June 2019 Archives by subject
Starting: Sat Jun 1 01:18:32 UTC 2019
Ending: Sun Jun 30 15:39:59 UTC 2019
Messages: 1172
- [GIT PULL] apparmor bug fixes for v5.3-rc4
John Johansen
- [GIT PULL] apparmor bug fixes for v5.3-rc4
Linus Torvalds
- [GIT PULL] apparmor bug fixes for v5.3-rc6
John Johansen
- [GIT PULL] apparmor bug fixes for v5.3-rc6
pr-tracker-bot at kernel.org
- [GIT PULL] SELinux fixes for v5.2 (#2)
Paul Moore
- [GIT PULL] SELinux fixes for v5.2 (#2)
pr-tracker-bot at kernel.org
- [GIT PULL] tpmdd updates for Linux v5.3
Jarkko Sakkinen
- [IMA] Re: possible deadlock in get_user_pages_unlocked (2)
Eric Biggers
- [PATCH -next] ima: Make arch_policy_entry static
YueHaibing
- [PATCH -next] ima: Make arch_policy_entry static
Mimi Zohar
- [PATCH -next] security: Make capability_hooks static
YueHaibing
- [PATCH -next] security: Make capability_hooks static
James Morris
- [PATCH 0/6] keys: request_key() improvements [ver #2]
David Howells
- [PATCH 0/6] Mount and superblock notifications [ver #5]
David Howells
- [PATCH 0/6] Mount and superblock notifications [ver #5]
David Howells
- [PATCH 0/9] Keyrings, Block and USB notifications [ver #5]
David Howells
- [PATCH 0/9] keys: Namespacing [ver #4]
David Howells
- [PATCH 0/9] keys: Namespacing [ver #4]
David Howells
- [PATCH 0/9] keys: Namespacing [ver #4]
David Howells
- [PATCH 00/10] keys: Miscellany [ver #3]
David Howells
- [PATCH 00/58] LSM: Module stacking for AppArmor
Kees Cook
- [PATCH 00/58] LSM: Module stacking for AppArmor
Kees Cook
- [PATCH 00/58] LSM: Module stacking for AppArmor
Casey Schaufler
- [PATCH 00/58] LSM: Module stacking for AppArmor
Stephen Smalley
- [PATCH 00/58] LSM: Module stacking for AppArmor
Casey Schaufler
- [PATCH 00/58] LSM: Module stacking for AppArmor
Stephen Smalley
- [PATCH 00/58] LSM: Module stacking for AppArmor
Casey Schaufler
- [PATCH 00/58] LSM: Module stacking for AppArmor
Stephen Smalley
- [PATCH 00/58] LSM: Module stacking for AppArmor
James Morris
- [PATCH 00/58] LSM: Module stacking for AppArmor
Casey Schaufler
- [PATCH 00/58] LSM: Module stacking for AppArmor
John Johansen
- [PATCH 00/58] LSM: Module stacking for AppArmor
James Morris
- [PATCH 00/58] LSM: Module stacking for AppArmor
John Johansen
- [PATCH 00/58] LSM: Module stacking for AppArmor
James Morris
- [PATCH 00/58] LSM: Module stacking for AppArmor
John Johansen
- [PATCH 00/58] LSM: Module stacking for AppArmor
James Morris
- [PATCH 00/58] LSM: Module stacking for AppArmor
José Bollo
- [PATCH 01/10] keys: sparse: Fix key_fs[ug]id_changed() [ver #3]
David Howells
- [PATCH 01/10] security: Override creds in __fput() with last fputter's creds [ver #3]
David Howells
- [PATCH 01/10] security: Override creds in __fput() with last fputter's creds [ver #3]
Andy Lutomirski
- [PATCH 01/10] security: Override creds in __fput() with last fputter's creds [ver #3]
David Howells
- [PATCH 01/10] security: Override creds in __fput() with last fputter's creds [ver #3]
Andy Lutomirski
- [PATCH 01/10] security: Override creds in __fput() with last fputter's creds [ver #3]
Casey Schaufler
- [PATCH 01/10] security: Override creds in __fput() with last fputter's creds [ver #3]
Andy Lutomirski
- [PATCH 01/13] security: Override creds in __fput() with last fputter's creds [ver #4]
David Howells
- [PATCH 01/58] LSM: Infrastructure management of the superblock
Kees Cook
- [PATCH 01/58] LSM: Infrastructure management of the superblock
Casey Schaufler
- [PATCH 02/10] General notification queue with user mmap()'able ring buffer [ver #3]
David Howells
- [PATCH 02/10] keys: sparse: Fix incorrect RCU accesses [ver #3]
David Howells
- [PATCH 02/13] uapi: General notification ring definitions [ver #4]
David Howells
- [PATCH 02/13] uapi: General notification ring definitions [ver #4]
Darrick J. Wong
- [PATCH 02/13] uapi: General notification ring definitions [ver #4]
David Howells
- [PATCH 02/13] uapi: General notification ring definitions [ver #4]
David Howells
- [PATCH 02/13] uapi: General notification ring definitions [ver #4]
Randy Dunlap
- [PATCH 02/13] uapi: General notification ring definitions [ver #4]
David Howells
- [PATCH 02/13] uapi: General notification ring definitions [ver #4]
Randy Dunlap
- [PATCH 02/58] LSM: Infrastructure management of the sock security
Kees Cook
- [PATCH 02/58] LSM: Infrastructure management of the sock security
Casey Schaufler
- [PATCH 03/10] keys: Add a notification facility [ver #3]
David Howells
- [PATCH 03/10] keys: sparse: Fix kdoc mismatches [ver #3]
David Howells
- [PATCH 03/13] security: Add hooks to rule on setting a watch [ver #4]
David Howells
- [PATCH 03/58] LSM: Infrastructure management of the key security blob
Kees Cook
- [PATCH 03/58] LSM: Infrastructure management of the key security blob
Casey Schaufler
- [PATCH 04/10] keys: Change keyring_serialise_link_sem to a mutex [ver #3]
David Howells
- [PATCH 04/10] vfs: Add a mount-notification facility [ver #3]
David Howells
- [PATCH 04/13] security: Add a hook for the point of notification insertion [ver #4]
David Howells
- [PATCH 04/58] LSM: Create an lsm_export data structure.
Kees Cook
- [PATCH 04/58] LSM: Create an lsm_export data structure.
Casey Schaufler
- [PATCH 04/58] LSM: Create an lsm_export data structure.
Casey Schaufler
- [PATCH 05/10] keys: Break bits out of key_unlink() [ver #3]
David Howells
- [PATCH 05/10] vfs: Add superblock notifications [ver #3]
David Howells
- [PATCH 05/13] General notification queue with user mmap()'able ring buffer [ver #4]
David Howells
- [PATCH 05/58] LSM: Use lsm_export in the inode_getsecid hooks
Kees Cook
- [PATCH 05/58] LSM: Use lsm_export in the inode_getsecid hooks
Casey Schaufler
- [PATCH 05/58] LSM: Use lsm_export in the inode_getsecid hooks
Casey Schaufler
- [PATCH 05/58] LSM: Use lsm_export in the inode_getsecid hooks
Kees Cook
- [PATCH 06/10] fsinfo: Export superblock notification counter [ver #3]
David Howells
- [PATCH 06/10] keys: Hoist locking out of __key_link_begin() [ver #3]
David Howells
- [PATCH 06/13] keys: Add a notification facility [ver #4]
David Howells
- [PATCH 06/13] keys: Add a notification facility [ver #4]
Jonathan Corbet
- [PATCH 06/13] keys: Add a notification facility [ver #4]
David Howells
- [PATCH 06/58] LSM: Use lsm_export in the cred_getsecid hooks
Casey Schaufler
- [PATCH 07/10] Add a general, global device notification watch list [ver #3]
David Howells
- [PATCH 07/10] keys: Add a keyctl to move a key between keyrings [ver #3]
David Howells
- [PATCH 07/13] vfs: Add a mount-notification facility [ver #4]
David Howells
- [PATCH 07/58] LSM: Use lsm_export in the ipc_getsecid and task_getsecid hooks
Casey Schaufler
- [PATCH 08/10] block: Add block layer notifications [ver #3]
David Howells
- [PATCH 08/10] keys: Grant Link permission to possessers of request_key auth keys [ver #3]
David Howells
- [PATCH 08/13] vfs: Add superblock notifications [ver #4]
David Howells
- [PATCH 08/58] LSM: Use lsm_export in the kernel_ask_as hooks
Casey Schaufler
- [PATCH 09/10] keys: Reuse keyring_index_key::desc_len in lookup_user_key() [ver #3]
David Howells
- [PATCH 09/10] usb: Add USB subsystem notifications [ver #3]
David Howells
- [PATCH 09/10] usb: Add USB subsystem notifications [ver #3]
Alan Stern
- [PATCH 09/10] usb: Add USB subsystem notifications [ver #3]
Greg Kroah-Hartman
- [PATCH 09/10] usb: Add USB subsystem notifications [ver #3]
Alan Stern
- [PATCH 09/10] usb: Add USB subsystem notifications [ver #3]
Greg Kroah-Hartman
- [PATCH 09/10] usb: Add USB subsystem notifications [ver #3]
Alan Stern
- [PATCH 09/10] usb: Add USB subsystem notifications [ver #3]
Alan Stern
- [PATCH 09/10] usb: Add USB subsystem notifications [ver #3]
Felipe Balbi
- [PATCH 09/13] fsinfo: Export superblock notification counter [ver #4]
David Howells
- [PATCH 09/58] LSM: Use lsm_export in the getpeersec_dgram hooks
Casey Schaufler
- [PATCH 1/1 v2] Add dm verity root hash pkcs7 sig validation.
Sasha Levin
- [PATCH 1/2] LSM: switch to blocking policy update notifiers
Paul Moore
- [PATCH 1/2] LSM: switch to blocking policy update notifiers
Janne Karhunen
- [PATCH 1/2] LSM: switch to blocking policy update notifiers
Janne Karhunen
- [PATCH 1/2] LSM: switch to blocking policy update notifiers
Casey Schaufler
- [PATCH 1/2] LSM: switch to blocking policy update notifiers
Paul Moore
- [PATCH 1/2] LSM: switch to blocking policy update notifiers
Paul Moore
- [PATCH 1/2] LSM: switch to blocking policy update notifiers
James Morris
- [PATCH 1/2] LSM: switch to blocking policy update notifiers
Paul Moore
- [PATCH 1/2] LSM: switch to blocking policy update notifiers
James Morris
- [PATCH 1/2] LSM: switch to blocking policy update notifiers
Janne Karhunen
- [PATCH 1/3] IMA:Define a new hook to measure the kexec boot command line arguments
Mimi Zohar
- [PATCH 1/3] IMA:Define a new hook to measure the kexec boot command line arguments
Prakhar Srivastava
- [PATCH 1/4] [v2] structleak: disable STRUCTLEAK_BYREF in combination with KASAN_STACK
Kees Cook
- [PATCH 1/4] [v2] structleak: disable STRUCTLEAK_BYREF in combination with KASAN_STACK
Arnd Bergmann
- [PATCH 1/6] keys: Fix request_key() lack of Link perm check on found key [ver #2]
David Howells
- [PATCH 1/6] security: Add hooks to rule on setting a superblock or mount watch [ver #5]
David Howells
- [PATCH 1/7] General notification queue with user mmap()'able ring buffer
Peter Zijlstra
- [PATCH 1/8] security: Override creds in __fput() with last fputter's creds [ver #2]
David Howells
- [PATCH 1/8] security: Override creds in __fput() with last fputter's creds [ver #2]
Andy Lutomirski
- [PATCH 1/9] keys: Simplify key description management [ver #4]
David Howells
- [PATCH 1/9] keys: Simplify key description management [ver #4]
David Howells
- [PATCH 1/9] uapi: General notification ring definitions [ver #5]
David Howells
- [PATCH 10/10] Add sample notification program [ver #3]
David Howells
- [PATCH 10/10] Add sample notification program [ver #3]
Eugeniu Rosca
- [PATCH 10/10] Add sample notification program [ver #3]
David Howells
- [PATCH 10/10] Add sample notification program [ver #3]
David Howells
- [PATCH 10/10] keys: Add capability-checking keyctl function [ver #3]
David Howells
- [PATCH 10/13] Add a general, global device notification watch list [ver #4]
David Howells
- [PATCH 10/58] LSM: Use lsm_export in the audit_rule_match hooks
Casey Schaufler
- [PATCH 11/13] block: Add block layer notifications [ver #4]
David Howells
- [PATCH 11/58] LSM: Use lsm_export in the secid_to_secctx hooks
Casey Schaufler
- [PATCH 12/13] usb: Add USB subsystem notifications [ver #4]
David Howells
- [PATCH 12/58] LSM: Use lsm_export in the secctx_to_secid hooks
Casey Schaufler
- [PATCH 13/13] Add sample notification program [ver #4]
David Howells
- [PATCH 13/58] LSM: Use lsm_export in security_audit_rule_match
Casey Schaufler
- [PATCH 14/58] LSM: Use lsm_export in security_kernel_act_as
Casey Schaufler
- [PATCH 15/58] LSM: Use lsm_export in security_socket_getpeersec_dgram
Casey Schaufler
- [PATCH 16/58] LSM: Use lsm_export in security_secctx_to_secid
Casey Schaufler
- [PATCH 17/58] LSM: Use lsm_export in security_secid_to_secctx
Casey Schaufler
- [PATCH 18/58] LSM: Use lsm_export in security_ipc_getsecid
Casey Schaufler
- [PATCH 19/58] LSM: Use lsm_export in security_task_getsecid
Casey Schaufler
- [PATCH 2/2] ima: use the lsm policy update notifier
Janne Karhunen
- [PATCH 2/2] ima: use the lsm policy update notifier
Janne Karhunen
- [PATCH 2/2] ima: use the lsm policy update notifier
Mimi Zohar
- [PATCH 2/2] ima: use the lsm policy update notifier
Mimi Zohar
- [PATCH 2/3] IMA:Define a new template field buf
Prakhar Srivastava
- [PATCH 2/3] IMA:Define a new template field buf
Mimi Zohar
- [PATCH 2/3] IMA:Define a new template field buf
prakhar srivastava
- [PATCH 2/3] IMA:Define a new template field buf
Mimi Zohar
- [PATCH 2/6] Adjust watch_queue documentation to mention mount and superblock watches. [ver #5]
David Howells
- [PATCH 2/6] keys: Invalidate used request_key authentication keys [ver #2]
David Howells
- [PATCH 2/8] General notification queue with user mmap()'able ring buffer [ver #2]
David Howells
- [PATCH 2/9] keys: Cache the hash value to avoid lots of recalculation [ver #4]
David Howells
- [PATCH 2/9] keys: Cache the hash value to avoid lots of recalculation [ver #4]
David Howells
- [PATCH 2/9] security: Add hooks to rule on setting a watch [ver #5]
David Howells
- [PATCH 20/58] LSM: Use lsm_export in security_inode_getsecid
Casey Schaufler
- [PATCH 21/39] docs: x86: move two x86-specific files to x86 arch dir
Mauro Carvalho Chehab
- [PATCH 21/58] LSM: Use lsm_export in security_cred_getsecid
Casey Schaufler
- [PATCH 22/58] Audit: Change audit_sig_sid to audit_sig_lsm
Kees Cook
