May 2026 Archives by thread
Starting: Fri May 1 01:51:00 UTC 2026
Ending: Sun May 31 17:04:50 UTC 2026
Messages: 654
- [PATCH] ima: debugging late_initcall_sync measurements
Mimi Zohar
- [PATCH bpf-next 1/2] bpf: add bpf_init_inode_xattr kfunc for atomic inode labeling
David Windsor
- [PATCH ported/repost v2] security,fs,nfs,net: update security_inode_listsecurity() interface
Paul Moore
- [PATCH] lockdown: remove useless decrement operation
Kalevi Kolttonen
- [GIT PULL] selinux/selinux-pr-20260501
Paul Moore
- [PATCH v4 0/7] landlock: Add UDP access control support
Matthieu Buffet
- [PATCH v4 2/7] landlock: Add UDP connect() access control
Matthieu Buffet
- [PATCH v4 3/7] landlock: Add UDP send access control
Matthieu Buffet
- [PATCH v4 4/7] selftests/landlock: Add UDP bind/connect tests
Matthieu Buffet
- [PATCH v4 5/7] selftests/landlock: Add tests for sendmsg()
Matthieu Buffet
- [PATCH v4 6/7] samples/landlock: Add sandboxer UDP access control
Matthieu Buffet
- [PATCH v4 7/7] landlock: Add documentation for UDP support
Matthieu Buffet
- [PATCH 1/3] apparmor: Fix return in ns_mkdir_op
Hongling Zeng
- [PATCH v2 1/2] bpf: add bpf_init_inode_xattr kfunc for atomic inode labeling
David Windsor
- [PATCH RESEND] keys: use kmalloc_flex in user_preparse
Thorsten Blum
- [PATCH v5 09/13] ima: Add support for staging measurements with prompt
Roberto Sassu
- [PATCH v2 0/4] Firmware LSM hook
Paul Moore
- [v6 10/10] ipe: Add BPF program load policy enforcement via Hornet integration
Fan Wu
- [PATCH v5 00/14] module: Introduce hash-based integrity checking
Thomas Weißschuh
- [PATCH v5 01/14] kbuild: generate module BTF based on vmlinux.unstripped
Thomas Weißschuh
- [PATCH v5 02/14] lockdown: Make the relationship to MODULE_SIG a dependency
Thomas Weißschuh
- [PATCH v5 03/14] kbuild: rename the strip_relocs command
Thomas Weißschuh
- [PATCH v5 04/14] module: Drop pointless debugging message
Thomas Weißschuh
- [PATCH v5 05/14] module: Make mod_verify_sig() static
Thomas Weißschuh
- [PATCH v5 06/14] module: Switch load_info::len to size_t
Thomas Weißschuh
- [PATCH v5 08/14] module: Move authentication logic into dedicated new file
Thomas Weißschuh
- [PATCH v5 09/14] module: Move signature type check out of mod_check_sig()
Thomas Weißschuh
- [PATCH v5 10/14] module: Prepare for additional module authentication mechanisms
Thomas Weißschuh
- [RFC PATCH 0/3] initalise ff-a after finalising pKVM
Yeoreum Yun
- [PATCH 02/14] security/Kconfig.hardening: Remove tautological condition from CC_HAS_ZERO_CALL_USED_REGS
Nicolas Schier
- [PATCH 03/14] security/Kconfig.hardening: Remove tautological condition from FORTIFY_SOURCE
Nicolas Schier
- [PATCH 04/14] security/Kconfig.hardening: Remove tautological condition from CC_HAS_RANDSTRUCT
Nicolas Schier
- [PATCH v5 11/13] ima: Support staging and deleting N measurements entries
steven chen
- [PATCH] Documentation: fix typo and formattting in security/credentials.rst
Mayank Gite
- [PATCH] rust: cred: add safe abstractions for capable() and ns_capable()
Arnav Sharma
- [PATCH v3 0/2] Delete task_euid()
Alice Ryhl
- [PATCH v3 1/2] rust: task: clarify comments on task UID accessors
