February 2024 Archives by author
Starting: Thu Feb 1 10:43:40 UTC 2024
Ending: Thu Feb 29 23:25:46 UTC 2024
Messages: 510
- [PATCH v2 00/25] fs: use type-safe uid representation for filesystem capabilities
Seth Forshee (DigitalOcean)
- [PATCH v2 01/25] mnt_idmapping: split out core vfs[ug]id_t definitions into vfsid.h
Seth Forshee (DigitalOcean)
- [PATCH v2 02/25] mnt_idmapping: include cred.h
Seth Forshee (DigitalOcean)
- [PATCH v2 03/25] capability: add static asserts for comapatibility of vfs_cap_data and vfs_ns_cap_data
Seth Forshee (DigitalOcean)
- [PATCH v2 04/25] capability: rename cpu_vfs_cap_data to vfs_caps
Seth Forshee (DigitalOcean)
- [PATCH v2 05/25] capability: use vfsuid_t for vfs_caps rootids
Seth Forshee (DigitalOcean)
- [PATCH v2 06/25] capability: provide helpers for converting between xattrs and vfs_caps
Seth Forshee (DigitalOcean)
- [PATCH v2 07/25] capability: provide a helper for converting vfs_caps to xattr for userspace
Seth Forshee (DigitalOcean)
- [PATCH v2 08/25] xattr: add is_fscaps_xattr() helper
Seth Forshee (DigitalOcean)
- [PATCH v2 09/25] commoncap: use is_fscaps_xattr()
Seth Forshee (DigitalOcean)
- [PATCH v2 10/25] xattr: use is_fscaps_xattr()
Seth Forshee (DigitalOcean)
- [PATCH v2 11/25] security: add hooks for set/get/remove of fscaps
Seth Forshee (DigitalOcean)
- [PATCH v2 12/25] selinux: add hooks for fscaps operations
Seth Forshee (DigitalOcean)
- [PATCH v2 13/25] smack: add hooks for fscaps operations
Seth Forshee (DigitalOcean)
- [PATCH v2 14/25] evm: add support for fscaps security hooks
Seth Forshee (DigitalOcean)
- [PATCH v2 15/25] security: call evm fscaps hooks from generic security hooks
Seth Forshee (DigitalOcean)
- [PATCH v2 16/25] fs: add inode operations to get/set/remove fscaps
Seth Forshee (DigitalOcean)
- [PATCH v2 17/25] fs: add vfs_get_fscaps()
Seth Forshee (DigitalOcean)
- [PATCH v2 18/25] fs: add vfs_set_fscaps()
Seth Forshee (DigitalOcean)
- [PATCH v2 19/25] fs: add vfs_remove_fscaps()
Seth Forshee (DigitalOcean)
- [PATCH v2 20/25] ovl: add fscaps handlers
Seth Forshee (DigitalOcean)
- [PATCH v2 21/25] ovl: use vfs_{get,set}_fscaps() for copy-up
Seth Forshee (DigitalOcean)
- [PATCH v2 22/25] fs: use vfs interfaces for capabilities xattrs
Seth Forshee (DigitalOcean)
- [PATCH v2 23/25] commoncap: remove cap_inode_getsecurity()
Seth Forshee (DigitalOcean)
- [PATCH v2 24/25] commoncap: use vfs fscaps interfaces
Seth Forshee (DigitalOcean)
- [PATCH v2 25/25] vfs: return -EOPNOTSUPP for fscaps from vfs_*xattr()
Seth Forshee (DigitalOcean)
- [PATCH v2 11/25] security: add hooks for set/get/remove of fscaps
Seth Forshee (DigitalOcean)
- [PATCH v2 12/25] selinux: add hooks for fscaps operations
Seth Forshee (DigitalOcean)
- [PATCH v2 13/25] smack: add hooks for fscaps operations
Seth Forshee (DigitalOcean)
- [PATCH v2 15/25] security: call evm fscaps hooks from generic security hooks
Seth Forshee (DigitalOcean)
- [PATCH v2 12/25] selinux: add hooks for fscaps operations
Seth Forshee (DigitalOcean)
- [PATCH v2 06/25] capability: provide helpers for converting between xattrs and vfs_caps
Seth Forshee (DigitalOcean)
- [PATCH v2 00/25] fs: use type-safe uid representation for filesystem capabilities
Seth Forshee (DigitalOcean)
- [PATCH v2 20/25] ovl: add fscaps handlers
Seth Forshee (DigitalOcean)
- [PATCH net-next v3 00/11] selftests: kselftest_harness: support using xfail
Paolo Abeni
- [PATCH] proc: allow restricting /proc/pid/mem writes
Doug Anderson
- [PATCH] proc: allow restricting /proc/pid/mem writes
Doug Anderson
- [PATCH 4/5] evm: Use the real inode's metadata to calculate metadata hash
Stefan Berger
- [PATCH 1/5] security: allow finer granularity in permitting copy-up of security xattrs
Stefan Berger
- [PATCH 4/5] evm: Use the real inode's metadata to calculate metadata hash
Stefan Berger
- [PATCH 4/5] evm: Use the real inode's metadata to calculate metadata hash
Stefan Berger
- [PATCH 4/5] evm: Use the real inode's metadata to calculate metadata hash
Stefan Berger
- [PATCH 4/5] evm: Use the real inode's metadata to calculate metadata hash
Stefan Berger
- [PATCH v2 0/9] evm: Support signatures on stacked filesystem
Stefan Berger
- [PATCH v2 1/9] ima: Rename backing_inode to real_inode
Stefan Berger
- [PATCH v2 2/9] security: allow finer granularity in permitting copy-up of security xattrs
Stefan Berger
- [PATCH v2 3/9] evm: Implement per signature type decision in security_inode_copy_up_xattr
Stefan Berger
- [PATCH v2 4/9] ima: Reset EVM status upon detecting changes to the real file
Stefan Berger
- [PATCH v2 5/9] evm: Use the inode holding the metadata to calculate metadata hash
Stefan Berger
- [PATCH v2 6/9] evm: Enforce signatures on unsupported filesystem for EVM_INIT_X509
Stefan Berger
- [PATCH v2 7/9] fs: Rename SB_I_EVM_UNSUPPORTED to SB_I_EVM_HMAC_UNSUPPORTED
Stefan Berger
- [PATCH v2 8/9] evm: Rename is_unsupported_fs to is_unsupported_hmac_fs
Stefan Berger
- [PATCH v2 9/9] ima: Record i_version of real_inode for change detection
Stefan Berger
- [PATCH v9 13/25] security: Introduce file_release hook
Stefan Berger
- [PATCH v9 14/25] security: Introduce path_post_mknod hook
Stefan Berger
