aboutsummaryrefslogtreecommitdiffstats
path: root/security
AgeCommit message (Expand)AuthorFilesLines
2025-05-12landlock: Improve bit operations in audit codeMickaël Salaün3-4/+34
2025-05-03landlock: Remove KUnit test that triggers a warningMickaël Salaün1-1/+1
2025-04-24Merge tag 'landlock-6.15-rc4' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds3-17/+16
2025-04-22ima: process_measurement() needlessly takes inode_lock() on MAY_READFrederick Lawler1-1/+3
2025-04-17landlock: Fix documentation for landlock_restrict_self(2)Mickaël Salaün1-6/+6
2025-04-17landlock: Fix documentation for landlock_create_ruleset(2)Mickaël Salaün1-8/+7
2025-04-15hardening: Disable GCC randstruct for COMPILE_TESTKees Cook1-1/+1
2025-04-11landlock: Log the TGID of the domain creatorMickaël Salaün1-2/+2
2025-04-08landlock: Remove incorrect warningMickaël Salaün1-1/+1
2025-04-01mseal sysmap: kernel config and header changeJeff Xu1-0/+21
2025-04-01Merge tag 'driver-core-6.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel...Linus Torvalds1-2/+5
2025-03-30Merge tag 'bpf-next-6.15' of git://git.kernel.org/pub/scm/linux/kernel/git/bp...Linus Torvalds2-9/+12
2025-03-29Merge tag 'v6.15-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert...Linus Torvalds1-1/+1
2025-03-28Merge tag 'landlock-6.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds25-264/+2283
2025-03-28Merge tag 'caps-pr-20250327' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds1-4/+5
2025-03-28Merge tag 'integrity-v6.15' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds2-6/+15
2025-03-28Merge tag 'ipe-pr-20250324' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds1-2/+6
2025-03-27ima: limit the number of ToMToU integrity violationsMimi Zohar2-4/+5
2025-03-27ima: limit the number of open-writers integrity violationsMimi Zohar2-2/+10
2025-03-26Merge tag 'sysctl-6.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds1-0/+11
2025-03-26landlock: Add LANDLOCK_RESTRICT_SELF_LOG_SUBDOMAINS_OFFMickaël Salaün3-7/+43
2025-03-26landlock: Add LANDLOCK_RESTRICT_SELF_LOG_*_EXEC_* flagsMickaël Salaün5-12/+63
2025-03-26landlock: Log scoped denialsMickaël Salaün5-18/+97
2025-03-26landlock: Log TCP bind and connect denialsMickaël Salaün3-4/+60
2025-03-26landlock: Log truncate and IOCTL denialsMickaël Salaün7-6/+307
2025-03-26landlock: Factor out IOCTL hooksMickaël Salaün1-21/+11
2025-03-26landlock: Log file-related denialsMickaël Salaün3-16/+233
2025-03-26landlock: Log mount-related denialsMickaël Salaün4-41/+74
2025-03-26landlock: Add AUDIT_LANDLOCK_DOMAIN and log domain statusMickaël Salaün6-4/+285
2025-03-26landlock: Add AUDIT_LANDLOCK_ACCESS and log ptrace denialsMickaël Salaün7-24/+336
2025-03-26landlock: Identify domain execution crossingMickaël Salaün3-6/+59
2025-03-26landlock: Prepare to use credential instead of domain for fownerMickaël Salaün3-21/+39
2025-03-26landlock: Prepare to use credential instead of domain for scopeMickaël Salaün1-24/+28
2025-03-26landlock: Prepare to use credential instead of domain for networkMickaël Salaün1-15/+12
2025-03-26landlock: Prepare to use credential instead of domain for filesystemMickaël Salaün2-30/+92
2025-03-26landlock: Move domain hierarchy managementMickaël Salaün4-34/+53
2025-03-26landlock: Add unique ID generatorMickaël Salaün5-0/+282
2025-03-26lsm: Add audit_log_lsm_data() helperMickaël Salaün1-9/+18
2025-03-26landlock: Always allow signals between threads of the same processMickaël Salaün3-6/+64
