linux-security-module.vger.kernel.org archive mirror

 messages from 2019-04-19 00:46:51 to 2019-04-26 07:32:21 UTC [more...]

[PATCH v5 00/23] x86: text_poke() fixes and executable lockdowns
 2019-04-26  0:11 UTC  (6+ messages)
` [PATCH v5 03/23] x86/mm: Introduce temporary mm structs
` [PATCH v5 11/23] x86/module: Avoid breaking W^X while loading modules
` [PATCH v5 12/23] x86/jump-label: Remove support for custom poker
` [PATCH v5 13/23] x86/alternative: Remove the return value of text_poke_*()
` [PATCH v5 14/23] x86/mm/cpa: Add set_direct_map_ functions

[RFC PATCH 0/7] x86: introduce system calls addess space isolation
 2019-04-26  0:30 UTC  (9+ messages)
` [RFC PATCH 1/7] x86/cpufeatures: add X86_FEATURE_SCI
` [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation
` [RFC PATCH 3/7] x86/entry/64: add infrastructure for switching to isolated syscall context
` [RFC PATCH 4/7] x86/sci: hook up isolated system call entry and exit
` [RFC PATCH 5/7] x86/mm/fault: hook up SCI verification
` [RFC PATCH 6/7] security: enable system call isolation in kernel config
` [RFC PATCH 7/7] sci: add example system calls to exercse SCI

[PULL REQUEST] Kernel lockdown patches for 5.2
 2019-04-25 21:44 UTC  (4+ messages)
` [PATCH 26/27] debugfs: Restrict debugfs when the kernel is locked down

[PATCH v4 00/23] Merge text_poke fixes and executable lockdowns
 2019-04-25 21:22 UTC  (35+ messages)
` [PATCH v4 01/23] Fix "x86/alternatives: Lockdep-enforce text_mutex in text_poke*()"
` [PATCH v4 02/23] x86/jump_label: Use text_poke_early() during early init
` [PATCH v4 03/23] x86/mm: Introduce temporary mm structs
` [PATCH v4 04/23] x86/mm: Save DRs when loading a temporary mm
` [PATCH v4 05/23] fork: Provide a function for copying init_mm
` [PATCH v4 06/23] x86/alternative: Initialize temporary mm for patching
` [PATCH v4 07/23] x86/alternative: Use temporary mm for text poking
` [PATCH v4 08/23] x86/kgdb: Avoid redundant comparison of patched code
` [PATCH v4 09/23] x86/ftrace: Set trampoline pages as executable
` [PATCH v4 10/23] x86/kprobes: Set instruction page "
` [PATCH v4 11/23] x86/module: Avoid breaking W^X while loading modules
` [PATCH v4 12/23] x86/jump-label: Remove support for custom poker
` [PATCH v4 13/23] x86/alternative: Remove the return value of text_poke_*()
` [PATCH v4 14/23] x86/mm/cpa: Add set_direct_map_ functions
` [PATCH v4 15/23] mm: Make hibernate handle unmapped pages
` [PATCH v4 16/23] vmalloc: Add flag for free of special permsissions
` [PATCH v4 17/23] modules: Use vmalloc special flag
` [PATCH v4 18/23] bpf: "
` [PATCH v4 19/23] x86/ftrace: "
` [PATCH v4 20/23] x86/kprobes: "
` [PATCH v4 21/23] x86/alternative: Comment about module removal races
` [PATCH v4 22/23] tlb: provide default nmi_uaccess_okay()
` [PATCH v4 23/23] bpf: Fail bpf_probe_write_user() while mm is switched

smack ( on host ) + apparmor ( on docker ) - possible ?
 2019-04-25 19:22 UTC  (2+ messages)

[PATCH 00/11] keys: Namespacing
 2019-04-25 11:38 UTC  (18+ messages)
` [PATCH 01/11] keys: Invalidate used request_key authentication keys
` [PATCH 02/11] keys: Kill off request_key_async{,_with_auxdata}
` [PATCH 03/11] keys: Simplify key description management
` [PATCH 04/11] keys: Cache the hash value to avoid lots of recalculation
` [PATCH 05/11] keys: Add a 'recurse' flag for keyring searches
` [PATCH 06/11] keys: Namespace keyring names
` [PATCH 07/11] keys: Move the user and user-session keyrings to the user_namespace
` [PATCH 08/11] keys: Include target namespace in match criteria
` [PATCH 09/11] keys: Garbage collect keys for which the domain has been removed
` [PATCH 10/11] keys: Network namespace domain tag
` [PATCH 11/11] keys: Pass the network namespace into request_key mechanism

