March 2019 Archives by date
Starting: Fri Mar 1 00:05:20 UTC 2019
Ending: Sat Mar 30 17:30:11 UTC 2019
Messages: 428
- [PULL REQUEST] Lock down patches
Mimi Zohar
- [PULL REQUEST] Lock down patches
Matthew Garrett
- [PULL REQUEST] Lock down patches
Mimi Zohar
- [PATCH 08/27] kexec_file: Restrict at runtime if the kernel is locked down
Mimi Zohar
- [PULL REQUEST] Lock down patches
Matthew Garrett
- [PULL REQUEST] Lock down patches
Mimi Zohar
- [PATCH] keys: fix missing __user in KEYCTL_PKEY_QUERY
Ben Dooks
- [PATCH 05/97] LSM: Create an lsm_export data structure.
Stephen Smalley
- [PATCH 01/97] LSM: Infrastructure management of the superblock
Edwin Zimmerman
- [PATCH 00/97] LSM: Complete module stacking
Stephen Smalley
- [PATCH 11/97] LSM: Use lsm_export in the kernel_ask_as hooks
Edwin Zimmerman
- [RFC PATCH 0/2] Create CAAM HW key in linux keyring and use in dmcrypt
Franck LENORMAND
- [RFC PATCH 1/2] drivers: crypto: caam: key: Add caam_tk key type
Franck LENORMAND
- [RFC PATCH 2/2] dm-crypt: Use any key type which is registered
Franck LENORMAND
- [PATCH 05/97] LSM: Create an lsm_export data structure.
Casey Schaufler
- [PATCH 01/97] LSM: Infrastructure management of the superblock
Casey Schaufler
- [PATCH 11/97] LSM: Use lsm_export in the kernel_ask_as hooks
Casey Schaufler
- [PATCH 00/97] LSM: Complete module stacking
Casey Schaufler
- [PATCH] LSM: Update list of SECURITYFS users in Kconfig
James Morris
- [PATCH] keys: fix missing __user in KEYCTL_PKEY_QUERY
Serge E. Hallyn
- [PATCH 15/43] vfs: Add configuration parser helpers
Al Viro
- From Mrs. Elia Rodrigues,
Mrs. Elia Rodrigues
- [PATCH] tomoyo: Add a kernel config option for fuzzing testing.
Tetsuo Handa
- [PATCH] tomoyo: Add a kernel config option for fuzzing testing.
Stephen Smalley
- [PATCH] vfs: Move kernel_read_file() to fs/read_write.c
David Howells
- [PATCH] vfs: Move kernel_read_file() to fs/read_write.c
Mimi Zohar
- [PATCH] vfs: Move kernel_read_file() to fs/read_write.c
David Howells
- [PATCH] vfs: Move kernel_read_file() to fs/read_write.c
Mimi Zohar
- overlayfs access checks on underlying layers
Casey Schaufler
- [PATCH v4 1/2] LSM: SafeSetID: gate setgid transitions
Micah Morton
- [PATCH v5 1/2] LSM: SafeSetID: gate setgid transitions
mortonm at chromium.org
- overlayfs access checks on underlying layers
Stephen Smalley
- overlayfs access checks on underlying layers
Amir Goldstein
- [PULL REQUEST] Lock down patches
Matthew Garrett
- [PATCH] tomoyo: Add a kernel config option for fuzzing testing.
Tetsuo Handa
- [PATCH] keys: fix missing __user in KEYCTL_PKEY_QUERY
James Morris
- [PATCH v4 1/2] LSM: SafeSetID: gate setgid transitions
James Morris
- [PATCH] tomoyo: Add a kernel config option for fuzzing testing.
