aboutsummaryrefslogtreecommitdiffstats
path: root/security
AgeCommit message (Expand)AuthorFilesLines
7 daysMerge tag 'apparmor-pr-2026-06-22' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds17-150/+364
7 daysapparmor: advertise the tcp fast open fix is appliedJohn Johansen1-0/+2
8 daysapparmor: mediate the implicit connect of TCP fast open sendmsgBryam Vargas1-1/+15
12 daysMerge tag 'landlock-7.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds14-190/+788
12 daysMerge tag 'for-next-keys-7.2-rc1-2' of git://git.kernel.org/pub/scm/linux/ker...Linus Torvalds14-40/+128
12 daysMerge tag 'integrity-v7.2' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds11-101/+845
2026-06-17Merge tag 'selinux-pr-20260615' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds17-155/+512
2026-06-17Merge tag 'lsm-pr-20260615' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds3-24/+15
2026-06-17Merge tag 'net-next-7.2' of git://git.kernel.org/pub/scm/linux/kernel/git/net...Linus Torvalds1-1/+2
2026-06-15keys: keyctl_pkey: replace BUG with return -EOPNOTSUPPMohammed EL Kadiri1-2/+3
2026-06-15keys: request_key: replace BUG with return -EINVALMohammed EL Kadiri1-1/+1
2026-06-15keys: Pin request_key_auth payload in instantiate pathsShaomin Chen3-8/+51
2026-06-15keys: prevent slab cache merging for key_jarMohammed EL Kadiri1-1/+1
2026-06-15keys: Replace strcpy(derived_buf, "AUTH_KEY") with strscpy(..., HASH_SIZE)David Laight1-2/+2
2026-06-15KEYS: Use acquire when reading state in keyring searchGui-Dong Han1-1/+1
2026-06-15keys/trusted_keys: mark 'migratable' as __ro_after_initLen Bao1-1/+1
2026-06-15keys: use kmalloc_flex in user_preparseThorsten Blum1-1/+1
2026-06-15KEYS: trusted: Debugging as a featureJarkko Sakkinen4-21/+59
2026-06-15KEYS: encrypted: Remove unnecessary selection of CRYPTO_RNGEric Biggers1-1/+0
2026-06-15KEYS: fix overflow in keyctl_pkey_params_get_2()Jarkko Sakkinen1-1/+8
2026-06-14apparmor: fix label can not be immediately before a declarationJohn Johansen1-1/+2
2026-06-15Merge tag 'kbuild-7.2-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kbu...Linus Torvalds1-8/+1
2026-06-15Merge tag 'vfs-7.2-rc1.inode' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds1-1/+1
2026-06-14landlock: Suppress logging when quiet flag is presentTingmao Wang7-16/+324
2026-06-14landlock: Add API support and docs for the quiet flagsTingmao Wang8-27/+89
2026-06-14landlock: Add a place for flags to layer rulesTingmao Wang10-112/+176
2026-06-13apparmor: fix kernel-doc warningsRodrigo Zaiden2-2/+2
2026-06-13apparmor: replace get_zeroed_page() with kzalloc()Mike Rapoport (Microsoft)1-2/+3
2026-06-13security: apparmor: fix two spelling mistakesQingshuang Fu2-2/+2
2026-06-13apparmor: fix use-after-free in rawdata dedup loopRuslan Valiyev2-2/+25
2026-06-13apparmor: Fix inverted comparison in cache_hold_inc()Eduardo Vasconcelos1-1/+1
2026-06-13apparmor: fix uninitialised pointer passed to audit_log_untrustedstring()Maciek Borzecki1-5/+5
2026-06-13apparmor: don't audit files pointing to aa_null.dentryGeorgia Garcia1-1/+1
2026-06-13apparmor: put secmark label after secid lookupZygmunt Krynicki1-0/+1
2026-06-13apparmor: aa_getprocattr free procattr leak on format failureZygmunt Krynicki1-0/+2
2026-06-13apparmor: remove unnecessary goto and associated labelJohn Johansen1-4/+1
2026-06-13apparmor: release exe file resources on path failureZygmunt Krynicki1-2/+5
2026-06-13apparmor: fail policy unpack on accept2 allocation failureZygmunt Krynicki1-2/+2
