March 2019 Archives by subject
Starting: Fri Mar 1 00:05:20 UTC 2019
Ending: Sat Mar 30 17:30:11 UTC 2019
Messages: 428
- [GIT PULL] apparmor updates for v5.1
John Johansen
- [GIT PULL] apparmor updates for v5.1
pr-tracker-bot at kernel.org
- [GIT PULL] security subsystem changes for v5.1
James Morris
- [GIT PULL] security subsystem changes for v5.1
pr-tracker-bot at kernel.org
- [GIT PULL] security: integrity subsystem updates for v5.1
James Morris
- [GIT PULL] security: tpm subsystem updates for v5.1
James Morris
- [GIT PULL] security: tpm subsystem updates for v5.1
pr-tracker-bot at kernel.org
- [GIT PULL] security: yama fix for v5.1
James Morris
- [GIT PULL] security: yama fix for v5.1
pr-tracker-bot at kernel.org
- [GIT PULL] SELinux fixes for v5.1 (#1)
Paul Moore
- [GIT PULL] SELinux fixes for v5.1 (#1)
pr-tracker-bot at kernel.org
- [GIT PULL] SELinux fixes for v5.1 (#2)
Paul Moore
- [GIT PULL] SELinux fixes for v5.1 (#2)
pr-tracker-bot at kernel.org
- [GIT PULL] SELinux patches for v5.1
Paul Moore
- [GIT PULL] SELinux patches for v5.1
pr-tracker-bot at kernel.org
- [GIT PULL] tpmdd fixes for Linux v5.1
Jarkko Sakkinen
- [GIT PULL] tpmdd fixes for Linux v5.1
James Morris
- [GIT PULL][UPDATED] security: yama and LSM config fixes
James Morris
- [GIT PULL][UPDATED] security: yama and LSM config fixes
pr-tracker-bot at kernel.org
- [PATCH 0/1] RFC: introduce CONFIG_INIT_ALL_MEMORY
Alexander Potapenko
- [PATCH 0/1] RFC: security: add SECURE_KEEP_FSUID to preserve fsuid/fsgid across execve
Igor Lubashev
- [PATCH 00/97] LSM: Complete module stacking
Stephen Smalley
- [PATCH 00/97] LSM: Complete module stacking
Casey Schaufler
- [PATCH 01/27] Add the ability to lock down access to the running kernel image
Matthew Garrett
- [PATCH 01/27] Add the ability to lock down access to the running kernel image
Matthew Garrett
- [PATCH 01/27] Add the ability to lock down access to the running kernel image
Matthew Garrett
- [PATCH 01/97] LSM: Infrastructure management of the superblock
Edwin Zimmerman
- [PATCH 01/97] LSM: Infrastructure management of the superblock
Casey Schaufler
- [PATCH 02/27] Add a SysRq option to lift kernel lockdown
Matthew Garrett
- [PATCH 02/27] Add a SysRq option to lift kernel lockdown
Randy Dunlap
- [PATCH 02/27] Add a SysRq option to lift kernel lockdown
Matthew Garrett
- [PATCH 02/27] Add a SysRq option to lift kernel lockdown
David Howells
- [PATCH 02/27] Enforce module signatures if the kernel is locked down
Matthew Garrett
- [PATCH 03/27] Enforce module signatures if the kernel is locked down
James Morris
- [PATCH 03/27] Enforce module signatures if the kernel is locked down
Matthew Garrett
- [PATCH 03/27] Enforce module signatures if the kernel is locked down
James Morris
- [PATCH 03/27] Enforce module signatures if the kernel is locked down
Matthew Garrett
- [PATCH 03/27] Restrict /dev/{mem, kmem, port} when the kernel is locked down
Matthew Garrett
- [PATCH 04/27] kexec_load: Disable at runtime if the kernel is locked down
Matthew Garrett
- [PATCH 04/27] Restrict /dev/{mem, kmem, port} when the kernel is locked down
Matthew Garrett
- [PATCH 05/27] Copy secure_boot flag in boot params across kexec reboot
Matthew Garrett
- [PATCH 05/27] kexec_load: Disable at runtime if the kernel is locked down
Matthew Garrett
- [PATCH 05/97] LSM: Create an lsm_export data structure.
Stephen Smalley
- [PATCH 05/97] LSM: Create an lsm_export data structure.
