November 2023 Archives by author
Starting: Wed Nov 1 01:31:48 UTC 2023
Ending: Thu Nov 30 23:43:28 UTC 2023
Messages: 640
- [PATCH v1 2/2] selftests/landlock: Add tests to check unhandled rule's access rights
Konstantin Meskhidze (A)
- [PATCH 00/16] fs: use type-safe uid representation for filesystem capabilities
Seth Forshee (DigitalOcean)
- [PATCH 01/16] mnt_idmapping: split out core vfs[ug]id_t definitions into vfsid.h
Seth Forshee (DigitalOcean)
- [PATCH 02/16] mnt_idmapping: include cred.h
Seth Forshee (DigitalOcean)
- [PATCH 03/16] capability: rename cpu_vfs_cap_data to vfs_caps
Seth Forshee (DigitalOcean)
- [PATCH 04/16] capability: use vfsuid_t for vfs_caps rootids
Seth Forshee (DigitalOcean)
- [PATCH 05/16] capability: provide helpers for converting between xattrs and vfs_caps
Seth Forshee (DigitalOcean)
- [PATCH 06/16] capability: provide a helper for converting vfs_caps to xattr for userspace
Seth Forshee (DigitalOcean)
- [PATCH 07/16] fs: add inode operations to get/set/remove fscaps
Seth Forshee (DigitalOcean)
- [PATCH 08/16] fs: add vfs_get_fscaps()
Seth Forshee (DigitalOcean)
- [PATCH 09/16] fs: add vfs_set_fscaps()
Seth Forshee (DigitalOcean)
- [PATCH 10/16] fs: add vfs_remove_fscaps()
Seth Forshee (DigitalOcean)
- [PATCH 11/16] ovl: add fscaps handlers
Seth Forshee (DigitalOcean)
- [PATCH 12/16] ovl: use vfs_{get,set}_fscaps() for copy-up
Seth Forshee (DigitalOcean)
- [PATCH 13/16] fs: use vfs interfaces for capabilities xattrs
Seth Forshee (DigitalOcean)
- [PATCH 14/16] commoncap: remove cap_inode_getsecurity()
Seth Forshee (DigitalOcean)
- [PATCH 15/16] commoncap: use vfs fscaps interfaces for killpriv checks
Seth Forshee (DigitalOcean)
- [PATCH 16/16] vfs: return -EOPNOTSUPP for fscaps from vfs_*xattr()
Seth Forshee (DigitalOcean)
- [PATCH 07/16] fs: add inode operations to get/set/remove fscaps
Seth Forshee (DigitalOcean)
- [PATCH 09/16] fs: add vfs_set_fscaps()
Seth Forshee (DigitalOcean)
- [PATCH 11/16] ovl: add fscaps handlers
Seth Forshee (DigitalOcean)
- [PATCH 16/16] vfs: return -EOPNOTSUPP for fscaps from vfs_*xattr()
Seth Forshee (DigitalOcean)
- [PATCH 12/16] ovl: use vfs_{get,set}_fscaps() for copy-up
Seth Forshee (DigitalOcean)
- [PATCH] exitz syscall
Vlastimil Babka
- [RFC V2] IMA Log Snapshotting Design Proposal
Stefan Berger
- [RFC V2] IMA Log Snapshotting Design Proposal
Stefan Berger
- [RFC V2] IMA Log Snapshotting Design Proposal
Stefan Berger
- [PATCH RFC v11 15/19] fsverity: consume builtin signature via LSM hook
Eric Biggers
- [PATCH v4 0/6] querying mount attributes
Christian Brauner
- [PATCH v4 0/6] querying mount attributes
Christian Brauner
- [PATCH v4 5/6] add listmount(2) syscall
Christian Brauner
- [PATCH v4 4/6] add statmount(2) syscall
Christian Brauner
- [PATCH v9 bpf-next 02/17] bpf: add BPF token delegation mount options to BPF FS
Christian Brauner
- [PATCH v9 bpf-next 03/17] bpf: introduce BPF token object
Christian Brauner
- [PATCH v4 5/6] add listmount(2) syscall
Christian Brauner
- [PATCH v9 bpf-next 02/17] bpf: add BPF token delegation mount options to BPF FS
Christian Brauner
- [PATCH v4 4/6] add statmount(2) syscall
Christian Brauner
- [PATCH v13 bpf-next 1/6] bpf: Add kfunc bpf_get_file_xattr
Christian Brauner
- [PATCH v13 bpf-next 1/6] bpf: Add kfunc bpf_get_file_xattr
Christian Brauner
- [PATCH v10 bpf-next 03/17] bpf: introduce BPF token object
Christian Brauner
- [PATCH v10 bpf-next 03/17] bpf: introduce BPF token object
Christian Brauner
- [PATCH v13 bpf-next 1/6] bpf: Add kfunc bpf_get_file_xattr
Christian Brauner
- [PATCH v13 bpf-next 1/6] bpf: Add kfunc bpf_get_file_xattr
Christian Brauner
- [PATCH 0/4] listmount changes
Christian Brauner
- [PATCH 0/4] listmount changes
Christian Brauner
- [PATCH v11 bpf-next 03/17] bpf: introduce BPF token object
Christian Brauner
- [PATCH v11 bpf-next 02/17] bpf: add BPF token delegation mount options to BPF FS
Christian Brauner
- [PATCH v11 bpf-next 03/17] bpf: introduce BPF token object
Christian Brauner
- [PATCH v7 0/5] Reduce overhead of LSMs with static calls
Kees Cook
- [PATCH v4 4/4] vduse: Add LSM hooks to check Virtio device type
Maxime Coquelin
- [PATCH v4 4/4] vduse: Add LSM hooks to check Virtio device type
Maxime Coquelin
- [PATCH v4 5/6] add listmount(2) syscall
Jonathan Corbet
- [PATCH v4 5/6] add listmount(2) syscall
Jonathan Corbet
- Inquiry from MikolajGroup Hungary
Bozidar Damyan
- [PATCH] apparmor: make stack_msg static
Ben Dooks
- [PATCH RFC] Add a lockdown_hibernate parameter
Randy Dunlap
- [PATCH] MAINTAINERS: add an entry for the lockdown LSM
Matthew Garrett
- [PATCH v4 0/6] querying mount attributes
Amir Goldstein
- [PATCH 07/16] fs: add inode operations to get/set/remove fscaps
Amir Goldstein
- [PATCH 11/16] ovl: add fscaps handlers
Amir Goldstein
- [PATCH 16/16] vfs: return -EOPNOTSUPP for fscaps from vfs_*xattr()
Amir Goldstein
- [PATCH 12/16] ovl: use vfs_{get,set}_fscaps() for copy-up
Amir Goldstein
- [PATCH 09/16] fs: add vfs_set_fscaps()
Amir Goldstein
- [PATCH] mailmap: add entries for Serge Hallyn's dead accounts
Serge E. Hallyn
- [PATCH v7 0/5] Reduce overhead of LSMs with static calls
Tetsuo Handa
- [PATCH v7 0/5] Reduce overhead of LSMs with static calls
Tetsuo Handa
- [RFC PATCH 0/5] LSM: Officially support appending LSM hooks after boot.
Tetsuo Handa
- [PATCH 1/5] LSM: Auto-undef LSM_HOOK macro.
Tetsuo Handa
- [PATCH 2/5] LSM: Add a header file containing only arguments of LSM callback functions.
Tetsuo Handa
- [PATCH 3/5] LSM: Split LSM_HOOK() into LSM_INT_HOOK() and LSM_VOID_HOOK().
Tetsuo Handa
- [PATCH 4/5] LSM: Add a LSM module which handles dynamically appendable LSM hooks.
Tetsuo Handa
- [PATCH 5/5] LSM: A sample of dynamically appendable LSM module.
Tetsuo Handa
- [RFC PATCH v2 0/4] LSM: Officially support appending LSM hooks after boot.
Tetsuo Handa
- [PATCH 1/4] LSM: Auto-undef LSM_HOOK macro.
Tetsuo Handa
- [PATCH 2/4] LSM: Add a header file containing only arguments of LSM callback functions.
Tetsuo Handa
- [PATCH 3/4] LSM: Break LSM_HOOK() macro into 6 macros.
Tetsuo Handa
- [PATCH 4/4] LSM: Add a LSM module which handles dynamically appendable LSM hooks.
Tetsuo Handa
- [RFC PATCH v2 0/4] LSM: Officially support appending LSM hooks after boot.
Tetsuo Handa
- [RFC PATCH v2 0/4] LSM: Officially support appending LSM hooks after boot.
