| Age | Commit message (Expand) | Author | Files | Lines |
| 7 days | Merge tag 'apparmor-pr-2026-06-22' of git://git.kernel.org/pub/scm/linux/kern... | Linus Torvalds | 17 | -150/+364 |
| 7 days | apparmor: advertise the tcp fast open fix is applied | John Johansen | 1 | -0/+2 |
| 8 days | apparmor: mediate the implicit connect of TCP fast open sendmsg | Bryam Vargas | 1 | -1/+15 |
| 12 days | Merge tag 'landlock-7.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git... | Linus Torvalds | 14 | -190/+788 |
| 12 days | Merge tag 'for-next-keys-7.2-rc1-2' of git://git.kernel.org/pub/scm/linux/ker... | Linus Torvalds | 14 | -40/+128 |
| 12 days | Merge tag 'integrity-v7.2' of git://git.kernel.org/pub/scm/linux/kernel/git/z... | Linus Torvalds | 11 | -101/+845 |
| 2026-06-17 | Merge tag 'selinux-pr-20260615' of git://git.kernel.org/pub/scm/linux/kernel/... | Linus Torvalds | 17 | -155/+512 |
| 2026-06-17 | Merge tag 'lsm-pr-20260615' of git://git.kernel.org/pub/scm/linux/kernel/git/... | Linus Torvalds | 3 | -24/+15 |
| 2026-06-17 | Merge tag 'net-next-7.2' of git://git.kernel.org/pub/scm/linux/kernel/git/net... | Linus Torvalds | 1 | -1/+2 |
| 2026-06-15 | keys: keyctl_pkey: replace BUG with return -EOPNOTSUPP | Mohammed EL Kadiri | 1 | -2/+3 |
| 2026-06-15 | keys: request_key: replace BUG with return -EINVAL | Mohammed EL Kadiri | 1 | -1/+1 |
| 2026-06-15 | keys: Pin request_key_auth payload in instantiate paths | Shaomin Chen | 3 | -8/+51 |
| 2026-06-15 | keys: prevent slab cache merging for key_jar | Mohammed EL Kadiri | 1 | -1/+1 |
| 2026-06-15 | keys: Replace strcpy(derived_buf, "AUTH_KEY") with strscpy(..., HASH_SIZE) | David Laight | 1 | -2/+2 |
| 2026-06-15 | KEYS: Use acquire when reading state in keyring search | Gui-Dong Han | 1 | -1/+1 |
| 2026-06-15 | keys/trusted_keys: mark 'migratable' as __ro_after_init | Len Bao | 1 | -1/+1 |
| 2026-06-15 | keys: use kmalloc_flex in user_preparse | Thorsten Blum | 1 | -1/+1 |
| 2026-06-15 | KEYS: trusted: Debugging as a feature | Jarkko Sakkinen | 4 | -21/+59 |
| 2026-06-15 | KEYS: encrypted: Remove unnecessary selection of CRYPTO_RNG | Eric Biggers | 1 | -1/+0 |
| 2026-06-15 | KEYS: fix overflow in keyctl_pkey_params_get_2() | Jarkko Sakkinen | 1 | -1/+8 |
| 2026-06-14 | apparmor: fix label can not be immediately before a declaration | John Johansen | 1 | -1/+2 |
| 2026-06-15 | Merge tag 'kbuild-7.2-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kbu... | Linus Torvalds | 1 | -8/+1 |
| 2026-06-15 | Merge tag 'vfs-7.2-rc1.inode' of git://git.kernel.org/pub/scm/linux/kernel/gi... | Linus Torvalds | 1 | -1/+1 |
| 2026-06-14 | landlock: Suppress logging when quiet flag is present | Tingmao Wang | 7 | -16/+324 |
| 2026-06-14 | landlock: Add API support and docs for the quiet flags | Tingmao Wang | 8 | -27/+89 |
| 2026-06-14 | landlock: Add a place for flags to layer rules | Tingmao Wang | 10 | -112/+176 |
| 2026-06-13 | apparmor: fix kernel-doc warnings | Rodrigo Zaiden | 2 | -2/+2 |
