aboutsummaryrefslogtreecommitdiffstats
path: root/security
AgeCommit message (Expand)AuthorFilesLines
2 daysMerge branch 'next' of https://git.kernel.org/pub/scm/linux/kernel/git/mic/li...Mark Brown6-31/+152
2 daysMerge branch 'for-next-tpm' of https://git.kernel.org/pub/scm/linux/kernel/gi...Mark Brown6-23/+60
2 daysMerge branch 'next' of https://github.com/cschaufler/smack-nextMark Brown2-60/+23
2 daysMerge branch 'next' of https://git.kernel.org/pub/scm/linux/kernel/git/pcmoor...Mark Brown18-157/+514
2 daysMerge branch 'next-integrity' of https://git.kernel.org/pub/scm/linux/kernel/...Mark Brown4-29/+152
2 daysMerge branch 'next' of https://git.kernel.org/pub/scm/linux/kernel/git/pcmoor...Mark Brown19-28/+745
3 daysnext-20260522/vfs-braunerMark Brown1-1/+1
3 daysAutomated merge of 'dev' into 'next'Paul Moore19-28/+745
3 dayssecurity/keys: fix missed RCU read section on lookupLinus Torvalds1-0/+1
4 daysAutomated merge of 'dev' into 'next'Paul Moore18-157/+514
4 daysselinux: comment spelling fix in ibpkey.cKalevi Kolttonen1-1/+1
4 daysselinux: comment typo fix in selinuxfs.cKalevi Kolttonen1-1/+1
4 daysselinux: hooks: use __getname() to allocate path bufferMike Rapoport (Microsoft)1-2/+2
4 daysselinux: use k[mz]alloc() to allocate temporary buffersMike Rapoport (Microsoft)1-6/+6
9 dayslandlock: Add UDP send access controlMatthieu Buffet1-6/+64
9 dayslandlock: Add UDP connect() access controlMatthieu Buffet3-13/+70
9 dayslandlock: Add UDP bind() access controlMatthieu Buffet4-8/+15
9 dayslandlock: Account all audit data allocations to user spaceMickaël Salaün2-8/+6
9 dayslandlock: Set audit_net.sk for socket access checksMickaël Salaün1-0/+1
11 daysMerge branch 'vfs-7.2.inode' into vfs.allChristian Brauner1-1/+1
12 daysMerge tag 'lsm-pr-20260519' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds1-1/+8
2026-05-14lsm: hold cred_guard_mutex for lsm_set_self_attr()Stephen Smalley1-1/+8
2026-05-14ipe: restore the kdoc comments for evaluate_property()Paul Moore1-0/+2
2026-05-13hornet: depend on CONFIG_SECURITY and CONFIG_BPF_SYSCALLPaul Moore1-0/+1
2026-05-13ipe: Add BPF program load policy enforcement via Hornet integrationBlaise Boscaccy10-1/+269
2026-05-13lsm: introduce the Hornet LSMBlaise Boscaccy6-1/+387
2026-05-13lsm: framework for BPF integrity verificationPaul Moore1-3/+72
2026-05-13evm: terminate and bound the evm_xattrs read bufferPengpeng Hou1-5/+11
2026-05-13integrity: Add support for sigv3 verification using ML-DSA keysStefan Berger1-5/+84
2026-05-13integrity: Refactor asymmetric_verify for reusabilityStefan Berger1-19/+43
2026-05-13integrity: Check that algo parameter is within valid rangeStefan Berger1-1/+4
2026-05-13integrity: Check for NULL returned by asymmetric_key_public_keyStefan Berger1-0/+4
2026-05-11fs: add icount_read_once() and stop open-coding ->i_count loadsMateusz Guzik1-1/+1
2026-05-09keys: use kmalloc_flex in user_preparseThorsten Blum1-1/+1
2026-05-06selinux: check for simple typesChristian Göttsche3-2/+29
2026-05-06selinux: more strict bounds checkChristian Göttsche3-2/+31
2026-05-06selinux: beef up isvalid checksChristian Göttsche8-58/+83
2026-05-06selinux: reorder policydb_index()Christian Göttsche1-5/+6
2026-05-06selinux: check type attr map overflowsChristian Göttsche3-0/+33
2026-05-06selinux: check length fields in policiesChristian Göttsche4-0/+68
2026-05-06selinux: more strict policy parsingChristian Göttsche8-60/+233
2026-05-06selinux: use u16 for security classesChristian Göttsche3-8/+9
