aboutsummaryrefslogtreecommitdiffstats
path: root/security
AgeCommit message (Expand)AuthorFilesLines
2020-06-11selinux: properly handle multiple messages in selinux_netlink_send()Paul Moore1-24/+44
2020-06-11selinux: rate-limit netlink message warnings in selinux_nlmsg_perm()Vladis Dronov1-4/+5
2020-06-11selinux: Print 'sclass' as string when unrecognized netlink message occursMarek Milkovic1-2/+3
2020-06-11selinux: convert WARN_ONCE() to printk() in selinux_nlmsg_perm()Richard Guy Briggs1-3/+4
2020-06-11selinux: cleanup error reporting in selinux_nlmsg_perm()Richard Guy Briggs1-4/+3
2019-12-10smack: use GFP_NOFS while holding inode_smack::smk_lockEric Biggers2-3/+3
2019-12-10Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is setJann Horn1-1/+2
2019-11-22keys: Fix missing null pointer check in request_key_auth_describe()Hillf Danton1-0/+6
2019-11-22selinux: fix memory leak in policydb_init()Ondrej Mosnacek1-1/+5
2019-10-05apparmor: enforce nullbyte at end of tag stringJann Horn1-1/+1
2019-08-13device_cgroup: fix RCU imbalance in error caseJann Horn1-1/+1
2019-07-09selinux: avoid silent denials in permissive mode under RCU walkStephen Smalley3-5/+28
2019-07-09security/selinux: pass 'flags' arg to avc_audit() and avc_has_perm_flags()NeilBrown3-4/+25
2019-05-02apparmor: provide userspace flag indicating binfmt_elf_mmap changeJohn Johansen1-0/+1
2019-05-02KEYS: always initialize keyring_index_key::desc_lenEric Biggers4-6/+4
2019-05-02KEYS: restrict /proc/keys by credentials at open timeEric Biggers1-6/+2
2019-05-02KEYS: allow reaching the keys quotas exactlyEric Biggers1-2/+2
2019-05-02Yama: Check for pid death before checking ancestryKees Cook1-1/+3
2019-02-11ima: fix showing large 'violations' or 'runtime_measurements_count'Eric Biggers1-3/+3
2018-12-16KEYS: encrypted: fix buffer overread in valid_master_desc()Eric Biggers1-16/+15
2018-12-16apparmor: remove no-op permission check in policy_unpackJohn Johansen1-32/+0
2018-10-21selinux: KASAN: slab-out-of-bounds in xattr_getsecuritySachin Grover1-1/+1
2018-06-16ima: relax requiring a file signature for new files with zero lengthMimi Zohar1-1/+2
2018-02-13apparmor: ensure that undecidable profile attachments failJohn Johansen1-16/+37
2018-02-13ima: fix hash algorithm initializationBoshi Wang1-0/+4
2018-01-09KPTI: Rename to PAGE_TABLE_ISOLATIONKees Cook1-1/+1
2018-01-09x86/kaiser: Reenable PARAVIRTBorislav Petkov1-1/+1
2018-01-09KAISER: Kernel Address IsolationRichard Fellner1-0/+10
2018-01-01KEYS: add missing permission check for request_key() destinationEric Biggers1-9/+37
2018-01-01security: let security modules use PTRACE_MODE_* with bitmasksJann Horn2-7/+5
2018-01-01KEYS: trusted: fix writing past end of buffer in trusted_read()Eric Biggers1-11/+12
2018-01-01KEYS: trusted: sanitize all key materialEric Biggers1-27/+21
2018-01-01KEYS: return full count in keyring_read() if buffer is too smallEric Biggers1-20/+19
2018-01-01KEYS: encrypted: fix dereference of NULL user_key_payloadEric Biggers1-0/+7
2018-01-01lsm: fix smack_inode_removexattr and xattr_getsecurity memleakCasey Schaufler1-30/+25
2018-01-01Smack: remove unneeded NULL-termination from securtity labelKonstantin Khlebnikov1-3/+3
2018-01-01security/keys: properly zero out sensitive key material in big_keyJason A. Donenfeld1-1/+1
2018-01-01KEYS: prevent creating a different user's keyringsEric Biggers4-12/+23
2018-01-01KEYS: fix writing past end of user-supplied buffer in keyring_read()Eric Biggers1-9/+5