| 2026-06-13 | apparmor: replace get_zeroed_page() with kzalloc() | Mike Rapoport (Microsoft) | 1 | -2/+3 |
| 2026-06-13 | security: apparmor: fix two spelling mistakes | Qingshuang Fu | 2 | -2/+2 |
| 2026-06-13 | apparmor: fix use-after-free in rawdata dedup loop | Ruslan Valiyev | 2 | -2/+25 |
| 2026-06-13 | apparmor: Fix inverted comparison in cache_hold_inc() | Eduardo Vasconcelos | 1 | -1/+1 |
| 2026-06-13 | apparmor: fix uninitialised pointer passed to audit_log_untrustedstring() | Maciek Borzecki | 1 | -5/+5 |
| 2026-06-13 | apparmor: don't audit files pointing to aa_null.dentry | Georgia Garcia | 1 | -1/+1 |
| 2026-06-13 | apparmor: put secmark label after secid lookup | Zygmunt Krynicki | 1 | -0/+1 |
| 2026-06-13 | apparmor: aa_getprocattr free procattr leak on format failure | Zygmunt Krynicki | 1 | -0/+2 |
| 2026-06-13 | apparmor: remove unnecessary goto and associated label | John Johansen | 1 | -4/+1 |
| 2026-06-13 | apparmor: release exe file resources on path failure | Zygmunt Krynicki | 1 | -2/+5 |
| 2026-06-13 | apparmor: fail policy unpack on accept2 allocation failure | Zygmunt Krynicki | 1 | -2/+2 |
| 2026-06-13 | apparmor: Fix return in ns_mkdir_op | Hongling Zeng | 1 | -1/+1 |
| 2026-06-13 | apparmor: remove or add symlinks to rawdata according to export_binary | Georgia Garcia | 3 | -25/+104 |
| 2026-06-13 | apparmor: fix NULL pointer dereference in unpack_pdb | Georgia Garcia | 1 | -1/+1 |
| 2026-06-13 | apparmor: make fn_label_build() capable of handling not supported | John Johansen | 1 | -5/+8 |
| 2026-06-13 | apparmor: change fn_label_build() call to not return NULL | John Johansen | 3 | -35/+35 |
| 2026-06-13 | apparmor: fix potential UAF in aa_replace_profiles | Maxime Bélair | 1 | -1/+3 |
| 2026-06-13 | apparmor: free rawdata as soon as possible | John Johansen | 1 | -0/+7 |
| 2026-06-13 | apparmor: grab ns lock and refresh when looking up changehat child profiles | Ryan Lee | 1 | -2/+31 |
| 2026-06-13 | apparmor: fix rawdata_f_data implicit flex array | John Johansen | 1 | -4/+3 |
| 2026-06-13 | apparmor: use __label_make_stale in __aa_proxy_redirect | Ryan Lee | 1 | -1/+1 |
| 2026-06-13 | apparmor: propagate -ENOMEM correctly in unpack_table | Maxime Bélair | 1 | -9/+13 |
| 2026-06-13 | apparmor: enable differential encoding | John Johansen | 1 | -0/+1 |
| 2026-06-13 | apparmor: aa_label_alloc use aa_label_free on alloc failure | Zygmunt Krynicki | 1 | -1/+1 |
| 2026-06-13 | apparmor: check label build before no_new_privs test | Ruoyu Wang | 1 | -10/+15 |
| 2026-06-13 | security/apparmor/apparmorfs.c: conditionally compile get_loaddata_common_ref() | Andrew Morton | 1 | -0/+2 |
| 2026-06-13 | apparmor: add a conditional version of get_newest_label | John Johansen | 2 | -11/+43 |
| 2026-06-13 | apparmor: fix refcount leak when updating the sk_ctx | John Johansen | 1 | -2/+4 |
| 2026-06-13 | apparmor: fix race in unix socket mediation when peer_path is used | John Johansen | 1 | -26/+32 |
