May 2026 Archives by date
Starting: Fri May 1 01:51:00 UTC 2026
Ending: Sun May 31 17:04:50 UTC 2026
Messages: 654
- [PATCH] ima: debugging late_initcall_sync measurements
Mimi Zohar
- [PATCH bpf-next 1/2] bpf: add bpf_init_inode_xattr kfunc for atomic inode labeling
David Windsor
- [PATCH ported/repost v2] security,fs,nfs,net: update security_inode_listsecurity() interface
Paul Moore
- [PATCH] ima: debugging late_initcall_sync measurements
David Safford
- [PATCH] lockdown: remove useless decrement operation
Kalevi Kolttonen
- [GIT PULL] selinux/selinux-pr-20260501
Paul Moore
- [GIT PULL] selinux/selinux-pr-20260501
pr-tracker-bot at kernel.org
- [PATCH v4 0/7] landlock: Add UDP access control support
Matthieu Buffet
- [PATCH v4 1/7] landlock: Add UDP bind() access control
Matthieu Buffet
- [PATCH v4 2/7] landlock: Add UDP connect() access control
Matthieu Buffet
- [PATCH v4 3/7] landlock: Add UDP send access control
Matthieu Buffet
- [PATCH v4 4/7] selftests/landlock: Add UDP bind/connect tests
Matthieu Buffet
- [PATCH v4 5/7] selftests/landlock: Add tests for sendmsg()
Matthieu Buffet
- [PATCH v4 6/7] samples/landlock: Add sandboxer UDP access control
Matthieu Buffet
- [PATCH v4 7/7] landlock: Add documentation for UDP support
Matthieu Buffet
- [PATCH 1/3] apparmor: Fix return in ns_mkdir_op
Hongling Zeng
- [PATCH] ima: debugging late_initcall_sync measurements
Mimi Zohar
- [PATCH] ima: debugging late_initcall_sync measurements
Mimi Zohar
- [PATCH] ima: debugging late_initcall_sync measurements
Paul Moore
- [PATCH v2 1/2] bpf: add bpf_init_inode_xattr kfunc for atomic inode labeling
David Windsor
- [PATCH RESEND] keys: use kmalloc_flex in user_preparse
Thorsten Blum
- [PATCH] ima: debugging late_initcall_sync measurements
Mimi Zohar
- [PATCH v5 09/13] ima: Add support for staging measurements with prompt
Roberto Sassu
- [PATCH 1/3] apparmor: Fix return in ns_mkdir_op
Ryan Lee
- [PATCH v2 1/2] bpf: add bpf_init_inode_xattr kfunc for atomic inode labeling
Paul Moore
- [PATCH] ima: debugging late_initcall_sync measurements
Paul Moore
- [PATCH v2 1/2] bpf: add bpf_init_inode_xattr kfunc for atomic inode labeling
Song Liu
- [PATCH v2 0/4] Firmware LSM hook
Paul Moore
- [PATCH v2 1/2] bpf: add bpf_init_inode_xattr kfunc for atomic inode labeling
Paul Moore
- [PATCH v2 1/2] bpf: add bpf_init_inode_xattr kfunc for atomic inode labeling
Song Liu
- [v6 10/10] ipe: Add BPF program load policy enforcement via Hornet integration
Fan Wu
- [PATCH v2 1/2] bpf: add bpf_init_inode_xattr kfunc for atomic inode labeling
David Windsor
- [PATCH v2 1/2] bpf: add bpf_init_inode_xattr kfunc for atomic inode labeling
Paul Moore
- [PATCH v2 1/2] bpf: add bpf_init_inode_xattr kfunc for atomic inode labeling
Paul Moore
- [PATCH v2 1/2] bpf: add bpf_init_inode_xattr kfunc for atomic inode labeling
Song Liu
- [PATCH v5 00/14] module: Introduce hash-based integrity checking
Thomas Weißschuh
- [PATCH v5 01/14] kbuild: generate module BTF based on vmlinux.unstripped
Thomas Weißschuh
- [PATCH v5 02/14] lockdown: Make the relationship to MODULE_SIG a dependency
Thomas Weißschuh
- [PATCH v5 03/14] kbuild: rename the strip_relocs command
Thomas Weißschuh
- [PATCH v5 04/14] module: Drop pointless debugging message
Thomas Weißschuh
- [PATCH v5 05/14] module: Make mod_verify_sig() static
Thomas Weißschuh
- [PATCH v5 06/14] module: Switch load_info::len to size_t
Thomas Weißschuh
- [PATCH v5 07/14] module: Make module authentication usable without MODULE_SIG
Thomas Weißschuh
- [PATCH v5 08/14] module: Move authentication logic into dedicated new file
Thomas Weißschuh
- [PATCH v5 09/14] module: Move signature type check out of mod_check_sig()
Thomas Weißschuh
- [PATCH v5 10/14] module: Prepare for additional module authentication mechanisms
Thomas Weißschuh
- [PATCH v5 11/14] module: update timestamp of modules.order after modules are built
Thomas Weißschuh
- [PATCH v5 12/14] module: Introduce hash-based integrity checking
Thomas Weißschuh
- [PATCH v5 13/14] kbuild: move handling of module stripping to Makefile.lib
Thomas Weißschuh
- [PATCH v5 14/14] kbuild: make CONFIG_MODULE_HASHES compatible with module stripping
Thomas Weißschuh
- [PATCH] lockdown: remove useless decrement operation
Nicolas Bouchinet
- [PATCH] lockdown: remove useless decrement operation
Nicolas Bouchinet
- [RFC PATCH 0/3] initalise ff-a after finalising pKVM
Yeoreum Yun
- [RFC PATCH 1/3] arm64: KVM: defer kvm_init() to finalise_pkvm() when pKVM is enabled
Yeoreum Yun
- [RFC PATCH 2/3] firmware: arm_ffa: initialise ff-a after finalising pKVM initialisation
Yeoreum Yun
- [RFC PATCH 3/3] security: integrity: call load_uefi_certs() at late_initcall_sync
Yeoreum Yun
- [RFC PATCH 0/3] initalise ff-a after finalising pKVM
Ben Horgan
- [RFC PATCH 0/3] initalise ff-a after finalising pKVM
Yeoreum Yun
- [RFC PATCH 0/3] initalise ff-a after finalising pKVM
Yeoreum Yun
- [RFC PATCH 0/3] initalise ff-a after finalising pKVM
Ben Horgan
- [RFC PATCH 0/3] initalise ff-a after finalising pKVM
Yeoreum Yun
- [PATCH v2 1/2] bpf: add bpf_init_inode_xattr kfunc for atomic inode labeling
Paul Moore
- [RFC PATCH 2/3] firmware: arm_ffa: initialise ff-a after finalising pKVM initialisation
Sudeep Holla
- [RFC PATCH 2/3] firmware: arm_ffa: initialise ff-a after finalising pKVM initialisation
Yeoreum Yun
- [PATCH 02/14] security/Kconfig.hardening: Remove tautological condition from CC_HAS_ZERO_CALL_USED_REGS
Nicolas Schier
- [PATCH 03/14] security/Kconfig.hardening: Remove tautological condition from FORTIFY_SOURCE
Nicolas Schier
- [PATCH 04/14] security/Kconfig.hardening: Remove tautological condition from CC_HAS_RANDSTRUCT
Nicolas Schier
- [RFC PATCH 2/3] firmware: arm_ffa: initialise ff-a after finalising pKVM initialisation
Sudeep Holla
- [RFC PATCH 2/3] firmware: arm_ffa: initialise ff-a after finalising pKVM initialisation
Yeoreum Yun
- [PATCH v5 11/13] ima: Support staging and deleting N measurements entries
steven chen
- [PATCH] ima: debugging late_initcall_sync measurements
Mimi Zohar
- [PATCH] ima: debugging late_initcall_sync measurements
Paul Moore
- [PATCH] ima: debugging late_initcall_sync measurements
Mimi Zohar
- [PATCH] ima: debugging late_initcall_sync measurements
Paul Moore
- [PATCH] Documentation: fix typo and formattting in security/credentials.rst
Mayank Gite
- [PATCH] ima: debugging late_initcall_sync measurements
Yeoreum Yun
- [PATCH] ima: debugging late_initcall_sync measurements
Yeoreum Yun
- [RFC PATCH 2/3] firmware: arm_ffa: initialise ff-a after finalising pKVM initialisation
Sudeep Holla
- [RFC PATCH 2/3] firmware: arm_ffa: initialise ff-a after finalising pKVM initialisation
Sudeep Holla
- [RFC PATCH 2/3] firmware: arm_ffa: initialise ff-a after finalising pKVM initialisation
Yeoreum Yun
- [RFC PATCH 1/3] arm64: KVM: defer kvm_init() to finalise_pkvm() when pKVM is enabled
Sudeep Holla
- [RFC PATCH 2/3] firmware: arm_ffa: initialise ff-a after finalising pKVM initialisation
