampoline emulation
Salvatore Mesoraca
- [PATCH v5 09/12] S.A.R.A.: WX protection procattr interface
Salvatore Mesoraca
- [PATCH v5 10/12] S.A.R.A.: XATTRs support
Salvatore Mesoraca
- [PATCH v5 11/12] S.A.R.A.: /proc/*/mem write limitation
Salvatore Mesoraca
- [PATCH v5 12/12] MAINTAINERS: take maintainership for S.A.R.A.
Salvatore Mesoraca
- [PATCH v5 00/12] S.A.R.A. a new stacked LSM
Jordan Glover
- [PATCH v5 00/12] S.A.R.A. a new stacked LSM
Salvatore Mesoraca
- [PATCH] security/commoncap: Use xattr security prefix len
Carmeli Tamir
- [PATCH v5 02/12] S.A.R.A.: create framework
Randy Dunlap
- [PATCH v5 08/12] S.A.R.A.: trampoline emulation
Randy Dunlap
- [PATCH v5 06/12] S.A.R.A.: WX protection
Randy Dunlap
- [PATCH v5 01/12] S.A.R.A.: add documentation
Randy Dunlap
- [PATCH v5 01/12] S.A.R.A.: add documentation
Salvatore Mesoraca
- [PATCH v5 11/12] S.A.R.A.: /proc/*/mem write limitation
Jann Horn
- [PATCH v5 04/12] S.A.R.A.: generic DFA for string matching
Jann Horn
- [PATCH v5 06/12] S.A.R.A.: WX protection
Al Viro
- [PATCH v5 00/12] S.A.R.A. a new stacked LSM
James Morris
- [PATCH v2] tomoyo: Don't check open/getattr permission on sockets.
James Morris
- [PATCH v2] tomoyo: Don't check open/getattr permission on sockets.
James Morris
- [PATCH] security/commoncap: Use xattr security prefix len
James Morris
- [RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks
Dr. Greg
- [PATCH v5 00/12] S.A.R.A. a new stacked LSM
Salvatore Mesoraca
- [PATCH v5 06/12] S.A.R.A.: WX protection
Salvatore Mesoraca
- [PATCH v5 04/12] S.A.R.A.: generic DFA for string matching
Salvatore Mesoraca
- [PATCH v5 11/12] S.A.R.A.: /proc/*/mem write limitation
Salvatore Mesoraca
- [RFC PATCH v4 07/12] LSM: x86/sgx: Introduce ->enclave_map() hook for Intel SGX
Sean Christopherson
- [RFC PATCH v4 10/12] security/selinux: Add enclave_load() implementation
Sean Christopherson
- [RFC PATCH v4 05/12] x86/sgx: Enforce noexec filesystem restriction for enclaves
Sean Christopherson
- [RFC PATCH v3 0/4] security/x86/sgx: SGX specific LSM hooks
Cedric Xing
- [RFC PATCH v3 1/4] x86/sgx: Add SGX specific LSM hooks
Cedric Xing
- [RFC PATCH v3 2/4] x86/64: Call LSM hooks from SGX subsystem/module
Cedric Xing
- [RFC PATCH v3 3/4] X86/sgx: Introduce EMA as a new LSM module
Cedric Xing
- [RFC PATCH v3 4/4] x86/sgx: Implement SGX specific hooks in SELinux
Cedric Xing
- [PATCH 02/10] vfs: syscall: Add move_mount(2) to move mounts around
Tetsuo Handa
- [RFC 0/7] Introduce TEE based Trusted Keys support
Sumit Garg
- [PATCH v5 06/12] S.A.R.A.: WX protection
David Laight
- [GIT PULL] integrity subsystem updates for v5.3
Mimi Zohar
- [PATCH 02/10] vfs: syscall: Add move_mount(2) to move mounts around
Al Viro
- [RFC PATCH v4 12/12] LSM: x86/sgx: Show line of sight to LSM support SGX2's EAUG
Sean Christopherson
- [RFC PATCH v2 0/3] security/x86/sgx: SGX specific LSM hooks
Jarkko Sakkinen
- [RFC PATCH v4 01/12] x86/sgx: Use mmu_notifier.release() instead of per-vma refcounting
Sean Christopherson
- [RFC 3/7] tee: add private login method for kernel clients
Jens Wiklander
- [RFC PATCH v3 0/4] security/x86/sgx: SGX specific LSM hooks
Sean Christopherson
- [RFC PATCH v3 3/4] X86/sgx: Introduce EMA as a new LSM module
Casey Schaufler
- [RFC 0/7] Introduce TEE based Trusted Keys support
Jens Wiklander
- [RFC PATCH v4 04/12] x86/sgx: Require userspace to define enclave pages' protection bits
Sean Christopherson
- [PATCH 02/10] vfs: syscall: Add move_mount(2) to move mounts around
Eric W. Biederman
- [RFC PATCH v3 3/4] X86/sgx: Introduce EMA as a new LSM module
Xing, Cedric
- [RFC PATCH v4 04/12] x86/sgx: Require userspace to define enclave pages' protection bits
Xing, Cedric
- [RFC PATCH v4 00/12] security: x86/sgx: SGX vs. LSM
Sean Christopherson
- [RFC PATCH v4 00/12] security: x86/sgx: SGX vs. LSM
Xing, Cedric
- [PATCH v5 04/12] S.A.R.A.: generic DFA for string matching
Jann Horn
- [RFC PATCH v3 0/4] security/x86/sgx: SGX specific LSM hooks
Xing, Cedric
- [PATCH 02/10] vfs: syscall: Add move_mount(2) to move mounts around
Al Viro
- [PATCH 02/10] vfs: syscall: Add move_mount(2) to move mounts around
Al Viro
- [PATCH 2/9] security: Add hooks to rule on setting a watch [ver #5]
