aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/security
AgeCommit message (Expand)AuthorFilesLines
2023-10-19KEYS: trusted: Remove redundant static calls usageSumit Garg1-8/+5
2023-10-19KEYS: trusted: allow use of kernel RNG for key materialAhmad Fatoum1-1/+34
2023-10-10ima: rework CONFIG_IMA dependency blockArnd Bergmann1-12/+6
2023-10-10ima: Finish deprecation of IMA_TRUSTED_KEYRING KconfigOleksandr Tymoshenko1-2/+2
2023-10-06Smack:- Use overlay inode label in smack_inode_copy_up()Vishal Goel1-1/+1
2023-10-06smack: Retrieve transmuting information in smack_inode_getsecurity()Roberto Sassu1-4/+18
2023-10-06smack: Record transmuting in smk_transmutedRoberto Sassu2-12/+30
2023-09-19smackfs: Prevent underflow in smk_set_cipso()Dan Carpenter1-1/+1
2023-09-19ima: Remove deprecated IMA_TRUSTED_KEYRING KconfigNayna Jain1-12/+0
2023-09-19of: kexec: Mark ima_{free,stable}_kexec_buffer() as __initNathan Chancellor2-2/+2
2023-09-19security: keys: perform capable check only on privileged operationsChristian Göttsche1-3/+8
2023-08-30selinux: set next pointer before attaching to listChristian Göttsche1-1/+1
2023-07-27security: keys: Modify mismatched function nameJiapeng Chong1-1/+1
2023-07-27keys: Fix linking a duplicate key to a keyring's assoc_arrayPetr Pavlu1-11/+24
2023-07-23integrity: Fix possible multiple allocation in integrity_inode_get()Tianjia Zhang1-6/+9
2023-07-23apparmor: fix missing error check for rhashtable_insert_fastDanila Chernetsov1-2/+7
2023-07-23ima: Fix build warningsRoberto Sassu2-1/+5
2023-07-23evm: Fix build warningsRoberto Sassu2-2/+2
2023-07-23evm: Complete description of evm_inode_setattr()Roberto Sassu1-0/+2
2023-06-09selinux: don't use make's grouped targets feature yetPaul Moore1-1/+5
2023-05-11selinux: ensure av_permissions.h is built when neededPaul Moore1-1/+1
2023-05-11selinux: fix Makefile dependencies of flask.hOndrej Mosnacek1-2/+2
2023-05-11IMA: allow/fix UML buildsRandy Dunlap1-1/+1
2023-03-30keys: Do not cache key in task struct if key is requested from kernel threadDavid Howells1-3/+6
2023-03-10ima: Align ima_file_mmap() parameters with mmap_file LSM hookRoberto Sassu2-5/+9
2023-02-01tomoyo: fix broken dependency on *.conf.defaultMasahiro Yamada1-1/+1
2023-01-12device_cgroup: Roll back to original exceptions after copy failureWang Weiyang1-4/+29
2023-01-12ima: Fix a potential NULL pointer access in ima_restore_measurement_listHuaxin Lu1-1/+4
2023-01-12efi: Add iMac Pro 2017 to uefi skip cert quirkAditya Garg1-0/+1
2022-12-31security: Restrict CONFIG_ZERO_CALL_USED_REGS to gcc or clang > 15.0.6Nathan Chancellor1-0/+3
2022-12-31ima: Simplify ima_lsm_copy_ruleGUO Zihua1-7/+3
2022-12-31LoadPin: Ignore the "contents" argument of the LSM hooksKees Cook1-12/+18
2022-12-31apparmor: Fix memleak in alloc_ns()Xiu Jianfeng1-1/+1
2022-12-31apparmor: Use pointer to struct aa_label for lbs_credXiu Jianfeng1-2/+2
2022-12-31apparmor: Fix abi check to include v8 abiJohn Johansen1-1/+1
2022-12-31apparmor: fix lockdep warning when removing a namespaceJohn Johansen1-1/+1
2022-12-31apparmor: fix a memleak in multi_transaction_new()Gaosheng Cui1-1/+3
2022-12-31ima: Fix misuse of dereference of pointer in template_desc_init_fields()Xiu Jianfeng1-2/+2
2022-12-31integrity: Fix memory leakage in keyring allocation error pathGUO Zihua1-1/+5
2022-12-31ima: Handle -ESTALE returned by ima_filter_rule_match()GUO Zihua1-9/+32
