March 2021 Archives by subject
Starting: Mon Mar 1 13:11:23 UTC 2021
Ending: Wed Mar 31 23:34:29 UTC 2021
Messages: 593
- [GIT PULL] Add EFI_CERT_X509_GUID support for dbx/mokx entries
David Howells
- [GIT PULL] integrity subsystem fix for v5.12
Mimi Zohar
- [GIT PULL] integrity subsystem fix for v5.12
pr-tracker-bot at kernel.org
- [GIT PULL] SELinux fixes for v5.12 (#1)
Paul Moore
- [GIT PULL] SELinux fixes for v5.12 (#1)
pr-tracker-bot at kernel.org
- [PATCH 0/3] Fix bugs related to TPM2 event log
Stefan Berger
- [PATCH 00/11] treewide: address gcc-11 -Wstringop-overread warnings
Arnd Bergmann
- [PATCH 01/11] x86: compressed: avoid gcc-11 -Wstringop-overread warning
Arnd Bergmann
- [PATCH 02/11] x86: tboot: avoid Wstringop-overread-warning
Arnd Bergmann
- [PATCH 02/11] x86: tboot: avoid Wstringop-overread-warning
Ingo Molnar
- [PATCH 02/11] x86: tboot: avoid Wstringop-overread-warning
Arnd Bergmann
- [PATCH 02/11] x86: tboot: avoid Wstringop-overread-warning
Martin Sebor
- [PATCH 02/11] x86: tboot: avoid Wstringop-overread-warning
Arnd Bergmann
- [PATCH 02/11] x86: tboot: avoid Wstringop-overread-warning
Ingo Molnar
- [PATCH 02/11] x86: tboot: avoid Wstringop-overread-warning
David Laight
- [PATCH 02/11] x86: tboot: avoid Wstringop-overread-warning
David Laight
- [PATCH 03/11] security: commoncap: fix -Wstringop-overread warning
Arnd Bergmann
- [PATCH 03/11] security: commoncap: fix -Wstringop-overread warning
Christian Brauner
- [PATCH 03/11] security: commoncap: fix -Wstringop-overread warning
James Morris
- [PATCH 04/11] ath11: Wstringop-overread warning
Arnd Bergmann
- [PATCH 05/11] qnx: avoid -Wstringop-overread warning
Arnd Bergmann
- [PATCH 06/11] cgroup: fix -Wzero-length-bounds warnings
Arnd Bergmann
- [PATCH 06/11] cgroup: fix -Wzero-length-bounds warnings
Arnd Bergmann
- [PATCH 07/11] ARM: sharpsl_param: work around -Wstringop-overread warning
Arnd Bergmann
- [PATCH 08/11] atmel: avoid gcc -Wstringop-overflow warning
Arnd Bergmann
- [PATCH 09/11] scsi: lpfc: fix gcc -Wstringop-overread warning
Arnd Bergmann
- [PATCH 1/2] ima: don't access a file's integrity status before an IMA policy is loaded
Mimi Zohar
- [PATCH 1/2] ima: don't access a file's integrity status before an IMA policy is loaded
Eric Biggers
- [PATCH 1/2] ima: don't access a file's integrity status before an IMA policy is loaded
Mimi Zohar
- [PATCH 1/3] tpm: efi: Use local variable for calculating final log size
Stefan Berger
- [PATCH 1/3] tpm: efi: Use local variable for calculating final log size
Jarkko Sakkinen
- [PATCH 10/11] drm/i915: avoid stringop-overread warning on pri_latency
Arnd Bergmann
- [PATCH 10/11] drm/i915: avoid stringop-overread warning on pri_latency
Jani Nikula
- [PATCH 10/11] drm/i915: avoid stringop-overread warning on pri_latency
Ville Syrjälä
- [PATCH 11/11] [RFC] drm/i915/dp: fix array overflow warning
Arnd Bergmann
- [PATCH 11/11] [RFC] drm/i915/dp: fix array overflow warning
Jani Nikula
- [PATCH 11/11] [RFC] drm/i915/dp: fix array overflow warning
Arnd Bergmann
- [PATCH 11/11] [RFC] drm/i915/dp: fix array overflow warning
Martin Sebor
- [PATCH 11/11] [RFC] drm/i915/dp: fix array overflow warning
Hans de Goede
- [PATCH 18/18] keyctl_pkey: Add pkey parameter slen to pass in PSS salt length
Varad Gautam
- [PATCH 18/18] keyctl_pkey: Add pkey parameter slen to pass in PSS salt length
Jarkko Sakkinen
- [PATCH 2/2] integrity: double check iint_cache was initialized
Mimi Zohar
- [PATCH 2/2] integrity: double check iint_cache was initialized
Eric Biggers
- [PATCH 2/2] integrity: double check iint_cache was initialized
Mimi Zohar
- [PATCH 2/3] tpm: acpi: Check eventlog signature before using it
Stefan Berger
- [PATCH 2/3] tpm: acpi: Check eventlog signature before using it
Jarkko Sakkinen
- [PATCH 3/3] tpm: vtpm_proxy: Avoid reading host log when using a virtual device
Stefan Berger
- [PATCH 3/4] certs: Add ability to preload revocation certs
Nathan Chancellor
- [PATCH 4/4] integrity: Load mokx variables into the blacklist keyring
Dimitri John Ledkov
- [PATCH 4/4] integrity: Load mokx variables into the blacklist keyring
Eric Snowberg
- [PATCH 4/4] integrity: Load mokx variables into the blacklist keyring
Eric Snowberg
- [PATCH 4/4] integrity: Load mokx variables into the blacklist keyring
David Howells
- [PATCH 4/4] integrity: Load mokx variables into the blacklist keyring
Eric Snowberg
- [PATCH 4/4] integrity: Load mokx variables into the blacklist keyring
David Howells
- [PATCH] apparmor: avoid -Wempty-body warning
Arnd Bergmann
- [PATCH] cap: Trivial spelling fixes throughout the file
Bhaskar Chowdhury
- [PATCH] cipso,calipso: resolve a number of problems with the DOI refcounts
Paul Moore
- [PATCH] cipso, calipso: resolve a number of problems with the DOI refcounts
Paul Moore
- [PATCH] cipso,calipso: resolve a number of problems with the DOI refcounts
David Miller
- [PATCH] cipso, calipso: resolve a number of problems with the DOI refcounts
Paul Moore
- [PATCH] cipso,calipso: resolve a number of problems with the DOI refcounts
David Miller
- [PATCH] cipso, calipso: resolve a number of problems with the DOI refcounts
patchwork-bot+netdevbpf at kernel.org
- [PATCH] CIPSO: Fix unaligned memory access in cipso_v4_gentag_hdr
Seergey Nazarov
- [PATCH] CIPSO: Fix unaligned memory access in cipso_v4_gentag_hdr
Ondrej Mosnacek
- [PATCH] CIPSO: Fix unaligned memory access in cipso_v4_gentag_hdr
Paul Moore
- [PATCH] CIPSO: Fix unaligned memory access in cipso_v4_gentag_hdr
Seergey Nazarov
- [PATCH] CIPSO: Fix unaligned memory access in cipso_v4_gentag_hdr
Seergey Nazarov
- [PATCH] ima: Fix function name error in comment.