Sudeep Holla
- [RFC PATCH 2/3] firmware: arm_ffa: initialise ff-a after finalising pKVM initialisation
Yeoreum Yun
- [RFC PATCH 2/3] firmware: arm_ffa: initialise ff-a after finalising pKVM initialisation
Yeoreum Yun
- [RFC PATCH 2/3] firmware: arm_ffa: initialise ff-a after finalising pKVM initialisation
Sudeep Holla
- [PATCH] ima: debugging late_initcall_sync measurements
Mimi Zohar
- [PATCH] ima: debugging late_initcall_sync measurements
Yeoreum Yun
- [PATCH v4 0/7] landlock: Add UDP access control support
Günther Noack
- [PATCH] Documentation: fix typo and formattting in security/credentials.rst
Randy Dunlap
- [PATCH] rust: cred: add safe abstractions for capable() and ns_capable()
Arnav Sharma
- [PATCH] Documentation: fix typo and formattting in security/credentials.rst
Mayank Gite
- [PATCH] Documentation: fix typo and formattting in security/credentials.rst
Randy Dunlap
- [PATCH] ima: debugging late_initcall_sync measurements
Mimi Zohar
- [PATCH] ima: debugging late_initcall_sync measurements
Mimi Zohar
- [PATCH] ima: debugging late_initcall_sync measurements
Yeoreum Yun
- [PATCH] rust: cred: add safe abstractions for capable() and ns_capable()
Onur Özkan
- [PATCH] rust: cred: add safe abstractions for capable() and ns_capable()
Alice Ryhl
- [PATCH] ima: debugging late_initcall_sync measurements
Roberto Sassu
- [PATCH] lockdown: remove useless decrement operation
Xiu Jianfeng
- [PATCH v3 0/2] Delete task_euid()
Alice Ryhl
- [PATCH v3 1/2] rust: task: clarify comments on task UID accessors
Alice Ryhl
- [PATCH v3 2/2] cred: delete task_euid()
Alice Ryhl
- [PATCH v3 1/2] rust: task: clarify comments on task UID accessors
Gary Guo
- [PATCH] ima: debugging late_initcall_sync measurements
Mimi Zohar
- [PATCH v3 1/2] rust: task: clarify comments on task UID accessors
Alice Ryhl
- [PATCH] ima: debugging late_initcall_sync measurements
Yeoreum Yun
- [PATCH] ima: debugging late_initcall_sync measurements
Mimi Zohar
- [PATCH v5 00/13] ima: Introduce staging mechanism
steven chen
- [PATCH] Documentation: fix typo and formattting in security/credentials.rst
John Doe
- [PATCH] Documentation: fix typo and formattting in security/credentials.rst
Jonathan Corbet
- [PATCH v7 00/10] Reintroduce Hornet LSM
Blaise Boscaccy
- [PATCH v7 01/10] crypto: pkcs7: add flag for validated trust on a signed info block
Blaise Boscaccy
- [PATCH v7 02/10] crypto: pkcs7: add ability to extract signed attributes by OID
Blaise Boscaccy
- [PATCH v7 03/10] crypto: pkcs7: add tests for pkcs7_get_authattr
Blaise Boscaccy
- [PATCH v7 04/10] lsm: framework for BPF integrity verification
Blaise Boscaccy
- [PATCH v7 05/10] lsm: security: Add additional enum values for bpf integrity checks
Blaise Boscaccy
- [PATCH v7 06/10] security: Hornet LSM
Blaise Boscaccy
- [PATCH v7 07/10] hornet: Introduce gen_sig
Blaise Boscaccy
- [PATCH v7 08/10] hornet: Add a light skeleton data extractor scripts
Blaise Boscaccy
- [PATCH v7 09/10] selftests/hornet: Add a selftest for the Hornet LSM
Blaise Boscaccy
- [PATCH v7 10/10] ipe: Add BPF program load policy enforcement via Hornet integration
Blaise Boscaccy
- [v6 00/10] Reintroduce Hornet LSM
Paul Moore
- [PATCH] Documentation: fix typo and formattting in security/credentials.rst
Mayank Gite
- [PATCH] ima: debugging late_initcall_sync measurements
Yeoreum Yun
- [PATCH v7 00/10] Reintroduce Hornet LSM
Paul Moore
- [PATCH] ima: debugging late_initcall_sync measurements
Mimi Zohar
- [PATCH v7 00/10] Reintroduce Hornet LSM
Eric Biggers
- [PATCH v4 0/7] landlock: Add UDP access control support
Matthieu Buffet
- [GIT PULL] selinux/selinux-pr-20260507
Paul Moore
- [PATCH v7 00/10] Reintroduce Hornet LSM
Paul Moore
- [GIT PULL] selinux/selinux-pr-20260507
pr-tracker-bot at kernel.org
- [PATCH] ima: debugging late_initcall_sync measurements
Yeoreum Yun
- [PATCH] ima: debugging late_initcall_sync measurements
Mimi Zohar
- [RFC PATCH v4 01/19] landlock: Support socket access-control
Mickaël Salaün
- [PATCH] ima: debugging late_initcall_sync measurements
Yeoreum Yun
- [RFC PATCH v1 11/11] landlock: Add documentation for capability and namespace restrictions
Günther Noack
- [RFC PATCH v1 05/11] landlock: Enforce namespace entry restrictions
Günther Noack
- [RFC PATCH v1 06/11] landlock: Enforce capability restrictions
Günther Noack
- [PATCH 0/4] firmware: arm_ffa: Move core init to platform driver probe
Sudeep Holla
- [PATCH 1/4] Revert "firmware: arm_ffa: Change initcall level of ffa_init() to rootfs_initcall"
Sudeep Holla
- [PATCH 2/4] firmware: arm_ffa: Register core as a platform driver
Sudeep Holla
- [PATCH 3/4] firmware: arm_ffa: Set the core device as FF-A device parent
Sudeep Holla
- [PATCH 4/4] firmware: arm_ffa: Defer probe until pKVM is initialized
Sudeep Holla
- [RFC PATCH 0/3] initalise ff-a after finalising pKVM
Sudeep Holla
- [RFC PATCH v3 4/4] Revert "firmware: arm_ffa: Change initcall level of ffa_init() to rootfs_initcall"
Sudeep Holla
- [v6 00/10] Reintroduce Hornet LSM
Blaise Boscaccy
- [PATCH v7 10/10] ipe: Add BPF program load policy enforcement via Hornet integration
Fan Wu
- [PATCH 2/4] firmware: arm_ffa: Register core as a platform driver
Yeoreum Yun
- [PATCH 3/4] firmware: arm_ffa: Set the core device as FF-A device parent
Yeoreum Yun
- [PATCH 4/4] firmware: arm_ffa: Defer probe until pKVM is initialized
Yeoreum Yun
- [PATCH v2 1/7] lsm: Add granular mount hooks to replace security_sb_mount
Paul Moore
- [PATCH v2 1/7] lsm: Add granular mount hooks to replace security_sb_mount
Song Liu
- [PATCH v2 1/7] lsm: Add granular mount hooks to replace security_sb_mount
Paul Moore
- [PATCH v2 1/7] lsm: Add granular mount hooks to replace security_sb_mount
Song Liu
- [PATCH v3 0/7] lsm: Replace security_sb_mount with granular mount hooks
Song Liu
- [PATCH v3 1/7] lsm: Add granular mount hooks to replace security_sb_mount
Song Liu
- [PATCH v3 2/7] apparmor: Remove redundant MS_MGC_MSK stripping in apparmor_sb_mount
Song Liu
- [PATCH v3 3/7] apparmor: Convert from sb_mount to granular mount hooks
Song Liu
- [PATCH v3 4/7] selinux: Convert from sb_mount to granular mount hooks
Song Liu
- [PATCH v3 5/7] landlock: Convert from sb_mount to granular mount hooks
Song Liu
- [PATCH v3 6/7] tomoyo: Convert from sb_mount to granular mount hooks
Song Liu
- [PATCH v3 7/7] lsm: Remove security_sb_mount and security_move_mount
Song Liu
- [PATCH RESEND] keys: use kmalloc_flex in user_preparse
Jarkko Sakkinen
- [PATCH 0/3] security, sched: Expand task_setscheduler LSM hook and related fixes
Aaron Tomlin
- [PATCH 1/3] cgroup/cpuset: Fix deadline bandwidth leak in cpuset_can_attach()
Aaron Tomlin
- [PATCH 2/3] security: Expand task_setscheduler LSM hook to include CPU affinity mask
Aaron Tomlin
- [PATCH 3/3] mips: sched: Fix CPUMASK_OFFSTACK memory corruption
Aaron Tomlin
- [PATCH v2 0/3] security, sched: Expand task_setscheduler LSM hook and related fixes