- [PATCH 22/58] Audit: Change audit_sig_sid to audit_sig_lsm
Casey Schaufler
- [PATCH 22/58] Audit: Change audit_sig_sid to audit_sig_lsm
Casey Schaufler
- [PATCH 22/58] Audit: Change audit_sig_sid to audit_sig_lsm
Kees Cook
- [PATCH 22/58] Audit: Change audit_sig_sid to audit_sig_lsm
Casey Schaufler
- [PATCH 22/58] Audit: Change audit_sig_sid to audit_sig_lsm
Kees Cook
- [PATCH 22/58] Audit: Change audit_sig_sid to audit_sig_lsm
Casey Schaufler
- [PATCH 22/58] Audit: Change audit_sig_sid to audit_sig_lsm
Kees Cook
- [PATCH 23/58] Audit: Convert target_sid to an lsm_export structure
Casey Schaufler
- [PATCH 24/58] Audit: Convert osid to an lsm_export structure
Casey Schaufler
- [PATCH 25/58] IMA: Clean out lsm_export scaffolding
Kees Cook
- [PATCH 25/58] IMA: Clean out lsm_export scaffolding
Casey Schaufler
- [PATCH 25/58] IMA: Clean out lsm_export scaffolding
Casey Schaufler
- [PATCH 26/58] NET: Change the UNIXCB from a secid to an lsm_export
Casey Schaufler
- [PATCH 27/39] docs: cgroup-v1: add it to the admin-guide book
Mauro Carvalho Chehab
- [PATCH 27/58] NET: Remove scaffolding on secmarks
Casey Schaufler
- [PATCH 28/58] NET: Remove scaffolding on new secmarks
Casey Schaufler
- [PATCH 29/58] NET: Remove netfilter scaffolding for lsm_export
Casey Schaufler
- [PATCH 3/3] KEXEC:Call ima_kexec_cmdline to measure the boot command line args
Prakhar Srivastava
- [PATCH 3/6] keys: Move the RCU locks outwards from the keyring search functions [ver #2]
David Howells
- [PATCH 3/6] vfs: Add a mount-notification facility [ver #5]
David Howells
- [PATCH 3/7] vfs: Add a mount-notification facility
David Howells
- [PATCH 3/8] keys: Add a notification facility [ver #2]
David Howells
- [PATCH 3/9] keys: Add a 'recurse' flag for keyring searches [ver #4]
David Howells
- [PATCH 3/9] keys: Add a 'recurse' flag for keyring searches [ver #4]
David Howells
- [PATCH 3/9] security: Add a hook for the point of notification insertion [ver #5]
David Howells
- [PATCH 30/58] Netlabel: Replace secids with lsm_export
Casey Schaufler
- [PATCH 31/58] LSM: Remove lsm_export scaffolding functions
Casey Schaufler
- [PATCH 32/58] IMA: FIXUP prototype using lsm_export
Casey Schaufler
- [PATCH 33/58] Smack: Restore the release_secctx hook
Casey Schaufler
- [PATCH 34/58] AppArmor: Remove unnecessary hook stub
Casey Schaufler
- [PATCH 35/58] LSM: Limit calls to certain module hooks
Casey Schaufler
- [PATCH 35/58] LSM: Limit calls to certain module hooks
Ondrej Mosnacek
- [PATCH 36/58] LSM: Create a data structure for a security context
Casey Schaufler
- [PATCH 37/39] docs: adds some directories to the main documentation index
Bartlomiej Zolnierkiewicz
- [PATCH 37/39] docs: adds some directories to the main documentation index
Mauro Carvalho Chehab
- [PATCH 37/58] LSM: Use lsm_context in secid_to_secctx hooks
Casey Schaufler
- [PATCH 38/58] LSM: Use lsm_context in secctx_to_secid hooks
Casey Schaufler
- [PATCH 39/58] LSM: Use lsm_context in inode_getsecctx hooks
Casey Schaufler
- [PATCH 4/6] keys: Provide request_key_rcu() [ver #2]
David Howells
- [PATCH 4/6] vfs: Add superblock notifications [ver #5]
David Howells
- [PATCH 4/8] vfs: Add a mount-notification facility [ver #2]
David Howells
- [PATCH 4/9] General notification queue with user mmap()'able ring buffer [ver #5]
David Howells
- [PATCH 4/9] keys: Namespace keyring names [ver #4]
David Howells
- [PATCH 4/9] keys: Namespace keyring names [ver #4]
David Howells
- [PATCH 40/58] LSM: Use lsm_context in inode_notifysecctx hooks
Casey Schaufler
- [PATCH 41/58] LSM: Use lsm_context in dentry_init_security hooks
Casey Schaufler
- [PATCH 42/58] LSM: Use lsm_context in security_dentry_init_security
Casey Schaufler
- [PATCH 43/58] LSM: Use lsm_context in security_inode_notifysecctx
Casey Schaufler
- [PATCH 44/58] LSM: Use lsm_context in security_inode_getsecctx
Casey Schaufler
- [PATCH 45/58] LSM: Use lsm_context in security_secctx_to_secid
Casey Schaufler
- [PATCH 46/58] LSM: Use lsm_context in release_secctx hooks
Kees Cook
- [PATCH 46/58] LSM: Use lsm_context in release_secctx hooks
Casey Schaufler
- [PATCH 46/58] LSM: Use lsm_context in release_secctx hooks
Casey Schaufler
- [PATCH 47/58] LSM: Use lsm_context in security_release_secctx
Casey Schaufler
- [PATCH 48/58] LSM: Use lsm_context in security_secid_to_secctx
Casey Schaufler
- [PATCH 49/58] fs: remove lsm_context scaffolding
Casey Schaufler
- [PATCH 5/6] fsinfo: Export superblock notification counter [ver #5]
David Howells
- [PATCH 5/6] keys: Cache result of request_key*() temporarily in task_struct [ver #2]
David Howells
- [PATCH 5/8] vfs: Add superblock notifications [ver #2]
David Howells
- [PATCH 5/9] keys: Add a notification facility [ver #5]
David Howells
- [PATCH 5/9] keys: Move the user and user-session keyrings to the user_namespace [ver #4]
David Howells
- [PATCH 5/9] keys: Move the user and user-session keyrings to the user_namespace [ver #4]
David Howells
- [PATCH 50/58] LSM: Add the release function to the lsm_context
Casey Schaufler
- [PATCH 51/58] LSM: Use lsm_context in inode_setsecctx hooks
Casey Schaufler
- [PATCH 52/58] LSM: Use lsm_context in security_inode_setsecctx
Casey Schaufler
- [PATCH 53/58] kernfs: remove lsm_context scaffolding
Casey Schaufler
- [PATCH 54/58] LSM: Remove unused macro
Casey Schaufler
- [PATCH 55/58] LSM: Special handling for secctx lsm hooks
Casey Schaufler
- [PATCH 56/58] SELinux: Use blob offset in current_sid
Casey Schaufler
- [PATCH 57/58] LSM: Specify which LSM to display
Casey Schaufler
- [PATCH 58/58] AppArmor: Remove the exclusive flag
Casey Schaufler
- [PATCH 6/6] Add sample notification program [ver #5]
David Howells
- [PATCH 6/6] keys: Kill off request_key_async{, _with_auxdata} [ver #2]
David Howells
- [PATCH 6/8] fsinfo: Export superblock notification counter [ver #2]
David Howells
- [PATCH 6/9] Add a general, global device notification watch list [ver #5]
David Howells
- [PATCH 6/9] keys: Include target namespace in match criteria [ver #4]
David Howells
- [PATCH 7/8] block: Add block layer notifications [ver #2]
David Howells
- [PATCH 7/9] block: Add block layer notifications [ver #5]
David Howells
- [PATCH 7/9] keys: Garbage collect keys for which the domain has been removed [ver #4]
David Howells
- [PATCH 8/8] Add sample notification program [ver #2]
David Howells
- [PATCH 8/9] keys: Network namespace domain tag [ver #4]
David Howells
- [PATCH 8/9] keys: Network namespace domain tag [ver #4]
Willem de Bruijn
- [PATCH 8/9] keys: Network namespace domain tag [ver #4]
David Howells
- [PATCH 8/9] usb: Add USB subsystem notifications [ver #5]
David Howells
- [PATCH 9/9] Add sample notification program [ver #5]
David Howells
- [PATCH 9/9] keys: Pass the network namespace into request_key mechanism [ver #4]
David Howells
- [PATCH bpf-next v9 00/10] Landlock LSM: Toward unprivileged sandboxing
Mickaël Salaün
- [PATCH bpf-next v9 01/10] fs, security: Add a new file access type: MAY_CHROOT
Mickaël Salaün
- [PATCH bpf-next v9 02/10] bpf: Add eBPF program subtype and is_valid_subtype() verifier
Mickaël Salaün
- [PATCH bpf-next v9 02/10] bpf: Add eBPF program subtype and is_valid_subtype() verifier
Alexei Starovoitov
- [PATCH bpf-next v9 02/10] bpf: Add eBPF program subtype and is_valid_subtype() verifier
Mickaël Salaün
- [PATCH bpf-next v9 03/10] bpf, landlock: Define an eBPF program type for Landlock hooks
Mickaël Salaün
- [PATCH bpf-next v9 04/10] seccomp, landlock: Enforce Landlock programs per process hierarchy
Mickaël Salaün
- [PATCH bpf-next v9 05/10] bpf, landlock: Add a new map type: inode
Al Viro
- [PATCH bpf-next v9 05/10] bpf, landlock: Add a new map type: inode
Mickaël Salaün
- [PATCH bpf-next v9 05/10] bpf, landlock: Add a new map type: inode
Al Viro
- [PATCH bpf-next v9 05/10] bpf, landlock: Add a new map type: inode
Mickaël Salaün
- [PATCH bpf-next v9 05/10] bpf,landlock: Add a new map type: inode
Mickaël Salaün
- [PATCH bpf-next v9 06/10] landlock: Handle filesystem access control
Mickaël Salaün
- [PATCH bpf-next v9 07/10] landlock: Add ptrace restrictions
Mickaël Salaün
- [PATCH bpf-next v9 08/10] bpf: Add a Landlock sandbox example
Mickaël Salaün
- [PATCH bpf-next v9 09/10] bpf,landlock: Add tests for Landlock
Mickaël Salaün
- [PATCH bpf-next v9 10/10] landlock: Add user and kernel documentation for Landlock
Mickaël Salaün
- [PATCH v1 11/22] docs: admin-guide: add .rst files from the main dir
Mauro Carvalho Chehab
- [PATCH v1 13/22] docs: x86: move two x86-specific files to x86 arch dir
Mauro Carvalho Chehab
- [PATCH v10 0/3] add init_on_alloc/init_on_free boot options
Alexander Potapenko
- [PATCH V10 0/3] Add support for measuring the boot command line during kexec_file_load
Prakhar Srivastava
- [PATCH v10 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Alexander Potapenko
- [PATCH V10 1/3] IMA: Define a new hook to measure the kexec boot command line arguments
Mimi Zohar
- [PATCH V10 1/3] IMA: Define a new hook to measure the kexec boot command line arguments
Prakhar Srivastava
- [PATCH v10 2/2] mm: init: report memory auto-initialization features at boot time
Alexander Potapenko
- [PATCH V10 2/3] IMA: Define a new template field buf
Prakhar Srivastava
- [PATCH V10 2/3] IMA: Define a new template field buf
Thiago Jung Bauermann
- [PATCH V10 2/3] IMA: Define a new template field buf
Mimi Zohar
- [PATCH V10 2/3] IMA: Define a new template field buf
Thiago Jung Bauermann
- [PATCH V10 3/3] KEXEC: Call ima_kexec_cmdline to measure the boot command line args
Prakhar Srivastava
- [PATCH v11 00/13] Appended signatures support for IMA appraisal
Thiago Jung Bauermann
- [PATCH v11 01/13] MODSIGN: Export module signature definitions
Thiago Jung Bauermann
- [PATCH v11 01/13] MODSIGN: Export module signature definitions
Thiago Jung Bauermann
- [PATCH v11 02/13] PKCS#7: Refactor verify_pkcs7_signature()
Thiago Jung Bauermann
- [PATCH v11 02/13] PKCS#7: Refactor verify_pkcs7_signature()
Thiago Jung Bauermann
- [PATCH v11 03/13] PKCS#7: Introduce pkcs7_get_digest()
Thiago Jung Bauermann
- [PATCH v11 04/13] integrity: Introduce struct evm_xattr
Thiago Jung Bauermann
- [PATCH v11 05/13] integrity: Select CONFIG_KEYS instead of depending on it
Thiago Jung Bauermann
- [PATCH v11 06/13] ima: Use designated initializers for struct ima_event_data
Thiago Jung Bauermann
- [PATCH v11 07/13] ima: Add modsig appraise_type option for module-style appended signatures
Thiago Jung Bauermann
- [PATCH v11 08/13] ima: Factor xattr_verify() out of ima_appraise_measurement()
Thiago Jung Bauermann
- [PATCH v11 09/13] ima: Implement support for module-style appended signatures
Thiago Jung Bauermann
- [PATCH v11 10/13] ima: Collect modsig
Thiago Jung Bauermann
- [PATCH v11 11/13] ima: Define ima-modsig template
Thiago Jung Bauermann
- [PATCH v11 12/13] ima: Store the measurement again when appraising a modsig
Thiago Jung Bauermann
- [PATCH v11 13/13] ima: Allow template= option for appraise rules as well
Thiago Jung Bauermann
- [PATCH v12 00/11] Appended signatures support for IMA appraisal
Thiago Jung Bauermann
- [PATCH v12 01/11] MODSIGN: Export module signature definitions
Thiago Jung Bauermann
- [PATCH v12 02/11] PKCS#7: Refactor verify_pkcs7_signature()
Thiago Jung Bauermann
- [PATCH v12 03/11] PKCS#7: Introduce pkcs7_get_digest()
Thiago Jung Bauermann
- [PATCH v12 04/11] integrity: Select CONFIG_KEYS instead of depending on it
Thiago Jung Bauermann
- [PATCH v12 05/11] ima: Add modsig appraise_type option for module-style appended signatures
Thiago Jung Bauermann
- [PATCH v12 06/11] ima: Factor xattr_verify() out of ima_appraise_measurement()
Thiago Jung Bauermann
- [PATCH v12 07/11] ima: Implement support for module-style appended signatures
Thiago Jung Bauermann
- [PATCH v12 08/11] ima: Collect modsig
Thiago Jung Bauermann
- [PATCH v12 09/11] ima: Define ima-modsig template
Thiago Jung Bauermann
- [PATCH v12 10/11] ima: Store the measurement again when appraising a modsig
Thiago Jung Bauermann
- [PATCH v12 11/11] ima: Allow template= option for appraise rules as well
Thiago Jung Bauermann
- [PATCH v2 00/25] LSM: Module stacking for AppArmor
Casey Schaufler
- [PATCH v2 00/25] LSM: Module stacking for AppArmor
Kees Cook
- [PATCH v2 00/25] LSM: Module stacking for AppArmor
Kees Cook
- [PATCH v2 00/25] LSM: Module stacking for AppArmor
Casey Schaufler
- [PATCH v2 00/25] LSM: Module stacking for AppArmor
Casey Schaufler
- [PATCH v2 00/25] LSM: Module stacking for AppArmor
James Morris
- [PATCH v2 01/25] LSM: Infrastructure management of the superblock
Casey Schaufler
- [PATCH v2 02/25] LSM: Infrastructure management of the sock security
Casey Schaufler
- [PATCH v2 03/25] LSM: Infrastructure management of the key blob
Casey Schaufler
- [PATCH v2 04/25] LSM: Create and manage the lsmblob data structure.