Stephen Smalley
- [RFC PATCH v3 0/4] security/x86/sgx: SGX specific LSM hooks
Sean Christopherson
- [PATCH 3/9] security: Add a hook for the point of notification insertion [ver #5]
Stephen Smalley
- [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated
Tyler Hicks
- [PATCH 02/10] vfs: syscall: Add move_mount(2) to move mounts around
Al Viro
- [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated
James Bottomley
- [RFC PATCH v3 0/4] security/x86/sgx: SGX specific LSM hooks
Xing, Cedric
- [RFC PATCH v3 3/4] X86/sgx: Introduce EMA as a new LSM module
Casey Schaufler
- [RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks
Casey Schaufler
- [PATCH 02/10] vfs: syscall: Add move_mount(2) to move mounts around
Eric W. Biederman
- [RFC PATCH v3 2/4] x86/64: Call LSM hooks from SGX subsystem/module
Sean Christopherson
- [RFC PATCH v3 4/4] x86/sgx: Implement SGX specific hooks in SELinux
Sean Christopherson
- [RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks
Sean Christopherson
- [GIT PULL] Keys: Set 3 - Keyrings namespacing for 5.3
pr-tracker-bot at kernel.org
- [GIT PULL] Keys: Set 4 - Key ACLs for 5.3
pr-tracker-bot at kernel.org
- [GIT PULL] tpmdd updates for Linux v5.3
pr-tracker-bot at kernel.org
- [GIT PULL] SELinux patches for v5.3
pr-tracker-bot at kernel.org
- [GIT PULL] Keys: Set 1 - Miscellany for 5.3
pr-tracker-bot at kernel.org
- [GIT PULL] Keys: Set 2 - request_key() improvements for 5.3
pr-tracker-bot at kernel.org
- keyrings pull requests for the next merge window
Linus Torvalds
- [GIT PULL] integrity subsystem updates for v5.3
pr-tracker-bot at kernel.org
- [PATCH v5 06/12] S.A.R.A.: WX protection
Kees Cook
- [RFC 3/7] tee: add private login method for kernel clients
Sumit Garg
- [RFC 0/7] Introduce TEE based Trusted Keys support
Sumit Garg
- [RFC 3/7] tee: add private login method for kernel clients
Jens Wiklander
- [RFC 3/7] tee: add private login method for kernel clients
Sumit Garg
- [PATCH 02/10] vfs: syscall: Add move_mount(2) to move mounts around
Tetsuo Handa
- [GIT PULL] LSM: capabilities updates for v5.3
James Morris
- [RFC PATCH v4 01/12] x86/sgx: Use mmu_notifier.release() instead of per-vma refcounting
Jarkko Sakkinen
- [RFC PATCH v4 00/12] security: x86/sgx: SGX vs. LSM
Jarkko Sakkinen
- [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated
Jarkko Sakkinen
- [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated
Mimi Zohar
- RFC: BUG: overlayfs getxattr recursion leaves a poison sid.
Casey Schaufler
- RFC: BUG: overlayfs getxattr recursion leaves a poison sid.
Mark Salyzyn
- [PATCH v1 01/22] docs: Documentation/*.txt: rename all ReST files to *.rst
Rob Herring
- [RFC PATCH v4 00/12] security: x86/sgx: SGX vs. LSM
Sean Christopherson
- [PATCH v5 15/23] LSM: Specify which LSM to display
Stephen Smalley
- [PATCH v5 15/23] LSM: Specify which LSM to display
Casey Schaufler
- [PATCH v5 15/23] LSM: Specify which LSM to display
Stephen Smalley
- Reminder: 2 open syzbot bugs in "security/integrity" subsystem
Eric Biggers
- [GIT PULL] LSM: capabilities updates for v5.3
pr-tracker-bot at kernel.org
- [RFC PATCH v4 00/12] security: x86/sgx: SGX vs. LSM
Xing, Cedric
- [PATCH 2/2] KEYS: Provide KEYCTL_GRANT_PERMISSION
Eric Biggers
- [RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks
Xing, Cedric
- [PATCH v5 15/23] LSM: Specify which LSM to display
Casey Schaufler
- [RFC PATCH v3 4/4] x86/sgx: Implement SGX specific hooks in SELinux
Xing, Cedric
- [PATCH v5 15/23] LSM: Specify which LSM to display
Stephen Smalley
- [RFC PATCH v3 3/4] X86/sgx: Introduce EMA as a new LSM module
Xing, Cedric
- [RFC PATCH v4 00/12] security: x86/sgx: SGX vs. LSM
Sean Christopherson
- [RFC PATCH v4 00/12] security: x86/sgx: SGX vs. LSM
Xing, Cedric
- [RFC PATCH v3 3/4] X86/sgx: Introduce EMA as a new LSM module
Casey Schaufler
- [RFC PATCH v3 3/4] X86/sgx: Introduce EMA as a new LSM module
Xing, Cedric
- [PATCH 1/2] KEYS: Replace uid/gid/perm permissions checking with an ACL
Eric Biggers
- [RFC PATCH v4 00/12] security: x86/sgx: SGX vs. LSM
Dr. Greg
- [PATCH 1/2] KEYS: Replace uid/gid/perm permissions checking with an ACL
Eric Biggers
- [RFC PATCH v4 00/12] security: x86/sgx: SGX vs. LSM
Xing, Cedric
- Greetings!