Tetsuo Handa
- [RFC PATCH -mm 0/4] mm, security, bpf: Fine-grained control over memory policy adjustments with lsm bpf
Michal Hocko
- [RFC PATCH -mm 0/4] mm, security, bpf: Fine-grained control over memory policy adjustments with lsm bpf
Michal Hocko
- [RFC PATCH -mm 0/4] mm, security, bpf: Fine-grained control over memory policy adjustments with lsm bpf
Michal Hocko
- [PATCH v11 bpf-next 02/17] bpf: add BPF token delegation mount options to BPF FS
Simon Horman
- [RFC PATCH v2 2/6] mm: mempolicy: Revise comment regarding mempolicy mode flags
Huang, Ying
- [RFC PATCH v2 1/6] mm, doc: Add doc for MPOL_F_NUMA_BALANCING
Huang, Ying
- [PATCH net] calipso: Fix memory leak in netlbl_calipso_add_pass()
Gavrilov Ilia
- [PATCH net] calipso: Fix memory leak in netlbl_calipso_add_pass()
Gavrilov Ilia
- [PATCH net v2] calipso: Fix memory leak in netlbl_calipso_add_pass()
Gavrilov Ilia
- [GIT PULL] AppArmor updates for 6.7
John Johansen
- [PATCH] apparmor: switch SECURITY_APPARMOR_HASH from sha1 to sha256
John Johansen
- [PATCH -next] apparmor: Fix some kernel-doc comments
John Johansen
- [PATCH -next 1/2] apparmor: Fix one kernel-doc comment
John Johansen
- [PATCH -next 2/2] apparmor: Fix some kernel-doc comments
John Johansen
- [PATCH] apparmor: free the allocated pdb objects
John Johansen
- [PATCH] proc: Update inode upon changing task security attribute
Munehisa Kamata
- [PATCH] proc: Update inode upon changing task security attribute
Munehisa Kamata
- [PATCH v4 0/6] querying mount attributes
Ian Kent
- [PATCH v4 0/6] querying mount attributes
Ian Kent
- [PATCH v4 0/6] querying mount attributes
Ian Kent
- [PATCH v13 bpf-next 0/6] bpf: File verification with LSM and fsverity
Song Liu
- [PATCH v13 bpf-next 1/6] bpf: Add kfunc bpf_get_file_xattr
Song Liu
- [PATCH v13 bpf-next 2/6] bpf, fsverity: Add kfunc bpf_get_fsverity_digest
Song Liu
- [PATCH v13 bpf-next 3/6] Documentation/bpf: Add documentation for filesystem kfuncs
Song Liu
- [PATCH v13 bpf-next 4/6] selftests/bpf: Sort config in alphabetic order
Song Liu
- [PATCH v13 bpf-next 5/6] selftests/bpf: Add tests for filesystem kfuncs
Song Liu
- [PATCH v13 bpf-next 6/6] selftests/bpf: Add test that uses fsverity and xattr to sign a file
Song Liu
- [PATCH v13 bpf-next 1/6] bpf: Add kfunc bpf_get_file_xattr
Song Liu
- [PATCH v13 bpf-next 1/6] bpf: Add kfunc bpf_get_file_xattr
Song Liu
- [PATCH v13 bpf-next 5/6] selftests/bpf: Add tests for filesystem kfuncs
Song Liu
- [PATCH v13 bpf-next 1/6] bpf: Add kfunc bpf_get_file_xattr
Song Liu
- [PATCH v13 bpf-next 1/6] bpf: Add kfunc bpf_get_file_xattr
Song Liu
- [PATCH v13 bpf-next 1/6] bpf: Add kfunc bpf_get_file_xattr
Song Liu
- [PATCH v14 bpf-next 0/6] bpf: File verification with LSM and fsverity
Song Liu
- [PATCH v14 bpf-next 1/6] bpf: Add kfunc bpf_get_file_xattr
Song Liu
- [PATCH v14 bpf-next 2/6] bpf, fsverity: Add kfunc bpf_get_fsverity_digest
Song Liu
- [PATCH v14 bpf-next 3/6] Documentation/bpf: Add documentation for filesystem kfuncs
Song Liu
- [PATCH v14 bpf-next 4/6] selftests/bpf: Sort config in alphabetic order
Song Liu
- [PATCH v14 bpf-next 5/6] selftests/bpf: Add tests for filesystem kfuncs
Song Liu
- [PATCH v14 bpf-next 6/6] selftests/bpf: Add test that uses fsverity and xattr to sign a file
Song Liu
- [PATCH v14 bpf-next 6/6] selftests/bpf: Add test that uses fsverity and xattr to sign a file
Song Liu
- [PATCH v14 bpf-next 6/6] selftests/bpf: Add test that uses fsverity and xattr to sign a file
Song Liu
- [PATCH v14 bpf-next 6/6] selftests/bpf: Add test that uses fsverity and xattr to sign a file
Song Liu
- [PATCH v15 bpf-next 0/6] bpf: File verification with LSM and fsverity
Song Liu
- [PATCH v15 bpf-next 1/6] bpf: Add kfunc bpf_get_file_xattr
Song Liu
- [PATCH v15 bpf-next 2/6] bpf, fsverity: Add kfunc bpf_get_fsverity_digest
Song Liu
- [PATCH v15 bpf-next 3/6] Documentation/bpf: Add documentation for filesystem kfuncs
Song Liu
- [PATCH v15 bpf-next 4/6] selftests/bpf: Sort config in alphabetic order
Song Liu
- [PATCH v15 bpf-next 5/6] selftests/bpf: Add tests for filesystem kfuncs
Song Liu
- [PATCH v15 bpf-next 6/6] selftests/bpf: Add test that uses fsverity and xattr to sign a file
Song Liu
- [PATCH] exitz syscall
Andy Lutomirski
- [GIT PULL] selinux/selinux-pr-20231030
Paul Moore
- [RFC PATCH 0/3] LSM syscall tweaks
Paul Moore
- [PATCH RFC v11 15/19] fsverity: consume builtin signature via LSM hook
Paul Moore
- [PATCH RFC v11 11/19] dm verity: set DM_TARGET_SINGLETON feature flag
Paul Moore
- [PATCH RFC v11 12/19] dm: add finalize hook to target_type
Paul Moore
- [PATCH RFC v11 13/19] dm verity: consume root hash digest and signature data via LSM hook
Paul Moore
- [PATCH] lsm: align based on pointer length in lsm_fill_user_ctx()
Paul Moore
- [PATCH] lsm: convert security_setselfattr() to use memdup_user()
Paul Moore
- [PATCH RFC v11 15/19] fsverity: consume builtin signature via LSM hook
Paul Moore
- [PATCH RFC v11 5/19] ipe: introduce 'boot_verified' as a trust provider
Paul Moore
- [PATCH RFC v11 5/19] ipe: introduce 'boot_verified' as a trust provider
Paul Moore
- [PATCH] lsm: align based on pointer length in lsm_fill_user_ctx()
Paul Moore
- [PATCH] lsm: convert security_setselfattr() to use memdup_user()
Paul Moore
- linux-next: manual merge of the apparmor tree with the security tree
Paul Moore
- [PATCH v9 9/17] bpf, lsm: refactor bpf_prog_alloc/bpf_prog_free LSM hooks
Paul Moore
- [PATCH v9 10/17] bpf, lsm: refactor bpf_map_alloc/bpf_map_free LSM hooks
Paul Moore
- [PATCH v9 11/17] bpf,lsm: add BPF token LSM hooks
Paul Moore
- [PATCH v9 17/17] bpf, selinux: allocate bpf_security_struct per BPF token
Paul Moore
- [PATCH v9 9/17] bpf,lsm: refactor bpf_prog_alloc/bpf_prog_free LSM hooks
Paul Moore
- [PATCH v9 11/17] bpf,lsm: add BPF token LSM hooks
Paul Moore
- [syzbot] [reiserfs?] possible deadlock in reiserfs_dirty_inode
Paul Moore
- [syzbot] [reiserfs?] possible deadlock in reiserfs_dirty_inode
Paul Moore
- [PATCH v4 4/4] vduse: Add LSM hooks to check Virtio device type
Paul Moore
- [PATCH v4 4/6] add statmount(2) syscall
Paul Moore
- [PATCH v4 5/6] add listmount(2) syscall
Paul Moore
- [PATCH 0/2] lsm: fix default return values for some hooks
Paul Moore
- [PATCH v5 00/23] security: Move IMA and EVM to the LSM infrastructure
Paul Moore
- [PATCH v4 4/6] add statmount(2) syscall
Paul Moore
- [PATCH 0/2] lsm: fix default return values for some hooks
Paul Moore
- [GIT PULL] lsm/lsm-pr-20231109
Paul Moore
- [PATCH v4 4/6] add statmount(2) syscall
Paul Moore
- [PATCH] lsm: mark the lsm_id variables are marked as static
Paul Moore
- [PATCH] mailmap: update/replace my old email addresses
Paul Moore
- [PATCH] lsm: mark the lsm_id variables are marked as static
Paul Moore