Kees Cook
- [PATCH v2 04/25] LSM: Create and manage the lsmblob data structure.
Kees Cook
- [PATCH v2 04/25] LSM: Create and manage the lsmblob data structure.
Casey Schaufler
- [PATCH v2 04/25] LSM: Create and manage the lsmblob data structure.
Casey Schaufler
- [PATCH v2 05/25] Use lsmblob in security_audit_rule_match
Casey Schaufler
- [PATCH v2 05/25] Use lsmblob in security_audit_rule_match
Kees Cook
- [PATCH v2 06/25] LSM: Use lsmblob in security_kernel_act_as
Casey Schaufler
- [PATCH v2 07/25] net: Prepare UDS for secuirty module stacking
Casey Schaufler
- [PATCH v2 07/25] net: Prepare UDS for secuirty module stacking
Kees Cook
- [PATCH v2 07/25] net: Prepare UDS for secuirty module stacking
Casey Schaufler
- [PATCH v2 08/25] LSM: Use lsmblob in security_secctx_to_secid
Casey Schaufler
- [PATCH v2 09/25] LSM: Use lsmblob in security_secid_to_secctx
Casey Schaufler
- [PATCH v2 09/25] LSM: Use lsmblob in security_secid_to_secctx
Kees Cook
- [PATCH v2 1/2] ima: use the lsm policy update notifier
Janne Karhunen
- [PATCH v2 1/2] ima: use the lsm policy update notifier
Mimi Zohar
- [PATCH v2 1/2] LSM: switch to blocking policy update notifiers
Janne Karhunen
- [PATCH v2 1/2] LSM: switch to blocking policy update notifiers
Mimi Zohar
- [PATCH v2 1/2] LSM: switch to blocking policy update notifiers
Paul Moore
- [PATCH v2 1/2] LSM: switch to blocking policy update notifiers
James Morris
- [PATCH v2 10/25] LSM: Use lsmblob in security_ipc_getsecid
Casey Schaufler
- [PATCH v2 11/25] LSM: Use lsmblob in security_task_getsecid
Casey Schaufler
- [PATCH v2 12/25] LSM: Use lsmblob in security_inode_getsecid
Casey Schaufler
- [PATCH v2 13/25] LSM: Use lsmblob in security_cred_getsecid
Casey Schaufler
- [PATCH v2 13/25] LSM: Use lsmblob in security_cred_getsecid
Kees Cook
- [PATCH v2 14/25] IMA: Change internal interfaces to use lsmblobs
Casey Schaufler
- [PATCH v2 15/25] LSM: Specify which LSM to display
Casey Schaufler
- [PATCH v2 15/25] LSM: Specify which LSM to display
Kees Cook
- [PATCH v2 15/25] LSM: Specify which LSM to display
Kees Cook
- [PATCH v2 15/25] LSM: Specify which LSM to display
Casey Schaufler
- [PATCH v2 15/25] LSM: Specify which LSM to display
Casey Schaufler
- [PATCH v2 16/25] LSM: Ensure the correct LSM context releaser
Casey Schaufler
- [PATCH v2 16/25] LSM: Ensure the correct LSM context releaser
Kees Cook
- [PATCH v2 16/25] LSM: Ensure the correct LSM context releaser
Casey Schaufler
- [PATCH v2 17/25] LSM: Use lsmcontext in security_secid_to_secctx
Casey Schaufler
- [PATCH v2 17/25] LSM: Use lsmcontext in security_secid_to_secctx
Kees Cook
- [PATCH v2 18/25] LSM: Use lsmcontext in security_dentry_init_security
Kees Cook
- [PATCH v2 18/25] LSM: Use lsmcontext in security_dentry_init_security
Casey Schaufler
- [PATCH v2 18/25] LSM: Use lsmcontext in security_dentry_init_security
Kees Cook
- [PATCH v2 18/25] LSM: Use lsmcontext in security_dentry_init_security
Casey Schaufler
- [PATCH v2 19/25] LSM: Use lsmcontext in security_inode_getsecctx
Casey Schaufler
- [PATCH v2 2/3] ima: don't ignore INTEGRITY_UNKNOWN EVM status
Roberto Sassu
- [PATCH v2 2/3] ima: don't ignore INTEGRITY_UNKNOWN EVM status
Mimi Zohar
- [PATCH v2 2/3] ima: don't ignore INTEGRITY_UNKNOWN EVM status
James Bottomley
- [PATCH v2 2/3] ima: don't ignore INTEGRITY_UNKNOWN EVM status
Chuck Lever
- [PATCH v2 2/3] ima: don't ignore INTEGRITY_UNKNOWN EVM status
Roberto Sassu
- [PATCH v2 2/3] ima: don't ignore INTEGRITY_UNKNOWN EVM status
James Bottomley
- [PATCH v2 2/3] ima: don't ignore INTEGRITY_UNKNOWN EVM status
Roberto Sassu
- [PATCH v2 2/3] ima: don't ignore INTEGRITY_UNKNOWN EVM status
James Bottomley
- [PATCH v2 20/25] LSM: security_secid_to_secctx in netlink netfilter
Casey Schaufler
- [PATCH v2 21/25] Audit: Store LSM audit information in an lsmblob
Casey Schaufler
- [PATCH v2 22/25] LSM: Return the lsmblob slot on initialization
Casey Schaufler
- [PATCH v2 23/25] NET: Store LSM netlabel data in a lsmblob
Casey Schaufler
- [PATCH v2 24/25] Fix slotted list and getpeersec_d
Casey Schaufler
- [PATCH v2 24/25] Fix slotted list and getpeersec_d
Kees Cook
- [PATCH v2 24/25] Fix slotted list and getpeersec_d
Casey Schaufler
- [PATCH v2 25/25] AppArmor: Remove the exclusive flag
Casey Schaufler
- [PATCH v2] tomoyo: Don't check open/getattr permission on sockets.
Tetsuo Handa
- [PATCH v3 0/2] ima/evm fixes for v5.2
Roberto Sassu
- [PATCH v3 0/2] ima/evm fixes for v5.2
Roberto Sassu
- [PATCH v3 0/2] ima/evm fixes for v5.2
Mimi Zohar
- [PATCH v3 0/2] ima/evm fixes for v5.2
Roberto Sassu
- [PATCH v3 0/2] ima/evm fixes for v5.2
Janne Karhunen
- [PATCH v3 0/2] ima/evm fixes for v5.2
Roberto Sassu
- [PATCH v3 0/2] ima/evm fixes for v5.2
Janne Karhunen
- [PATCH v3 0/2] ima/evm fixes for v5.2
Roberto Sassu
- [PATCH v3 0/2] ima/evm fixes for v5.2
Janne Karhunen
- [PATCH v3 0/2] ima/evm fixes for v5.2
Roberto Sassu
- [PATCH v3 0/2] ima/evm fixes for v5.2
Janne Karhunen
- [PATCH v3 0/2] ima/evm fixes for v5.2
Roberto Sassu
- [PATCH v3 0/2] ima/evm fixes for v5.2
Janne Karhunen
- [PATCH v3 0/2] ima/evm fixes for v5.2
Roberto Sassu
- [PATCH v3 00/24] LSM: Module stacking for AppArmor
Casey Schaufler
- [PATCH v3 01/24] LSM: Infrastructure management of the superblock
Casey Schaufler
- [PATCH v3 01/24] LSM: Infrastructure management of the superblock
John Johansen
- [PATCH v3 02/24] LSM: Infrastructure management of the sock security
Casey Schaufler
- [PATCH v3 02/24] LSM: Infrastructure management of the sock security
John Johansen
- [PATCH v3 03/24] LSM: Infrastructure management of the key blob
Casey Schaufler
- [PATCH v3 03/24] LSM: Infrastructure management of the key blob
John Johansen
- [PATCH v3 04/24] LSM: Create and manage the lsmblob data structure.
Kees Cook
- [PATCH v3 04/24] LSM: Create and manage the lsmblob data structure.
Casey Schaufler
- [PATCH v3 04/24] LSM: Create and manage the lsmblob data structure.