2026-06-13apparmor: Fix return in ns_mkdir_opHongling Zeng1-1/+1
2026-06-13apparmor: remove or add symlinks to rawdata according to export_binaryGeorgia Garcia3-25/+104
2026-06-13apparmor: fix NULL pointer dereference in unpack_pdbGeorgia Garcia1-1/+1
2026-06-13apparmor: make fn_label_build() capable of handling not supportedJohn Johansen1-5/+8
2026-06-13apparmor: change fn_label_build() call to not return NULLJohn Johansen3-35/+35
2026-06-13apparmor: fix potential UAF in aa_replace_profilesMaxime Bélair1-1/+3
2026-06-13apparmor: free rawdata as soon as possibleJohn Johansen1-0/+7
2026-06-13apparmor: grab ns lock and refresh when looking up changehat child profilesRyan Lee1-2/+31
2026-06-13apparmor: fix rawdata_f_data implicit flex arrayJohn Johansen1-4/+3
2026-06-13apparmor: use __label_make_stale in __aa_proxy_redirectRyan Lee1-1/+1
2026-06-13apparmor: propagate -ENOMEM correctly in unpack_tableMaxime Bélair1-9/+13
2026-06-13apparmor: enable differential encodingJohn Johansen1-0/+1
2026-06-13apparmor: aa_label_alloc use aa_label_free on alloc failureZygmunt Krynicki1-1/+1
2026-06-13apparmor: check label build before no_new_privs testRuoyu Wang1-10/+15
2026-06-13security/apparmor/apparmorfs.c: conditionally compile get_loaddata_common_ref()Andrew Morton1-0/+2
2026-06-13apparmor: add a conditional version of get_newest_labelJohn Johansen2-11/+43
2026-06-13apparmor: fix refcount leak when updating the sk_ctxJohn Johansen1-2/+4
2026-06-13apparmor: fix race in unix socket mediation when peer_path is usedJohn Johansen1-26/+32
2026-06-13apparmor: fix shadowing of plabel that prevents cache from being updatedJohn Johansen1-2/+1
2026-06-13landlock: Add UDP send+connect access controlMatthieu Buffet3-18/+134
2026-06-13landlock: Add UDP bind() access controlMatthieu Buffet4-8/+15
2026-06-13landlock: Fix unmarked concurrent access to socket familyMatthieu Buffet1-2/+9
2026-06-13landlock: Fix LANDLOCK_SCOPE_SIGNAL bypass on the SIGIO pathBryam Vargas3-0/+35
2026-06-13landlock: Account all audit data allocations to user spaceMickaël Salaün2-8/+6
2026-06-13landlock: Set audit_net.sk for socket access checksMickaël Salaün1-0/+1
2026-06-13Merge tag 'ipsec-next-2026-06-12' of git://git.kernel.org/pub/scm/linux/kerne...Jakub Kicinski1-1/+2
2026-06-08ima: Support staging and deleting N measurements recordsRoberto Sassu4-4/+98
2026-06-08ima: Add support for flushing the hash table when staging measurementsRoberto Sassu1-6/+35
2026-06-08ima: Add support for staging measurements with promptRoberto Sassu5-20/+333
2026-06-08ima: Introduce ima_dump_measurement()Roberto Sassu1-6/+13
2026-06-08ima: Use snprintf() in create_securityfs_measurement_listsRoberto Sassu1-8/+12
2026-06-08ima: Mediate open/release method of the measurements listRoberto Sassu1-4/+98
2026-06-08ima: Introduce _ima_measurements_start() and _ima_measurements_next()Roberto Sassu1-4/+16
2026-06-08ima: Introduce per binary measurements list type binary_runtime_size valueRoberto Sassu3-15/+32
2026-06-08ima: Introduce per binary measurements list type ima_num_records counterRoberto Sassu4-5/+14
2026-06-08ima: Replace static htable queue with dynamically allocated arrayRoberto Sassu3-6/+50
2026-06-08ima: Remove ima_h_table structureRoberto Sassu5-26/+24
2026-06-04xfrm: add XFRM_MSG_MIGRATE_STATE for single SA migrationAntony Antony1-1/+2
2026-05-29selinux: revert use of __getname() in selinux_genfs_get_sid()Paul Moore1-2/+2
2026-05-28security/keys: fix missed RCU read section on lookupLinus Torvalds1-0/+1
2026-05-27selinux: comment spelling fix in ibpkey.cKalevi Kolttonen1-1/+1