| 2026-06-13 | apparmor: fix shadowing of plabel that prevents cache from being updated | John Johansen | 1 | -2/+1 |
| 2026-06-13 | landlock: Add UDP send+connect access control | Matthieu Buffet | 3 | -18/+134 |
| 2026-06-13 | landlock: Add UDP bind() access control | Matthieu Buffet | 4 | -8/+15 |
| 2026-06-13 | landlock: Fix unmarked concurrent access to socket family | Matthieu Buffet | 1 | -2/+9 |
| 2026-06-13 | landlock: Fix LANDLOCK_SCOPE_SIGNAL bypass on the SIGIO path | Bryam Vargas | 3 | -0/+35 |
| 2026-06-13 | landlock: Account all audit data allocations to user space | Mickaël Salaün | 2 | -8/+6 |
| 2026-06-13 | landlock: Set audit_net.sk for socket access checks | Mickaël Salaün | 1 | -0/+1 |
| 2026-06-13 | Merge tag 'ipsec-next-2026-06-12' of git://git.kernel.org/pub/scm/linux/kerne... | Jakub Kicinski | 1 | -1/+2 |
| 2026-06-08 | ima: Support staging and deleting N measurements records | Roberto Sassu | 4 | -4/+98 |
| 2026-06-08 | ima: Add support for flushing the hash table when staging measurements | Roberto Sassu | 1 | -6/+35 |
| 2026-06-08 | ima: Add support for staging measurements with prompt | Roberto Sassu | 5 | -20/+333 |
| 2026-06-08 | ima: Introduce ima_dump_measurement() | Roberto Sassu | 1 | -6/+13 |
| 2026-06-08 | ima: Use snprintf() in create_securityfs_measurement_lists | Roberto Sassu | 1 | -8/+12 |
| 2026-06-08 | ima: Mediate open/release method of the measurements list | Roberto Sassu | 1 | -4/+98 |
| 2026-06-08 | ima: Introduce _ima_measurements_start() and _ima_measurements_next() | Roberto Sassu | 1 | -4/+16 |
| 2026-06-08 | ima: Introduce per binary measurements list type binary_runtime_size value | Roberto Sassu | 3 | -15/+32 |
| 2026-06-08 | ima: Introduce per binary measurements list type ima_num_records counter | Roberto Sassu | 4 | -5/+14 |
| 2026-06-08 | ima: Replace static htable queue with dynamically allocated array | Roberto Sassu | 3 | -6/+50 |
| 2026-06-08 | ima: Remove ima_h_table structure | Roberto Sassu | 5 | -26/+24 |
| 2026-06-04 | xfrm: add XFRM_MSG_MIGRATE_STATE for single SA migration | Antony Antony | 1 | -1/+2 |
| 2026-05-29 | selinux: revert use of __getname() in selinux_genfs_get_sid() | Paul Moore | 1 | -2/+2 |
| 2026-05-28 | security/keys: fix missed RCU read section on lookup | Linus Torvalds | 1 | -0/+1 |
| 2026-05-27 | selinux: comment spelling fix in ibpkey.c | Kalevi Kolttonen | 1 | -1/+1 |
| 2026-05-27 | selinux: comment typo fix in selinuxfs.c | Kalevi Kolttonen | 1 | -1/+1 |
| 2026-05-27 | selinux: hooks: use __getname() to allocate path buffer | Mike Rapoport (Microsoft) | 1 | -2/+2 |
| 2026-05-27 | selinux: use k[mz]alloc() to allocate temporary buffers | Mike Rapoport (Microsoft) | 1 | -6/+6 |
| 2026-05-27 | security/Kconfig.hardening: Remove tautological condition from CC_HAS_RANDSTRUCT | Nathan Chancellor | 1 | -3/+0 |
| 2026-05-27 | security/Kconfig.hardening: Remove tautological condition from FORTIFY_SOURCE | Nathan Chancellor | 1 | -2/+0 |
| 2026-05-27 | security/Kconfig.hardening: Remove tautological condition from CC_HAS_ZERO_CA... | Nathan Chancellor | 1 | -3/+1 |