John Johansen
- [PATCH v3 05/24] Use lsmblob in security_audit_rule_match
Casey Schaufler
- [PATCH v3 05/24] Use lsmblob in security_audit_rule_match
Kees Cook
- [PATCH v3 05/24] Use lsmblob in security_audit_rule_match
John Johansen
- [PATCH v3 05/33] docs: cgroup-v1: convert docs to ReST and rename to *.rst
Tejun Heo
- [PATCH v3 06/24] LSM: Use lsmblob in security_kernel_act_as
Casey Schaufler
- [PATCH v3 06/24] LSM: Use lsmblob in security_kernel_act_as
Kees Cook
- [PATCH v3 06/24] LSM: Use lsmblob in security_kernel_act_as
John Johansen
- [PATCH v3 07/24] net: Prepare UDS for secuirty module stacking
Casey Schaufler
- [PATCH v3 07/24] net: Prepare UDS for secuirty module stacking
Kees Cook
- [PATCH v3 07/24] net: Prepare UDS for secuirty module stacking
John Johansen
- [PATCH v3 08/24] LSM: Use lsmblob in security_secctx_to_secid
Casey Schaufler
- [PATCH v3 08/24] LSM: Use lsmblob in security_secctx_to_secid
Kees Cook
- [PATCH v3 08/24] LSM: Use lsmblob in security_secctx_to_secid
John Johansen
- [PATCH v3 09/24] LSM: Use lsmblob in security_secid_to_secctx
Casey Schaufler
- [PATCH v3 09/24] LSM: Use lsmblob in security_secid_to_secctx
Kees Cook
- [PATCH v3 09/24] LSM: Use lsmblob in security_secid_to_secctx
John Johansen
- [PATCH v3 1/2] evm: add option to set a random HMAC key at early boot
Roberto Sassu
- [PATCH v3 10/24] Use lsmblob in security_ipc_getsecid
Casey Schaufler
- [PATCH v3 10/24] Use lsmblob in security_ipc_getsecid
Kees Cook
- [PATCH v3 10/24] Use lsmblob in security_ipc_getsecid
Casey Schaufler
- [PATCH v3 10/24] Use lsmblob in security_ipc_getsecid
Casey Schaufler
- [PATCH v3 10/24] Use lsmblob in security_ipc_getsecid
John Johansen
- [PATCH v3 10/24] Use lsmblob in security_ipc_getsecid
Kees Cook
- [PATCH v3 11/24] LSM: Use lsmblob in security_task_getsecid
Casey Schaufler
- [PATCH v3 11/24] LSM: Use lsmblob in security_task_getsecid
Kees Cook
- [PATCH v3 11/24] LSM: Use lsmblob in security_task_getsecid
John Johansen
- [PATCH v3 12/24] LSM: Use lsmblob in security_inode_getsecid
Casey Schaufler
- [PATCH v3 12/24] LSM: Use lsmblob in security_inode_getsecid
Kees Cook
- [PATCH v3 12/24] LSM: Use lsmblob in security_inode_getsecid
John Johansen
- [PATCH v3 13/24] LSM: Use lsmblob in security_cred_getsecid
Casey Schaufler
- [PATCH v3 13/24] LSM: Use lsmblob in security_cred_getsecid
Kees Cook
- [PATCH v3 13/24] LSM: Use lsmblob in security_cred_getsecid
John Johansen
- [PATCH v3 14/24] IMA: Change internal interfaces to use lsmblobs
Casey Schaufler
- [PATCH v3 14/24] IMA: Change internal interfaces to use lsmblobs
Kees Cook
- [PATCH v3 14/24] IMA: Change internal interfaces to use lsmblobs
John Johansen
- [PATCH v3 15/24] LSM: Specify which LSM to display
Casey Schaufler
- [PATCH v3 15/24] LSM: Specify which LSM to display
Kees Cook
- [PATCH v3 15/24] LSM: Specify which LSM to display
John Johansen
- [PATCH v3 16/24] LSM: Ensure the correct LSM context releaser
Casey Schaufler
- [PATCH v3 16/24] LSM: Ensure the correct LSM context releaser
Kees Cook
- [PATCH v3 16/24] LSM: Ensure the correct LSM context releaser
John Johansen
- [PATCH v3 17/24] LSM: Use lsmcontext in security_secid_to_secctx
Casey Schaufler
- [PATCH v3 17/24] LSM: Use lsmcontext in security_secid_to_secctx
Kees Cook
- [PATCH v3 17/24] LSM: Use lsmcontext in security_secid_to_secctx
John Johansen
- [PATCH v3 18/24] LSM: Use lsmcontext in security_dentry_init_security
Kees Cook
- [PATCH v3 18/24] LSM: Use lsmcontext in security_dentry_init_security
Casey Schaufler
- [PATCH v3 18/24] LSM: Use lsmcontext in security_dentry_init_security
John Johansen
- [PATCH v3 18/33] docs: netlabel: convert docs to ReST and rename to *.rst
Paul Moore
- [PATCH v3 18/33] docs: netlabel: convert docs to ReST and rename to *.rst
Mauro Carvalho Chehab
- [PATCH v3 19/24] LSM: Use lsmcontext in security_inode_getsecctx
Casey Schaufler
- [PATCH v3 19/24] LSM: Use lsmcontext in security_inode_getsecctx
Kees Cook
- [PATCH v3 19/24] LSM: Use lsmcontext in security_inode_getsecctx
John Johansen
- [PATCH v3 2/2] ima: add enforce-evm and log-evm modes to strictly check EVM status
Mimi Zohar
- [PATCH v3 2/2] ima: add enforce-evm and log-evm modes to strictly check EVM status
Mimi Zohar
- [PATCH v3 2/2] ima: add enforce-evm and log-evm modes to strictly check EVM status
Mimi Zohar
- [PATCH v3 2/2] ima: add enforce-evm and log-evm modes to strictly check EVM status
Roberto Sassu
- [PATCH v3 2/2] ima: add enforce-evm and log-evm modes to strictly check EVM status
Roberto Sassu
- [PATCH v3 2/2] ima: add enforce-evm and log-evm modes to strictly check EVM status
Roberto Sassu
- [PATCH v3 20/24] LSM: security_secid_to_secctx in netlink netfilter
Kees Cook
- [PATCH v3 20/24] LSM: security_secid_to_secctx in netlink netfilter
Casey Schaufler
- [PATCH v3 20/24] LSM: security_secid_to_secctx in netlink netfilter
John Johansen
- [PATCH v3 21/24] Audit: Store LSM audit information in an lsmblob
Casey Schaufler
- [PATCH v3 21/24] Audit: Store LSM audit information in an lsmblob
Kees Cook
- [PATCH v3 21/24] Audit: Store LSM audit information in an lsmblob
John Johansen
- [PATCH v3 21/24] Audit: Store LSM audit information in an lsmblob
Casey Schaufler
- [PATCH v3 21/24] Audit: Store LSM audit information in an lsmblob
Paul Moore
- [PATCH v3 21/24] Audit: Store LSM audit information in an lsmblob
John Johansen
- [PATCH v3 21/24] Audit: Store LSM audit information in an lsmblob
Paul Moore
- [PATCH v3 21/24] Audit: Store LSM audit information in an lsmblob
Casey Schaufler
- [PATCH v3 22/24] LSM: Return the lsmblob slot on initialization
Casey Schaufler
- [PATCH v3 22/24] LSM: Return the lsmblob slot on initialization
Kees Cook
- [PATCH v3 22/24] LSM: Return the lsmblob slot on initialization
John Johansen
- [PATCH v3 22/24] LSM: Return the lsmblob slot on initialization
John Johansen
- [PATCH v3 22/24] LSM: Return the lsmblob slot on initialization
Kees Cook
- [PATCH v3 22/24] LSM: Return the lsmblob slot on initialization
Casey Schaufler
- [PATCH v3 23/24] NET: Store LSM netlabel data in a lsmblob
Casey Schaufler
- [PATCH v3 23/24] NET: Store LSM netlabel data in a lsmblob
Kees Cook
- [PATCH v3 23/24] NET: Store LSM netlabel data in a lsmblob
John Johansen
- [PATCH v3 24/24] AppArmor: Remove the exclusive flag
Casey Schaufler
- [PATCH v3 24/24] AppArmor: Remove the exclusive flag
Kees Cook
- [PATCH v3 24/24] AppArmor: Remove the exclusive flag
John Johansen
- [PATCH V31 06/25] kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE
Dave Young
- [PATCH V31 06/25] kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE
Matthew Garrett
- [PATCH V31 06/25] kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE
Matthew Garrett
- [PATCH V31 07/25] kexec_file: Restrict at runtime if the kernel is locked down
Dave Young
- [PATCH V31 07/25] kexec_file: Restrict at runtime if the kernel is locked down
Matthew Garrett
- [PATCH V31 07/25] kexec_file: Restrict at runtime if the kernel is locked down
Dave Young
- [PATCH V31 07/25] kexec_file: Restrict at runtime if the kernel is locked down
Matthew Garrett
- [PATCH V31 07/25] kexec_file: Restrict at runtime if the kernel is locked down
Mimi Zohar
- [PATCH V31 07/25] kexec_file: Restrict at runtime if the kernel is locked down
Matthew Garrett
- [PATCH V31 07/25] kexec_file: Restrict at runtime if the kernel is locked down
Mimi Zohar
- [PATCH V31 07/25] kexec_file: Restrict at runtime if the kernel is locked down
Dave Young
- [PATCH V33 24/30] bpf: Restrict bpf when kernel lockdown is in confidentiality mode
James Morris
- [PATCH V33 24/30] bpf: Restrict bpf when kernel lockdown is in confidentiality mode
Andy Lutomirski
- [PATCH V33 24/30] bpf: Restrict bpf when kernel lockdown is in confidentiality mode
Stephen Smalley
- [PATCH V33 24/30] bpf: Restrict bpf when kernel lockdown is in confidentiality mode
James Morris
- [PATCH V33 24/30] bpf: Restrict bpf when kernel lockdown is in confidentiality mode
Stephen Smalley
- [PATCH V33 24/30] bpf: Restrict bpf when kernel lockdown is in confidentiality mode
Matthew Garrett
- [PATCH V33 24/30] bpf: Restrict bpf when kernel lockdown is in confidentiality mode
Andy Lutomirski
- [PATCH V33 24/30] bpf: Restrict bpf when kernel lockdown is in confidentiality mode
Andy Lutomirski
- [PATCH V33 24/30] bpf: Restrict bpf when kernel lockdown is in confidentiality mode
Matthew Garrett
- [PATCH V33 24/30] bpf: Restrict bpf when kernel lockdown is in confidentiality mode
Andy Lutomirski
- [PATCH V34 00/29] Lockdown as an LSM
Matthew Garrett
- [PATCH V34 00/29] Lockdown as an LSM
James Morris
- [PATCH V34 00/29] Lockdown as an LSM
Casey Schaufler
- [PATCH V34 00/29] Lockdown as an LSM
Matthew Garrett
- [PATCH V34 00/29] Lockdown as an LSM
James Morris
- [PATCH V34 00/29] Lockdown as an LSM
John Johansen
- [PATCH V34 01/29] security: Support early LSMs
Matthew Garrett
- [PATCH V34 01/29] security: Support early LSMs
Kees Cook
- [PATCH V34 02/29] security: Add a "locked down" LSM hook
Matthew Garrett
- [PATCH V34 02/29] security: Add a "locked down" LSM hook
Kees Cook
- [PATCH V34 03/29] security: Add a static lockdown policy LSM
Matthew Garrett
- [PATCH V34 03/29] security: Add a static lockdown policy LSM
Kees Cook
- [PATCH V34 04/29] Enforce module signatures if the kernel is locked down
Kees Cook
- [PATCH V34 04/29] Enforce module signatures if the kernel is locked down
Matthew Garrett
- [PATCH V34 05/29] Restrict /dev/{mem,kmem,port} when the kernel is locked down
Kees Cook
- [PATCH V34 05/29] Restrict /dev/{mem,kmem,port} when the kernel is locked down
Matthew Garrett
- [PATCH V34 06/29] kexec_load: Disable at runtime if the kernel is locked down
Kees Cook
- [PATCH V34 06/29] kexec_load: Disable at runtime if the kernel is locked down
Matthew Garrett
- [PATCH V34 07/29] Copy secure_boot flag in boot params across kexec reboot
Kees Cook
- [PATCH V34 07/29] Copy secure_boot flag in boot params across kexec reboot
Matthew Garrett
- [PATCH V34 08/29] kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE
Dave Young
- [PATCH V34 08/29] kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE
Dave Young
- [PATCH V34 08/29] kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE
Matthew Garrett
- [PATCH V34 09/29] kexec_file: Restrict at runtime if the kernel is locked down
Kees Cook
- [PATCH V34 09/29] kexec_file: Restrict at runtime if the kernel is locked down
James Morris
- [PATCH V34 09/29] kexec_file: Restrict at runtime if the kernel is locked down
Matthew Garrett
- [PATCH V34 09/29] kexec_file: Restrict at runtime if the kernel is locked down
James Morris
- [PATCH V34 09/29] kexec_file: Restrict at runtime if the kernel is locked down
Matthew Garrett
- [PATCH V34 09/29] kexec_file: Restrict at runtime if the kernel is locked down
Matthew Garrett
- [PATCH V34 10/29] hibernate: Disable when the kernel is locked down
Kees Cook
- [PATCH V34 10/29] hibernate: Disable when the kernel is locked down
Jiri Kosina
- [PATCH V34 10/29] hibernate: Disable when the kernel is locked down
Matthew Garrett
- [PATCH V34 11/29] PCI: Lock down BAR access when the kernel is locked down
Kees Cook
- [PATCH V34 11/29] PCI: Lock down BAR access when the kernel is locked down
Matthew Garrett
- [PATCH V34 12/29] x86: Lock down IO port access when the kernel is locked down
Kees Cook
- [PATCH V34 12/29] x86: Lock down IO port access when the kernel is locked down
Matthew Garrett
- [PATCH V34 13/29] x86/msr: Restrict MSR access when the kernel is locked down
Matthew Garrett
- [PATCH V34 14/29] ACPI: Limit access to custom_method when the kernel is locked down
Kees Cook
- [PATCH V34 14/29] ACPI: Limit access to custom_method when the kernel is locked down
Matthew Garrett
- [PATCH V34 15/29] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down
Kees Cook
- [PATCH V34 15/29] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down
Matthew Garrett
- [PATCH V34 16/29] acpi: Disable ACPI table override if the kernel is locked down
Kees Cook
- [PATCH V34 16/29] acpi: Disable ACPI table override if the kernel is locked down
Matthew Garrett
- [PATCH V34 17/29] Prohibit PCMCIA CIS storage when the kernel is locked down
Matthew Garrett
- [PATCH V34 17/29] Prohibit PCMCIA CIS storage when the kernel is locked down
Kees Cook
- [PATCH V34 18/29] Lock down TIOCSSERIAL
Matthew Garrett
- [PATCH V34 18/29] Lock down TIOCSSERIAL
Kees Cook
- [PATCH V34 19/29] Lock down module params that specify hardware parameters (eg. ioport)
Matthew Garrett
- [PATCH V34 19/29] Lock down module params that specify hardware parameters (eg. ioport)
Kees Cook
- [PATCH V34 19/29] Lock down module params that specify hardware parameters (eg. ioport)
Daniel Axtens
- [PATCH V34 19/29] Lock down module params that specify hardware parameters (eg. ioport)
Matthew Garrett
- [PATCH V34 20/29] x86/mmiotrace: Lock down the testmmiotrace module
Kees Cook
- [PATCH V34 20/29] x86/mmiotrace: Lock down the testmmiotrace module
Thomas Gleixner
- [PATCH V34 20/29] x86/mmiotrace: Lock down the testmmiotrace module
Matthew Garrett
- [PATCH V34 21/29] Lock down /proc/kcore
Matthew Garrett
- [PATCH V34 21/29] Lock down /proc/kcore
Kees Cook
- [PATCH V34 22/29] Lock down tracing and perf kprobes when in confidentiality mode
Matthew Garrett
- [PATCH V34 22/29] Lock down tracing and perf kprobes when in confidentiality mode
Kees Cook
- [PATCH V34 22/29] Lock down tracing and perf kprobes when in confidentiality mode
Masami Hiramatsu
- [PATCH V34 23/29] bpf: Restrict bpf when kernel lockdown is in confidentiality mode
Matthew Garrett
- [PATCH V34 23/29] bpf: Restrict bpf when kernel lockdown is in confidentiality mode
Kees Cook
- [PATCH V34 23/29] bpf: Restrict bpf when kernel lockdown is in confidentiality mode
Daniel Borkmann
- [PATCH V34 23/29] bpf: Restrict bpf when kernel lockdown is in confidentiality mode
Matthew Garrett
- [PATCH V34 23/29] bpf: Restrict bpf when kernel lockdown is in confidentiality mode
Andy Lutomirski
- [PATCH V34 23/29] bpf: Restrict bpf when kernel lockdown is in confidentiality mode
Matthew Garrett
- [PATCH V34 23/29] bpf: Restrict bpf when kernel lockdown is in confidentiality mode
Daniel Borkmann
- [PATCH V34 23/29] bpf: Restrict bpf when kernel lockdown is in confidentiality mode
Matthew Garrett
- [PATCH V34 24/29] Lock down perf when in confidentiality mode
Matthew Garrett
- [PATCH V34 24/29] Lock down perf when in confidentiality mode
Kees Cook
- [PATCH V34 25/29] kexec: Allow kexec_file() with appropriate IMA policy when locked down
Matthew Garrett
- [PATCH V34 26/29] debugfs: Restrict debugfs when the kernel is locked down
Matthew Garrett
- [PATCH V34 27/29] tracefs: Restrict tracefs when the kernel is locked down
Matthew Garrett
- [PATCH V34 28/29] efi: Restrict efivar_ssdt_load when the kernel is locked down
Kees Cook
- [PATCH V34 28/29] efi: Restrict efivar_ssdt_load when the kernel is locked down
Ard Biesheuvel
- [PATCH V34 28/29] efi: Restrict efivar_ssdt_load when the kernel is locked down
Matthew Garrett
- [PATCH V34 29/29] lockdown: Print current->comm in restriction messages
Matthew Garrett
- [PATCH V34 29/29] lockdown: Print current->comm in restriction messages
Kees Cook
- [PATCH v4 0/3] initramfs: add support for xattrs in the initial ram disk
Roberto Sassu
- [PATCH v4 0/3] initramfs: add support for xattrs in the initial ram disk
Rob Landley
- [PATCH v4 0/3] initramfs: add support for xattrs in the initial ram disk
Roberto Sassu
- [PATCH v4 0/3] initramfs: add support for xattrs in the initial ram disk
Mimi Zohar
- [PATCH v4 00/14] ima: introduce IMA Digest Lists extension
Roberto Sassu
- [PATCH v4 00/14] ima: introduce IMA Digest Lists extension
Roberto Sassu
- [PATCH v4 00/14] ima: introduce IMA Digest Lists extension
Roberto Sassu
- [PATCH v4 00/14] ima: introduce IMA Digest Lists extension
Mimi Zohar
- [PATCH v4 00/14] ima: introduce IMA Digest Lists extension
Roberto Sassu
- [PATCH v4 00/23] LSM: Module stacking for AppArmor
Casey Schaufler
- [PATCH v4 00/23] LSM: Module stacking for AppArmor
Kees Cook
- [PATCH v4 00/23] LSM: Module stacking for AppArmor
John Johansen
- [PATCH v4 00/23] LSM: Module stacking for AppArmor
Casey Schaufler
- [PATCH v4 00/23] LSM: Module stacking for AppArmor
Kees Cook
- [PATCH v4 00/23] LSM: Module stacking for AppArmor
James Morris
- [PATCH v4 00/23] LSM: Module stacking for AppArmor
James Morris
- [PATCH v4 00/23] LSM: Module stacking for AppArmor
James Morris
- [PATCH v4 00/23] LSM: Module stacking for AppArmor
Kees Cook
- [PATCH v4 00/23] LSM: Module stacking for AppArmor
James Morris
- [PATCH v4 00/23] LSM: Module stacking for AppArmor
Kees Cook
- [PATCH v4 00/23] LSM: Module stacking for AppArmor
James Morris
- [PATCH v4 00/23] LSM: Module stacking for AppArmor
John Johansen
- [PATCH v4 00/23] LSM: Module stacking for AppArmor
Casey Schaufler
- [PATCH v4 00/23] LSM: Module stacking for AppArmor
James Morris
- [PATCH v4 00/23] LSM: Module stacking for AppArmor
John Johansen
- [PATCH v4 01/14] ima: read hash algorithm from security.ima even if appraisal is not enabled
Roberto Sassu
- [PATCH v4 01/23] LSM: Infrastructure management of the superblock
Casey Schaufler
- [PATCH v4 02/14] ima: generalize ima_read_policy()
Roberto Sassu
- [PATCH v4 02/23] LSM: Infrastructure management of the sock security
Casey Schaufler
- [PATCH v4 03/14] ima: generalize ima_write_policy() and raise uploaded data size limit
Roberto Sassu
- [PATCH v4 03/23] LSM: Infrastructure management of the key blob
Casey Schaufler
- [PATCH v4 04/14] ima: generalize policy file operations
Roberto Sassu
- [PATCH v4 04/23] LSM: Create and manage the lsmblob data structure.