2026-05-27selinux: comment typo fix in selinuxfs.cKalevi Kolttonen1-1/+1
2026-05-27selinux: hooks: use __getname() to allocate path bufferMike Rapoport (Microsoft)1-2/+2
2026-05-27selinux: use k[mz]alloc() to allocate temporary buffersMike Rapoport (Microsoft)1-6/+6
2026-05-27security/Kconfig.hardening: Remove tautological condition from CC_HAS_RANDSTRUCTNathan Chancellor1-3/+0
2026-05-27security/Kconfig.hardening: Remove tautological condition from FORTIFY_SOURCENathan Chancellor1-2/+0
2026-05-27security/Kconfig.hardening: Remove tautological condition from CC_HAS_ZERO_CA...Nathan Chancellor1-3/+1
2026-05-19Merge tag 'lsm-pr-20260519' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds1-1/+8
2026-05-14lsm: hold cred_guard_mutex for lsm_set_self_attr()Stephen Smalley1-1/+8
2026-05-13evm: terminate and bound the evm_xattrs read bufferPengpeng Hou1-5/+11
2026-05-13integrity: Add support for sigv3 verification using ML-DSA keysStefan Berger1-5/+84
2026-05-13integrity: Refactor asymmetric_verify for reusabilityStefan Berger1-19/+43
2026-05-13integrity: Check that algo parameter is within valid rangeStefan Berger1-1/+4
2026-05-13integrity: Check for NULL returned by asymmetric_key_public_keyStefan Berger1-0/+4
2026-05-11fs: add icount_read_once() and stop open-coding ->i_count loadsMateusz Guzik1-1/+1
2026-05-06selinux: check for simple typesChristian Göttsche3-2/+29
2026-05-06selinux: more strict bounds checkChristian Göttsche3-2/+31
2026-05-06selinux: beef up isvalid checksChristian Göttsche8-58/+83
2026-05-06selinux: reorder policydb_index()Christian Göttsche1-5/+6
2026-05-06selinux: check type attr map overflowsChristian Göttsche3-0/+33
2026-05-06selinux: check length fields in policiesChristian Göttsche4-0/+68
2026-05-06selinux: more strict policy parsingChristian Göttsche8-60/+233
2026-05-06selinux: use u16 for security classesChristian Göttsche3-8/+9
2026-05-06selinux: avoid nontransitive comparisonChristian Göttsche1-8/+9
2026-05-05selinux: shrink critical section in sel_write_load()Stephen Smalley1-10/+8
2026-05-05selinux: allow multiple opens of /sys/fs/selinux/policyStephen Smalley1-23/+4
2026-05-05selinux: prune /sys/fs/selinux/userStephen Smalley3-190/+5
2026-05-05selinux: prune /sys/fs/selinux/disableStephen Smalley1-29/+7
2026-05-05selinux: prune /sys/fs/selinux/checkreqprotStephen Smalley1-40/+7
2026-05-01security,fs,nfs,net: update security_inode_listsecurity() interfaceStephen Smalley3-24/+15
2026-04-29selinux: switch two allocations to use kzalloc_objs()Stephen Smalley1-2/+2
2026-04-29selinux: fix sel_kill_sb()Stephen Smalley1-5/+5
2026-04-28selinux: fix avdcache auditingStephen Smalley2-21/+14
2026-04-27selinux: don't reserve xattr slot when we won't fill itDavid Windsor1-1/+2
2026-04-27selinux: use sk blob accessor in socket permission helpersZongyao Chen1-2/+2
2026-04-27selinux: use QSTR() instead of QSTR_INIT() in init_sel_fsThorsten Blum1-2/+1
2026-04-27ima: return error early if file xattr cannot be changedGoldwyn Rodrigues1-0/+5
2026-04-27ima: Fix sigv3 signature handling for EVM_IMA_XATTR_DIGSIGKamlesh Kumar2-3/+5
2026-04-24Merge tag 'apparmor-pr-2026-04-23' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds4-26/+22
2026-04-22apparmor/lsm: Fix aa_dfa_unpack's error handling in aa_setup_dfa_engineGONG Ruiqi1-0/+1
2026-04-22apparmor: Fix string overrun due to missing terminationDaniel J Blueman1-3/+5
2026-04-22apparmor: Fix wrong dentry in RENAME_EXCHANGE uid checkDudu Lu1-1/+1