Jiele Zhao
- [PATCH] ima: Fix function name error in comment.
Mimi Zohar
- [PATCH] ima: Fix function name error in comment.
Jiele Zhao
- [PATCH] ima: Fix the error code for restoring the PCR value
Li Huafei
- [PATCH] ima: Fix the error code for restoring the PCR value
Li Huafei
- [PATCH] ima: Fix the error code for restoring the PCR value
Roberto Sassu
- [PATCH] ima: Fix the error code for restoring the PCR value
Mimi Zohar
- [PATCH] ima: Replacing deprecated strlcpy with strscpy ~~~~~~~~~ Replace
Palash Oswal
- [PATCH] integrity/ima: Add declarations to init_once void arguments.
Jiele Zhao
- [PATCH] integrity/ima: Add declarations to init_once void arguments.
Jiele Zhao
- [PATCH] keys: Allow disabling read permissions for key possessor
Andrey Ryabinin
- [PATCH] keys: Allow disabling read permissions for key possessor
Eric Biggers
- [PATCH] keys: Allow disabling read permissions for key possessor
Jarkko Sakkinen
- [PATCH] KEYS: trusted: tee: fix build error due to missing include
Ahmad Fatoum
- [PATCH] KEYS: trusted: tee: fix build error due to missing include
Jarkko Sakkinen
- [PATCH] KEYS: trusted: tee: fix build error due to missing include
Ahmad Fatoum
- [PATCH] LSM: SafeSetID: Fix code specification by scripts/checkpatch.pl
Yanwei Gao
- [PATCH] LSM: SafeSetID: Fix code specification by scripts/checkpatch.pl
Micah Morton
- [PATCH] NFSv4.2: fix return value of _nfs4_get_security_label()
Ondrej Mosnacek
- [PATCH] NFSv4.2: fix return value of _nfs4_get_security_label()
Anna Schumaker
- [PATCH] perf/core: fix unconditional security_locked_down() call
Paul Moore
- [PATCH] perf/core: fix unconditional security_locked_down() call
Peter Zijlstra
- [PATCH] perf/core: fix unconditional security_locked_down() call
Paul Moore
- [PATCH] Revert "Smack: Handle io_uring kernel thread privileges"
Jens Axboe
- [PATCH] Revert "Smack: Handle io_uring kernel thread privileges"
Casey Schaufler
- [PATCH] Revert "Smack: Handle io_uring kernel thread privileges"
Jens Axboe
- [PATCH] RTIC: selinux: ARM64: Move selinux_state to a separate page
Paul Moore
- [PATCH] security/apparmor: fix misspellings using codespell tool
menglong8.dong at gmail.com
- [PATCH] security/loadpin: Replace "kernel_read_file_str[j]" with function "kernel_read_file_id_str(j)".
zhaojiele
- [PATCH] security/loadpin: Replace "kernel_read_file_str[j]" with function "kernel_read_file_id_str(j)".
Kees Cook
- [PATCH] security/smack/: fix misspellings using codespell tool
menglong8.dong at gmail.com
- [PATCH] security/smack: fix misspellings using codespell tool
menglong8.dong at gmail.com
- [PATCH] security: A typo fix
Bhaskar Chowdhury
- [PATCH] security: A typo fix
Bhaskar Chowdhury
- [PATCH] security: A typo fix
Randy Dunlap
- [PATCH] security: fix misspellings using codespell tool
menglong8.dong at gmail.com
- [PATCH] security: tomoyo: fix error return code of tomoyo_update_domain()
Jia-Ju Bai
- [PATCH] security: tomoyo: fix error return code of tomoyo_update_domain()
Tetsuo Handa
- [PATCH] selinux: vsock: Set SID for socket returned by accept()
David Brazdil
- [PATCH] selinux: vsock: Set SID for socket returned by accept()
Paul Moore
- [PATCH] selinux: vsock: Set SID for socket returned by accept()
David Brazdil
- [PATCH] tomoyo: don't special case PF_IO_WORKER for PF_KTHREAD
Jens Axboe
- [PATCH] tomoyo: don't special case PF_IO_WORKER for PF_KTHREAD
Casey Schaufler
- [PATCH] tomoyo: don't special case PF_IO_WORKER for PF_KTHREAD
Jens Axboe
- [PATCH] xfs: use has_capability_noaudit() instead of capable() where appropriate
Ondrej Mosnacek
- [PATCH] xfs: use has_capability_noaudit() instead of capable() where appropriate
Dave Chinner
- [PATCH] xfs: use has_capability_noaudit() instead of capable() where appropriate
Ondrej Mosnacek
- [PATCH] xfs: use has_capability_noaudit() instead of capable() where appropriate
Dave Chinner
- [PATCH v1 0/1] Unprivileged chroot
Mickaël Salaün
- [PATCH v1 0/1] Unprivileged chroot
Casey Schaufler
- [PATCH v1 0/1] Unprivileged chroot
Mickaël Salaün
- [PATCH v1 0/1] Unprivileged chroot
Casey Schaufler
- [PATCH v1 0/1] Unprivileged chroot
Mickaël Salaün
- [PATCH v1 0/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Ahmad Fatoum
- [PATCH v1 0/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Richard Weinberger
- [PATCH v1 0/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Ahmad Fatoum
- [PATCH v1 0/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Horia Geantă
- [PATCH v1 0/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Ahmad Fatoum
- [PATCH v1 0/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Ahmad Fatoum
- [PATCH v1 0/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Sumit Garg
- [PATCH v1 0/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Richard Weinberger
- [PATCH v1 0/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Richard Weinberger
- [PATCH v1 0/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
James Bottomley
- [PATCH v1 0/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Richard Weinberger
- [PATCH v1 0/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
James Bottomley
- [PATCH v1 0/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Richard Weinberger
- [PATCH v1 1/1] fs: Allow no_new_privs tasks to call chroot(2)
Mickaël Salaün
- [PATCH v1 1/1] fs: Allow no_new_privs tasks to call chroot(2)
Eric W. Biederman
- [PATCH v1 1/1] fs: Allow no_new_privs tasks to call chroot(2)
Mickaël Salaün
- [PATCH v1 1/3] crypto: caam - add in-kernel interface for blob generator
Ahmad Fatoum
- [PATCH v1 1/3] crypto: caam - add in-kernel interface for blob generator
Horia Geantă
- [PATCH v1 1/3] crypto: caam - add in-kernel interface for blob generator
Ahmad Fatoum
- [PATCH v1 2/3] KEYS: trusted: implement fallback to kernel RNG
Ahmad Fatoum
- [PATCH v12 00/10] Add support for x509 certs with NIST P384/256/192 keys
Stefan Berger
- [PATCH v12 00/10] Add support for x509 certs with NIST P384/256/192 keys
Stefan Berger