2026-05-06selinux: avoid nontransitive comparisonChristian Göttsche1-8/+9
2026-05-05selinux: shrink critical section in sel_write_load()Stephen Smalley1-10/+8
2026-05-05selinux: allow multiple opens of /sys/fs/selinux/policyStephen Smalley1-23/+4
2026-05-05selinux: prune /sys/fs/selinux/userStephen Smalley3-190/+5
2026-05-05selinux: prune /sys/fs/selinux/disableStephen Smalley1-29/+7
2026-05-05selinux: prune /sys/fs/selinux/checkreqprotStephen Smalley1-40/+7
2026-05-04KEYS: trusted: Debugging as a featureJarkko Sakkinen4-21/+59
2026-05-04KEYS: encrypted: Remove unnecessary selection of CRYPTO_RNGEric Biggers1-1/+0
2026-05-01security,fs,nfs,net: update security_inode_listsecurity() interfaceStephen Smalley3-24/+15
2026-04-29smack: simplify write handlers of sysfs entriesDmitry Antipov1-59/+22
2026-04-29selinux: switch two allocations to use kzalloc_objs()Stephen Smalley1-2/+2
2026-04-29selinux: fix sel_kill_sb()Stephen Smalley1-5/+5
2026-04-28selinux: fix avdcache auditingStephen Smalley2-21/+14
2026-04-27selinux: don't reserve xattr slot when we won't fill itDavid Windsor1-1/+2
2026-04-27selinux: use sk blob accessor in socket permission helpersZongyao Chen1-2/+2
2026-04-27selinux: use QSTR() instead of QSTR_INIT() in init_sel_fsThorsten Blum1-2/+1
2026-04-27ima: return error early if file xattr cannot be changedGoldwyn Rodrigues1-0/+5
2026-04-27ima: Fix sigv3 signature handling for EVM_IMA_XATTR_DIGSIGKamlesh Kumar2-3/+5
2026-04-24Merge tag 'apparmor-pr-2026-04-23' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds4-26/+22
2026-04-22apparmor/lsm: Fix aa_dfa_unpack's error handling in aa_setup_dfa_engineGONG Ruiqi1-0/+1
2026-04-22apparmor: Fix string overrun due to missing terminationDaniel J Blueman1-3/+5
2026-04-22apparmor: Fix wrong dentry in RENAME_EXCHANGE uid checkDudu Lu1-1/+1
2026-04-22apparmor: fix unpack_tags to properly return error in failure casesJohn Johansen1-0/+1
2026-04-22apparmor: fix dfa size checkJohn Johansen1-1/+1
2026-04-22Merge tag 'tomoyo-pr-20260422' of git://git.code.sf.net/p/tomoyo/tomoyoLinus Torvalds3-10/+8
2026-04-22apparmor: Use sysfs_emit in param_get_{audit,mode}Thorsten Blum1-3/+3
2026-04-22apparmor: Remove redundant if check in sk_peer_get_labelThorsten Blum1-5/+1
2026-04-22apparmor: Replace memcpy + NUL termination with kmemdup_nul in do_setattrThorsten Blum1-4/+1
2026-04-17Merge tag 'integrity-v7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds16-533/+337
2026-04-15Merge tag 'mm-stable-2026-04-13-21-45' of git://git.kernel.org/pub/scm/linux/...Linus Torvalds1-1/+3
2026-04-14Merge tag 'net-next-7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/net...Linus Torvalds1-3/+1
2026-04-14Merge tag 'modules-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds1-3/+3
2026-04-15tomoyo: use u64 for holding inode->i_ino valueTetsuo Handa3-10/+8
2026-04-13Merge tag 'libcrypto-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-1/+1
2026-04-13Merge tag 'landlock-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds14-117/+284
2026-04-13Merge tag 'selinux-pr-20260410' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-1/+2
2026-04-13Merge tag 'lsm-pr-20260410' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds6-69/+306
2026-04-13Merge tag 'vfs-7.1-rc1.kino' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds7-20/+26
2026-04-13Merge tag 'vfs-7.1-rc1.directory' of git://git.kernel.org/pub/scm/linux/kerne...Linus Torvalds2-35/+16
2026-04-13proc: make PROC_MEM_FORCE_PTRACE the Kconfig defaultLinus Torvalds1-4/+2