2025-03-25Merge tag 'Smack-for-6.15' of https://github.com/cschaufler/smack-nextLinus Torvalds4-52/+43
2025-03-25Merge tag 'selinux-pr-20250323' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds7-16/+73
2025-03-25Merge tag 'lsm-pr-20250323' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds4-6/+31
2025-03-24Merge tag 'hardening-v6.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds4-29/+36
2025-03-24ipe: policy_fs: fix kernel-doc warningsRandy Dunlap1-2/+6
2025-03-24Merge tag 'vfs-6.15-rc1.async.dir' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds1-4/+4
2025-03-24Merge tag 'vfs-6.15-rc1.mount' of git://git.kernel.org/pub/scm/linux/kernel/g...Linus Torvalds2-1/+4
2025-03-24Merge tag 'vfs-6.15-rc1.misc' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds1-1/+1
2025-03-22keys: Fix UAF in key_put()David Howells2-1/+5
2025-03-21landlock: Prepare to add second errataMickaël Salaün1-0/+12
2025-03-21landlock: Add erratum for TCP fixMickaël Salaün1-0/+15
2025-03-21landlock: Add the errata interfaceMickaël Salaün4-4/+138
2025-03-21landlock: Move code to ease future backportsMickaël Salaün1-5/+5
2025-03-21crypto: lib/Kconfig - hide library optionsArnd Bergmann1-1/+1
2025-03-17selinux: get netif_wildcard policycap from policy instead of cacheChristian Göttsche1-2/+1
2025-03-15security: Propagate caller information in bpf hooksBlaise Boscaccy2-9/+12
2025-03-10lsm: remove old email address for Stephen SmalleyStephen Smalley1-1/+1
2025-03-10Merge 6.14-rc6 into driver-core-nextGreg Kroah-Hartman6-10/+15
2025-03-08hardening: Enable i386 FORTIFY_SOURCE on Clang 16+Kees Cook1-1/+1
2025-03-08vfs: Remove invalidate_inodes()Jan Kara1-1/+1
2025-03-07capability: Remove unused has_capabilityDr. David Alan Gilbert1-4/+5
2025-03-07yama: don't abuse rcu_read_lock/get_task_struct in yama_task_prctl()Oleg Nesterov1-7/+2
2025-03-07selinux: support wildcard network interface namesChristian Göttsche4-4/+22
2025-03-03loadpin: remove MODULE_COMPRESS_NONE as it is no longer supportedArulpandiyan Vadivel1-1/+1
2025-02-28fortify: Move FORTIFY_SOURCE under 'Kernel hardening options'Mel Gorman2-9/+9
2025-02-28mm: security: Allow default HARDENED_USERCOPY to be set at compile timeMel Gorman1-0/+8
2025-02-28mm: security: Move hardened usercopy under 'Kernel hardening options'Mel Gorman2-12/+16
2025-02-27Change inode_operations.mkdir to return struct dentry *NeilBrown1-4/+4
2025-02-27selinux: add FILE__WATCH_MOUNTNSMiklos Szeredi2-1/+4
2025-02-26selinux: add permission checks for loading other kinds of kernel files"Kipp N. Davis"2-11/+51
2025-02-26Merge tag 'landlock-6.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds2-3/+2
2025-02-26Merge tag 'integrity-v6.14-fix' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds4-7/+13
2025-02-26perf: Remove unnecessary parameter of security checkLuo Gengkun2-4/+3
2025-02-17Merge 6.14-rc3 into driver-core-nextGreg Kroah-Hartman4-41/+117
2025-02-16smack: recognize ipv4 CIPSO w/o categoriesKonstantin Andreev1-0/+4
2025-02-16smack: Revert "smackfs: Added check catlen"Konstantin Andreev1-14/+3
2025-02-15kernfs: Use RCU to access kernfs_node::name.Sebastian Andrzej Siewior1-2/+5
2025-02-14landlock: Fix non-TCP sockets restrictionMikhail Ivanov1-2/+1
2025-02-14landlock: Fix grammar errorTanya Agarwal1-1/+1
2025-02-13smack: remove /smack/logging if audit is not configuredKonstantin Andreev3-6/+14
2025-02-13smack: ipv4/ipv6: tcp/dccp/sctp: fix incorrect child socket labelKonstantin Andreev1-24/+0
2025-02-12smack: dont compile ipv6 code unless ipv6 is configuredKonstantin Andreev2-1/+15