- [PATCH v9 15/25] security: Introduce inode_post_create_tmpfile hook
Stefan Berger
- [PATCH v9 19/25] integrity: Move integrity_kernel_module_request() to IMA
Stefan Berger
- [PATCH v9 20/25] ima: Move to LSM infrastructure
Stefan Berger
- [PATCH v9 22/25] evm: Move to LSM infrastructure
Stefan Berger
- [PATCH v9 23/25] evm: Make it independent from 'integrity' LSM
Stefan Berger
- [PATCH v9 24/25] ima: Make it independent from 'integrity' LSM
Stefan Berger
- [PATCH v9 25/25] integrity: Remove LSM
Stefan Berger
- [PATCH v9 19/25] integrity: Move integrity_kernel_module_request() to IMA
Stefan Berger
- [PATCH v9 19/25] integrity: Move integrity_kernel_module_request() to IMA
Stefan Berger
- [PATCH v2 9/9] ima: Record i_version of real_inode for change detection
Stefan Berger
- [PATCH v3 00/10] evm: Support signatures on stacked filesystem
Stefan Berger
- [PATCH v3 01/10] ima: Rename backing_inode to real_inode
Stefan Berger
- [PATCH v3 02/10] security: allow finer granularity in permitting copy-up of security xattrs
Stefan Berger
- [PATCH v3 03/10] evm: Implement per signature type decision in security_inode_copy_up_xattr
Stefan Berger
- [PATCH v3 04/10] evm: Use the metadata inode to calculate metadata hash
Stefan Berger
- [PATCH v3 05/10] ima: Move file-change detection variables into new structure
Stefan Berger
- [PATCH v3 06/10] evm: Store and detect metadata inode attributes changes
Stefan Berger
- [PATCH v3 07/10] ima: re-evaluate file integrity on file metadata change
Stefan Berger
- [PATCH v3 08/10] evm: Enforce signatures on unsupported filesystem for EVM_INIT_X509
Stefan Berger
- [PATCH v3 09/10] fs: Rename SB_I_EVM_UNSUPPORTED to SB_I_EVM_HMAC_UNSUPPORTED
Stefan Berger
- [PATCH v3 10/10] evm: Rename is_unsupported_fs to is_unsupported_hmac_fs
Stefan Berger
- [PATCH v9 1/8] landlock: Add IOCTL access right
Arnd Bergmann
- [PATCH 5.4,4.19] lsm: new security_file_ioctl_compat() hook
Eric Biggers
- [RFC PATCH v13 17/20] ipe: enable support for fs-verity as a trust provider
Eric Biggers
- [RFC PATCH v13 17/20] ipe: enable support for fs-verity as a trust provider
Eric Biggers
- [PATCH bpf-next] bpf: minor clean-up to sleepable_lsm_hooks BTF set
Matt Bobrowski
- [PATCH bpf-next] bpf: add security_file_mprotect() to sleepable_lsm_hooks BTF set
Matt Bobrowski
- [PATCH bpf-next] bpf: add security_file_mprotect() to sleepable_lsm_hooks BTF set
Matt Bobrowski
- [PATCH 1/5] security: allow finer granularity in permitting copy-up of security xattrs
Christian Brauner
- [PATCH 1/5] security: allow finer granularity in permitting copy-up of security xattrs
Christian Brauner
- [PATCH v9 21/25] ima: Move IMA-Appraisal to LSM infrastructure
Christian Brauner
- [PATCH v9 22/25] evm: Move to LSM infrastructure
Christian Brauner
- [PATCH v9 20/25] ima: Move to LSM infrastructure
Christian Brauner
- [PATCH v9 16/25] security: Introduce inode_post_set_acl hook
Christian Brauner
- [PATCH v9 17/25] security: Introduce inode_post_remove_acl hook
Christian Brauner
- [PATCH v9 15/25] security: Introduce inode_post_create_tmpfile hook
Christian Brauner
- [PATCH v9 14/25] security: Introduce path_post_mknod hook
Christian Brauner
- [PATCH v9 12/25] security: Introduce file_post_open hook
Christian Brauner
- [PATCH v9 12/25] security: Introduce file_post_open hook
Christian Brauner
- [PATCH v9 12/25] security: Introduce file_post_open hook
Christian Brauner
- [PATCH v9 13/25] security: Introduce file_release hook
Christian Brauner
- [PATCH v9 11/25] security: Introduce inode_post_removexattr hook
Christian Brauner
- [PATCH v9 10/25] security: Introduce inode_post_setattr hook
Christian Brauner
- [PATCH v9 12/25] security: Introduce file_post_open hook
Christian Brauner
- [PATCH v9 1/8] landlock: Add IOCTL access right
Christian Brauner
- [PATCH v2 01/25] mnt_idmapping: split out core vfs[ug]id_t definitions into vfsid.h
Christian Brauner
- [PATCH v2 02/25] mnt_idmapping: include cred.h
Christian Brauner
- [PATCH v2 03/25] capability: add static asserts for comapatibility of vfs_cap_data and vfs_ns_cap_data
Christian Brauner
- [PATCH v2 05/25] capability: use vfsuid_t for vfs_caps rootids
Christian Brauner
- [PATCH v2 06/25] capability: provide helpers for converting between xattrs and vfs_caps
Christian Brauner
- [PATCH v2 07/25] capability: provide a helper for converting vfs_caps to xattr for userspace
Christian Brauner
- [PATCH v2 00/25] fs: use type-safe uid representation for filesystem capabilities
Christian Brauner
- [PATCH v2 06/25] capability: provide helpers for converting between xattrs and vfs_caps
Christian Brauner
- [PATCH v2 08/25] xattr: add is_fscaps_xattr() helper
Christian Brauner
- [PATCH v2 09/25] commoncap: use is_fscaps_xattr()
Christian Brauner
- [PATCH v2 10/25] xattr: use is_fscaps_xattr()
Christian Brauner
- [PATCH v2 11/25] security: add hooks for set/get/remove of fscaps
Christian Brauner
- [PATCH v2 16/25] fs: add inode operations to get/set/remove fscaps
Christian Brauner
- [PATCH v2 17/25] fs: add vfs_get_fscaps()
Christian Brauner
- [PATCH v2 18/25] fs: add vfs_set_fscaps()
Christian Brauner
- [PATCH v2 19/25] fs: add vfs_remove_fscaps()
Christian Brauner