Alice Ryhl
- [PATCH v5 00/13] ima: Introduce staging mechanism
steven chen
- [PATCH v7 00/10] Reintroduce Hornet LSM
Blaise Boscaccy
- [v6 00/10] Reintroduce Hornet LSM
Paul Moore
- [GIT PULL] selinux/selinux-pr-20260507
Paul Moore
- [RFC PATCH v4 01/19] landlock: Support socket access-control
Mickaël Salaün
- [RFC PATCH v1 11/11] landlock: Add documentation for capability and namespace restrictions
Günther Noack
- [RFC PATCH v1 05/11] landlock: Enforce namespace entry restrictions
Günther Noack
- [RFC PATCH v1 06/11] landlock: Enforce capability restrictions
Günther Noack
- [PATCH 0/4] firmware: arm_ffa: Move core init to platform driver probe
Sudeep Holla
- [RFC PATCH v3 4/4] Revert "firmware: arm_ffa: Change initcall level of ffa_init() to rootfs_initcall"
Sudeep Holla
- [PATCH v2 1/7] lsm: Add granular mount hooks to replace security_sb_mount
Paul Moore
- [PATCH v3 0/7] lsm: Replace security_sb_mount with granular mount hooks
Song Liu
- [PATCH 0/3] security, sched: Expand task_setscheduler LSM hook and related fixes
Aaron Tomlin
- [PATCH v2 0/3] security, sched: Expand task_setscheduler LSM hook and related fixes
Aaron Tomlin
- [syzbot] Monthly lsm report (Apr 2026)
Jarkko Sakkinen
- [BUG] lsm= with bpf before selinux breaks fscreate with EINVAL
Vitaly Chikunov
- [PATCH 0/2] smack: fix incorrect task context in smack_msg_queue_msgrcv
Konstantin Andreev
- [PATCH RFC 0/5] memcg: dma-buf per-cgroup accounting via pid_fd
Albert Esteve
- [PATCH RFC 1/5] memcg: Track exported dma-buffers
Albert Esteve
- [PATCH RFC 2/5] dma-heap: charge dma-buf memory via explicit memcg
Albert Esteve
- [PATCH RFC 4/5] selinux: Restrict cross-cgroup dma-heap charging
Albert Esteve
- [PATCH RFC 5/5] selftests/dmabuf-heaps: Add dma-buf memcg accounting tests
Albert Esteve
- [linus:master] [selftests] 465b05bae5: kernel-selftests.landlock.audit_test.audit.tsync_override_log_subdomains_off.fail
Thomas Weißschuh
- [PATCH v1 1/2] selftests/landlock: Filter dealloc records in audit_count_records()
Mickaël Salaün
- [PATCH v1 2/2] selftests/landlock: Increase default audit socket timeout
Mickaël Salaün
- [PATCH v1] landlock: Demonstrate best-effort allowed_access filtering
Mickaël Salaün
- [PATCH v2 0/3] landlock: Restrict renameat2 with RENAME_WHITEOUT
Günther Noack
- [PATCH v2 2/3] selftests/landlock: Add test for RENAME_WHITEOUT denial
Günther Noack
- [PATCH v2 3/3] selftests/landlock: Test OverlayFS renames w/o LANDLOCK_ACCESS_FS_MAKE_WHITEOUT
Günther Noack
- [PATCH v1] landlock: Account all audit data allocations to user space
Mickaël Salaün
- [PATCH] lsm: hold cred_guard_mutex for lsm_set_self_attr()
Stephen Smalley
- [linus:master] [landlock] 874c8f8382: kernel-selftests.landlock.audit_test.audit.thread.fail
Mickaël Salaün
- [PATCH] hornet: depend on CONFIG_SECURITY and CONFIG_BPF_SYSCALL
Paul Moore
- [PATCH] ipe: restore the kdoc comments for evaluate_property()
Paul Moore
- [QUESTION] move load_uefi_certs() and keyring initcall to earlier initcall
Yeoreum Yun
- [PATCH net 0/4] net: trust-after-modification fixes for IPv4 options + netlabel
Qi Tang
- [PATCH net 3/4] netlabel: validate CALIPSO option against skb tail in netlbl_skbuff_getattr