John Johansen
- [PATCH v4 04/23] LSM: Create and manage the lsmblob data structure.
Casey Schaufler
- [PATCH v4 04/23] LSM: Create and manage the lsmblob data structure.
Casey Schaufler
- [PATCH v4 05/14] ima: use ima_show_htable_value to show violations and hash table data
Roberto Sassu
- [PATCH v4 05/23] LSM: Use lsmblob in security_audit_rule_match
Casey Schaufler
- [PATCH v4 05/23] LSM: Use lsmblob in security_audit_rule_match
Kees Cook
- [PATCH v4 05/23] LSM: Use lsmblob in security_audit_rule_match
John Johansen
- [PATCH v4 05/28] docs: cgroup-v1: convert docs to ReST and rename to *.rst
Jonathan Corbet
- [PATCH v4 05/28] docs: cgroup-v1: convert docs to ReST and rename to *.rst
Tejun Heo
- [PATCH v4 06/14] ima: add parser of compact digest list
Roberto Sassu
- [PATCH v4 06/23] LSM: Use lsmblob in security_kernel_act_as
Casey Schaufler
- [PATCH v4 06/23] LSM: Use lsmblob in security_kernel_act_as
Kees Cook
- [PATCH v4 06/23] LSM: Use lsmblob in security_kernel_act_as
John Johansen
- [PATCH v4 07/14] ima: restrict upload of converted digest lists
Roberto Sassu
- [PATCH v4 07/23] net: Prepare UDS for secuirty module stacking
Casey Schaufler
- [PATCH v4 07/23] net: Prepare UDS for secuirty module stacking
Kees Cook
- [PATCH v4 07/23] net: Prepare UDS for secuirty module stacking
John Johansen
- [PATCH v4 08/14] ima: prevent usage of digest lists that are not measured/appraised
Roberto Sassu
- [PATCH v4 08/23] LSM: Use lsmblob in security_secctx_to_secid
Casey Schaufler
- [PATCH v4 08/23] LSM: Use lsmblob in security_secctx_to_secid
Kees Cook
- [PATCH v4 08/23] LSM: Use lsmblob in security_secctx_to_secid
John Johansen
- [PATCH v4 09/14] ima: introduce new securityfs files
Roberto Sassu
- [PATCH v4 09/23] LSM: Use lsmblob in security_secid_to_secctx
Casey Schaufler
- [PATCH v4 09/23] LSM: Use lsmblob in security_secid_to_secctx
Kees Cook
- [PATCH v4 09/23] LSM: Use lsmblob in security_secid_to_secctx
John Johansen
- [PATCH v4 10/14] ima: load parser digests and execute the parser at boot time
Roberto Sassu
- [PATCH v4 10/23] LSM: Use lsmblob in security_ipc_getsecid
Casey Schaufler
- [PATCH v4 10/23] LSM: Use lsmblob in security_ipc_getsecid
Kees Cook
- [PATCH v4 10/23] LSM: Use lsmblob in security_ipc_getsecid
John Johansen
- [PATCH v4 11/14] ima: add support for measurement with digest lists
Roberto Sassu
- [PATCH v4 11/23] LSM: Use lsmblob in security_task_getsecid
Casey Schaufler
- [PATCH v4 11/23] LSM: Use lsmblob in security_task_getsecid
Kees Cook
- [PATCH v4 11/23] LSM: Use lsmblob in security_task_getsecid
John Johansen
- [PATCH v4 12/14] ima: add support for appraisal with digest lists
Roberto Sassu
- [PATCH v4 12/23] LSM: Use lsmblob in security_inode_getsecid
Casey Schaufler
- [PATCH v4 12/23] LSM: Use lsmblob in security_inode_getsecid
Kees Cook
- [PATCH v4 12/23] LSM: Use lsmblob in security_inode_getsecid
John Johansen
- [PATCH v4 13/14] ima: introduce new policies initrd and appraise_initrd
Roberto Sassu
- [PATCH v4 13/23] LSM: Use lsmblob in security_cred_getsecid
Casey Schaufler
- [PATCH v4 13/23] LSM: Use lsmblob in security_cred_getsecid
Kees Cook
- [PATCH v4 13/23] LSM: Use lsmblob in security_cred_getsecid
John Johansen
- [PATCH v4 14/14] ima: add Documentation/security/IMA-digest-lists.txt
Roberto Sassu
- [PATCH v4 14/23] IMA: Change internal interfaces to use lsmblobs
Casey Schaufler
- [PATCH v4 14/23] IMA: Change internal interfaces to use lsmblobs
Kees Cook
- [PATCH v4 14/23] IMA: Change internal interfaces to use lsmblobs
John Johansen
- [PATCH v4 15/23] LSM: Specify which LSM to display
Casey Schaufler
- [PATCH v4 15/23] LSM: Specify which LSM to display
Kees Cook
- [PATCH v4 15/23] LSM: Specify which LSM to display
John Johansen
- [PATCH v4 15/23] LSM: Specify which LSM to display
Stephen Smalley
- [PATCH v4 15/23] LSM: Specify which LSM to display
Casey Schaufler
- [PATCH v4 15/23] LSM: Specify which LSM to display
John Johansen
- [PATCH v4 16/23] LSM: Use lsmcontext in security_secid_to_secctx
Casey Schaufler
- [PATCH v4 16/23] LSM: Use lsmcontext in security_secid_to_secctx
Kees Cook
- [PATCH v4 16/23] LSM: Use lsmcontext in security_secid_to_secctx
John Johansen
- [PATCH v4 16/28] docs: netlabel: convert docs to ReST and rename to *.rst
Mauro Carvalho Chehab
- [PATCH v4 17/23] LSM: Use lsmcontext in security_secid_to_secctx
Casey Schaufler
- [PATCH v4 17/23] LSM: Use lsmcontext in security_secid_to_secctx
Kees Cook
- [PATCH v4 17/23] LSM: Use lsmcontext in security_secid_to_secctx
Kees Cook
- [PATCH v4 17/23] LSM: Use lsmcontext in security_secid_to_secctx
Casey Schaufler
- [PATCH v4 17/23] LSM: Use lsmcontext in security_secid_to_secctx
Kees Cook
- [PATCH v4 17/23] LSM: Use lsmcontext in security_secid_to_secctx
Casey Schaufler
- [PATCH v4 17/23] LSM: Use lsmcontext in security_secid_to_secctx
John Johansen
- [PATCH v4 17/23] LSM: Use lsmcontext in security_secid_to_secctx
John Johansen
- [PATCH v4 18/23] LSM: Use lsmcontext in security_dentry_init_security
Kees Cook
- [PATCH v4 18/23] LSM: Use lsmcontext in security_dentry_init_security
John Johansen
- [PATCH v4 18/23] LSM: Use lsmcontext in security_dentry_init_security
Ondrej Mosnacek
- [PATCH v4 18/23] LSM: Use lsmcontext in security_dentry_init_security
Casey Schaufler
- [PATCH v4 19/23] LSM: Use lsmcontext in security_inode_getsecctx
Casey Schaufler
- [PATCH v4 19/23] LSM: Use lsmcontext in security_inode_getsecctx
Kees Cook
- [PATCH v4 19/23] LSM: Use lsmcontext in security_inode_getsecctx
John Johansen
- [PATCH v4 20/23] LSM: security_secid_to_secctx in netlink netfilter
Kees Cook
- [PATCH v4 20/23] LSM: security_secid_to_secctx in netlink netfilter
John Johansen
- [PATCH v4 20/23] LSM: security_secid_to_secctx in netlink netfilter
Casey Schaufler
- [PATCH v4 21/23] Audit: Store LSM audit information in an lsmblob
Casey Schaufler
- [PATCH v4 21/23] Audit: Store LSM audit information in an lsmblob
Kees Cook
- [PATCH v4 21/23] Audit: Store LSM audit information in an lsmblob
John Johansen
- [PATCH v4 22/23] NET: Store LSM netlabel data in a lsmblob
Casey Schaufler
- [PATCH v4 22/23] NET: Store LSM netlabel data in a lsmblob
Kees Cook
- [PATCH v4 22/23] NET: Store LSM netlabel data in a lsmblob
John Johansen
- [PATCH v4 23/23] AppArmor: Remove the exclusive flag
Casey Schaufler
- [PATCH v4 23/23] AppArmor: Remove the exclusive flag
Kees Cook
- [PATCH v4 23/23] AppArmor: Remove the exclusive flag
James Morris
- [PATCH v4 23/23] AppArmor: Remove the exclusive flag
Kees Cook
- [PATCH v4 23/23] AppArmor: Remove the exclusive flag
John Johansen
- [PATCH v4 23/23] AppArmor: Remove the exclusive flag
James Morris
- [PATCH v4 23/23] AppArmor: Remove the exclusive flag
John Johansen
- [PATCH v4 3/3] gen_init_cpio: add support for file metadata
Mimi Zohar
- [PATCH v4] Allow to exclude specific file types in LoadPin
Ke Wu
- [PATCH v5 2/3] mm: init: report memory auto-initialization features at boot time
Andrew Morton
- [PATCH v5 2/3] mm: init: report memory auto-initialization features at boot time
Alexander Potapenko
- [PATCH v5 2/3] mm: init: report memory auto-initialization features at boot time
Kees Cook
- [PATCH v5 2/3] mm: init: report memory auto-initialization features at boot time
Kaiwan N Billimoria
- [PATCH v5 2/3] mm: init: report memory auto-initialization features at boot time
Alexander Potapenko
- [PATCH v5 2/3] mm: init: report memory auto-initialization features at boot time
Kaiwan N Billimoria
- [PATCH v6 1/3] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Alexander Potapenko
- [PATCH v6 1/3] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Kees Cook
- [PATCH v6 1/3] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Kees Cook
- [PATCH v6 1/3] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Alexander Potapenko
- [PATCH v6 2/3] mm: init: report memory auto-initialization features at boot time
Kees Cook
- [PATCH v6 2/3] mm: init: report memory auto-initialization features at boot time
Alexander Potapenko
- [PATCH v6 3/3] lib: introduce test_meminit module
Alexander Potapenko
- [PATCH v6 3/3] lib: introduce test_meminit module
Kees Cook
- [PATCH v7 0/3] add init_on_alloc/init_on_free boot options
Alexander Potapenko
- [PATCH v7 0/3] add new ima hook ima_kexec_cmdline to measure kexec boot cmdline args
Mimi Zohar
- [PATCH v7 0/3] add new ima hook ima_kexec_cmdline to measure kexec boot cmdline args
prakhar srivastava
- [PATCH v7 0/3] add new ima hook ima_kexec_cmdline to measure kexec boot cmdline args
Prakhar Srivastava
- [PATCH v7 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Alexander Potapenko
- [PATCH v7 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Andrew Morton
- [PATCH v7 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Kees Cook
- [PATCH v7 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Andrew Morton
- [PATCH v7 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Kees Cook
- [PATCH v7 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Michal Hocko
- [PATCH v7 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Alexander Potapenko
- [PATCH v7 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Michal Hocko
- [PATCH v7 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Alexander Potapenko
- [PATCH v7 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Qian Cai
- [PATCH v7 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Alexander Potapenko
- [PATCH v7 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Qian Cai
- [PATCH v7 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Alexander Potapenko
- [PATCH v7 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Michal Hocko
- [PATCH v7 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Alexander Potapenko
- [PATCH v7 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Michal Hocko
- [PATCH v7 1/3] Add a new ima hook ima_kexec_cmdline to measure cmdline args
Prakhar Srivastava
- [PATCH v7 2/2] mm: init: report memory auto-initialization features at boot time
Alexander Potapenko
- [PATCH v7 2/3] add a new ima template field buf
Prakhar Srivastava
- [PATCH v7 3/3] call ima_kexec_cmdline to measure the cmdline args
Prakhar Srivastava
- [PATCH v8 0/3] add init_on_alloc/init_on_free boot options
Alexander Potapenko
- [PATCH v8 0/3] add init_on_alloc/init_on_free boot options
Alexander Potapenko
- [PATCH V8 0/3] Add support for measuring the boot command line during kexec_file_load
Mimi Zohar
- [PATCH V8 0/3] Add support for measuring the boot command line during kexec_file_load
prakhar srivastava
- [PATCH V8 0/3] Add support for measuring the boot command line during kexec_file_load
Prakhar Srivastava
- [PATCH V8 0/3] Add support for measuring the boot command line during kexec_file_load
Prakhar Srivastava
- [PATCH V8 0/3] Add support for measuring the boot command line during kexec_file_load
Prakhar Srivastava
- [PATCH v8 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Alexander Potapenko
- [PATCH v8 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Michal Hocko
- [PATCH v8 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Alexander Potapenko
- [PATCH v8 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Michal Hocko
- [PATCH v8 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Qian Cai
- [PATCH v8 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Kees Cook
- [PATCH v8 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Andrew Morton
- [PATCH v8 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Michal Hocko
- [PATCH v8 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Alexander Potapenko
- [PATCH v8 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Alexander Potapenko
- [PATCH v8 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Alexander Potapenko
- [PATCH v8 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Alexander Potapenko
- [PATCH v8 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Kees Cook
- [PATCH V8 1/3] Define a new IMA hook to measure the boot command line arguments
Mimi Zohar