- [PATCH v2 20/25] ovl: add fscaps handlers
Christian Brauner
- memory leak in smack since de93 e515 db30 ("Smack: Improve mount process memory use")
Lukas Bulwahn
- [PATCH v2 1/3] LSM: add security_execve_abort() hook
Kees Cook
- [PATCH v2 2/3] tomoyo: replace current->in_execve flag with security_execve_abort() hook
Kees Cook
- [PATCH v2 3/3] fs/exec: remove current->in_execve flag
Kees Cook
- [PATCH v3 1/3] LSM: add security_execve_abort() hook
Kees Cook
- [PATCH v2 1/3] LSM: add security_execve_abort() hook
Kees Cook
- [PATCH] security: fix integer overflow in lsm_set_self_attr() syscall
Kees Cook
- [PATCH] security: fix integer overflow in lsm_set_self_attr() syscall
Kees Cook
- [PATCH] landlock: Warn once if a Landlock action is requested while disabled
Kees Cook
- [PATCH net-next v3 05/11] selftests: kselftest_harness: use exit code to store skip
Kees Cook
- [PATCH net-next v3 06/11] selftests: kselftest: add ksft_test_result_code(), handling all exit codes
Kees Cook
- [PATCH net-next v3 07/11] selftests: kselftest_harness: print test name for SKIP
Kees Cook
- [PATCH net-next v3 08/11] selftests: kselftest_harness: separate diagnostic message with # in ksft_test_result_code()
Kees Cook
- [PATCH net-next v3 10/11] selftests: kselftest_harness: support using xfail
Kees Cook
- [PATCH net-next v3 09/11] selftests: kselftest_harness: let PASS / FAIL provide diagnostic
Kees Cook
- [PATCH net-next v3 00/11] selftests: kselftest_harness: support using xfail
Kees Cook
- [PATCH 2/2] selftests/harness: Merge TEST_F_FORK() into TEST_F()
Kees Cook
- [PATCH] proc: allow restricting /proc/pid/mem writes
Kees Cook
- [PATCH] proc: allow restricting /proc/pid/mem writes
Kees Cook
- [PATCH] proc: allow restricting /proc/pid/mem writes
Kees Cook
- [PATCH v1 1/8] kunit: Run tests when the kernel is fully setup
Kees Cook
- [PATCH v1 2/8] kunit: Handle thread creation error
Kees Cook
- [PATCH v1 3/8] kunit: Fix kthread reference
Kees Cook
- [PATCH v1 4/8] kunit: Fix timeout message
Kees Cook
- [PATCH v1 5/8] kunit: Handle test faults
Kees Cook
- [PATCH v1 6/8] kunit: Fix KUNIT_SUCCESS() calls in iov_iter tests
Kees Cook
- [PATCH v1 7/8] kunit: Print last test location on fault
Kees Cook
- [PATCH v1 8/8] kunit: Add tests for faults
Kees Cook
- [PATCH v3 02/13] security: Introduce the digest_cache LSM
Randy Dunlap
- [RFC PATCH v13 17/20] ipe: enable support for fs-verity as a trust provider
Randy Dunlap
- [PATCH] proc: allow restricting /proc/pid/mem writes
Mike Frysinger
- [PATCH 4/5] evm: Use the real inode's metadata to calculate metadata hash
Amir Goldstein
- [PATCH 4/5] evm: Use the real inode's metadata to calculate metadata hash
Amir Goldstein
- [PATCH 1/5] security: allow finer granularity in permitting copy-up of security xattrs
Amir Goldstein
- [PATCH 4/5] evm: Use the real inode's metadata to calculate metadata hash
Amir Goldstein
- [PATCH 4/5] evm: Use the real inode's metadata to calculate metadata hash
Amir Goldstein
- [PATCH 4/5] evm: Use the real inode's metadata to calculate metadata hash
Amir Goldstein
- [PATCH v2 7/9] fs: Rename SB_I_EVM_UNSUPPORTED to SB_I_EVM_HMAC_UNSUPPORTED
Amir Goldstein
- [PATCH v2 2/9] security: allow finer granularity in permitting copy-up of security xattrs
Amir Goldstein
- [PATCH v2 9/9] ima: Record i_version of real_inode for change detection
Amir Goldstein
- [PATCH v2 1/9] ima: Rename backing_inode to real_inode
Amir Goldstein
- [PATCH v2 5/9] evm: Use the inode holding the metadata to calculate metadata hash
Amir Goldstein
- [PATCH v2 4/9] ima: Reset EVM status upon detecting changes to the real file
Amir Goldstein
- [PATCH v2 20/25] ovl: add fscaps handlers
Amir Goldstein
- [PATCH 2/13] Add TSEM specific documentation.
Dr. Greg
- [PATCH v5 0/6] DCP as trusted keys backend
David Gstir
- [PATCH 1/1] Modify macro NETLBL_CATMAP_MAPTYPE to define a type using typedef
George Guo
- [PATCH v2 1/1] netlabel: cleanup struct netlbl_lsm_catmap
George Guo
- [PATCH] LSM: Fix typos in security/security.c comment headers
Pairman Guo
- [PATCH v2 0/3] fs/exec: remove current->in_execve flag
Serge Hallyn
- smack: Possible NULL pointer deref in cred_free hook.
Serge E. Hallyn
- [PATCH v2 0/3] fs/exec: remove current->in_execve flag
Tetsuo Handa
- [PATCH v2 1/3] LSM: add security_execve_abort() hook
Tetsuo Handa
- [PATCH v2 2/3] tomoyo: replace current->in_execve flag with security_execve_abort() hook
Tetsuo Handa
- [PATCH v2 3/3] fs/exec: remove current->in_execve flag
Tetsuo Handa
- [PATCH v3 0/3] fs/exec: remove current->in_execve flag
Tetsuo Handa
- [PATCH v3 1/3] LSM: add security_execve_abort() hook
Tetsuo Handa
- [PATCH v3 2/3] tomoyo: replace current->in_execve flag with security_execve_abort() hook
Tetsuo Handa
- [PATCH v3 3/3] fs/exec: remove current->in_execve flag
Tetsuo Handa
- smack: Possible NULL pointer deref in cred_free hook.
Tetsuo Handa
- smack: Possible NULL pointer deref in cred_free hook.
Tetsuo Handa
- [PATCH v3 1/3] LSM: add security_execve_abort() hook
Tetsuo Handa
- [PATCH v2 1/3] LSM: add security_execve_abort() hook
Tetsuo Handa
- [PATCH v2 1/3] LSM: add security_execve_abort() hook
Tetsuo Handa
- smack: Possible NULL pointer deref in cred_free hook.