Qi Tang
- [PATCH net 4/4] netlabel: validate CIPSO option against skb tail in netlbl_skbuff_getattr
Qi Tang
- [PATCH] killswitch: add per-function short-circuit mitigation primitive
Paul Moore
- [PATCH] apparmor: hold peer path references in aa_unix_file_perm()
Zhang Cen
- [PATCH v4 0/7] lsm: Replace security_sb_mount with granular mount hooks
Song Liu
- [PATCH] keys/trusted_keys: mark 'migratable' as __ro_after_init
Len Bao
- [PATCH] landlock: Documentation wording cleanups
Günther Noack
- [PATCH v2 00/16] Bump minimum version of LLVM for building the kernel to 17.0.1
Nathan Chancellor
- [PATCH v2 05/17] tracing: Add __print_untrusted_str()
Mickaël Salaün
- [bug report] keys: request_key_auth payload use-after-free in keyctl_instantiate_key_common()
Shaomin Chen
- [RFC] TID v2.0: kernel module for cache-line zeroization against Flush+Reload (CLFLUSHOPT + LFENCE + REP STOSQ)
Jann Horn
- [GIT PULL] lsm/lsm-pr-20260519
Paul Moore
- [PATCH] bpf: reject NULL data/sig in bpf_verify_pkcs7_signature
KP Singh
- [PATCH] landlock: avoid memcpy static check warning
Arnd Bergmann
- [PATCH] bpf, libbpf: reject non-exclusive metadata maps in the signed loader
KP Singh
- [PATCH v2] bpf: reject NULL data/sig in bpf_verify_pkcs7_signature
KP Singh
- [PATCH 0/3] security: replace __get_free_pages() call with kmalloc()
Mike Rapoport (Microsoft)
- [PATCH 1/3] selinux: use k[mz]alloc() to allocate temporary buffers
Mike Rapoport (Microsoft)
- [PATCH 2/3] selinux: hooks: use __getname() to allocate path buffer
Mike Rapoport (Microsoft)
- [PATCH 3/3] apparmor: replace get_zeroed_page() with kzalloc()
Mike Rapoport (Microsoft)
- [PATCH v5 01/13] ima: Remove ima_h_table structure
Mimi Zohar
- [PATCH v5 02/13] ima: Replace static htable queue with dynamically allocated array
Mimi Zohar
- [PATCH v5 03/13] ima: Introduce per binary measurements list type ima_num_entries counter
Mimi Zohar
- [PATCH v5 04/13] ima: Introduce per binary measurements list type binary_runtime_size value
Mimi Zohar
- [PATCH v5 05/13] ima: Introduce _ima_measurements_start() and _ima_measurements_next()
Mimi Zohar
- [PATCH v5 06/13] ima: Mediate open/release method of the measurements list
Mimi Zohar
- [PATCH v5 07/13] ima: Use snprintf() in create_securityfs_measurement_lists
Mimi Zohar
- [PATCH v5 08/13] ima: Introduce ima_dump_measurement()
Mimi Zohar
- [PATCH] apparmor: Fix inverted comparison in cache_hold_inc()
Eduardo Vasconcelos
- [PATCH 00/11] Convert moduleparams to seq_buf
Kees Cook
- [PATCH 08/11] params: Convert generic kernel_param_ops .get helpers to seq_buf
Kees Cook
- [PATCH v2] apparmor: Fix inverted comparison in cache_hold_inc()
Eduardo Vasconcelos
- [PATCH v2 0/2] gen_loader fixes
KP Singh
- [PATCH v2 2/2] bpf, libbpf: reject non-exclusive metadata maps in the signed loader
bot+bpf-ci at kernel.org
- [PATCH v5 10/13] ima: Add support for flushing the hash table when staging measurements
Mimi Zohar
- [PATCH 0/6] landlock: Add scoped access bit for SysV message queues
Justin Suess
- [PATCH 1/6] landlock: Add kern_ipc_perm credential blob structs
Justin Suess
- [PATCH 2/6] landlock: Add LANDLOCK_SCOPE_SYSV_MSG_QUEUE