- [PATCH v12 00/10] Add support for x509 certs with NIST P384/256/192 keys
Herbert Xu
- [PATCH v12 01/10] oid_registry: Add OIDs for ECDSA with SHA224/256/384/512
Stefan Berger
- [PATCH v12 02/10] crypto: Add support for ECDSA signature verification
Stefan Berger
- [PATCH v12 03/10] crypto: Add NIST P384 curve parameters
Stefan Berger
- [PATCH v12 04/10] crypto: Add math to support fast NIST P384
Stefan Berger
- [PATCH v12 05/10] ecdsa: Register NIST P384 and extend test suite
Stefan Berger
- [PATCH v12 06/10] x509: Detect sm2 keys by their parameters OID
Stefan Berger
- [PATCH v12 07/10] x509: Add support for parsing x509 certs with ECDSA keys
Stefan Berger
- [PATCH v12 08/10] ima: Support EC keys for signature verification
Stefan Berger
- [PATCH v12 09/10] x509: Add OID for NIST P384 and extend parser for it
Stefan Berger
- [PATCH v12 10/10] certs: Add support for using elliptic curve keys for signing modules
Stefan Berger
- [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Ahmad Fatoum
- [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Jarkko Sakkinen
- [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Richard Weinberger
- [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Sumit Garg
- [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Richard Weinberger
- [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Ahmad Fatoum
- [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Ahmad Fatoum
- [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Horia Geantă
- [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Ahmad Fatoum
- [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Mimi Zohar
- [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Ahmad Fatoum
- [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Sumit Garg
- [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Ahmad Fatoum
- [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
James Bottomley
- [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Mimi Zohar
- [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
James Bottomley
- [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Sumit Garg
- [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
David Gstir
- [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Jarkko Sakkinen
- [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Ahmad Fatoum
- [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Sumit Garg
- [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Richard Weinberger
- [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Eric Biggers
- [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Richard Weinberger
- [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Jarkko Sakkinen
- [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Jarkko Sakkinen
- [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Jarkko Sakkinen
- [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Eric Biggers
- [PATCH v2 0/1] Unprivileged chroot
Mickaël Salaün
- [PATCH v2 0/3] Fix bugs related to TPM2 event log
Stefan Berger
- [PATCH v2 0/3] Fix bugs related to TPM2 event log
Jarkko Sakkinen
- [PATCH v2 0/3] Split security_task_getsecid() into subj and obj variants
Paul Moore
- [PATCH v2 0/3] Split security_task_getsecid() into subj and obj variants
Paul Moore
- [PATCH v2 1/1] fs: Allow no_new_privs tasks to call chroot(2)
Mickaël Salaün
- [PATCH v2 1/1] fs: Allow no_new_privs tasks to call chroot(2)
Eric W. Biederman
- [PATCH v2 1/1] fs: Allow no_new_privs tasks to call chroot(2)
Jann Horn
- [PATCH v2 1/1] fs: Allow no_new_privs tasks to call chroot(2)
David Laight
- [PATCH v2 1/1] fs: Allow no_new_privs tasks to call chroot(2)
Mickaël Salaün
- [PATCH v2 1/1] mm/madvise: replace ptrace attach requirement for process_madvise
Suren Baghdasaryan
- [PATCH v2 1/1] mm/madvise: replace ptrace attach requirement for process_madvise
Andrew Morton
- [PATCH v2 1/1] mm/madvise: replace ptrace attach requirement for process_madvise
Suren Baghdasaryan
- [PATCH v2 1/1] mm/madvise: replace ptrace attach requirement for process_madvise
Suren Baghdasaryan
- [PATCH v2 1/3] lsm: separate security_task_getsecid() into subjective and objective variants
Paul Moore
- [PATCH v2 1/3] lsm: separate security_task_getsecid() into subjective and objective variants
Casey Schaufler
- [PATCH v2 1/3] lsm: separate security_task_getsecid() into subjective and objective variants
Paul Moore
- [PATCH v2 1/3] lsm: separate security_task_getsecid() into subjective and objective variants
Richard Guy Briggs
- [PATCH v2 1/3] tpm: efi: Use local variable for calculating final log size
Stefan Berger
- [PATCH v2 1/3] tpm: efi: Use local variable for calculating final log size
Jarkko Sakkinen
- [PATCH v2 1/3] tpm: efi: Use local variable for calculating final log size
Jarkko Sakkinen
- [PATCH v2 1/3] tpm: efi: Use local variable for calculating final log size
Jarkko Sakkinen
- [PATCH v2 1/3] tpm: efi: Use local variable for calculating final log size
Stefan Berger
- [PATCH v2 1/3] tpm: efi: Use local variable for calculating final log size
Jarkko Sakkinen
- [PATCH v2 2/3] selinux: clarify task subjective and objective credentials
Paul Moore
- [PATCH v2 2/3] selinux: clarify task subjective and objective credentials
Richard Guy Briggs
- [PATCH v2 2/3] tpm: acpi: Check eventlog signature before using it
Stefan Berger
- [PATCH v2 2/3] tpm: acpi: Check eventlog signature before using it
Jarkko Sakkinen
- [PATCH v2 3/3] smack: differentiate between subjective and objective task credentials
Paul Moore
- [PATCH v2 3/3] tpm: vtpm_proxy: Avoid reading host log when using a virtual device
Stefan Berger
- [PATCH v2 3/3] tpm: vtpm_proxy: Avoid reading host log when using a virtual device
Jarkko Sakkinen
- [PATCH v2 4/4] integrity: Load mokx variables into the blacklist keyring
Jarkko Sakkinen
- [PATCH v25 00/25] LSM: Module stacking for AppArmor
Casey Schaufler
- [PATCH v25 01/25] LSM: Infrastructure management of the sock security
Casey Schaufler
- [PATCH v25 02/25] LSM: Add the lsmblob data structure.
