aboutsummaryrefslogtreecommitdiffstats
path: root/security/apparmor
AgeCommit message (Expand)AuthorFilesLines
2026-04-24Merge tag 'apparmor-pr-2026-04-23' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds4-26/+22
2026-04-22apparmor/lsm: Fix aa_dfa_unpack's error handling in aa_setup_dfa_engineGONG Ruiqi1-0/+1
2026-04-22apparmor: Fix string overrun due to missing terminationDaniel J Blueman1-3/+5
2026-04-22apparmor: Fix wrong dentry in RENAME_EXCHANGE uid checkDudu Lu1-1/+1
2026-04-22apparmor: fix unpack_tags to properly return error in failure casesJohn Johansen1-0/+1
2026-04-22apparmor: fix dfa size checkJohn Johansen1-1/+1
2026-04-22apparmor: Use sysfs_emit in param_get_{audit,mode}Thorsten Blum1-3/+3
2026-04-22apparmor: Remove redundant if check in sk_peer_get_labelThorsten Blum1-5/+1
2026-04-22apparmor: Replace memcpy + NUL termination with kmemdup_nul in do_setattrThorsten Blum1-4/+1
2026-04-13Merge tag 'vfs-7.1-rc1.kino' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds1-2/+2
2026-04-13Merge tag 'vfs-7.1-rc1.directory' of git://git.kernel.org/pub/scm/linux/kerne...Linus Torvalds1-26/+8
2026-03-09apparmor: fix race between freeing data and fs accessing itJohn Johansen7-101/+153
2026-03-09apparmor: fix race on rawdata dereferenceJohn Johansen4-57/+93
2026-03-09apparmor: fix differential encoding verificationJohn Johansen2-4/+20
2026-03-09apparmor: fix unprivileged local user can do privileged policy managementJohn Johansen3-9/+43
2026-03-09apparmor: Fix double free of ns_name in aa_replace_profiles()John Johansen1-0/+1
2026-03-09apparmor: fix missing bounds check on DEFAULT table in verify_dfa()Massimiliano Pellizzer1-2/+3
2026-03-09apparmor: fix side-effect bug in match_char() macro usageMassimiliano Pellizzer1-10/+20
2026-03-09apparmor: fix: limit the number of levels of policy namespacesJohn Johansen2-0/+4
2026-03-09apparmor: replace recursive profile removal with iterative approachMassimiliano Pellizzer1-3/+27
2026-03-09apparmor: fix memory leak in verify_headerMassimiliano Pellizzer1-1/+0
2026-03-09apparmor: validate DFA start states are in bounds in unpack_pdbMassimiliano Pellizzer1-1/+11
2026-03-06treewide: change inode->i_ino from unsigned long to u64Jeff Layton1-2/+2
2026-03-06Apparmor: Use simple_start_creating() / simple_done_creating()NeilBrown1-27/+8
2026-02-23apparmor: return error on namespace mismatch in verify_headerMassimiliano Pellizzer1-0/+1
2026-02-23apparmor: use target task's context in apparmor_getprocattr()Cengiz Can1-9/+7
2026-02-21Convert more 'alloc_obj' cases to default GFP_KERNEL argumentsLinus Torvalds1-2/+1
2026-02-21Convert 'alloc_obj' family to use the new default GFP_KERNEL argumentLinus Torvalds6-14/+14
2026-02-21treewide: Replace kmalloc with kmalloc_obj for non-scalar typesKees Cook10-25/+24
2026-02-18apparmor: fix signedness bug in unpack_tags()Massimiliano Pellizzer1-1/+1
2026-02-03apparmor: fix cast in format string DEBUG statementJohn Johansen1-1/+1
2026-02-02apparmor: fix aa_label to return state from compount and component matchJohn Johansen1-6/+6
2026-02-02apparmor: fix fmt string type error in process_strs_entryJohn Johansen1-2/+3
2026-02-02apparmor: fix kernel-doc comments for inviewJohn Johansen1-2/+2
2026-02-02apparmor: fix invalid deref of rawdata when export_binary is unsetGeorgia Garcia1-0/+9
2026-02-01apparmor: add .kunitconfigRyota Sakamoto1-0/+5
2026-01-29apparmor: cleanup remove unused percpu critical sections in buffer managementJohn Johansen1-5/+0
2026-01-29apparmor: document the buffer hold, add an overflow guardJohn Johansen1-2/+26