2025-02-11Smack: fix typos and spelling errorsCasey Schaufler4-7/+7
2025-02-11Merge tag 'tomoyo-pr-20250211' of git://git.code.sf.net/p/tomoyo/tomoyoLinus Torvalds4-41/+117
2025-02-07io_uring,lsm,selinux: add LSM hooks for io_uring_setup()Hamza Mahfooz3-1/+27
2025-02-07selinux: always check the file label in selinux_kernel_read_file()Paul Moore1-1/+1
2025-02-07security: min_addr: move sysctl to security/min_addr.cKaixiong Yu1-0/+11
2025-02-04ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattrRoberto Sassu2-2/+8
2025-02-04integrity: fix typos and spelling errorsTanya Agarwal3-5/+5
2025-02-03selinux: fix spelling errorTanya Agarwal1-1/+1
2025-01-31tomoyo: use better patterns for procfs in learning modeTetsuo Handa1-33/+112
2025-01-28treewide: const qualify ctl_tables where applicableconstfy-sysctl-6.14-rc1Joel Granados3-3/+3
2025-01-26Merge tag 'mm-nonmm-stable-2025-01-24-23-16' of git://git.kernel.org/pub/scm/...Linus Torvalds1-3/+1
2025-01-26tomoyo: fix spelling errorsTetsuo Handa2-7/+4
2025-01-26tomoyo: fix spelling errorTanya Agarwal1-1/+1
2025-01-23Merge tag 'fsnotify_hsm_for_v6.14-rc1' of git://git.kernel.org/pub/scm/linux/...Linus Torvalds1-1/+2
2025-01-23Merge tag 'bpf-next-6.14' of git://git.kernel.org/pub/scm/linux/kernel/git/bp...Linus Torvalds1-1/+0
2025-01-23Merge tag 'caps-6.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/se...Linus Torvalds1-20/+41
2025-01-22Merge tag 'AT_EXECVE_CHECK-v6.14-rc1' of git://git.kernel.org/pub/scm/linux/k...Linus Torvalds4-8/+87
2025-01-22Merge tag 'hardening-v6.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-0/+1
2025-01-22Merge tag 'tomoyo-pr-20250123' of git://git.code.sf.net/p/tomoyo/tomoyoLinus Torvalds2-3/+40
2025-01-22Merge tag 'landlock-6.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds6-140/+169
2025-01-22Merge tag 'keys-next-6.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/g...Linus Torvalds1-4/+18
2025-01-21Merge tag 'selinux-pr-20250121' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds21-165/+168
2025-01-21Merge tag 'lsm-pr-20250121' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds10-99/+130
2025-01-21Merge tag 'Smack-for-6.14' of https://github.com/cschaufler/smack-nextLinus Torvalds4-40/+15
2025-01-21Merge tag 'integrity-v6.14' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds5-3/+52
2025-01-21KEYS: trusted: dcp: fix improper sg use with CONFIG_VMAP_STACK=yDavid Gstir1-4/+18
2025-01-20Merge tag 'vfs-6.14-rc1.misc' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds1-1/+1
2025-01-17landlock: Optimize file path walks and prepare for audit supportMickaël Salaün1-17/+27
2025-01-17landlock: Align partial refer access checks with final onesMickaël Salaün1-1/+13
2025-01-17landlock: Simplify initially denied access rightsMickaël Salaün3-11/+19
2025-01-17landlock: Move access typesMickaël Salaün5-46/+68
2025-01-17landlock: Factor out check_access_path()Mickaël Salaün1-21/+11
2025-01-14landlock: Use scoped guards for ruleset in landlock_add_rule()Mickaël Salaün1-10/+4
2025-01-14landlock: Use scoped guards for rulesetMickaël Salaün3-29/+23
2025-01-14landlock: Constify get_mode_access()Mickaël Salaün1-1/+1
2025-01-14landlock: Handle weird filesMickaël Salaün1-6/+5
2025-01-12security: remove get_task_comm() and print task comm directlyYafang Shao1-3/+1
2025-01-08hardening: Document INIT_STACK_ALL_PATTERN behavior with GCCGeert Uytterhoeven1-0/+1
2025-01-07selinux: make more use of str_read() when loading the policyChristian Göttsche3-22/+12