- [PATCH] mailmap: update/replace my old email addresses
Paul Moore
- [PATCH v4 4/6] add statmount(2) syscall
Paul Moore
- [RFC PATCH -mm 0/4] mm, security, bpf: Fine-grained control over memory policy adjustments with lsm bpf
Paul Moore
- [PATCH v15 00/11] LSM: Three basic syscalls
Paul Moore
- [PATCH] lsm: drop LSM_ID_IMA
Paul Moore
- [PATCH] security: Don't yet account for IMA in LSM_CONFIG_COUNT calculation
Paul Moore
- [RFC PATCH 0/3] LSM syscall tweaks
Paul Moore
- [PATCH] lsm: align based on pointer length in lsm_fill_user_ctx()
Paul Moore
- [PATCH] lsm: convert security_setselfattr() to use memdup_user()
Paul Moore
- [PATCH] lsm: mark the lsm_id variables are marked as static
Paul Moore
- [PATCH] mailmap: update/replace my old email addresses
Paul Moore
- [PATCH] mailmap: add entries for Serge Hallyn's dead accounts
Paul Moore
- [PATCH] mailmap: add entries for Serge Hallyn's dead accounts
Paul Moore
- [PATCH] MAINTAINERS: update the LSM entry
Paul Moore
- [PATCH] MAINTAINERS: update the LSM entry
Paul Moore
- [PATCH v5 10/23] security: Introduce inode_post_setattr hook
Paul Moore
- [PATCH v5 11/23] security: Introduce inode_post_removexattr hook
Paul Moore
- [PATCH v5 13/23] security: Introduce file_pre_free_security hook
Paul Moore
- [PATCH v5 15/23] security: Introduce inode_post_create_tmpfile hook
Paul Moore
- [PATCH v5 16/23] security: Introduce inode_post_set_acl hook
Paul Moore
- [PATCH v5 17/23] security: Introduce inode_post_remove_acl hook
Paul Moore
- [PATCH v5 22/23] integrity: Move integrity functions to the LSM infrastructure
Paul Moore
- [PATCH] MAINTAINERS: update the LSM entry
Paul Moore
- [PATCH v5 13/23] security: Introduce file_pre_free_security hook
Paul Moore
- [PATCH v5 10/23] security: Introduce inode_post_setattr hook
Paul Moore
- [RFC V2] IMA Log Snapshotting Design Proposal
Paul Moore
- [RFC V2] IMA Log Snapshotting Design Proposal
Paul Moore
- [RFC V2] IMA Log Snapshotting Design Proposal
Paul Moore
- [PATCH v5 23/23] integrity: Switch from rbtree to LSM-managed blob for integrity_iint_cache
Paul Moore
- [PATCH v5 22/23] integrity: Move integrity functions to the LSM infrastructure
Paul Moore
- [PATCH v5 11/23] security: Introduce inode_post_removexattr hook
Paul Moore
- [PATCH v5 23/23] integrity: Switch from rbtree to LSM-managed blob for integrity_iint_cache
Paul Moore
- [PATCH RFC] Add a lockdown_hibernate parameter
Paul Moore
- [PATCH] MAINTAINERS: add an entry for the lockdown LSM
Paul Moore
- [RFC PATCH v2 0/4] LSM: Officially support appending LSM hooks after boot.
Paul Moore
- [PATCH] MAINTAINERS: add an entry for the lockdown LSM
Paul Moore
- [PATCH RFC] Add a lockdown_hibernate parameter
Paul Moore
- [RFC V2] IMA Log Snapshotting Design Proposal
Paul Moore
- [RFC PATCH v2 0/4] LSM: Officially support appending LSM hooks after boot.
Paul Moore
- [RFC V2] IMA Log Snapshotting Design Proposal
Paul Moore
- [PATCH net] calipso: Fix memory leak in netlbl_calipso_add_pass()
Paul Moore
- [PATCH] selftests: remove the LSM_ID_IMA check in lsm/lsm_list_modules_test
Paul Moore
- [PATCH net v2] calipso: Fix memory leak in netlbl_calipso_add_pass()
Paul Moore
- [PATCH] selftests: remove the LSM_ID_IMA check in lsm/lsm_list_modules_test
Paul Moore
- [RFC V2] IMA Log Snapshotting Design Proposal
Paul Moore
- [RFC V2] IMA Log Snapshotting Design Proposal
Paul Moore
- [PATCH v5 23/23] integrity: Switch from rbtree to LSM-managed blob for integrity_iint_cache
Paul Moore
- [PATCH v5 23/23] integrity: Switch from rbtree to LSM-managed blob for integrity_iint_cache
Paul Moore
- [PATCH v5 23/23] integrity: Switch from rbtree to LSM-managed blob for integrity_iint_cache
Paul Moore
- [PATCH v5 23/23] integrity: Switch from rbtree to LSM-managed blob for integrity_iint_cache
Paul Moore
- [ANNOUNCE] CFP: Linux Security Summit North America 2024
James Morris
- [PATCH v2 5/5] ramfs: Initialize security of in-memory inodes
Andrew Morton
- [PATCH 0/2] lsm: fix default return values for some hooks
Ondrej Mosnacek
- [RFC PATCH -mm 0/4] mm, security, bpf: Fine-grained control over memory policy adjustments with lsm bpf
Ondrej Mosnacek
- [PATCH v7 4/5] bpf: Only enable BPF LSM hooks when an LSM program is attached
Andrii Nakryiko
- [PATCH v7 0/5] Reduce overhead of LSMs with static calls
Andrii Nakryiko
- [PATCH v9 bpf-next 00/17] BPF token and BPF FS-based delegation
Andrii Nakryiko
- [PATCH v9 bpf-next 01/17] bpf: align CAP_NET_ADMIN checks with bpf_capable() approach
Andrii Nakryiko
- [PATCH v9 bpf-next 02/17] bpf: add BPF token delegation mount options to BPF FS
Andrii Nakryiko
- [PATCH v9 bpf-next 03/17] bpf: introduce BPF token object
Andrii Nakryiko
- [PATCH v9 bpf-next 04/17] bpf: add BPF token support to BPF_MAP_CREATE command
Andrii Nakryiko
- [PATCH v9 bpf-next 05/17] bpf: add BPF token support to BPF_BTF_LOAD command
Andrii Nakryiko
- [PATCH v9 bpf-next 06/17] bpf: add BPF token support to BPF_PROG_LOAD command
Andrii Nakryiko
- [PATCH v9 bpf-next 07/17] bpf: take into account BPF token when fetching helper protos
Andrii Nakryiko
- [PATCH v9 bpf-next 08/17] bpf: consistently use BPF token throughout BPF verifier logic
Andrii Nakryiko
- [PATCH v9 bpf-next 09/17] bpf, lsm: refactor bpf_prog_alloc/bpf_prog_free LSM hooks
Andrii Nakryiko
- [PATCH v9 bpf-next 10/17] bpf, lsm: refactor bpf_map_alloc/bpf_map_free LSM hooks
Andrii Nakryiko
- [PATCH v9 bpf-next 11/17] bpf,lsm: add BPF token LSM hooks
Andrii Nakryiko
- [PATCH v9 bpf-next 12/17] libbpf: add bpf_token_create() API
Andrii Nakryiko
- [PATCH v9 bpf-next 13/17] libbpf: add BPF token support to bpf_map_create() API
Andrii Nakryiko
- [PATCH v9 bpf-next 14/17] libbpf: add BPF token support to bpf_btf_load() API
Andrii Nakryiko
- [PATCH v9 bpf-next 15/17] libbpf: add BPF token support to bpf_prog_load() API
Andrii Nakryiko
- [PATCH v9 bpf-next 16/17] selftests/bpf: add BPF token-enabled tests
Andrii Nakryiko
- [PATCH v9 bpf-next 17/17] bpf, selinux: allocate bpf_security_struct per BPF token
Andrii Nakryiko
- [PATCH v9 bpf-next 11/17] bpf,lsm: add BPF token LSM hooks
Andrii Nakryiko
- [PATCH v9 9/17] bpf,lsm: refactor bpf_prog_alloc/bpf_prog_free LSM hooks
Andrii Nakryiko
- [PATCH v9 11/17] bpf,lsm: add BPF token LSM hooks
Andrii Nakryiko
- [PATCH v9 17/17] bpf,selinux: allocate bpf_security_struct per BPF token
Andrii Nakryiko
- [PATCH v9 bpf-next 02/17] bpf: add BPF token delegation mount options to BPF FS
Andrii Nakryiko
- [PATCH v9 bpf-next 03/17] bpf: introduce BPF token object
Andrii Nakryiko
- [PATCH v9 bpf-next 02/17] bpf: add BPF token delegation mount options to BPF FS
Andrii Nakryiko
- [PATCH v9 bpf-next 02/17] bpf: add BPF token delegation mount options to BPF FS
Andrii Nakryiko
- [PATCH v10 bpf-next 00/17] BPF token and BPF FS-based delegation