Casey Schaufler
- [PATCH 06/27] Copy secure_boot flag in boot params across kexec reboot
Matthew Garrett
- [PATCH 06/27] kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE
Matthew Garrett
- [PATCH 07/27] kexec_file: Restrict at runtime if the kernel is locked down
Matthew Garrett
- [PATCH 07/27] kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE
Matthew Garrett
- [PATCH 08/27] hibernate: Disable when the kernel is locked down
Matthew Garrett
- [PATCH 08/27] kexec_file: Restrict at runtime if the kernel is locked down
Mimi Zohar
- [PATCH 08/27] kexec_file: Restrict at runtime if the kernel is locked down
Matthew Garrett
- [PATCH 09/27] hibernate: Disable when the kernel is locked down
Matthew Garrett
- [PATCH 09/27] hibernate: Disable when the kernel is locked down
Alan Cox
- [PATCH 09/27] hibernate: Disable when the kernel is locked down
Matthew Garrett
- [PATCH 09/27] hibernate: Disable when the kernel is locked down
Alan Cox
- [PATCH 09/27] uswsusp: Disable when the kernel is locked down
Matthew Garrett
- [PATCH 1/1] RFC: initmem: introduce CONFIG_INIT_ALL_MEMORY and CONFIG_INIT_ALL_STACK
Alexander Potapenko
- [PATCH 1/1] RFC: initmem: introduce CONFIG_INIT_ALL_MEMORY and CONFIG_INIT_ALL_STACK
Kees Cook
- [PATCH 1/1] RFC: initmem: introduce CONFIG_INIT_ALL_MEMORY and CONFIG_INIT_ALL_STACK
Nick Desaulniers
- [PATCH 1/1] RFC: initmem: introduce CONFIG_INIT_ALL_MEMORY and CONFIG_INIT_ALL_STACK
Alexander Potapenko
- [PATCH 1/1] RFC: initmem: introduce CONFIG_INIT_ALL_MEMORY and CONFIG_INIT_ALL_STACK
Alexander Potapenko
- [PATCH 1/1] RFC: initmem: introduce CONFIG_INIT_ALL_MEMORY and CONFIG_INIT_ALL_STACK
Alexander Potapenko
- [PATCH 1/1] RFC: security: add SECURE_KEEP_FSUID to preserve fsuid/fsgid across execve
Igor Lubashev
- [PATCH 1/1] Smack :- In this patch, global rule list has been removed. Now all smack rules will be read using "smack_known_list". This list contains all the smack labels and internally each smack label structure maintains the list of smack rules corresponding to that smack label. So there is no need to maintain extra list.
Vishal Goel
- [PATCH 1/1] Smack: Create smack_rule cache to optimize memory usage
Casey Schaufler
- [PATCH 1/1] Smack: Create smack_rule cache to optimize memory usage
Vishal Goel
- [PATCH 1/1] smack: removal of global rule list
Vishal Goel
- [PATCH 1/1] smack: removal of global rule list
Casey Schaufler
- [PATCH 1/2] efi: add a function for transferring status to string
Lee, Chun-Yi
- [PATCH 1/2] efi: add a function for transferring status to string
Lee, Chun-Yi
- [PATCH 1/2] efi: add a function for transferring status to string
Lee, Chun-Yi
- [PATCH 1/2] efi: add a function for transferring status to string
Ard Biesheuvel
- [PATCH 1/2] efi: add a function for transferring status to string
Mimi Zohar
- [PATCH 1/2] efi: add a function for transferring status to string
joeyli
- [PATCH 1/2] efi: add a function for transferring status to string
joeyli
- [PATCH 10/27] PCI: Lock down BAR access when the kernel is locked down
Matthew Garrett
- [PATCH 10/27] uswsusp: Disable when the kernel is locked down
Matthew Garrett
- [PATCH 11/27] PCI: Lock down BAR access when the kernel is locked down
Matthew Garrett
- [PATCH 11/27] x86: Lock down IO port access when the kernel is locked down
Matthew Garrett
- [PATCH 11/43] convert do_remount_sb() to fs_context
Andreas Schwab
- [PATCH 11/43] convert do_remount_sb() to fs_context
David Howells
- [PATCH 11/43] convert do_remount_sb() to fs_context
Andreas Schwab
- [PATCH 11/43] convert do_remount_sb() to fs_context
Andreas Schwab
- [PATCH 11/97] LSM: Use lsm_export in the kernel_ask_as hooks
Edwin Zimmerman
- [PATCH 11/97] LSM: Use lsm_export in the kernel_ask_as hooks
Casey Schaufler
- [PATCH 12/27] x86/msr: Restrict MSR access when the kernel is locked down
Thomas Gleixner
- [PATCH 12/27] x86/msr: Restrict MSR access when the kernel is locked down
Matthew Garrett
- [PATCH 12/27] x86: Lock down IO port access when the kernel is locked down
Matthew Garrett
- [PATCH 13/27] ACPI: Limit access to custom_method when the kernel is locked down
Matthew Garrett
- [PATCH 13/27] x86/msr: Restrict MSR access when the kernel is locked down
Matthew Garrett
- [PATCH 14/27] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down
Matthew Garrett
- [PATCH 14/27] ACPI: Limit access to custom_method when the kernel is locked down
Matthew Garrett
- [PATCH 15/27] acpi: Disable ACPI table override if the kernel is locked down
Matthew Garrett
- [PATCH 15/27] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down
Matthew Garrett