[PATCH v3 0/3] Refactor memory initialization hardening
 2019-04-24 21:02 UTC  (8+ messages)
` [PATCH v3 1/3] security: Create "kernel hardening" config area
` [PATCH v3 2/3] security: Move stackleak config to Kconfig.hardening
` [PATCH v3 3/3] security: Implement Clang's stack initialization

[PATCH v2 0/3] Refactor memory initialization hardening
 2019-04-24  4:05 UTC  (10+ messages)
` [PATCH v2 1/3] security: Create "kernel hardening" config area

[PATCH v20 16/28] x86/sgx: Add provisioning
 2019-04-24  1:34 UTC  (4+ messages)

[PATCH 0/3] RFC: add init_allocations=1 boot option
 2019-04-23 20:40 UTC  (14+ messages)
` [PATCH 1/3] mm: security: introduce the "
` [PATCH 2/3] gfp: mm: introduce __GFP_NOINIT
` [PATCH 3/3] RFC: net: apply __GFP_NOINIT to AF_UNIX sk_buff allocations

kernel BUG at kernel/cred.c:434!
 2019-04-23 20:18 UTC  (23+ messages)

[PATCH] apparmor: Force type-casting of current->real_cred
 2019-04-23 16:53 UTC 

[PATCH (resend)] tomoyo: Add a kernel config option for fuzzing testing
 2019-04-23 10:44 UTC  (4+ messages)

[PATCH] kexec_buffer measure
 2019-04-23  0:18 UTC 

[RFC PATCH v9 03/13] mm: Add support for eXclusive Page Frame Ownership (XPFO)
 2019-04-22 22:23 UTC  (14+ messages)