Justin Suess
- [PATCH 3/6] landlock: Bump ABI for LANDLOCK_SCOPE_SYSV_MSG_QUEUE
Justin Suess
- [PATCH 4/6] selftests/landlock: Test LANDLOCK_SCOPE_SYSV_MSG_QUEUE
Justin Suess
- [PATCH 5/6] samples/landlock: Support LANDLOCK_SCOPE_SYSV_MSG_QUEUE in sandboxer
Justin Suess
- [PATCH 6/6] landlock: Document LANDLOCK_SCOPE_SYSV_MESSAGE_QUEUE
Justin Suess
- [linux-next:master] BUILD REGRESSION 550604d6c9b9efc8d068aff94dc301694a7afdee
kernel test robot
- [PATCH] tpm-buf: memory-safe allocations
Jarkko Sakkinen
- [net-next] netlabel: fix IPv6 unlabeled address add error handling
Chenguang Zhao
- [PATCH bpf-next 00/13] Signed BPF + IPE Policies
KP Singh
- [PATCH bpf-next 03/13] bpf, libbpf: load prog BTF in the skel_internal loader
KP Singh
- [PATCH bpf-next 05/13] bpf: compute prog->digest at BPF_PROG_LOAD entry
KP Singh
- [PATCH bpf-next 06/13] bpf: resolve loader-style kfunc CALLs against prog BTF
KP Singh
- [PATCH bpf-next 07/13] libbpf: generate prog BTF for loader programs
KP Singh
- [PATCH bpf-next 08/13] bpftool gen: embed loader prog BTF in the lskel header
KP Singh
- [PATCH bpf-next 09/13] lsm: add bpf_prog_load_post_integrity hook
KP Singh
- [PATCH bpf-next 12/13] ipe: gate post-integrity BPF program loads
KP Singh
- [PATCH bpf-next 13/13] selftests/bpf: add IPE BPF policy integration tests
KP Singh
- [net-next] netlabel: validate unlabeled mask attribute length
Chenguang Zhao
- [ANN] Linux Security Summit Europe 2026 CfP
Reshetova, Elena
- [PATCH v3] keys/trusted_keys: move TPM-specific fields into trusted_tpm_options
Srish Srinivasan
- [PATCH bpf v3 0/2] gen_loader fixes
KP Singh
- [PATCH] crypto: pkcs7: export verify_pkcs7_message_sig() as EXPORT_SYMBOL_GPL
Paul Moore
- [PATCH] lsm,bpf: fix security_bpf_prog_load() error handling
Paul Moore
- [RFC PATCH] ipe: support multiple BPF integrity verification LSMs
Paul Moore
- [PATCH v8 1/9] landlock: Add a place for flags to layer rules
Mickaël Salaün
- [PATCH net v2 0/4] net: trust-after-modification fixes for IPv4 options + netlabel
Qi Tang
- [PATCH v8 0/3]
Jarkko Sakkinen
- [PATCH] apparmor: Constify 'nulldfa_src' and 'stacksplitdfa_src' arrays
Len Bao
- [PATCH v8 2/9] landlock: Add API support and docs for the quiet flags
Mickaël Salaün
- [PATCH 0/2] smack: restrict smackfs/{direct,mapped} values to 0-255
Konstantin Andreev
- [PATCH] Fix various spelling mistakes
fffsqian at 163.com
- [PATCH v4 0/3] introduce IMA_INIT_LATE_SYNC option
Yeoreum Yun
- [PATCH v8 3/9] landlock: Suppress logging when quiet flag is present
Mickaël Salaün
- [PATCH] apparmor: fix use-after-free in rawdata dedup loop
Ruslan Valiyev
- [PATCH] tomoyo: Fix NULL pointer dereference in tomoyo_init_request_info() when domain is NULL
Jiakai Xu
- [PATCH v2 1/2] security: apparmor: fix two spelling mistakes
fffsqian at 163.com
- [PATCH v2 2/2] security: smack: fix spelling mistake
fffsqian at 163.com
- [PATCH] keys: Pin request_key_auth payload in instantiate paths
Shaomin Chen
- [PATCH] firmware: arm_ffa: Treat missing FF-A feature on a platform as a probe miss
Sudeep Holla
- [PATCH v2 10/17] landlock: Set audit_net.sk for socket access checks
Mickaël Salaün
