aboutsummaryrefslogtreecommitdiffstats
path: root/security
AgeCommit message (Expand)AuthorFilesLines
2017-11-30Merge tag 'apparmor-pr-2017-11-30' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds1-5/+7
2017-11-27apparmor: fix oops in audit_signal_cb hookJohn Johansen1-5/+7
2017-11-27Rename superblock flags (MS_xyz -> SB_xyz)Linus Torvalds2-2/+2
2017-11-25Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/...Linus Torvalds1-2/+2
2017-11-23Merge branch 'next-keys' of git://git.kernel.org/pub/scm/linux/kernel/git/jmo...Linus Torvalds7-56/+47
2017-11-23Merge tag 'apparmor-pr-2017-11-21' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds11-71/+91
2017-11-24Merge tag 'keys-next-20171123' of git://git.kernel.org/pub/scm/linux/kernel/g...James Morris7-56/+47
2017-11-21treewide: Switch DEFINE_TIMER callbacks to struct timer_list *Kees Cook1-2/+2
2017-11-21apparmor: fix possible recursive lock warning in __aa_create_nsJohn Johansen5-21/+21
2017-11-21apparmor: fix locking when creating a new complain profile.John Johansen1-3/+15
2017-11-21apparmor: fix profile attachment for special unconfined profilesJohn Johansen1-1/+3
2017-11-21apparmor: ensure that undecidable profile attachments failJohn Johansen1-14/+32
2017-11-21apparmor: fix leak of null profile name if profile allocation failsJohn Johansen1-1/+2
2017-11-21apparmor: remove unused redundant variable stopColin Ian King1-3/+0
2017-11-21apparmor: Fix bool initialization/comparisonThomas Meyer1-4/+4
2017-11-21apparmor: initialized returned struct aa_permsArnd Bergmann3-22/+12
2017-11-21apparmor: fix spelling mistake: "resoure" -> "resource"Colin Ian King1-2/+2
2017-11-20ima: do not update security.ima if appraisal status is not INTEGRITY_PASSRoberto Sassu1-0/+3
2017-11-15Merge tag 'modules-for-v4.15' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds1-8/+8
2017-11-15Merge tag 'selinux-pr-20171113' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds5-36/+47
2017-11-15Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-nextLinus Torvalds5-67/+222
2017-11-15security: keys: Replace time_t with time64_t for struct key_preparsed_payloadBaolin Wang1-4/+4
2017-11-15security: keys: Replace time_t/timespec with time64_tBaolin Wang7-52/+43
2017-11-14Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert...Linus Torvalds1-39/+17
2017-11-13Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/ke...Linus Torvalds1-1/+1
2017-11-13Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/k...Linus Torvalds2-15/+4
2017-11-13Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds13-110/+108
2017-11-13Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds6-99/+220
2017-11-10Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller1-2/+2
2017-11-08ima: Remove redundant conditional operatorThiago Jung Bauermann1-2/+2
2017-11-08ima: Fix bool initialization/comparisonThomas Meyer2-4/+4
2017-11-08ima: check signature enforcement against cmdline param instead of CONFIGBruno E. O. Meneguele1-3/+3
2017-11-08ima: fix hash algorithm initializationBoshi Wang1-0/+4
2017-11-08EVM: Only complain about a missing HMAC key onceMatthew Garrett1-1/+1
2017-11-08EVM: Allow userspace to signal an RSA key has been loadedMatthew Garrett2-12/+20
2017-11-08EVM: Include security.apparmor in EVM measurementsMatthew Garrett1-0/+3
2017-11-08integrity: use kernel_read_file_from_path() to read x509 certsChristoph Hellwig4-56/+13
2017-11-08ima: always measure and audit files in policyMimi Zohar3-30/+56