Andrii Nakryiko
- [PATCH v10 bpf-next 01/17] bpf: align CAP_NET_ADMIN checks with bpf_capable() approach
Andrii Nakryiko
- [PATCH v10 bpf-next 02/17] bpf: add BPF token delegation mount options to BPF FS
Andrii Nakryiko
- [PATCH v10 bpf-next 03/17] bpf: introduce BPF token object
Andrii Nakryiko
- [PATCH v10 bpf-next 04/17] bpf: add BPF token support to BPF_MAP_CREATE command
Andrii Nakryiko
- [PATCH v10 bpf-next 05/17] bpf: add BPF token support to BPF_BTF_LOAD command
Andrii Nakryiko
- [PATCH v10 bpf-next 06/17] bpf: add BPF token support to BPF_PROG_LOAD command
Andrii Nakryiko
- [PATCH v10 bpf-next 07/17] bpf: take into account BPF token when fetching helper protos
Andrii Nakryiko
- [PATCH v10 bpf-next 08/17] bpf: consistently use BPF token throughout BPF verifier logic
Andrii Nakryiko
- [PATCH v10 bpf-next 09/17] bpf, lsm: refactor bpf_prog_alloc/bpf_prog_free LSM hooks
Andrii Nakryiko
- [PATCH v10 bpf-next 10/17] bpf, lsm: refactor bpf_map_alloc/bpf_map_free LSM hooks
Andrii Nakryiko
- [PATCH v10 bpf-next 11/17] bpf,lsm: add BPF token LSM hooks
Andrii Nakryiko
- [PATCH v10 bpf-next 12/17] libbpf: add bpf_token_create() API
Andrii Nakryiko
- [PATCH v10 bpf-next 13/17] libbpf: add BPF token support to bpf_map_create() API
Andrii Nakryiko
- [PATCH v10 bpf-next 14/17] libbpf: add BPF token support to bpf_btf_load() API
Andrii Nakryiko
- [PATCH v10 bpf-next 15/17] libbpf: add BPF token support to bpf_prog_load() API
Andrii Nakryiko
- [PATCH v10 bpf-next 16/17] selftests/bpf: add BPF token-enabled tests
Andrii Nakryiko
- [PATCH v10 bpf-next 17/17] bpf, selinux: allocate bpf_security_struct per BPF token
Andrii Nakryiko
- [PATCH v8 0/5] Reduce overhead of LSMs with static calls
Andrii Nakryiko
- [PATCH v10 bpf-next 03/17] bpf: introduce BPF token object
Andrii Nakryiko
- [PATCH v10 bpf-next 03/17] bpf: introduce BPF token object
Andrii Nakryiko
- [PATCH v11 bpf-next 00/17] BPF token and BPF FS-based delegation
Andrii Nakryiko
- [PATCH v11 bpf-next 01/17] bpf: align CAP_NET_ADMIN checks with bpf_capable() approach
Andrii Nakryiko
- [PATCH v11 bpf-next 02/17] bpf: add BPF token delegation mount options to BPF FS
Andrii Nakryiko
- [PATCH v11 bpf-next 03/17] bpf: introduce BPF token object
Andrii Nakryiko
- [PATCH v11 bpf-next 04/17] bpf: add BPF token support to BPF_MAP_CREATE command
Andrii Nakryiko
- [PATCH v11 bpf-next 05/17] bpf: add BPF token support to BPF_BTF_LOAD command
Andrii Nakryiko
- [PATCH v11 bpf-next 06/17] bpf: add BPF token support to BPF_PROG_LOAD command
Andrii Nakryiko
- [PATCH v11 bpf-next 07/17] bpf: take into account BPF token when fetching helper protos
Andrii Nakryiko
- [PATCH v11 bpf-next 08/17] bpf: consistently use BPF token throughout BPF verifier logic
Andrii Nakryiko
- [PATCH v11 bpf-next 09/17] bpf, lsm: refactor bpf_prog_alloc/bpf_prog_free LSM hooks
Andrii Nakryiko
- [PATCH v11 bpf-next 10/17] bpf, lsm: refactor bpf_map_alloc/bpf_map_free LSM hooks
Andrii Nakryiko
- [PATCH v11 bpf-next 11/17] bpf,lsm: add BPF token LSM hooks
Andrii Nakryiko
- [PATCH v11 bpf-next 12/17] libbpf: add bpf_token_create() API
Andrii Nakryiko
- [PATCH v11 bpf-next 13/17] libbpf: add BPF token support to bpf_map_create() API
Andrii Nakryiko
- [PATCH v11 bpf-next 14/17] libbpf: add BPF token support to bpf_btf_load() API
Andrii Nakryiko
- [PATCH v11 bpf-next 15/17] libbpf: add BPF token support to bpf_prog_load() API
Andrii Nakryiko
- [PATCH v11 bpf-next 16/17] selftests/bpf: add BPF token-enabled tests
Andrii Nakryiko
- [PATCH v11 bpf-next 17/17] bpf, selinux: allocate bpf_security_struct per BPF token
Andrii Nakryiko
- [PATCH v11 bpf-next 03/17] bpf: introduce BPF token object
Andrii Nakryiko
- [PATCH v11 bpf-next 03/17] bpf: introduce BPF token object
Andrii Nakryiko
- [PATCH v11 bpf-next 02/17] bpf: add BPF token delegation mount options to BPF FS
Andrii Nakryiko
- [PATCH v11 bpf-next 02/17] bpf: add BPF token delegation mount options to BPF FS
Andrii Nakryiko
- [PATCH v11 bpf-next 02/17] bpf: add BPF token delegation mount options to BPF FS
Andrii Nakryiko
- [PATCH v12 bpf-next 00/17] BPF token and BPF FS-based delegation
Andrii Nakryiko
- [PATCH v12 bpf-next 01/17] bpf: align CAP_NET_ADMIN checks with bpf_capable() approach
Andrii Nakryiko
- [PATCH v12 bpf-next 02/17] bpf: add BPF token delegation mount options to BPF FS
Andrii Nakryiko
- [PATCH v12 bpf-next 03/17] bpf: introduce BPF token object
Andrii Nakryiko
- [PATCH v12 bpf-next 04/17] bpf: add BPF token support to BPF_MAP_CREATE command
Andrii Nakryiko
- [PATCH v12 bpf-next 05/17] bpf: add BPF token support to BPF_BTF_LOAD command
Andrii Nakryiko
- [PATCH v12 bpf-next 06/17] bpf: add BPF token support to BPF_PROG_LOAD command
Andrii Nakryiko
- [PATCH v12 bpf-next 07/17] bpf: take into account BPF token when fetching helper protos
Andrii Nakryiko
- [PATCH v12 bpf-next 08/17] bpf: consistently use BPF token throughout BPF verifier logic
Andrii Nakryiko
- [PATCH v12 bpf-next 09/17] bpf, lsm: refactor bpf_prog_alloc/bpf_prog_free LSM hooks
Andrii Nakryiko
- [PATCH v12 bpf-next 10/17] bpf, lsm: refactor bpf_map_alloc/bpf_map_free LSM hooks
Andrii Nakryiko
- [PATCH v12 bpf-next 11/17] bpf,lsm: add BPF token LSM hooks
Andrii Nakryiko
- [PATCH v12 bpf-next 12/17] libbpf: add bpf_token_create() API
Andrii Nakryiko
- [PATCH v12 bpf-next 13/17] libbpf: add BPF token support to bpf_map_create() API
Andrii Nakryiko
- [PATCH v12 bpf-next 14/17] libbpf: add BPF token support to bpf_btf_load() API
Andrii Nakryiko
- [PATCH v12 bpf-next 15/17] libbpf: add BPF token support to bpf_prog_load() API
Andrii Nakryiko
- [PATCH v12 bpf-next 16/17] selftests/bpf: add BPF token-enabled tests
Andrii Nakryiko
- [PATCH v12 bpf-next 17/17] bpf, selinux: allocate bpf_security_struct per BPF token
Andrii Nakryiko
- [PATCH] KEYS: encrypted: Add check for strsep
Chen Ni
- [PATCH] exitz syscall
Jasper Niebuhr
- [PATCH] exitz syscall
Jasper Niebuhr
- [PATCH] exitz syscall
York Jasper Niebuhr
- [PATCH v3 0/5] Landlock: IOCTL support
Günther Noack
- [PATCH v4 0/7] Landlock: IOCTL support
Günther Noack
- [PATCH v4 1/7] landlock: Optimize the number of calls to get_access_mask slightly
Günther Noack
- [PATCH v4 2/7] landlock: Add IOCTL access right
Günther Noack
- [PATCH v4 3/7] selftests/landlock: Test IOCTL support
Günther Noack
- [PATCH v4 4/7] selftests/landlock: Test IOCTL with memfds
Günther Noack
- [PATCH v4 5/7] selftests/landlock: Test ioctl(2) and ftruncate(2) with open(O_PATH)
Günther Noack
- [PATCH v4 6/7] samples/landlock: Add support for LANDLOCK_ACCESS_FS_IOCTL
Günther Noack
- [PATCH v4 7/7] landlock: Document IOCTL support
Günther Noack
- [PATCH v4 2/7] landlock: Add IOCTL access right
Günther Noack
- [PATCH v4 6/7] samples/landlock: Add support for LANDLOCK_ACCESS_FS_IOCTL