Aaron Tomlin
- [PATCH v2 0/3] security, sched: Expand task_setscheduler LSM hook and related fixes
Aaron Tomlin
- [PATCH v2 1/3] cgroup/cpuset: Fix deadline bandwidth leak in cpuset_can_attach()
Aaron Tomlin
- [PATCH v2 2/3] security: Expand task_setscheduler LSM hook to include CPU affinity mask
Aaron Tomlin
- [PATCH v2 3/3] mips: sched: Fix CPUMASK_OFFSTACK memory corruption
Aaron Tomlin
- [syzbot] Monthly lsm report (Apr 2026)
Jarkko Sakkinen
- [BUG] lsm= with bpf before selinux breaks fscreate with EINVAL
Vitaly Chikunov
- [PATCH v2 1/2] bpf: add bpf_init_inode_xattr kfunc for atomic inode labeling
bot+bpf-ci at kernel.org
- [PATCH 0/2] smack: fix incorrect task context in smack_msg_queue_msgrcv
Konstantin Andreev
- [PATCH 1/2] smack: fix incorrect task context in smack_msg_queue_msgrcv
Konstantin Andreev
- [PATCH 2/2] smack: show msgrcv() subject task in audit
Konstantin Andreev
- [PATCH 1/3] cgroup/cpuset: Fix deadline bandwidth leak in cpuset_can_attach()
Waiman Long
- [PATCH v5 00/13] ima: Introduce staging mechanism
Lakshmi Ramasubramanian
- [PATCH 1/3] cgroup/cpuset: Fix deadline bandwidth leak in cpuset_can_attach()
Waiman Long
- [PATCH v3 2/7] apparmor: Remove redundant MS_MGC_MSK stripping in apparmor_sb_mount
Paul Moore
- [PATCH v3 3/7] apparmor: Convert from sb_mount to granular mount hooks
Paul Moore
- [PATCH v3 5/7] landlock: Convert from sb_mount to granular mount hooks
Paul Moore
- [PATCH v3 6/7] tomoyo: Convert from sb_mount to granular mount hooks
Paul Moore
- [PATCH v3 7/7] lsm: Remove security_sb_mount and security_move_mount
Paul Moore
- [BUG] lsm= with bpf before selinux breaks fscreate with EINVAL
Paul Moore
- [PATCH v2 2/3] security: Expand task_setscheduler LSM hook to include CPU affinity mask
Paul Moore
- [BUG] lsm= with bpf before selinux breaks fscreate with EINVAL
Vitaly Chikunov
- [PATCH v3 7/7] lsm: Remove security_sb_mount and security_move_mount
Song Liu
- [BUG] lsm= with bpf before selinux breaks fscreate with EINVAL
Paul Moore
- [BUG] lsm= with bpf before selinux breaks fscreate with EINVAL
Vitaly Chikunov
- [BUG] lsm= with bpf before selinux breaks fscreate with EINVAL
Vitaly Chikunov
- [PATCH v5 00/13] ima: Introduce staging mechanism
Roberto Sassu
- [PATCH v2 0/4] Firmware LSM hook
Leon Romanovsky
- [PATCH RFC 0/5] memcg: dma-buf per-cgroup accounting via pid_fd
Albert Esteve
- [PATCH RFC 1/5] memcg: Track exported dma-buffers
Albert Esteve
- [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
Albert Esteve
- [PATCH RFC 3/5] security: dma-heap: Add dma_heap_alloc LSM hook
Albert Esteve
- [PATCH RFC 4/5] selinux: Restrict cross-cgroup dma-heap charging
Albert Esteve
- [PATCH RFC 5/5] selftests/dmabuf-heaps: Add dma-buf memcg accounting tests
Albert Esteve
- [linus:master] [selftests] 465b05bae5: kernel-selftests.landlock.audit_test.audit.tsync_override_log_subdomains_off.fail
Thomas Weißschuh
- [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
Christian König
- [PATCH v3 6/7] tomoyo: Convert from sb_mount to granular mount hooks
Tetsuo Handa
- [PATCH v3 6/7] tomoyo: Convert from sb_mount to granular mount hooks
Paul Moore
- [PATCH v3 6/7] tomoyo: Convert from sb_mount to granular mount hooks
Song Liu
- [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
T.J. Mercier
- [BUG] lsm= with bpf before selinux breaks fscreate with EINVAL
Paul Moore
- [PATCH 1/3] cgroup/cpuset: Fix deadline bandwidth leak in cpuset_can_attach()
Aaron Tomlin
- [PATCH v1 1/2] selftests/landlock: Filter dealloc records in audit_count_records()
Mickaël Salaün
- [PATCH v1 2/2] selftests/landlock: Increase default audit socket timeout
Mickaël Salaün
- [linus:master] [selftests] 465b05bae5: kernel-selftests.landlock.audit_test.audit.tsync_override_log_subdomains_off.fail
Mickaël Salaün
- [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
Albert Esteve
- [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
Albert Esteve
- [PATCH] rust: cred: add safe abstractions for capable() and ns_capable()
kernel test robot
- [PATCH v1] landlock: Demonstrate best-effort allowed_access filtering
Mickaël Salaün
- [PATCH] rust: cred: add safe abstractions for capable() and ns_capable()
kernel test robot
- [PATCH v2 0/3] landlock: Restrict renameat2 with RENAME_WHITEOUT
Günther Noack
- [PATCH v2 1/3] landlock: Require LANDLOCK_ACCESS_FS_MAKE_WHITEOUT for RENAME_WHITEOUT
Günther Noack
- [PATCH v2 2/3] selftests/landlock: Add test for RENAME_WHITEOUT denial
Günther Noack
- [PATCH v2 3/3] selftests/landlock: Test OverlayFS renames w/o LANDLOCK_ACCESS_FS_MAKE_WHITEOUT
Günther Noack
- [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
T.J. Mercier
- [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
T.J. Mercier
- [PATCH v1] landlock: Account all audit data allocations to user space
Mickaël Salaün
- [PATCH] lsm: hold cred_guard_mutex for lsm_set_self_attr()
Stephen Smalley
- [PATCH v7 1/10] crypto: pkcs7: add flag for validated trust on a signed info block
Paul Moore
- [PATCH v7 2/10] crypto: pkcs7: add ability to extract signed attributes by OID
Paul Moore
- [PATCH v7 3/10] crypto: pkcs7: add tests for pkcs7_get_authattr
Paul Moore
- [PATCH v7 4/10] lsm: framework for BPF integrity verification
Paul Moore
- [PATCH v7 5/10] lsm: security: Add additional enum values for bpf integrity checks
Paul Moore
- [PATCH v7 6/10] security: Hornet LSM
Paul Moore
- [PATCH v7 7/10] hornet: Introduce gen_sig
Paul Moore
- [PATCH v7 8/10] hornet: Add a light skeleton data extractor scripts
Paul Moore
- [PATCH v7 9/10] selftests/hornet: Add a selftest for the Hornet LSM
Paul Moore
- [PATCH v7 10/10] ipe: Add BPF program load policy enforcement via Hornet integration
Paul Moore
- [linus:master] [landlock] 874c8f8382: kernel-selftests.landlock.audit_test.audit.thread.fail
Mickaël Salaün
- [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
Albert Esteve
- [PATCH] hornet: depend on CONFIG_SECURITY and CONFIG_BPF_SYSCALL
Paul Moore
- [PATCH] ipe: restore the kdoc comments for evaluate_property()
Paul Moore
- [PATCH] ima: debugging late_initcall_sync measurements
Yeoreum Yun
- [QUESTION] move load_uefi_certs() and keyring initcall to earlier initcall
Yeoreum Yun
- [PATCH] ipe: restore the kdoc comments for evaluate_property()
Fan Wu
- [PATCH] ima: debugging late_initcall_sync measurements
Mimi Zohar
- [PATCH] hornet: depend on CONFIG_SECURITY and CONFIG_BPF_SYSCALL
Blaise Boscaccy
- [PATCH net 0/4] net: trust-after-modification fixes for IPv4 options + netlabel
Qi Tang
- [PATCH net 3/4] netlabel: validate CALIPSO option against skb tail in netlbl_skbuff_getattr
Qi Tang
- [PATCH net 4/4] netlabel: validate CIPSO option against skb tail in netlbl_skbuff_getattr
Qi Tang
- [PATCH] ipe: restore the kdoc comments for evaluate_property()
Paul Moore
- [PATCH] hornet: depend on CONFIG_SECURITY and CONFIG_BPF_SYSCALL
Paul Moore
- [PATCH net 0/4] net: trust-after-modification fixes for IPv4 options + netlabel