Casey Schaufler
- [PATCH v25 03/25] LSM: provide lsm name and id slot mappings
Casey Schaufler
- [PATCH v25 04/25] IMA: avoid label collisions with stacked LSMs
Casey Schaufler
- [PATCH v25 05/25] LSM: Use lsmblob in security_audit_rule_match
Casey Schaufler
- [PATCH v25 06/25] LSM: Use lsmblob in security_kernel_act_as
Casey Schaufler
- [PATCH v25 07/25] LSM: Use lsmblob in security_secctx_to_secid
Casey Schaufler
- [PATCH v25 08/25] LSM: Use lsmblob in security_secid_to_secctx
Casey Schaufler
- [PATCH v25 09/25] LSM: Use lsmblob in security_ipc_getsecid
Casey Schaufler
- [PATCH v25 10/25] LSM: Use lsmblob in security_task_getsecid
Casey Schaufler
- [PATCH v25 11/25] LSM: Use lsmblob in security_inode_getsecid
Casey Schaufler
- [PATCH v25 12/25] LSM: Use lsmblob in security_cred_getsecid
Casey Schaufler
- [PATCH v25 12/25] LSM: Use lsmblob in security_cred_getsecid
kernel test robot
- [PATCH v25 13/25] IMA: Change internal interfaces to use lsmblobs
Casey Schaufler
- [PATCH v25 14/25] LSM: Specify which LSM to display
Casey Schaufler
- [PATCH v25 15/25] LSM: Ensure the correct LSM context releaser
Casey Schaufler
- [PATCH v25 16/25] LSM: Use lsmcontext in security_secid_to_secctx
Casey Schaufler
- [PATCH v25 17/25] LSM: Use lsmcontext in security_inode_getsecctx
Casey Schaufler
- [PATCH v25 17/25] LSM: Use lsmcontext in security_inode_getsecctx
Chuck Lever III
- [PATCH v25 18/25] LSM: security_secid_to_secctx in netlink netfilter
Casey Schaufler
- [PATCH v25 19/25] NET: Store LSM netlabel data in a lsmblob
Casey Schaufler
- [PATCH v25 20/25] LSM: Verify LSM display sanity in binder
Casey Schaufler
- [PATCH v25 21/25] audit: add support for non-syscall auxiliary records
Casey Schaufler
- [PATCH v25 21/25] audit: add support for non-syscall auxiliary records
kernel test robot
- [PATCH v25 22/25] Audit: Add new record for multiple process LSM attributes
Casey Schaufler
- [PATCH v25 22/25] Audit: Add new record for multiple process LSM attributes
kernel test robot
- [PATCH v25 22/25] Audit: Add new record for multiple process LSM attributes
kernel test robot
- [PATCH v25 23/25] Audit: Add a new record for multiple object LSM attributes
Casey Schaufler
- [PATCH v25 24/25] LSM: Add /proc attr entry for full LSM context
Casey Schaufler
- [PATCH v25 25/25] AppArmor: Remove the exclusive flag
Casey Schaufler
- [PATCH v2] ARM: Implement Clang's SLS mitigation
Linus Walleij
- [PATCH v2] CIPSO: Fix unaligned memory access in cipso_v4_gentag_hdr
Sergey Nazarov
- [PATCH v2] CIPSO: Fix unaligned memory access in cipso_v4_gentag_hdr
Paul Moore
- [PATCH V2] device_cgroup: A typo fix
Bhaskar Chowdhury
- [PATCH V2] device_cgroup: A typo fix
Randy Dunlap
- [PATCH v2] security/loadpin: Replace "kernel_read_file_str[j]" with function "kernel_read_file_id_str(j)".
Jiele zhao
- [PATCH v2] vfs: fix fsconfig(2) LSM mount option handling for btrfs
Ondrej Mosnacek
- [PATCH v2] vfs: fix fsconfig(2) LSM mount option handling for btrfs
Paul Moore
- [PATCH v2] vfs: fix fsconfig(2) LSM mount option handling for btrfs
Al Viro
- [PATCH v2] vfs: fix fsconfig(2) LSM mount option handling for btrfs
Ondrej Mosnacek
- [PATCH v2] vfs: fix fsconfig(2) LSM mount option handling for btrfs
Ondrej Mosnacek
- [PATCH v3 0/1] Unprivileged chroot
Mickaël Salaün
- [PATCH v3 0/3] ima: kernel build support for loading the kernel module signing key
Nayna Jain
- [PATCH v3 0/4] keys: Add EFI_CERT_X509_GUID support for dbx/mokx entries
David Howells
- [PATCH v3 0/4] keys: Add EFI_CERT_X509_GUID support for dbx/mokx entries
Jarkko Sakkinen
- [PATCH v30 00/12] Landlock LSM
Mickaël Salaün
- [PATCH v30 00/12] Landlock LSM
James Morris
- [PATCH v30 00/12] Landlock LSM
Mickaël Salaün
- [PATCH v30 01/12] landlock: Add object management
Mickaël Salaün
- [PATCH v30 01/12] landlock: Add object management
Kees Cook
- [PATCH v30 01/12] landlock: Add object management
Mickaël Salaün
- [PATCH v30 02/12] landlock: Add ruleset and domain management
Mickaël Salaün
- [PATCH v30 02/12] landlock: Add ruleset and domain management
Kees Cook
- [PATCH v30 02/12] landlock: Add ruleset and domain management
Mickaël Salaün
- [PATCH v30 02/12] landlock: Add ruleset and domain management
Kees Cook
- [PATCH v30 02/12] landlock: Add ruleset and domain management
Jann Horn
- [PATCH v30 02/12] landlock: Add ruleset and domain management
James Morris
- [PATCH v30 02/12] landlock: Add ruleset and domain management
Mickaël Salaün
- [PATCH v30 03/12] landlock: Set up the security framework and manage credentials
Mickaël Salaün
- [PATCH v30 03/12] landlock: Set up the security framework and manage credentials
Kees Cook
- [PATCH v30 03/12] landlock: Set up the security framework and manage credentials
Mickaël Salaün
- [PATCH v30 04/12] landlock: Add ptrace restrictions
Mickaël Salaün
- [PATCH v30 04/12] landlock: Add ptrace restrictions
Kees Cook
- [PATCH v30 05/12] LSM: Infrastructure management of the superblock
Mickaël Salaün
- [PATCH v30 05/12] LSM: Infrastructure management of the superblock
Kees Cook
- [PATCH v30 06/12] fs,security: Add sb_delete hook
Mickaël Salaün
- [PATCH v30 06/12] fs,security: Add sb_delete hook
Kees Cook
- [PATCH v30 07/12] landlock: Support filesystem access-control
Mickaël Salaün
- [PATCH v30 07/12] landlock: Support filesystem access-control
James Morris
- [PATCH v30 07/12] landlock: Support filesystem access-control
Kees Cook
- [PATCH v30 07/12] landlock: Support filesystem access-control
Mickaël Salaün
- [PATCH v30 07/12] landlock: Support filesystem access-control