Tetsuo Handa
- [PATCH v3 1/3] LSM: add security_execve_abort() hook
Tetsuo Handa
- [RFC 4/5] sbm: fix up calls to dynamic memory allocators
Dave Hansen
- [RFC 4/5] sbm: fix up calls to dynamic memory allocators
Dave Hansen
- [PATCH] security: fix integer overflow in lsm_set_self_attr() syscall
Jann Horn
- [PATCH v39 00/42] LSM: General module stacking
John Johansen
- [RFC 0/9] Nginx refcount scalability issue with Apparmor enabled and potential solutions
John Johansen
- [PATCH 5.4,4.19] lsm: new security_file_ioctl_compat() hook
Greg KH
- [syzbot] [apparmor?] [ext4?] general protection fault in common_perm_cond
Jan Kara
- [PATCH 1/1] Modify macro NETLBL_CATMAP_MAPTYPE to define a type using typedef
Jakub Kicinski
- [PATCH net-next v3 00/11] selftests: kselftest_harness: support using xfail
Jakub Kicinski
- [PATCH net-next v3 01/11] selftests: kselftest_harness: pass step via shared memory
Jakub Kicinski
- [PATCH net-next v3 02/11] selftests: kselftest_harness: use KSFT_* exit codes
Jakub Kicinski
- [PATCH net-next v3 03/11] selftests: kselftest_harness: generate test name once
Jakub Kicinski
- [PATCH net-next v3 04/11] selftests: kselftest_harness: save full exit code in metadata
Jakub Kicinski
- [PATCH net-next v3 05/11] selftests: kselftest_harness: use exit code to store skip
Jakub Kicinski
- [PATCH net-next v3 06/11] selftests: kselftest: add ksft_test_result_code(), handling all exit codes
Jakub Kicinski
- [PATCH net-next v3 07/11] selftests: kselftest_harness: print test name for SKIP
Jakub Kicinski
- [PATCH net-next v3 08/11] selftests: kselftest_harness: separate diagnostic message with # in ksft_test_result_code()
Jakub Kicinski
- [PATCH net-next v3 09/11] selftests: kselftest_harness: let PASS / FAIL provide diagnostic
Jakub Kicinski
- [PATCH net-next v3 10/11] selftests: kselftest_harness: support using xfail
Jakub Kicinski
- [PATCH net-next v3 11/11] selftests: ip_local_port_range: use XFAIL instead of SKIP
Jakub Kicinski
- [PATCH net-next v3 00/11] selftests: kselftest_harness: support using xfail
Jakub Kicinski
- [PATCH net-next v3 00/11] selftests: kselftest_harness: support using xfail
Jakub Kicinski
- [PATCH v4 00/12] selftests: kselftest_harness: support using xfail
Jakub Kicinski
- [PATCH v4 01/12] selftests/landlock: Redefine TEST_F() as TEST_F_FORK()
Jakub Kicinski
- [PATCH v4 02/12] selftests/harness: Merge TEST_F_FORK() into TEST_F()
Jakub Kicinski
- [PATCH v4 03/12] selftests: kselftest_harness: use KSFT_* exit codes
Jakub Kicinski
- [PATCH v4 04/12] selftests: kselftest_harness: generate test name once
Jakub Kicinski
- [PATCH v4 05/12] selftests: kselftest_harness: save full exit code in metadata
Jakub Kicinski
- [PATCH v4 06/12] selftests: kselftest_harness: use exit code to store skip
Jakub Kicinski
- [PATCH v4 07/12] selftests: kselftest: add ksft_test_result_code(), handling all exit codes
Jakub Kicinski
- [PATCH v4 08/12] selftests: kselftest_harness: print test name for SKIP
Jakub Kicinski
- [PATCH v4 09/12] selftests: kselftest_harness: separate diagnostic message with # in ksft_test_result_code()
Jakub Kicinski
- [PATCH v4 10/12] selftests: kselftest_harness: let PASS / FAIL provide diagnostic
Jakub Kicinski
- [PATCH v4 11/12] selftests: kselftest_harness: support using xfail
Jakub Kicinski
- [PATCH v4 12/12] selftests: ip_local_port_range: use XFAIL instead of SKIP
Jakub Kicinski
- Calls to vfs_setlease() from NFSD code cause unnecessary CAP_LEASE security checks
Jeff Layton
- [PATCH v2 9/9] ima: Record i_version of real_inode for change detection
Jeff Layton
- [PATCH v4 12/12] selftests: ip_local_port_range: use XFAIL instead of SKIP
Xin Long
- [PATCH] security: fix no-op hook logic in security_inode_{set, remove}xattr()
Paul Moore
- [PATCH] security: fix no-op hook logic in security_inode_{set, remove}xattr()
Paul Moore
- [PATCH 1/1] Modify macro NETLBL_CATMAP_MAPTYPE to define a type using typedef
Paul Moore
- [PATCH RFC v12 5/20] initramfs|security: Add security hook to initramfs unpack
Paul Moore
- [PATCH RFC v12 6/20] ipe: introduce 'boot_verified' as a trust provider
Paul Moore
- [PATCH RFC v12 8/20] ipe: add userspace interface
Paul Moore
- [PATCH RFC v12 9/20] uapi|audit|ipe: add ipe auditing support
Paul Moore
- [PATCH RFC v12 10/20] ipe: add permissive toggle
Paul Moore
- [PATCH RFC v12 15/20] ipe: add support for dm-verity as a trust provider
Paul Moore
- [PATCH RFC v12 17/20] ipe: enable support for fs-verity as a trust provider
Paul Moore
- [PATCH v2 1/1] netlabel: cleanup struct netlbl_lsm_catmap
Paul Moore
- [PATCH 2/13] Add TSEM specific documentation.