2026-01-29apparmor: avoid per-cpu hold underflow in aa_get_bufferZhengmian Hu1-1/+2
2026-01-29apparmor: split xxx_in_ns into its two separate semantic use casesJohn Johansen5-46/+61
2026-01-29apparmor: make label_match return a consistent valueJohn Johansen1-11/+9
2026-01-29apparmor: remove apply_modes_to_perms from label_matchJohn Johansen1-3/+0
2026-01-29apparmor: fix fast path cache check for unix socketsJohn Johansen1-14/+21
2026-01-29apparmor: fix rlimit for posix cpu timersJohn Johansen1-0/+5
2026-01-29apparmor: refactor/cleanup cred helper fns.John Johansen1-31/+69
2026-01-29apparmor: fix label and profile debug macrosJohn Johansen1-1/+3
2026-01-29apparmor: move check for aa_null file to cover all casesJohn Johansen2-6/+10
2026-01-29apparmor: guard against free routines being called with a NULLJohn Johansen1-0/+6
2026-01-29apparmor: return -ENOMEM in unpack_perms_table upon alloc failureRyan Lee1-2/+4
2026-01-29apparmor: account for in_atomic removal in common_file_permRyan Lee1-3/+2
2026-01-29apparmor: drop in_atomic flag in common_mmap, and common_file_permJohn Johansen1-12/+9
2026-01-29apparmor: fix boolean argument in apparmor_mmap_fileRyan Lee1-1/+1
2026-01-29apparmor: userns: Add support for execpath in usernsMaxime Bélair1-0/+32
2026-01-29apparmor: add support loading per permission taggingJohn Johansen8-18/+269
2026-01-22apparmor: make str table more generic and be able to have multiple entriesJohn Johansen5-46/+90
2026-01-22apparmor: Fix & Optimize table creation from possibly unaligned memoryHelge Deller2-9/+10
2026-01-22AppArmor: Allow apparmor to handle unaligned dfa tablesHelge Deller1-7/+8
2026-01-22apparmor: Replace deprecated strcpy with memcpy in gen_symlink_nameThorsten Blum1-4/+8
2026-01-22apparmor: fix NULL sock in aa_sock_file_permJohn Johansen1-2/+4
2026-01-18apparmor: fix NULL pointer dereference in __unix_needs_revalidationSystem Administrator1-0/+3
2026-01-18apparmor: Replace deprecated strcpy in d_namespace_pathThorsten Blum1-5/+8
2026-01-18apparmor: Replace sprintf/strcpy with scnprintf/strscpy in aa_policy_initThorsten Blum1-9/+7
2026-01-16apparmor: replace sprintf with snprintf in aa_new_learning_profileThorsten Blum1-6/+9
2025-12-05Merge tag 'pull-persistency' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds1-4/+9
2025-12-03Merge tag 'lsm-pr-20251201' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds5-7/+14
2025-11-17d_make_discardable(): warn if given a non-persistent dentryAl Viro1-4/+9
2025-11-14VFS: introduce start_removing_dentry()NeilBrown1-4/+4
2025-10-22apparmor: move initcalls to the LSM frameworkPaul Moore5-6/+13
2025-10-22lsm: replace the name field with a pointer to the lsm_id structPaul Moore1-1/+1
2025-10-03Merge tag 'pull-f_path' of git://git.kernel.org/pub/scm/linux/kernel/git/viro...Linus Torvalds1-7/+7
2025-09-30Merge tag 'audit-pr-20250926' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds1-0/+3
2025-09-15apparmor/af_unix: constify struct path * argumentsAl Viro1-7/+7
2025-09-01copy_process: pass clone_flags as u64 across calltreeSimon Schuster1-1/+1
2025-08-30audit: add record for multiple task security contextsCasey Schaufler1-0/+3
2025-08-04Merge tag 'apparmor-pr-2025-08-04' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds38-429/+2177
2025-08-04apparmor: fix: oops when trying to free null rulesetJohn Johansen1-1/+4
2025-07-30apparmor: fix Regression on linux-next (next-20250721)John Johansen1-0/+1
2025-07-30apparmor: fix test error: WARNING in apparmor_unix_stream_connectJohn Johansen1-2/+3