Jann Horn
- [PATCH v30 07/12] landlock: Support filesystem access-control
Mickaël Salaün
- [PATCH v30 07/12] landlock: Support filesystem access-control
Jann Horn
- [PATCH v30 07/12] landlock: Support filesystem access-control
Mickaël Salaün
- [PATCH v30 07/12] landlock: Support filesystem access-control
Mickaël Salaün
- [PATCH v30 07/12] landlock: Support filesystem access-control
Jann Horn
- [PATCH v30 08/12] landlock: Add syscall implementations
Mickaël Salaün
- [PATCH v30 08/12] landlock: Add syscall implementations
Kees Cook
- [PATCH v30 08/12] landlock: Add syscall implementations
Mickaël Salaün
- [PATCH v30 08/12] landlock: Add syscall implementations
Mickaël Salaün
- [PATCH v30 09/12] arch: Wire up Landlock syscalls
Mickaël Salaün
- [PATCH v30 10/12] selftests/landlock: Add user space tests
Kees Cook
- [PATCH v30 10/12] selftests/landlock: Add user space tests
Mickaël Salaün
- [PATCH v30 10/12] selftests/landlock: Add user space tests
Kees Cook
- [PATCH v30 10/12] selftests/landlock: Add user space tests
Mickaël Salaün
- [PATCH v30 11/12] samples/landlock: Add a sandbox manager example
Mickaël Salaün
- [PATCH v30 11/12] samples/landlock: Add a sandbox manager example
Kees Cook
- [PATCH v30 12/12] landlock: Add user and kernel documentation
Mickaël Salaün
- [PATCH v30 12/12] landlock: Add user and kernel documentation
Kees Cook
- [PATCH v30 12/12] landlock: Add user and kernel documentation
Mickaël Salaün
- [PATCH v30 12/12] landlock: Add user and kernel documentation
Mickaël Salaün
- [PATCH v30 12/12] landlock: Add user and kernel documentation
Mickaël Salaün
- [PATCH v3 02/11] evm: Load EVM key in ima_load_x509() to avoid appraisal
Mimi Zohar
- [PATCH v3 1/1] fs: Allow no_new_privs tasks to call chroot(2)
Mickaël Salaün
- [PATCH v3 1/1] fs: Allow no_new_privs tasks to call chroot(2)
Kees Cook
- [PATCH v3 1/1] fs: Allow no_new_privs tasks to call chroot(2)
Mickaël Salaün
- [PATCH v3 1/1] mm/madvise: replace ptrace attach requirement for process_madvise
Suren Baghdasaryan
- [PATCH v3 1/1] mm/madvise: replace ptrace attach requirement for process_madvise
Shakeel Butt
- [PATCH v3 1/1] mm/madvise: replace ptrace attach requirement for process_madvise
Suren Baghdasaryan
- [PATCH v3 1/1] mm/madvise: replace ptrace attach requirement for process_madvise
Shakeel Butt
- [PATCH v3 1/1] mm/madvise: replace ptrace attach requirement for process_madvise
Suren Baghdasaryan
- [PATCH v3 1/1] mm/madvise: replace ptrace attach requirement for process_madvise
David Hildenbrand
- [PATCH v3 1/1] mm/madvise: replace ptrace attach requirement for process_madvise
Shakeel Butt
- [PATCH v3 1/1] mm/madvise: replace ptrace attach requirement for process_madvise
David Hildenbrand
- [PATCH v3 1/1] mm/madvise: replace ptrace attach requirement for process_madvise
Suren Baghdasaryan
- [PATCH v3 1/1] mm/madvise: replace ptrace attach requirement for process_madvise
David Hildenbrand
- [PATCH v3 1/1] mm/madvise: replace ptrace attach requirement for process_madvise
Suren Baghdasaryan
- [PATCH v3 1/1] mm/madvise: replace ptrace attach requirement for process_madvise
David Hildenbrand
- [PATCH v3 1/3] keys: cleanup build time module signing keys
Nayna Jain
- [PATCH v3 1/3] keys: cleanup build time module signing keys
Jarkko Sakkinen
- [PATCH v3 1/4] certs: Add EFI_CERT_X509_GUID support for dbx entries
David Howells
- [PATCH v31 00/12] Landlock LSM
Mickaël Salaün
- [PATCH v31 01/12] landlock: Add object management
Mickaël Salaün
- [PATCH v31 01/12] landlock: Add object management
Mickaël Salaün
- [PATCH v31 02/12] landlock: Add ruleset and domain management
Mickaël Salaün
- [PATCH v31 03/12] landlock: Set up the security framework and manage credentials
Mickaël Salaün
- [PATCH v31 04/12] landlock: Add ptrace restrictions
Mickaël Salaün
- [PATCH v31 05/12] LSM: Infrastructure management of the superblock
Mickaël Salaün
- [PATCH v31 06/12] fs,security: Add sb_delete hook
Mickaël Salaün
- [PATCH v31 07/12] landlock: Support filesystem access-control
Mickaël Salaün
- [PATCH v31 07/12] landlock: Support filesystem access-control
Mickaël Salaün
- [PATCH v31 07/12] landlock: Support filesystem access-control
Kees Cook
- [PATCH v31 08/12] landlock: Add syscall implementations
Mickaël Salaün
- [PATCH v31 09/12] arch: Wire up Landlock syscalls
Mickaël Salaün
- [PATCH v31 10/12] selftests/landlock: Add user space tests
Kees Cook
- [PATCH v31 11/12] samples/landlock: Add a sandbox manager example
Mickaël Salaün
- [PATCH v31 12/12] landlock: Add user and kernel documentation
Mickaël Salaün
- [PATCH v31 12/12] landlock: Add user and kernel documentation
Kees Cook
- [PATCH v3 2/3] [NFS] cleanup: remove unneeded null check in nfs_fill_super()
Paul Moore
- [PATCH v3 2/3] ima: enable signing of modules with build time generated key
Nayna Jain
- [PATCH v3 2/4] certs: Move load_system_certificate_list to a common function
David Howells
- [PATCH v3 3/3] ima: enable loading of build time generated key on .ima keyring
Nayna Jain
- [PATCH v3 3/3] NFSv4 account for selinux security context when deciding to share superblock
Paul Moore
- [PATCH v3 3/4] certs: Add ability to preload revocation certs
David Howells
- [PATCH v3 3/4] certs: Add ability to preload revocation certs
David Howells
- [PATCH v3 3/4] certs: Add ability to preload revocation certs
Eric Snowberg
- [PATCH v3 4/4] integrity: Load mokx variables into the blacklist keyring
David Howells
- [PATCH v3] security/loadpin: Replace "kernel_read_file_str[j]" with function "kernel_read_file_id_str(j)".
