aboutsummaryrefslogtreecommitdiffstats
path: root/security/landlock
AgeCommit message (Expand)AuthorFilesLines
2025-04-17landlock: Fix documentation for landlock_restrict_self(2)Mickaël Salaün1-6/+6
2025-04-17landlock: Fix documentation for landlock_create_ruleset(2)Mickaël Salaün1-8/+7
2025-04-11landlock: Log the TGID of the domain creatorMickaël Salaün1-2/+2
2025-04-08landlock: Remove incorrect warningMickaël Salaün1-1/+1
2025-03-28Merge tag 'landlock-6.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds24-254/+2264
2025-03-26landlock: Add LANDLOCK_RESTRICT_SELF_LOG_SUBDOMAINS_OFFMickaël Salaün3-7/+43
2025-03-26landlock: Add LANDLOCK_RESTRICT_SELF_LOG_*_EXEC_* flagsMickaël Salaün5-12/+63
2025-03-26landlock: Log scoped denialsMickaël Salaün5-18/+97
2025-03-26landlock: Log TCP bind and connect denialsMickaël Salaün3-4/+60
2025-03-26landlock: Log truncate and IOCTL denialsMickaël Salaün7-6/+307
2025-03-26landlock: Factor out IOCTL hooksMickaël Salaün1-21/+11
2025-03-26landlock: Log file-related denialsMickaël Salaün3-16/+233
2025-03-26landlock: Log mount-related denialsMickaël Salaün4-41/+74
2025-03-26landlock: Add AUDIT_LANDLOCK_DOMAIN and log domain statusMickaël Salaün6-4/+285
2025-03-26landlock: Add AUDIT_LANDLOCK_ACCESS and log ptrace denialsMickaël Salaün7-24/+336
2025-03-26landlock: Identify domain execution crossingMickaël Salaün3-6/+59
2025-03-26landlock: Prepare to use credential instead of domain for fownerMickaël Salaün3-21/+39
2025-03-26landlock: Prepare to use credential instead of domain for scopeMickaël Salaün1-24/+28
2025-03-26landlock: Prepare to use credential instead of domain for networkMickaël Salaün1-15/+12
2025-03-26landlock: Prepare to use credential instead of domain for filesystemMickaël Salaün2-30/+92
2025-03-26landlock: Move domain hierarchy managementMickaël Salaün4-34/+53
2025-03-26landlock: Add unique ID generatorMickaël Salaün5-0/+282
2025-03-26landlock: Always allow signals between threads of the same processMickaël Salaün3-6/+64
2025-03-24Merge tag 'vfs-6.15-rc1.misc' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds1-1/+1
2025-03-21landlock: Prepare to add second errataMickaël Salaün1-0/+12
2025-03-21landlock: Add erratum for TCP fixMickaël Salaün1-0/+15
2025-03-21landlock: Add the errata interfaceMickaël Salaün4-4/+138
2025-03-21landlock: Move code to ease future backportsMickaël Salaün1-5/+5
2025-03-08vfs: Remove invalidate_inodes()Jan Kara1-1/+1
2025-02-14landlock: Fix non-TCP sockets restrictionMikhail Ivanov1-2/+1
2025-02-14landlock: Fix grammar errorTanya Agarwal1-1/+1
2025-01-17landlock: Optimize file path walks and prepare for audit supportMickaël Salaün1-17/+27
2025-01-17landlock: Align partial refer access checks with final onesMickaël Salaün1-1/+13
2025-01-17landlock: Simplify initially denied access rightsMickaël Salaün3-11/+19
2025-01-17landlock: Move access typesMickaël Salaün5-46/+68
2025-01-17landlock: Factor out check_access_path()Mickaël Salaün1-21/+11
2025-01-14landlock: Use scoped guards for ruleset in landlock_add_rule()Mickaël Salaün1-10/+4
2025-01-14landlock: Use scoped guards for rulesetMickaël Salaün3-29/+23
2025-01-14landlock: Constify get_mode_access()Mickaël Salaün1-1/+1
2025-01-14landlock: Handle weird filesMickaël Salaün1-6/+5
2024-11-18Merge tag 'pull-fd' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfsLinus Torvalds1-31/+14
2024-11-09landlock: Optimize scope enforcementMickaël Salaün1-3/+15
2024-11-09landlock: Refactor network access mask managementMickaël Salaün1-22/+6
2024-11-09landlock: Refactor filesystem access mask managementMickaël Salaün3-32/+75
2024-11-03fdget(), trivial conversionsAl Viro1-18/+8
2024-11-03fdget_raw() users: switch to CLASS(fd_raw)Al Viro1-13/+6
2024-09-24Merge tag 'landlock-6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds8-9/+269
2024-09-23Merge tag 'pull-stable-struct_fd' of git://git.kernel.org/pub/scm/linux/kerne...Linus Torvalds1-11/+11
2024-09-16landlock: Add signal scopingTahera Fahimi5-2/+90
2024-09-16landlock: Add abstract UNIX socket scopingTahera Fahimi5-8/+180
2024-08-12introduce fd_file(), convert all accessors to it.Al Viro1-11/+11
2024-08-12lsm: add the inode_free_security_rcu() LSM implementation hookPaul Moore1-3/+6
2024-07-27Merge tag 'landlock-6.11-rc1-houdini-fix' of git://git.kernel.org/pub/scm/lin...Linus Torvalds1-2/+9
2024-07-24landlock: Don't lose track of restrictions on cred_transferJann Horn1-2/+9