Paul Moore
- [PATCH RFC v12 8/20] ipe: add userspace interface
Paul Moore
- [PATCH RFC v12 15/20] ipe: add support for dm-verity as a trust provider
Paul Moore
- [PATCH v3 1/3] LSM: add security_execve_abort() hook
Paul Moore
- ANN: moving lsm/dev to v6.8-rc3
Paul Moore
- [PATCH v2 1/3] LSM: add security_execve_abort() hook
Paul Moore
- [PATCH v3 1/3] LSM: add security_execve_abort() hook
Paul Moore
- [PATCH v2 1/3] LSM: add security_execve_abort() hook
Paul Moore
- [PATCH v2 1/3] LSM: add security_execve_abort() hook
Paul Moore
- [PATCH v2 1/3] LSM: add security_execve_abort() hook
Paul Moore
- [PATCH v9 0/25] security: Move IMA and EVM to the LSM infrastructure
Paul Moore
- [PATCH v9 1/25] ima: Align ima_inode_post_setattr() definition with LSM infrastructure
Paul Moore
- [PATCH v9 2/25] ima: Align ima_file_mprotect() definition with LSM infrastructure
Paul Moore
- [PATCH v9 3/25] ima: Align ima_inode_setxattr() definition with LSM infrastructure
Paul Moore
- [PATCH v9 4/25] ima: Align ima_inode_removexattr() definition with LSM infrastructure
Paul Moore
- [PATCH v9 5/25] ima: Align ima_post_read_file() definition with LSM infrastructure
Paul Moore
- [PATCH v9 6/25] evm: Align evm_inode_post_setattr() definition with LSM infrastructure
Paul Moore
- [PATCH v9 7/25] evm: Align evm_inode_setxattr() definition with LSM infrastructure
Paul Moore
- [PATCH v9 8/25] evm: Align evm_inode_post_setxattr() definition with LSM infrastructure
Paul Moore
- [PATCH v9 9/25] security: Align inode_setattr hook definition with EVM
Paul Moore
- [PATCH v9 10/25] security: Introduce inode_post_setattr hook
Paul Moore
- [PATCH v9 11/25] security: Introduce inode_post_removexattr hook
Paul Moore
- [PATCH v9 12/25] security: Introduce file_post_open hook
Paul Moore
- [PATCH v9 13/25] security: Introduce file_release hook
Paul Moore
- [PATCH v9 14/25] security: Introduce path_post_mknod hook
Paul Moore
- [PATCH v9 15/25] security: Introduce inode_post_create_tmpfile hook
Paul Moore
- [PATCH v9 16/25] security: Introduce inode_post_set_acl hook
Paul Moore
- [PATCH v9 17/25] security: Introduce inode_post_remove_acl hook
Paul Moore
- [PATCH v9 18/25] security: Introduce key_post_create_or_update hook
Paul Moore
- [PATCH v9 19/25] integrity: Move integrity_kernel_module_request() to IMA
Paul Moore
- [PATCH v9 20/25] ima: Move to LSM infrastructure
Paul Moore
- [PATCH v9 21/25] ima: Move IMA-Appraisal to LSM infrastructure
Paul Moore
- [PATCH v9 22/25] evm: Move to LSM infrastructure
Paul Moore
- [PATCH v9 23/25] evm: Make it independent from 'integrity' LSM
Paul Moore
- [PATCH v9 25/25] integrity: Remove LSM
Paul Moore
- [PATCH v9 0/25] security: Move IMA and EVM to the LSM infrastructure
Paul Moore
- [PATCH v9 19/25] integrity: Move integrity_kernel_module_request() to IMA
Paul Moore
- [PATCH v9 12/25] security: Introduce file_post_open hook
Paul Moore
- [PATCH v9 12/25] security: Introduce file_post_open hook
Paul Moore
- [PATCH] security: use default hook return value in call_int_hook()
Paul Moore
- [PATCH] security: use default hook return value in call_int_hook()
Paul Moore
- [PATCH] security: fix integer overflow in lsm_set_self_attr() syscall
Paul Moore
- smack: Possible NULL pointer deref in cred_free hook.
Paul Moore
- [PATCH v9 12/25] security: Introduce file_post_open hook
Paul Moore
- [PATCH v3 1/3] LSM: add security_execve_abort() hook
Paul Moore
- [PATCH] security: fix integer overflow in lsm_set_self_attr() syscall
Paul Moore
- [PATCH v9 12/25] security: Introduce file_post_open hook
Paul Moore
- [GIT PULL] lsm/lsm-pr-20240215
Paul Moore
- smack: Possible NULL pointer deref in cred_free hook.
Paul Moore
- [PATCH v3 1/3] LSM: add security_execve_abort() hook
Paul Moore
- smack: Possible NULL pointer deref in cred_free hook.
Paul Moore
- [PATCH v10 0/25] security: Move IMA and EVM to the LSM infrastructure
Paul Moore
- [PATCH v2 2/9] security: allow finer granularity in permitting copy-up of security xattrs
Paul Moore
- [PATCH v2 11/25] security: add hooks for set/get/remove of fscaps
Paul Moore
- [PATCH v2 12/25] selinux: add hooks for fscaps operations
Paul Moore
- [PATCH v2 15/25] security: call evm fscaps hooks from generic security hooks
Paul Moore
- [PATCH] LSM: Fix typos in security/security.c comment headers
Paul Moore
- [PATCH v2 12/25] selinux: add hooks for fscaps operations
Paul Moore
- [PATCH v2 15/25] security: call evm fscaps hooks from generic security hooks
Paul Moore
- [PATCH] security: use default hook return value in call_int_hook()
Paul Moore
- [PATCH 1/2] SELinux: Fix lsm_get_self_attr()
Paul Moore
- [PATCH 1/2] SELinux: Fix lsm_get_self_attr()
Paul Moore
- [PATCH 2/2] AppArmor: Fix lsm_get_self_attr()
Paul Moore
- [PATCH 1/2] SELinux: Fix lsm_get_self_attr()
Paul Moore
- [PATCH 2/2] AppArmor: Fix lsm_get_self_attr()
Paul Moore
- [PATCH net-next] netlabel: remove impossible return value in netlbl_bitmap_walk
Paul Moore
- [PATCH 2/2] AppArmor: Fix lsm_get_self_attr()
Paul Moore
- [PATCH 2/2] AppArmor: Fix lsm_get_self_attr()
Paul Moore
- [PATCH 2/2] AppArmor: Fix lsm_get_self_attr()
Paul Moore
- [GIT PULL] lsm/lsm-pr-20240227
Paul Moore