Jiele zhao
- [PATCH v3] selinux: measure state and policy capabilities
Lakshmi Ramasubramanian
- [PATCH v3] selinux: measure state and policy capabilities
Paul Moore
- [PATCH v3] selinux: measure state and policy capabilities
Lakshmi Ramasubramanian
- [PATCH v3] selinux: measure state and policy capabilities
Paul Moore
- [PATCH v3] selinux: measure state and policy capabilities
James Bottomley
- [PATCH v3] selinux: measure state and policy capabilities
Paul Moore
- [PATCH v3] selinux: measure state and policy capabilities
Lakshmi Ramasubramanian
- [PATCH v3] selinux: measure state and policy capabilities
Paul Moore
- [PATCH v3] selinux: measure state and policy capabilities
Lakshmi Ramasubramanian
- [PATCH v4 0/1] Unprivileged chroot
Mickaël Salaün
- [PATCH v4 00/11] evm: Improve usability of portable signatures
Roberto Sassu
- [PATCH v4 01/11] evm: Execute evm_inode_init_security() only when an HMAC key is loaded
Roberto Sassu
- [PATCH v4 02/11] evm: Load EVM key in ima_load_x509() to avoid appraisal
Roberto Sassu
- [PATCH v4 03/11] evm: Refuse EVM_ALLOW_METADATA_WRITES only if an HMAC key is loaded
Roberto Sassu
- [PATCH v4 04/11] ima: Move ima_reset_appraise_flags() call to post hooks
Roberto Sassu
- [PATCH v4 04/11] ima: Move ima_reset_appraise_flags() call to post hooks
Casey Schaufler
- [PATCH v4 05/11] evm: Introduce evm_status_revalidate()
Roberto Sassu
- [PATCH v4 06/11] evm: Ignore INTEGRITY_NOLABEL/INTEGRITY_NOXATTRS if conditions are safe
Roberto Sassu
- [PATCH v4 07/11] evm: Allow xattr/attr operations for portable signatures
Roberto Sassu
- [PATCH v4 08/11] evm: Allow setxattr() and setattr() for unmodified metadata
Roberto Sassu
- [PATCH v4 08/11] evm: Allow setxattr() and setattr() for unmodified metadata
Roberto Sassu
- [PATCH v4 08/11] evm: Allow setxattr() and setattr() for unmodified metadata
Christian Brauner
- [PATCH v4 08/11] evm: Allow setxattr() and setattr() for unmodified metadata
Christian Brauner
- [PATCH v4 08/11] evm: Allow setxattr() and setattr() for unmodified metadata
Roberto Sassu
- [PATCH v4 08/11] evm: Allow setxattr() and setattr() for unmodified metadata
Roberto Sassu
- [PATCH v4 09/11] ima: Allow imasig requirement to be satisfied by EVM portable signatures
Roberto Sassu
- [PATCH v4 1/1] fs: Allow no_new_privs tasks to call chroot(2)
Mickaël Salaün
- [PATCH v4 1/1] fs: Allow no_new_privs tasks to call chroot(2)
Kees Cook
- [PATCH v4 1/1] fs: Allow no_new_privs tasks to call chroot(2)
Jann Horn
- [PATCH v4 1/1] fs: Allow no_new_privs tasks to call chroot(2)
Kees Cook
- [PATCH v4 1/1] fs: Allow no_new_privs tasks to call chroot(2)
Mickaël Salaün
- [PATCH v4 1/1] fs: Allow no_new_privs tasks to call chroot(2)
Mickaël Salaün
- [PATCH v4 1/1] fs: Allow no_new_privs tasks to call chroot(2)
Jann Horn
- [PATCH v4 1/1] fs: Allow no_new_privs tasks to call chroot(2)
Mickaël Salaün
- [PATCH v4 1/3] [security] Add new hook to compare new mount to an existing mount
Anna Schumaker
- [PATCH v4 1/3] [security] Add new hook to compare new mount to an existing mount
Casey Schaufler
- [PATCH v4 1/3] [security] Add new hook to compare new mount to an existing mount
Paul Moore
- [PATCH v4 1/3] [security] Add new hook to compare new mount to an existing mount
Anna Schumaker
- [PATCH v4 1/3] [security] Add new hook to compare new mount to an existing mount
Paul Moore
- [PATCH v4 1/3] [security] Add new hook to compare new mount to an existing mount
Olga Kornievskaia
- [PATCH v4 1/3] [security] Add new hook to compare new mount to an existing mount
Paul Moore
- [PATCH v4 1/3] [security] Add new hook to compare new mount to an existing mount
Olga Kornievskaia
- [PATCH v4 1/3] [security] Add new hook to compare new mount to an existing mount
Paul Moore
- [PATCH v4 1/3] [security] Add new hook to compare new mount to an existing mount
Paul Moore
- [PATCH v4 1/3] [security] Add new hook to compare new mount to an existing mount
Casey Schaufler
- [PATCH v4 1/3] [security] Add new hook to compare new mount to an existing mount
James Morris
- [PATCH v4 1/3] [security] Add new hook to compare new mount to an existing mount
Olga Kornievskaia
- [PATCH v4 1/3] [security] Add new hook to compare new mount to an existing mount
Paul Moore
- [PATCH v4 10/11] ima: Introduce template field evmsig and write to field sig as fallback
Roberto Sassu
- [PATCH v4 11/11] ima: Don't remove security.ima if file must not be appraised
Roberto Sassu
- [PATCH v4] ARM: Implement SLS mitigation
Linus Walleij
- [PATCH v4] ARM: Implement SLS mitigation
David Laight
- [PATCH v4] ARM: Implement SLS mitigation
Linus Walleij
- [PATCH v5 0/1] Unprivileged chroot
Mickaël Salaün
- [PATCH v5 1/1] fs: Allow no_new_privs tasks to call chroot(2)
Mickaël Salaün
- Re: [PATCH v5 1/1] fs: Allow no_new_privs tasks to call chroot(2)
Askar Safin
- [PATCH v5 1/1] fs: Allow no_new_privs tasks to call chroot(2)
Mickaël Salaün
- [PATCH v5 1/1] fs: Allow no_new_privs tasks to call chroot(2)
Mickaël Salaün
- [PATCH v5 1/1] fs: Allow no_new_privs tasks to call chroot(2)
Casey Schaufler
- [PATCH v5 1/1] fs: Allow no_new_privs tasks to call chroot(2)
Mickaël Salaün
- [PATCH v5 1/1] fs: Allow no_new_privs tasks to call chroot(2)
Casey Schaufler
- [PATCH v5 1/1] fs: Allow no_new_privs tasks to call chroot(2)
Casey Schaufler
- [PATCH v5 1/1] fs: Allow no_new_privs tasks to call chroot(2)
Mickaël Salaün
- [PATCH v5 1/1] fs: Allow no_new_privs tasks to call chroot(2)
Casey Schaufler
- [PATCH v5 1/1] fs: Allow no_new_privs tasks to call chroot(2)
Kees Cook
- [PATCH v5 1/1] fs: Allow no_new_privs tasks to call chroot(2)
Al Viro
- [PATCH v5 5/8] security/brute: Mitigate a brute force attack
peter enderborg
- [PATCH v5 5/8] security/brute: Mitigate a brute force attack
John Wood
- [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
John Wood
- [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
Andi Kleen
- [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
John Wood
- [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
Andi Kleen
- [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
John Wood
- [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
Andi Kleen
- [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
John Wood
- [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
John Wood
- [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
Andi Kleen
- [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
Andi Kleen