- [PATCH v5 12/13] ima: Return error on deleting measurements already copied during kexec
Mimi Zohar
- [PATCH v3] security: Expand task_setscheduler LSM hook to include CPU affinity mask
Aaron Tomlin
- [PATCH RESEND 0/1] yama: clean-up ptrace relations upon activating YAMA_SCOPE_NO_ATTACH
Ethan Ferguson
- [PATCH v5 13/13] doc: security: Add documentation of the IMA staging mechanism
Mimi Zohar
- [PATCH v2 06/17] landlock: Add create_ruleset and free_ruleset tracepoints
Justin Suess
- security_task_prctl: why -ENOSYS
William Roberts
- [PATCH v9 0/9] Implement LANDLOCK_ADD_RULE_QUIET
Tingmao Wang
- [PATCH v9 3/9] landlock: Suppress logging when quiet flag is present
Tingmao Wang
- [syzbot] Monthly lsm report (May 2026)
syzbot
- [PATCH v2 0/9] Landlock: Namespace and capability control
Mickaël Salaün
- [PATCH v2 1/9] security: add LSM blob and hooks for namespaces
Mickaël Salaün
- [PATCH v2 2/9] security: Add LSM_AUDIT_DATA_NS for namespace audit records
Mickaël Salaün
- [PATCH v2 3/9] landlock: Wrap per-layer access masks in struct layer_config
Mickaël Salaün
- [PATCH v2 4/9] landlock: Enforce namespace use restrictions
Mickaël Salaün
- [PATCH v2 5/9] landlock: Enforce capability restrictions
Mickaël Salaün
- [PATCH v2 6/9] selftests/landlock: Add namespace restriction tests
Mickaël Salaün
- [PATCH v2 7/9] selftests/landlock: Add capability restriction tests
Mickaël Salaün
- [PATCH v2 8/9] samples/landlock: Add capability and namespace restriction support
Mickaël Salaün
- [PATCH v2 9/9] landlock: Add documentation for capability and namespace restrictions
Mickaël Salaün
- [PATCH net v2] netlabel: validate unlabeled mask attribute length
Chenguang Zhao
- [PATCH 00/11] hornet: security, tooling and selftest fixes
Blaise Boscaccy
- [PATCH 06/11] hornet: gen_sig: fix error string allocations
Blaise Boscaccy
- [PATCH 6.12.y] landlock: Fix TCP handling of short AF_UNSPEC addresses
Maximilian Heyne
- [PATCH v5 0/8] lsm: Replace security_sb_mount with granular mount hooks
Song Liu
- [PATCH] landlock: fix LANDLOCK_SCOPE_SIGNAL bypass via F_SETOWN to invoker's pgid
hexlabsecurity at proton.me
- [PATCH v8 00/10] Implement LANDLOCK_ADD_RULE_NO_INHERIT
Justin Suess
- [BUG] apparmor: AA_BUG aa_policy_destroy on aa_alloc_profile error path
Farhad Alemi
- [PATCH] KEYS: Use acquire when reading state in keyring search
Gui-Dong Han
- [REPORT] landlock: SCOPE_SIGNAL bypass via F_SETOWN to invoker pgid -> SIGIO/SIGKILL to non-sandboxed targets
hexlabsecurity at proton.me
- [PATCH v4 0/2] Delete task_euid()
Alice Ryhl
- [PATCH v3 1/2] landlock: fix LANDLOCK_SCOPE_SIGNAL bypass via F_SETOWN to invoker's pgid
hexlabsecurity at proton.me
- [PATCH v3 2/2] selftests/landlock: test SCOPE_SIGNAL on the SIGIO/fowner pgid path
hexlabsecurity at proton.me
- [syzbot] [lsm?] KASAN: slab-use-after-free Read in security_inode_follow_link
syzbot
- [PATCH] selftests/landlock: explicitly disable audit
Maximilian Heyne
- [PATCH] KEYS: fix overflow in keyctl_pkey_params_get_2()
Jarkko Sakkinen
Last message date:
Sun May 31 17:04:50 UTC 2026
Archived on: Sun May 31 17:05:02 UTC 2026
This archive was generated by
Pipermail 0.09 (Mailman edition).