- [PATCH 15/43] vfs: Add configuration parser helpers
Al Viro
- [PATCH 16/27] acpi: Disable ACPI table override if the kernel is locked down
Matthew Garrett
- [PATCH 16/27] acpi: Disable APEI error injection if the kernel is locked down
Matthew Garrett
- [PATCH 17/27] acpi: Disable APEI error injection if the kernel is locked down
Matthew Garrett
- [PATCH 17/27] Prohibit PCMCIA CIS storage when the kernel is locked down
Matthew Garrett
- [PATCH 18/27] Lock down TIOCSSERIAL
Matthew Garrett
- [PATCH 18/27] Prohibit PCMCIA CIS storage when the kernel is locked down
Matthew Garrett
- [PATCH 19/27] Lock down module params that specify hardware parameters (eg. ioport)
Matthew Garrett
- [PATCH 19/27] Lock down TIOCSSERIAL
Matthew Garrett
- [PATCH 2/2 v2] efi: print appropriate status message when loading certificates
Mimi Zohar
- [PATCH 2/2 v2] efi: print appropriate status message when loading certificates
jlee at suse.com
- [PATCH 2/2 v2] efi: print appropriate status message when loading certificates
Lee, Chun-Yi
- [PATCH 2/2] efi: print appropriate status message when loading certificates
Lee, Chun-Yi
- [PATCH 2/2] efi: print appropriate status message when loading certificates
Ard Biesheuvel
- [PATCH 2/2] efi: print appropriate status message when loading certificates
jlee at suse.com
- [PATCH 2/3] scripts/ima: define a set of common functions
Dave Young
- [PATCH 2/3] scripts/ima: define a set of common functions
Mimi Zohar
- [PATCH 20/27] Lock down module params that specify hardware parameters (eg. ioport)
Matthew Garrett
- [PATCH 20/27] x86/mmiotrace: Lock down the testmmiotrace module
Matthew Garrett
- [PATCH 20/27] x86/mmiotrace: Lock down the testmmiotrace module
Steven Rostedt
- [PATCH 21/27] Lock down /proc/kcore
Matthew Garrett
- [PATCH 21/27] x86/mmiotrace: Lock down the testmmiotrace module
Matthew Garrett
- [PATCH 22/27] Lock down /proc/kcore
Matthew Garrett
- [PATCH 22/27] Lock down kprobes
Matthew Garrett
- [PATCH 22/27] Lock down kprobes
Masami Hiramatsu
- [PATCH 22/27] Lock down kprobes
Matthew Garrett
- [PATCH 22/27] Lock down kprobes
Masami Hiramatsu
- [PATCH 23/27] bpf: Restrict kernel image access functions when the kernel is locked down
Stephen Hemminger
- [PATCH 23/27] bpf: Restrict kernel image access functions when the kernel is locked down
Stephen Hemminger
- [PATCH 23/27] bpf: Restrict kernel image access functions when the kernel is locked down
Daniel Borkmann
- [PATCH 23/27] bpf: Restrict kernel image access functions when the kernel is locked down
Andy Lutomirski
- [PATCH 23/27] bpf: Restrict kernel image access functions when the kernel is locked down
Jordan Glover
- [PATCH 23/27] bpf: Restrict kernel image access functions when the kernel is locked down
James Morris
- [PATCH 23/27] bpf: Restrict kernel image access functions when the kernel is locked down
Andy Lutomirski
- [PATCH 23/27] bpf: Restrict kernel image access functions when the kernel is locked down
Matthew Garrett
- [PATCH 23/27] bpf: Restrict kernel image access functions when the kernel is locked down
James Morris
- [PATCH 23/27] bpf: Restrict kernel image access functions when the kernel is locked down
Matthew Garrett
- [PATCH 23/27] bpf: Restrict kernel image access functions when the kernel is locked down
James Morris
- [PATCH 23/27] bpf: Restrict kernel image access functions when the kernel is locked down
Matthew Garrett
- [PATCH 23/27] bpf: Restrict kernel image access functions when the kernel is locked down
Matthew Garrett
- [PATCH 23/27] Lock down kprobes
Matthew Garrett
- [PATCH 24/27] bpf: Restrict kernel image access functions when the kernel is locked down
Matthew Garrett
- [PATCH 24/27] Lock down perf
Matthew Garrett
- [PATCH 25/27] debugfs: Restrict debugfs when the kernel is locked down
Greg Kroah-Hartman
- [PATCH 25/27] debugfs: Restrict debugfs when the kernel is locked down
Greg Kroah-Hartman
- [PATCH 25/27] debugfs: Restrict debugfs when the kernel is locked down
Matthew Garrett
- [PATCH 25/27] debugfs: Restrict debugfs when the kernel is locked down
Matthew Garrett
- [PATCH 25/27] Lock down perf
Matthew Garrett
- [PATCH 26/27] debugfs: Restrict debugfs when the kernel is locked down
Matthew Garrett
- [PATCH 26/27] lockdown: Print current->comm in restriction messages
Matthew Garrett
- [PATCH 27/27] kexec: Allow kexec_file() with appropriate IMA policy when locked down
Mimi Zohar
- [PATCH 27/27] kexec: Allow kexec_file() with appropriate IMA policy when locked down
Matthew Garrett
- [PATCH 27/27] lockdown: Print current->comm in restriction messages
Matthew Garrett
- [PATCH 3/3] x86/ima: retry detecting secure boot mode