Günther Noack
- [PATCH v4 1/7] landlock: Optimize the number of calls to get_access_mask slightly
Günther Noack
- [PATCH v4 0/7] Landlock: IOCTL support
Günther Noack
- [PATCH v5 0/7] Landlock: IOCTL support
Günther Noack
- [PATCH v5 1/7] landlock: Optimize the number of calls to get_access_mask slightly
Günther Noack
- [PATCH v5 2/7] landlock: Add IOCTL access right
Günther Noack
- [PATCH v5 3/7] selftests/landlock: Test IOCTL support
Günther Noack
- [PATCH v5 4/7] selftests/landlock: Test IOCTL with memfds
Günther Noack
- [PATCH v5 5/7] selftests/landlock: Test ioctl(2) and ftruncate(2) with open(O_PATH)
Günther Noack
- [PATCH v5 6/7] samples/landlock: Add support for LANDLOCK_ACCESS_FS_IOCTL
Günther Noack
- [PATCH v5 7/7] landlock: Document IOCTL support
Günther Noack
- [PATCH v4 0/7] Landlock: IOCTL support
Günther Noack
- [PATCH v5 2/7] landlock: Add IOCTL access right
Günther Noack
- [PATCH v5 2/7] landlock: Add IOCTL access right
Günther Noack
- [PATCH v5 3/7] selftests/landlock: Test IOCTL support
Günther Noack
- [PATCH v1 1/2] selftests/landlock: Add tests to check undefined rule's access rights
Günther Noack
- [PATCH v1 2/2] selftests/landlock: Add tests to check unhandled rule's access rights
Günther Noack
- [PATCH v6 0/9] Landlock: IOCTL support
Günther Noack
- [PATCH v6 1/9] landlock: Remove remaining "inline" modifiers in .c files
Günther Noack
- [PATCH v6 2/9] selftests/landlock: Rename "permitted" to "allowed" in ftruncate tests
Günther Noack
- [PATCH v6 3/9] landlock: Optimize the number of calls to get_access_mask slightly
Günther Noack
- [PATCH v6 4/9] landlock: Add IOCTL access right
Günther Noack
- [PATCH v6 5/9] selftests/landlock: Test IOCTL support
Günther Noack
- [PATCH v6 6/9] selftests/landlock: Test IOCTL with memfds
Günther Noack
- [PATCH v6 7/9] selftests/landlock: Test ioctl(2) and ftruncate(2) with open(O_PATH)
Günther Noack
- [PATCH v6 8/9] samples/landlock: Add support for LANDLOCK_ACCESS_FS_IOCTL
Günther Noack
- [PATCH v6 9/9] landlock: Document IOCTL support
Günther Noack
- [PATCH v6 4/5] bpf: Only enable BPF LSM hooks when an LSM program is attached
Jiri Olsa
- [PATCH] apparmor: free the allocated pdb objects
Fedor Pchelkin
- PSA: this list has moved to new vger infra (no action required)
Konstantin Ryabitsev
- [PATCH v3 4/6] tpm: Support TPM2 sized buffers (TPM2B)
Jarkko Sakkinen
- [PATCH v3 2/6] tpm: Store TPM buffer length
Jarkko Sakkinen
- [PATCH v3 3/6] tpm: Detach tpm_buf_reset() from tpm_buf_init()
Jarkko Sakkinen
- [PATCH v3 2/6] tpm: Store TPM buffer length
Jarkko Sakkinen
- [PATCH v3 4/6] tpm: Support TPM2 sized buffers (TPM2B)
Jarkko Sakkinen
- [GIT PULL] Landlock updates for v6.7
Mickaël Salaün
- [PATCH v3 0/5] Landlock: IOCTL support
Mickaël Salaün
- [RFC PATCH v2 00/19] Hypervisor-Enforced Kernel Integrity
Mickaël Salaün
- [RFC PATCH v2 01/19] virt: Introduce Hypervisor Enforced Kernel Integrity (Heki)
Mickaël Salaün
- [RFC PATCH v2 02/19] KVM: x86: Add new hypercall to lock control registers
Mickaël Salaün
- [RFC PATCH v2 03/19] KVM: x86: Add notifications for Heki policy configuration and violation
Mickaël Salaün
- [RFC PATCH v2 04/19] heki: Lock guest control registers at the end of guest kernel init
Mickaël Salaün
- [RFC PATCH v2 05/19] KVM: VMX: Add MBEC support
Mickaël Salaün
- [RFC PATCH v2 06/19] KVM: x86: Add kvm_x86_ops.fault_gva()
Mickaël Salaün
- [RFC PATCH v2 07/19] KVM: x86: Make memory attribute helpers more generic
Mickaël Salaün
- [RFC PATCH v2 08/19] KVM: x86: Extend kvm_vm_set_mem_attributes() with a mask
Mickaël Salaün
- [RFC PATCH v2 09/19] KVM: x86: Extend kvm_range_has_memory_attributes() with match_all
Mickaël Salaün
- [RFC PATCH v2 10/19] KVM: x86: Implement per-guest-page permissions
Mickaël Salaün
- [RFC PATCH v2 11/19] KVM: x86: Add new hypercall to set EPT permissions
Mickaël Salaün
- [RFC PATCH v2 12/19] x86: Implement the Memory Table feature to store arbitrary per-page data
Mickaël Salaün
- [RFC PATCH v2 13/19] heki: Implement a kernel page table walker
Mickaël Salaün
- [RFC PATCH v2 14/19] heki: x86: Initialize permissions counters for pages mapped into KVA
Mickaël Salaün
- [RFC PATCH v2 15/19] heki: x86: Initialize permissions counters for pages in vmap()/vunmap()
Mickaël Salaün
- [RFC PATCH v2 16/19] heki: x86: Update permissions counters when guest page permissions change
Mickaël Salaün
- [RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching
Mickaël Salaün
- [RFC PATCH v2 18/19] heki: x86: Protect guest kernel memory using the KVM hypervisor
Mickaël Salaün
- [RFC PATCH v2 19/19] virt: Add Heki KUnit tests
Mickaël Salaün
- [PATCH v4 0/7] Landlock: IOCTL support
Mickaël Salaün
- [PATCH v4 1/7] landlock: Optimize the number of calls to get_access_mask slightly
Mickaël Salaün
- [PATCH v4 6/7] samples/landlock: Add support for LANDLOCK_ACCESS_FS_IOCTL
Mickaël Salaün
- [PATCH v4 2/7] landlock: Add IOCTL access right
Mickaël Salaün
- [PATCH v4 0/7] Landlock: IOCTL support
Mickaël Salaün
- [PATCH v5 2/7] landlock: Add IOCTL access right
Mickaël Salaün
- [PATCH v1 0/2] Extend Landlock test to improve rule's coverage
Mickaël Salaün
- [PATCH v1 1/2] selftests/landlock: Add tests to check undefined rule's access rights
Mickaël Salaün
- [PATCH v1 2/2] selftests/landlock: Add tests to check unhandled rule's access rights
Mickaël Salaün
- [PATCH v5 2/7] landlock: Add IOCTL access right
Mickaël Salaün
- [PATCH v5 3/7] selftests/landlock: Test IOCTL support
Mickaël Salaün
- [PATCH v1 1/2] selftests/landlock: Add tests to check undefined rule's access rights
Mickaël Salaün
- [PATCH v1 2/2] selftests/landlock: Add tests to check unhandled rule's access rights
Mickaël Salaün
- [PATCH v1 2/2] selftests/landlock: Add tests to check unhandled rule's access rights
Mickaël Salaün
- [PATCH v4 0/7] Landlock: IOCTL support
Mickaël Salaün
- [PATCH v6 1/9] landlock: Remove remaining "inline" modifiers in .c files
Mickaël Salaün
- [PATCH v5 2/7] landlock: Add IOCTL access right
Mickaël Salaün
- [PATCH v5 3/7] selftests/landlock: Test IOCTL support
Mickaël Salaün
- [PATCH v6 4/9] landlock: Add IOCTL access right
Mickaël Salaün
- [PATCH v6 5/9] selftests/landlock: Test IOCTL support
Mickaël Salaün
- [PATCH v2 0/2] Extend Landlock test to improve rule's coverage
Mickaël Salaün
- [PATCH v2 1/2] selftests/landlock: Add tests to check unknown rule's access rights
Mickaël Salaün
- [PATCH v2 2/2] selftests/landlock: Add tests to check unhandled rule's access rights
Mickaël Salaün
- [syzbot] [reiserfs?] possible deadlock in reiserfs_dirty_inode
Roberto Sassu
- [PATCH v5 00/23] security: Move IMA and EVM to the LSM infrastructure
Roberto Sassu
- [PATCH v5 01/23] ima: Align ima_inode_post_setattr() definition with LSM infrastructure