2017-11-08ima: don't remove the securityfs policy fileMimi Zohar1-2/+2
2017-11-08apparmor: fix off-by-one comparison on MAXMAPPED_SIGJohn Johansen1-2/+2
2017-11-07Merge branch 'linus' into locking/core, to resolve conflictsIngo Molnar62-871/+96
2017-11-05device_cgroup: prepare code for bpf-based device controllerRoman Gushchin1-45/+2
2017-11-05device_cgroup: add DEVCG_ prefix to ACC_* and DEV_* constantsRoman Gushchin1-36/+36
2017-11-04Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller51-31/+80
2017-11-03ima: move to generic async completionGilad Ben-Yossef1-39/+17
2017-11-02Merge tag 'spdx_identifiers-4.14-rc8' of git://git.kernel.org/pub/scm/linux/k...Linus Torvalds49-0/+49
2017-11-02License cleanup: add SPDX GPL-2.0 license identifier to files with no licenseGreg Kroah-Hartman49-0/+49
2017-11-02KEYS: trusted: fix writing past end of buffer in trusted_read()Eric Biggers1-11/+12
2017-11-02KEYS: return full count in keyring_read() if buffer is too smallEric Biggers1-20/+19
2017-11-02Smack: Base support for overlayfsCasey Schaufler1-0/+79
2017-10-31treewide: Fix function prototypes for module_param_call()Kees Cook1-8/+8
2017-10-30Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller12-840/+16
2017-10-26Revert "apparmor: add base infastructure for socket mediation"Linus Torvalds12-840/+16
2017-10-24Merge tag 'v4.14-rc6' into locking/core, to pick up fixesIngo Molnar15-54/+90
2017-10-22Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller15-54/+90
2017-10-21tomoyo: fix timestamping for y2038Arnd Bergmann4-34/+13
2017-10-20selinux: bpf: Add addtional check for bpf object file receiveChenbo Feng1-0/+49
2017-10-20selinux: bpf: Add selinux check for eBPF syscall operationsChenbo Feng3-0/+117
2017-10-20security: bpf: Add LSM hooks for bpf object related syscallChenbo Feng1-0/+32
2017-10-20capabilities: audit log other surprising conditionsRichard Guy Briggs1-7/+22
2017-10-20capabilities: fix logic for effective root or real rootRichard Guy Briggs1-3/+2
2017-10-20capabilities: invert logic for clarityRichard Guy Briggs1-4/+4
2017-10-20capabilities: remove a layer of conditional logicRichard Guy Briggs1-13/+10
2017-10-20capabilities: move audit log decision to functionRichard Guy Briggs1-20/+30
2017-10-20capabilities: use intuitive names for id changesRichard Guy Briggs1-6/+22
2017-10-20capabilities: use root_priveleged inline to clarify logicRichard Guy Briggs1-2/+4
2017-10-20capabilities: rename has_cap to has_fcapRichard Guy Briggs1-10/+10
2017-10-20capabilities: intuitive names for cap gain statusRichard Guy Briggs1-7/+11
2017-10-20capabilities: factor out cap_bprm_set_creds privileged rootRichard Guy Briggs1-28/+48
2017-10-19commoncap: move assignment of fs_ns to avoid null pointer dereferenceColin Ian King1-1/+2
2017-10-19Merge commit 'tags/keys-fixes-20171018' into fixes-v4.14-rc5James Morris14-53/+88
2017-10-18KEYS: load key flags and expiry time atomically in proc_keys_show()Eric Biggers1-10/+14
2017-10-18KEYS: Load key expiry time atomically in keyring_search_iterator()Eric Biggers1-1/+3
2017-10-18KEYS: load key flags and expiry time atomically in key_validate()Eric Biggers1-3/+4
2017-10-18KEYS: don't let add_key() update an uninstantiated keyDavid Howells1-0/+10
2017-10-18KEYS: Fix race between updating and finding a negative keyDavid Howells12-39/+49
2017-10-18security/keys: BIG_KEY requires CONFIG_CRYPTOArnd Bergmann1-0/+1