James Morris
- [PATCH] keys: fix missing __user in KEYCTL_PKEY_QUERY
David Howells
- [PATCH v4 1/2] LSM: SafeSetID: gate setgid transitions
Micah Morton
- [PATCH v5 1/2] LSM: SafeSetID: gate setgid transitions
mortonm at chromium.org
- [PATCH v4 2/2] LSM: SafeSetID: gate setgid transitions
mortonm at chromium.org
- [GIT PULL] security subsystem changes for v5.1
James Morris
- [GIT PULL] SELinux patches for v5.1
Paul Moore
- [PATCH] vfs: Move kernel_read_file() to fs/read_write.c
David Howells
- [PATCH v7 0/7] Allow initializing the kernfs node's secctx based on its parent
Ondrej Mosnacek
- [PATCH v7 0/7] Allow initializing the kernfs node's secctx based on its parent
Paul Moore
- [RFC PATCH 0/2] Create CAAM HW key in linux keyring and use in dmcrypt
Jan Lübbe
- [RFC PATCH 0/2] Create CAAM HW key in linux keyring and use in dmcrypt
David Howells
- [PATCH v7 0/7] Allow initializing the kernfs node's secctx based on its parent
Casey Schaufler
- [PATCH] security: keys: Kconfig: pedantic cleanup
Enrico Weigelt, metux IT consult
- [PULL REQUEST] Kernel lockdown patches for 5.2
Matthew Garrett
- [PATCH 01/27] Add the ability to lock down access to the running kernel image
Matthew Garrett
- [PATCH 02/27] Add a SysRq option to lift kernel lockdown
Matthew Garrett
- [PATCH 03/27] Enforce module signatures if the kernel is locked down
Matthew Garrett
- [PATCH 04/27] Restrict /dev/{mem, kmem, port} when the kernel is locked down
Matthew Garrett
- [PATCH 05/27] kexec_load: Disable at runtime if the kernel is locked down
Matthew Garrett
- [PATCH 06/27] Copy secure_boot flag in boot params across kexec reboot
Matthew Garrett
- [PATCH 07/27] kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE
Matthew Garrett
- [PATCH 08/27] kexec_file: Restrict at runtime if the kernel is locked down
Matthew Garrett
- [PATCH 09/27] hibernate: Disable when the kernel is locked down
Matthew Garrett
- [PATCH 10/27] uswsusp: Disable when the kernel is locked down
Matthew Garrett
- [PATCH 11/27] PCI: Lock down BAR access when the kernel is locked down
Matthew Garrett
- [PATCH 12/27] x86: Lock down IO port access when the kernel is locked down
Matthew Garrett
- [PATCH 13/27] x86/msr: Restrict MSR access when the kernel is locked down
Matthew Garrett
- [PATCH 14/27] ACPI: Limit access to custom_method when the kernel is locked down
Matthew Garrett
- [PATCH 15/27] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down
Matthew Garrett
- [PATCH 16/27] acpi: Disable ACPI table override if the kernel is locked down
Matthew Garrett
- [PATCH 17/27] acpi: Disable APEI error injection if the kernel is locked down
Matthew Garrett
- [PATCH 18/27] Prohibit PCMCIA CIS storage when the kernel is locked down
Matthew Garrett
- [PATCH 19/27] Lock down TIOCSSERIAL
Matthew Garrett
- [PATCH 20/27] Lock down module params that specify hardware parameters (eg. ioport)
Matthew Garrett
- [PATCH 21/27] x86/mmiotrace: Lock down the testmmiotrace module
Matthew Garrett
- [PATCH 22/27] Lock down /proc/kcore
Matthew Garrett
- [PATCH 23/27] Lock down kprobes
Matthew Garrett
- [PATCH 24/27] bpf: Restrict kernel image access functions when the kernel is locked down
Matthew Garrett
- [PATCH 25/27] Lock down perf
Matthew Garrett
- [PATCH 26/27] debugfs: Restrict debugfs when the kernel is locked down
Matthew Garrett
- [PATCH 27/27] lockdown: Print current->comm in restriction messages
Matthew Garrett
- [PATCH 02/27] Add a SysRq option to lift kernel lockdown
Randy Dunlap
- [PATCH 02/27] Add a SysRq option to lift kernel lockdown
Matthew Garrett
- [PULL REQUEST] Kernel lockdown patches for 5.2
Mimi Zohar
- [PULL REQUEST] Kernel lockdown patches for 5.2
Matthew Garrett
- [PATCH v2 10/20] x86: avoid W^X being broken during modules loading
Borislav Petkov
- [PATCH v7 0/7] Allow initializing the kernfs node's secctx based on its parent
Ondrej Mosnacek
- [PATCH v7 0/7] Allow initializing the kernfs node's secctx based on its parent
Ondrej Mosnacek
- [PATCH 1/1] Smack :- In this patch, global rule list has been removed. Now all smack rules will be read using "smack_known_list". This list contains all the smack labels and internally each smack label structure maintains the list of smack rules corresponding to that smack label. So there is no need to maintain extra list.
Vishal Goel
- [PATCH 1/1] smack: removal of global rule list
Vishal Goel
- [RFC PATCH 0/2] Create CAAM HW key in linux keyring and use in dmcrypt
Franck Lenormand
- [RFC PATCH 0/2] Create CAAM HW key in linux keyring and use in dmcrypt
Franck Lenormand
- [PATCH 0/1] RFC: introduce CONFIG_INIT_ALL_MEMORY
Alexander Potapenko
- [PATCH 1/1] RFC: initmem: introduce CONFIG_INIT_ALL_MEMORY and CONFIG_INIT_ALL_STACK