Matthew Garrett
- [PATCH 3/3] x86/ima: retry detecting secure boot mode
Matthew Garrett
- [PATCH 3/3] x86/ima: retry detecting secure boot mode
Mimi Zohar
- [PATCH 3/3] x86/ima: retry detecting secure boot mode
Matthew Garrett
- [PATCH 3/3] x86/ima: retry detecting secure boot mode
Mimi Zohar
- [PATCH 3/3] x86/ima: retry detecting secure boot mode
Matthew Garrett
- [PATCH 3/3] x86/ima: retry detecting secure boot mode
Mimi Zohar
- [PATCH 3/3] x86/ima: retry detecting secure boot mode
Matthew Garrett
- [PATCH 3/3] x86/ima: retry detecting secure boot mode
Mimi Zohar
- [PATCH 3/3] x86/ima: retry detecting secure boot mode
Matthew Garrett
- [PATCH 34/38] vfs: Convert apparmorfs to fs_context
David Howells
- [PATCH 35/38] vfs: Convert securityfs to fs_context
David Howells
- [PATCH 36/38] vfs: Convert selinuxfs to fs_context
David Howells
- [PATCH 37/38] vfs: Convert smackfs to fs_context
David Howells
- [PATCH AUTOSEL 4.14 07/33] keys: Fix dependency loop between construction record and auth key
Sasha Levin
- [PATCH AUTOSEL 4.19 11/48] keys: Fix dependency loop between construction record and auth key
Sasha Levin
- [PATCH AUTOSEL 4.20 13/60] keys: Fix dependency loop between construction record and auth key
Sasha Levin
- [PATCH AUTOSEL 5.0 010/262] apparmor: fix double free when unpack of secmark rules fails
Pavel Machek
- [PATCH AUTOSEL 5.0 010/262] apparmor: fix double free when unpack of secmark rules fails
Sasha Levin
- [PATCH ghak109 V1] audit: link integrity evm_write_xattrs record to syscall event
Mimi Zohar
- [PATCH ghak109 V1] audit: link integrity evm_write_xattrs record to syscall event
Mimi Zohar
- [PATCH ghak109 V1] audit: link integrity evm_write_xattrs record to syscall event
Paul Moore
- [PATCH ghak109 V1] audit: link integrity evm_write_xattrs record to syscall event
Richard Guy Briggs
- [PATCH ghak109 V1] audit: link integrity evm_write_xattrs record to syscall event
Paul Moore
- [PATCH ghak109 V1] audit: link integrity evm_write_xattrs record to syscall event
Steve Grubb
- [PATCH ghak109 V1] audit: link integrity evm_write_xattrs record to syscall event
Richard Guy Briggs
- [PATCH ghak109 V1] audit: link integrity evm_write_xattrs record to syscall event
Richard Guy Briggs
- [PATCH ghak109 V1] audit: link integrity evm_write_xattrs record to syscall event
Matthew Garrett
- [PATCH ghak109 V1] audit: link integrity evm_write_xattrs record to syscall event
Richard Guy Briggs
- [PATCH ghak109 V2] audit: link integrity evm_write_xattrs record to syscall event
Mimi Zohar
- [PATCH ghak109 V2] audit: link integrity evm_write_xattrs record to syscall event
Mimi Zohar
- [PATCH ghak109 V2] audit: link integrity evm_write_xattrs record to syscall event
Paul Moore
- [PATCH ghak109 V2] audit: link integrity evm_write_xattrs record to syscall event
Paul Moore
- [PATCH ghak109 V2] audit: link integrity evm_write_xattrs record to syscall event
Richard Guy Briggs
- [PATCH RESEND] KEYS: remove CONFIG_KEYS_COMPAT
Eric Biggers
- [PATCH v10, RESEND 5/6] KEYS: trusted: explicitly use tpm_chip structure from tpm_default_chip()
Dan Williams
- [PATCH v10, RESEND 5/6] KEYS: trusted: explicitly use tpm_chip structure from tpm_default_chip()
Jarkko Sakkinen
- [PATCH v10, RESEND 5/6] KEYS: trusted: explicitly use tpm_chip structure from tpm_default_chip()
Roberto Sassu
- [PATCH v19 17/27] x86/sgx: Add provisioning
Jarkko Sakkinen
- [PATCH v19 17/27] x86/sgx: Add provisioning
Sean Christopherson
- [PATCH v19 17/27] x86/sgx: Add provisioning
Huang, Kai
- [PATCH v19 17/27] x86/sgx: Add provisioning
Jarkko Sakkinen
- [PATCH v19 17/27] x86/sgx: Add provisioning
Jarkko Sakkinen
- [PATCH v19 17/27] x86/sgx: Add provisioning
Nathaniel McCallum
- [PATCH v19 17/27] x86/sgx: Add provisioning
Andy Lutomirski
- [PATCH v19 17/27] x86/sgx: Add provisioning
Huang, Kai
- [PATCH v19 17/27] x86/sgx: Add provisioning
Jarkko Sakkinen
- [PATCH v19 17/27] x86/sgx: Add provisioning
Jarkko Sakkinen
- [PATCH v19 17/27] x86/sgx: Add provisioning
Jarkko Sakkinen
- [PATCH v19 17/27] x86/sgx: Add provisioning
Jarkko Sakkinen
- [PATCH v19 17/27] x86/sgx: Add provisioning
Andy Lutomirski
- [PATCH v19 17/27] x86/sgx: Add provisioning
Jarkko Sakkinen
- [PATCH v19 17/27] x86/sgx: Add provisioning
Sean Christopherson
- [PATCH v19,RESEND 17/27] x86/sgx: Add provisioning
Jarkko Sakkinen
- [PATCH v2 0/2] RFC: introduce CONFIG_INIT_ALL_MEMORY
Alexander Potapenko
- [PATCH v2 00/11] LSM documentation update
Denis Efremov
- [PATCH v2 00/11] LSM documentation update
Jonathan Corbet
- [PATCH v2 00/11] LSM documentation update
James Morris
- [PATCH v2 00/11] LSM documentation update