2025-01-07selinux: avoid unnecessary indirection in struct level_datumChristian Göttsche3-17/+10
2025-01-07selinux: use known type instead of void pointerChristian Göttsche8-74/+77
2025-01-07selinux: rename comparison functions for clarityChristian Göttsche7-16/+16
2025-01-07selinux: rework match_ipv6_addrmask()Christian Göttsche1-7/+5
2025-01-07selinux: constify and reconcile function parameter namesChristian Göttsche4-6/+6
2025-01-07selinux: avoid using types indicating user space interactionChristian Göttsche2-2/+2
2025-01-07selinux: supply missing field initializersChristian Göttsche2-2/+2
2025-01-07Merge tag 'selinux-pr-20250107' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds5-38/+65
2025-01-06tomoyo: automatically use patterns for several situations in learning modeTetsuo Handa1-0/+30
2025-01-05lockdown: initialize local array before use to quiet static analysisTanya Agarwal1-1/+1
2025-01-04safesetid: check size of policy writesLeo Stone1-0/+3
2025-01-04lsm: rename variable to avoid shadowingChristian Göttsche1-2/+2
2025-01-04lsm: constify function parametersChristian Göttsche1-2/+2
2025-01-04security: remove redundant assignment to return variableColin Ian King1-3/+1
2025-01-04selinux: match extended permissions to their base permissionsThiébaud Weksteen5-38/+65
2025-01-04lsm: Only build lsm_audit.c if CONFIG_SECURITY and CONFIG_AUDIT are setMickaël Salaün2-1/+6
2025-01-03ima: ignore suffixed policy rule commentsMimi Zohar1-1/+1
2025-01-03ima: limit the builtin 'tcb' dont_measure tmpfs policy ruleMimi Zohar1-1/+2
2024-12-24ima: kexec: silence RCU list traversal warningBreno Leitao1-1/+2
2024-12-22vfs: support caching symlink lengths in inodesMateusz Guzik1-1/+1
2024-12-18ima: instantiate the bprm_creds_for_exec() hookMimi Zohar2-2/+54
2024-12-18security: Add EXEC_RESTRICT_FILE and EXEC_DENY_INTERACTIVE securebitsMickaël Salaün1-6/+23
2024-12-18exec: Add a new AT_EXECVE_CHECK flag to execveat(2)Mickaël Salaün1-0/+10
2024-12-18Merge tag 'selinux-pr-20241217' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-2/+6
2024-12-17tomoyo: use realpath if symlink's pathname refers to procfsTetsuo Handa1-2/+9
2024-12-16bpf: lsm: Remove hook to bpf_task_storage_freeSong Liu1-1/+0
2024-12-16tomoyo: don't emit warning in tomoyo_write_control()Tetsuo Handa1-1/+1
2024-12-15selinux: ignore unknown extended permissionsThiébaud Weksteen1-2/+6
2024-12-15selinux: add netlink nlmsg_type audit messageThiébaud Weksteen2-2/+5
2024-12-13selinux: add support for xperms in conditional policiesChristian Göttsche6-9/+26
2024-12-11selinux: Fix SCTP error inconsistency in selinux_socket_bind()Mikhail Ivanov1-1/+1
2024-12-11selinux: use native iterator typesChristian Göttsche3-4/+4
2024-12-11selinux: add generated av_permissions.h to targetsThomas Weißschuh1-4/+3
2024-12-11ima: Suspend PCR extends and log appends when rebootingStefan Berger3-0/+47
2024-12-10fsnotify: introduce pre-content permission eventsAmir Goldstein1-1/+2
2024-12-06smack: deduplicate access to string conversionKonstantin Andreev4-40/+15
2024-12-05Merge tag 'net-6.13-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/net...Linus Torvalds1-1/+1
2024-12-04security: add trace event for cap_capableJordan Rome1-13/+41
2024-12-04capabilities: remove cap_mmap_file()Paul Moore1-7/+0
2024-12-04lsm: secctx provider check on releaseCasey Schaufler2-16/+10
2024-12-04lsm: lsm_context in security_dentry_init_securityCasey Schaufler2-9/+8
2024-12-04lsm: use lsm_context in security_inode_getsecctxCasey Schaufler3-13/+16