Qi Tang
- [PATCH net 3/4] netlabel: validate CALIPSO option against skb tail in netlbl_skbuff_getattr
Casey Schaufler
- [PATCH v2 2/3] security: Expand task_setscheduler LSM hook to include CPU affinity mask
Paul Moore
- [PATCH RFC 4/5] selinux: Restrict cross-cgroup dma-heap charging
Paul Moore
- [PATCH] lsm: hold cred_guard_mutex for lsm_set_self_attr()
Paul Moore
- [PATCH net 3/4] netlabel: validate CALIPSO option against skb tail in netlbl_skbuff_getattr
Qi Tang
- [PATCH net 3/4] netlabel: validate CALIPSO option against skb tail in netlbl_skbuff_getattr
Paul Moore
- [PATCH net 4/4] netlabel: validate CIPSO option against skb tail in netlbl_skbuff_getattr
Paul Moore
- [PATCH net 3/4] netlabel: validate CALIPSO option against skb tail in netlbl_skbuff_getattr
Qi Tang
- [PATCH net 4/4] netlabel: validate CIPSO option against skb tail in netlbl_skbuff_getattr
Qi Tang
- [PATCH] killswitch: add per-function short-circuit mitigation primitive
Paul Moore
- [PATCH] apparmor: hold peer path references in aa_unix_file_perm()
Zhang Cen
- [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
Christian Brauner
- [PATCH] Documentation: fix typo and formattting in security/credentials.rst
Jonathan Corbet
- [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
T.J. Mercier
- [PATCH v5 00/13] ima: Introduce staging mechanism
Lakshmi Ramasubramanian
- [PATCH v1] landlock: Demonstrate best-effort allowed_access filtering
Günther Noack
- [PATCH] rust: cred: add safe abstractions for capable() and ns_capable()
Miguel Ojeda
- [PATCH v4 0/7] lsm: Replace security_sb_mount with granular mount hooks
Song Liu
- [PATCH v4 1/7] lsm: Add granular mount hooks to replace security_sb_mount
Song Liu
- [PATCH v4 2/7] apparmor: Remove redundant MS_MGC_MSK stripping in apparmor_sb_mount
Song Liu
- [PATCH v4 3/7] apparmor: Convert from sb_mount to granular mount hooks
Song Liu
- [PATCH v4 4/7] selinux: Convert from sb_mount to granular mount hooks
Song Liu
- [PATCH v4 5/7] landlock: Convert from sb_mount to granular mount hooks
Song Liu
- [PATCH v4 6/7] tomoyo: Convert from sb_mount to granular mount hooks
Song Liu
- [PATCH v4 7/7] lsm: Remove security_sb_mount and security_move_mount
Song Liu
- [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
Barry Song
- [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
Barry Song
- [Linaro-mm-sig] Re: [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
Barry Song
- [PATCH v2 2/3] security: Expand task_setscheduler LSM hook to include CPU affinity mask
Aaron Tomlin
- [PATCH] keys/trusted_keys: mark 'migratable' as __ro_after_init
Len Bao
- [PATCH] landlock: Documentation wording cleanups
Günther Noack
- [PATCH v1 1/2] selftests/landlock: Filter dealloc records in audit_count_records()
Günther Noack
- [PATCH v1 2/2] selftests/landlock: Increase default audit socket timeout
Günther Noack
- [PATCH 0/4] firmware: arm_ffa: Move core init to platform driver probe
Sudeep Holla
- [PATCH 0/4] firmware: arm_ffa: Move core init to platform driver probe
Sudeep Holla
- [PATCH 0/4] firmware: arm_ffa: Move core init to platform driver probe
Sudeep Holla
- [PATCH v2 00/16] Bump minimum version of LLVM for building the kernel to 17.0.1
Nathan Chancellor
- [PATCH v2 02/16] security/Kconfig.hardening: Remove tautological condition from CC_HAS_ZERO_CALL_USED_REGS
Nathan Chancellor
- [PATCH v2 03/16] security/Kconfig.hardening: Remove tautological condition from FORTIFY_SOURCE
Nathan Chancellor
- [PATCH v2 04/16] security/Kconfig.hardening: Remove tautological condition from CC_HAS_RANDSTRUCT
Nathan Chancellor
- [PATCH] killswitch: add per-function short-circuit mitigation primitive
Song Liu
- [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
Christian König
- [Linaro-mm-sig] Re: [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
Christian König
- [PATCH v2 02/16] security/Kconfig.hardening: Remove tautological condition from CC_HAS_ZERO_CALL_USED_REGS
Arnd Bergmann
- [linus:master] [selftests] 465b05bae5: kernel-selftests.landlock.audit_test.audit.tsync_override_log_subdomains_off.fail
Thomas Weißschuh
- [linus:master] [selftests] 465b05bae5: kernel-selftests.landlock.audit_test.audit.tsync_override_log_subdomains_off.fail
Mickaël Salaün
- [linus:master] [selftests] 465b05bae5: kernel-selftests.landlock.audit_test.audit.tsync_override_log_subdomains_off.fail
Thomas Weißschuh
- [PATCH v2 05/17] tracing: Add __print_untrusted_str()
Mickaël Salaün
- [Linaro-mm-sig] Re: [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
Albert Esteve
- [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
Albert Esteve
- [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
Albert Esteve
- [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
Christian König
- [PATCH v2 02/16] security/Kconfig.hardening: Remove tautological condition from CC_HAS_ZERO_CALL_USED_REGS
Nathan Chancellor
- [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
T.J. Mercier
- [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
T.J. Mercier
- [PATCH] killswitch: add per-function short-circuit mitigation primitive
Paul Moore
- [PATCH v5 00/14] module: Introduce hash-based integrity checking
Sami Tolvanen
- [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
Barry Song
- [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
Barry Song
- [Linaro-mm-sig] Re: [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
Barry Song
- [PATCH] killswitch: add per-function short-circuit mitigation primitive
Song Liu
- [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
T.J. Mercier
- [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
T.J. Mercier
- [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
T.J. Mercier
- [PATCH] killswitch: add per-function short-circuit mitigation primitive
Paul Moore
- [PATCH] killswitch: add per-function short-circuit mitigation primitive
Song Liu
- [PATCH] killswitch: add per-function short-circuit mitigation primitive
Sasha Levin
- [PATCH] killswitch: add per-function short-circuit mitigation primitive
Sasha Levin
- [PATCH] killswitch: add per-function short-circuit mitigation primitive
Paul Moore
- [PATCH] killswitch: add per-function short-circuit mitigation primitive
Paul Moore
- [PATCH] killswitch: add per-function short-circuit mitigation primitive
Song Liu
- [Linaro-mm-sig] Re: [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
Christian König
- [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
Christian König
- [Linaro-mm-sig] Re: [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
Christian König
- [PATCH] keys/trusted_keys: mark 'migratable' as __ro_after_init
Jarkko Sakkinen
- [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
Albert Esteve
- [PATCH v5 00/13] ima: Introduce staging mechanism
Roberto Sassu
- [Linaro-mm-sig] Re: [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
Albert Esteve
- [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