Roberto Sassu
- [PATCH v5 02/23] ima: Align ima_file_mprotect() definition with LSM infrastructure
Roberto Sassu
- [PATCH v5 03/23] ima: Align ima_inode_setxattr() definition with LSM infrastructure
Roberto Sassu
- [PATCH v5 04/23] ima: Align ima_inode_removexattr() definition with LSM infrastructure
Roberto Sassu
- [PATCH v5 05/23] ima: Align ima_post_read_file() definition with LSM infrastructure
Roberto Sassu
- [PATCH v5 06/23] evm: Align evm_inode_post_setattr() definition with LSM infrastructure
Roberto Sassu
- [PATCH v5 07/23] evm: Align evm_inode_setxattr() definition with LSM infrastructure
Roberto Sassu
- [PATCH v5 08/23] evm: Align evm_inode_post_setxattr() definition with LSM infrastructure
Roberto Sassu
- [PATCH v5 09/23] security: Align inode_setattr hook definition with EVM
Roberto Sassu
- [PATCH v5 10/23] security: Introduce inode_post_setattr hook
Roberto Sassu
- [PATCH v5 11/23] security: Introduce inode_post_removexattr hook
Roberto Sassu
- [PATCH v5 12/23] security: Introduce file_post_open hook
Roberto Sassu
- [PATCH v5 13/23] security: Introduce file_pre_free_security hook
Roberto Sassu
- [PATCH v5 14/23] security: Introduce path_post_mknod hook
Roberto Sassu
- [PATCH v5 15/23] security: Introduce inode_post_create_tmpfile hook
Roberto Sassu
- [PATCH v5 16/23] security: Introduce inode_post_set_acl hook
Roberto Sassu
- [PATCH v5 17/23] security: Introduce inode_post_remove_acl hook
Roberto Sassu
- [PATCH v5 18/23] security: Introduce key_post_create_or_update hook
Roberto Sassu
- [PATCH v5 19/23] ima: Move to LSM infrastructure
Roberto Sassu
- [PATCH v5 20/23] ima: Move IMA-Appraisal to LSM infrastructure
Roberto Sassu
- [PATCH v5 21/23] evm: Move to LSM infrastructure
Roberto Sassu
- [PATCH v5 22/23] integrity: Move integrity functions to the LSM infrastructure
Roberto Sassu
- [PATCH v5 23/23] integrity: Switch from rbtree to LSM-managed blob for integrity_iint_cache
Roberto Sassu
- [PATCH v5 00/23] security: Move IMA and EVM to the LSM infrastructure
Roberto Sassu
- [PATCH v5 11/23] security: Introduce inode_post_removexattr hook
Roberto Sassu
- [syzbot] [reiserfs?] possible deadlock in reiserfs_dirty_inode
Roberto Sassu
- [PATCH v2 5/5] ramfs: Initialize security of in-memory inodes
Roberto Sassu
- [PATCH v3 0/5] Smack transmute fixes
Roberto Sassu
- [PATCH v3 1/5] smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr()
Roberto Sassu
- [PATCH v3 2/5] smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity()
Roberto Sassu
- [PATCH v3 3/5] smack: Always determine inode labels in smack_inode_init_security()
Roberto Sassu
- [PATCH v3 4/5] smack: Initialize the in-memory inode in smack_inode_init_security()
Roberto Sassu
- [PATCH v3 5/5] ramfs: Initialize security of in-memory inodes
Roberto Sassu
- [PATCH v5 10/23] security: Introduce inode_post_setattr hook
Roberto Sassu
- [PATCH v5 13/23] security: Introduce file_pre_free_security hook
Roberto Sassu
- [PATCH v5 22/23] integrity: Move integrity functions to the LSM infrastructure
Roberto Sassu
- [PATCH v5 23/23] integrity: Switch from rbtree to LSM-managed blob for integrity_iint_cache
Roberto Sassu
- [PATCH v5 22/23] integrity: Move integrity functions to the LSM infrastructure
Roberto Sassu
- [PATCH v5 11/23] security: Introduce inode_post_removexattr hook
Roberto Sassu
- [PATCH v6 00/25] security: Move IMA and EVM to the LSM infrastructure
Roberto Sassu
- [PATCH v6 01/25] ima: Align ima_inode_post_setattr() definition with LSM infrastructure
Roberto Sassu
- [PATCH v6 02/25] ima: Align ima_file_mprotect() definition with LSM infrastructure
Roberto Sassu
- [PATCH v6 03/25] ima: Align ima_inode_setxattr() definition with LSM infrastructure
Roberto Sassu
- [PATCH v6 04/25] ima: Align ima_inode_removexattr() definition with LSM infrastructure
Roberto Sassu
- [PATCH v6 05/25] ima: Align ima_post_read_file() definition with LSM infrastructure
Roberto Sassu
- [PATCH v6 06/25] evm: Align evm_inode_post_setattr() definition with LSM infrastructure
Roberto Sassu
- [PATCH v6 07/25] evm: Align evm_inode_setxattr() definition with LSM infrastructure
Roberto Sassu
- [PATCH v6 08/25] evm: Align evm_inode_post_setxattr() definition with LSM infrastructure
Roberto Sassu
- [PATCH v6 09/25] security: Align inode_setattr hook definition with EVM
Roberto Sassu
- [PATCH v6 10/25] security: Introduce inode_post_setattr hook
Roberto Sassu
- [PATCH v6 11/25] security: Introduce inode_post_removexattr hook
Roberto Sassu
- [PATCH v6 12/25] security: Introduce file_post_open hook
Roberto Sassu
- [PATCH v6 13/25] security: Introduce file_release hook
Roberto Sassu
- [PATCH v6 14/25] security: Introduce path_post_mknod hook
Roberto Sassu
- [PATCH v6 15/25] security: Introduce inode_post_create_tmpfile hook
Roberto Sassu
- [PATCH v6 16/25] security: Introduce inode_post_set_acl hook
Roberto Sassu
- [PATCH v6 17/25] security: Introduce inode_post_remove_acl hook
Roberto Sassu
- [PATCH v6 18/25] security: Introduce key_post_create_or_update hook
Roberto Sassu
- [PATCH v6 19/25] ima: Move to LSM infrastructure
Roberto Sassu
- [PATCH v6 20/25] ima: Move IMA-Appraisal to LSM infrastructure
Roberto Sassu
- [PATCH v6 21/25] evm: Move to LSM infrastructure
Roberto Sassu
- [PATCH v6 22/25] ima: Remove dependency on 'integrity' LSM
Roberto Sassu
- [PATCH v6 23/25] evm: Remove dependency on 'integrity' LSM
Roberto Sassu
- [PATCH v6 24/25] integrity: Remove LSM
Roberto Sassu
- [PATCH v6 25/25] security: Enforce ordering of 'ima' and 'evm' LSMs
Roberto Sassu
- [PATCH v6 25/25] security: Enforce ordering of 'ima' and 'evm' LSMs
Roberto Sassu
- [PATCH v6 19/25] ima: Move to LSM infrastructure
Roberto Sassu
- [PATCH v5 23/23] integrity: Switch from rbtree to LSM-managed blob for integrity_iint_cache
Roberto Sassu
- [PATCH v5 23/23] integrity: Switch from rbtree to LSM-managed blob for integrity_iint_cache
Roberto Sassu
- [PATCH v5 23/23] integrity: Switch from rbtree to LSM-managed blob for integrity_iint_cache
Roberto Sassu
- [PATCH v5 23/23] integrity: Switch from rbtree to LSM-managed blob for integrity_iint_cache
Roberto Sassu
- [PATCH v5 23/23] integrity: Switch from rbtree to LSM-managed blob for integrity_iint_cache
Roberto Sassu
- [PATCH v7 19/23] ima: Move to LSM infrastructure
Roberto Sassu
- [PATCH v7 20/23] ima: Move IMA-Appraisal to LSM infrastructure
Roberto Sassu
- [PATCH v7 21/23] evm: Move to LSM infrastructure
Roberto Sassu
- [PATCH v7 22/23] integrity: Remove 'integrity' LSM and move integrity functions to 'ima' LSM
Roberto Sassu
- [PATCH v7 23/23] integrity: Switch from rbtree to LSM-managed blob for integrity_iint_cache
Roberto Sassu
- [PATCH v5 23/23] integrity: Switch from rbtree to LSM-managed blob for integrity_iint_cache