2026-04-22apparmor: fix unpack_tags to properly return error in failure casesJohn Johansen1-0/+1
2026-04-22apparmor: fix dfa size checkJohn Johansen1-1/+1
2026-04-22Merge tag 'tomoyo-pr-20260422' of git://git.code.sf.net/p/tomoyo/tomoyoLinus Torvalds3-10/+8
2026-04-22apparmor: Use sysfs_emit in param_get_{audit,mode}Thorsten Blum1-3/+3
2026-04-22apparmor: Remove redundant if check in sk_peer_get_labelThorsten Blum1-5/+1
2026-04-22apparmor: Replace memcpy + NUL termination with kmemdup_nul in do_setattrThorsten Blum1-4/+1
2026-04-17Merge tag 'integrity-v7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds16-533/+337
2026-04-15Merge tag 'mm-stable-2026-04-13-21-45' of git://git.kernel.org/pub/scm/linux/...Linus Torvalds1-1/+3
2026-04-14Merge tag 'net-next-7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/net...Linus Torvalds1-3/+1
2026-04-14Merge tag 'modules-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds1-3/+3
2026-04-15tomoyo: use u64 for holding inode->i_ino valueTetsuo Handa3-10/+8
2026-04-13Merge tag 'libcrypto-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-1/+1
2026-04-13Merge tag 'landlock-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds14-117/+284
2026-04-13Merge tag 'selinux-pr-20260410' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-1/+2
2026-04-13Merge tag 'lsm-pr-20260410' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds6-69/+306
2026-04-13Merge tag 'vfs-7.1-rc1.kino' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds7-20/+26
2026-04-13Merge tag 'vfs-7.1-rc1.directory' of git://git.kernel.org/pub/scm/linux/kerne...Linus Torvalds2-35/+16
2026-04-13proc: make PROC_MEM_FORCE_PTRACE the Kconfig defaultLinus Torvalds1-4/+2
2026-04-07landlock: Clarify BUILD_BUG_ON check in scoping logicGünther Noack2-6/+12
2026-04-07landlock: Control pathname UNIX domain socket resolution by pathGünther Noack5-5/+134
2026-04-07landlock: Use mem_is_zero() in is_layer_masks_allowed()Günther Noack1-1/+1
2026-04-07lsm: Add LSM hook security_unix_findJustin Suess1-0/+20
2026-04-07landlock: Fix kernel-doc warning for pointer-to-array parametersMickaël Salaün1-2/+2
2026-04-07landlock: Fix formatting in tsync.cMickaël Salaün1-49/+58
2026-04-07landlock: Improve kernel-doc "Return:" section consistencyMickaël Salaün8-34/+25
2026-04-07landlock: Add missing kernel-doc "Return:" sectionsMickaël Salaün5-14/+24
2026-04-07landlock: Allow TSYNC with LOG_SUBDOMAINS_OFF and fd=-1Mickaël Salaün1-5/+9
2026-04-07landlock: Fix LOG_SUBDOMAINS_OFF inheritance across fork()Mickaël Salaün1-4/+2
2026-04-05mm: convert do_brk_flags() to use vma_flags_tLorenzo Stoakes (Oracle)1-1/+3
2026-04-03selinux: fix overlayfs mmap() and mprotect() access checksPaul Moore2-64/+189
2026-04-03lsm: add backing_file LSM hooksPaul Moore3-0/+112
2026-04-02Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski3-26/+78
2026-04-01evm: Enforce signatures version 3 with new EVM policy 'bit 3'Stefan Berger2-1/+16
2026-04-01integrity: Allow sigv3 verification on EVM_XATTR_PORTABLE_DIGSIGStefan Berger1-1/+2
2026-04-01ima: add support to require IMA sigv3 signaturesMimi Zohar3-12/+18
2026-04-01ima: add regular file data hash signature version 3 supportMimi Zohar2-2/+2
2026-04-01ima: Define asymmetric_verify_v3() to verify IMA sigv3 signaturesMimi Zohar5-56/+90
2026-03-26Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski1-0/+1
2026-03-26Merge tag 'landlock-7.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds3-26/+78
2026-03-24module: Give MODULE_SIG_STRING a more descriptive nameThomas Weißschuh1-3/+3