- [PATCH V8 1/3] Define a new IMA hook to measure the boot command line arguments
James Morris
- [PATCH V8 1/3] Define a new IMA hook to measure the boot command line arguments
prakhar srivastava
- [PATCH V8 1/3] Define a new IMA hook to measure the boot command line arguments
Prakhar Srivastava
- [PATCH v8 2/2] mm: init: report memory auto-initialization features at boot time
Alexander Potapenko
- [PATCH V8 2/3] Define a new ima template field buf
Prakhar Srivastava
- [PATCH V8 2/3] Define a new ima template field buf
James Morris
- [PATCH V8 2/3] Define a new ima template field buf
Mimi Zohar
- [PATCH V8 2/3] Define a new ima template field buf
Mimi Zohar
- [PATCH V8 2/3] Define a new ima template field buf
Mimi Zohar
- [PATCH V8 2/3] Define a new ima template field buf
prakhar srivastava
- [PATCH V8 3/3] Call ima_kexec_cmdline to measure the cmdline args
Prakhar Srivastava
- [PATCH V8 3/3] Call ima_kexec_cmdline to measure the cmdline args
Mimi Zohar
- [PATCH V8 3/3] Call ima_kexec_cmdline to measure the cmdline args
Dave Young
- [PATCH V8 3/3] Call ima_kexec_cmdline to measure the cmdline args
James Morris
- [PATCH V8 3/3] Call ima_kexec_cmdline to measure the cmdline args
Mimi Zohar
- [PATCH V8 3/3] Call ima_kexec_cmdline to measure the cmdline args
Mimi Zohar
- [PATCH v9 0/3] add init_on_alloc/init_on_free boot options
Alexander Potapenko
- [PATCH v9 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Alexander Potapenko
- [PATCH v9 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Qian Cai
- [PATCH v9 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Michal Hocko
- [PATCH v9 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Kees Cook
- [PATCH v9 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Qian Cai
- [PATCH v9 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
James Morris
- [PATCH V9 1/3] IMA:Define a new hook to measure the kexec boot command line arguments
Prakhar Srivastava
- [PATCH V9 1/3] IMA:Define a new hook to measure the kexec boot command line arguments
prakhar srivastava
- [PATCH v9 2/2] mm: init: report memory auto-initialization features at boot time
Alexander Potapenko
- [PATCH V9 2/3] IMA:Define a new template field buf
Prakhar Srivastava
- [PATCH V9 3/3] KEXEC:Call ima_kexec_cmdline to measure the boot command line args
Prakhar Srivastava
- [PATCH] apparmor: fix unsigned len comparison with less than zero
Colin King
- [PATCH] ima: dynamically allocate shash_desc
Arnd Bergmann
- [PATCH] ima: dynamically allocate shash_desc
Mimi Zohar
- [PATCH] ima: dynamically allocate shash_desc
Mimi Zohar
- [PATCH] ima: dynamically allocate shash_desc
Arnd Bergmann
- [PATCH] ima: dynamically allocate shash_desc
Mimi Zohar
- [PATCH] ima: dynamically allocate shash_desc
Arnd Bergmann
- [PATCH] ima: dynamically allocate shash_desc
Mimi Zohar
- [PATCH] ima: Update MAX_TEMPLATE_NAME_LEN to fit largest reasonable definition
Mimi Zohar
- [PATCH] ima: Update MAX_TEMPLATE_NAME_LEN to fit largest reasonable definition
Thiago Jung Bauermann
- [PATCH] integrity: Fix __integrity_init_keyring() section mismatch
Geert Uytterhoeven
- [PATCH] integrity: Fix __integrity_init_keyring() section mismatch
Nayna
- [PATCH] integrity: Fix __integrity_init_keyring() section mismatch
James Morris
- [PATCH] Smack: Restore the smackfsdef mount option and add missing prefixes
James Morris
- [PATCH] Smack: Restore the smackfsdef mount option and add missing prefixes
Casey Schaufler
- [PATCH] Smack: Restore the smackfsdef mount option and add missing prefixes
Casey Schaufler
- [PATCH] Smack: Restore the smackfsdef mount option and add missing prefixes
Linus Torvalds
- [PATCH] Smack: Restore the smackfsdef mount option and add missing prefixes
Al Viro
- [PATCH] structleak: disable BYREF_ALL in combination with KASAN_STACK
Kees Cook
- [PATCH] structleak: disable BYREF_ALL in combination with KASAN_STACK
Arnd Bergmann
- [PATCH] structleak: disable BYREF_ALL in combination with KASAN_STACK
Ard Biesheuvel
- [PATCH] structleak: disable BYREF_ALL in combination with KASAN_STACK
Arnd Bergmann
- [PATCH] structleak: disable BYREF_ALL in combination with KASAN_STACK
Ard Biesheuvel
- [PATCH] structleak: disable BYREF_ALL in combination with KASAN_STACK
Kees Cook
- [PATCH] structleak: disable BYREF_ALL in combination with KASAN_STACK
Ard Biesheuvel
- [PATCH] structleak: disable BYREF_ALL in combination with KASAN_STACK
Arnd Bergmann
- [PATCH] tomoyo: Don't check open/getattr permission on sockets.
Tetsuo Handa
- [PATCH] tomoyo: Don't check open/getattr permission on sockets.
Tetsuo Handa
- [PATCH] tomoyo: Don't check open/getattr permission on sockets.
Al Viro
- [PATCH] x86/ima: fix the Kconfig dependency for IMA_ARCH_POLICY
Nayna Jain
- [RFC 0/7] Introduce TEE based Trusted Keys support
Sumit Garg
- [RFC 0/7] Introduce TEE based Trusted Keys support
Casey Schaufler
- [RFC 0/7] Introduce TEE based Trusted Keys support
Mimi Zohar
- [RFC 0/7] Introduce TEE based Trusted Keys support
Sumit Garg
- [RFC 0/7] Introduce TEE based Trusted Keys support
Sumit Garg
- [RFC 1/1] Add dm verity root hash pkcs7 sig validation.
jaskarankhurana at linux.microsoft.com
- [RFC 1/1] Add dm verity root hash pkcs7 sig validation.
Sasha Levin
- [RFC 1/7] tee: optee: allow kernel pages to register as shm
Sumit Garg
- [RFC 1/7] tee: optee: allow kernel pages to register as shm
Jarkko Sakkinen
- [RFC 1/7] tee: optee: allow kernel pages to register as shm
Jarkko Sakkinen
- [RFC 1/7] tee: optee: allow kernel pages to register as shm
Jarkko Sakkinen
- [RFC 1/7] tee: optee: allow kernel pages to register as shm
Sumit Garg
- [RFC 1/7] tee: optee: allow kernel pages to register as shm
Jens Wiklander
- [RFC 2/7] tee: enable support to register kernel memory
Sumit Garg
- [RFC 2/7] tee: enable support to register kernel memory
Jarkko Sakkinen
- [RFC 2/7] tee: enable support to register kernel memory
Sumit Garg
- [RFC 2/7] tee: enable support to register kernel memory
Jens Wiklander
- [RFC 3/7] tee: add private login method for kernel clients
Sumit Garg
- [RFC 4/7] KEYS: trusted: Introduce TEE based Trusted Keys
Sumit Garg
- [RFC 4/7] KEYS: trusted: Introduce TEE based Trusted Keys
Jarkko Sakkinen
- [RFC 4/7] KEYS: trusted: Introduce TEE based Trusted Keys
Sumit Garg
- [RFC 5/7] KEYS: encrypted: Allow TEE based trusted master keys
Sumit Garg
- [RFC 6/7] doc: keys: Document usage of TEE based Trusted Keys
Sumit Garg
- [RFC 6/7] doc: keys: Document usage of TEE based Trusted Keys
Jarkko Sakkinen
- [RFC 6/7] doc: keys: Document usage of TEE based Trusted Keys
Sumit Garg
- [RFC 6/7] doc: keys: Document usage of TEE based Trusted Keys
Jarkko Sakkinen
- [RFC 7/7] MAINTAINERS: Add entry for TEE based Trusted Keys
Sumit Garg
- [RFC PATCH 0/1] security: add SECURE_KEEP_FSUID to preserve fsuid/fsgid across execve
Igor Lubashev
- [RFC PATCH 0/1] security: add SECURE_KEEP_FSUID to preserve fsuid/fsgid across execve
James Morris
- [RFC PATCH 0/1] security: add SECURE_KEEP_FSUID to preserve fsuid/fsgid across execve
James Morris
- [RFC PATCH 0/1] security: add SECURE_KEEP_FSUID to preserve fsuid/fsgid across execve
Lubashev, Igor
- [RFC PATCH 0/1] security: add SECURE_KEEP_FSUID to preserve fsuid/fsgid across execve
James Morris
- [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM
Xing, Cedric
- [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM
Sean Christopherson
- [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM
Stephen Smalley
- [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM
Xing, Cedric
- [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM
Xing, Cedric
- [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM
Sean Christopherson
- [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM
Jarkko Sakkinen
- [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM
Stephen Smalley
- [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM
Sean Christopherson
- [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM
Xing, Cedric
- [RFC PATCH 1/1] security: add SECURE_KEEP_FSUID to preserve fsuid/fsgid across execve
Igor Lubashev
- [RFC PATCH 1/9] x86/sgx: Remove unused local variable in sgx_encl_release()
Jarkko Sakkinen
- [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address
Jarkko Sakkinen
- [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address
Andy Lutomirski
- [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address
Xing, Cedric
- [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address
Sean Christopherson
- [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address
Jarkko Sakkinen
- [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address
Jarkko Sakkinen
- [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address
Andy Lutomirski
- [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address
Jarkko Sakkinen
- [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address
Jarkko Sakkinen
- [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address
Xing, Cedric
- [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address
Sean Christopherson
- [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address
Jarkko Sakkinen
- [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl()
Xing, Cedric
- [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl()
Sean Christopherson
- [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl()
Sean Christopherson
- [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl()
Sean Christopherson
- [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl()
Xing, Cedric
- [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl()
Xing, Cedric
- [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl()
Sean Christopherson
- [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl()
Sean Christopherson
- [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl()
Jarkko Sakkinen
- [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl()
Xing, Cedric
- [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl()
Dave Hansen
- [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl()
Dave Hansen
- [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl()
Andy Lutomirski
- [RFC PATCH 4/9] mm: Introduce vm_ops->mprotect()
Xing, Cedric
- [RFC PATCH 4/9] mm: Introduce vm_ops->mprotect()
Jarkko Sakkinen
- [RFC PATCH 4/9] mm: Introduce vm_ops->mprotect()
Andy Lutomirski
- [RFC PATCH 5/9] x86/sgx: Restrict mapping without an enclave page to PROT_NONE
Xing, Cedric
- [RFC PATCH 5/9] x86/sgx: Restrict mapping without an enclave page to PROT_NONE
Jarkko Sakkinen
- [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES
Xing, Cedric
- [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES
Jarkko Sakkinen
- [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES
Sean Christopherson
- [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES
Andy Lutomirski
- [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES
Ayoun, Serge
- [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES
Jarkko Sakkinen
- [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES
Sean Christopherson
- [RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves
Xing, Cedric
- [RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves
Jarkko Sakkinen
- [RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves
Andy Lutomirski
- [RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves
Andy Lutomirski
- [RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves
Sean Christopherson
- [RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves
Xing, Cedric
- [RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves
Jarkko Sakkinen
- [RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves
Sean Christopherson
- [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX
Xing, Cedric
- [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX
Sean Christopherson
- [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX
Sean Christopherson
- [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX
Xing, Cedric
- [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX
Sean Christopherson
- [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX
Stephen Smalley
- [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX
Stephen Smalley
- [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX
Dave Hansen
- [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX
Andy Lutomirski
- [RFC PATCH 9/9] security/selinux: Add enclave_load() implementation
Stephen Smalley
- [RFC PATCH 9/9] security/selinux: Add enclave_load() implementation
Sean Christopherson
- [RFC PATCH v1 0/3] security/x86/sgx: SGX specific LSM hooks
Cedric Xing
- [RFC PATCH v1 0/3] security/x86/sgx: SGX specific LSM hooks
Jarkko Sakkinen
- [RFC PATCH v1 1/3] LSM/x86/sgx: Add SGX specific LSM hooks
Cedric Xing
- [RFC PATCH v1 2/3] LSM/x86/sgx: Implement SGX specific hooks in SELinux
Cedric Xing
- [RFC PATCH v1 2/3] LSM/x86/sgx: Implement SGX specific hooks in SELinux
Stephen Smalley
- [RFC PATCH v1 2/3] LSM/x86/sgx: Implement SGX specific hooks in SELinux
Sean Christopherson
- [RFC PATCH v1 2/3] LSM/x86/sgx: Implement SGX specific hooks in SELinux
Xing, Cedric
- [RFC PATCH v1 2/3] LSM/x86/sgx: Implement SGX specific hooks in SELinux
Dr. Greg
- [RFC PATCH v1 2/3] LSM/x86/sgx: Implement SGX specific hooks in SELinux
Sean Christopherson
- [RFC PATCH v1 2/3] LSM/x86/sgx: Implement SGX specific hooks in SELinux
Andy Lutomirski
- [RFC PATCH v1 2/3] LSM/x86/sgx: Implement SGX specific hooks in SELinux
Sean Christopherson
- [RFC PATCH v1 2/3] LSM/x86/sgx: Implement SGX specific hooks in SELinux
Xing, Cedric
- [RFC PATCH v1 2/3] LSM/x86/sgx: Implement SGX specific hooks in SELinux
Xing, Cedric
- [RFC PATCH v1 2/3] LSM/x86/sgx: Implement SGX specific hooks in SELinux
Dr. Greg
- [RFC PATCH v1 2/3] LSM/x86/sgx: Implement SGX specific hooks in SELinux
Stephen Smalley
- [RFC PATCH v1 2/3] LSM/x86/sgx: Implement SGX specific hooks in SELinux
Stephen Smalley
- [RFC PATCH v1 2/3] LSM/x86/sgx: Implement SGX specific hooks in SELinux
Sean Christopherson
- [RFC PATCH v1 2/3] LSM/x86/sgx: Implement SGX specific hooks in SELinux
Xing, Cedric
- [RFC PATCH v1 2/3] LSM/x86/sgx: Implement SGX specific hooks in SELinux
Xing, Cedric
- [RFC PATCH v1 2/3] LSM/x86/sgx: Implement SGX specific hooks in SELinux
Xing, Cedric
- [RFC PATCH v1 2/3] LSM/x86/sgx: Implement SGX specific hooks in SELinux
Sean Christopherson
- [RFC PATCH v1 2/3] LSM/x86/sgx: Implement SGX specific hooks in SELinux
Xing, Cedric
- [RFC PATCH v1 2/3] LSM/x86/sgx: Implement SGX specific hooks in SELinux
Sean Christopherson
- [RFC PATCH v1 2/3] LSM/x86/sgx: Implement SGX specific hooks in SELinux
Sean Christopherson
- [RFC PATCH v1 2/3] LSM/x86/sgx: Implement SGX specific hooks in SELinux
Sean Christopherson
- [RFC PATCH v1 2/3] LSM/x86/sgx: Implement SGX specific hooks in SELinux
Xing, Cedric
- [RFC PATCH v1 2/3] LSM/x86/sgx: Implement SGX specific hooks in SELinux
Sean Christopherson
- [RFC PATCH v1 2/3] LSM/x86/sgx: Implement SGX specific hooks in SELinux
Sean Christopherson
- [RFC PATCH v1 2/3] LSM/x86/sgx: Implement SGX specific hooks in SELinux
Sean Christopherson
- [RFC PATCH v1 2/3] LSM/x86/sgx: Implement SGX specific hooks in SELinux
Dr. Greg
- [RFC PATCH v1 2/3] LSM/x86/sgx: Implement SGX specific hooks in SELinux
Andy Lutomirski
- [RFC PATCH v1 2/3] LSM/x86/sgx: Implement SGX specific hooks in SELinux
Andy Lutomirski
- [RFC PATCH v1 2/3] LSM/x86/sgx: Implement SGX specific hooks in SELinux
Sean Christopherson
- [RFC PATCH v1 2/3] LSM/x86/sgx: Implement SGX specific hooks in SELinux
Andy Lutomirski
- [RFC PATCH v1 2/3] LSM/x86/sgx: Implement SGX specific hooks in SELinux
Dr. Greg
- [RFC PATCH v1 3/3] LSM/x86/sgx: Call new LSM hooks from SGX subsystem
Cedric Xing
- [RFC PATCH v2 0/3] security/x86/sgx: SGX specific LSM hooks
Cedric Xing
- [RFC PATCH v2 0/5] security: x86/sgx: SGX vs. LSM
Sean Christopherson
- [RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks
Cedric Xing
- [RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks
Casey Schaufler
- [RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks
Xing, Cedric
- [RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks
Casey Schaufler
- [RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks
Xing, Cedric
- [RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks
Stephen Smalley
- [RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks
Casey Schaufler
- [RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks
Xing, Cedric
- [RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks
Xing, Cedric
- [RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks
Stephen Smalley
- [RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks
Stephen Smalley
- [RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks
Casey Schaufler
- [RFC PATCH v2 1/3] x86/sgx: Add SGX specific LSM hooks
Andy Lutomirski
- [RFC PATCH v2 1/5] mm: Introduce vm_ops->may_mprotect()
Sean Christopherson
- [RFC PATCH v2 1/5] mm: Introduce vm_ops->may_mprotect()
Jarkko Sakkinen
- [RFC PATCH v2 1/5] mm: Introduce vm_ops->may_mprotect()
Sean Christopherson
- [RFC PATCH v2 1/5] mm: Introduce vm_ops->may_mprotect()
Xing, Cedric
- [RFC PATCH v2 1/5] mm: Introduce vm_ops->may_mprotect()
Sean Christopherson
- [RFC PATCH v2 1/5] mm: Introduce vm_ops->may_mprotect()
Xing, Cedric
- [RFC PATCH v2 2/3] x86/sgx: Call LSM hooks from SGX subsystem/module
Cedric Xing
- [RFC PATCH v2 2/5] x86/sgx: Require userspace to define enclave pages' protection bits
Sean Christopherson
- [RFC PATCH v2 2/5] x86/sgx: Require userspace to define enclave pages' protection bits
Jarkko Sakkinen
- [RFC PATCH v2 2/5] x86/sgx: Require userspace to define enclave pages' protection bits
Sean Christopherson
- [RFC PATCH v2 2/5] x86/sgx: Require userspace to define enclave pages' protection bits
Jarkko Sakkinen
- [RFC PATCH v2 2/5] x86/sgx: Require userspace to define enclave pages' protection bits
Sean Christopherson
- [RFC PATCH v2 2/5] x86/sgx: Require userspace to define enclave pages' protection bits
Xing, Cedric
- [RFC PATCH v2 2/5] x86/sgx: Require userspace to define enclave pages' protection bits
Andy Lutomirski
- [RFC PATCH v2 2/5] x86/sgx: Require userspace to define enclave pages' protection bits
Xing, Cedric
- [RFC PATCH v2 2/5] x86/sgx: Require userspace to define enclave pages' protection bits
Andy Lutomirski
- [RFC PATCH v2 2/5] x86/sgx: Require userspace to define enclave pages' protection bits
Sean Christopherson
- [RFC PATCH v2 2/5] x86/sgx: Require userspace to define enclave pages' protection bits
Xing, Cedric
- [RFC PATCH v2 2/5] x86/sgx: Require userspace to define enclave pages' protection bits
Jarkko Sakkinen
- [RFC PATCH v2 3/3] x86/sgx: Implement SGX specific hooks in SELinux
Cedric Xing
- [RFC PATCH v2 3/5] x86/sgx: Enforce noexec filesystem restriction for enclaves
Jarkko Sakkinen
- [RFC PATCH v2 3/5] x86/sgx: Enforce noexec filesystem restriction for enclaves
Andy Lutomirski
- [RFC PATCH v2 3/5] x86/sgx: Enforce noexec filesystem restriction for enclaves
Stephen Smalley
- [RFC PATCH v2 3/5] x86/sgx: Enforce noexec filesystem restriction for enclaves
Sean Christopherson
- [RFC PATCH v2 4/5] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX
Stephen Smalley
- [RFC PATCH v2 4/5] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX
Jarkko Sakkinen
- [RFC PATCH v2 4/5] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX
Sean Christopherson
- [RFC PATCH v2 4/5] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX
Sean Christopherson
- [RFC PATCH v2 5/5] security/selinux: Add enclave_load() implementation
Stephen Smalley
- [RFC PATCH v2 5/5] security/selinux: Add enclave_load() implementation
Sean Christopherson
- [RFC PATCH v2 5/5] security/selinux: Add enclave_load() implementation
Jarkko Sakkinen
- [RFC PATCH v2 5/5] security/selinux: Add enclave_load() implementation
Sean Christopherson
- [RFC PATCH v3 0/1] Add dm verity root hash pkcs7 sig validation.
Jaskaran Khurana
- [RFC PATCH v3 0/1] Add dm verity root hash pkcs7 sig validation.
Milan Broz
- [RFC PATCH v3 09/12] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX
Dr. Greg
- [RFC PATCH v3 09/12] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX
James Morris
- [RFC PATCH v3 1/1] Add dm verity root hash pkcs7 sig validation
Milan Broz
- [RFC PATCH v3 1/1] Add dm verity root hash pkcs7 sig validation
Jaskaran Singh Khurana
- [RFC PATCH v3 1/1] Add dm verity root hash pkcs7 sig validation
Jaskaran Singh Khurana
- [RFC PATCH v3 1/1] Add dm verity root hash pkcs7 sig validation
James Morris
- [RFC PATCH v3 1/1] Add dm verity root hash pkcs7 sig validation
Jaskaran Khurana
- [RFC PATCH v4 0/1] Add dm verity root hash pkcs7 sig validation.
Jaskaran Khurana
- [RFC PATCH v4 0/1] Add dm verity root hash pkcs7 sig validation.
Jaskaran Khurana
- [RFC PATCH v4 00/12] security: x86/sgx: SGX vs. LSM
Sean Christopherson
- [RFC PATCH v4 00/12] security: x86/sgx: SGX vs. LSM
Jarkko Sakkinen
- [RFC PATCH v4 01/12] x86/sgx: Use mmu_notifier.release() instead of per-vma refcounting
Jarkko Sakkinen
- [RFC PATCH v4 01/12] x86/sgx: Use mmu_notifier.release() instead of per-vma refcounting
Sean Christopherson
- [RFC PATCH v4 02/12] x86/sgx: Do not naturally align MAP_FIXED address
Jarkko Sakkinen
- [RFC PATCH v4 02/12] x86/sgx: Do not naturally align MAP_FIXED address
Jarkko Sakkinen
- [RFC PATCH v4 02/12] x86/sgx: Do not naturally align MAP_FIXED address
Sean Christopherson
- [RFC PATCH v4 03/12] selftests: x86/sgx: Mark the enclave loader as not needing an exec stack
Jarkko Sakkinen
- [RFC PATCH v4 03/12] selftests: x86/sgx: Mark the enclave loader as not needing an exec stack
Sean Christopherson
- [RFC PATCH v4 04/12] x86/sgx: Require userspace to define enclave pages' protection bits
Jarkko Sakkinen
- [RFC PATCH v4 04/12] x86/sgx: Require userspace to define enclave pages' protection bits
Jarkko Sakkinen
- [RFC PATCH v4 04/12] x86/sgx: Require userspace to define enclave pages' protection bits
Xing, Cedric
- [RFC PATCH v4 04/12] x86/sgx: Require userspace to define enclave pages' protection bits
Sean Christopherson
- [RFC PATCH v4 05/12] x86/sgx: Enforce noexec filesystem restriction for enclaves
Jarkko Sakkinen
- [RFC PATCH v4 05/12] x86/sgx: Enforce noexec filesystem restriction for enclaves
Sean Christopherson
- [RFC PATCH v4 06/12] mm: Introduce vm_ops->may_mprotect()
Sean Christopherson
- [RFC PATCH v4 06/12] mm: Introduce vm_ops->may_mprotect()
Jarkko Sakkinen
- [RFC PATCH v4 07/12] LSM: x86/sgx: Introduce ->enclave_map() hook for Intel SGX
Jarkko Sakkinen
- [RFC PATCH v4 07/12] LSM: x86/sgx: Introduce ->enclave_map() hook for Intel SGX
Xing, Cedric
- [RFC PATCH v4 07/12] LSM: x86/sgx: Introduce ->enclave_map() hook for Intel SGX
Xing, Cedric
- [RFC PATCH v4 07/12] LSM: x86/sgx: Introduce ->enclave_map() hook for Intel SGX
Stephen Smalley
- [RFC PATCH v4 07/12] LSM: x86/sgx: Introduce ->enclave_map() hook for Intel SGX
Sean Christopherson
- [RFC PATCH v4 08/12] security/selinux: Require SGX_MAPWX to map enclave page WX
Sean Christopherson
- [RFC PATCH v4 08/12] security/selinux: Require SGX_MAPWX to map enclave page WX
Xing, Cedric
- [RFC PATCH v4 08/12] security/selinux: Require SGX_MAPWX to map enclave page WX
Stephen Smalley
- [RFC PATCH v4 08/12] security/selinux: Require SGX_MAPWX to map enclave page WX
Stephen Smalley
- [RFC PATCH v4 08/12] security/selinux: Require SGX_MAPWX to map enclave page WX
Dr. Greg
- [RFC PATCH v4 08/12] security/selinux: Require SGX_MAPWX to map enclave page WX
Xing, Cedric
- [RFC PATCH v4 09/12] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX
Xing, Cedric
- [RFC PATCH v4 09/12] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX
Stephen Smalley
- [RFC PATCH v4 09/12] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX
Stephen Smalley
- [RFC PATCH v4 09/12] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX
Xing, Cedric
- [RFC PATCH v4 09/12] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX
Sean Christopherson
- [RFC PATCH v4 1/1] Add dm verity root hash pkcs7 sig validation.