2025-07-30apparmor: Remove the unused variable rulesJiapeng Chong1-2/+0
2025-07-28Merge tag 'libcrypto-conversions-for-linus' of git://git.kernel.org/pub/scm/l...Linus Torvalds2-75/+13
2025-07-20apparmor: fix: accept2 being specifie even when permission table is presntJohn Johansen1-1/+2
2025-07-20apparmor: transition from a list of rules to a vector of rulesJohn Johansen15-113/+85
2025-07-20apparmor: fix documentation mismatches in val_mask_to_str and socket functionsPeng Jiang2-3/+23
2025-07-20apparmor: remove redundant perms.allow MAY_EXEC bitflag setRyan Lee1-3/+1
2025-07-20apparmor: fix kernel doc warnings for kernel test robotJohn Johansen2-4/+10
2025-07-20apparmor: Fix unaligned memory accesses in KUnit testHelge Deller1-2/+4
2025-07-20apparmor: Fix 8-byte alignment for initial dfa blob streamsHelge Deller1-2/+2
2025-07-20apparmor: shift uid when mediating af_unix in usernsGabriel Totev1-2/+6
2025-07-20apparmor: shift ouid when mediating hard links in usernsGabriel Totev1-2/+4
2025-07-20apparmor: make sure unix socket labeling is correctly updated.John Johansen6-62/+231
2025-07-15apparmor: fix regression in fs based unix sockets when using old abiJohn Johansen2-51/+71
2025-07-15apparmor: fix AA_DEBUG_LABEL()John Johansen1-1/+1
2025-07-15apparmor: fix af_unix auditing to include all address informationJohn Johansen3-10/+18
2025-07-15apparmor: Remove use of the double lockJohn Johansen5-102/+104
2025-07-15apparmor: update kernel doc comments for xxx_label_crit_sectionJohn Johansen1-0/+8
2025-07-15apparmor: make __begin_current_label_crit_section() indicate whether put is n...Mateusz Guzik3-41/+67
2025-07-15Revert "apparmor: use SHA-256 library API instead of crypto_shash API"John Johansen2-13/+75
2025-07-15apparmor: mitigate parser generating large xtablesJohn Johansen3-6/+45
2025-07-14apparmor: use SHA-256 library API instead of crypto_shash APIEric Biggers2-75/+13
2025-06-17apparmor: file never has NULL f_path.mntAl Viro1-1/+1
2025-05-25apparmor: Document that label must be last member in struct aa_profileJohn Johansen1-1/+8
2025-05-25apparmor: make debug_values_table staticJohn Johansen1-1/+1
2025-05-25apparmor: force auditing of conflicting attachment execs from confinedRyan Lee1-0/+9
2025-05-25apparmor: include conflicting attachment info for confined ix/ux fallbackRyan Lee1-2/+33
2025-05-25apparmor: move the "conflicting profile attachments" infostr to a const decla...Ryan Lee1-1/+3
2025-05-25apparmor: force audit on unconfined exec if info is set by find_attachRyan Lee1-0/+16
2025-05-25apparmor: make all generated string array headers const char *constRyan Lee1-2/+2
2025-05-25apparmor: fix loop detection used in conflicting attachment resolutionRyan Lee2-15/+12
2025-05-17apparmor: ensure WB_HISTORY_SIZE value is a power of 2Ryan Lee2-1/+3
2025-05-17apparmor: fix some kernel-doc issues in header filesRandy Dunlap5-8/+8
2025-05-17apparmor: Fix incorrect profile->signal range checkColin Ian King1-1/+1
2025-05-17apparmor: use SHA-256 library API instead of crypto_shash APIEric Biggers2-75/+13
2025-05-17security/apparmor: use kfree_sensitive() in unpack_secmark()Zilin Guan1-2/+2
2025-04-08VFS: rename lookup_one_len family to lookup_noperm and remove permission checkNeilBrown1-2/+2
2025-02-27Change inode_operations.mkdir to return struct dentry *NeilBrown1-4/+4
2025-02-10apparmor: Remove unused variable 'sock' in __file_sock_perm()Nathan Chancellor1-3/+0
2025-02-10apparmor: use the condition in AA_BUG_FMT even with debug disabledMateusz Guzik1-1/+5
2025-02-10apparmor: fix typos and spelling errorsTanya Agarwal5-9/+9