- Calls to vfs_setlease() from NFSD code cause unnecessary CAP_LEASE security checks
Ondrej Mosnacek
- Calls to vfs_setlease() from NFSD code cause unnecessary CAP_LEASE security checks
Ondrej Mosnacek
- Calls to vfs_setlease() from NFSD code cause unnecessary CAP_LEASE security checks
Ondrej Mosnacek
- [PATCH v9 0/8] Landlock: IOCTL support
Günther Noack
- [PATCH v9 1/8] landlock: Add IOCTL access right
Günther Noack
- [PATCH v9 2/8] selftests/landlock: Test IOCTL support
Günther Noack
- [PATCH v9 3/8] selftests/landlock: Test IOCTL with memfds
Günther Noack
- [PATCH v9 4/8] selftests/landlock: Test ioctl(2) and ftruncate(2) with open(O_PATH)
Günther Noack
- [PATCH v9 5/8] selftests/landlock: Test IOCTLs on named pipes
Günther Noack
- [PATCH v9 6/8] selftests/landlock: Check IOCTL restrictions for named UNIX domain sockets
Günther Noack
- [PATCH v9 7/8] samples/landlock: Add support for LANDLOCK_ACCESS_FS_IOCTL
Günther Noack
- [PATCH v9 8/8] landlock: Document IOCTL support
Günther Noack
- [PATCH v9 1/8] landlock: Add IOCTL access right
Günther Noack
- [PATCH v9 1/8] landlock: Add IOCTL access right
Günther Noack
- [PATCH v9 1/8] landlock: Add IOCTL access right
Günther Noack
- [PATCH v9 1/8] landlock: Add IOCTL access right
Günther Noack
- [PATCH v9 1/8] landlock: Add IOCTL access right
Günther Noack
- [PATCH] landlock: Warn once if a Landlock action is requested while disabled
Günther Noack
- [PATCH v2 1/2] landlock: Extend documentation for kernel support
Günther Noack
- [PATCH v9 1/8] landlock: Add IOCTL access right
Günther Noack
- [PATCH] apparmor: use kvfree_sensitive to free data->data
Fedor Pchelkin
- [PATCH net-next] netlabel: remove impossible return value in netlbl_bitmap_walk
Jiri Pirko
- [PATCH] proc: allow restricting /proc/pid/mem writes
Adrian Ratiu
- Re: [PATCH] proc: allow restricting /proc/pid/mem writes
Adrian Ratiu
- [ANNOUNCE] CFP: Linux Security Summit Europe 2024
Reshetova, Elena
- [PATCH] KEYS: encrypted: Add check for strsep
Jarkko Sakkinen
- [PATCH] KEYS: encrypted: Add check for strsep
Jarkko Sakkinen
- [PATCH v5 0/6] DCP as trusted keys backend
Jarkko Sakkinen
- [GIT PULL] Landlock fixes for v6.8-rc5
Mickaël Salaün
- [PATCH v9 1/8] landlock: Add IOCTL access right
Mickaël Salaün
- [PATCH v9 1/8] landlock: Add IOCTL access right
Mickaël Salaün
- [PATCH v9 1/8] landlock: Add IOCTL access right
Mickaël Salaün
- [PATCH v9 1/8] landlock: Add IOCTL access right
Mickaël Salaün
- [RFC PATCH] fs: Add vfs_masks_device_ioctl*() helpers
Mickaël Salaün
- [PATCH] landlock: Fix asymmetric private inodes referring
Mickaël Salaün
- [PATCH] landlock: Warn once if a Landlock action is requested while disabled
Mickaël Salaün
- [PATCH 1/2] SELinux: Fix lsm_get_self_attr()
Mickaël Salaün
- [PATCH 2/2] AppArmor: Fix lsm_get_self_attr()
Mickaël Salaün
- [PATCH 1/2] SELinux: Fix lsm_get_self_attr()
Mickaël Salaün
- [PATCH 1/2] SELinux: Fix lsm_get_self_attr()
Mickaël Salaün
- [PATCH 1/2] SELinux: Fix lsm_get_self_attr()
Mickaël Salaün
- [PATCH 1/2] SELinux: Fix lsm_get_self_attr()
Mickaël Salaün
- [PATCH 0/2] Merge TEST_F_FORK() into TEST_F()
Mickaël Salaün
- [PATCH 1/2] selftests/landlock: Redefine TEST_F() as TEST_F_FORK()
Mickaël Salaün
- [PATCH 2/2] selftests/harness: Merge TEST_F_FORK() into TEST_F()
Mickaël Salaün
- [PATCH net-next v3 00/11] selftests: kselftest_harness: support using xfail
Mickaël Salaün
- [PATCH] landlock: Warn once if a Landlock action is requested while disabled
Mickaël Salaün
- [PATCH] landlock: Warn once if a Landlock action is requested while disabled
Mickaël Salaün
- [PATCH 2/2] selftests/harness: Merge TEST_F_FORK() into TEST_F()
Mickaël Salaün
- [PATCH v2 1/2] landlock: Extend documentation for kernel support
Mickaël Salaün
- [PATCH v2 2/2] landlock: Warn once if a Landlock action is requested while disabled
Mickaël Salaün
- [PATCH 2/2] AppArmor: Fix lsm_get_self_attr()
Mickaël Salaün
- [PATCH v1 0/8] Run KUnit tests late and handle faults
Mickaël Salaün
- [PATCH v1 1/8] kunit: Run tests when the kernel is fully setup
Mickaël Salaün
- [PATCH v1 2/8] kunit: Handle thread creation error
Mickaël Salaün
- [PATCH v1 3/8] kunit: Fix kthread reference
Mickaël Salaün
- [PATCH v1 4/8] kunit: Fix timeout message
Mickaël Salaün
- [PATCH v1 5/8] kunit: Handle test faults
Mickaël Salaün
- [PATCH v1 6/8] kunit: Fix KUNIT_SUCCESS() calls in iov_iter tests
Mickaël Salaün
- [PATCH v1 7/8] kunit: Print last test location on fault
Mickaël Salaün
- [PATCH v1 8/8] kunit: Add tests for faults
Mickaël Salaün
- [GIT PULL] Landlock fixes for v6.8-rc7
Mickaël Salaün
- [PATCH v9 0/25] security: Move IMA and EVM to the LSM infrastructure
Roberto Sassu
- [PATCH v9 12/25] security: Introduce file_post_open hook
Roberto Sassu
- [PATCH v9 12/25] security: Introduce file_post_open hook
Roberto Sassu
- [PATCH v3 00/13] security: digest_cache LSM
Roberto Sassu
- [PATCH v3 01/13] lib: Add TLV parser
Roberto Sassu
- [PATCH v3 02/13] security: Introduce the digest_cache LSM
Roberto Sassu
- [PATCH v3 03/13] digest_cache: Add securityfs interface
Roberto Sassu
- [PATCH v3 04/13] digest_cache: Add hash tables and operations
Roberto Sassu
- [PATCH v3 05/13] digest_cache: Populate the digest cache from a digest list