| 2026-05-19 | Merge tag 'lsm-pr-20260519' of git://git.kernel.org/pub/scm/linux/kernel/git/... | Linus Torvalds | 1 | -1/+8 |
| 2026-05-14 | lsm: hold cred_guard_mutex for lsm_set_self_attr() | Stephen Smalley | 1 | -1/+8 |
| 2026-05-13 | evm: terminate and bound the evm_xattrs read buffer | Pengpeng Hou | 1 | -5/+11 |
| 2026-05-13 | integrity: Add support for sigv3 verification using ML-DSA keys | Stefan Berger | 1 | -5/+84 |
| 2026-05-13 | integrity: Refactor asymmetric_verify for reusability | Stefan Berger | 1 | -19/+43 |
| 2026-05-13 | integrity: Check that algo parameter is within valid range | Stefan Berger | 1 | -1/+4 |
| 2026-05-13 | integrity: Check for NULL returned by asymmetric_key_public_key | Stefan Berger | 1 | -0/+4 |
| 2026-05-11 | fs: add icount_read_once() and stop open-coding ->i_count loads | Mateusz Guzik | 1 | -1/+1 |
| 2026-05-06 | selinux: check for simple types | Christian Göttsche | 3 | -2/+29 |
| 2026-05-06 | selinux: more strict bounds check | Christian Göttsche | 3 | -2/+31 |
| 2026-05-06 | selinux: beef up isvalid checks | Christian Göttsche | 8 | -58/+83 |
| 2026-05-06 | selinux: reorder policydb_index() | Christian Göttsche | 1 | -5/+6 |
| 2026-05-06 | selinux: check type attr map overflows | Christian Göttsche | 3 | -0/+33 |
| 2026-05-06 | selinux: check length fields in policies | Christian Göttsche | 4 | -0/+68 |
| 2026-05-06 | selinux: more strict policy parsing | Christian Göttsche | 8 | -60/+233 |
| 2026-05-06 | selinux: use u16 for security classes | Christian Göttsche | 3 | -8/+9 |
| 2026-05-06 | selinux: avoid nontransitive comparison | Christian Göttsche | 1 | -8/+9 |
| 2026-05-05 | selinux: shrink critical section in sel_write_load() | Stephen Smalley | 1 | -10/+8 |
| 2026-05-05 | selinux: allow multiple opens of /sys/fs/selinux/policy | Stephen Smalley | 1 | -23/+4 |
| 2026-05-05 | selinux: prune /sys/fs/selinux/user | Stephen Smalley | 3 | -190/+5 |
| 2026-05-05 | selinux: prune /sys/fs/selinux/disable | Stephen Smalley | 1 | -29/+7 |
| 2026-05-05 | selinux: prune /sys/fs/selinux/checkreqprot | Stephen Smalley | 1 | -40/+7 |
| 2026-05-01 | security,fs,nfs,net: update security_inode_listsecurity() interface | Stephen Smalley | 3 | -24/+15 |
| 2026-04-29 | selinux: switch two allocations to use kzalloc_objs() | Stephen Smalley | 1 | -2/+2 |
| 2026-04-29 | selinux: fix sel_kill_sb() | Stephen Smalley | 1 | -5/+5 |
| 2026-04-28 | selinux: fix avdcache auditing | Stephen Smalley | 2 | -21/+14 |
| 2026-04-27 | selinux: don't reserve xattr slot when we won't fill it | David Windsor | 1 | -1/+2 |
| 2026-04-27 | selinux: use sk blob accessor in socket permission helpers | Zongyao Chen | 1 | -2/+2 |
| 2026-04-27 | selinux: use QSTR() instead of QSTR_INIT() in init_sel_fs | Thorsten Blum | 1 | -2/+1 |
| 2026-04-27 | ima: return error early if file xattr cannot be changed | Goldwyn Rodrigues | 1 | -0/+5 |
| 2026-04-27 | ima: Fix sigv3 signature handling for EVM_IMA_XATTR_DIGSIG | Kamlesh Kumar | 2 | -3/+5 |