2025-02-10apparmor: Modify mismatched function nameJiapeng Chong1-1/+1
2025-02-10apparmor: Modify mismatched function nameJiapeng Chong1-1/+1
2025-02-10apparmor: Fix checking address of an array in accum_label_info()Nathan Chancellor1-1/+1
2025-01-28treewide: const qualify ctl_tables where applicableJoel Granados1-1/+1
2025-01-21Merge tag 'lsm-pr-20250121' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds2-19/+22
2025-01-20Merge tag 'vfs-6.14-rc1.misc' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds1-1/+1
2025-01-18apparmor: fix dbus permission queries to v9 ABIJohn Johansen1-0/+8
2025-01-18apparmor: gate make fine grained unix mediation behind v9 abiJohn Johansen4-10/+26
2025-01-18apparmor: add fine grained af_unix mediationJohn Johansen12-58/+1063
2025-01-18apparmor: in preparation for finer networking rules rework match_protJohn Johansen2-14/+75
2025-01-18apparmor: lift kernel socket check out of critical sectionJohn Johansen1-1/+5
2025-01-18apparmor: remove af_select macroJohn Johansen2-36/+9
2025-01-18apparmor: add ability to mediate caps with policy state machineJohn Johansen3-6/+62
2025-01-18apparmor: fix x_table_lookup when stacking is not the first entryJohn Johansen1-23/+29
2025-01-18apparmor: add support for profiles to define the kill signalJohn Johansen8-6/+34
2025-01-18apparmor: add additional flags to extended permission.John Johansen7-21/+54
2025-01-18apparmor: carry mediation check on labelJohn Johansen6-24/+68
2025-01-18apparmor: cleanup: refactor file_perm() to doc semantics of some checksJohn Johansen1-2/+15
2025-01-18apparmor: remove explicit restriction that unconfined cannot use change_hatJohn Johansen2-3/+18
2025-01-18apparmor: ensure labels with more than one entry have correct flagsJohn Johansen1-1/+2
2025-01-18apparmor: switch signal mediation to use RULE_MEDIATESJohn Johansen1-5/+5
2025-01-18apparmor: remove redundant unconfined check.John Johansen1-2/+1
2025-01-18apparmor: cleanup: attachment perm lookup to use lookup_perms()John Johansen1-8/+6
2025-01-18apparmor: Improve debug print infrastructureJohn Johansen9-34/+177
2025-01-18apparmor: Use str_yes_no() helper functionThorsten Blum1-4/+4
2024-12-22vfs: support caching symlink lengths in inodesMateusz Guzik1-1/+1
2024-12-04lsm: secctx provider check on releaseCasey Schaufler1-8/+5
2024-12-04lsm: replace context+len with lsm_contextCasey Schaufler2-16/+15
2024-12-04lsm: ensure the correct LSM context releaserCasey Schaufler2-3/+10
2024-12-02module: Convert symbol namespace to string literalPeter Zijlstra1-1/+1
2024-11-26apparmor: lift new_profile declaration to remove C23 extension warningJohn Johansen1-2/+1
2024-11-26apparmor: replace misleading 'scrubbing environment' phrase in debug printRyan Lee1-8/+8
2024-11-26parser: drop dead code for XXX_comb macrosJohn Johansen1-24/+0
2024-11-26apparmor: Remove unused parameter L1 in macro next_combJinjie Ruan1-2/+2
2024-11-26apparmor: audit_cap dedup based on subj_cred instead of profileRyan Lee1-6/+4
2024-11-26apparmor: add a cache entry expiration time aging out capability audit cacheRyan Lee1-3/+8
2024-11-26apparmor: document capability.c:profile_capable ad ptr not being NULLRyan Lee1-1/+1
2024-11-26apparmor: fix 'Do simple duplicate message elimination'chao liu1-0/+2
2024-11-26apparmor: document first entry is in packed perms struct is reservedJohn Johansen1-1/+4
2024-11-26apparmor: test: Fix memory leak for aa_unpack_strdup()Jinjie Ruan1-0/+6
2024-11-26apparmor: Remove deadcodeDr. David Alan Gilbert9-146/+0