- [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
John Wood
- [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
John Wood
- [PATCH v5] ARM: Implement SLS mitigation
Linus Walleij
- [PATCH v5] ARM: Implement SLS mitigation
Jian Cai
- [PATCH v5] ARM: Implement SLS mitigation
Linus Walleij
- [PATCH v5] ARM: Implement SLS mitigation
Jian Cai
- [PATCH v5] ARM: Implement SLS mitigation
Linus Walleij
- [PATCH v5] ARM: Implement SLS mitigation
Jian Cai
- [PATCH v6 0/8] Fork brute force attack mitigation
John Wood
- [PATCH v6 02/40] fs: add id translation helpers
Vivek Goyal
- [PATCH v6 09/40] xattr: handle idmapped mounts
David Howells
- [PATCH v6 09/40] xattr: handle idmapped mounts
Christian Brauner
- [PATCH v6 09/40] xattr: handle idmapped mounts
David Howells
- [PATCH v6 09/40] xattr: handle idmapped mounts
Christian Brauner
- [PATCH v6 1/8] security: Add LSM hook at the point where a task gets a fatal signal
John Wood
- [PATCH v6 1/8] security: Add LSM hook at the point where a task gets a fatal signal
Kees Cook
- [PATCH v6 2/8] security/brute: Define a LSM and manage statistical data
John Wood
- [PATCH v6 2/8] security/brute: Define a LSM and manage statistical data
Kees Cook
- [PATCH v6 2/8] security/brute: Define a LSM and manage statistical data
John Wood
- [PATCH v6 2/8] security/brute: Define a LSM and manage statistical data
Kees Cook
- [PATCH v6 3/8] securtiy/brute: Detect a brute force attack
John Wood
- [PATCH v6 3/8] securtiy/brute: Detect a brute force attack
Kees Cook
- [PATCH v6 3/8] securtiy/brute: Detect a brute force attack
John Wood
- [PATCH v6 3/8] securtiy/brute: Detect a brute force attack
John Wood
- [PATCH v6 3/8] securtiy/brute: Detect a brute force attack
Kees Cook
- [PATCH v6 3/8] securtiy/brute: Detect a brute force attack
Kees Cook
- [PATCH v6 3/8] securtiy/brute: Detect a brute force attack
John Wood
- [PATCH v6 39/40] xfs: support idmapped mounts
Darrick J. Wong
- [PATCH v6 39/40] xfs: support idmapped mounts
Christian Brauner
- [PATCH v6 39/40] xfs: support idmapped mounts
Christoph Hellwig
- [PATCH v6 4/8] security/brute: Fine tuning the attack detection
John Wood
- [PATCH v6 4/8] security/brute: Fine tuning the attack detection
Kees Cook
- [PATCH v6 4/8] security/brute: Fine tuning the attack detection
John Wood
- [PATCH v6 4/8] security/brute: Fine tuning the attack detection
Kees Cook
- [PATCH v6 5/8] security/brute: Mitigate a brute force attack
John Wood
- [PATCH v6 5/8] security/brute: Mitigate a brute force attack
Kees Cook
- [PATCH v6 5/8] security/brute: Mitigate a brute force attack
John Wood
- [PATCH v6 5/8] security/brute: Mitigate a brute force attack
Kees Cook
- [PATCH v6 6/8] selftests/brute: Add tests for the Brute LSM
John Wood
- [PATCH v6 6/8] selftests/brute: Add tests for the Brute LSM
Kees Cook
- [PATCH v6 6/8] selftests/brute: Add tests for the Brute LSM
John Wood
- [PATCH v6 7/8] Documentation: Add documentation for the Brute LSM
John Wood
- [PATCH v6 7/8] Documentation: Add documentation for the Brute LSM
Kees Cook
- [PATCH v6 7/8] Documentation: Add documentation for the Brute LSM
John Wood
- [PATCH v6 7/8] Documentation: Add documentation for the Brute LSM
Jonathan Corbet
- [PATCH v6 7/8] Documentation: Add documentation for the Brute LSM
John Wood
- [PATCH v6 8/8] MAINTAINERS: Add a new entry for the Brute LSM
John Wood
- [PATCH v6] ARM: Implement SLS mitigation
Jian Cai
- [PATCH v6] ARM: Implement SLS mitigation
Will Deacon
- [PATCH v6] ARM: Implement SLS mitigation
Linus Walleij
- [PATCH v7 0/5] Enable root to update the blacklist keyring
Mickaël Salaün
- [PATCH v7 0/5] Enable root to update the blacklist keyring
Mickaël Salaün
- [PATCH v7 1/5] tools/certs: Add print-cert-tbs-hash.sh
Mickaël Salaün
- [PATCH v7 1/5] tools/certs: Add print-cert-tbs-hash.sh
Eric Snowberg
- [PATCH v7 2/5] certs: Check that builtin blacklist hashes are valid
Mickaël Salaün
- [PATCH v7 2/5] certs: Check that builtin blacklist hashes are valid
Jarkko Sakkinen
- [PATCH v7 3/5] certs: Make blacklist_vet_description() more strict
Mickaël Salaün
- [PATCH v7 4/5] certs: Factor out the blacklist hash creation
Mickaël Salaün
- [PATCH v7 4/5] certs: Factor out the blacklist hash creation
Jarkko Sakkinen
- [PATCH v7 5/5] certs: Allow root user to append signed hashes to the blacklist keyring
Mickaël Salaün
- [PATCH v7 5/5] certs: Allow root user to append signed hashes to the blacklist keyring
Eric Snowberg
- [PATCH v7 5/5] certs: Allow root user to append signed hashes to the blacklist keyring
Mickaël Salaün
- [PATCH v7 5/5] certs: Allow root user to append signed hashes to the blacklist keyring
Eric Snowberg
- [PATCH v7 5/5] certs: Allow root user to append signed hashes to the blacklist keyring
Mickaël Salaün
- [PATCH v9 0/4] Introduce TEE based Trusted Keys support
Sumit Garg
- [PATCH v9 0/4] Introduce TEE based Trusted Keys support
Sumit Garg
- [PATCH v9 0/4] Introduce TEE based Trusted Keys support
Jarkko Sakkinen
- [PATCH v9 0/4] Introduce TEE based Trusted Keys support
Sumit Garg
- [PATCH v9 0/4] Introduce TEE based Trusted Keys support
Jarkko Sakkinen
- [PATCH v9 0/4] Introduce TEE based Trusted Keys support
James Bottomley
- [PATCH v9 0/4] Introduce TEE based Trusted Keys support
Jarkko Sakkinen
- [PATCH v9 0/4] Introduce TEE based Trusted Keys support
Jarkko Sakkinen
- [PATCH v9 0/4] Introduce TEE based Trusted Keys support
Jarkko Sakkinen
- [PATCH v9 0/4] Introduce TEE based Trusted Keys support
James Bottomley
- [PATCH v9 0/4] Introduce TEE based Trusted Keys support
Jarkko Sakkinen
- [PATCH v9 1/4] KEYS: trusted: Add generic trusted keys framework
Sumit Garg
- [PATCH v9 1/4] KEYS: trusted: Add generic trusted keys framework
Jarkko Sakkinen
- [PATCH v9 2/4] KEYS: trusted: Introduce TEE based Trusted Keys
Sumit Garg
- [PATCH v9 2/4] KEYS: trusted: Introduce TEE based Trusted Keys
Jarkko Sakkinen
- [PATCH v9 3/4] doc: trusted-encrypted: updates with TEE as a new trust source
Sumit Garg
- [PATCH v9 4/4] MAINTAINERS: Add entry for TEE based Trusted Keys
Sumit Garg
- [RFC PATCH 0/3] LSM Documentation - Render lsm_hooks.h for kernel_docs
Richard Haines
- [RFC PATCH 0/4] Split security_task_getsecid() into subj and obj variants
Paul Moore
- [RFC PATCH 0/4] Split security_task_getsecid() into subj and obj variants
Casey Schaufler
- [RFC PATCH 0/4] Split security_task_getsecid() into subj and obj variants
Paul Moore
- [RFC PATCH 1/2] ima: don't access a file's integrity status before an IMA policy is loaded