Alexander Potapenko
- [PATCH 09/27] hibernate: Disable when the kernel is locked down
Alan Cox
- [PATCH] x86/cpufeature: Remove __pure attribute to _static_cpu_has()
Borislav Petkov
- [PATCH 02/27] Add a SysRq option to lift kernel lockdown
David Howells
- [PATCH] x86/cpufeature: Remove __pure attribute to _static_cpu_has()
hpa at zytor.com
- [PATCH v2 10/20] x86: avoid W^X being broken during modules loading
hpa at zytor.com
- [PATCH] x86/cpufeature: Remove __pure attribute to _static_cpu_has()
Borislav Petkov
- [PATCH v2 10/20] x86: avoid W^X being broken during modules loading
Borislav Petkov
- [PATCH 1/1] RFC: initmem: introduce CONFIG_INIT_ALL_MEMORY and CONFIG_INIT_ALL_STACK
Kees Cook
- [PATCH 09/27] hibernate: Disable when the kernel is locked down
Matthew Garrett
- [PATCH 1/1] RFC: initmem: introduce CONFIG_INIT_ALL_MEMORY and CONFIG_INIT_ALL_STACK
Nick Desaulniers
- [PATCH v2 10/20] x86: avoid W^X being broken during modules loading
Andy Lutomirski
- [PATCH v2 10/20] x86: avoid W^X being broken during modules loading
Borislav Petkov
- [GIT PULL] security subsystem changes for v5.1
pr-tracker-bot at kernel.org
- [GIT PULL] SELinux patches for v5.1
pr-tracker-bot at kernel.org
- [PATCH v2] x86/ima: require signed kernel modules
Matthew Garrett
- [PATCH 3/3] x86/ima: retry detecting secure boot mode
Matthew Garrett
- [PATCH v2] x86/ima: require signed kernel modules
Mimi Zohar
- [PATCH v2] x86/ima: require signed kernel modules
Matthew Garrett
- [PATCH v2] x86/ima: require signed kernel modules
Mimi Zohar
- [PATCH 3/3] x86/ima: retry detecting secure boot mode
Matthew Garrett
- [PATCH v2] x86/ima: require signed kernel modules
Matthew Garrett
- [PATCH 3/3] x86/ima: retry detecting secure boot mode
Mimi Zohar
- [PATCH 3/3] x86/ima: retry detecting secure boot mode
Matthew Garrett
- [PATCH 2/3] scripts/ima: define a set of common functions
Dave Young
- [PATCH 1/1] RFC: initmem: introduce CONFIG_INIT_ALL_MEMORY and CONFIG_INIT_ALL_STACK
Alexander Potapenko
- [PATCH 1/1] RFC: initmem: introduce CONFIG_INIT_ALL_MEMORY and CONFIG_INIT_ALL_STACK
Alexander Potapenko
- [PATCH v2 0/2] RFC: introduce CONFIG_INIT_ALL_MEMORY
Alexander Potapenko
- [PATCH v2 1/2] initmem: introduce CONFIG_INIT_ALL_MEMORY and CONFIG_INIT_ALL_STACK
Alexander Potapenko
- [PATCH v2 2/2] initmem: introduce CONFIG_INIT_ALL_HEAP
Alexander Potapenko
- [PATCH 1/1] RFC: initmem: introduce CONFIG_INIT_ALL_MEMORY and CONFIG_INIT_ALL_STACK
Alexander Potapenko
- [PATCH 3/3] x86/ima: retry detecting secure boot mode
Mimi Zohar
- [PATCH 2/3] scripts/ima: define a set of common functions
Mimi Zohar
- [PATCH 3/3] x86/ima: retry detecting secure boot mode
Matthew Garrett
- [PATCH 3/3] x86/ima: retry detecting secure boot mode
Mimi Zohar
- [PATCH 3/3] x86/ima: retry detecting secure boot mode
Matthew Garrett
- [GIT PULL] security: integrity subsystem updates for v5.1
James Morris
- [GIT PULL] security: tpm subsystem updates for v5.1
James Morris
- [PATCH 03/27] Enforce module signatures if the kernel is locked down
James Morris
- [PATCH 03/27] Enforce module signatures if the kernel is locked down
Matthew Garrett
- [PATCH 03/27] Enforce module signatures if the kernel is locked down
James Morris
- Inquiry March-2019
Daniel Murray
- [PATCH] tomoyo: Add a kernel config option for fuzzing testing.
Tetsuo Handa
- kernel panic: MAC Initialization failed. (3)
syzbot
- [PATCH] secuirty: integrity: ima: pedantic formatting
Enrico Weigelt, metux IT consult
- kernel panic: MAC Initialization failed. (3)
Tetsuo Handa
- [GIT PULL] security: tpm subsystem updates for v5.1
pr-tracker-bot at kernel.org
- [PATCH 3/3] x86/ima: retry detecting secure boot mode
Mimi Zohar
- [PATCH v4 2/2] LSM: SafeSetID: gate setgid transitions
Micah Morton
- [PATCH v4 2/2] LSM: SafeSetID: gate setgid transitions
James Morris
- [PATCH 3/3] x86/ima: retry detecting secure boot mode
Matthew Garrett
- [PATCH 1/1] smack: removal of global rule list
Casey Schaufler
- [PULL REQUEST] Kernel lockdown patches for 5.2
Matthew Garrett
- [PULL REQUEST] Kernel lockdown patches for 5.2
Mimi Zohar
- [GIT PULL] apparmor updates for v5.1
John Johansen
- [PATCH] tomoyo: Add a kernel config option for fuzzing testing.
James Morris
- [PATCH] tomoyo: Add a kernel config option for fuzzing testing.
James Morris
- [PATCH] tomoyo: Add a kernel config option for fuzzing testing.
Tetsuo Handa
- [PATCH] tomoyo: Add a kernel config option for fuzzing testing.
Tetsuo Handa
- [PATCH] tomoyo: Add a kernel config option for fuzzing testing.
James Morris
- [PATCH] tomoyo: Add a kernel config option for fuzzing testing.
James Morris
- [PATCH] tomoyo: Add a kernel config option for fuzzing testing.