2026-04-07landlock: Clarify BUILD_BUG_ON check in scoping logicGünther Noack2-6/+12
2026-04-07landlock: Control pathname UNIX domain socket resolution by pathGünther Noack5-5/+134
2026-04-07landlock: Use mem_is_zero() in is_layer_masks_allowed()Günther Noack1-1/+1
2026-04-07lsm: Add LSM hook security_unix_findJustin Suess1-0/+20
2026-04-07landlock: Fix kernel-doc warning for pointer-to-array parametersMickaël Salaün1-2/+2
2026-04-07landlock: Fix formatting in tsync.cMickaël Salaün1-49/+58
2026-04-07landlock: Improve kernel-doc "Return:" section consistencyMickaël Salaün8-34/+25
2026-04-07landlock: Add missing kernel-doc "Return:" sectionsMickaël Salaün5-14/+24
2026-04-07landlock: Allow TSYNC with LOG_SUBDOMAINS_OFF and fd=-1Mickaël Salaün1-5/+9
2026-04-07landlock: Fix LOG_SUBDOMAINS_OFF inheritance across fork()Mickaël Salaün1-4/+2
2026-04-05mm: convert do_brk_flags() to use vma_flags_tLorenzo Stoakes (Oracle)1-1/+3
2026-04-03selinux: fix overlayfs mmap() and mprotect() access checksPaul Moore2-64/+189
2026-04-03lsm: add backing_file LSM hooksPaul Moore3-0/+112
2026-04-02Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski3-26/+78
2026-04-01evm: Enforce signatures version 3 with new EVM policy 'bit 3'Stefan Berger2-1/+16
2026-04-01integrity: Allow sigv3 verification on EVM_XATTR_PORTABLE_DIGSIGStefan Berger1-1/+2
2026-04-01ima: add support to require IMA sigv3 signaturesMimi Zohar3-12/+18
2026-04-01ima: add regular file data hash signature version 3 supportMimi Zohar2-2/+2
2026-04-01ima: Define asymmetric_verify_v3() to verify IMA sigv3 signaturesMimi Zohar5-56/+90
2026-03-26Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski1-0/+1
2026-03-26Merge tag 'landlock-7.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds3-26/+78
2026-03-24module: Give MODULE_SIG_STRING a more descriptive nameThomas Weißschuh1-3/+3
2026-03-23crypto: sm3 - Rename CRYPTO_SM3_GENERIC to CRYPTO_SM3Eric Biggers1-1/+1
2026-03-23Smack: Fix error in capability bypassCasey Schaufler1-1/+1
2026-03-20xen/privcmd: add boot control for restricted usage in domUJuergen Gross1-0/+1
2026-03-17ima: remove buggy support for asynchronous hashesEric Biggers1-373/+9
2026-03-17securityfs: use kstrdup_const() to manage symlink targetsDmitry Antipov1-5/+5
2026-03-17EVM: add comment describing why ino field is still unsigned longJeff Layton1-0/+6
2026-03-13smack: Remove IPPROTO_UDPLITE support in security_sock_rcv_skb().Kuniyuki Iwashima1-3/+1
2026-03-13integrity: Eliminate weak definition of arch_get_secureboot()Nathan Chancellor2-17/+1
2026-03-11ima: Add code comments to explain IMA iint cache atomic_flagsCoiby Xu1-1/+26
2026-03-11ima_fs: Correctly create securityfs files for unsupported hash algosDmitry Safonov1-4/+12
2026-03-10landlock: Clean up interrupted thread logic in TSYNCYihan Ding1-7/+13
2026-03-10landlock: Serialize TSYNC thread restrictionYihan Ding1-1/+11
2026-03-09apparmor: fix race between freeing data and fs accessing itJohn Johansen7-101/+153
2026-03-09apparmor: fix race on rawdata dereferenceJohn Johansen4-57/+93
2026-03-09apparmor: fix differential encoding verificationJohn Johansen2-4/+20
2026-03-09apparmor: fix unprivileged local user can do privileged policy managementJohn Johansen3-9/+43
2026-03-09apparmor: Fix double free of ns_name in aa_replace_profiles()John Johansen1-0/+1
2026-03-09apparmor: fix missing bounds check on DEFAULT table in verify_dfa()Massimiliano Pellizzer1-2/+3
2026-03-09apparmor: fix side-effect bug in match_char() macro usageMassimiliano Pellizzer1-10/+20