Roberto Sassu
- [PATCH v3 06/13] digest_cache: Parse tlv digest lists
Roberto Sassu
- [PATCH v3 07/13] digest_cache: Parse rpm digest lists
Roberto Sassu
- [PATCH v3 08/13] digest_cache: Add management of verification data
Roberto Sassu
- [PATCH v3 09/13] digest_cache: Add support for directories
Roberto Sassu
- [PATCH v3 10/13] digest cache: Prefetch digest lists if requested
Roberto Sassu
- [PATCH v3 11/13] digest_cache: Reset digest cache on file/directory change
Roberto Sassu
- [PATCH v3 12/13] selftests/digest_cache: Add selftests for digest_cache LSM
Roberto Sassu
- [PATCH v3 13/13] docs: Add documentation of the digest_cache LSM
Roberto Sassu
- [PATCH v3 02/13] security: Introduce the digest_cache LSM
Roberto Sassu
- [PATCH v9 19/25] integrity: Move integrity_kernel_module_request() to IMA
Roberto Sassu
- [PATCH v9 12/25] security: Introduce file_post_open hook
Roberto Sassu
- [RFC][PATCH 0/8] ima: Integrate with digest_cache LSM
Roberto Sassu
- [RFC][PATCH 1/8] ima: Introduce hook DIGEST_LIST_CHECK
Roberto Sassu
- [RFC][PATCH 2/8] ima: Nest iint mutex for DIGEST_LIST_CHECK hook
Roberto Sassu
- [RFC][PATCH 3/8] ima: Add digest_cache policy keyword
Roberto Sassu
- [RFC][PATCH 4/8] ima: Add digest_cache_measure and digest_cache_appraise boot-time policies
Roberto Sassu
- [RFC][PATCH 5/8] ima: Record IMA verification result of digest lists in digest cache
Roberto Sassu
- [RFC][PATCH 6/8] ima: Use digest cache for measurement
Roberto Sassu
- [RFC][PATCH 7/8] ima: Use digest cache for appraisal
Roberto Sassu
- [RFC][PATCH 8/8] ima: Detect if digest cache changed since last measurement/appraisal
Roberto Sassu
- [PATCH v1 5/5] sbm: SandBox Mode documentation
Roberto Sassu
- [PATCH v9 19/25] integrity: Move integrity_kernel_module_request() to IMA
Roberto Sassu
- [PATCH v10 00/25] security: Move IMA and EVM to the LSM infrastructure
Roberto Sassu
- [PATCH v10 01/25] ima: Align ima_inode_post_setattr() definition with LSM infrastructure
Roberto Sassu
- [PATCH v10 02/25] ima: Align ima_file_mprotect() definition with LSM infrastructure
Roberto Sassu
- [PATCH v10 03/25] ima: Align ima_inode_setxattr() definition with LSM infrastructure
Roberto Sassu
- [PATCH v10 04/25] ima: Align ima_inode_removexattr() definition with LSM infrastructure
Roberto Sassu
- [PATCH v10 05/25] ima: Align ima_post_read_file() definition with LSM infrastructure
Roberto Sassu
- [PATCH v10 06/25] evm: Align evm_inode_post_setattr() definition with LSM infrastructure
Roberto Sassu
- [PATCH v10 07/25] evm: Align evm_inode_setxattr() definition with LSM infrastructure
Roberto Sassu
- [PATCH v10 08/25] evm: Align evm_inode_post_setxattr() definition with LSM infrastructure
Roberto Sassu
- [PATCH v10 09/25] security: Align inode_setattr hook definition with EVM
Roberto Sassu
- [PATCH v10 10/25] security: Introduce inode_post_setattr hook
Roberto Sassu
- [PATCH v10 11/25] security: Introduce inode_post_removexattr hook
Roberto Sassu
- [PATCH v10 12/25] security: Introduce file_post_open hook
Roberto Sassu
- [PATCH v10 13/25] security: Introduce file_release hook
Roberto Sassu
- [PATCH v10 14/25] security: Introduce path_post_mknod hook
Roberto Sassu
- [PATCH v10 15/25] security: Introduce inode_post_create_tmpfile hook
Roberto Sassu
- [PATCH v10 16/25] security: Introduce inode_post_set_acl hook
Roberto Sassu
- [PATCH v10 17/25] security: Introduce inode_post_remove_acl hook
Roberto Sassu
- [PATCH v10 18/25] security: Introduce key_post_create_or_update hook
Roberto Sassu
- [PATCH v10 19/25] integrity: Move integrity_kernel_module_request() to IMA
Roberto Sassu
- [PATCH v10 20/25] ima: Move to LSM infrastructure
Roberto Sassu
- [PATCH v10 21/25] ima: Move IMA-Appraisal to LSM infrastructure
Roberto Sassu
- [PATCH v10 22/25] evm: Move to LSM infrastructure
Roberto Sassu
- [PATCH v10 23/25] evm: Make it independent from 'integrity' LSM
Roberto Sassu
- [PATCH v10 24/25] ima: Make it independent from 'integrity' LSM
Roberto Sassu
- [PATCH v10 25/25] integrity: Remove LSM
Roberto Sassu
- [PATCH v10 19/25] integrity: Move integrity_kernel_module_request() to IMA
Roberto Sassu
- [PATCH v10 0/25] security: Move IMA and EVM to the LSM infrastructure
Roberto Sassu
- [RFC 0/8] PGP key parser using SandBox Mode
Roberto Sassu
- [syzbot] [integrity?] [lsm?] KMSAN: uninit-value in ima_add_template_entry
Roberto Sassu
- [PATCH v3 00/13] security: digest_cache LSM
Roberto Sassu
- Starting to work on liblsm
Casey Schaufler
- [PATCH] security: fix no-op hook logic in security_inode_{set,remove}xattr()
Casey Schaufler
- smack: Possible NULL pointer deref in cred_free hook.
Casey Schaufler
- smack: Possible NULL pointer deref in cred_free hook.
Casey Schaufler
- [PATCH] security: use default hook return value in call_int_hook()
Casey Schaufler
- [PATCH] security: fix integer overflow in lsm_set_self_attr() syscall
Casey Schaufler
- smack: Possible NULL pointer deref in cred_free hook.
Casey Schaufler
- smack: Possible NULL pointer deref in cred_free hook.
Casey Schaufler
- smack: Possible NULL pointer deref in cred_free hook.
Casey Schaufler
- smack: Possible NULL pointer deref in cred_free hook.