Albert Esteve
- [bug report] keys: request_key_auth payload use-after-free in keyctl_instantiate_key_common()
Shaomin Chen
- [RFC] TID v2.0: kernel module for cache-line zeroization against Flush+Reload (CLFLUSHOPT + LFENCE + REP STOSQ)
Jann Horn
- [Linaro-mm-sig] Re: [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
T.J. Mercier
- [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
T.J. Mercier
- [PATCH v5 00/14] module: Introduce hash-based integrity checking
Thomas Weißschuh
- [PATCH] killswitch: add per-function short-circuit mitigation primitive
Sasha Levin
- [GIT PULL] lsm/lsm-pr-20260519
Paul Moore
- [PATCH] bpf: reject NULL data/sig in bpf_verify_pkcs7_signature
KP Singh
- [PATCH] landlock: avoid memcpy static check warning
Arnd Bergmann
- [PATCH] killswitch: add per-function short-circuit mitigation primitive
Paul Moore
- [PATCH] bpf: reject NULL data/sig in bpf_verify_pkcs7_signature
Amery Hung
- [PATCH] killswitch: add per-function short-circuit mitigation primitive
Paul Moore
- [PATCH] bpf: reject NULL data/sig in bpf_verify_pkcs7_signature
Song Liu
- [RFC] TID v2.0: kernel module for cache-line zeroization against Flush+Reload (CLFLUSHOPT + LFENCE + REP STOSQ)
Jann Horn
- [PATCH] bpf, libbpf: reject non-exclusive metadata maps in the signed loader
KP Singh
- [PATCH] bpf: reject NULL data/sig in bpf_verify_pkcs7_signature
Daniel Borkmann
- [PATCH] bpf, libbpf: reject non-exclusive metadata maps in the signed loader
bot+bpf-ci at kernel.org
- [PATCH v2] bpf: reject NULL data/sig in bpf_verify_pkcs7_signature
KP Singh
- [PATCH v2] bpf: reject NULL data/sig in bpf_verify_pkcs7_signature
Kumar Kartikeya Dwivedi
- [PATCH v2] bpf: reject NULL data/sig in bpf_verify_pkcs7_signature
patchwork-bot+netdevbpf at kernel.org
- [PATCH 0/3] security: replace __get_free_pages() call with kmalloc()
Mike Rapoport (Microsoft)
- [PATCH 1/3] selinux: use k[mz]alloc() to allocate temporary buffers
Mike Rapoport (Microsoft)
- [PATCH 2/3] selinux: hooks: use __getname() to allocate path buffer
Mike Rapoport (Microsoft)
- [PATCH 3/3] apparmor: replace get_zeroed_page() with kzalloc()
Mike Rapoport (Microsoft)
- [PATCH] landlock: avoid memcpy static check warning
Mickaël Salaün
- [PATCH] landlock: avoid memcpy static check warning
Arnd Bergmann
- [GIT PULL] lsm/lsm-pr-20260519
pr-tracker-bot at kernel.org
- [QUESTION] move load_uefi_certs() and keyring initcall to earlier initcall
Yeoreum Yun
- [PATCH v5 00/13] ima: Introduce staging mechanism
Mimi Zohar
- [PATCH v5 01/13] ima: Remove ima_h_table structure
Mimi Zohar
- [PATCH v5 02/13] ima: Replace static htable queue with dynamically allocated array
Mimi Zohar
- [PATCH v5 03/13] ima: Introduce per binary measurements list type ima_num_entries counter
Mimi Zohar
- [PATCH v5 04/13] ima: Introduce per binary measurements list type binary_runtime_size value
Mimi Zohar
- [PATCH v5 05/13] ima: Introduce _ima_measurements_start() and _ima_measurements_next()
Mimi Zohar
- [PATCH v5 06/13] ima: Mediate open/release method of the measurements list
Mimi Zohar
- [PATCH v5 07/13] ima: Use snprintf() in create_securityfs_measurement_lists
Mimi Zohar
- [PATCH v5 08/13] ima: Introduce ima_dump_measurement()
Mimi Zohar
- [PATCH] apparmor: Fix inverted comparison in cache_hold_inc()
Eduardo Vasconcelos
- [PATCH v5 04/13] ima: Introduce per binary measurements list type binary_runtime_size value
Roberto Sassu
- [PATCH v5 06/13] ima: Mediate open/release method of the measurements list
Roberto Sassu
- [PATCH 00/11] Convert moduleparams to seq_buf
Kees Cook
- [PATCH 02/11] panic: Replace panic_print_get() with generic helper
Kees Cook
- [PATCH 03/11] moduleparam: Add DEFINE_KERNEL_PARAM_OPS macro family
Kees Cook
- [PATCH 04/11] treewide: Convert struct kernel_param_ops initializers to DEFINE_KERNEL_PARAM_OPS
Kees Cook
- [PATCH 05/11] moduleparam: Rename .get field to .get_str
Kees Cook
- [PATCH 06/11] moduleparam: Add seq_buf-based .get callback alongside .get_str
Kees Cook
- [PATCH 07/11] moduleparam: Route DEFINE_KERNEL_PARAM_OPS get pointer via _Generic
Kees Cook
- [PATCH 08/11] params: Convert generic kernel_param_ops .get helpers to seq_buf
Kees Cook
- [PATCH 09/11] treewide: Convert custom kernel_param_ops .get callbacks to seq_buf via cocci
Kees Cook
- [PATCH 10/11] treewide: Manually convert custom kernel_param_ops .get callbacks
Kees Cook
- [PATCH 11/11] moduleparam: Drop legacy kernel_param_ops .get_str field and dispatch logic
Kees Cook
- [PATCH 09/11] treewide: Convert custom kernel_param_ops .get callbacks to seq_buf via cocci
Sean Christopherson
- [PATCH 04/11] treewide: Convert struct kernel_param_ops initializers to DEFINE_KERNEL_PARAM_OPS
Sean Christopherson
- [PATCH v2] apparmor: Fix inverted comparison in cache_hold_inc()
Eduardo Vasconcelos
- [PATCH v5 09/13] ima: Add support for staging measurements with prompt
Mimi Zohar
- [PATCH v2 0/2] gen_loader fixes
KP Singh
- [PATCH v2 1/2] libbpf: fix off-by-one in emit_signature_match jump offset
KP Singh
- [PATCH v2 2/2] bpf, libbpf: reject non-exclusive metadata maps in the signed loader
KP Singh
- [PATCH v2 1/2] libbpf: fix off-by-one in emit_signature_match jump offset
bot+bpf-ci at kernel.org
- [PATCH v2 2/2] bpf, libbpf: reject non-exclusive metadata maps in the signed loader
bot+bpf-ci at kernel.org
- [PATCH v5 10/13] ima: Add support for flushing the hash table when staging measurements
Mimi Zohar
- [PATCH 0/6] landlock: Add scoped access bit for SysV message queues
Justin Suess
- [PATCH 1/6] landlock: Add kern_ipc_perm credential blob structs
Justin Suess
- [PATCH 2/6] landlock: Add LANDLOCK_SCOPE_SYSV_MSG_QUEUE
Justin Suess
- [PATCH 3/6] landlock: Bump ABI for LANDLOCK_SCOPE_SYSV_MSG_QUEUE
Justin Suess
- [PATCH 4/6] selftests/landlock: Test LANDLOCK_SCOPE_SYSV_MSG_QUEUE
Justin Suess
- [PATCH 5/6] samples/landlock: Support LANDLOCK_SCOPE_SYSV_MSG_QUEUE in sandboxer
Justin Suess
- [PATCH 6/6] landlock: Document LANDLOCK_SCOPE_SYSV_MESSAGE_QUEUE
Justin Suess
- [PATCH 10/11] treewide: Manually convert custom kernel_param_ops .get callbacks
Jani Nikula
- [bug report] keys: request_key_auth payload use-after-free in keyctl_instantiate_key_common()
Jarkko Sakkinen
- [linux-next:master] BUILD REGRESSION 550604d6c9b9efc8d068aff94dc301694a7afdee
kernel test robot
- [PATCH] tpm-buf: memory-safe allocations
Jarkko Sakkinen
- [net-next] netlabel: fix IPv6 unlabeled address add error handling
Chenguang Zhao
- [PATCH bpf-next 00/13] Signed BPF + IPE Policies
KP Singh
- [PATCH bpf-next 01/13] bpf: expose signature verdict to LSMs via bpf_prog_aux
KP Singh
- [PATCH bpf-next 02/13] bpf: include prog BTF in the signed loader signature scope
KP Singh
- [PATCH bpf-next 03/13] bpf, libbpf: load prog BTF in the skel_internal loader
KP Singh
- [PATCH bpf-next 04/13] bpf: add bpf_loader_verify_metadata kfunc
KP Singh
- [PATCH bpf-next 05/13] bpf: compute prog->digest at BPF_PROG_LOAD entry