2022-11-10capabilities: fix potential memleak on error path from vfs_getxattr_alloc()Gaosheng Cui1-2/+4
2022-10-29selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context()GONG, Ruiqi3-5/+6
2022-10-26ima: fix blocking of security.ima xattrs of unsupported algorithmsMimi Zohar1-4/+8
2022-10-26hardening: Remove Clang's enable flag for -ftrivial-auto-var-init=zeroKees Cook1-4/+10
2022-10-26hardening: Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZEROKees Cook1-1/+4
2022-10-15efi: Correct Macmini DMI match in uefi cert quirkOrlando Chamberlain1-1/+1
2022-08-25apparmor: Fix memleak in aa_simple_write_to_buffer()Xiu Jianfeng1-1/+1
2022-08-25apparmor: fix reference count leak in aa_pivotroot()Xin Xiong1-0/+1
2022-08-25apparmor: fix overlapping attachment computationJohn Johansen2-2/+2
2022-08-25apparmor: fix setting unconfined mode on a loaded profileJohn Johansen1-5/+7
2022-08-25apparmor: fix aa_label_asxprint return checkTom Rix1-3/+3
2022-08-25apparmor: Fix failed mount permission check error messageJohn Johansen1-3/+4
2022-08-25apparmor: fix absroot causing audited secids to begin with =John Johansen2-3/+9
2022-08-25apparmor: fix quiet_denied for file rulesJohn Johansen1-1/+1
2022-08-17selinux: Add boundary check in put_entry()Xiu Jianfeng1-0/+2
2022-08-17selinux: fix memleak in security_read_state_kernel()Xiu Jianfeng1-1/+8
2022-07-29lockdown: Fix kexec lockdown bypass with ima policyEric Snowberg1-0/+4
2022-07-23x86/retbleed: Add fine grained Kconfig knobsPeter Zijlstra1-11/+0
2022-07-21ima: Fix potential memory leak in ima_init_crypto()Jianglei Nie1-0/+1
2022-07-21ima: force signature verification when CONFIG_KEXEC_SIG is configuredCoiby Xu1-0/+2
2022-07-21ima: Fix a potential integer overflow in ima_appraise_measurementHuaxin Lu1-1/+2
2022-07-21Revert "evm: Fix memleak in init_desc"Xiu Jianfeng1-5/+2
2022-07-02fs: support mapped mounts of mapped filesystemsChristian Brauner1-5/+4
2022-07-02fs: use low-level mapping helpersChristian Brauner1-5/+8
2022-07-02fs: move mapping helpersChristian Brauner1-0/+1
2022-06-14KEYS: trusted: tpm2: Fix migratable logicDavid Safford1-2/+2
2022-06-09ima: remove the IMA_TEMPLATE Kconfig optionGUO Zihua1-8/+6
2022-06-09landlock: Fix same-layer rule unionsMickaël Salaün2-26/+54
2022-06-09landlock: Create find_rule() from unmask_layers()Mickaël Salaün1-13/+28
2022-06-09landlock: Reduce the maximum number of layers to 16Mickaël Salaün3-11/+12
2022-06-09landlock: Define access_mask_t to enforce a consistent access mask sizeMickaël Salaün5-15/+30
2022-06-09landlock: Change landlock_restrict_self(2) check orderingMickaël Salaün1-4/+4
2022-06-09landlock: Change landlock_add_rule(2) argument check orderingMickaël Salaün1-9/+13
2022-06-09landlock: Fix landlock_add_rule(2) documentationMickaël Salaün1-4/+3
2022-06-09landlock: Format with clang-formatMickaël Salaün10-136/+142
2022-06-09landlock: Add clang-format exceptionsMickaël Salaün2-0/+6
2022-06-09efi: Do not import certificates from UEFI Secure Boot for T2 MacsAditya Garg2-0/+41
2022-05-25lockdown: also lock down previous kgdb useDaniel Thompson1-0/+2
2022-05-25selinux: fix bad cleanup on error in hashtab_duplicate()Ondrej Mosnacek1-1/+2
2022-04-08Fix incorrect type in assignment of ipv6 port for auditCasey Schaufler1-1/+1
2022-04-08selinux: allow FIOCLEX and FIONCLEX with policy capabilityRichard Haines4-1/+16