James Morris
- [PATCH v2 1/2] initmem: introduce CONFIG_INIT_ALL_MEMORY and CONFIG_INIT_ALL_STACK
Alexander Potapenko
- [PATCH v2 1/2] initmem: introduce CONFIG_INIT_ALL_MEMORY and CONFIG_INIT_ALL_STACK
Alexander Potapenko
- [PATCH v2 1/2] initmem: introduce CONFIG_INIT_ALL_MEMORY and CONFIG_INIT_ALL_STACK
Kees Cook
- [PATCH v2 10/20] x86: avoid W^X being broken during modules loading
Borislav Petkov
- [PATCH v2 10/20] x86: avoid W^X being broken during modules loading
hpa at zytor.com
- [PATCH v2 10/20] x86: avoid W^X being broken during modules loading
Borislav Petkov
- [PATCH v2 10/20] x86: avoid W^X being broken during modules loading
Andy Lutomirski
- [PATCH v2 10/20] x86: avoid W^X being broken during modules loading
Borislav Petkov
- [PATCH v2 2/2] initmem: introduce CONFIG_INIT_ALL_HEAP
Alexander Potapenko
- [PATCH v2] KEYS: trusted: allow trusted.ko to initialize w/o a TPM
Jarkko Sakkinen
- [PATCH v2] x86/ima: require signed kernel modules
Matthew Garrett
- [PATCH v2] x86/ima: require signed kernel modules
Mimi Zohar
- [PATCH v2] x86/ima: require signed kernel modules
Matthew Garrett
- [PATCH v2] x86/ima: require signed kernel modules
Mimi Zohar
- [PATCH v2] x86/ima: require signed kernel modules
Matthew Garrett
- [PATCH V31 00/25] Add support for kernel lockdown
Matthew Garrett
- [PATCH V31 01/25] Add the ability to lock down access to the running kernel image
Matthew Garrett
- [PATCH V31 02/25] Enforce module signatures if the kernel is locked down
Matthew Garrett
- [PATCH V31 03/25] Restrict /dev/{mem,kmem,port} when the kernel is locked down
Matthew Garrett
- [PATCH V31 04/25] kexec_load: Disable at runtime if the kernel is locked down
Matthew Garrett
- [PATCH V31 05/25] Copy secure_boot flag in boot params across kexec reboot
Matthew Garrett
- [PATCH V31 06/25] kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE
Matthew Garrett
- [PATCH V31 07/25] kexec_file: Restrict at runtime if the kernel is locked down
Matthew Garrett
- [PATCH V31 08/25] hibernate: Disable when the kernel is locked down
Matthew Garrett
- [PATCH V31 09/25] uswsusp: Disable when the kernel is locked down
Matthew Garrett
- [PATCH V31 10/25] PCI: Lock down BAR access when the kernel is locked down
Andy Lutomirski
- [PATCH V31 10/25] PCI: Lock down BAR access when the kernel is locked down
Alex Williamson
- [PATCH V31 10/25] PCI: Lock down BAR access when the kernel is locked down
Matthew Garrett
- [PATCH V31 11/25] x86: Lock down IO port access when the kernel is locked down
Andy Lutomirski
- [PATCH V31 11/25] x86: Lock down IO port access when the kernel is locked down
Matthew Garrett
- [PATCH V31 12/25] x86/msr: Restrict MSR access when the kernel is locked down
Matthew Garrett
- [PATCH V31 13/25] ACPI: Limit access to custom_method when the kernel is locked down
Matthew Garrett
- [PATCH V31 14/25] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down
Matthew Garrett
- [PATCH V31 15/25] acpi: Disable ACPI table override if the kernel is locked down
Matthew Garrett
- [PATCH V31 16/25] Prohibit PCMCIA CIS storage when the kernel is locked down
Matthew Garrett
- [PATCH V31 17/25] Lock down TIOCSSERIAL
Matthew Garrett
- [PATCH V31 18/25] Lock down module params that specify hardware parameters (eg. ioport)
Matthew Garrett
- [PATCH V31 19/25] x86/mmiotrace: Lock down the testmmiotrace module
Steven Rostedt
- [PATCH V31 19/25] x86/mmiotrace: Lock down the testmmiotrace module
Matthew Garrett
- [PATCH V31 19/25] x86/mmiotrace: Lock down the testmmiotrace module
Matthew Garrett
- [PATCH V31 20/25] Lock down /proc/kcore
Matthew Garrett
- [PATCH V31 21/25] Lock down kprobes when in confidentiality mode
Matthew Garrett
- [PATCH V31 22/25] bpf: Restrict bpf when kernel lockdown is in confidentiality mode
Matthew Garrett
- [PATCH V31 22/25] bpf: Restrict bpf when kernel lockdown is in confidentiality mode
Andy Lutomirski
- [PATCH V31 23/25] Lock down perf when in confidentiality mode
Matthew Garrett
- [PATCH V31 24/25] lockdown: Print current->comm in restriction messages
Matthew Garrett
- [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down
Andy Lutomirski
- [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down
Matthew Garrett
- [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down
Greg KH
- [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down
Greg KH
- [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down
Matthew Garrett
- [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down
Greg KH
- [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down
Andy Lutomirski
- [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down