Edwin Zimmerman
- [GIT PULL] SELinux fixes for v5.1 (#1)
Paul Moore
- [PATCH] tomoyo: Add a kernel config option for fuzzing testing.
Tetsuo Handa
- [PATCH] tomoyo: Add a kernel config option for fuzzing testing.
Paul Moore
- [GIT PULL] apparmor updates for v5.1
pr-tracker-bot at kernel.org
- [GIT PULL] SELinux fixes for v5.1 (#1)
pr-tracker-bot at kernel.org
- [PATCH AUTOSEL 4.20 13/60] keys: Fix dependency loop between construction record and auth key
Sasha Levin
- [PATCH AUTOSEL 4.19 11/48] keys: Fix dependency loop between construction record and auth key
Sasha Levin
- [PATCH AUTOSEL 4.14 07/33] keys: Fix dependency loop between construction record and auth key
Sasha Levin
- [PATCH] tomoyo: Add a kernel config option for fuzzing testing.
James Morris
- Replacing IPv6 port labeling with CALIPSO in Smack
Casey Schaufler
- [PATCH 1/1] Smack: Create smack_rule cache to optimize memory usage
Vishal Goel
- Add support for TCG2 log format on UEFI systems
Jarkko Sakkinen
- [PATCH 34/38] vfs: Convert apparmorfs to fs_context
David Howells
- [PATCH 35/38] vfs: Convert securityfs to fs_context
David Howells
- [PATCH 36/38] vfs: Convert selinuxfs to fs_context
David Howells
- [PATCH 37/38] vfs: Convert smackfs to fs_context
David Howells
- [PATCH 1/1] Smack: Create smack_rule cache to optimize memory usage
Casey Schaufler
- Add support for TCG2 log format on UEFI systems
Matthew Garrett
- [PATCH] security: inode: fix a missing check for securityfs_create_file
Kangjie Lu
- Add support for TCG2 log format on UEFI systems
Jarkko Sakkinen
- [PATCH] security: inode: fix a missing check for securityfs_create_file
James Morris
- [PATCH] security: inode: fix a missing check for securityfs_create_file
Kangjie Lu
- [PATCH] security: inode: fix a missing check for securityfs_create_file
Tetsuo Handa
- mount.nfs: Protocol error after upgrade to linux/master
Kees Cook
- mount.nfs: Protocol error after upgrade to linux/master
Kees Cook
- mount.nfs: Protocol error after upgrade to linux/master
Tetsuo Handa
- [PATCH ghak109 V1] audit: link integrity evm_write_xattrs record to syscall event
Richard Guy Briggs
- mount.nfs: Protocol error after upgrade to linux/master
Casey Schaufler
- [PATCH v19 17/27] x86/sgx: Add provisioning
Jarkko Sakkinen
- [PATCH RESEND] KEYS: remove CONFIG_KEYS_COMPAT
Eric Biggers
- [PATCH 09/27] hibernate: Disable when the kernel is locked down
Alan Cox
- [PATCH v10, RESEND 5/6] KEYS: trusted: explicitly use tpm_chip structure from tpm_default_chip()
Dan Williams
- [PATCH] device_cgroup: fix RCU imbalance in error case
Jann Horn
- [PATCH] device_cgroup: fix RCU imbalance in error case
Michal Hocko
- mount.nfs: Protocol error after upgrade to linux/master
Tetsuo Handa
- crypto: Kernel memory overwrite attempt detected to spans multiple pages
Geert Uytterhoeven
- mount.nfs: Protocol error after upgrade to linux/master
Casey Schaufler
- crypto: Kernel memory overwrite attempt detected to spans multiple pages
Eric Biggers
- [PATCH] device_cgroup: fix RCU imbalance in error case
Tejun Heo
- [PATCH v19 17/27] x86/sgx: Add provisioning
Sean Christopherson
- [PATCH v2 1/2] initmem: introduce CONFIG_INIT_ALL_MEMORY and CONFIG_INIT_ALL_STACK
Alexander Potapenko
- [PATCH v19,RESEND 17/27] x86/sgx: Add provisioning
Jarkko Sakkinen
- crypto: Kernel memory overwrite attempt detected to spans multiple pages
Eric Biggers
- [PATCH ghak109 V1] audit: link integrity evm_write_xattrs record to syscall event
Paul Moore
- [PATCH ghak109 V1] audit: link integrity evm_write_xattrs record to syscall event
Richard Guy Briggs
- [PATCH ghak109 V1] audit: link integrity evm_write_xattrs record to syscall event
Paul Moore
- [PATCH v19 17/27] x86/sgx: Add provisioning
Huang, Kai
- [PATCH v7 0/7] Allow initializing the kernfs node's secctx based on its parent
Paul Moore
- [PATCH v7 0/7] Allow initializing the kernfs node's secctx based on its parent
Ondrej Mosnacek
- [PATCH v10, RESEND 5/6] KEYS: trusted: explicitly use tpm_chip structure from tpm_default_chip()
Jarkko Sakkinen
- [PATCH v10, RESEND 5/6] KEYS: trusted: explicitly use tpm_chip structure from tpm_default_chip()
Roberto Sassu
- [GIT PULL] SELinux fixes for v5.1 (#2)
Paul Moore
- [PATCH v19 17/27] x86/sgx: Add provisioning
Jarkko Sakkinen
- [PATCH v19 17/27] x86/sgx: Add provisioning
Jarkko Sakkinen
- [PATCH v19 17/27] x86/sgx: Add provisioning
Nathaniel McCallum
- what happened to SECURITY_DAC?