fuqingzheng at asia.com
- [RFC PATCH] fanotify, inotify, dnotify, security: add security hook for fs notifications
Aaron Goidel
- [RFC PATCH] fanotify, inotify, dnotify, security: add security hook for fs notifications
Amir Goldstein
- [PATCH V34 10/29] hibernate: Disable when the kernel is locked down
Joey Lee
- [RFC PATCH v3 4/4] x86/sgx: Implement SGX specific hooks in SELinux
Sean Christopherson
- [RFC PATCH] fanotify, inotify, dnotify, security: add security hook for fs notifications
Casey Schaufler
- [RFC PATCH] fanotify, inotify, dnotify, security: add security hook for fs notifications
Randy Dunlap
- [RFC PATCH] fanotify, inotify, dnotify, security: add security hook for fs notifications
Casey Schaufler
- [RFC PATCH v4 00/12] security: x86/sgx: SGX vs. LSM
Sean Christopherson
- [RFC PATCH] fanotify, inotify, dnotify, security: add security hook for fs notifications
Joe Perches
- [RFC PATCH] fanotify, inotify, dnotify, security: add security hook for fs notifications
Joe Perches
- [Non-DoD Source] Re: [RFC PATCH] fanotify, inotify, dnotify, security: add security hook for fs notifications
Aaron Goidel
- [RFC PATCH] fanotify, inotify, dnotify, security: add security hook for fs notifications
Randy Dunlap
- [RFC PATCH v3 4/4] x86/sgx: Implement SGX specific hooks in SELinux
Xing, Cedric
- [RFC PATCH v3 4/4] x86/sgx: Implement SGX specific hooks in SELinux
Xing, Cedric
- [GIT PULL] Keys: Set 4 - Key ACLs for 5.3
Linus Torvalds
- [RFC PATCH] fanotify, inotify, dnotify, security: add security hook for fs notifications
Stephen Smalley
- [GIT PULL] Keys: Set 4 - Key ACLs for 5.3
Eric Biggers
- [RFC PATCH] fanotify, inotify, dnotify, security: add security hook for fs notifications
Casey Schaufler
- [GIT PULL] Keys: Set 4 - Key ACLs for 5.3
Eric Biggers
- [RFC PATCH v4 00/12] security: x86/sgx: SGX vs. LSM
Jarkko Sakkinen
- [RFC PATCH v4 00/12] security: x86/sgx: SGX vs. LSM
Sean Christopherson
- [RFC PATCH v3 3/4] X86/sgx: Introduce EMA as a new LSM module
Casey Schaufler
- [RFC PATCH v4 00/12] security: x86/sgx: SGX vs. LSM
Jarkko Sakkinen
- [RFC PATCH v4 00/12] security: x86/sgx: SGX vs. LSM
Jarkko Sakkinen
- [RFC PATCH v4 00/12] security: x86/sgx: SGX vs. LSM
Xing, Cedric
- [GIT PULL] Keys: Set 4 - Key ACLs for 5.3
Linus Torvalds
- [GIT PULL] Keys: Set 4 - Key ACLs for 5.3
Mimi Zohar
- [PATCH V34 10/29] hibernate: Disable when the kernel is locked down
joeyli
- [RFC PATCH v4 00/12] security: x86/sgx: SGX vs. LSM
Jarkko Sakkinen
- [RFC PATCH v4 00/12] security: x86/sgx: SGX vs. LSM
Jarkko Sakkinen
- [RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks
Dr. Greg
- [RFC PATCH v3 3/4] X86/sgx: Introduce EMA as a new LSM module
Stephen Smalley
- possible deadlock in process_measurement
Mimi Zohar
- [RFC PATCH v4 00/12] security: x86/sgx: SGX vs. LSM
Stephen Smalley
- [RFC PATCH v3 3/4] X86/sgx: Introduce EMA as a new LSM module
Sean Christopherson
- [RFC PATCH v3 3/4] X86/sgx: Introduce EMA as a new LSM module
Stephen Smalley
- [RFC PATCH v3 3/4] X86/sgx: Introduce EMA as a new LSM module
Sean Christopherson
- [RFC PATCH v3 3/4] X86/sgx: Introduce EMA as a new LSM module
Stephen Smalley
- [RFC PATCH v4 00/12] security: x86/sgx: SGX vs. LSM
Jarkko Sakkinen
- possible deadlock in process_measurement
Mimi Zohar
- [RFC/RFT] KEYS: trusted: Add generic trusted keys framework
Jarkko Sakkinen
- [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated
Jarkko Sakkinen
- possible deadlock in process_measurement
Eric Biggers
- possible deadlock in process_measurement
Mimi Zohar
- [RFC PATCH v3 3/4] X86/sgx: Introduce EMA as a new LSM module
Xing, Cedric
- [RFC PATCH v4 00/12] security: x86/sgx: SGX vs. LSM
Xing, Cedric
- Some LSM and SGX remarks before parting of for two weeks
Jarkko Sakkinen
- [PATCH 11/12] Documentation/x86: repointer docs to Documentation/arch/
Alex Shi
- Some LSM and SGX remarks before parting of for two weeks
James Morris
- [RFC PATCH] fanotify, inotify, dnotify, security: add security hook for fs notifications
James Morris
- [RFC/RFT] KEYS: trusted: Add generic trusted keys framework
Sumit Garg
- Some LSM and SGX remarks before parting of for two weeks
Jarkko Sakkinen
- [PATCH] LSM: Update MAINTAINERS file for SafeSetID LSM.
Micah Morton
- Preferred subj= with multiple LSMs
Casey Schaufler
- [PATCH] LSM: Update MAINTAINERS file for SafeSetID LSM.
James Morris
- [RFC PATCH v6 0/1] Add dm verity root hash pkcs7 sig validation.
Jaskaran Singh Khurana
- [RFC PATCH] security, capability: pass object information to security_capable
Nicholas Franck
- [RFC PATCH] security,capability: pass object information to security_capable
James Morris
- [RFC PATCH] security,capability: pass object information to security_capable
Casey Schaufler
- [RFC PATCH] security, capability: pass object information to security_capable
Stephen Smalley
- [RFC PATCH] security, capability: pass object information to security_capable
Stephen Smalley
- [RFC PATCH] security, capability: pass object information to security_capable
Casey Schaufler
- [PATCH 1/6] security: Add hooks to rule on setting a superblock or mount watch [ver #5]
James Morris
- [RFC PATCH] security, capability: pass object information to security_capable
Stephen Smalley
- [RFC PATCH] security, capability: pass object information to security_capable
Casey Schaufler
- [PATCH v5 03/12] S.A.R.A.: cred blob management
James Morris
- [PATCH v5 01/12] S.A.R.A.: add documentation
James Morris
- [RFC PATCH] security, capability: pass object information to security_capable
James Morris
- [RFC PATCH] security, capability: pass object information to security_capable
James Morris
- Preferred subj= with multiple LSMs
Steve Grubb
- [PATCH v21 17/28] x86/sgx: Add provisioning
Jarkko Sakkinen
- [RFC PATCH] security, capability: pass object information to security_capable
Casey Schaufler
- Loan offer !!