2022-04-08selinux: use correct type for context lengthChristian Göttsche1-1/+1
2022-04-08LSM: general protection fault in legacy_parse_paramCasey Schaufler2-5/+17
2022-04-08TOMOYO: fix __setup handlers return valuesRandy Dunlap1-2/+2
2022-04-08KEYS: trusted: Avoid calling null function trusted_key_exitDave Kleikamp1-1/+1
2022-04-08KEYS: trusted: Fix trusted key backends when building as moduleAndreas Rammhold1-2/+2
2022-04-08EVM: fix the evm= __setup handler return valueRandy Dunlap1-1/+1
2022-04-08selinux: Fix selinux_sb_mnt_opts_compat()Scott Mayhew1-34/+41
2022-04-08selinux: check return value of sel_make_avc_filesChristian Göttsche1-0/+2
2022-04-08selinux: access superblock_security_struct in LSM blob wayGONG, Ruiqi1-2/+2
2022-04-08landlock: Use square brackets around "landlock-ruleset"Christian Brauner1-1/+1
2022-04-08KEYS: fix length validation in keyctl_pkey_params_get_2()Eric Biggers1-3/+11
2022-03-02selinux: fix misuse of mutex_is_locked()Ondrej Mosnacek1-2/+2
2022-02-16ima: Do not print policy rule with inactive LSM labelsStefan Berger1-0/+8
2022-02-16ima: Allow template selection with ima_template[_fmt]= after ima_hash=Roberto Sassu1-3/+7
2022-02-16ima: Remove ima_policy file before directoryStefan Berger1-1/+1
2022-02-16ima: fix reference leak in asymmetric_verify()Eric Biggers1-6/+9
2022-02-16integrity: check the return value of audit_log_start()Xiaoke Wang1-0/+2
2022-02-08selinux: fix double free of cond_list on error pathsVratislav Bendel1-1/+2
2022-01-27selinux: fix potential memleak in selinux_add_opt()Bernard Zhao1-2/+10
2022-01-05selinux: initialize proto variable in selinux_ip_postroute_compat()Tom Rix1-1/+1
2022-01-05tomoyo: use hwight16() in tomoyo_domain_quota_is_ok()Tetsuo Handa1-10/+7
2022-01-05tomoyo: Check exceeded quota early in tomoyo_domain_quota_is_ok().Dmitry Vyukov1-7/+7
2021-12-22selinux: fix sleeping function called from invalid contextScott Mayhew1-14/+19
2021-11-25selinux: fix NULL-pointer dereference when hashtab allocation failsOndrej Mosnacek1-5/+12
2021-11-21fortify: Explicitly disable Clang supportKees Cook1-0/+3
2021-11-18apparmor: fix error checkTom Rix1-2/+2
2021-11-18smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doiTetsuo Handa1-1/+1
2021-11-18ima: fix deadlock when traversing "ima_default_rules".liqiong1-9/+18
2021-11-18smackfs: use __GFP_NOFAIL for smk_cipso_doi()Tetsuo Handa1-3/+1
2021-11-18smackfs: Fix use-after-free in netlbl_catmap_walk()Pawan Gupta1-1/+4
2021-11-18evm: mark evm_fixmode as __ro_after_initAustin Kim1-1/+1
2021-11-18selinux: fix race condition when computing ocontext SIDsOndrej Mosnacek1-85/+77
2021-11-12binder: use cred instead of task for selinux checksTodd Kjos2-42/+20
2021-10-21Merge branch 'ucount-fixes-for-v5.15' of git://git.kernel.org/pub/scm/linux/k...Linus Torvalds1-0/+8
2021-10-20ucounts: Move get_ucounts from cred_alloc_blank to key_change_session_keyringEric W. Biederman1-0/+8
2021-10-07Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/David S. Miller1-1/+3
2021-09-23selinux,smack: fix subjective/objective credential use mixupsPaul Moore2-4/+4
2021-09-14include/uapi/linux/xfrm.h: Fix XFRM_MSG_MAPPING ABI breakageEugene Syromiatnikov1-1/+3
2021-09-03Merge tag 'kbuild-v5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/mas...Linus Torvalds1-11/+0
2021-09-03Merge branch 'akpm' (patches from Andrew)Linus Torvalds1-4/+9
2021-09-03mm/pagemap: add mmap_assert_locked() annotations to find_vma*()Luigi Rizzo1-4/+9