Kees Cook
- mount.nfs: Protocol error after upgrade to linux/master
Kees Cook
- [PATCH v19 17/27] x86/sgx: Add provisioning
Andy Lutomirski
- crypto: Kernel memory overwrite attempt detected to spans multiple pages
Kees Cook
- [PATCH v2 1/2] initmem: introduce CONFIG_INIT_ALL_MEMORY and CONFIG_INIT_ALL_STACK
Kees Cook
- crypto: Kernel memory overwrite attempt detected to spans multiple pages
Eric Biggers
- [GIT PULL] SELinux fixes for v5.1 (#2)
pr-tracker-bot at kernel.org
- PRIVATE...
daniele at mybusinessdriver.com
- mount.nfs: Protocol error after upgrade to linux/master
Tetsuo Handa
- [PATCH v7 0/7] Allow initializing the kernfs node's secctx based on its parent
Paul Moore
- [PATCH v19 17/27] x86/sgx: Add provisioning
Huang, Kai
- [PATCH 1/2] efi: add a function for transferring status to string
Lee, Chun-Yi
- [PATCH 2/2] efi: print appropriate status message when loading certificates
Lee, Chun-Yi
- [PATCH] tpm: turn on TPM on suspend for TPM 1.x
Jarkko Sakkinen
- [PATCH 11/43] convert do_remount_sb() to fs_context
Andreas Schwab
- [PATCH v19 17/27] x86/sgx: Add provisioning
Jarkko Sakkinen
- [PATCH 11/43] convert do_remount_sb() to fs_context
David Howells
- [PATCH v19 17/27] x86/sgx: Add provisioning
Jarkko Sakkinen
- [PATCH v19 17/27] x86/sgx: Add provisioning
Jarkko Sakkinen
- [PATCH v19 17/27] x86/sgx: Add provisioning
Jarkko Sakkinen
- [PATCH 11/43] convert do_remount_sb() to fs_context
Andreas Schwab
- [PATCH 11/43] convert do_remount_sb() to fs_context
Andreas Schwab
- [PATCH 2/2] efi: print appropriate status message when loading certificates
Ard Biesheuvel
- [PATCH] KEYS: trusted: defer execution of TPM-specific code until key instantiate
Roberto Sassu
- [PATCH v19 17/27] x86/sgx: Add provisioning
Andy Lutomirski
- [PATCH] KEYS: trusted: defer execution of TPM-specific code until key instantiate
Dan Williams
- mount.nfs: Protocol error after upgrade to linux/master
Kees Cook
- mount.nfs: Protocol error after upgrade to linux/master
Tetsuo Handa
- [PATCH 2/2] efi: print appropriate status message when loading certificates
jlee at suse.com
- INFO: task hung in process_measurement
syzbot
- [PATCH 1/2] efi: add a function for transferring status to string
Lee, Chun-Yi
- Hi
Sgt Clara B Herbert
- [PATCH 1/2] efi: add a function for transferring status to string
Lee, Chun-Yi
- [PATCH 2/2 v2] efi: print appropriate status message when loading certificates
Lee, Chun-Yi
- Linux 5.1-rc2
Randy Dunlap
- [PATCH] LSM: lsm_hooks.h - fix missing colon in docstring
Ondrej Mosnacek
- Attention Dear,
Barr.Augusto Daniel.
- INFO: task hung in process_measurement
Tomi Valkeinen
- [PATCH] LSM: lsm_hooks.h - fix missing colon in docstring
Paul Moore
- [PATCH] KEYS: trusted: allow trusted.ko to initialize w/o a TPM
Jarkko Sakkinen
- [PATCH v19 17/27] x86/sgx: Add provisioning
Jarkko Sakkinen
- [PATCH] KEYS: trusted: defer execution of TPM-specific code until key instantiate
Jarkko Sakkinen
- Repost: Missing security_mmap_file() in remap_file_pages syscall
TongZhang
- Repost: Missing security_mmap_file() in remap_file_pages syscall
Kirill A. Shutemov
- Linux 5.1-rc2
James Morris
- Repost: Missing security_mmap_file() in remap_file_pages syscall
Stephen Smalley
- Linux 5.1-rc2
Tetsuo Handa
- [PATCH] tomoyo: Add a kernel config option for fuzzing testing.