2018-01-01KEYS: fix key refcount leak in keyctl_read_key()Eric Biggers1-1/+1
2018-01-01KEYS: fix key refcount leak in keyctl_assume_authority()Eric Biggers1-4/+2
2018-01-01KEYS: don't revoke uninstantiated key in request_key_auth_new()Eric Biggers1-1/+0
2018-01-01KEYS: fix cred refcount leak in request_key_auth_new()Eric Biggers1-37/+31
2017-11-11KEYS: don't let add_key() update an uninstantiated keyDavid Howells1-0/+10
2017-11-11KEYS: prevent KEYCTL_READ on negative keyEric Biggers1-0/+5
2017-10-12sched: move no_new_privs into new atomic flagsKees Cook1-2/+2
2017-09-15ptrace: use fsuid, fsgid, effective creds for fs access checksJann Horn1-1/+6
2017-09-15selinux: fix double free in selinux_parse_opts_str()Paul Moore1-3/+2
2017-09-15KEYS: fix dereferencing NULL payload with nonzero lengthEric Biggers1-2/+2
2017-08-26ima: accept previously set IMA_NEW_FILEDaniel Glöckner1-2/+3
2017-08-26ima: pass 'opened' flag to identify newly created filesDmitry Kasatkin3-11/+11
2017-07-18KEYS: Change the name of the dead type to ".dead" to prevent user accessDavid Howells1-1/+1
2017-06-05KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyringsEric Biggers2-24/+31
2017-06-05KEYS: Disallow keyrings beginning with '.' to be joined as session keyringsDavid Howells1-2/+7
2017-06-05KEYS: Reinstate EPERM for a key type name beginning with a '.'David Howells1-0/+2
2017-06-05KEYS: special dot prefixed keyring name bug fixMimi Zohar1-2/+4
2017-06-05KEYS: Fix an error code in request_master_key()Dan Carpenter1-1/+1
2017-04-04keys: Guard against null match function in keyring_search_aux()Ben Hutchings1-3/+3
2017-04-04vfs: Commit to never having exectuables on proc and sysfs.Eric W. Biederman1-1/+1
2017-02-26selinux: fix off-by-one in setprocattrStephen Smalley1-1/+1
2017-02-23apparmor: fix change_hat not finding hat after policy replacementJohn Johansen1-2/+4
2016-11-20KEYS: Fix short sprintf buffer in /proc/keys show functionDavid Howells1-1/+1
2016-08-22KEYS: potential uninitialized variableDan Carpenter1-1/+1
2016-02-16EVM: Use crypto_memneq() for digest comparisonsRyan Ware1-1/+2
2016-01-25KEYS: Fix keyring ref leak in join_session_keyring()Yevgeny Pats1-0/+1
2016-01-05KEYS: Fix race between read and revokeDavid Howells1-9/+9
2015-10-28KEYS: Don't permit request_key() to construct a new keyringDavid Howells1-0/+3
2015-10-28KEYS: Fix crash when attempt to garbage collect an uninstantiated keyringDavid Howells1-2/+4
2015-10-28KEYS: Fix race between key destruction and finding a keyring by nameDavid Howells1-4/+4
2015-09-29fs: create and use seq_show_option for escapingKees Cook1-1/+1
2015-08-27ima: extend "mask" policy matching supportMimi Zohar1-5/+15
2015-08-27ima: add support for new "euid" policy conditionMimi Zohar1-4/+23
2015-08-20sysfs: Create mountpoints with sysfs_create_mount_pointEric W. Biederman3-16/+13
2015-08-11evm: labeling pseudo filesystems exceptionMimi Zohar1-0/+12
2015-08-11KEYS: ensure we free the assoc array edit if edit is validColin Ian King1-3/+5
2015-07-15ima: fix ima_show_template_data_ascii()Mimi Zohar3-4/+5
2015-07-15selinux: fix setting of security labels on NFSJ. Bruce Fields1-1/+2
2015-04-10selinux: fix sel_write_enforce broken return valueJoe Perches1-1/+1
2015-02-24smack: fix possible use after frees in task_security() callersAndrey Ryabinin2-9/+21
2015-01-15KEYS: close race between key lookup and freeingSasha Levin1-2/+2