2026-03-09apparmor: fix: limit the number of levels of policy namespacesJohn Johansen2-0/+4
2026-03-09apparmor: replace recursive profile removal with iterative approachMassimiliano Pellizzer1-3/+27
2026-03-09apparmor: fix memory leak in verify_headerMassimiliano Pellizzer1-1/+0
2026-03-09apparmor: validate DFA start states are in bounds in unpack_pdbMassimiliano Pellizzer1-1/+11
2026-03-09ima: check return value of crypto_shash_final() in boot aggregateDaniel Hodges1-1/+1
2026-03-08ima: Define and use a digest_size field in the ima_algo_desc structureRoberto Sassu3-12/+13
2026-03-08ima: efi: Drop unnecessary check for CONFIG_MODULE_SIG/CONFIG_KEXEC_SIGThomas Weißschuh1-4/+2
2026-03-08ima: fallback to using i_version to detect file changeMimi Zohar2-12/+35
2026-03-06treewide: change inode->i_ino from unsigned long to u64Jeff Layton6-20/+20
2026-03-06selinux: Use simple_start_creating() / simple_done_creating()NeilBrown1-9/+8
2026-03-06Apparmor: Use simple_start_creating() / simple_done_creating()NeilBrown1-27/+8
2026-03-05evm: fix security.evm for a file with IMA signatureCoiby Xu2-0/+33
2026-03-05evm: Don't enable fix mode when secure boot is enabledCoiby Xu1-7/+17
2026-03-05integrity: Make arch_ima_get_secureboot integrity-wideCoiby Xu8-50/+80
2026-03-04landlock: Improve TSYNC typesMickaël Salaün1-5/+8
2026-03-04landlock: Fully release unused TSYNC work entriesMickaël Salaün1-6/+41
2026-03-04landlock: Fix formattingMickaël Salaün2-7/+5
2026-02-23apparmor: return error on namespace mismatch in verify_headerMassimiliano Pellizzer1-0/+1
2026-02-23apparmor: use target task's context in apparmor_getprocattr()Cengiz Can1-9/+7
2026-02-23selinux: annotate intentional data race in inode_doinit_with_dentry()Christian Göttsche1-1/+2
2026-02-22Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL usesKees Cook3-9/+8
2026-02-21Convert more 'alloc_obj' cases to default GFP_KERNEL argumentsLinus Torvalds4-8/+4
2026-02-21Convert 'alloc_flex' family to use the new default GFP_KERNEL argumentLinus Torvalds4-4/+4
2026-02-21Convert 'alloc_obj' family to use the new default GFP_KERNEL argumentLinus Torvalds36-87/+87
2026-02-21treewide: Replace kmalloc with kmalloc_obj for non-scalar typesKees Cook59-168/+166
2026-02-20Merge tag 'apparmor-pr-2026-02-18' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds21-240/+687
2026-02-18Merge tag 'mm-stable-2026-02-18-19-48' of git://git.kernel.org/pub/scm/linux/...Linus Torvalds1-1/+1
2026-02-18apparmor: fix signedness bug in unpack_tags()Massimiliano Pellizzer1-1/+1
2026-02-18Merge tag 'sysctl-7.00-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds1-21/+16
2026-02-14Merge tag 'caps-pr-20260213' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds3-0/+309
2026-02-12mm: update shmem_[kernel]_file_*() functions to use vma_flags_tLorenzo Stoakes1-1/+1
2026-02-12Merge tag 'mm-nonmm-stable-2026-02-12-10-48' of git://git.kernel.org/pub/scm/...Linus Torvalds9-0/+43
2026-02-11Merge tag 'landlock-7.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds18-376/+959
2026-02-11Merge tag 'integrity-v7.0' of git://git.kernel.org/pub/scm/linux/kernel/git/z...Linus Torvalds4-28/+30
2026-02-11Merge tag 'Smack-for-7.0' of https://github.com/cschaufler/smack-nextLinus Torvalds2-30/+51
2026-02-10Merge tag 'powerpc-7.0-1' of git://git.kernel.org/pub/scm/linux/kernel/git/po...Linus Torvalds4-1/+205
2026-02-10Merge tag 'soc-drivers-7.0' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds1-10/+7