Tetsuo Handa
- [PATCH] KEYS: trusted: allow trusted.ko to initialize w/o a TPM
Dan Williams
- [PULL REQUEST] Lockdown patches for 5.2
Matthew Garrett
- [PATCH 01/27] Add the ability to lock down access to the running kernel image
Matthew Garrett
- [PATCH 02/27] Enforce module signatures if the kernel is locked down
Matthew Garrett
- [PATCH 03/27] Restrict /dev/{mem, kmem, port} when the kernel is locked down
Matthew Garrett
- [PATCH 04/27] kexec_load: Disable at runtime if the kernel is locked down
Matthew Garrett
- [PATCH 05/27] Copy secure_boot flag in boot params across kexec reboot
Matthew Garrett
- [PATCH 06/27] kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE
Matthew Garrett
- [PATCH 07/27] kexec_file: Restrict at runtime if the kernel is locked down
Matthew Garrett
- [PATCH 08/27] hibernate: Disable when the kernel is locked down
Matthew Garrett
- [PATCH 09/27] uswsusp: Disable when the kernel is locked down
Matthew Garrett
- [PATCH 10/27] PCI: Lock down BAR access when the kernel is locked down
Matthew Garrett
- [PATCH 11/27] x86: Lock down IO port access when the kernel is locked down
Matthew Garrett
- [PATCH 12/27] x86/msr: Restrict MSR access when the kernel is locked down
Matthew Garrett
- [PATCH 13/27] ACPI: Limit access to custom_method when the kernel is locked down
Matthew Garrett
- [PATCH 14/27] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down
Matthew Garrett
- [PATCH 15/27] acpi: Disable ACPI table override if the kernel is locked down
Matthew Garrett
- [PATCH 16/27] acpi: Disable APEI error injection if the kernel is locked down
Matthew Garrett
- [PATCH 17/27] Prohibit PCMCIA CIS storage when the kernel is locked down
Matthew Garrett
- [PATCH 18/27] Lock down TIOCSSERIAL
Matthew Garrett
- [PATCH 19/27] Lock down module params that specify hardware parameters (eg. ioport)
Matthew Garrett
- [PATCH 20/27] x86/mmiotrace: Lock down the testmmiotrace module
Matthew Garrett
- [PATCH 21/27] Lock down /proc/kcore
Matthew Garrett
- [PATCH 22/27] Lock down kprobes
Matthew Garrett
- [PATCH 23/27] bpf: Restrict kernel image access functions when the kernel is locked down
Matthew Garrett
- [PATCH 24/27] Lock down perf
Matthew Garrett
- [PATCH 25/27] debugfs: Restrict debugfs when the kernel is locked down
Matthew Garrett
- [PATCH 26/27] lockdown: Print current->comm in restriction messages
Matthew Garrett
- [PATCH 27/27] kexec: Allow kexec_file() with appropriate IMA policy when locked down
Matthew Garrett
- [PATCH 1/1] RFC: security: add SECURE_KEEP_FSUID to preserve fsuid/fsgid across execve
Igor Lubashev
- [PATCH 0/1] RFC: security: add SECURE_KEEP_FSUID to preserve fsuid/fsgid across execve
Igor Lubashev
- [PATCH 20/27] x86/mmiotrace: Lock down the testmmiotrace module
Steven Rostedt
- [PATCH 12/27] x86/msr: Restrict MSR access when the kernel is locked down
Thomas Gleixner
- [PATCH 23/27] bpf: Restrict kernel image access functions when the kernel is locked down
Stephen Hemminger
- [PATCH 23/27] bpf: Restrict kernel image access functions when the kernel is locked down
Stephen Hemminger
- [PATCH 23/27] bpf: Restrict kernel image access functions when the kernel is locked down
Daniel Borkmann
- [PATCH 23/27] bpf: Restrict kernel image access functions when the kernel is locked down
Andy Lutomirski
- [PATCH 25/27] debugfs: Restrict debugfs when the kernel is locked down
Greg Kroah-Hartman
- [PATCH 25/27] debugfs: Restrict debugfs when the kernel is locked down
Matthew Garrett
- [PATCH 25/27] debugfs: Restrict debugfs when the kernel is locked down
Greg Kroah-Hartman
- [PATCH 01/27] Add the ability to lock down access to the running kernel image
Matthew Garrett
- [PATCH] KEYS: trusted: allow trusted.ko to initialize w/o a TPM
Jarkko Sakkinen
- [PATCH] KEYS: trusted: allow trusted.ko to initialize w/o a TPM
Jarkko Sakkinen
- [PATCH v2] KEYS: trusted: allow trusted.ko to initialize w/o a TPM
Jarkko Sakkinen
- [PATCH v3] KEYS: trusted: allow trusted.ko to initialize w/o a TPM
Jarkko Sakkinen
- [PATCH 22/27] Lock down kprobes
Masami Hiramatsu
- [PATCH 23/27] bpf: Restrict kernel image access functions when the kernel is locked down
Jordan Glover
- [PATCH v2 00/11] LSM documentation update
Denis Efremov
- [PATCH v2 00/11] LSM documentation update
Jonathan Corbet
- [PATCH ghak109 V1] audit: link integrity evm_write_xattrs record to syscall event
Mimi Zohar
- [PATCH ghak109 V1] audit: link integrity evm_write_xattrs record to syscall event
Steve Grubb
- [PATCH ghak109 V1] audit: link integrity evm_write_xattrs record to syscall event
Mimi Zohar