KP Singh
- [PATCH bpf-next 06/13] bpf: resolve loader-style kfunc CALLs against prog BTF
KP Singh
- [PATCH bpf-next 07/13] libbpf: generate prog BTF for loader programs
KP Singh
- [PATCH bpf-next 08/13] bpftool gen: embed loader prog BTF in the lskel header
KP Singh
- [PATCH bpf-next 09/13] lsm: add bpf_prog_load_post_integrity hook
KP Singh
- [PATCH bpf-next 10/13] bpf: invoke security_bpf_prog_load_post_integrity from the metadata kfunc
KP Singh
- [PATCH bpf-next 11/13] ipe: add BPF program signature properties
KP Singh
- [PATCH bpf-next 12/13] ipe: gate post-integrity BPF program loads
KP Singh
- [PATCH bpf-next 13/13] selftests/bpf: add IPE BPF policy integration tests
KP Singh
- [net-next] netlabel: fix IPv6 unlabeled address add error handling
Paul Moore
- [net-next] netlabel: validate unlabeled mask attribute length
Chenguang Zhao
- [ANN] Linux Security Summit Europe 2026 CfP
Reshetova, Elena
- [PATCH v3] keys/trusted_keys: move TPM-specific fields into trusted_tpm_options
Srish Srinivasan
- [PATCH v4 1/7] lsm: Add granular mount hooks to replace security_sb_mount
Christian Brauner
- [PATCH v3] keys/trusted_keys: move TPM-specific fields into trusted_tpm_options
Jarkko Sakkinen
- [RFC PATCH v4 01/19] landlock: Support socket access-control
Günther Noack
- [PATCH 04/11] treewide: Convert struct kernel_param_ops initializers to DEFINE_KERNEL_PARAM_OPS
Rafael J. Wysocki
- [PATCH 09/11] treewide: Convert custom kernel_param_ops .get callbacks to seq_buf via cocci
Rafael J. Wysocki
- [PATCH 10/11] treewide: Manually convert custom kernel_param_ops .get callbacks
Rafael J. Wysocki
- [PATCH bpf-next 00/13] Signed BPF + IPE Policies
Paul Moore
- [PATCH bpf-next 00/13] Signed BPF + IPE Policies
KP Singh
- [PATCH v4 0/7] landlock: Add UDP access control support
Mickaël Salaün
- [PATCH v4 2/7] landlock: Add UDP connect() access control
Mickaël Salaün
- [PATCH v4 3/7] landlock: Add UDP send access control
Mickaël Salaün
- [PATCH v4 7/7] landlock: Add documentation for UDP support
Mickaël Salaün
- [PATCH v4 2/7] landlock: Add UDP connect() access control
Mickaël Salaün
- [PATCH v2 1/2] libbpf: fix off-by-one in emit_signature_match jump offset
Daniel Borkmann
- [PATCH v2 2/2] bpf, libbpf: reject non-exclusive metadata maps in the signed loader
Daniel Borkmann
- [PATCH bpf v3 0/2] gen_loader fixes
KP Singh
- [PATCH bpf v3 1/2] libbpf: fix off-by-one in emit_signature_match jump offset
KP Singh
- [PATCH bpf v3 2/2] bpf, libbpf: reject non-exclusive metadata maps in the signed loader
KP Singh
- [PATCH v2 2/2] bpf, libbpf: reject non-exclusive metadata maps in the signed loader
Daniel Borkmann
- [PATCH bpf v3 1/2] libbpf: fix off-by-one in emit_signature_match jump offset
bot+bpf-ci at kernel.org
- [PATCH bpf v3 2/2] bpf, libbpf: reject non-exclusive metadata maps in the signed loader
bot+bpf-ci at kernel.org
- [PATCH v4 1/7] lsm: Add granular mount hooks to replace security_sb_mount
Song Liu
- [PATCH 2/4] firmware: arm_ffa: Register core as a platform driver
Nathan Chancellor
- [PATCH bpf-next 00/13] Signed BPF + IPE Policies
Paul Moore
- [PATCH 2/4] firmware: arm_ffa: Register core as a platform driver
Yeoreum Yun
- [PATCH 2/4] firmware: arm_ffa: Register core as a platform driver
Yeoreum Yun
- [PATCH bpf-next 00/13] Signed BPF + IPE Policies
Alexei Starovoitov
- [PATCH bpf-next 00/13] Signed BPF + IPE Policies
Paul Moore
- [PATCH bpf-next 00/13] Signed BPF + IPE Policies
Paul Moore
- [PATCH bpf-next 00/13] Signed BPF + IPE Policies
Alexei Starovoitov
- [PATCH bpf v3 0/2] gen_loader fixes
patchwork-bot+netdevbpf at kernel.org
- [PATCH bpf v3 2/2] bpf, libbpf: reject non-exclusive metadata maps in the signed loader
Alexei Starovoitov
- [PATCH bpf-next 00/13] Signed BPF + IPE Policies
Blaise Boscaccy
- [PATCH] crypto: pkcs7: export verify_pkcs7_message_sig() as EXPORT_SYMBOL_GPL
Paul Moore
- [PATCH] lsm,bpf: fix security_bpf_prog_load() error handling
Paul Moore
- [PATCH] lsm,bpf: fix security_bpf_prog_load() error handling
Paul Moore
- [PATCH] lsm,bpf: fix security_bpf_prog_load() error handling
Alexei Starovoitov
- [PATCH bpf-next 00/13] Signed BPF + IPE Policies
Blaise Boscaccy
- [PATCH bpf-next 05/13] bpf: compute prog->digest at BPF_PROG_LOAD entry
Alexei Starovoitov
- [PATCH] lsm,bpf: fix security_bpf_prog_load() error handling
Paul Moore
- [PATCH bpf-next 06/13] bpf: resolve loader-style kfunc CALLs against prog BTF
Alexei Starovoitov
- [PATCH] lsm,bpf: fix security_bpf_prog_load() error handling
Alexei Starovoitov
- [PATCH] lsm,bpf: fix security_bpf_prog_load() error handling
bot+bpf-ci at kernel.org
- [RFC PATCH] ipe: support multiple BPF integrity verification LSMs
Paul Moore
- [PATCH v8 1/9] landlock: Add a place for flags to layer rules
Mickaël Salaün
- [RFC PATCH] ipe: support multiple BPF integrity verification LSMs
Paul Moore
- [RFC PATCH] ipe: support multiple BPF integrity verification LSMs
Fan Wu
- [PATCH bpf-next 09/13] lsm: add bpf_prog_load_post_integrity hook
Paul Moore
- [PATCH v8 1/9] landlock: Add a place for flags to layer rules
Tingmao Wang
- [PATCH net v2 0/4] net: trust-after-modification fixes for IPv4 options + netlabel
Qi Tang
- [PATCH net v2 3/4] netlabel: validate CALIPSO option against skb tail in netlbl_skbuff_getattr
Qi Tang
- [PATCH net v2 4/4] netlabel: validate CIPSO option against skb tail in netlbl_skbuff_getattr
Qi Tang
- [PATCH v8 0/3]
Jarkko Sakkinen
- [PATCH v8 1/3] lib/asn1_encoder: Add asn1_encode_integer_bytes()
Jarkko Sakkinen
- [PATCH v8 2/3] crypto: Migrate TPMKey ASN.1 objects from trusted-keys
Jarkko Sakkinen
- [PATCH v8 3/3] keys: asymmetric: tpm2_asymmetric
Jarkko Sakkinen
- [PATCH v8 0/3]
Jarkko Sakkinen
- [PATCH] apparmor: Constify 'nulldfa_src' and 'stacksplitdfa_src' arrays
Len Bao
- [PATCH v8 1/9] landlock: Add a place for flags to layer rules
Justin Suess
- [PATCH v8 1/9] landlock: Add a place for flags to layer rules
Tingmao Wang
- [PATCH v8 1/9] landlock: Add a place for flags to layer rules
Mickaël Salaün
- [PATCH v8 2/9] landlock: Add API support and docs for the quiet flags
Mickaël Salaün
- [PATCH v8 1/9] landlock: Add a place for flags to layer rules
Justin Suess
- [PATCH 0/2] smack: restrict smackfs/{direct,mapped} values to 0-255
Konstantin Andreev
- [PATCH 1/2] smack: deduplicate smackfs/{direct, mapped} file_operations
Konstantin Andreev
- [PATCH 2/2] smack: restrict smackfs/{direct,mapped} values to 0-255
Konstantin Andreev
- [PATCH v8 0/3]
Jarkko Sakkinen
- [PATCH v8 0/3]
Jarkko Sakkinen
- [PATCH] Fix various spelling mistakes
fffsqian at 163.com
- [PATCH v4 0/3] introduce IMA_INIT_LATE_SYNC option
Yeoreum Yun
- [PATCH v4 1/3] security: lsm: Allow LSMs to register for late_initcall_sync init
Yeoreum Yun
- [PATCH v4 2/3] security: ima: introduce IMA_INIT_LATE_SYNC option
Yeoreum Yun
- [PATCH v4 3/3] tpm: tpm_crb_ffa: revert defered_probed when tpm_crb_ffa is built-in
Yeoreum Yun