2024-11-26apparmor: Remove unnecessary NULL check before kvfree()Thorsten Blum1-2/+1
2024-11-26apparmor: domain: clean up duplicated parts of handle_onexec()Leesoo Ahn1-26/+12
2024-11-26apparmor: Use IS_ERR_OR_NULL() helper functionHongbo Li1-1/+1
2024-11-26apparmor: add support for 2^24 states to the dfa state machine.John Johansen3-25/+83
2024-11-26apparmor: properly handle cx/px lookup failure for complainRyan Lee1-2/+7
2024-11-26apparmor: allocate xmatch for nullpdb inside aa_alloc_nullRyan Lee1-0/+1
2024-11-18Merge tag 'lsm-pr-20241112' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds5-11/+35
2024-10-11lsm: remove lsm_prop scaffoldingCasey Schaufler3-14/+2
2024-10-11lsm: use lsm_prop in security_current_getsecidCasey Schaufler1-6/+14
2024-10-11lsm: add lsmprop_to_secctx hookCasey Schaufler3-2/+26
2024-10-11lsm: use lsm_prop in security_audit_rule_matchCasey Schaufler2-3/+7
2024-10-07remove pointless includes of <linux/fdtable.h>Al Viro1-1/+0
2024-10-02move asm/unaligned.h to linux/unaligned.hAl Viro1-1/+1
2024-09-16Merge tag 'lsm-pr-20240911' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds3-19/+3
2024-08-25apparmor: fix policy_unpack_test on big endian systemsGuenter Roeck1-3/+3
2024-07-29lsm: infrastructure management of the sock securityCasey Schaufler3-19/+3
2024-07-27Merge tag 'apparmor-pr-2024-07-25' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds8-34/+65
2024-07-24sysctl: treewide: constify the ctl_table argument of proc_handlersJoel Granados1-1/+1
2024-07-24apparmor: unpack transition table if dfa is not presentGeorgia Garcia1-17/+25
2024-07-24apparmor: try to avoid refing the label in apparmor_file_openMateusz Guzik2-2/+23
2024-07-24apparmor: test: add MODULE_DESCRIPTION()Jeff Johnson1-0/+1
2024-07-24apparmor: take nosymfollow flag into accountAlexander Mikhalitsyn1-0/+2
2024-06-13ima: Avoid blocking in RCU read-side critical sectionGUO Zihua2-4/+4
2024-05-10apparmor: fix possible NULL pointer dereferenceLeesoo Ahn1-0/+4
2024-05-10apparmor: fix typo in kernel docChristian Göttsche1-1/+1
2024-05-10apparmor: remove useless static inline function is_deletedColin Ian King1-13/+0
2024-05-10apparmor: use kvfree_sensitive to free data->dataFedor Pchelkin2-1/+2
2024-05-10apparmor: Fix null pointer deref when receiving skb during sock creationXiao Liang1-0/+7
2024-04-15lsm: remove the now superfluous sentinel element from ctl_table arrayJoel Granados1-1/+0
2024-03-14lsm: use 32-bit compatible data types in LSM syscallsCasey Schaufler1-2/+2
2024-02-27Merge tag 'lsm-pr-20240227' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds1-1/+1
2024-02-23apparmor: fix lsm_get_self_attr()Mickaël Salaün1-1/+1
2024-01-24exec: Check __FMODE_EXEC instead of in_execve for LSMsKees Cook1-1/+3
2024-01-19Merge tag 'apparmor-pr-2024-01-18' of git://git.kernel.org/pub/scm/linux/kern...Linus Torvalds9-74/+54
2024-01-11Merge tag 'pull-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfsLinus Torvalds1-6/+1
2024-01-09Merge tag 'lsm-pr-20240105' of git://git.kernel.org/pub/scm/linux/kernel/git/...Linus Torvalds3-12/+90
2024-01-09apparmor: Fix memory leak in unpack_profile()Gaosheng Cui1-0/+2
2024-01-04apparmor: avoid crash when parsed profile name is emptyFedor Pchelkin1-0/+4
2024-01-04apparmor: fix possible memory leak in unpack_trans_tableFedor Pchelkin2-4/+4
2024-01-03apparmor: Fix move_mount mediation by detecting if source is detachedJohn Johansen2-0/+5
2024-01-03apparmor: free the allocated pdb objectsFedor Pchelkin1-6/+7
generated by cgit 1.3-korg (git 2.53.0) at 2026-06-01 04:00:40 +0000