Smith Jerry
- Kindly Respond
Donald Douglas
- [PATCH AUTOSEL 5.2 116/249] integrity: Fix __integrity_init_keyring() section mismatch
Sasha Levin
- [PATCH AUTOSEL 5.1 102/219] integrity: Fix __integrity_init_keyring() section mismatch
Sasha Levin
- [GIT PULL] SafeSetID LSM changes for 5.3
Micah Morton
- possible deadlock in process_measurement
Eric Biggers
- [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated
Roberto Sassu
- [PATCH] LSM: Update MAINTAINERS file for SafeSetID LSM.
Micah Morton
- [PATCH v4 0/3] initramfs: add support for xattrs in the initial ram disk
Roberto Sassu
- [RFC PATCH] security, capability: pass object information to security_capable
Richard Guy Briggs
- Preferred subj= with multiple LSMs
Richard Guy Briggs
- [PATCH V35 00/29] Kernel lockdown functionality
Matthew Garrett
- [PATCH V35 01/29] security: Support early LSMs
Matthew Garrett
- [PATCH V35 02/29] security: Add a "locked down" LSM hook
Matthew Garrett
- [PATCH V35 03/29] security: Add a static lockdown policy LSM
Matthew Garrett
- [PATCH V35 04/29] Enforce module signatures if the kernel is locked down
Matthew Garrett
- [PATCH V35 05/29] Restrict /dev/{mem,kmem,port} when the kernel is locked down
Matthew Garrett
- [PATCH V35 06/29] kexec_load: Disable at runtime if the kernel is locked down
Matthew Garrett
- [PATCH V35 07/29] Copy secure_boot flag in boot params across kexec reboot
Matthew Garrett
- [PATCH V35 08/29] kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE
Matthew Garrett
- [PATCH V35 09/29] kexec_file: Restrict at runtime if the kernel is locked down
Matthew Garrett
- [PATCH V35 10/29] hibernate: Disable when the kernel is locked down
Matthew Garrett
- [PATCH V35 11/29] PCI: Lock down BAR access when the kernel is locked down
Matthew Garrett
- [PATCH V35 12/29] x86: Lock down IO port access when the kernel is locked down
Matthew Garrett
- [PATCH V35 13/29] x86/msr: Restrict MSR access when the kernel is locked down
Matthew Garrett
- [PATCH V35 14/29] ACPI: Limit access to custom_method when the kernel is locked down
Matthew Garrett
- [PATCH V35 15/29] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down
Matthew Garrett
- [PATCH V35 16/29] acpi: Disable ACPI table override if the kernel is locked down
Matthew Garrett
- [PATCH V35 17/29] Prohibit PCMCIA CIS storage when the kernel is locked down
Matthew Garrett
- [PATCH V35 18/29] Lock down TIOCSSERIAL
Matthew Garrett
- [PATCH V35 19/29] Lock down module params that specify hardware parameters (eg. ioport)
Matthew Garrett
- [PATCH V35 20/29] x86/mmiotrace: Lock down the testmmiotrace module
Matthew Garrett
- [PATCH V35 21/29] Lock down /proc/kcore
Matthew Garrett
- [PATCH V35 22/29] Lock down tracing and perf kprobes when in confidentiality mode
Matthew Garrett
- [PATCH V35 23/29] bpf: Restrict bpf when kernel lockdown is in confidentiality mode
Matthew Garrett
- [PATCH V35 24/29] Lock down perf when in confidentiality mode
Matthew Garrett
- [PATCH V35 25/29] kexec: Allow kexec_file() with appropriate IMA policy when locked down
Matthew Garrett
- [PATCH V35 26/29] debugfs: Restrict debugfs when the kernel is locked down
Matthew Garrett
- [PATCH V35 27/29] tracefs: Restrict tracefs when the kernel is locked down
Matthew Garrett
- [PATCH V35 28/29] efi: Restrict efivar_ssdt_load when the kernel is locked down
Matthew Garrett
- [PATCH V35 29/29] lockdown: Print current->comm in restriction messages
Matthew Garrett
- [RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks
Andy Lutomirski
- [RFC PATCH v3 04/12] x86/sgx: Require userspace to define enclave pages' protection bits
Andy Lutomirski
- [PATCH V35 23/29] bpf: Restrict bpf when kernel lockdown is in confidentiality mode
Daniel Borkmann
- [PATCH V35 26/29] debugfs: Restrict debugfs when the kernel is locked down
James Morris
- [PATCH V35 19/29] Lock down module params that specify hardware parameters (eg. ioport)
James Morris
- [PATCH V35 15/29] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down
Dave Young
- [RFC PATCH v6 0/1] Add dm verity root hash pkcs7 sig validation.
Milan Broz
- [RFC PATCH] security, capability: pass object information to security_capable
Serge E. Hallyn
- [RFC PATCH] security,capability: pass object information to security_capable
Serge E. Hallyn
- [RFC PATCH] security, capability: pass object information to security_capable
Andy Lutomirski
- [RFC PATCH] security, capability: pass object information to security_capable
Casey Schaufler
- [RFC PATCH] security, capability: pass object information to security_capable
Casey Schaufler
- [RFC PATCH] security, capability: pass object information to security_capable
Stephen Smalley
- Preferred subj= with multiple LSMs
Casey Schaufler
- Preferred subj= with multiple LSMs
Casey Schaufler
- Preferred subj= with multiple LSMs
Paul Moore
- Preferred subj= with multiple LSMs
Casey Schaufler
- Preferred subj= with multiple LSMs
Steve Grubb
- [RFC PATCH v6 0/1] Add dm verity root hash pkcs7 sig validation.