- [PATCH 03/11] moduleparam: Add DEFINE_KERNEL_PARAM_OPS macro family
Petr Pavlu
- [PATCH 04/11] treewide: Convert struct kernel_param_ops initializers to DEFINE_KERNEL_PARAM_OPS
Petr Pavlu
- [PATCH] tpm-buf: memory-safe allocations
Srish Srinivasan
- [PATCH] Fix various spelling mistakes
Casey Schaufler
- [PATCH 06/11] moduleparam: Add seq_buf-based .get callback alongside .get_str
Petr Pavlu
- [PATCH 07/11] moduleparam: Route DEFINE_KERNEL_PARAM_OPS get pointer via _Generic
Petr Pavlu
- [PATCH 08/11] params: Convert generic kernel_param_ops .get helpers to seq_buf
Petr Pavlu
- [PATCH] tpm-buf: memory-safe allocations
James Bottomley
- [net-next] netlabel: fix IPv6 unlabeled address add error handling
patchwork-bot+netdevbpf at kernel.org
- [PATCH v4 0/7] landlock: Add UDP access control support
Mickaël Salaün
- [PATCH v8 1/9] landlock: Add a place for flags to layer rules
Mickaël Salaün
- [PATCH v8 3/9] landlock: Suppress logging when quiet flag is present
Mickaël Salaün
- [PATCH] apparmor: fix use-after-free in rawdata dedup loop
Ruslan Valiyev
- [PATCH] tomoyo: Fix NULL pointer dereference in tomoyo_init_request_info() when domain is NULL
Jiakai Xu
- [PATCH v2 1/2] security: apparmor: fix two spelling mistakes
fffsqian at 163.com
- [PATCH v2 2/2] security: smack: fix spelling mistake
fffsqian at 163.com
- [PATCH] tomoyo: Fix NULL pointer dereference in tomoyo_init_request_info() when domain is NULL
Tetsuo Handa
- [PATCH] keys: Pin request_key_auth payload in instantiate paths
Shaomin Chen
- [bug report] keys: request_key_auth payload use-after-free in keyctl_instantiate_key_common()
Shaomin Chen
- [PATCH 00/11] Convert moduleparams to seq_buf
Petr Pavlu
- [PATCH] tpm-buf: memory-safe allocations
Jarkko Sakkinen
- [PATCH 2/4] firmware: arm_ffa: Register core as a platform driver
Sudeep Holla
- [PATCH v5 06/14] module: Switch load_info::len to size_t
Petr Pavlu
- [net-next] netlabel: validate unlabeled mask attribute length
Paolo Abeni
- [PATCH] firmware: arm_ffa: Treat missing FF-A feature on a platform as a probe miss
Sudeep Holla
- [PATCH v2 10/17] landlock: Set audit_net.sk for socket access checks
Mickaël Salaün
- [PATCH] firmware: arm_ffa: Treat missing FF-A feature on a platform as a probe miss
Yeoreum Yun
- [PATCH v5 07/14] module: Make module authentication usable without MODULE_SIG
Petr Pavlu
- [PATCH v5 11/13] ima: Support staging and deleting N measurements entries
Mimi Zohar
- [PATCH v5 06/14] module: Switch load_info::len to size_t
Thomas Weißschuh
- [PATCH v5 07/14] module: Make module authentication usable without MODULE_SIG
Thomas Weißschuh
- [PATCH v5 08/14] module: Move authentication logic into dedicated new file
Petr Pavlu
- [PATCH v5 07/14] module: Make module authentication usable without MODULE_SIG
kpcyrd
- [PATCH v5 09/14] module: Move signature type check out of mod_check_sig()
Petr Pavlu
- [PATCH v5 10/14] module: Prepare for additional module authentication mechanisms
Petr Pavlu
- [PATCH] tomoyo: Fix NULL pointer dereference in tomoyo_init_request_info() when domain is NULL
Jiakai Xu
- [PATCH v5 12/13] ima: Return error on deleting measurements already copied during kexec
Mimi Zohar
- [PATCH v5 00/13] ima: Introduce staging mechanism
Mimi Zohar
- [PATCH v3] security: Expand task_setscheduler LSM hook to include CPU affinity mask
Aaron Tomlin
- [PATCH] tomoyo: Fix NULL pointer dereference in tomoyo_init_request_info() when domain is NULL
Tetsuo Handa
- [PATCH RESEND 0/1] yama: clean-up ptrace relations upon activating YAMA_SCOPE_NO_ATTACH
Ethan Ferguson
- [PATCH RESEND 1/1] yama: clean-up ptrace relations upon activating YAMA_SCOPE_NO_ATTACH
Ethan Ferguson
- [PATCH v5 13/13] doc: security: Add documentation of the IMA staging mechanism
Mimi Zohar
- [PATCH bpf-next 00/13] Signed BPF + IPE Policies
KP Singh
- [PATCH] firmware: arm_ffa: Treat missing FF-A feature on a platform as a probe miss
Nathan Chancellor
- [PATCH v3] security: Expand task_setscheduler LSM hook to include CPU affinity mask
Aaron Tomlin
- [PATCH v2 06/17] landlock: Add create_ruleset and free_ruleset tracepoints
Justin Suess
- [PATCH v2 2/2] security: smack: fix spelling mistake
Casey Schaufler
- security_task_prctl: why -ENOSYS
William Roberts
- security_task_prctl: why -ENOSYS
William Roberts
- security_task_prctl: why -ENOSYS
Casey Schaufler
- [PATCH] tomoyo: Fix NULL pointer dereference in tomoyo_init_request_info() when domain is NULL
Jiakai Xu
- [PATCH v9 0/9] Implement LANDLOCK_ADD_RULE_QUIET
Tingmao Wang
- [PATCH v9 1/9] landlock: Add a place for flags to layer rules
Tingmao Wang
- [PATCH v9 2/9] landlock: Add API support and docs for the quiet flags
Tingmao Wang
- [PATCH v9 3/9] landlock: Suppress logging when quiet flag is present
Tingmao Wang
- [PATCH v9 4/9] samples/landlock: Add quiet flag support to sandboxer
Tingmao Wang
- [PATCH v9 5/9] selftests/landlock: Replace hard-coded 16 with a constant
Tingmao Wang
- [PATCH v9 6/9] selftests/landlock: add tests for quiet flag with fs rules
Tingmao Wang
- [PATCH v9 7/9] selftests/landlock: add tests for quiet flag with net rules
Tingmao Wang
- [PATCH v9 8/9] selftests/landlock: Add tests for quiet flag with scope
Tingmao Wang
- [PATCH v9 9/9] selftests/landlock: Add tests for invalid use of quiet flag
Tingmao Wang
- [PATCH v8 2/9] landlock: Add API support and docs for the quiet flags
Tingmao Wang
- [syzbot] Monthly lsm report (May 2026)
syzbot
- [PATCH v3] security: Expand task_setscheduler LSM hook to include CPU affinity mask
Peter Zijlstra
- [PATCH] firmware: arm_ffa: Treat missing FF-A feature on a platform as a probe miss
Sudeep Holla
- [PATCH] firmware: arm_ffa: Treat missing FF-A feature on a platform as a probe miss
Sudeep Holla
- [PATCH v4 1/7] lsm: Add granular mount hooks to replace security_sb_mount
Christian Brauner
- [PATCH v5 00/13] ima: Introduce staging mechanism
Stefan Berger
- [PATCH v4 2/3] security: ima: introduce IMA_INIT_LATE_SYNC option
Mimi Zohar
- [PATCH v4 2/3] security: ima: introduce IMA_INIT_LATE_SYNC option
Yeoreum Yun
- security_task_prctl: why -ENOSYS
William Roberts
- [PATCH v2 0/9] Landlock: Namespace and capability control
Mickaël Salaün
- [PATCH v2 1/9] security: add LSM blob and hooks for namespaces
Mickaël Salaün
- [PATCH v2 2/9] security: Add LSM_AUDIT_DATA_NS for namespace audit records
Mickaël Salaün
- [PATCH v2 3/9] landlock: Wrap per-layer access masks in struct layer_config
Mickaël Salaün
- [PATCH v2 4/9] landlock: Enforce namespace use restrictions
Mickaël Salaün
- [PATCH v2 5/9] landlock: Enforce capability restrictions
Mickaël Salaün
- [PATCH v2 6/9] selftests/landlock: Add namespace restriction tests
Mickaël Salaün
- [PATCH v2 7/9] selftests/landlock: Add capability restriction tests
Mickaël Salaün
- [PATCH v2 8/9] samples/landlock: Add capability and namespace restriction support
Mickaël Salaün
- [PATCH v2 9/9] landlock: Add documentation for capability and namespace restrictions