| 2026-04-24 | Merge tag 'apparmor-pr-2026-04-23' of git://git.kernel.org/pub/scm/linux/kern... | Linus Torvalds | 4 | -26/+22 |
| 2026-04-22 | apparmor/lsm: Fix aa_dfa_unpack's error handling in aa_setup_dfa_engine | GONG Ruiqi | 1 | -0/+1 |
| 2026-04-22 | apparmor: Fix string overrun due to missing termination | Daniel J Blueman | 1 | -3/+5 |
| 2026-04-22 | apparmor: Fix wrong dentry in RENAME_EXCHANGE uid check | Dudu Lu | 1 | -1/+1 |
| 2026-04-22 | apparmor: fix unpack_tags to properly return error in failure cases | John Johansen | 1 | -0/+1 |
| 2026-04-22 | apparmor: fix dfa size check | John Johansen | 1 | -1/+1 |
| 2026-04-22 | Merge tag 'tomoyo-pr-20260422' of git://git.code.sf.net/p/tomoyo/tomoyo | Linus Torvalds | 3 | -10/+8 |
| 2026-04-22 | apparmor: Use sysfs_emit in param_get_{audit,mode} | Thorsten Blum | 1 | -3/+3 |
| 2026-04-22 | apparmor: Remove redundant if check in sk_peer_get_label | Thorsten Blum | 1 | -5/+1 |
| 2026-04-22 | apparmor: Replace memcpy + NUL termination with kmemdup_nul in do_setattr | Thorsten Blum | 1 | -4/+1 |
| 2026-04-17 | Merge tag 'integrity-v7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/z... | Linus Torvalds | 16 | -533/+337 |
| 2026-04-15 | Merge tag 'mm-stable-2026-04-13-21-45' of git://git.kernel.org/pub/scm/linux/... | Linus Torvalds | 1 | -1/+3 |
| 2026-04-14 | Merge tag 'net-next-7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/net... | Linus Torvalds | 1 | -3/+1 |
| 2026-04-14 | Merge tag 'modules-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/... | Linus Torvalds | 1 | -3/+3 |
| 2026-04-15 | tomoyo: use u64 for holding inode->i_ino value | Tetsuo Handa | 3 | -10/+8 |
| 2026-04-13 | Merge tag 'libcrypto-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/... | Linus Torvalds | 1 | -1/+1 |
| 2026-04-13 | Merge tag 'landlock-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git... | Linus Torvalds | 14 | -117/+284 |
| 2026-04-13 | Merge tag 'selinux-pr-20260410' of git://git.kernel.org/pub/scm/linux/kernel/... | Linus Torvalds | 1 | -1/+2 |
| 2026-04-13 | Merge tag 'lsm-pr-20260410' of git://git.kernel.org/pub/scm/linux/kernel/git/... | Linus Torvalds | 6 | -69/+306 |
| 2026-04-13 | Merge tag 'vfs-7.1-rc1.kino' of git://git.kernel.org/pub/scm/linux/kernel/git... | Linus Torvalds | 7 | -20/+26 |
| 2026-04-13 | Merge tag 'vfs-7.1-rc1.directory' of git://git.kernel.org/pub/scm/linux/kerne... | Linus Torvalds | 2 | -35/+16 |
| 2026-04-13 | proc: make PROC_MEM_FORCE_PTRACE the Kconfig default | Linus Torvalds | 1 | -4/+2 |
| 2026-04-07 | landlock: Clarify BUILD_BUG_ON check in scoping logic | Günther Noack | 2 | -6/+12 |
| 2026-04-07 | landlock: Control pathname UNIX domain socket resolution by path | Günther Noack | 5 | -5/+134 |
| 2026-04-07 | landlock: Use mem_is_zero() in is_layer_masks_allowed() | Günther Noack | 1 | -1/+1 |
| 2026-04-07 | lsm: Add LSM hook security_unix_find | Justin Suess | 1 | -0/+20 |
