summaryrefslogtreecommitdiff
path: root/security
AgeCommit message (Expand)AuthorFilesLines
2020-02-11broken ping to ipv6 linklocal addresses on debian busterCasey Schaufler1-22/+19
2020-02-06tomoyo: Use atomic_t for statistics counterTetsuo Handa1-7/+4
2020-01-17tomoyo: Suppress RCU warning at list_for_each_entry_rcu().Tetsuo Handa4-13/+26
2020-01-09apparmor: fix aa_xattrs_match() may sleep while holding a RCU lockJohn Johansen3-42/+46
2020-01-04tomoyo: Don't use nifty names on sockets.Tetsuo Handa1-31/+1
2020-01-04apparmor: fix unsigned len comparison with less than zeroColin Ian King1-5/+7
2019-10-31efi/efi_test: Lock down /dev/efi_test and require CAP_SYS_ADMINJavier Martinez Canillas1-0/+1
2019-10-08Merge tag 'selinux-pr-20191007' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds1-1/+8
2019-10-05integrity: remove pointless subdir-$(CONFIG_...)Masahiro Yamada1-2/+0
2019-10-05integrity: remove unneeded, broken attempt to add -fshort-wcharMasahiro Yamada1-1/+0
2019-10-03selinux: fix context string corruption in convert_context()Ondrej Mosnacek1-1/+8
2019-09-28Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git...Linus Torvalds10-16/+350
2019-09-28Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/gi...Linus Torvalds15-105/+627
2019-09-25KEYS: trusted: correctly initialize digests and fix locking issueRoberto Sassu1-0/+5
2019-09-24Merge tag 'smack-for-5.4-rc1' of git://github.com/cschaufler/smack-nextLinus Torvalds2-23/+23
2019-09-23Merge tag 'safesetid-bugfix-5.4' of git://github.com/micah-morton/linuxLinus Torvalds1-1/+2
2019-09-23Merge tag 'selinux-pr-20190917' of git://git.kernel.org/pub/scm/linux/kernel/...Linus Torvalds12-296/+346
2019-09-17LSM: SafeSetID: Stop releasing uninitialized rulesetMicah Morton1-1/+2
2019-09-10security: constify some arrays in lockdown LSMMatthew Garrett1-2/+2
2019-09-06keys: Fix missing null pointer check in request_key_auth_describe()Hillf Danton1-0/+6
2019-09-05selinux: fix residual uses of current_security() for the SELinux blobStephen Smalley2-11/+11
2019-09-04smack: use GFP_NOFS while holding inode_smack::smk_lockEric Biggers2-4/+4
2019-09-04security: smack: Fix possible null-pointer dereferences in smack_socket_sock_...Jia-Ju Bai1-0/+2
2019-09-04smack: fix some kernel-doc notationsluanshi1-18/+15
2019-09-04Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is setJann Horn1-1/+2
2019-08-30keys: ensure that ->match_free() is called in request_key_and_link()Eric Biggers1-1/+1
2019-08-29ima: ima_api: Use struct_size() in kzalloc()Gustavo A. R. Silva1-2/+2
2019-08-29ima: use struct_size() in kzalloc()Gustavo A. R. Silva1-3/+2
2019-08-28ima: Fix use after free in ima_read_modsig()Thiago Jung Bauermann1-1/+2
2019-08-27selinux: avoid atomic_t usage in sidtabOndrej Mosnacek2-32/+35
2019-08-20lockdown: Print current->comm in restriction messagesMatthew Garrett1-2/+6
2019-08-20tracefs: Restrict tracefs when the kernel is locked downMatthew Garrett1-0/+1
2019-08-20debugfs: Restrict debugfs when the kernel is locked downDavid Howells1-0/+1
2019-08-20kexec: Allow kexec_file() with appropriate IMA policy when locked downMatthew Garrett3-1/+53
2019-08-20lockdown: Lock down perf when in confidentiality modeDavid Howells1-0/+1
2019-08-20bpf: Restrict bpf when kernel lockdown is in confidentiality modeDavid Howells1-0/+1
2019-08-20lockdown: Lock down tracing and perf kprobes when in confidentiality modeDavid Howells1-0/+1
2019-08-20lockdown: Lock down /proc/kcoreDavid Howells1-0/+1
2019-08-20x86/mmiotrace: Lock down the testmmiotrace moduleDavid Howells1-0/+1
2019-08-20lockdown: Lock down module params that specify hardware parameters (eg. ioport)David Howells1-0/+1
2019-08-20lockdown: Lock down TIOCSSERIALDavid Howells1-0/+1
2019-08-20lockdown: Prohibit PCMCIA CIS storage when the kernel is locked downDavid Howells1-0/+1
2019-08-20ACPI: Limit access to custom_method when the kernel is locked downMatthew Garrett1-0/+1
2019-08-20x86/msr: Restrict MSR access when the kernel is locked downMatthew Garrett1-0/+1
2019-08-20x86: Lock down IO port access when the kernel is locked downMatthew Garrett1-0/+1
2019-08-20PCI: Lock down BAR access when the kernel is locked downMatthew Garrett1-0/+1
2019-08-20hibernate: Disable when the kernel is locked downJosh Boyer1-0/+1
2019-08-20kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCEJiri Bohac2-2/+2
2019-08-20kexec_load: Disable at runtime if the kernel is locked downMatthew Garrett1-0/+1
2019-08-20lockdown: Restrict /dev/{mem,kmem,port} when the kernel is locked downMatthew Garrett1-0/+1