Jaskaran Singh Khurana
- Preferred subj= with multiple LSMs
Casey Schaufler
- [GIT PULL] SafeSetID LSM changes for 5.3
Linus Torvalds
- [GIT PULL] SafeSetID LSM changes for 5.3
Linus Torvalds
- [GIT PULL] SafeSetID LSM changes for 5.3
pr-tracker-bot at kernel.org
- [PATCH V35 23/29] bpf: Restrict bpf when kernel lockdown is in confidentiality mode
Matthew Garrett
- [PATCH V35 15/29] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down
Matthew Garrett
- Preferred subj= with multiple LSMs
Paul Moore
- Preferred subj= with multiple LSMs
Steve Grubb
- [RFC] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down
Matthew Garrett
- Preferred subj= with multiple LSMs
Casey Schaufler
- Preferred subj= with multiple LSMs
Paul Moore
- Preferred subj= with multiple LSMs
Paul Moore
- [PATCH V35 27/29] tracefs: Restrict tracefs when the kernel is locked down
Steven Rostedt
- [PATCH V35 27/29] tracefs: Restrict tracefs when the kernel is locked down
Matthew Garrett
- Preferred subj= with multiple LSMs
Casey Schaufler
- Preferred subj= with multiple LSMs
James Morris
- KASAN: use-after-free Write in check_noncircular
syzbot
- KASAN: use-after-free Write in check_noncircular
Tetsuo Handa
- Preferred subj= with multiple LSMs
Paul Moore
- Preferred subj= with multiple LSMs
Paul Moore
- [RFC PATCH v6 0/1] Add dm verity root hash pkcs7 sig validation.
Milan Broz
- Preferred subj= with multiple LSMs
Casey Schaufler
- Preferred subj= with multiple LSMs
Paul Moore
- [GIT PULL] SafeSetID LSM changes for 5.3
Micah Morton
- Preferred subj= with multiple LSMs
Casey Schaufler
- [RFC PATCH v7 0/1] Add dm verity root hash pkcs7 sig validation.
Jaskaran Khurana
- [RFC PATCH v7 1/1] Add dm verity root hash pkcs7 sig validation.
Jaskaran Khurana
- [RFC PATCH v7 1/1] Add dm verity root hash pkcs7 sig validation.
Randy Dunlap
- [RFC/RFT v2 0/2] KEYS: trusted: Add generic trusted keys framework
Sumit Garg
- [RFC/RFT v2 1/2] KEYS: trusted: create trusted keys subsystem
Sumit Garg
- [RFC/RFT v2 2/2] KEYS: trusted: Add generic trusted keys framework
Sumit Garg
- Preferred subj= with multiple LSMs
Simon McVittie
- [RFC PATCH v2] fanotify, inotify, dnotify, security: add security hook for fs notifications
Aaron Goidel
- Preferred subj= with multiple LSMs
William Roberts
- Preferred subj= with multiple LSMs
Casey Schaufler
- [RFC PATCH v2] fanotify, inotify, dnotify, security: add security hook for fs notifications
Amir Goldstein
- [RFC PATCH v2] fanotify, inotify, dnotify, security: add security hook for fs notifications
Casey Schaufler
- Preferred subj= with multiple LSMs
Casey Schaufler
- [PATCH V36 00/29] security: Add kernel lockdown functionality
Matthew Garrett
- [PATCH V36 01/29] security: Support early LSMs
Matthew Garrett
- [PATCH V36 02/29] security: Add a "locked down" LSM hook
Matthew Garrett
- [PATCH V36 03/29] security: Add a static lockdown policy LSM
Matthew Garrett
- [PATCH V36 04/29] Enforce module signatures if the kernel is locked down
Matthew Garrett
- [PATCH V36 05/29] Restrict /dev/{mem,kmem,port} when the kernel is locked down
Matthew Garrett
- [PATCH V36 06/29] kexec_load: Disable at runtime if the kernel is locked down
Matthew Garrett
- [PATCH V36 07/29] Copy secure_boot flag in boot params across kexec reboot
Matthew Garrett
- [PATCH V36 08/29] kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE
Matthew Garrett
- [PATCH V36 09/29] kexec_file: Restrict at runtime if the kernel is locked down
Matthew Garrett
- [PATCH V36 10/29] hibernate: Disable when the kernel is locked down
Matthew Garrett
- [PATCH V36 11/29] PCI: Lock down BAR access when the kernel is locked down
Matthew Garrett
- [PATCH V36 12/29] x86: Lock down IO port access when the kernel is locked down
Matthew Garrett
- [PATCH V36 13/29] x86/msr: Restrict MSR access when the kernel is locked down
Matthew Garrett
- [PATCH V36 14/29] ACPI: Limit access to custom_method when the kernel is locked down
Matthew Garrett
- [PATCH V36 15/29] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down
Matthew Garrett
- [PATCH V36 16/29] acpi: Disable ACPI table override if the kernel is locked down
Matthew Garrett
- [PATCH V36 17/29] Prohibit PCMCIA CIS storage when the kernel is locked down
Matthew Garrett
- [PATCH V36 18/29] Lock down TIOCSSERIAL
Matthew Garrett
- [PATCH V36 19/29] Lock down module params that specify hardware parameters (eg. ioport)
Matthew Garrett
- [PATCH V36 20/29] x86/mmiotrace: Lock down the testmmiotrace module
Matthew Garrett
- [PATCH V36 21/29] Lock down /proc/kcore
Matthew Garrett
- [PATCH V36 22/29] Lock down tracing and perf kprobes when in confidentiality mode
Matthew Garrett
- [PATCH V36 23/29] bpf: Restrict bpf when kernel lockdown is in confidentiality mode
Matthew Garrett
- [PATCH V36 24/29] Lock down perf when in confidentiality mode
Matthew Garrett
- [PATCH V36 25/29] kexec: Allow kexec_file() with appropriate IMA policy when locked down
Matthew Garrett
- [PATCH V36 26/29] debugfs: Restrict debugfs when the kernel is locked down
Matthew Garrett
- [PATCH V36 27/29] tracefs: Restrict tracefs when the kernel is locked down
Matthew Garrett
- [PATCH V36 28/29] efi: Restrict efivar_ssdt_load when the kernel is locked down
Matthew Garrett
- [PATCH V36 29/29] lockdown: Print current->comm in restriction messages