Mimi Zohar
- [RFC PATCH 1/3] Documentation/security: Update LSM security hook text
Richard Haines
- [RFC PATCH 1/4] lsm: separate security_task_getsecid() into subjective and objective variants
Paul Moore
- [RFC PATCH 1/4] lsm: separate security_task_getsecid() into subjective and objective variants
Jeffrey Vander Stoep
- [RFC PATCH 1/4] lsm: separate security_task_getsecid() into subjective and objective variants
Paul Moore
- [RFC PATCH 1/4] lsm: separate security_task_getsecid() into subjective and objective variants
Richard Guy Briggs
- [RFC PATCH 1/4] lsm: separate security_task_getsecid() into subjective and objective variants
Paul Moore
- [RFC PATCH 1/4] lsm: separate security_task_getsecid() into subjective and objective variants
Paul Moore
- [RFC PATCH 1/4] lsm: separate security_task_getsecid() into subjective and objective variants
John Johansen
- [RFC PATCH 1/4] lsm: separate security_task_getsecid() into subjective and objective variants
John Johansen
- [RFC PATCH 1/4] lsm: separate security_task_getsecid() into subjective and objective variants
Jeffrey Vander Stoep
- [RFC PATCH 1/4] lsm: separate security_task_getsecid() into subjective and objective variants
Paul Moore
- [RFC PATCH 1/4] lsm: separate security_task_getsecid() into subjective and objective variants
Paul Moore
- [RFC PATCH 2/2] integrity: double check iint_cache was initialized
Mimi Zohar
- [RFC PATCH 2/2] integrity: double check iint_cache was initialized
Tetsuo Handa
- [RFC PATCH 2/2] integrity: double check iint_cache was initialized
Dmitry Vyukov
- [RFC PATCH 2/2] integrity: double check iint_cache was initialized
Tetsuo Handa
- [RFC PATCH 2/2] integrity: double check iint_cache was initialized
Mimi Zohar
- [RFC PATCH 2/2] integrity: double check iint_cache was initialized
Tetsuo Handa
- [RFC PATCH 2/2] integrity: double check iint_cache was initialized
Tetsuo Handa
- [RFC PATCH 2/2] integrity: double check iint_cache was initialized
Mimi Zohar
- [RFC PATCH 2/2] integrity: double check iint_cache was initialized
Tetsuo Handa
- [RFC PATCH 2/2] integrity: double check iint_cache was initialized
Mimi Zohar
- [RFC PATCH 2/2] integrity: double check iint_cache was initialized
Tetsuo Handa
- [RFC PATCH 2/2] integrity: double check iint_cache was initialized
Mimi Zohar
- [RFC PATCH 2/2] integrity: double check iint_cache was initialized
Tetsuo Handa
- [RFC PATCH 2/2] integrity: double check iint_cache was initialized
Dmitry Vyukov
- [RFC PATCH 2/2] integrity: double check iint_cache was initialized
Mimi Zohar
- [RFC PATCH 2/2] integrity: double check iint_cache was initialized
Dmitry Vyukov
- [RFC PATCH 2/2] integrity: double check iint_cache was initialized
Mimi Zohar
- [RFC PATCH 2/2] integrity: double check iint_cache was initialized
Casey Schaufler
- [RFC PATCH 2/3] include/linux: Update LSM hook text part1
Richard Haines
- [RFC PATCH 2/4] selinux: clarify task subjective and objective credentials
Richard Guy Briggs
- [RFC PATCH 2/4] selinux: clarify task subjective and objective credentials
John Johansen
- [RFC PATCH 2/4] selinux: clarify task subjective and objective credentials
Paul Moore
- [RFC PATCH 2/4] selinux: clarify task subjective and objective credentials
Paul Moore
- [RFC PATCH 3/3] include/linux: Update LSM hook text part2
Richard Haines
- [RFC PATCH 3/4] smack: differentiate between subjective and objective task credentials
Richard Guy Briggs
- [RFC PATCH 3/4] smack: differentiate between subjective and objective task credentials
John Johansen
- [RFC PATCH] LSM: audit_sig_lsm can be static
kernel test robot
- [security/brute] cfe92ab6a3: WARNING:inconsistent_lock_state
John Wood
- [security:landlock_lsm 8/12] kernel/sys_ni.c:270:1: warning: no previous prototype for function '__arm64_sys_landlock_create_ruleset'
kernel test robot
- [security:landlock_lsm 8/12] kernel/sys_ni.c:270:1: warning: no previous prototype for function '__arm64_sys_landlock_create_ruleset'
Mickaël Salaün
- [security:landlock_lsm 8/12] kernel/sys_ni.c:270:1: warning: no previous prototype for function '__x64_sys_landlock_create_ruleset'
kernel test robot
- [syzbot] WARNING in unsafe_follow_pfn
syzbot
- [syzbot] WARNING in unsafe_follow_pfn
Paolo Bonzini
- [syzbot] WARNING in unsafe_follow_pfn
Dan Carpenter
- add_key() syscall can lead to bypassing memcg limits
Michal Hocko
- Bidding invitation
Albert Bourla
- Commit f211ac154577ec9ccf07c15f18a6abf0d9bdb4ab breaks Smack TCP connections
Casey Schaufler
- Commit f211ac154577ec9ccf07c15f18a6abf0d9bdb4ab breaks Smack TCP connections
刘亚灿
- Commit f211ac154577ec9ccf07c15f18a6abf0d9bdb4ab breaks Smack TCP connections
Casey Schaufler
- Congratulations ($ 100,800,000.00)
Mackenzie Scott
- deadlock bug related to bpf,audit subsystems
Paul Moore
- deadlock bug related to bpf,audit subsystems
Paul Moore
- Flipping firmware write-protection bits from within the kernel (was Re: [PATCH RFC platform-next 8/8] Documentation/ABI: Add new line card attributes for mlxreg-io sysfs interfaces)
Hans de Goede
- Flipping firmware write-protection bits from within the kernel (was Re: [PATCH RFC platform-next 8/8] Documentation/ABI: Add new line card attributes for mlxreg-io sysfs interfaces)
Kees Cook
- From Mrs.Glenn
Mrs.Glenn
- KASAN: use-after-free Read in cipso_v4_genopt
syzbot
- KASAN: use-after-free Read in cipso_v4_genopt
Dmitry Vyukov
- KASAN: use-after-free Read in cipso_v4_genopt
Paul Moore
- KASAN: use-after-free Read in cipso_v4_genopt
Dmitry Vyukov
- KASAN: use-after-free Read in cipso_v4_genopt
syzbot
- KASAN: use-after-free Read in cipso_v4_genopt
Dmitry Vyukov
- KASAN: use-after-free Read in cipso_v4_genopt
Paul Moore
- KASAN: use-after-free Write in cipso_v4_doi_putdef
syzbot
- KASAN: use-after-free Write in cipso_v4_doi_putdef
Paul Moore
- KASAN: use-after-free Write in cipso_v4_doi_putdef
Paul Moore
- NULL deref in integrity_inode_get
Dmitry Vyukov
- NULL deref in integrity_inode_get
Mimi Zohar
- NULL deref in integrity_inode_get
Dmitry Vyukov
- NULL deref in integrity_inode_get
Mimi Zohar
- NULL deref in integrity_inode_get
Dmitry Vyukov
- NULL deref in integrity_inode_get
Mimi Zohar
- NULL deref in integrity_inode_get
Dmitry Vyukov
- Reply Asap!!
Fred Grenville
- Weird bug in NFS/SELinux
Ondrej Mosnacek
Last message date:
Wed Mar 31 23:34:29 UTC 2021
Archived on: Wed Mar 31 23:32:09 UTC 2021
This archive was generated by
Pipermail 0.09 (Mailman edition).