Mickaël Salaün
- [PATCH v4 1/7] lsm: Add granular mount hooks to replace security_sb_mount
Song Liu
- [PATCH 1/3] selinux: use k[mz]alloc() to allocate temporary buffers
Paul Moore
- [PATCH 2/3] selinux: hooks: use __getname() to allocate path buffer
Paul Moore
- [PATCH 3/3] apparmor: replace get_zeroed_page() with kzalloc()
Paul Moore
- [PATCH net v2] netlabel: validate unlabeled mask attribute length
Chenguang Zhao
- [PATCH 00/11] hornet: security, tooling and selftest fixes
Blaise Boscaccy
- [PATCH 01/11] hornet: fix TOCTOU in signed program verification
Blaise Boscaccy
- [PATCH 02/11] hornet: invert map set check logic
Blaise Boscaccy
- [PATCH 03/11] hornet: fix off-by-one bug in max used maps check
Blaise Boscaccy
- [PATCH 04/11] selftests: hornet: handle cross compilation and test skipping
Blaise Boscaccy
- [PATCH 05/11] hornet: gen_sig: fix off-by-one check for used maps
Blaise Boscaccy
- [PATCH 06/11] hornet: gen_sig: fix error string allocations
Blaise Boscaccy
- [PATCH 07/11] hornet: gen_sig: check for bad allocations
Blaise Boscaccy
- [PATCH 08/11] hornet: gen_sig: fix missing command line switches
Blaise Boscaccy
- [PATCH 09/11] hornet: scripts: set a non-zero error code for usage
Blaise Boscaccy
- [PATCH 10/11] hornet: scripts: harden scripts to handle trailing whitespace
Blaise Boscaccy
- [PATCH 11/11] hornet: scripts: Improve argument handling and error messages
Blaise Boscaccy
- [PATCH 6.12.y] landlock: Fix TCP handling of short AF_UNSPEC addresses
Maximilian Heyne
- [PATCH v5 0/8] lsm: Replace security_sb_mount with granular mount hooks
Song Liu
- [PATCH v5 1/8] lsm: Add granular mount hooks
Song Liu
- [PATCH v5 2/8] apparmor: Remove redundant MS_MGC_MSK stripping in apparmor_sb_mount
Song Liu
- [PATCH v5 3/8] apparmor: Convert from sb_mount to granular mount hooks
Song Liu
- [PATCH v5 4/8] selinux: Convert from sb_mount to granular mount hooks
Song Liu
- [PATCH v5 5/8] landlock: Convert from sb_mount to granular mount hooks
Song Liu
- [PATCH v5 6/8] tomoyo: Convert from sb_mount to granular mount hooks
Song Liu
- [PATCH v5 7/8] vfs: Replace security_sb_mount/security_move_mount with granular hooks
Song Liu
- [PATCH v5 8/8] lsm: Remove security_sb_mount and security_move_mount
Song Liu
- [PATCH] landlock: fix LANDLOCK_SCOPE_SIGNAL bypass via F_SETOWN to invoker's pgid
hexlabsecurity at proton.me
- [PATCH 05/11] hornet: gen_sig: fix off-by-one check for used maps
Paul Moore
- [PATCH v9 1/9] landlock: Add a place for flags to layer rules
Justin Suess
- [PATCH 00/11] hornet: security, tooling and selftest fixes
Paul Moore
- [PATCH v8 00/10] Implement LANDLOCK_ADD_RULE_NO_INHERIT
Justin Suess
- [PATCH v8 01/10] landlock: Add landlock_walk_path_up() helper
Justin Suess
- [PATCH v8 02/10] landlock: Use landlock_walk_path_up() in is_access_to_paths_allowed()
Justin Suess
- [PATCH v8 03/10] landlock: Use landlock_walk_path_up() in collect_domain_accesses()
Justin Suess
- [PATCH v8 04/10] landlock: Add LANDLOCK_ADD_RULE_NO_INHERIT user API
Justin Suess
- [PATCH v8 05/10] landlock: Return inserted rule from landlock_insert_rule()
Justin Suess
- [PATCH v8 06/10] landlock: Implement LANDLOCK_ADD_RULE_NO_INHERIT
Justin Suess
- [PATCH v8 07/10] landlock: Add documentation for LANDLOCK_ADD_RULE_NO_INHERIT
Justin Suess
- [PATCH v8 08/10] samples/landlock: Add LANDLOCK_ADD_RULE_NO_INHERIT to landlock-sandboxer
Justin Suess
- [PATCH v8 09/10] selftests/landlock: Add selftests for LANDLOCK_ADD_RULE_NO_INHERIT
Justin Suess
- [PATCH v8 10/10] landlock: Add KUnit tests for LANDLOCK_ADD_RULE_NO_INHERIT
Justin Suess
- [PATCH v8 03/10] landlock: Use landlock_walk_path_up() in collect_domain_accesses()
Justin Suess
- [PATCH v9 4/9] samples/landlock: Add quiet flag support to sandboxer
Justin Suess
- [PATCH] landlock: fix LANDLOCK_SCOPE_SIGNAL bypass via F_SETOWN to invoker's pgid
Justin Suess
- [BUG] apparmor: AA_BUG aa_policy_destroy on aa_alloc_profile error path
Farhad Alemi
- [PATCH] KEYS: Use acquire when reading state in keyring search
Gui-Dong Han
- [REPORT] landlock: SCOPE_SIGNAL bypass via F_SETOWN to invoker pgid -> SIGIO/SIGKILL to non-sandboxed targets
hexlabsecurity at proton.me
- [PATCH v4 0/2] Delete task_euid()
Alice Ryhl
- [PATCH v4 1/2] rust: task: clarify comments on task UID accessors
Alice Ryhl
- [PATCH v4 2/2] cred: delete task_euid()
Alice Ryhl
- [REPORT] landlock: SCOPE_SIGNAL bypass via F_SETOWN to invoker pgid -> SIGIO/SIGKILL to non-sandboxed targets
Mickaël Salaün
- [PATCH v4 1/2] rust: task: clarify comments on task UID accessors
Gary Guo
- [PATCH bpf v3 2/2] bpf, libbpf: reject non-exclusive metadata maps in the signed loader
Daniel Borkmann
- [PATCH] tpm-buf: memory-safe allocations
James Bottomley
- [PATCH v5 12/13] ima: Return error on deleting measurements already copied during kexec
Roberto Sassu
- [PATCH bpf v3 2/2] bpf, libbpf: reject non-exclusive metadata maps in the signed loader
Alexei Starovoitov
- [PATCH 05/11] hornet: gen_sig: fix off-by-one check for used maps
Blaise Boscaccy
- [PATCH 05/11] hornet: gen_sig: fix off-by-one check for used maps
Paul Moore
- [REPORT] landlock: SCOPE_SIGNAL bypass via F_SETOWN to invoker pgid -> SIGIO/SIGKILL to non-sandboxed targets
hexlabsecurity at proton.me
- [PATCH v3 1/2] landlock: fix LANDLOCK_SCOPE_SIGNAL bypass via F_SETOWN to invoker's pgid
hexlabsecurity at proton.me
- [PATCH v3 2/2] selftests/landlock: test SCOPE_SIGNAL on the SIGIO/fowner pgid path
hexlabsecurity at proton.me
- [syzbot] [lsm?] KASAN: slab-use-after-free Read in security_inode_follow_link
syzbot
- [PATCH] selftests/landlock: explicitly disable audit
Maximilian Heyne
- [PATCH 00/11] hornet: security, tooling and selftest fixes
Paul Moore
- [PATCH] tpm-buf: memory-safe allocations
Jarkko Sakkinen
- [PATCH] tpm-buf: memory-safe allocations
Jarkko Sakkinen
- [PATCH v4 3/3] tpm: tpm_crb_ffa: revert defered_probed when tpm_crb_ffa is built-in
Jarkko Sakkinen
- [PATCH] keys: Pin request_key_auth payload in instantiate paths
Jarkko Sakkinen
- security_task_prctl: why -ENOSYS
Serge E. Hallyn
- [PATCH 02/11] hornet: invert map set check logic
Fan Wu
- [PATCH] KEYS: Use acquire when reading state in keyring search
Jarkko Sakkinen
- [PATCH 01/11] hornet: fix TOCTOU in signed program verification
Fan Wu
- [PATCH] keys: Pin request_key_auth payload in instantiate paths
Jarkko Sakkinen
- [PATCH] keys: Pin request_key_auth payload in instantiate paths
Jarkko Sakkinen
- [PATCH] KEYS: fix overflow in keyctl_pkey_params_get_2()
Jarkko Sakkinen
- [PATCH] KEYS: fix overflow in keyctl_pkey_params_get_2()
Jarkko Sakkinen
- [PATCH v3 1/2] landlock: fix LANDLOCK_SCOPE_SIGNAL bypass via F_SETOWN to invoker's pgid
Mickaël Salaün
- [PATCH] KEYS: fix overflow in keyctl_pkey_params_get_2()
Jarkko Sakkinen
Last message date:
Sun May 31 17:04:50 UTC 2026
Archived on: Sun May 31 17:05:02 UTC 2026
This archive was generated by
Pipermail 0.09 (Mailman edition).