2017-10-16selinux: remove extraneous initialization of slots_used and max_chain_lenColin Ian King1-1/+1
2017-10-16selinux: remove redundant assignment to lenColin Ian King1-1/+0
2017-10-16selinux: remove redundant assignment to strColin Ian King1-3/+2
2017-10-12KEYS: encrypted: fix dereference of NULL user_key_payloadEric Biggers1-0/+7
2017-10-10locking/rwsem, security/apparmor: Replace homebrew use of write_can_lock() wi...Will Deacon2-15/+4
2017-10-05timer: Remove expires and data arguments from DEFINE_TIMERKees Cook1-1/+1
2017-10-04selinux: fix build warningCorentin LABBE1-2/+2
2017-10-04selinux: fix build warning by removing the unused sid variableCorentin LABBE1-2/+1
2017-10-04selinux: Perform both commoncap and selinux xattr checksEric W. Biederman1-25/+18
2017-10-04lsm: fix smack_inode_removexattr and xattr_getsecurity memleakCasey Schaufler1-30/+25
2017-09-28Merge commit 'keys-fixes-20170927' into fixes-v4.14-rc3James Morris9-152/+137
2017-09-25security/keys: rewrite all of big_key cryptoJason A. Donenfeld2-71/+60
2017-09-25security/keys: properly zero out sensitive key material in big_keyJason A. Donenfeld1-6/+6
2017-09-25KEYS: use kmemdup() in request_key_auth_new()Eric Biggers1-3/+2
2017-09-25KEYS: restrict /proc/keys by credentials at open timeEric Biggers1-6/+2
2017-09-25KEYS: reset parent each time before searching key_user_treeEric Biggers1-2/+2
2017-09-25KEYS: prevent KEYCTL_READ on negative keyEric Biggers1-0/+5
2017-09-25KEYS: prevent creating a different user's keyringsEric Biggers4-12/+21
2017-09-25KEYS: fix writing past end of user-supplied buffer in keyring_read()Eric Biggers1-9/+5
2017-09-25KEYS: fix key refcount leak in keyctl_read_key()Eric Biggers1-1/+1
2017-09-25KEYS: fix key refcount leak in keyctl_assume_authority()Eric Biggers1-4/+2
2017-09-25KEYS: don't revoke uninstantiated key in request_key_auth_new()Eric Biggers1-1/+0
2017-09-25KEYS: fix cred refcount leak in request_key_auth_new()Eric Biggers1-37/+31
2017-09-24Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds1-3/+3
2017-09-23security: fix description of values returned by cap_inode_need_killprivStefan Berger1-3/+3
2017-09-23Merge tag 'apparmor-pr-2017-09-22' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds24-137/+2088
2017-09-22apparmor: fix apparmorfs DAC access permissionsJohn Johansen1-4/+4
2017-09-22apparmor: fix build failure on sparc caused by undeclared signalsJohn Johansen1-1/+4
2017-09-22apparmor: fix incorrect type assignment when freeing proxiesJohn Johansen1-1/+1
2017-09-22apparmor: ensure unconfined profiles have dfas initializedJohn Johansen1-0/+2
2017-09-22apparmor: fix race condition in null profile creationJohn Johansen1-3/+11
2017-09-22apparmor: move new_null_profile to after profile lookup fns()John Johansen1-79/+79
2017-09-22apparmor: add base infastructure for socket mediationJohn Johansen12-16/+840
2017-09-22apparmor: add more debug asserts to apparmorfsJohn Johansen1-0/+17
2017-09-22apparmor: make policy_unpack able to audit different info messagesJohn Johansen2-16/+40
2017-09-22apparmor: add support for absolute root view based labelsJohn Johansen2-1/+10
2017-09-22apparmor: cleanup conditional check for label in label_printJohn Johansen1-14/+8
2017-09-22apparmor: add mount mediationJohn Johansen9-4/+841
2017-09-22apparmor: add the ability to mediate signalsJohn Johansen7-0/+231
2017-09-22apparmor: Redundant condition: prev_ns. in [label.c:1498]John Johansen1-1/+1