Matthew Garrett
- [PATCH V36 01/29] security: Support early LSMs
Casey Schaufler
- [PATCH V36 02/29] security: Add a "locked down" LSM hook
Casey Schaufler
- [PATCH V36 20/29] x86/mmiotrace: Lock down the testmmiotrace module
Kees Cook
- [PATCH V36 23/29] bpf: Restrict bpf when kernel lockdown is in confidentiality mode
Kees Cook
- Preferred subj= with multiple LSMs
Simon McVittie
- Preferred subj= with multiple LSMs
Casey Schaufler
- Preferred subj= with multiple LSMs
Simon McVittie
- Dbus and multiple LSMs (was Preferred subj= with multiple LSMs)
Casey Schaufler
- Preferred subj= with multiple LSMs
Paul Moore
- [PATCH v5 15/23] LSM: Specify which LSM to display
John Johansen
- [PATCH bpf-next v10 00/10] Landlock LSM: Toward unprivileged sandboxing
Mickaël Salaün
- [PATCH bpf-next v10 01/10] fs, security: Add a new file access type: MAY_CHROOT
Mickaël Salaün
- [PATCH bpf-next v10 02/10] bpf: Add expected_attach_triggers and a is_valid_triggers() verifier
Mickaël Salaün
- [PATCH bpf-next v10 03/10] bpf, landlock: Define an eBPF program type for Landlock hooks
Mickaël Salaün
- [PATCH bpf-next v10 04/10] seccomp, landlock: Enforce Landlock programs per process hierarchy
Mickaël Salaün
- [PATCH bpf-next v10 05/10] landlock: Handle filesystem access control
Mickaël Salaün
- [PATCH bpf-next v10 06/10] bpf,landlock: Add a new map type: inode
Mickaël Salaün
- [PATCH bpf-next v10 07/10] landlock: Add ptrace restrictions
Mickaël Salaün
- [PATCH bpf-next v10 08/10] bpf: Add a Landlock sandbox example
Mickaël Salaün
- [PATCH bpf-next v10 09/10] bpf,landlock: Add tests for Landlock
Mickaël Salaün
- [PATCH bpf-next v10 10/10] landlock: Add user and kernel documentation for Landlock
Mickaël Salaün
- [PATCH 02/10] vfs: syscall: Add move_mount(2) to move mounts around
Tetsuo Handa
- Dbus and multiple LSMs (was Preferred subj= with multiple LSMs)
Simon McVittie
- [PATCH] [RESEND v2] structleak: disable STRUCTLEAK_BYREF in combination with KASAN_STACK
Arnd Bergmann
- [PATCH] [RESEND v2] structleak: disable STRUCTLEAK_BYREF in combination with KASAN_STACK
Alexander Potapenko
- [PATCH] [RESEND v2] structleak: disable STRUCTLEAK_BYREF in combination with KASAN_STACK
Arnd Bergmann
- [PATCH] [RESEND v2] structleak: disable STRUCTLEAK_BYREF in combination with KASAN_STACK
Alexander Potapenko
- Dbus and multiple LSMs (was Preferred subj= with multiple LSMs)
Casey Schaufler
- [PATCH] selinux: check sidtab limit before adding a new entry
Kees Cook
- [PATCH] [RESEND v2] structleak: disable STRUCTLEAK_BYREF in combination with KASAN_STACK
Arnd Bergmann
- [PATCH] [RESEND v2] structleak: disable STRUCTLEAK_BYREF in combination with KASAN_STACK
Kees Cook
- Preferred subj= with multiple LSMs
James Morris
- Preferred subj= with multiple LSMs
Casey Schaufler
- Preferred subj= with multiple LSMs
Paul Moore
- Preferred subj= with multiple LSMs
Casey Schaufler
- [PATCH] selinux: check sidtab limit before adding a new entry
Paul Moore
- [PATCH 02/10] vfs: syscall: Add move_mount(2) to move mounts around
John Johansen
- [PATCH] selinux: check sidtab limit before adding a new entry
Ondrej Mosnacek
- [PATCH] security: smack: Fix possible null-pointer dereferences in smack_socket_sock_rcv_skb()
Jia-Ju Bai
- [PATCH 02/10] vfs: syscall: Add move_mount(2) to move mounts around
Tetsuo Handa
- Preferred subj= with multiple LSMs
Simon McVittie
- [Non-DoD Source] Re: [RFC PATCH v2] fanotify, inotify, dnotify, security: add security hook for fs notifications
Aaron Goidel
- Preferred subj= with multiple LSMs
Casey Schaufler
- [Non-DoD Source] Re: [RFC PATCH v2] fanotify, inotify, dnotify, security: add security hook for fs notifications
Amir Goldstein
- [RFC PATCH v3] fanotify, inotify, dnotify, security: add security hook for fs notifications
Aaron Goidel
- [PATCH 02/10] vfs: syscall: Add move_mount(2) to move mounts around
James Morris
- Preferred subj= with multiple LSMs
James Morris
- [PATCH v12 01/11] MODSIGN: Export module signature definitions
Thiago Jung Bauermann
- [PATCH 02/10] vfs: syscall: Add move_mount(2) to move mounts around
Al Viro
- Reminder: 2 open syzbot bugs in "security/tomoyo" subsystem
Eric Biggers
- Reminder: 1 open syzbot bug in "security/smack" subsystem
Eric Biggers
- Reminder: 1 open syzbot bug in "security/integrity" subsystem
Eric Biggers
- Reminder: 2 open syzbot bugs in "security/tomoyo" subsystem
Tetsuo Handa
- Reminder: 2 open syzbot bugs in "security/tomoyo" subsystem
Eric Biggers
- Reminder: 2 open syzbot bugs in "security/tomoyo" subsystem
Tetsuo Handa
- Reminder: 2 open syzbot bugs in "security/tomoyo" subsystem
Eric Biggers
- [PATCH v4 0/3] initramfs: add support for xattrs in the initial ram disk
Roberto Sassu
- KASAN: use-after-free Read in keyring_compare_object
syzbot
- [RFC PATCH] security, capability: pass object information to security_capable
Paul Moore
- [PATCH V36 27/29] tracefs: Restrict tracefs when the kernel is locked down
Steven Rostedt
- [PATCH] test_meminit: use GFP_ATOMIC in RCU critical section
Alexander Potapenko
- [PATCH 0/5] security: integrity: Makefile cleanups
Masahiro Yamada
- [PATCH 1/5] integrity: remove unneeded, broken attempt to add -fshort-wchar
Masahiro Yamada
- [PATCH 2/5] integrity: remove pointless subdir-$(CONFIG_...)