Jaskaran Khurana
- [RFC PATCH v4 1/1] Add dm verity root hash pkcs7 sig validation.
Jaskaran Khurana
- [RFC PATCH v4 1/1] Add dm verity root hash pkcs7 sig validation.
Milan Broz
- [RFC PATCH v4 1/1] Add dm verity root hash pkcs7 sig validation.
Jaskaran Singh Khurana
- [RFC PATCH v4 10/12] security/selinux: Add enclave_load() implementation
Sean Christopherson
- [RFC PATCH v4 10/12] security/selinux: Add enclave_load() implementation
Xing, Cedric
- [RFC PATCH v4 10/12] security/selinux: Add enclave_load() implementation
Stephen Smalley
- [RFC PATCH v4 10/12] security/selinux: Add enclave_load() implementation
Stephen Smalley
- [RFC PATCH v4 10/12] security/selinux: Add enclave_load() implementation
Xing, Cedric
- [RFC PATCH v4 10/12] security/selinux: Add enclave_load() implementation
Stephen Smalley
- [RFC PATCH v4 10/12] security/selinux: Add enclave_load() implementation
Xing, Cedric
- [RFC PATCH v4 10/12] security/selinux: Add enclave_load() implementation
Stephen Smalley
- [RFC PATCH v4 10/12] security/selinux: Add enclave_load() implementation
Andy Lutomirski
- [RFC PATCH v4 11/12] security/apparmor: Add enclave_load() implementation
Sean Christopherson
- [RFC PATCH v4 12/12] LSM: x86/sgx: Show line of sight to LSM support SGX2's EAUG
Xing, Cedric
- [RFC PATCH v4 12/12] LSM: x86/sgx: Show line of sight to LSM support SGX2's EAUG
Sean Christopherson
- [RFC PATCH v5 0/1] Add dm verity root hash pkcs7 sig validation.
Eric Biggers
- [RFC PATCH v5 0/1] Add dm verity root hash pkcs7 sig validation.
Jaskaran Singh Khurana
- [RFC PATCH v5 0/1] Add dm verity root hash pkcs7 sig validation.
Eric Biggers
- [RFC PATCH v5 0/1] Add dm verity root hash pkcs7 sig validation.
Jaskaran Singh Khurana
- [RFC PATCH v5 0/1] Add dm verity root hash pkcs7 sig validation.
James Morris
- [RFC PATCH v5 0/1] Add dm verity root hash pkcs7 sig validation.
Jaskaran Khurana
- [RFC PATCH v5 1/1] Add dm verity root hash pkcs7 sig validation.
Jaskaran Khurana
- [RFC PATCH v5 1/1] Add dm verity root hash pkcs7 sig validation.
Mike Snitzer
- [RFC PATCH v5 1/1] Add dm verity root hash pkcs7 sig validation.
Milan Broz
- [RFC PATCH v5 1/1] Add dm verity root hash pkcs7 sig validation.
Milan Broz
- [RFC PATCH v5 1/1] Add dm verity root hash pkcs7 sig validation.
Eric Biggers
- [RFC PATCH v5 1/1] Add dm verity root hash pkcs7 sig validation.
Jaskaran Singh Khurana
- [RFC PATCH v5 1/1] Add dm verity root hash pkcs7 sig validation.
Jaskaran Singh Khurana
- [RFC PATCH v5 1/1] Add dm verity root hash pkcs7 sig validation.
Eric Biggers
- [RFC PATCH v5 1/1] Add dm verity root hash pkcs7 sig validation.
Milan Broz
- [RFC PATCH v5 1/1] Add dm verity root hash pkcs7 sig validation.
Jaskaran Singh Khurana
- [RFC][PATCH 0/7] Mount, FS, Block and Keyrings notifications
David Howells
- [RFC][PATCH 0/8] Mount, FS, Block and Keyrings notifications [ver #2]
Andy Lutomirski
- [RFC][PATCH 0/8] Mount, FS, Block and Keyrings notifications [ver #2]
David Howells
- [RFC][PATCH 0/8] Mount, FS, Block and Keyrings notifications [ver #2]
Andy Lutomirski
- [RFC][PATCH 0/8] Mount, FS, Block and Keyrings notifications [ver #2]
Andy Lutomirski
- [RFC][PATCH 0/8] Mount, FS, Block and Keyrings notifications [ver #2]
Andy Lutomirski
- [RFC][PATCH 0/8] Mount, FS, Block and Keyrings notifications [ver #2]
David Howells
- [RFC][PATCH 0/8] Mount, FS, Block and Keyrings notifications [ver #2]
Andy Lutomirski
- [RFC][PATCH 0/8] Mount, FS, Block and Keyrings notifications [ver #2]
David Howells
- [RFC][PATCH 0/8] Mount, FS, Block and Keyrings notifications [ver #2]
Andy Lutomirski
- [RFC][PATCH 0/8] Mount, FS, Block and Keyrings notifications [ver #2]
Greg KH
- [RFC][PATCH 0/8] Mount, FS, Block and Keyrings notifications [ver #2]
Casey Schaufler
- [RFC][PATCH 0/8] Mount, FS, Block and Keyrings notifications [ver #2]
Casey Schaufler
- [RFC][PATCH 0/8] Mount, FS, Block and Keyrings notifications [ver #2]
Casey Schaufler
- [RFC][PATCH 0/8] Mount, FS, Block and Keyrings notifications [ver #2]
Stephen Smalley
- [RFC][PATCH 0/8] Mount, FS, Block and Keyrings notifications [ver #2]
Casey Schaufler
- [RFC][PATCH 0/8] Mount, FS, Block and Keyrings notifications [ver #2]
Casey Schaufler
- [RFC][PATCH 0/8] Mount, FS, Block and Keyrings notifications [ver #2]
Stephen Smalley
- [RFC][PATCH 0/8] Mount, FS, Block and Keyrings notifications [ver #2]
Stephen Smalley
- [RFC][PATCH 0/8] Mount, FS, Block and Keyrings notifications [ver #2]
David Howells
- [RFC][PATCH 00/10] Mount, FS, Block and Keyrings notifications [ver #3]
David Howells
- [RFC][PATCH 00/10] Mount, FS, Block and Keyrings notifications [ver #3]
David Howells
- [RFC][PATCH 00/10] Mount, FS, Block and Keyrings notifications [ver #3]
Andy Lutomirski
- [RFC][PATCH 00/10] Mount, FS, Block and Keyrings notifications [ver #3]
David Howells
- [RFC][PATCH 00/10] Mount, FS, Block and Keyrings notifications [ver #3]
Andy Lutomirski
- [RFC][PATCH 00/10] Mount, FS, Block and Keyrings notifications [ver #3]
David Howells
- [RFC][PATCH 00/10] Mount, FS, Block and Keyrings notifications [ver #3]
Andy Lutomirski
- [RFC][PATCH 00/10] Mount, FS, Block and Keyrings notifications [ver #3]
David Howells
- [RFC][PATCH 00/10] Mount, FS, Block and Keyrings notifications [ver #3]
Stephen Smalley
- [RFC][PATCH 00/10] Mount, FS, Block and Keyrings notifications [ver #3]
Stephen Smalley
- [RFC][PATCH 00/10] Mount, FS, Block and Keyrings notifications [ver #3]
Christian Brauner
- [RFC][PATCH 00/10] Mount, FS, Block and Keyrings notifications [ver #3]
Casey Schaufler
- [RFC][PATCH 00/10] Mount, FS, Block and Keyrings notifications [ver #3]
Andy Lutomirski
- [RFC][PATCH 00/10] Mount, FS, Block and Keyrings notifications [ver #3]
Stephen Smalley
- [RFC][PATCH 00/10] Mount, FS, Block and Keyrings notifications [ver #3]
Casey Schaufler
- [RFC][PATCH 00/10] Mount, FS, Block and Keyrings notifications [ver #3]
Casey Schaufler
- [RFC][PATCH 00/10] Mount, FS, Block and Keyrings notifications [ver #3]
Andy Lutomirski
- [RFC][PATCH 00/13] Mount, FS, Block and Keyrings notifications [ver #4]
David Howells
- [RFC][PATCH 00/13] Mount, FS, Block and Keyrings notifications [ver #4]
Andy Lutomirski
- [RFC][PATCH 00/13] Mount, FS, Block and Keyrings notifications [ver #4]
David Howells
- [RFC][PATCH 00/13] Mount, FS, Block and Keyrings notifications [ver #4]
Andy Lutomirski
- [RFC][PATCH 00/13] Mount, FS, Block and Keyrings notifications [ver #4]
David Howells
- [RFC][PATCH 00/13] Mount, FS, Block and Keyrings notifications [ver #4]
Stephen Smalley
- [RFC][PATCH 00/13] Mount, FS, Block and Keyrings notifications [ver #4]
Casey Schaufler
- [RFC][PATCH 00/13] Mount, FS, Block and Keyrings notifications [ver #4]
Andy Lutomirski
- [RFC][PATCH 00/13] Mount, FS, Block and Keyrings notifications [ver #4]
Casey Schaufler
- [RFC][PATCH 00/13] Mount, FS, Block and Keyrings notifications [ver #4]
Casey Schaufler
- [RFC][PATCH 00/13] Mount, FS, Block and Keyrings notifications [ver #4]
Andy Lutomirski
- [RFC][PATCH 00/13] Mount, FS, Block and Keyrings notifications [ver #4]
Casey Schaufler
- [RFC][PATCH 00/13] Mount, FS, Block and Keyrings notifications [ver #4]
Stephen Smalley
- Benchmarks for security features
Casey Schaufler
- dringender Kredit
Herr David Williams
- From:Miss: Fatima Yusuf.
Miss.Fatima Yusuf
- Fwd: [PATCH v4 15/23] LSM: Specify which LSM to display
Stephen Smalley
- Fwd: [PATCH v4 15/23] LSM: Specify which LSM to display
Casey Schaufler
- June inquiry
Marketing Dept
- KASAN: use-after-free Read in tomoyo_realpath_from_path
syzbot
- KASAN: use-after-free Read in tomoyo_realpath_from_path
Tetsuo Handa
- KASAN: use-after-free Read in tomoyo_realpath_from_path
Tetsuo Handa
- KASAN: use-after-free Read in tomoyo_realpath_from_path
Tetsuo Handa
- Klientskie bazy. Email: prodawez at armyspy.com Uznajte podrobnee.
linux-security-module at vger.kernel.org
- Klientskie bazy. Email: prodawez at armyspy.com Uznajte podrobnee.
linux-security-module at vger.kernel.org
- linux-next: Tree for Jun 26 (security/integrity/ima/)
Randy Dunlap
- linux-next: Tree for Jun 26 (security/integrity/ima/)
Mimi Zohar
- linux-next: Tree for Jun 26 (security/integrity/ima/)
David Howells
- linux-next: Tree for Jun 26 (security/integrity/ima/)
Randy Dunlap
- LSM module for SGX?
Jarkko Sakkinen
- LSM module for SGX?
Stephen Smalley
- LSM module for SGX?
Xing, Cedric
- possible deadlock in __do_page_fault (2)
syzbot
- possible deadlock in __do_page_fault (2)
syzbot
- possible deadlock in __do_page_fault (2)
Mimi Zohar
- possible deadlock in console_trylock_spinning
syzbot
- possible deadlock in console_trylock_spinning
Tetsuo Handa
- possible deadlock in get_user_pages_unlocked (2)
syzbot
- possible deadlock in process_measurement
syzbot
- PRODUCT INQUIRY FOR EXPORT SHIPMENT
Mark Maths
- Rational model for UID based controls
David Howells
- Rational model for UID based controls
Casey Schaufler
- Rational model for UID based controls
David Howells
- security/loadpin: Allow to exclude specific file types
Ke Wu
- SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)
Dr. Greg
- SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)
Jarkko Sakkinen
- SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)
Jarkko Sakkinen
- SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)
Jarkko Sakkinen
- SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)
Jarkko Sakkinen
- SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)
Jarkko Sakkinen
- SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)
Sean Christopherson
- SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)
Andy Lutomirski
- SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)
Jarkko Sakkinen
- Stacked LSMs (was Re: [PATCH v2 00/25] LSM: Module stacking for AppArmor)
Kees Cook
- Stacked LSMs (was Re: [PATCH v2 00/25] LSM: Module stacking for AppArmor)
Mickaël Salaün
- Thanks and I wait for your answer
Martins Henry
- What do LSMs *actually* need for checks on notifications?
David Howells
- What do LSMs *actually* need for checks on notifications?
Stephen Smalley
- What do LSMs *actually* need for checks on notifications?
Casey Schaufler
- What do LSMs *actually* need for checks on notifications?
David Howells
- What do LSMs *actually* need for checks on notifications?
David Howells
- What do LSMs *actually* need for checks on notifications?
Casey Schaufler
- What do LSMs *actually* need for checks on notifications?
David Howells
- What do LSMs *actually* need for checks on notifications?
Stephen Smalley
- Клиентские базы! Email: prodawez at armyspy.com Узнайте подробнее!
linux-security-module at vger.kernel.org
Last message date:
Sun Jun 30 15:39:59 UTC 2019
Archived on: Sun Jun 30 15:40:30 UTC 2019
This archive was generated by
Pipermail 0.09 (Mailman edition).