2017-09-22apparmor: Fix an error code in aafs_create()Dan Carpenter1-1/+3
2017-09-22apparmor: Fix logical error in verify_header()Christos Gkekas1-1/+1
2017-09-22apparmor: Fix shadowed local variable in unpack_trans_table()Geert Uytterhoeven1-2/+2
2017-09-20selinux: Use kmem_cache for hashtab_nodeKyeongdon Kim3-2/+23
2017-09-14Merge branch 'work.set_fs' of git://git.kernel.org/pub/scm/linux/kernel/git/v...Linus Torvalds1-2/+4
2017-09-12Merge tag 'selinux-pr-20170831' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds28-56/+78
2017-09-11Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebi...Linus Torvalds1-21/+256
2017-09-07Merge tag 'audit-pr-20170907' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds1-2/+0
2017-09-07Merge tag 'secureexec-v4.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel...Linus Torvalds9-120/+23
2017-09-05selinux: remove AVC init audit log messageRichard Guy Briggs1-2/+0
2017-09-04fs: fix kernel_write prototypeChristoph Hellwig1-1/+2
2017-09-04fs: fix kernel_read prototypeChristoph Hellwig1-1/+2
2017-09-01Introduce v3 namespaced file capabilitiesSerge E. Hallyn1-19/+251
2017-08-28selinux: constify nf_hook_opsArvind Yadav1-1/+1
2017-08-22selinux: allow per-file labeling for cgroupfsAntonio Murdaca1-1/+3
2017-08-17lsm_audit: update my email addressStephen Smalley1-1/+1
2017-08-17selinux: update my email addressStephen Smalley25-25/+25
2017-08-08selinux: use GFP_NOWAIT in the AVC kmem_cachesMichal Hocko1-8/+6
2017-08-02selinux: Generalize support for NNP/nosuid SELinux domain transitionsStephen Smalley4-16/+42
2017-08-01smack: Remove redundant pdeath_signal clearingKees Cook1-15/+0
2017-08-01LSM: drop bprm_secureexec hookKees Cook1-5/+0
2017-08-01commoncap: Move cap_elevated calculation into bprm_set_credsKees Cook1-42/+10
2017-08-01commoncap: Refactor to remove bprm_secureexec hookKees Cook1-4/+8
2017-08-01smack: Refactor to remove bprm_secureexec hookKees Cook1-17/+4
2017-08-01selinux: Refactor to remove bprm_secureexec hookKees Cook1-19/+5
2017-08-01apparmor: Refactor to remove bprm_secureexec hookKees Cook4-23/+1
2017-08-01exec: Rename bprm->cred_prepared to called_set_credsKees Cook4-4/+4
2017-07-31netfilter: nf_hook_ops structs can be constFlorian Westphal2-2/+2
2017-07-25selinux: Assign proper class to PF_UNIX/SOCK_RAW socketsLuis Ressel1-0/+1
2017-07-25sync to Linus v4.13-rc2 for subsystem developers to work againstJames Morris24-334/+365
2017-07-21Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller4-1/+15
2017-07-20security: Use user_namespace::level to avoid redundant iterations in cap_capa...Kirill Tkhai1-2/+5
2017-07-19Merge tag 'gcc-plugins-v4.13-rc2' of git://git.kernel.org/pub/scm/linux/kerne...Linus Torvalds1-1/+1
2017-07-18xfrm: remove flow cacheFlorian Westphal1-3/+1
2017-07-18LSM: Remove security_task_create() hook.Tetsuo Handa1-5/+0
2017-07-14KEYS: DH: validate __spare fieldEric Biggers2-0/+7
2017-07-12include/linux/string.h: add the option of fortified string.h functionsDaniel Micay1-0/+7
2017-07-05Merge branch 'work.memdup_user' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-7/+5
2017-07-05Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-nextLinus Torvalds1-1/+2
2017-07-05Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/...Linus Torvalds68-2111/+8342
2017-07-03Merge tag 'docs-4.13' of git://git.lwn.net/linuxLinus Torvalds8-8/+9
2017-07-03Merge branch 'sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/ker...Linus Torvalds1-0/+1