2026-03-23crypto: sm3 - Rename CRYPTO_SM3_GENERIC to CRYPTO_SM3Eric Biggers1-1/+1
2026-03-20xen/privcmd: add boot control for restricted usage in domUJuergen Gross1-0/+1
2026-03-17ima: remove buggy support for asynchronous hashesEric Biggers1-373/+9
2026-03-17securityfs: use kstrdup_const() to manage symlink targetsDmitry Antipov1-5/+5
2026-03-17EVM: add comment describing why ino field is still unsigned longJeff Layton1-0/+6
2026-03-13smack: Remove IPPROTO_UDPLITE support in security_sock_rcv_skb().Kuniyuki Iwashima1-3/+1
2026-03-13integrity: Eliminate weak definition of arch_get_secureboot()Nathan Chancellor2-17/+1
2026-03-11ima: Add code comments to explain IMA iint cache atomic_flagsCoiby Xu1-1/+26
2026-03-11ima_fs: Correctly create securityfs files for unsupported hash algosDmitry Safonov1-4/+12
2026-03-10landlock: Clean up interrupted thread logic in TSYNCYihan Ding1-7/+13
2026-03-10landlock: Serialize TSYNC thread restrictionYihan Ding1-1/+11
2026-03-09apparmor: fix race between freeing data and fs accessing itJohn Johansen7-101/+153
2026-03-09apparmor: fix race on rawdata dereferenceJohn Johansen4-57/+93
2026-03-09apparmor: fix differential encoding verificationJohn Johansen2-4/+20
2026-03-09apparmor: fix unprivileged local user can do privileged policy managementJohn Johansen3-9/+43
2026-03-09apparmor: Fix double free of ns_name in aa_replace_profiles()John Johansen1-0/+1
2026-03-09apparmor: fix missing bounds check on DEFAULT table in verify_dfa()Massimiliano Pellizzer1-2/+3
2026-03-09apparmor: fix side-effect bug in match_char() macro usageMassimiliano Pellizzer1-10/+20
2026-03-09apparmor: fix: limit the number of levels of policy namespacesJohn Johansen2-0/+4
2026-03-09apparmor: replace recursive profile removal with iterative approachMassimiliano Pellizzer1-3/+27
2026-03-09apparmor: fix memory leak in verify_headerMassimiliano Pellizzer1-1/+0
2026-03-09apparmor: validate DFA start states are in bounds in unpack_pdbMassimiliano Pellizzer1-1/+11
2026-03-09ima: check return value of crypto_shash_final() in boot aggregateDaniel Hodges1-1/+1
2026-03-08ima: Define and use a digest_size field in the ima_algo_desc structureRoberto Sassu3-12/+13
2026-03-08ima: efi: Drop unnecessary check for CONFIG_MODULE_SIG/CONFIG_KEXEC_SIGThomas Weißschuh1-4/+2
2026-03-08ima: fallback to using i_version to detect file changeMimi Zohar2-12/+35
2026-03-06treewide: change inode->i_ino from unsigned long to u64Jeff Layton6-20/+20
2026-03-06selinux: Use simple_start_creating() / simple_done_creating()NeilBrown1-9/+8
2026-03-06Apparmor: Use simple_start_creating() / simple_done_creating()NeilBrown1-27/+8
2026-03-05evm: fix security.evm for a file with IMA signatureCoiby Xu2-0/+33
2026-03-05evm: Don't enable fix mode when secure boot is enabledCoiby Xu1-7/+17
2026-03-05integrity: Make arch_ima_get_secureboot integrity-wideCoiby Xu8-50/+80
2026-03-04landlock: Improve TSYNC typesMickaël Salaün1-5/+8
2026-03-04landlock: Fully release unused TSYNC work entriesMickaël Salaün1-6/+41
2026-03-04landlock: Fix formattingMickaël Salaün2-7/+5
2026-02-23apparmor: return error on namespace mismatch in verify_headerMassimiliano Pellizzer1-0/+1
2026-02-23apparmor: use target task's context in apparmor_getprocattr()Cengiz Can1-9/+7
2026-02-23selinux: annotate intentional data race in inode_doinit_with_dentry()Christian Göttsche1-1/+2
2026-02-22Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL usesKees Cook3-9/+8
2026-02-21Convert more 'alloc_obj' cases to default GFP_KERNEL argumentsLinus Torvalds4-8/+4