2015-01-15move d_rcu from overlapping d_child to overlapping d_aliasAl Viro1-3/+3
2015-01-15KEYS: Fix stale key registration at error pathTakashi Iwai1-1/+4
2014-11-17selinux: fix inode security list corruptionStephen Smalley1-1/+1
2014-11-14evm: properly handle INTEGRITY_NOXATTRS EVM statusDmitry Kasatkin1-0/+7
2014-11-13evm: check xattr value length and type in evm_inode_setxattr()Dmitry Kasatkin1-3/+6
2014-11-13ima: check xattr value length and type in the ima_inode_setxattr()Dmitry Kasatkin2-0/+3
2014-10-30ima: provide flag to identify new empty filesDmitry Kasatkin3-7/+13
2014-10-30ima: fix fallback to use new_sync_read()Dmitry Kasatkin1-4/+4
2014-09-17CAPABILITIES: remove undefined caps from all processesEric Paris1-0/+3
2014-06-13Merge branch 'serge-next-2' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds7-28/+114
2014-06-12ima: introduce ima_kernel_read()Dmitry Kasatkin1-1/+31
2014-06-12evm: prohibit userspace writing 'security.evm' HMAC valueMimi Zohar1-2/+10
2014-06-12ima: check inode integrity cache in violation checkDmitry Kasatkin1-2/+7
2014-06-12ima: prevent unnecessary policy checkingDmitry Kasatkin1-9/+4
2014-06-12evm: provide option to protect additional SMACK xattrsDmitry Kasatkin2-0/+22
2014-06-12evm: replace HMAC version with attribute maskDmitry Kasatkin4-11/+33
2014-06-12ima: prevent new digsig xattr from being replacedMimi Zohar1-3/+7
2014-06-12Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-nextLinus Torvalds1-1/+1
2014-06-10Merge branch 'serge-next-1' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds23-133/+382
2014-06-09Merge branch 'for-3.16' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/c...Linus Torvalds1-20/+13
2014-06-03ima: audit log files opened with O_DIRECT flagMimi Zohar4-3/+19
2014-06-03selinux: conditionally reschedule in hashtab_insert while loading selinux policyDave Jones1-0/+3
2014-06-03selinux: conditionally reschedule in mls_convert_context while loading selinu...Dave Jones1-0/+2
2014-06-03selinux: reject setexeccon() on MNT_NOSUID applications with -EACCESPaul Moore1-2/+4
2014-06-03selinux: Report permissive mode in avc: denied messages.Stephen Smalley3-5/+11
2014-05-24Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller3-58/+159
2014-05-20Merge branch 'smack-for-3.16' of git://git.gitorious.org/smack-next/kernel in...James Morris4-73/+297
2014-05-16device_cgroup: use css_has_online_children() instead of has_children()Tejun Heo1-17/+2
2014-05-16device_cgroup: remove direct access to cgroup->childrenTejun Heo1-2/+10
2014-05-16cgroup: remove css_parent()Tejun Heo1-4/+4
2014-05-13cgroup: replace cftype->write_string() with cftype->write()Tejun Heo1-7/+7
2014-05-13Merge branch 'for-3.15-fixes' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds1-43/+159
2014-05-12Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller1-3/+3
2014-05-06Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/vir...Linus Torvalds2-15/+0
2014-05-06Warning in scanf string typingToralf Förster1-1/+1
2014-05-06nick kvfree() from apparmorAl Viro2-15/+0
2014-05-05device_cgroup: check if exception removal is allowedAristeu Rozanski1-3/+38
2014-05-04device_cgroup: fix the comment format for recently added functionsAristeu Rozanski1-17/+16
2014-04-30Smack: Label cgroup files for systemdCasey Schaufler1-12/+18
2014-04-23Smack: Verify read access on file open - v3Casey Schaufler1-3/+16
2014-04-22audit: add netlink audit protocol bind to check capabilities on multicast joinRichard Guy Briggs1-1/+1