Greg KH
- [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down
Andy Lutomirski
- [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down
Greg KH
- [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down
James Morris
- [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down
Andy Lutomirski
- [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down
Matthew Garrett
- [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down
Greg KH
- [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down
Greg KH
- [PATCH V31 25/25] debugfs: Disable open() when kernel is locked down
Matthew Garrett
- [PATCH v3] KEYS: trusted: allow trusted.ko to initialize w/o a TPM
Jarkko Sakkinen
- [PATCH v3] KEYS: trusted: allow trusted.ko to initialize w/o a TPM
Dan Williams
- [PATCH v3] KEYS: trusted: allow trusted.ko to initialize w/o a TPM
Jarkko Sakkinen
- [PATCH v4 1/2] LSM: SafeSetID: gate setgid transitions
Micah Morton
- [PATCH v4 1/2] LSM: SafeSetID: gate setgid transitions
James Morris
- [PATCH v4 1/2] LSM: SafeSetID: gate setgid transitions
Micah Morton
- [PATCH v4 2/2] LSM: SafeSetID: gate setgid transitions
mortonm at chromium.org
- [PATCH v4 2/2] LSM: SafeSetID: gate setgid transitions
Micah Morton
- [PATCH v4 2/2] LSM: SafeSetID: gate setgid transitions
James Morris
- [PATCH v5 1/2] LSM: SafeSetID: gate setgid transitions
mortonm at chromium.org
- [PATCH v5 1/2] LSM: SafeSetID: gate setgid transitions
mortonm at chromium.org
- [PATCH v5 1/2] LSM: SafeSetID: gate setgid transitions
James Morris
- [PATCH v5 1/2] LSM: SafeSetID: gate setgid transitions
Casey Schaufler
- [PATCH v7 0/7] Allow initializing the kernfs node's secctx based on its parent
Ondrej Mosnacek
- [PATCH v7 0/7] Allow initializing the kernfs node's secctx based on its parent
Paul Moore
- [PATCH v7 0/7] Allow initializing the kernfs node's secctx based on its parent
Casey Schaufler
- [PATCH v7 0/7] Allow initializing the kernfs node's secctx based on its parent
Ondrej Mosnacek
- [PATCH v7 0/7] Allow initializing the kernfs node's secctx based on its parent
Ondrej Mosnacek
- [PATCH v7 0/7] Allow initializing the kernfs node's secctx based on its parent
Paul Moore
- [PATCH v7 0/7] Allow initializing the kernfs node's secctx based on its parent
Ondrej Mosnacek
- [PATCH v7 0/7] Allow initializing the kernfs node's secctx based on its parent
Paul Moore
- [PATCH] device_cgroup: fix RCU imbalance in error case
Jann Horn
- [PATCH] device_cgroup: fix RCU imbalance in error case
Michal Hocko
- [PATCH] device_cgroup: fix RCU imbalance in error case
Tejun Heo
- [PATCH] keys: fix missing __user in KEYCTL_PKEY_QUERY
Ben Dooks
- [PATCH] keys: fix missing __user in KEYCTL_PKEY_QUERY
Serge E. Hallyn
- [PATCH] keys: fix missing __user in KEYCTL_PKEY_QUERY
James Morris
- [PATCH] keys: fix missing __user in KEYCTL_PKEY_QUERY
David Howells
- [PATCH] keys: safe concurrent user->{session,uid}_keyring access
Jann Horn
- [PATCH] KEYS: trusted: allow trusted.ko to initialize w/o a TPM
Jarkko Sakkinen
- [PATCH] KEYS: trusted: allow trusted.ko to initialize w/o a TPM
Dan Williams
- [PATCH] KEYS: trusted: allow trusted.ko to initialize w/o a TPM
Jarkko Sakkinen
- [PATCH] KEYS: trusted: allow trusted.ko to initialize w/o a TPM
Jarkko Sakkinen
- [PATCH] KEYS: trusted: defer execution of TPM-specific code until key instantiate
Jarkko Sakkinen
- [PATCH] KEYS: trusted: defer execution of TPM-specific code until key instantiate
Dan Williams
- [PATCH] KEYS: trusted: defer execution of TPM-specific code until key instantiate
Roberto Sassu
- [PATCH] LSM: lsm_hooks.h - fix missing colon in docstring
Ondrej Mosnacek
- [PATCH] LSM: lsm_hooks.h - fix missing colon in docstring
Paul Moore
- [PATCH] LSM: Revive CONFIG_DEFAULT_SECURITY_* for "make oldconfig"
Kees Cook
- [PATCH] LSM: Revive CONFIG_DEFAULT_SECURITY_* for "make oldconfig"
Tetsuo Handa
- [PATCH] LSM: Update list of SECURITYFS users in Kconfig
James Morris
- [PATCH] secuirty: integrity: ima: pedantic formatting
Enrico Weigelt, metux IT consult
- [PATCH] security: don't use RCU accessors for cred->session_keyring
Jann Horn
- [PATCH] security: inode: fix a missing check for securityfs_create_file
Kangjie Lu
- [PATCH] security: inode: fix a missing check for securityfs_create_file
James Morris
- [PATCH] security: inode: fix a missing check for securityfs_create_file
Kangjie Lu
- [PATCH] security: inode: fix a missing check for securityfs_create_file
Tetsuo Handa
- [PATCH] security: keys: Kconfig: pedantic cleanup
Enrico Weigelt, metux IT consult
- [PATCH] tomoyo: Add a kernel config option for fuzzing testing.