Roberto Sassu
- [RFC PATCH 0/3] LSM syscall tweaks
Casey Schaufler
- [PATCH] lsm: align based on pointer length in lsm_fill_user_ctx()
Casey Schaufler
- [PATCH] lsm: convert security_setselfattr() to use memdup_user()
Casey Schaufler
- [PATCH v5 01/23] ima: Align ima_inode_post_setattr() definition with LSM infrastructure
Casey Schaufler
- [PATCH v5 02/23] ima: Align ima_file_mprotect() definition with LSM infrastructure
Casey Schaufler
- [PATCH v5 03/23] ima: Align ima_inode_setxattr() definition with LSM infrastructure
Casey Schaufler
- [PATCH v5 04/23] ima: Align ima_inode_removexattr() definition with LSM infrastructure
Casey Schaufler
- [PATCH v5 05/23] ima: Align ima_post_read_file() definition with LSM infrastructure
Casey Schaufler
- [PATCH v5 06/23] evm: Align evm_inode_post_setattr() definition with LSM infrastructure
Casey Schaufler
- [PATCH v5 07/23] evm: Align evm_inode_setxattr() definition with LSM infrastructure
Casey Schaufler
- [PATCH v5 08/23] evm: Align evm_inode_post_setxattr() definition with LSM infrastructure
Casey Schaufler
- [PATCH v5 10/23] security: Introduce inode_post_setattr hook
Casey Schaufler
- [PATCH v5 11/23] security: Introduce inode_post_removexattr hook
Casey Schaufler
- [PATCH v5 12/23] security: Introduce file_post_open hook
Casey Schaufler
- [PATCH v5 13/23] security: Introduce file_pre_free_security hook
Casey Schaufler
- [PATCH v5 14/23] security: Introduce path_post_mknod hook
Casey Schaufler
- [PATCH v5 15/23] security: Introduce inode_post_create_tmpfile hook
Casey Schaufler
- [PATCH v5 16/23] security: Introduce inode_post_set_acl hook
Casey Schaufler
- [PATCH v5 17/23] security: Introduce inode_post_remove_acl hook
Casey Schaufler
- [PATCH v5 18/23] security: Introduce key_post_create_or_update hook
Casey Schaufler
- [PATCH v5 19/23] ima: Move to LSM infrastructure
Casey Schaufler
- [PATCH v5 20/23] ima: Move IMA-Appraisal to LSM infrastructure
Casey Schaufler
- [PATCH v5 21/23] evm: Move to LSM infrastructure
Casey Schaufler
- [PATCH v5 22/23] integrity: Move integrity functions to the LSM infrastructure
Casey Schaufler
- [PATCH] lsm: mark the lsm_id variables are marked as static
Casey Schaufler
- [RFC PATCH -mm 0/4] mm, security, bpf: Fine-grained control over memory policy adjustments with lsm bpf
Casey Schaufler
- [RFC PATCH -mm 0/4] mm, security, bpf: Fine-grained control over memory policy adjustments with lsm bpf
Casey Schaufler
- [RFC PATCH -mm 0/4] mm, security, bpf: Fine-grained control over memory policy adjustments with lsm bpf
Casey Schaufler
- [RFC PATCH -mm 0/4] mm, security, bpf: Fine-grained control over memory policy adjustments with lsm bpf
Casey Schaufler
- [PATCH v5 11/23] security: Introduce inode_post_removexattr hook
Casey Schaufler
- [PATCH v6 25/25] security: Enforce ordering of 'ima' and 'evm' LSMs
Casey Schaufler
- [PATCH] selftests: remove the LSM_ID_IMA check in lsm/lsm_list_modules_test
Casey Schaufler
- [PATCH v5 23/23] integrity: Switch from rbtree to LSM-managed blob for integrity_iint_cache
Casey Schaufler
- [PATCH] proc: Update inode upon changing task security attribute
Casey Schaufler
- [PATCH v5 23/23] integrity: Switch from rbtree to LSM-managed blob for integrity_iint_cache
Casey Schaufler
- [PATCH] proc: Update inode upon changing task security attribute
Casey Schaufler
- [PATCH v5 23/23] integrity: Switch from rbtree to LSM-managed blob for integrity_iint_cache
Casey Schaufler
- [PATCH v9 bpf-next 01/17] bpf: align CAP_NET_ADMIN checks with bpf_capable() approach
Yafang Shao
- [RFC PATCH -mm 0/4] mm, security, bpf: Fine-grained control over memory policy adjustments with lsm bpf
Yafang Shao
- [RFC PATCH -mm 1/4] mm, security: Add lsm hook for mbind(2)
Yafang Shao
- [RFC PATCH -mm 2/4] mm, security: Add lsm hook for set_mempolicy(2)
Yafang Shao
- [RFC PATCH -mm 3/4] mm, security: Add lsm hook for set_mempolicy_home_node(2)
Yafang Shao
- [RFC PATCH -mm 4/4] selftests/bpf: Add selftests for mbind(2) with lsm prog
Yafang Shao
- [RFC PATCH -mm 0/4] mm, security, bpf: Fine-grained control over memory policy adjustments with lsm bpf
Yafang Shao
- [RFC PATCH -mm 0/4] mm, security, bpf: Fine-grained control over memory policy adjustments with lsm bpf
Yafang Shao
- [RFC PATCH -mm 0/4] mm, security, bpf: Fine-grained control over memory policy adjustments with lsm bpf
Yafang Shao
- [RFC PATCH -mm 0/4] mm, security, bpf: Fine-grained control over memory policy adjustments with lsm bpf
Yafang Shao
- [RFC PATCH -mm 0/4] mm, security, bpf: Fine-grained control over memory policy adjustments with lsm bpf
Yafang Shao
- [RFC PATCH -mm 0/4] mm, security, bpf: Fine-grained control over memory policy adjustments with lsm bpf
Yafang Shao
- [RFC PATCH -mm 0/4] mm, security, bpf: Fine-grained control over memory policy adjustments with lsm bpf
Yafang Shao
- [RFC PATCH -mm 0/4] mm, security, bpf: Fine-grained control over memory policy adjustments with lsm bpf
Yafang Shao
- [RFC PATCH -mm 0/4] mm, security, bpf: Fine-grained control over memory policy adjustments with lsm bpf
Yafang Shao
- [RFC PATCH v2 0/6] mm, security, bpf: Fine-grained control over memory policy adjustments with lsm bpf
Yafang Shao
- [RFC PATCH v2 1/6] mm, doc: Add doc for MPOL_F_NUMA_BALANCING
Yafang Shao
- [RFC PATCH v2 2/6] mm: mempolicy: Revise comment regarding mempolicy mode flags
Yafang Shao
- [RFC PATCH v2 3/6] mm, security: Fix missed security_task_movememory() in mbind(2)
Yafang Shao
- [RFC PATCH v2 4/6] mm, security: Add lsm hook for memory policy adjustment
Yafang Shao
- [RFC PATCH v2 5/6] security: selinux: Implement set_mempolicy hook
Yafang Shao
- [RFC PATCH v2 6/6] selftests/bpf: Add selftests for set_mempolicy with a lsm prog
Yafang Shao
- [RFC PATCH v2 2/6] mm: mempolicy: Revise comment regarding mempolicy mode flags
Yafang Shao
- [RFC V2] IMA Log Snapshotting Design Proposal
Sush Shringarputale
- [RFC V2] IMA Log Snapshotting Design Proposal
Sush Shringarputale
- [RFC V2] IMA Log Snapshotting Design Proposal
Sush Shringarputale
- [PATCH v6 4/5] bpf: Only enable BPF LSM hooks when an LSM program is attached
KP Singh
- [PATCH v7 0/5] Reduce overhead of LSMs with static calls
KP Singh
- [PATCH v7 1/5] kernel: Add helper macros for loop unrolling
KP Singh
- [PATCH v7 2/5] security: Count the LSMs enabled at compile time
KP Singh
- [PATCH v7 3/5] security: Replace indirect LSM hook calls with static calls
KP Singh
- [PATCH v7 4/5] bpf: Only enable BPF LSM hooks when an LSM program is attached
KP Singh
- [PATCH v7 5/5] security: Add CONFIG_SECURITY_HOOK_LIKELY
KP Singh
- [PATCH v7 0/5] Reduce overhead of LSMs with static calls
KP Singh
- [PATCH v7 0/5] Reduce overhead of LSMs with static calls
KP Singh
- [PATCH v7 4/5] bpf: Only enable BPF LSM hooks when an LSM program is attached