2014-04-22locks: rename file-private locks to "open file description locks"Jeff Layton1-3/+3
2014-04-21device_cgroup: rework device access check and exception checkingAristeu Rozanski1-40/+122
2014-04-15security: Convert use of typedef ctl_table to struct ctl_tableJoe Perches1-1/+1
2014-04-14Merge tag 'keys-20140314' of git://git.kernel.org/pub/scm/linux/kernel/git/dh...James Morris11-49/+45
2014-04-14Merge commit 'v3.14' into nextJames Morris15-53/+93
2014-04-12Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/vir...Linus Torvalds3-4/+4
2014-04-12Merge git://git.infradead.org/users/eparis/auditLinus Torvalds2-5/+8
2014-04-11Smack: bidirectional UDS connect checkCasey Schaufler2-23/+27
2014-04-11Smack: Correctly remove SMACK64TRANSMUTE attributeCasey Schaufler1-6/+19
2014-04-11SMACK: Fix handling value==NULL in post setxattrJosé Bollo1-1/+3
2014-04-11bugfix patch for SMACKPankaj Kumar1-2/+2
2014-04-11Smack: adds smackfs/ptrace interfaceLukasz Pawelczyk4-2/+108
2014-04-11Smack: unify all ptrace accesses in the smackLukasz Pawelczyk1-13/+71
2014-04-11Smack: fix the subject/object order in smack_ptrace_traceme()Lukasz Pawelczyk3-9/+29
2014-04-11Minor improvement of 'smack_sb_kern_mount'José Bollo1-3/+5
2014-04-04Merge branch 'locks-3.15' of git://git.samba.org/jlayton/linuxLinus Torvalds1-0/+3
2014-04-04Merge branch 'cross-rename' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds1-2/+20
2014-04-03Merge branch 'for-3.15' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/c...Linus Torvalds1-8/+4
2014-04-03Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmo...Linus Torvalds26-175/+208
2014-04-02Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-nextLinus Torvalds1-2/+3
2014-04-01get rid of pointless checks for NULL ->i_opAl Viro3-4/+4
2014-04-01vfs: add cross-renameMiklos Szeredi1-0/+16
2014-04-01security: add flags to rename hooksMiklos Szeredi1-2/+4
2014-03-31Merge branch 'compat' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/l...Linus Torvalds1-2/+2
2014-03-31locks: add new fcntl cmd values for handling file private locksJeff Layton1-0/+3
2014-03-25Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller8-29/+46
2014-03-20audit: anchor all pid references in the initial pid namespaceRichard Guy Briggs2-5/+8
2014-03-19selinux: correctly label /proc inodes in use before the policy is loadedPaul Moore1-9/+27
2014-03-19selinux: put the mmap() DAC controls before the MAC controlsPaul Moore1-12/+8
2014-03-19cgroup: drop const from @buffer of cftype->write_string()Tejun Heo1-2/+2
2014-03-18Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klasse...David S. Miller8-29/+46
2014-03-14Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller1-1/+5
2014-03-14smack: fix key permission verificationDmitry Kasatkin1-1/+6
2014-03-14KEYS: Move the flags representing required permission to linux/key.hDavid Howells11-48/+39
2014-03-12Merge branch 'next-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/zo...James Morris18-134/+153
2014-03-10selinux: add gfp argument to security_xfrm_policy_alloc and fix callersNikolay Aleksandrov8-29/+46
2014-03-09KEYS: Make the keyring cycle detector ignore other keyrings of the same nameDavid Howells1-1/+5
2014-03-07evm: enable key retention service automaticallyDmitry Kasatkin1-2/+3
2014-03-07ima: skip memory allocation for empty filesDmitry Kasatkin1-8/+12
2014-03-07evm: EVM does not use MD5Dmitry Kasatkin1-1/+0