Tetsuo Handa
- [PATCH] tomoyo: Add a kernel config option for fuzzing testing.
Stephen Smalley
- [PATCH] tomoyo: Add a kernel config option for fuzzing testing.
Tetsuo Handa
- [PATCH] tomoyo: Add a kernel config option for fuzzing testing.
James Morris
- [PATCH] tomoyo: Add a kernel config option for fuzzing testing.
Tetsuo Handa
- [PATCH] tomoyo: Add a kernel config option for fuzzing testing.
James Morris
- [PATCH] tomoyo: Add a kernel config option for fuzzing testing.
James Morris
- [PATCH] tomoyo: Add a kernel config option for fuzzing testing.
Tetsuo Handa
- [PATCH] tomoyo: Add a kernel config option for fuzzing testing.
Tetsuo Handa
- [PATCH] tomoyo: Add a kernel config option for fuzzing testing.
James Morris
- [PATCH] tomoyo: Add a kernel config option for fuzzing testing.
James Morris
- [PATCH] tomoyo: Add a kernel config option for fuzzing testing.
Edwin Zimmerman
- [PATCH] tomoyo: Add a kernel config option for fuzzing testing.
Tetsuo Handa
- [PATCH] tomoyo: Add a kernel config option for fuzzing testing.
Paul Moore
- [PATCH] tomoyo: Add a kernel config option for fuzzing testing.
James Morris
- [PATCH] tomoyo: Add a kernel config option for fuzzing testing.
Tetsuo Handa
- [PATCH] tpm: turn on TPM on suspend for TPM 1.x
Jarkko Sakkinen
- [PATCH] tpm: turn on TPM on suspend for TPM 1.x
Domenico Andreoli
- [PATCH] tpm: turn on TPM on suspend for TPM 1.x
Jarkko Sakkinen
- [PATCH] vfs: Move kernel_read_file() to fs/read_write.c
David Howells
- [PATCH] vfs: Move kernel_read_file() to fs/read_write.c
Mimi Zohar
- [PATCH] vfs: Move kernel_read_file() to fs/read_write.c
David Howells
- [PATCH] vfs: Move kernel_read_file() to fs/read_write.c
Mimi Zohar
- [PATCH] vfs: Move kernel_read_file() to fs/read_write.c
David Howells
- [PATCH] x86/cpufeature: Remove __pure attribute to _static_cpu_has()
hpa at zytor.com
- [PATCH] x86/cpufeature: Remove __pure attribute to _static_cpu_has()
Borislav Petkov
- [PATCH] x86/cpufeature: Remove __pure attribute to _static_cpu_has()
Borislav Petkov
- [PATCH] Yama: mark function as static
Mukesh Ojha
- [PATCH] Yama: mark local symbols as static
Jann Horn
- [PATCH] Yama: mark local symbols as static
Mukesh Ojha
- [PULL REQUEST] Kernel lockdown patches for 5.2
Matthew Garrett
- [PULL REQUEST] Kernel lockdown patches for 5.2
Mimi Zohar
- [PULL REQUEST] Kernel lockdown patches for 5.2
Matthew Garrett
- [PULL REQUEST] Kernel lockdown patches for 5.2
Matthew Garrett
- [PULL REQUEST] Kernel lockdown patches for 5.2
Mimi Zohar
- [PULL REQUEST] Lock down patches
Mimi Zohar
- [PULL REQUEST] Lock down patches
Matthew Garrett
- [PULL REQUEST] Lock down patches
Mimi Zohar
- [PULL REQUEST] Lock down patches
Matthew Garrett
- [PULL REQUEST] Lock down patches
Mimi Zohar
- [PULL REQUEST] Lock down patches
Matthew Garrett
- [PULL REQUEST] Lockdown patches for 5.2
Matthew Garrett
- [RFC PATCH 0/2] Create CAAM HW key in linux keyring and use in dmcrypt
Jan Lübbe
- [RFC PATCH 0/2] Create CAAM HW key in linux keyring and use in dmcrypt
David Howells
- [RFC PATCH 0/2] Create CAAM HW key in linux keyring and use in dmcrypt
Franck Lenormand
- [RFC PATCH 0/2] Create CAAM HW key in linux keyring and use in dmcrypt
Franck Lenormand
- [RFC PATCH 0/2] Create CAAM HW key in linux keyring and use in dmcrypt
Franck LENORMAND
- [RFC PATCH 1/2] drivers: crypto: caam: key: Add caam_tk key type
Franck LENORMAND
- [RFC PATCH 2/2] dm-crypt: Use any key type which is registered
Franck LENORMAND
- [RFC PATCH 37/68] vfs: Convert apparmorfs to use the new mount API
David Howells
- [RFC PATCH 38/68] vfs: Convert securityfs to use the new mount API
David Howells
- [RFC PATCH 39/68] vfs: Convert selinuxfs to use the new mount API
David Howells
- [RFC PATCH 40/68] vfs: Convert smackfs to use the new mount API
David Howells
- Add support for TCG2 log format on UEFI systems
Jarkko Sakkinen
- Add support for TCG2 log format on UEFI systems
Matthew Garrett
- Add support for TCG2 log format on UEFI systems
Jarkko Sakkinen
- Attention Dear,
Barr.Augusto Daniel.