KP Singh
- [PATCH v8 0/5] Reduce overhead of LSMs with static calls
KP Singh
- [PATCH v8 1/5] kernel: Add helper macros for loop unrolling
KP Singh
- [PATCH v8 2/5] security: Count the LSMs enabled at compile time
KP Singh
- [PATCH v8 3/5] security: Replace indirect LSM hook calls with static calls
KP Singh
- [PATCH v8 4/5] bpf: Only enable BPF LSM hooks when an LSM program is attached
KP Singh
- [PATCH v8 5/5] security: Add CONFIG_SECURITY_HOOK_LIKELY
KP Singh
- [PATCH v14 bpf-next 1/6] bpf: Add kfunc bpf_get_file_xattr
KP Singh
- [PATCH v3 2/6] tpm: Store TPM buffer length
Jerry Snitselaar
- [PATCH v3 3/6] tpm: Detach tpm_buf_reset() from tpm_buf_init()
Jerry Snitselaar
- [PATCH v3 2/6] tpm: Store TPM buffer length
Jerry Snitselaar
- [PATCH v3 4/6] tpm: Support TPM2 sized buffers (TPM2B)
Jerry Snitselaar
- [PATCH 0/2] ima: IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY cleanup
Eric Snowberg
- [PATCH 1/2] ima: Add machine keyring reference to IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY
Eric Snowberg
- [PATCH 2/2] ima: Remove EXPERIMENTAL from IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY
Eric Snowberg
- [PATCH 1/2] ima: Add machine keyring reference to IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY
Eric Snowberg
- [PATCH v2 0/2] ima: IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY cleanup
Eric Snowberg
- [PATCH v2 1/2] ima: Reword IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY
Eric Snowberg
- [PATCH v2 2/2] ima: Remove EXPERIMENTAL from Kconfig
Eric Snowberg
- [PATCH v13 bpf-next 5/6] selftests/bpf: Add tests for filesystem kfuncs
Alexei Starovoitov
- [PATCH v14 bpf-next 6/6] selftests/bpf: Add test that uses fsverity and xattr to sign a file
Alexei Starovoitov
- [PATCH v14 bpf-next 6/6] selftests/bpf: Add test that uses fsverity and xattr to sign a file
Alexei Starovoitov
- [RFC V2] IMA Log Snapshotting Design Proposal
Tushar Sugandhi
- [RFC V2] IMA Log Snapshotting Design Proposal
Tushar Sugandhi
- [PATCH v4 0/6] querying mount attributes
Miklos Szeredi
- [PATCH 0/4] listmount changes
Miklos Szeredi
- [PATCH 1/4] listmount: rip out flags
Miklos Szeredi
- [PATCH 2/4] listmount: list mounts in ID order
Miklos Szeredi
- [PATCH 3/4] listmount: small changes in semantics
Miklos Szeredi
- [PATCH 4/4] listmount: allow continuing
Miklos Szeredi
- [PATCH 0/4] listmount changes
Miklos Szeredi
- [PATCH] exitz syscall
Willy Tarreau
- [PATCH v5 23/23] integrity: Switch from rbtree to LSM-managed blob for integrity_iint_cache
Petr Tesarik
- [PATCH] exitz syscall
Linus Torvalds
- [PATCH] exitz syscall
Linus Torvalds
- [PATCH] exitz syscall
Theodore Ts'o
- [PATCH] exitz syscall
Theodore Ts'o
- [PATCH] exitz syscall
Theodore Ts'o
- [PATCH v4 4/4] vduse: Add LSM hooks to check Virtio device type
Michael S. Tsirkin
- [PATCH v4 4/4] vduse: Add LSM hooks to check Virtio device type
Michael S. Tsirkin
- [RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching
Madhavan T. Venkataraman
- [RFC PATCH v2 18/19] heki: x86: Protect guest kernel memory using the KVM hypervisor
Madhavan T. Venkataraman
- [RFC PATCH v2 18/19] heki: x86: Protect guest kernel memory using the KVM hypervisor
Madhavan T. Venkataraman
- [RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching
Madhavan T. Venkataraman
- [PATCH RFC] Add a lockdown_hibernate parameter
Kelvie Wong
- [PATCH RFC] Add a lockdown_hibernate parameter
Kelvie Wong
- [PATCH RFC] Add a lockdown_hibernate parameter
Kelvie Wong
- [PATCH RFC v11 15/19] fsverity: consume builtin signature via LSM hook
Fan Wu
- [PATCH RFC v11 14/19] ipe: add support for dm-verity as a trust provider
Fan Wu
- [PATCH RFC v11 5/19] ipe: introduce 'boot_verified' as a trust provider
Fan Wu
- [PATCH RFC v11 8/19] uapi|audit|ipe: add ipe auditing support
Fan Wu
- [PATCH RFC v11 9/19] ipe: add permissive toggle
Fan Wu
- [PATCH RFC v11 17/19] scripts: add boot policy generation program
Fan Wu
- [PATCH RFC v11 18/19] ipe: kunit test for parser
Fan Wu
- [PATCH v4 1/5] crypto: mxs-dcp: Add support for hardware-bound keys
Herbert Xu
- [PATCH v4 0/6] querying mount attributes
Karel Zak
- [RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching
Peter Zijlstra
- [RFC PATCH v2 18/19] heki: x86: Protect guest kernel memory using the KVM hypervisor
Peter Zijlstra
- [RFC PATCH v2 18/19] heki: x86: Protect guest kernel memory using the KVM hypervisor
Peter Zijlstra
- [RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching
Peter Zijlstra
- [RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching
Peter Zijlstra
- [PATCH v4 20/23] ima: Move IMA-Appraisal to LSM infrastructure
Mimi Zohar
- [PATCH v4 17/23] security: Introduce inode_post_remove_acl hook
Mimi Zohar
- [PATCH v4 00/23] security: Move IMA and EVM to the LSM infrastructure
Mimi Zohar
- [PATCH v4 12/23] security: Introduce file_post_open hook
Mimi Zohar
- [PATCH 1/2] ima: Add machine keyring reference to IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY
Mimi Zohar
- [PATCH v5 00/23] security: Move IMA and EVM to the LSM infrastructure
Mimi Zohar
- [RFC V2] IMA Log Snapshotting Design Proposal
Mimi Zohar
- [RFC V2] IMA Log Snapshotting Design Proposal
Mimi Zohar
- [RFC V2] IMA Log Snapshotting Design Proposal
Mimi Zohar
- [RFC V2] IMA Log Snapshotting Design Proposal
Mimi Zohar
- [RFC V2] IMA Log Snapshotting Design Proposal
Mimi Zohar
- [PATCH v5 23/23] integrity: Switch from rbtree to LSM-managed blob for integrity_iint_cache
Mimi Zohar
- € 100.000.000?
ch.31hamnghi at hcrc.vn
- [GIT PULL] Landlock updates for v6.7
pr-tracker-bot at kernel.org
- [GIT PULL] AppArmor updates for 6.7
pr-tracker-bot at kernel.org
- [GIT PULL] lsm/lsm-pr-20231109
pr-tracker-bot at kernel.org
- € 100.000.000?
gvalencia at maprial.com
- [PATCH v7 3/5] security: Replace indirect LSM hook calls with static calls
kernel test robot
- [PATCH v9 bpf-next 11/17] bpf,lsm: add BPF token LSM hooks
kernel test robot
- [PATCH v4 6/7] samples/landlock: Add support for LANDLOCK_ACCESS_FS_IOCTL
kernel test robot
- [PATCH 4/4] LSM: Add a LSM module which handles dynamically appendable LSM hooks.
kernel test robot
- [PATCH 4/4] LSM: Add a LSM module which handles dynamically appendable LSM hooks.
kernel test robot
- [PATCH 4/4] LSM: Add a LSM module which handles dynamically appendable LSM hooks.
kernel test robot
- [PATCH v13 bpf-next 6/6] selftests/bpf: Add test that uses fsverity and xattr to sign a file
kernel test robot
- [PATCH v14 bpf-next 6/6] selftests/bpf: Add test that uses fsverity and xattr to sign a file
kernel test robot
Last message date:
Thu Nov 30 23:43:28 UTC 2023
Archived on: Thu Nov 30 23:44:30 UTC 2023
This archive was generated by
Pipermail 0.09 (Mailman edition).