- [PATCH 27/27] kexec: Allow kexec_file() with appropriate IMA policy when locked down
Mimi Zohar
- [PATCH ghak109 V1] audit: link integrity evm_write_xattrs record to syscall event
Richard Guy Briggs
- [PATCH 22/27] Lock down kprobes
Matthew Garrett
- [PATCH ghak109 V1] audit: link integrity evm_write_xattrs record to syscall event
Richard Guy Briggs
- [PATCH ghak109 V1] audit: link integrity evm_write_xattrs record to syscall event
Matthew Garrett
- [PATCH v2 00/11] LSM documentation update
James Morris
- [PATCH V31 00/25] Add support for kernel lockdown
Matthew Garrett
- [PATCH V31 01/25] Add the ability to lock down access to the running kernel image
Matthew Garrett
- [PATCH V31 02/25] Enforce module signatures if the kernel is locked down
Matthew Garrett
- [PATCH V31 03/25] Restrict /dev/{mem,kmem,port} when the kernel is locked down
Matthew Garrett
- [PATCH V31 04/25] kexec_load: Disable at runtime if the kernel is locked down
Matthew Garrett
- [PATCH V31 05/25] Copy secure_boot flag in boot params across kexec reboot
Matthew Garrett
- [PATCH V31 06/25] kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE
Matthew Garrett
- [PATCH V31 07/25] kexec_file: Restrict at runtime if the kernel is locked down
Matthew Garrett
- [PATCH V31 08/25] hibernate: Disable when the kernel is locked down
Matthew Garrett
- [PATCH V31 09/25] uswsusp: Disable when the kernel is locked down
Matthew Garrett
- [PATCH V31 10/25] PCI: Lock down BAR access when the kernel is locked down
Matthew Garrett
- [PATCH V31 11/25] x86: Lock down IO port access when the kernel is locked down
Matthew Garrett
- [PATCH V31 12/25] x86/msr: Restrict MSR access when the kernel is locked down
Matthew Garrett
- [PATCH V31 13/25] ACPI: Limit access to custom_method when the kernel is locked down
Matthew Garrett
- [PATCH V31 14/25] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down
Matthew Garrett
- [PATCH V31 15/25] acpi: Disable ACPI table override if the kernel is locked down
Matthew Garrett
- [PATCH V31 16/25] Prohibit PCMCIA CIS storage when the kernel is locked down
Matthew Garrett
- [PATCH V31 17/25] Lock down TIOCSSERIAL
Matthew Garrett
- [PATCH V31 18/25] Lock down module params that specify hardware parameters (eg. ioport)
Matthew Garrett
- [PATCH V31 19/25] x86/mmiotrace: Lock down the testmmiotrace module
Matthew Garrett
- [PATCH V31 20/25] Lock down /proc/kcore
Matthew Garrett
- [PATCH V31 21/25] Lock down kprobes when in confidentiality mode
Matthew Garrett
- [PATCH V31 22/25] bpf: Restrict bpf when kernel lockdown is in confidentiality mode
Matthew Garrett
- [PATCH V31 23/25] Lock down perf when in confidentiality mode
Matthew Garrett
- [PATCH V31 24/25] lockdown: Print current->comm in restriction messages
Matthew Garrett
- [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down
Matthew Garrett
- [PATCH ghak109 V2] audit: link integrity evm_write_xattrs record to syscall event
Richard Guy Briggs
- [PATCH 23/27] bpf: Restrict kernel image access functions when the kernel is locked down
James Morris
- [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down
Andy Lutomirski
- [PATCH V31 22/25] bpf: Restrict bpf when kernel lockdown is in confidentiality mode
Andy Lutomirski
- [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down
Matthew Garrett
- [PATCH 23/27] bpf: Restrict kernel image access functions when the kernel is locked down
Andy Lutomirski
- [PATCH 23/27] bpf: Restrict kernel image access functions when the kernel is locked down
Matthew Garrett
- [PATCH ghak109 V2] audit: link integrity evm_write_xattrs record to syscall event
Mimi Zohar
- [PATCH V31 10/25] PCI: Lock down BAR access when the kernel is locked down
Andy Lutomirski
- [PATCH V31 11/25] x86: Lock down IO port access when the kernel is locked down
Andy Lutomirski
- [PATCH V31 10/25] PCI: Lock down BAR access when the kernel is locked down
Alex Williamson
- Hello
Mr Wong
- [PATCH 22/27] Lock down kprobes
Masami Hiramatsu
- [PATCH] Yama: mark local symbols as static
Jann Horn
- Linux security subsystem tree sync to v5.1-rc2
James Morris
- Linux security subsystem tree sync to v5.1-rc2
Casey Schaufler
- [PATCH ghak109 V2] audit: link integrity evm_write_xattrs record to syscall event
Paul Moore
- [PATCH v19 17/27] x86/sgx: Add provisioning
Sean Christopherson
- [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down
Greg KH
- [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down
Greg KH
- [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down
Matthew Garrett
- [PATCH v2 00/11] LSM documentation update
James Morris
- [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down