| 2026-04-07 | landlock: Fix kernel-doc warning for pointer-to-array parameters | Mickaël Salaün | 1 | -2/+2 |
| 2026-04-07 | landlock: Fix formatting in tsync.c | Mickaël Salaün | 1 | -49/+58 |
| 2026-04-07 | landlock: Improve kernel-doc "Return:" section consistency | Mickaël Salaün | 8 | -34/+25 |
| 2026-04-07 | landlock: Add missing kernel-doc "Return:" sections | Mickaël Salaün | 5 | -14/+24 |
| 2026-04-07 | landlock: Allow TSYNC with LOG_SUBDOMAINS_OFF and fd=-1 | Mickaël Salaün | 1 | -5/+9 |
| 2026-04-07 | landlock: Fix LOG_SUBDOMAINS_OFF inheritance across fork() | Mickaël Salaün | 1 | -4/+2 |
| 2026-04-05 | mm: convert do_brk_flags() to use vma_flags_t | Lorenzo Stoakes (Oracle) | 1 | -1/+3 |
| 2026-04-03 | selinux: fix overlayfs mmap() and mprotect() access checks | Paul Moore | 2 | -64/+189 |
| 2026-04-03 | lsm: add backing_file LSM hooks | Paul Moore | 3 | -0/+112 |
| 2026-04-02 | Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net | Jakub Kicinski | 3 | -26/+78 |
| 2026-04-01 | evm: Enforce signatures version 3 with new EVM policy 'bit 3' | Stefan Berger | 2 | -1/+16 |
| 2026-04-01 | integrity: Allow sigv3 verification on EVM_XATTR_PORTABLE_DIGSIG | Stefan Berger | 1 | -1/+2 |
| 2026-04-01 | ima: add support to require IMA sigv3 signatures | Mimi Zohar | 3 | -12/+18 |
| 2026-04-01 | ima: add regular file data hash signature version 3 support | Mimi Zohar | 2 | -2/+2 |
| 2026-04-01 | ima: Define asymmetric_verify_v3() to verify IMA sigv3 signatures | Mimi Zohar | 5 | -56/+90 |
| 2026-03-26 | Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net | Jakub Kicinski | 1 | -0/+1 |
| 2026-03-26 | Merge tag 'landlock-7.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git... | Linus Torvalds | 3 | -26/+78 |
| 2026-03-24 | module: Give MODULE_SIG_STRING a more descriptive name | Thomas Weißschuh | 1 | -3/+3 |
| 2026-03-23 | crypto: sm3 - Rename CRYPTO_SM3_GENERIC to CRYPTO_SM3 | Eric Biggers | 1 | -1/+1 |
| 2026-03-20 | xen/privcmd: add boot control for restricted usage in domU | Juergen Gross | 1 | -0/+1 |
| 2026-03-17 | ima: remove buggy support for asynchronous hashes | Eric Biggers | 1 | -373/+9 |
| 2026-03-17 | securityfs: use kstrdup_const() to manage symlink targets | Dmitry Antipov | 1 | -5/+5 |
| 2026-03-17 | EVM: add comment describing why ino field is still unsigned long | Jeff Layton | 1 | -0/+6 |
| 2026-03-13 | smack: Remove IPPROTO_UDPLITE support in security_sock_rcv_skb(). | Kuniyuki Iwashima | 1 | -3/+1 |
| 2026-03-13 | integrity: Eliminate weak definition of arch_get_secureboot() | Nathan Chancellor | 2 | -17/+1 |
| 2026-03-11 | ima: Add code comments to explain IMA iint cache atomic_flags | Coiby Xu | 1 | -1/+26 |
| 2026-03-11 | ima_fs: Correctly create securityfs files for unsupported hash algos | Dmitry Safonov | 1 | -4/+12 |
| 2026-03-10 | landlock: Clean up interrupted thread logic in TSYNC | Yihan Ding | 1 | -7/+13 |
| 2026-03-10 | landlock: Serialize TSYNC thread restriction | Yihan Ding | 1 | -1/+11 |