2021-09-03security: remove unneeded subdir-$(CONFIG_...)Masahiro Yamada1-11/+0
2021-09-02Merge tag 'integrity-v5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds11-67/+320
2021-09-02Merge tag 'hardening-v5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-20/+51
2021-08-31Merge tag 'net-next-5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/ne...Linus Torvalds2-2/+6
2021-08-31Merge tag 'for-5.15/dm-changes' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-0/+1
2021-08-31Merge tag 'Smack-for-5.15' of git://github.com/cschaufler/smack-nextLinus Torvalds3-11/+10
2021-08-31Merge tag 'selinux-pr-20210830' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds2-0/+6
2021-08-30Merge tag 'efi-core-2021-08-30' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-1/+1
2021-08-27efi: Don't use knowledge about efi_guid_t internalsAndy Shevchenko1-1/+1
2021-08-23IMA: reject unknown hash algorithms in ima_get_hash_algoTHOBY Simon1-1/+2
2021-08-16IMA: prevent SETXATTR_CHECK policy rules with unavailable algorithmsTHOBY Simon1-0/+6
2021-08-16IMA: introduce a new policy option func=SETXATTR_CHECKTHOBY Simon4-17/+96
2021-08-16IMA: add a policy option to restrict xattr hash algorithms on appraisalTHOBY Simon1-4/+70
2021-08-16IMA: add support to restrict the hash algorithms used for file appraisalTHOBY Simon5-12/+41
2021-08-16IMA: block writes of the security.ima xattr with unsupported algorithmsTHOBY Simon2-4/+47
2021-08-16IMA: remove the dependency on CRYPTO_MD5THOBY Simon1-1/+0
2021-08-13Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski1-1/+2
2021-08-10dm ima: measure data on table loadTushar Sugandhi1-0/+1
2021-08-10bpf: Add lockdown check for probe_write_user helperDaniel Borkmann1-0/+1
2021-08-09bpf: Add _kernel suffix to internal lockdown_bpf_readDaniel Borkmann1-1/+1
2021-08-05Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski1-6/+4
2021-08-05Merge tag 'selinux-pr-20210805' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-6/+4
2021-08-02selinux: correct the return value when loads initial sidsXiu Jianfeng1-6/+4
2021-07-29mctp: Add MCTP baseJeremy Kerr2-2/+6
2021-07-23ima: Add digest and digest_len params to the functions to measure a bufferRoberto Sassu7-17/+36
2021-07-23ima: Return int in the functions to measure a bufferRoberto Sassu2-22/+28
2021-07-23ima: Introduce ima_get_current_hash_algo()Roberto Sassu1-1/+6
2021-07-23IMA: remove -Wmissing-prototypes warningAustin Kim1-1/+1
2021-07-20hardening: Clarify Kconfig text for auto-var-initKees Cook1-20/+32
2021-07-20hardening: Introduce CONFIG_ZERO_CALL_USED_REGSKees Cook1-0/+19
2021-07-20smack: mark 'smack_enabled' global variable as __initdataAustin Kim2-2/+2
2021-07-20Smack: Fix wrong semantics in smk_access_entry()Tianjia Zhang1-9/+8
2021-07-14selinux: return early for possible NULL audit buffersAustin Kim2-0/+6
2021-07-02Merge tag 'asm-generic-unaligned-5.14' of git://git.kernel.org/pub/scm/linux/...Linus Torvalds1-1/+1
2021-06-30Merge tag 'safesetid-5.14' of git://github.com/micah-morton/linuxLinus Torvalds2-2/+2
2021-06-30Merge tag 'Smack-for-5.14' of git://github.com/cschaufler/smack-nextLinus Torvalds2-5/+9
2021-06-30Merge tag 'audit-pr-20210629' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds1-1/+0
2021-06-30Merge tag 'selinux-pr-20210629' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds11-109/+81