Masahiro Yamada
- [PATCH 3/5] integrity: use obj-y for non-modular objects
Masahiro Yamada
- [PATCH 4/5] IMA: use obj-y for non-modular objects
Masahiro Yamada
- [PATCH 5/5] EVM: use obj-y for non-modular objects
Masahiro Yamada
- [PATCH 4/5] IMA: use obj-y for non-modular objects
Eric Biggers
- [PATCH 4/5] IMA: use obj-y for non-modular objects
Masahiro Yamada
- [PATCH] AppArmor: Remove semicolon
Vasyl Gomonovych
- [GIT PULL] SELinux fixes for v5.3 (#1)
Paul Moore
- [PATCH v5 00/27] LSM: Module stacking for AppArmor
Casey Schaufler
- [PATCH 01/27] LSM: Infrastructure management of the sock security
Casey Schaufler
- [PATCH 02/27] LSM: Infrastructure management of the key blob
Casey Schaufler
- [PATCH 03/27] LSM: Create and manage the lsmblob data structure.
Casey Schaufler
- [PATCH 04/27] LSM: Use lsmblob in security_audit_rule_match
Casey Schaufler
- [PATCH 05/27] LSM: Use lsmblob in security_kernel_act_as
Casey Schaufler
- [PATCH 06/27] net: Prepare UDS for security module stacking
Casey Schaufler
- [PATCH 07/27] LSM: Use lsmblob in security_secctx_to_secid
Casey Schaufler
- [PATCH 08/27] LSM: Use lsmblob in security_secid_to_secctx
Casey Schaufler
- [PATCH 09/27] LSM: Use lsmblob in security_ipc_getsecid
Casey Schaufler
- [PATCH 10/27] LSM: Use lsmblob in security_task_getsecid
Casey Schaufler
- [PATCH 11/27] LSM: Use lsmblob in security_inode_getsecid
Casey Schaufler
- [PATCH 12/27] LSM: Use lsmblob in security_cred_getsecid
Casey Schaufler
- [PATCH 13/27] IMA: Change internal interfaces to use lsmblobs
Casey Schaufler
- [PATCH 14/27] LSM: Specify which LSM to display
Casey Schaufler
- [PATCH 15/27] LSM: Ensure the correct LSM context releaser
Casey Schaufler
- [PATCH 16/27] LSM: Use lsmcontext in security_secid_to_secctx
Casey Schaufler
- [PATCH 17/27] LSM: Use lsmcontext in security_dentry_init_security
Casey Schaufler
- [PATCH 18/27] LSM: Use lsmcontext in security_inode_getsecctx
Casey Schaufler
- [PATCH 19/27] LSM: security_secid_to_secctx in netlink netfilter
Casey Schaufler
- [PATCH 20/27] NET: Store LSM netlabel data in a lsmblob
Casey Schaufler
- [PATCH 21/27] SELinux: Verify LSM display sanity in binder
Casey Schaufler
- [PATCH 22/27] Audit: Add subj_LSM fields when necessary
Casey Schaufler
- [PATCH 23/27] Audit: Include object data for all security modules
Casey Schaufler
- [PATCH 24/27] LSM: Provide an user space interface for the default display
Casey Schaufler
- [PATCH 25/27] NET: Add SO_PEERCONTEXT for multiple LSMs
Casey Schaufler
- [PATCH 26/27] LSM: Add /proc attr entry for full LSM context
Casey Schaufler
- [PATCH 27/27] AppArmor: Remove the exclusive flag
Casey Schaufler
- [PATCH bpf-next v10 06/10] bpf,landlock: Add a new map type: inode
Alexei Starovoitov
- [GIT PULL] SELinux fixes for v5.3 (#1)
pr-tracker-bot at kernel.org
- [RFC 3/7] tee: add private login method for kernel clients
Jens Wiklander
- [PATCH 25/27] NET: Add SO_PEERCONTEXT for multiple LSMs
Simon McVittie
- [RFC 3/7] tee: add private login method for kernel clients
Sumit Garg
- [PATCH 25/27] NET: Add SO_PEERCONTEXT for multiple LSMs
Casey Schaufler
- [PATCH 14/27] LSM: Specify which LSM to display
Kees Cook
- [PATCH 24/27] LSM: Provide an user space interface for the default display
Kees Cook
- [PATCH 26/27] LSM: Add /proc attr entry for full LSM context
Kees Cook
- [PATCH 26/27] LSM: Add /proc attr entry for full LSM context
Casey Schaufler
- [PATCH 26/27] LSM: Add /proc attr entry for full LSM context
Kees Cook
- [PATCH V36 23/29] bpf: Restrict bpf when kernel lockdown is in confidentiality mode
Matthew Garrett
- [PATCH V36 19/29] Lock down module params that specify hardware parameters (eg. ioport)
Matthew Garrett
- [PATCH 1/2] KEYS: Replace uid/gid/perm permissions checking with an ACL
Eric Biggers
- [RFC v2 0/6] Introduce TEE based Trusted Keys support
Sumit Garg
- [RFC v2 1/6] tee: optee: allow kernel pages to register as shm
Sumit Garg
- [RFC v2 2/6] tee: enable support to register kernel memory
Sumit Garg
- [RFC v2 3/6] tee: add private login method for kernel clients
Sumit Garg
- [RFC v2 4/6] KEYS: trusted: Introduce TEE based Trusted Keys
Sumit Garg
- [RFC v2 5/6] doc: keys: Document usage of TEE based Trusted Keys
Sumit Garg
- [RFC v2 6/6] MAINTAINERS: Add entry for TEE based Trusted Keys
Sumit Garg
- [PATCH] tracefs: Restrict tracefs when the kernel is locked down
Matthew Garrett
- [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf
