summaryrefslogtreecommitdiff
path: root/security
AgeCommit message (Expand)AuthorFilesLines
2021-11-26smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doiTetsuo Handa1-1/+1
2021-11-26smackfs: use __GFP_NOFAIL for smk_cipso_doi()Tetsuo Handa1-3/+1
2021-11-26smackfs: Fix use-after-free in netlbl_catmap_walk()Pawan Gupta1-1/+4
2021-11-26evm: mark evm_fixmode as __ro_after_initAustin Kim1-1/+1
2021-11-26binder: use cred instead of task for selinux checksTodd Kjos2-25/+20
2021-09-22Smack: Fix wrong semantics in smk_access_entry()Tianjia Zhang1-9/+8
2021-09-22IMA: remove -Wmissing-prototypes warningAustin Kim1-1/+1
2021-07-20smackfs: restrict bytes count in smk_set_cipso()Tetsuo Handa1-0/+2
2021-07-20selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVCMinchan Kim1-6/+7
2021-03-07smackfs: restrict bytes count in smackfs write functionsSabyrzhan Tasbolatov1-2/+19
2021-03-03KEYS: trusted: Fix migratable=1 failingJarkko Sakkinen1-1/+1
2021-01-23dump_common_audit_data(): fix racy accesses to ->d_nameAl Viro1-2/+5
2020-10-29ima: Don't ignore errors from crypto_shash_update()Roberto Sassu1-0/+2
2020-10-01selinux: sel_avc_get_stat_idx should increase position indexVasily Averin1-0/+1
2020-08-21Smack: prevent underflow in smk_set_cipso()Dan Carpenter1-1/+1
2020-08-21Smack: fix another vsscanf out of boundsDan Carpenter1-0/+4
2020-08-21Smack: fix use-after-free in smk_write_relabel_self()Eric Biggers1-2/+11
2020-06-30selinux: fix double freeTom Rix1-0/+4
2020-06-20evm: Fix possible memory leak in evm_calc_hmac_or_hash()Roberto Sassu1-1/+1
2020-06-20ima: Directly assign the ima_default_policy pointer to ima_rulesRoberto Sassu1-2/+1
2020-06-20ima: Fix ima digest hash table key calculationKrzysztof Struczynski1-3/+4
2020-06-20Smack: slab-out-of-bounds in vsscanfCasey Schaufler1-0/+10
2020-06-03exec: Always set cap_ambient in cap_bprm_set_credsEric W. Biederman1-0/+1
2020-05-27ima: Fix return value of ima_write_policy()Roberto Sassu1-2/+1
2020-05-27evm: Check also if *tfm is an error pointer in init_desc()Roberto Sassu1-1/+1
2020-05-05selinux: properly handle multiple messages in selinux_netlink_send()Paul Moore1-24/+44
2020-04-24KEYS: reaching the keys quotas correctlyYang Xu2-3/+3
2020-02-28selinux: ensure we cleanup the internal AVC counters on error in avc_update()Jaihind Yadav1-1/+1
2020-01-29keys: Timestamp new keysDavid Howells1-0/+1
2019-10-17ima: always return negative code for errorSascha Hauer1-1/+4
2019-10-07smack: use GFP_NOFS while holding inode_smack::smk_lockEric Biggers2-3/+3
2019-10-07Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is setJann Horn1-1/+2
2019-10-07security: smack: Fix possible null-pointer dereferences in smack_socket_sock_...Jia-Ju Bai1-0/+2
2019-09-21keys: Fix missing null pointer check in request_key_auth_describe()Hillf Danton1-0/+6
2019-08-06selinux: fix memory leak in policydb_init()Ondrej Mosnacek1-1/+5
2019-07-10apparmor: enforce nullbyte at end of tag stringJann Horn1-1/+1
2019-05-08selinux: never allow relabeling on context mountsOndrej Mosnacek1-9/+31
2019-04-27device_cgroup: fix RCU imbalance in error caseJann Horn1-1/+1
2019-04-05selinux: do not override context on context mountsOndrej Mosnacek1-1/+8
2019-03-19missing barriers in some of unix_sock ->addr and ->path accessesAl Viro1-4/+6
2019-03-19KEYS: restrict /proc/keys by credentials at open timeEric Biggers1-6/+2
2019-02-27KEYS: always initialize keyring_index_key::desc_lenEric Biggers4-6/+4
2019-02-27KEYS: allow reaching the keys quotas exactlyEric Biggers1-2/+2
2019-02-12smack: fix access permissions for keyringZoran Markovic1-3/+9
2019-01-26selinux: always allow mounting submountsOndrej Mosnacek1-1/+1
2019-01-23selinux: fix GPF on invalid policyStephen Smalley1-1/+2
2019-01-23LSM: Check for NULL cred-security on freeJames Morris1-0/+7
2019-01-23Yama: Check for pid death before checking ancestryKees Cook1-1/+3
2018-12-01ima: re-initialize iint->atomic_flagsMimi Zohar1-0/+1
2018-12-01ima: re-introduce own integrity cache lockDmitry Kasatkin4-40/+77