Casey Schaufler
- [PATCH v2 13/25] smack: add hooks for fscaps operations
Casey Schaufler
- [PATCH net-next] netlabel: remove impossible return value in netlbl_bitmap_walk
Zhengchao Shao
- [PATCH v9 0/4] Reduce overhead of LSMs with static calls
KP Singh
- [PATCH v9 1/4] kernel: Add helper macros for loop unrolling
KP Singh
- [PATCH v9 2/4] security: Count the LSMs enabled at compile time
KP Singh
- [PATCH v9 3/4] security: Replace indirect LSM hook calls with static calls
KP Singh
- [PATCH v9 4/4] bpf: Only enable BPF LSM hooks when an LSM program is attached
KP Singh
- [PATCH v4 12/12] selftests: ip_local_port_range: use XFAIL instead of SKIP
Jakub Sitnicki
- [RFC PATCH v12 12/20] dm verity: set DM_TARGET_SINGLETON feature flag
Mike Snitzer
- [PATCH v10 00/25] security: Move IMA and EVM to the LSM infrastructure
Eric Snowberg
- [RFC 0/5] PoC: convert AppArmor parser to SandBox Mode
Petr Tesarik
- [RFC 1/5] sbm: x86: fix SBM error entry path
Petr Tesarik
- [RFC 2/5] sbm: enhance buffer mapping API
Petr Tesarik
- [RFC 3/5] sbm: x86: infrastructure to fix up sandbox faults
Petr Tesarik
- [RFC 4/5] sbm: fix up calls to dynamic memory allocators
Petr Tesarik
- [RFC 5/5] apparmor: parse profiles in sandbox mode
Petr Tesarik
- [RFC 4/5] sbm: fix up calls to dynamic memory allocators
Petr Tesařík
- [PATCH v2 1/3] LSM: add security_execve_abort() hook
Linus Torvalds
- [RFC 0/9] Nginx refcount scalability issue with Apparmor enabled and potential solutions
Neeraj Upadhyay
- [PATCH v5 0/6] DCP as trusted keys backend
Richard Weinberger
- [PATCH v5 0/6] DCP as trusted keys backend
Richard Weinberger
- [RFC PATCH v12 12/20] dm verity: set DM_TARGET_SINGLETON feature flag
Fan Wu
- [PATCH RFC v12 5/20] initramfs|security: Add security hook to initramfs unpack
Fan Wu
- [PATCH RFC v12 6/20] ipe: introduce 'boot_verified' as a trust provider
Fan Wu
- [PATCH RFC v12 8/20] ipe: add userspace interface
Fan Wu
- [PATCH RFC v12 15/20] ipe: add support for dm-verity as a trust provider
Fan Wu
- [PATCH RFC v12 8/20] ipe: add userspace interface
Fan Wu
- [RFC PATCH v13 00/20] Integrity Policy Enforcement LSM (IPE)
Fan Wu
- [RFC PATCH v13 01/20] security: add ipe lsm
Fan Wu
- [RFC PATCH v13 02/20] ipe: add policy parser
Fan Wu
- [RFC PATCH v13 03/20] ipe: add evaluation loop
Fan Wu
- [RFC PATCH v13 04/20] ipe: add LSM hooks on execution and kernel read
Fan Wu
- [RFC PATCH v13 05/20] initramfs|security: Add a security hook to do_populate_rootfs()
Fan Wu
- [RFC PATCH v13 06/20] ipe: introduce 'boot_verified' as a trust provider
Fan Wu
- [RFC PATCH v13 07/20] security: add new securityfs delete function
Fan Wu
- [RFC PATCH v13 08/20] ipe: add userspace interface
Fan Wu
- [RFC PATCH v13 09/20] uapi|audit|ipe: add ipe auditing support
Fan Wu
- [RFC PATCH v13 10/20] ipe: add permissive toggle
Fan Wu
- [RFC PATCH v13 11/20] block|security: add LSM blob to block_device
Fan Wu
- [RFC PATCH v13 12/20] dm verity: set DM_TARGET_SINGLETON feature flag
Fan Wu
- [RFC PATCH v13 13/20] dm: add finalize hook to target_type
Fan Wu
- [RFC PATCH v13 14/20] dm verity: consume root hash digest and signature data via LSM hook
Fan Wu
- [RFC PATCH v13 15/20] ipe: add support for dm-verity as a trust provider
Fan Wu
- [RFC PATCH v13 16/20] fsverity: consume builtin signature via LSM hook
Fan Wu
- [RFC PATCH v13 17/20] ipe: enable support for fs-verity as a trust provider
Fan Wu
- [RFC PATCH v13 18/20] scripts: add boot policy generation program
Fan Wu
- [RFC PATCH v13 19/20] ipe: kunit test for parser
Fan Wu
- [RFC PATCH v13 20/20] documentation: add ipe documentation
Fan Wu
- [RFC PATCH v13 17/20] ipe: enable support for fs-verity as a trust provider
Fan Wu
- [RFC PATCH v13 17/20] ipe: enable support for fs-verity as a trust provider
Fan Wu
- [PATCH v2] integrity: eliminate unnecessary "Problem loading X.509 certificate" msg
Coiby Xu
- [PATCH 5/5] evm: Enforce signatures on unsupported filesystem for EVM_INIT_X509
Mimi Zohar
- [PATCH] KEYS: encrypted: Add check for strsep
Mimi Zohar
- [PATCH v9 12/25] security: Introduce file_post_open hook
Mimi Zohar
- [PATCH v9 12/25] security: Introduce file_post_open hook
Mimi Zohar
- [PATCH v9 12/25] security: Introduce file_post_open hook
Mimi Zohar
- [PATCH v10 19/25] integrity: Move integrity_kernel_module_request() to IMA
Mimi Zohar
- [PATCH v2] integrity: eliminate unnecessary "Problem loading X.509 certificate" msg
Mimi Zohar
- [PATCH bpf-next] bpf: minor clean-up to sleepable_lsm_hooks BTF set
patchwork-bot+netdevbpf at kernel.org
- [PATCH v2 1/1] netlabel: cleanup struct netlbl_lsm_catmap
patchwork-bot+netdevbpf at kernel.org
- [PATCH net-next] netlabel: remove impossible return value in netlbl_bitmap_walk
patchwork-bot+netdevbpf at kernel.org
- [GIT PULL] lsm/lsm-pr-20240131
pr-tracker-bot at kernel.org
- [GIT PULL] Landlock fixes for v6.8-rc5
pr-tracker-bot at kernel.org
- [GIT PULL] lsm/lsm-pr-20240215
pr-tracker-bot at kernel.org
- [GIT PULL] lsm/lsm-pr-20240227
pr-tracker-bot at kernel.org
- [GIT PULL] Landlock fixes for v6.8-rc7
pr-tracker-bot at kernel.org
- [PATCH v2 2/3] tomoyo: replace current->in_execve flag with security_execve_abort() hook
kernel test robot
- [PATCH v2 4/9] ima: Reset EVM status upon detecting changes to the real file
kernel test robot
- [PATCH v2 5/9] evm: Use the inode holding the metadata to calculate metadata hash
kernel test robot
- [PATCH v2 4/9] ima: Reset EVM status upon detecting changes to the real file
kernel test robot
- [syzbot] [apparmor?] [ext4?] general protection fault in common_perm_cond
syzbot
- [syzbot] [integrity?] [lsm?] KMSAN: uninit-value in ima_add_template_entry
syzbot
- [syzbot] [keyrings?] [lsm?] KASAN: slab-out-of-bounds Read in key_task_permission (2)
syzbot
- [syzbot] [lsm?] [reiserfs?] general protection fault in fsnotify_perm
syzbot
Last message date:
Thu Feb 29 23:25:46 UTC 2024
Archived on: Thu Feb 29 23:26:19 UTC 2024
This archive was generated by
Pipermail 0.09 (Mailman edition).