2021-06-28Merge tag 'integrity-v5.14' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds18-75/+730
2021-06-21evm: Check xattr size discrepancy between kernel and userRoberto Sassu1-1/+7
2021-06-20evm: output EVM digest calculation infoMimi Zohar2-0/+47
2021-06-16tomoyo: fix doc warningsChenXiaoSong4-9/+9
2021-06-11audit: remove unnecessary 'ret' initializationAustin Kim1-1/+0
2021-06-11selinux: kill 'flags' argument in avc_has_perm_flags() and avc_audit()Al Viro3-31/+5
2021-06-11selinux: slow_avc_audit has become non-blockingAl Viro3-35/+10
2021-06-11selinux: Fix kernel-docYang Li1-1/+22
2021-06-11IMA: support for duplicate measurement recordsTushar Sugandhi2-2/+10
2021-06-11ima: Fix warning: no previous prototype for function 'ima_add_kexec_buffer'Lakshmi Ramasubramanian1-0/+1
2021-06-10selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVCMinchan Kim1-6/+7
2021-06-10ima: differentiate between EVM failures in the audit logMimi Zohar1-1/+2
2021-06-10LSM: SafeSetID: Mark safesetid_initialized as __initdataAustin Kim2-2/+2
2021-06-08ima: Fix fall-through warning for ClangGustavo A. R. Silva1-0/+1
2021-06-08ima: Pass NULL instead of 0 to ima_get_action() in ima_file_mprotect()Roberto Sassu1-1/+1
2021-06-08ima: Include header defining ima_post_key_create_or_update()Roberto Sassu1-0/+1
2021-06-08ima/evm: Fix type mismatchRoberto Sassu4-11/+12
2021-06-08ima: Set correct casting typesRoberto Sassu2-9/+10
2021-06-08Smack: fix doc warningChenXiaoSong1-1/+4
2021-06-03evm: Don't return an error in evm_write_xattrs() if audit is not enabledRoberto Sassu1-1/+1
2021-06-03ima: Define new template evm-sigRoberto Sassu1-1/+4
2021-06-02ima: Define new template fields xattrnames, xattrlengths and xattrvaluesRoberto Sassu4-0/+148
2021-06-01evm: Verify portable signatures against all protected xattrsRoberto Sassu4-12/+68
2021-06-01ima: Define new template field imodeRoberto Sassu3-0/+26
2021-06-01ima: Define new template fields iuid and igidRoberto Sassu3-0/+53
2021-06-01ima: Add ima_show_template_uint() template library functionRoberto Sassu2-1/+39
2021-06-01ima: Don't remove security.ima if file must not be appraisedRoberto Sassu1-2/+0
2021-06-01ima: Introduce template field evmsig and write to field sig as fallbackRoberto Sassu3-1/+36
2021-06-01ima: Allow imasig requirement to be satisfied by EVM portable signaturesRoberto Sassu1-7/+17
2021-06-01evm: Allow setxattr() and setattr() for unmodified metadataRoberto Sassu1-1/+112
2021-05-21evm: Pass user namespace to set/remove xattr hooksRoberto Sassu2-8/+13
2021-05-21evm: Allow xattr/attr operations for portable signaturesRoberto Sassu2-6/+29
2021-05-21evm: Introduce evm_hmac_disabled() to safely ignore verification errorsRoberto Sassu1-1/+38
2021-05-21evm: Introduce evm_revalidate_status()Roberto Sassu2-9/+46
2021-05-21evm: Refuse EVM_ALLOW_METADATA_WRITES only if an HMAC key is loadedRoberto Sassu1-4/+4
2021-05-21evm: Load EVM key in ima_load_x509() to avoid appraisalRoberto Sassu2-1/+7
2021-05-21evm: Execute evm_inode_init_security() only when an HMAC key is loadedRoberto Sassu1-2/+3
2021-05-20evm: fix writing <securityfs>/evm overflowMimi Zohar1-2/+3
2021-05-18Revert "Smack: Handle io_uring kernel thread privileges"Jens Axboe1-3/+2
2021-05-17apparmor: use get_unaligned() only for multi-byte wordsArnd Bergmann1-1/+1
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-22 11:36:40 +0000