[PATCH 00/90] LSM: Module stacking for all
 2019-04-22 21:01 UTC  (81+ messages)
` [PATCH 02/90] LSM: Infrastructure management of the sock security
` [PATCH 10/90] LSM: Use lsm_export in the audit_rule_match hooks
` [PATCH 11/90] LSM: Fix logical operation in lsm_export checks
` [PATCH 12/90] LSM: Use lsm_export in the secid_to_secctx hooks
` [PATCH 13/90] LSM: Use lsm_export in the secctx_to_secid hooks
` [PATCH 14/90] LSM: Use lsm_export in security_audit_rule_match
` [PATCH 15/90] LSM: Use lsm_export in security_kernel_act_as
` [PATCH 16/90] LSM: Use lsm_export in security_socket_getpeersec_dgram
` [PATCH 17/90] LSM: Use lsm_export in security_secctx_to_secid
` [PATCH 18/90] LSM: Use lsm_export in security_secid_to_secctx
` [PATCH 19/90] LSM: Use lsm_export in security_ipc_getsecid
` [PATCH 20/90] LSM: Use lsm_export in security_task_getsecid
` [PATCH 21/90] LSM: Use lsm_export in security_inode_getsecid
` [PATCH 22/90] LSM: Use lsm_export in security_cred_getsecid
` [PATCH 23/90] Audit: Change audit_sig_sid to audit_sig_lsm
` [PATCH 24/90] Audit: Convert target_sid to an lsm_export structure
` [PATCH 25/90] Audit: Convert osid "
` [PATCH 26/90] IMA: Clean out lsm_export scaffolding
` [PATCH 27/90] NET: Change the UNIXCB from a secid to an lsm_export
` [PATCH 28/90] NET: Remove scaffolding on secmarks
` [PATCH 29/90] NET: Remove scaffolding on new secmarks
` [PATCH 30/90] NET: Remove netfilter scaffolding for lsm_export
` [PATCH 31/90] Netlabel: Replace secids with lsm_export
` [PATCH 32/90] LSM: Remove lsm_export scaffolding functions
` [PATCH 33/90] IMA: FIXUP prototype using lsm_export
` [PATCH 34/90] Smack: Restore the release_secctx hook
` [PATCH 35/90] AppArmor: Remove unnecessary hook stub
` [PATCH 36/90] LSM: Limit calls to certain module hooks
` [PATCH 37/90] LSM: Create a data structure for a security context
` [PATCH 38/90] LSM: Use lsm_context in secid_to_secctx hooks
` [PATCH 39/90] LSM: Use lsm_context in secctx_to_secid hooks
` [PATCH 40/90] LSM: Use lsm_context in inode_getsecctx hooks
` [PATCH 41/90] LSM: Use lsm_context in inode_notifysecctx hooks
` [PATCH 42/90] LSM: Use lsm_context in dentry_init_security hooks
` [PATCH 43/90] LSM: Use lsm_context in security_dentry_init_security
` [PATCH 44/90] LSM: Use lsm_context in security_inode_notifysecctx
` [PATCH 45/90] LSM: Use lsm_context in security_inode_getsecctx
` [PATCH 46/90] LSM: Use lsm_context in security_secctx_to_secid
` [PATCH 47/90] LSM: Use lsm_context in release_secctx hooks
` [PATCH 48/90] LSM: Use lsm_context in security_release_secctx
` [PATCH 49/90] LSM: Use lsm_context in security_secid_to_secctx
` [PATCH 50/90] fs: remove lsm_context scaffolding
` [PATCH 51/90] LSM: Add the release function to the lsm_context
` [PATCH 52/90] LSM: Use lsm_context in inode_setsecctx hooks
` [PATCH 53/90] LSM: Use lsm_context in security_inode_setsecctx
` [PATCH 54/90] kernfs: remove lsm_context scaffolding
` [PATCH 55/90] LSM: Remove unused macro
` [PATCH 56/90] LSM: Special handling for secctx lsm hooks
` [PATCH 57/90] SELinux: Use blob offset in current_sid
` [PATCH 58/90] LSM: Specify which LSM to display
` [PATCH 59/90] AppArmor: Remove the exclusive flag
` [PATCH 60/90] LSM: Add secmark_relabel_packet to the set of one call hooks
` [PATCH 61/90] LSM: Make getting the secmark right cleaner
` [PATCH 62/90] netfilter: Fix memory leak introduced with lsm_context
` [PATCH 63/90] Smack: Consolidate secmark conversions
` [PATCH 64/90] netfilter: Remove unnecessary NULL check in lsm_context
` [PATCH 65/90] LSM: Add secmark refcounting to call_one list
` [PATCH 66/90] LSM: refactor security_setprocattr
` [PATCH 67/90] Smack: Detect if secmarks can be safely used
` [PATCH 68/90] LSM: Support multiple LSMs using inode_init_security
` [PATCH 69/90] LSM: Use full security context in security_inode_setsecctx
` [PATCH 70/90] LSM: Correct handling of ENOSYS in inode_setxattr
` [PATCH 71/90] LSM: Infrastructure security blobs for mount options
` [PATCH 72/90] LSM: Fix for security_init_inode_security
` [PATCH 73/90] Smack: Advertise the secid to netlabel
` [PATCH 74/90] LSM: Change error detection for UDP peer security
` [PATCH 75/90] Smack: Fix setting of the CIPSO MLS_CAT flags
` [PATCH 76/90] Smack: Set netlabel flags properly on new label import
` [PATCH 77/90] Netlabel: Add a secattr comparison API function
` [PATCH 78/90] Smack: Let netlabel do the work on the ambient domain
` [PATCH 79/90] Smack: Don't set the socket label on each send
` [PATCH 80/90] Smack: Let netlabel do the work on connections
` [PATCH 81/90] Netlabel: Return the labeling type on socket

[PATCH v2 23/79] docs: netlabel: convert docs to ReST and rename to *.rst
 2019-04-22 18:10 UTC  (2+ messages)

[PATCH] proc: prevent changes to overridden credentials
 2019-04-21 17:14 UTC  (5+ messages)

[PATCHv2] added ima hook for buffer, being enabled as a policy
 2019-04-20  0:00 UTC  (3+ messages)
` [PATCHv2] use event name instead of enum to make the call generic
` [PATCHv2] since cmdline args can be same for multiple kexec, log entry hash will collide. Prepend the kernel file name to the cmdline args to distinguish between cmdline args passed to subsequent kexec calls

[PATCH 00/57] Convert files to ReST
 2019-04-19 22:10 UTC  (3+ messages)
` Avoiding merge conflicts while adding new docs - Was: "