2026-02-10Merge tag 'locking-core-2026-02-08' of git://git.kernel.org/pub/scm/linux/ker...Linus Torvalds9-50/+123
2026-02-10Merge tag 'keys-next-20260206' of git://git.kernel.org/pub/scm/linux/kernel/g...Linus Torvalds1-2/+2
2026-02-10landlock: Transpose the layer masks data structureGünther Noack9-340/+271
2026-02-10landlock: Add access_mask_subset() helperGünther Noack2-2/+9
2026-02-09Merge tag 'selinux-pr-20260203' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds6-25/+151
2026-02-09Merge tag 'lsm-pr-20260203' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds1-1/+1
2026-02-06landlock: Add errata documentation sectionSamasth Norway Ananda4-1/+28
2026-02-06landlock: Refactor TCP socket type checkMatthieu Buffet1-5/+16
2026-02-06landlock: Multithreading support for landlock_restrict_self()Günther Noack6-28/+635
2026-02-03apparmor: fix cast in format string DEBUG statementJohn Johansen1-1/+1
2026-02-02apparmor: fix aa_label to return state from compount and component matchJohn Johansen1-6/+6
2026-02-02apparmor: fix fmt string type error in process_strs_entryJohn Johansen1-2/+3
2026-02-02apparmor: fix kernel-doc comments for inviewJohn Johansen1-2/+2
2026-02-02apparmor: fix invalid deref of rawdata when export_binary is unsetGeorgia Garcia1-0/+9
2026-02-01apparmor: add .kunitconfigRyota Sakamoto1-0/+5
2026-01-30pkcs7, x509: Rename ->digest to ->mDavid Howells1-2/+2
2026-01-30keys/trusted_keys: establish PKWM as a trusted sourceSrish Srinivasan4-1/+205
2026-01-29lsm: preserve /proc/sys/vm/mmap_min_addr when !CONFIG_SECURITYPaul Moore3-18/+3
2026-01-29apparmor: cleanup remove unused percpu critical sections in buffer managementJohn Johansen1-5/+0
2026-01-29apparmor: document the buffer hold, add an overflow guardJohn Johansen1-2/+26
2026-01-29apparmor: avoid per-cpu hold underflow in aa_get_bufferZhengmian Hu1-1/+2
2026-01-29apparmor: split xxx_in_ns into its two separate semantic use casesJohn Johansen5-46/+61
2026-01-29apparmor: make label_match return a consistent valueJohn Johansen1-11/+9
2026-01-29apparmor: remove apply_modes_to_perms from label_matchJohn Johansen1-3/+0
2026-01-29apparmor: fix fast path cache check for unix socketsJohn Johansen1-14/+21
2026-01-29apparmor: fix rlimit for posix cpu timersJohn Johansen1-0/+5
2026-01-29apparmor: refactor/cleanup cred helper fns.John Johansen1-31/+69
2026-01-29apparmor: fix label and profile debug macrosJohn Johansen1-1/+3
2026-01-29apparmor: move check for aa_null file to cover all casesJohn Johansen2-6/+10
2026-01-29apparmor: guard against free routines being called with a NULLJohn Johansen1-0/+6
2026-01-29apparmor: return -ENOMEM in unpack_perms_table upon alloc failureRyan Lee1-2/+4
2026-01-29apparmor: account for in_atomic removal in common_file_permRyan Lee1-3/+2
2026-01-29apparmor: drop in_atomic flag in common_mmap, and common_file_permJohn Johansen1-12/+9
2026-01-29apparmor: fix boolean argument in apparmor_mmap_fileRyan Lee1-1/+1
2026-01-29apparmor: userns: Add support for execpath in usernsMaxime Bélair1-0/+32
2026-01-29apparmor: add support loading per permission taggingJohn Johansen8-18/+269
2026-01-28tomoyo: Use scoped init guardMarco Elver1-1/+1
2026-01-26ima: verify the previous kernel's IMA buffer lies in addressable RAMHarshit Mogalapalli1-0/+35
2026-01-25keys/trusted_keys: fix handle passed to tpm_buf_append_name during unsealSrish Srinivasan1-2/+2
2026-01-23evm: Use ordered xattrs list to calculate HMAC in evm_init_hmac()Roberto Sassu1-4/+10
generated by cgit 1.3-korg (git 2.53.0) at 2026-06-01 03:13:41 +0000