- crypto: Kernel memory overwrite attempt detected to spans multiple pages
Eric Biggers
- crypto: Kernel memory overwrite attempt detected to spans multiple pages
Eric Biggers
- crypto: Kernel memory overwrite attempt detected to spans multiple pages
Kees Cook
- crypto: Kernel memory overwrite attempt detected to spans multiple pages
Eric Biggers
- crypto: Kernel memory overwrite attempt detected to spans multiple pages
Geert Uytterhoeven
- From Mrs. Elia Rodrigues,
Mrs. Elia Rodrigues
- Hello
Mr Wong
- Hello
Mr Wong
- Hi
Sgt Clara B Herbert
- INFO: task hung in process_measurement
syzbot
- INFO: task hung in process_measurement
Tomi Valkeinen
- Inquiry March-2019
Daniel Murray
- kernel panic: MAC Initialization failed. (3)
syzbot
- kernel panic: MAC Initialization failed. (3)
Tetsuo Handa
- Linux 5.1-rc2
Randy Dunlap
- Linux 5.1-rc2
James Morris
- Linux 5.1-rc2
Tetsuo Handa
- Linux 5.1-rc2
Kees Cook
- Linux 5.1-rc2
Tetsuo Handa
- Linux 5.1-rc2
Kees Cook
- Linux 5.1-rc2
Tetsuo Handa
- Linux 5.1-rc2
Kees Cook
- Linux 5.1-rc2
Tetsuo Handa
- Linux 5.1-rc2
Casey Schaufler
- Linux 5.1-rc2
Randy Dunlap
- Linux 5.1-rc2
Casey Schaufler
- Linux 5.1-rc2
James Morris
- Linux security subsystem tree sync to v5.1-rc2
James Morris
- Linux security subsystem tree sync to v5.1-rc2
Casey Schaufler
- LoadPin old-api-denied
Martin Townsend
- LoadPin old-api-denied
Martin Townsend
- LoadPin old-api-denied
Kees Cook
- mount.nfs: Protocol error after upgrade to linux/master
Kees Cook
- mount.nfs: Protocol error after upgrade to linux/master
Kees Cook
- mount.nfs: Protocol error after upgrade to linux/master
Tetsuo Handa
- mount.nfs: Protocol error after upgrade to linux/master
Casey Schaufler
- mount.nfs: Protocol error after upgrade to linux/master
Tetsuo Handa
- mount.nfs: Protocol error after upgrade to linux/master
Casey Schaufler
- mount.nfs: Protocol error after upgrade to linux/master
Kees Cook
- mount.nfs: Protocol error after upgrade to linux/master
Tetsuo Handa
- mount.nfs: Protocol error after upgrade to linux/master
Kees Cook
- mount.nfs: Protocol error after upgrade to linux/master
Tetsuo Handa
- overlayfs access checks on underlying layers
Casey Schaufler
- overlayfs access checks on underlying layers
Stephen Smalley
- overlayfs access checks on underlying layers
Amir Goldstein
- PRIVATE...
daniele at mybusinessdriver.com
- Replacing IPv6 port labeling with CALIPSO in Smack
Casey Schaufler
- Repost: Missing security_mmap_file() in remap_file_pages syscall
Kirill A. Shutemov
- Repost: Missing security_mmap_file() in remap_file_pages syscall
Stephen Smalley
- Repost: Missing security_mmap_file() in remap_file_pages syscall
TongZhang
- Should mprotect(..., PROT_EXEC) be checked by IMA?
Mimi Zohar
- Should mprotect(..., PROT_EXEC) be checked by IMA?
Jordan Glover
- Should mprotect(..., PROT_EXEC) be checked by IMA?
Stephen Smalley
- Should mprotect(..., PROT_EXEC) be checked by IMA?
Igor Zhbanov
- what happened to SECURITY_DAC?
Kees Cook
Last message date:
Sat Mar 30 17:30:11 UTC 2019
Archived on: Sat Mar 30 21:45:01 UTC 2019
This archive was generated by
Pipermail 0.09 (Mailman edition).