2017-07-03Merge tag 'uuid-for-4.13' of git://git.infradead.org/users/hch/uuidLinus Torvalds2-8/+6
2017-06-30randstruct: Mark various structs for randomizationKees Cook1-1/+1
2017-06-30ima_write_policy(): don't open-code memdup_user_nul()Al Viro1-9/+4
2017-06-28apparmor: put back designators in struct initialisersStephen Rothwell1-2/+2
2017-06-23Merge branch 'stable-4.13' of git://git.infradead.org/users/pcmoore/selinux i...James Morris17-108/+821
2017-06-21Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller1-3/+2
2017-06-21ima: Log the same audit cause whenever a file has no signatureThiago Jung Bauermann1-1/+2
2017-06-21ima: Simplify policy_func_show.Thiago Jung Bauermann2-62/+21
2017-06-21integrity: Small code improvementsThiago Jung Bauermann6-9/+11
2017-06-21ima: fix get_binary_runtime_size()Roberto Sassu1-1/+1
2017-06-21ima: use ima_parse_buf() to parse template dataRoberto Sassu1-31/+13
2017-06-21ima: use ima_parse_buf() to parse measurements headersRoberto Sassu1-52/+28
2017-06-21ima: introduce ima_parse_buf()Roberto Sassu2-0/+67
2017-06-21ima: Add cgroups2 to the defaults listLaura Abbott1-0/+3
2017-06-21ima: use memdup_user_nulGeliang Tang1-9/+4
2017-06-21ima: fix up #endif commentsTycho Andersen1-2/+2
2017-06-21IMA: Correct Kconfig dependencies for hash selectionBen Hutchings1-4/+4
2017-06-21ima: define is_ima_appraise_enabled()Mimi Zohar1-0/+10
2017-06-21ima: define Kconfig IMA_APPRAISE_BOOTPARAM optionMimi Zohar2-0/+10
2017-06-21ima: define a set of appraisal rules requiring file signaturesMimi Zohar1-1/+25
2017-06-21ima: extend the "ima_policy" boot command line to support multiple policiesMimi Zohar1-5/+10
2017-06-21rtnetlink: add NEWCACHEREPORT message typeJulien Gomes1-1/+2
2017-06-21Merge branch 'smack-for-4.13' of git://github.com/cschaufler/smack-next into ...James Morris4-18/+31
2017-06-20selinux: enable genfscon labeling for tracefsJeff Vander Stoep1-0/+1
2017-06-20sched/wait: Split out the wait_bit*() APIs from <linux/wait.h> into <linux/wa...Ingo Molnar1-0/+1
2017-06-13selinux: fix double free in selinux_parse_opts_str()Paul Moore1-3/+2
2017-06-10apparmor: export that basic profile namespaces are supportedJohn Johansen1-0/+7
2017-06-10apparmor: add stacked domain labels interfaceJohn Johansen2-0/+8
2017-06-10apparmor: add domain label stacking info to apparmorfsJohn Johansen3-0/+39
2017-06-10apparmor: move change_profile mediation to using labelsJohn Johansen1-68/+123
2017-06-10apparmor: move change_hat mediation to using labelsJohn Johansen1-102/+201
2017-06-10apparmor: move exec domain mediation to using labelsJohn Johansen2-259/+678
2017-06-10apparmor: support v7 transition format compatible with label_parseJohn Johansen2-7/+15
2017-06-10apparmor: mediate files when they are receivedJohn Johansen2-0/+7
2017-06-10apparmor: rework file permission to cache file access in file->ctxJohn Johansen1-6/+76
2017-06-10apparmor: move path_link mediation to using labelsJohn Johansen3-47/+59
2017-06-10apparmor: refactor path name lookup and permission checks around labelsJohn Johansen3-45/+85
2017-06-10apparmor: update aa_audit_file() to use labelsJohn Johansen3-9/+18
2017-06-10apparmor: move aa_file_perm() to use labelsJohn Johansen3-37/+64
2017-06-10apparmor: allow ptrace checks to be finer grained than just capabilityJohn Johansen3-0/+68
2017-06-10apparmor: move ptrace checks to using labelsJohn Johansen5-80/+58
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-15 18:38:46 +0000