2014-03-07ima: return d_name.name if d_path failsDmitry Kasatkin2-7/+2
2014-03-07integrity: fix checkpatch errorsDmitry Kasatkin11-70/+69
2014-03-07ima: fix erroneous removal of security.ima xattrDmitry Kasatkin1-2/+4
2014-03-07security: integrity: Use a more current logging styleJoe Perches7-11/+27
2014-03-07Merge tag 'v3.13' into for-3.15Eric Paris67-1633/+3320
2014-03-07ima: reduce memory usage when a template containing the n field is usedRoberto Sassu2-17/+13
2014-03-07ima: restore the original behavior for sending data with ima templateRoberto Sassu3-4/+10
2014-03-07Integrity: Pass commname via get_task_comm()Tetsuo Handa1-1/+2
2014-03-07ima: use static const char array definitionsMimi Zohar4-10/+10
2014-03-07security: have cap_dentry_init_security return errorJeff Layton1-1/+1
2014-03-06security/compat: convert to COMPAT_SYSCALL_DEFINEHeiko Carstens1-2/+2
2014-03-05Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller1-4/+4
2014-03-04ima: new helper: file_inode(file)Libo Chen1-1/+1
2014-02-24Merge branch 'stable-3.14' of git://git.infradead.org/users/pcmoore/selinux i...James Morris1-4/+4
2014-02-20SELinux: bigendian problems with filename trans rulesEric Paris1-4/+4
2014-02-17security: cleanup Makefiles to use standard syntax for specifying sub-directo...Sam Ravnborg2-8/+8
2014-02-12flowcache: Make flow cache name space awareFan Du1-2/+3
2014-02-10Merge branch 'stable-3.14' of git://git.infradead.org/users/pcmoore/selinux i...James Morris2-0/+6
2014-02-08cgroup: clean up cgroup_subsys names and initializationTejun Heo1-6/+2
2014-02-06security: replace strict_strto*() with kstrto*()Jingoo Han7-12/+12
2014-02-05SELinux: Fix kernel BUG on empty security contexts.Stephen Smalley1-0/+4
2014-02-05selinux: add SOCK_DIAG_BY_FAMILY to the list of netlink message typesPaul Moore1-0/+2
2014-02-05Merge tag 'v3.13' into stable-3.14Paul Moore54-1239/+2802
2014-02-05security: select correct default LSM_MMAP_MIN_ADDR on arm on arm64Colin Cross1-1/+1
2014-01-23Merge git://git.infradead.org/users/eparis/auditLinus Torvalds2-11/+6
2014-01-21Merge branch 'for-3.14' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/c...Linus Torvalds1-4/+3
2014-01-21Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmo...Linus Torvalds11-148/+366
2014-01-13smack: call WARN_ONCE() instead of calling audit_log_start()Richard Guy Briggs1-3/+2
2014-01-13selinux: call WARN_ONCE() instead of calling audit_log_start()Richard Guy Briggs1-8/+4
2014-01-12SELinux: Fix possible NULL pointer dereference in selinux_inode_permission()Steven Rostedt2-3/+22
2014-01-08Merge branch 'master' of git://git.infradead.org/users/pcmoore/selinux into nextJames Morris1-1/+13
2014-01-07SELinux: Fix memory leak upon loading policyTetsuo Handa1-1/+13
2014-01-07Merge branch 'master' of git://git.infradead.org/users/pcmoore/selinux into nextJames Morris7-39/+164
2014-01-06Merge to v3.13-rc7 for prerequisite changes in the Xen code for TPMJames Morris29-326/+361
2014-01-03ima: remove unneeded size_limit argument from ima_eventdigest_init_common()Roberto Sassu1-8/+6
2014-01-03ima: pass HASH_ALGO__LAST as hash algo in ima_eventdigest_init()Roberto Sassu1-2/+2
2014-01-03ima: change the default hash algorithm to SHA1 in ima_eventdigest_ng_init()Roberto Sassu1-1/+1
2013-12-31Smack: File receive audit correctionCasey Schaufler1-1/+1
2013-12-31Smack: Rationalize mount restrictionsCasey Schaufler1-54/+29
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-17 20:44:57 +0000