Greg KH
- [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down
Andy Lutomirski
- [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down
Greg KH
- [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down
Andy Lutomirski
- [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down
Greg KH
- [PATCH] Yama: mark function as static
Mukesh Ojha
- [PATCH] Yama: mark local symbols as static
Mukesh Ojha
- [PATCH ghak109 V2] audit: link integrity evm_write_xattrs record to syscall event
Mimi Zohar
- [PATCH] security: don't use RCU accessors for cred->session_keyring
Jann Horn
- [PATCH] keys: safe concurrent user->{session,uid}_keyring access
Jann Horn
- [PATCH V31 19/25] x86/mmiotrace: Lock down the testmmiotrace module
Steven Rostedt
- [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down
James Morris
- [PATCH V31 19/25] x86/mmiotrace: Lock down the testmmiotrace module
Matthew Garrett
- [PATCH v3] KEYS: trusted: allow trusted.ko to initialize w/o a TPM
Dan Williams
- [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down
Andy Lutomirski
- [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down
Matthew Garrett
- [PATCH AUTOSEL 5.0 010/262] apparmor: fix double free when unpack of secmark rules fails
Sasha Levin
- [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down
Greg KH
- [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down
Greg KH
- [PATCH 1/2] efi: add a function for transferring status to string
Ard Biesheuvel
- [PATCH 1/2] efi: add a function for transferring status to string
Mimi Zohar
- Linux 5.1-rc2
Kees Cook
- [PATCH 2/2 v2] efi: print appropriate status message when loading certificates
Mimi Zohar
- Linux 5.1-rc2
Tetsuo Handa
- Linux 5.1-rc2
Kees Cook
- Linux 5.1-rc2
Tetsuo Handa
- Linux 5.1-rc2
Kees Cook
- Linux 5.1-rc2
Tetsuo Handa
- [PATCH ghak109 V2] audit: link integrity evm_write_xattrs record to syscall event
Paul Moore
- Linux 5.1-rc2
Casey Schaufler
- Linux 5.1-rc2
Randy Dunlap
- Linux 5.1-rc2
Casey Schaufler
- [RFC PATCH 37/68] vfs: Convert apparmorfs to use the new mount API
David Howells
- [RFC PATCH 38/68] vfs: Convert securityfs to use the new mount API
David Howells
- [RFC PATCH 39/68] vfs: Convert selinuxfs to use the new mount API
David Howells
- [RFC PATCH 40/68] vfs: Convert smackfs to use the new mount API
David Howells
- [PATCH 23/27] bpf: Restrict kernel image access functions when the kernel is locked down
James Morris
- [PATCH AUTOSEL 5.0 010/262] apparmor: fix double free when unpack of secmark rules fails
Pavel Machek
- [PATCH v3] KEYS: trusted: allow trusted.ko to initialize w/o a TPM
Jarkko Sakkinen
- [PATCH] tpm: turn on TPM on suspend for TPM 1.x
Domenico Andreoli
- [PATCH 23/27] bpf: Restrict kernel image access functions when the kernel is locked down
Matthew Garrett
- [PATCH 23/27] bpf: Restrict kernel image access functions when the kernel is locked down
James Morris
- [PATCH 23/27] bpf: Restrict kernel image access functions when the kernel is locked down
Matthew Garrett
- [PATCH] tpm: turn on TPM on suspend for TPM 1.x
Jarkko Sakkinen
- Should mprotect(..., PROT_EXEC) be checked by IMA?
Mimi Zohar
- Should mprotect(..., PROT_EXEC) be checked by IMA?
Jordan Glover
- [GIT PULL] tpmdd fixes for Linux v5.1
Jarkko Sakkinen
- Should mprotect(..., PROT_EXEC) be checked by IMA?
Stephen Smalley
- Should mprotect(..., PROT_EXEC) be checked by IMA?
Igor Zhbanov
- LoadPin old-api-denied
Martin Townsend
- [PATCH 2/2 v2] efi: print appropriate status message when loading certificates
jlee at suse.com
- LoadPin old-api-denied
Martin Townsend
- [PATCH v5 1/2] LSM: SafeSetID: gate setgid transitions
James Morris
- Linux 5.1-rc2
James Morris
- [GIT PULL] security: yama fix for v5.1
James Morris
- [GIT PULL] tpmdd fixes for Linux v5.1
James Morris
- [PATCH] LSM: Revive CONFIG_DEFAULT_SECURITY_* for "make oldconfig"
Kees Cook
- LoadPin old-api-denied
Kees Cook
- [PATCH v5 1/2] LSM: SafeSetID: gate setgid transitions
Casey Schaufler
- [GIT PULL][UPDATED] security: yama and LSM config fixes
James Morris
- [PATCH] LSM: Revive CONFIG_DEFAULT_SECURITY_* for "make oldconfig"
Tetsuo Handa
- [PATCH 1/2] efi: add a function for transferring status to string
joeyli
- [PATCH 1/2] efi: add a function for transferring status to string
joeyli
- Hello
Mr Wong
- [GIT PULL] security: yama fix for v5.1
pr-tracker-bot at kernel.org
- [GIT PULL][UPDATED] security: yama and LSM config fixes
pr-tracker-bot at kernel.org
Last message date:
Sat Mar 30 17:30:11 UTC 2019
Archived on: Sat Mar 30 21:45:01 UTC 2019
This archive was generated by
Pipermail 0.09 (Mailman edition).