| 2026-03-09 | apparmor: fix race between freeing data and fs accessing it | John Johansen | 7 | -101/+153 |
| 2026-03-09 | apparmor: fix race on rawdata dereference | John Johansen | 4 | -57/+93 |
| 2026-03-09 | apparmor: fix differential encoding verification | John Johansen | 2 | -4/+20 |
| 2026-03-09 | apparmor: fix unprivileged local user can do privileged policy management | John Johansen | 3 | -9/+43 |
| 2026-03-09 | apparmor: Fix double free of ns_name in aa_replace_profiles() | John Johansen | 1 | -0/+1 |
| 2026-03-09 | apparmor: fix missing bounds check on DEFAULT table in verify_dfa() | Massimiliano Pellizzer | 1 | -2/+3 |
| 2026-03-09 | apparmor: fix side-effect bug in match_char() macro usage | Massimiliano Pellizzer | 1 | -10/+20 |
| 2026-03-09 | apparmor: fix: limit the number of levels of policy namespaces | John Johansen | 2 | -0/+4 |
| 2026-03-09 | apparmor: replace recursive profile removal with iterative approach | Massimiliano Pellizzer | 1 | -3/+27 |
| 2026-03-09 | apparmor: fix memory leak in verify_header | Massimiliano Pellizzer | 1 | -1/+0 |
| 2026-03-09 | apparmor: validate DFA start states are in bounds in unpack_pdb | Massimiliano Pellizzer | 1 | -1/+11 |
| 2026-03-09 | ima: check return value of crypto_shash_final() in boot aggregate | Daniel Hodges | 1 | -1/+1 |
| 2026-03-08 | ima: Define and use a digest_size field in the ima_algo_desc structure | Roberto Sassu | 3 | -12/+13 |
| 2026-03-08 | ima: efi: Drop unnecessary check for CONFIG_MODULE_SIG/CONFIG_KEXEC_SIG | Thomas Weißschuh | 1 | -4/+2 |
| 2026-03-08 | ima: fallback to using i_version to detect file change | Mimi Zohar | 2 | -12/+35 |
| 2026-03-06 | treewide: change inode->i_ino from unsigned long to u64 | Jeff Layton | 6 | -20/+20 |
| 2026-03-06 | selinux: Use simple_start_creating() / simple_done_creating() | NeilBrown | 1 | -9/+8 |
| 2026-03-06 | Apparmor: Use simple_start_creating() / simple_done_creating() | NeilBrown | 1 | -27/+8 |
| 2026-03-05 | evm: fix security.evm for a file with IMA signature | Coiby Xu | 2 | -0/+33 |
| 2026-03-05 | evm: Don't enable fix mode when secure boot is enabled | Coiby Xu | 1 | -7/+17 |
| 2026-03-05 | integrity: Make arch_ima_get_secureboot integrity-wide | Coiby Xu | 8 | -50/+80 |
| 2026-03-04 | landlock: Improve TSYNC types | Mickaël Salaün | 1 | -5/+8 |
| 2026-03-04 | landlock: Fully release unused TSYNC work entries | Mickaël Salaün | 1 | -6/+41 |
| 2026-03-04 | landlock: Fix formatting | Mickaël Salaün | 2 | -7/+5 |
| 2026-02-23 | apparmor: return error on namespace mismatch in verify_header | Massimiliano Pellizzer | 1 | -0/+1 |
| 2026-02-23 | apparmor: use target task's context in apparmor_getprocattr() | Cengiz Can | 1 | -9/+7 |
| 2026-02-23 | selinux: annotate intentional data race in inode_doinit_with_dentry() | Christian Göttsche | 1 | -1/+2 |
| 2026-02-22 | Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL uses | Kees Cook | 3 | -9/+8 |
| 2026-02-21 | Convert more 'alloc_obj' cases to default GFP_KERNEL arguments | Linus Torvalds | 4 | -8/+4 |