Andy Lutomirski
- [PATCH v12 0/5] overlayfs override_creds=off
Casey Schaufler
- [PATCH 1/2] KEYS: Replace uid/gid/perm permissions checking with an ACL
Eric Biggers
- [PATCH] tracefs: Restrict tracefs when the kernel is locked down
Steven Rostedt
- [PATCH bpf-next v10 10/10] landlock: Add user and kernel documentation for Landlock
Randy Dunlap
- [RFC v2 0/6] Introduce TEE based Trusted Keys support
Janne Karhunen
- [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf
Song Liu
- [RFC v2 0/6] Introduce TEE based Trusted Keys support
Janne Karhunen
- [RFC v2 0/6] Introduce TEE based Trusted Keys support
Sumit Garg
- [RFC v2 0/6] Introduce TEE based Trusted Keys support
Janne Karhunen
- [RFC v2 0/6] Introduce TEE based Trusted Keys support
Sumit Garg
- [RFC v2 0/6] Introduce TEE based Trusted Keys support
Sumit Garg
- [PATCH] fanotify, inotify, dnotify, security: add security hook for fs notifications
Aaron Goidel
- [PATCH] fanotify, inotify, dnotify, security: add security hook for fs notifications
Casey Schaufler
- [PATCH bpf-next v10 06/10] bpf,landlock: Add a new map type: inode
Mickaël Salaün
- [PATCH] tomoyo: common: Fix potential Spectre v1 vulnerability
Gustavo A. R. Silva
- [PATCH bpf-next v10 06/10] bpf, landlock: Add a new map type: inode
Alexei Starovoitov
- [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf
Andy Lutomirski
- [PATCH bpf-next v10 06/10] bpf,landlock: Add a new map type: inode
Mickaël Salaün
- [GIT PULL] SafeSetID MAINTAINERS file update for v5.3
Micah Morton
- [PATCH V37 00/29] security: Add support for locking down the kernel
Matthew Garrett
- [PATCH V37 01/29] security: Support early LSMs
Matthew Garrett
- [PATCH V37 02/29] security: Add a "locked down" LSM hook
Matthew Garrett
- [PATCH V37 03/29] security: Add a static lockdown policy LSM
Matthew Garrett
- [PATCH V37 04/29] Enforce module signatures if the kernel is locked down
Matthew Garrett
- [PATCH V37 05/29] Restrict /dev/{mem,kmem,port} when the kernel is locked down
Matthew Garrett
- [PATCH V37 06/29] kexec_load: Disable at runtime if the kernel is locked down
Matthew Garrett
- [PATCH V37 07/29] Copy secure_boot flag in boot params across kexec reboot
Matthew Garrett
- [PATCH V37 08/29] kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE
Matthew Garrett
- [PATCH V37 09/29] kexec_file: Restrict at runtime if the kernel is locked down
Matthew Garrett
- [PATCH V37 10/29] hibernate: Disable when the kernel is locked down
Matthew Garrett
- [PATCH V37 11/29] PCI: Lock down BAR access when the kernel is locked down
Matthew Garrett
- [PATCH V37 12/29] x86: Lock down IO port access when the kernel is locked down
Matthew Garrett
- [PATCH V37 13/29] x86/msr: Restrict MSR access when the kernel is locked down
Matthew Garrett
- [PATCH V37 14/29] ACPI: Limit access to custom_method when the kernel is locked down
Matthew Garrett
- [PATCH V37 15/29] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down
Matthew Garrett
- [PATCH V37 16/29] acpi: Disable ACPI table override if the kernel is locked down
Matthew Garrett
- [PATCH V37 17/29] Prohibit PCMCIA CIS storage when the kernel is locked down
Matthew Garrett
- [PATCH V37 18/29] Lock down TIOCSSERIAL
Matthew Garrett
- [PATCH V37 19/29] Lock down module params that specify hardware parameters (eg. ioport)
Matthew Garrett
- [PATCH V37 20/29] x86/mmiotrace: Lock down the testmmiotrace module
Matthew Garrett
- [PATCH V37 21/29] Lock down /proc/kcore
Matthew Garrett
- [PATCH V37 22/29] Lock down tracing and perf kprobes when in confidentiality mode
Matthew Garrett
- [PATCH V37 23/29] bpf: Restrict bpf when kernel lockdown is in confidentiality mode
Matthew Garrett
- [PATCH V37 24/29] Lock down perf when in confidentiality mode
Matthew Garrett
- [PATCH V37 25/29] kexec: Allow kexec_file() with appropriate IMA policy when locked down
Matthew Garrett
- [PATCH V37 26/29] debugfs: Restrict debugfs when the kernel is locked down
Matthew Garrett
- [PATCH V37 27/29] tracefs: Restrict tracefs when the kernel is locked down
Matthew Garrett
- [PATCH V37 28/29] efi: Restrict efivar_ssdt_load when the kernel is locked down
Matthew Garrett
- [PATCH V37 29/29] lockdown: Print current->comm in restriction messages
Matthew Garrett
Last message date:
Wed Jul 31 22:16:17 UTC 2019
Archived on: Wed Jul 31 22:19:45 UTC 2019
This archive was generated by
Pipermail 0.09 (Mailman edition).