2024-12-04lsm: replace context+len with lsm_contextCasey Schaufler5-59/+74
2024-12-04lsm: ensure the correct LSM context releaserCasey Schaufler4-9/+23
2024-12-02module: Convert symbol namespace to string literalPeter Zijlstra1-1/+1
2024-11-30Merge tag 'lsm-pr-20241129' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds1-4/+5
2024-11-30selinux: use sk_to_full_sk() in selinux_ip_output()Eric Dumazet1-1/+1
2024-11-26ima: uncover hidden variable in ima_match_rules()Casey Schaufler1-4/+5
2024-11-26apparmor: lift new_profile declaration to remove C23 extension warningJohn Johansen1-2/+1
2024-11-26apparmor: replace misleading 'scrubbing environment' phrase in debug printRyan Lee1-8/+8
2024-11-26parser: drop dead code for XXX_comb macrosJohn Johansen1-24/+0
2024-11-26apparmor: Remove unused parameter L1 in macro next_combJinjie Ruan1-2/+2
2024-11-26apparmor: audit_cap dedup based on subj_cred instead of profileRyan Lee1-6/+4
2024-11-26apparmor: add a cache entry expiration time aging out capability audit cacheRyan Lee1-3/+8
2024-11-26apparmor: document capability.c:profile_capable ad ptr not being NULLRyan Lee1-1/+1
2024-11-26apparmor: fix 'Do simple duplicate message elimination'chao liu1-0/+2
2024-11-26apparmor: document first entry is in packed perms struct is reservedJohn Johansen1-1/+4
2024-11-26apparmor: test: Fix memory leak for aa_unpack_strdup()Jinjie Ruan1-0/+6
2024-11-26apparmor: Remove deadcodeDr. David Alan Gilbert9-146/+0
2024-11-26apparmor: Remove unnecessary NULL check before kvfree()Thorsten Blum1-2/+1
2024-11-26apparmor: domain: clean up duplicated parts of handle_onexec()Leesoo Ahn1-26/+12
2024-11-26apparmor: Use IS_ERR_OR_NULL() helper functionHongbo Li1-1/+1
2024-11-26apparmor: add support for 2^24 states to the dfa state machine.John Johansen3-25/+83
2024-11-26apparmor: properly handle cx/px lookup failure for complainRyan Lee1-2/+7
2024-11-26apparmor: allocate xmatch for nullpdb inside aa_alloc_nullRyan Lee1-0/+1
2024-11-25Merge tag 'mm-nonmm-stable-2024-11-24-02-05' of git://git.kernel.org/pub/scm/...Linus Torvalds2-3/+3
2024-11-21Merge tag 'fsnotify_for_v6.13-rc1' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds1-8/+1
2024-11-19Merge tag 'v6.13-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert...Linus Torvalds1-3/+3
2024-11-18Merge tag 'lsm-pr-20241112' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds16-150/+252
2024-11-18Merge tag 'selinux-pr-20241112' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds13-197/+431
2024-11-18Merge tag 'pull-fd' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfsLinus Torvalds3-42/+18
2024-11-18Merge tag 'vfs-6.13.file' of git://git.kernel.org/pub/scm/linux/kernel/git/vf...Linus Torvalds1-1/+0
2024-11-12Merge tag 'integrity-v6.12' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds3-5/+16
2024-11-12Merge tag 'landlock-6.12-rc7' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds5-57/+96
2024-11-09landlock: Optimize scope enforcementMickaël Salaün1-3/+15
2024-11-09landlock: Refactor network access mask managementMickaël Salaün1-22/+6
2024-11-09landlock: Refactor filesystem access mask managementMickaël Salaün3-32/+75
2024-11-05security: replace memcpy() with get_task_comm()Yafang Shao2-3/+3
2024-11-04KEYS: trusted: dcp: fix NULL dereference in AEAD crypto operationDavid Gstir1-4/+5
2024-11-04security/keys: fix slab-out-of-bounds in key_task_permissionChen Ridong1-2/+5
generated by cgit 1.2.3-korg (git 2.43.0) at 2026-02-05 16:48:30 +0000