2024-07-18landlock: Various documentation improvementsGünther Noack1-8/+9
2024-07-08landlock: Use bit-fields for storing handled layer access masksGünther Noack3-21/+9
2024-05-31landlock: Fix d_parent walkMickaël Salaün1-2/+11
2024-05-13landlock: Add IOCTL access right for character and block devicesGünther Noack3-5/+224
2024-03-08landlock: Use f_cred in security_file_open() hookMickaël Salaün1-7/+11
2024-03-08landlock: Rename "ptrace" files to "task"Mickaël Salaün4-9/+9
2024-03-08landlock: Simplify current_check_access_socket()Mickaël Salaün1-4/+3
2024-03-07landlock: Warn once if a Landlock action is requested while disabledMickaël Salaün1-3/+15
2024-02-27landlock: Add support for KUnit testsMickaël Salaün4-0/+255
2024-02-26landlock: Fix asymmetric private inodes referringMickaël Salaün1-2/+2
2024-01-09Merge tag 'landlock-6.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds2-16/+17
2024-01-03landlock: Optimize the number of calls to get_access_mask slightlyGünther Noack1-2/+3
2024-01-03landlock: Remove remaining "inline" modifiers in .c files [v6.6]Günther Noack1-1/+1
2024-01-03landlock: Remove remaining "inline" modifiers in .c files [v6.1]Günther Noack1-9/+9
2024-01-03landlock: Remove remaining "inline" modifiers in .c files [v5.15]Günther Noack2-4/+4
2023-11-12LSM: Identify modules by more than nameCasey Schaufler6-4/+11
2023-10-26landlock: Support network rules with TCP bind and connectKonstantin Meskhidze9-24/+414
2023-10-26landlock: Refactor landlock_add_rule() syscallKonstantin Meskhidze1-44/+45
2023-10-26landlock: Refactor layer helpersKonstantin Meskhidze3-42/+66
2023-10-26landlock: Move and rename layer helpersKonstantin Meskhidze3-115/+129
2023-10-26landlock: Refactor merge/inherit_ruleset helpersKonstantin Meskhidze1-42/+74
2023-10-26landlock: Refactor landlock_find_rule/insert_rule helpersKonstantin Meskhidze3-54/+165
2023-10-26landlock: Allow FS topology changes for domains without such rule typeMickaël Salaün3-40/+60
2023-10-26landlock: Make ruleset's access masks more genericKonstantin Meskhidze5-20/+50
2023-08-18landlock: Annotate struct landlock_rule with __counted_byKees Cook1-1/+1
2023-06-12hostfs: Fix ephemeral inodesMickaël Salaün1-1/+1
2023-03-20selinux: remove the runtime disable functionalityPaul Moore4-5/+5
2022-10-19landlock: Support file truncationGünther Noack5-7/+126
2022-10-19landlock: Document init_layer_masks() helperGünther Noack1-0/+13
2022-10-19landlock: Refactor check_access_path_dual() into is_access_to_paths_allowed()Günther Noack1-45/+44
2022-09-29landlock: Fix documentation styleMickaël Salaün1-20/+20
2022-09-29landlock: Slightly improve documentation and fix spellingMickaël Salaün1-1/+1
2022-09-02landlock: Fix file reparenting without explicit LANDLOCK_ACCESS_FS_REFERMickaël Salaün1-23/+25
2022-05-23landlock: Add support for file reparenting with LANDLOCK_ACCESS_FS_REFERMickaël Salaün3-76/+528
2022-05-23LSM: Remove double path_rename hook calls for RENAME_EXCHANGEMickaël Salaün1-1/+10
2022-05-23landlock: Move filesystem helpers and add a new oneMickaël Salaün1-41/+46
2022-05-23landlock: Fix same-layer rule unionsMickaël Salaün2-26/+54
2022-05-23landlock: Create find_rule() from unmask_layers()Mickaël Salaün1-13/+28
2022-05-23landlock: Reduce the maximum number of layers to 16Mickaël Salaün3-11/+12
2022-05-23landlock: Define access_mask_t to enforce a consistent access mask sizeMickaël Salaün5-15/+30
2022-05-23landlock: Change landlock_restrict_self(2) check orderingMickaël Salaün1-4/+4
2022-05-23landlock: Change landlock_add_rule(2) argument check orderingMickaël Salaün1-9/+13
2022-05-23landlock: Fix landlock_add_rule(2) documentationMickaël Salaün1-4/+3
2022-05-09landlock: Format with clang-formatMickaël Salaün10-136/+142
2022-05-09landlock: Add clang-format exceptionsMickaël Salaün2-0/+6
2022-02-04landlock: Use square brackets around "landlock-ruleset"Christian Brauner1-1/+1
2021-04-22landlock: Enable user space to infer supported featuresMickaël Salaün1-4/+13
2021-04-22landlock: Add syscall implementationsMickaël Salaün2-1/+443
2021-04-22landlock: Support filesystem access-controlMickaël Salaün8-2/+781
2021-04-22landlock: Add ptrace restrictionsMickaël Salaün4-1/+137
2021-04-22landlock: Set up the security framework and manage credentialsMickaël Salaün6-1/+173
2021-04-22landlock: Add ruleset and domain managementMickaël Salaün4-1/+652
2021-04-22landlock: Add object managementMickaël Salaün4-0/+182