Linux-Security-Module Archive on lore.kernel.org
 help / color / Atom feed
[RFC PATCH v3 09/12] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX
 2019-06-26 20:39 UTC  (2+ messages) - mbox.gz / Atom

[PATCH v8 0/3] add init_on_alloc/init_on_free boot options
 2019-06-26 20:23 UTC  (9+ messages) - mbox.gz / Atom
` [PATCH v8 1/2] mm: security: introduce init_on_alloc=1 and init_on_free=1 "
` [PATCH v8 2/2] mm: init: report memory auto-initialization features at boot time

[PATCH V33 24/30] bpf: Restrict bpf when kernel lockdown is in confidentiality mode
 2019-06-26 20:22 UTC  - mbox.gz / Atom

[PATCH v4 00/23] LSM: Module stacking for AppArmor
 2019-06-26 19:22 UTC  (24+ messages) - mbox.gz / Atom
` [PATCH v4 01/23] LSM: Infrastructure management of the superblock
` [PATCH v4 02/23] LSM: Infrastructure management of the sock security
` [PATCH v4 03/23] LSM: Infrastructure management of the key blob
` [PATCH v4 04/23] LSM: Create and manage the lsmblob data structure
` [PATCH v4 05/23] LSM: Use lsmblob in security_audit_rule_match
` [PATCH v4 06/23] LSM: Use lsmblob in security_kernel_act_as
` [PATCH v4 07/23] net: Prepare UDS for secuirty module stacking
` [PATCH v4 08/23] LSM: Use lsmblob in security_secctx_to_secid
` [PATCH v4 09/23] LSM: Use lsmblob in security_secid_to_secctx
` [PATCH v4 10/23] LSM: Use lsmblob in security_ipc_getsecid
` [PATCH v4 11/23] LSM: Use lsmblob in security_task_getsecid
` [PATCH v4 12/23] LSM: Use lsmblob in security_inode_getsecid
` [PATCH v4 13/23] LSM: Use lsmblob in security_cred_getsecid
` [PATCH v4 14/23] IMA: Change internal interfaces to use lsmblobs
` [PATCH v4 15/23] LSM: Specify which LSM to display
` [PATCH v4 16/23] LSM: Use lsmcontext in security_secid_to_secctx
` [PATCH v4 17/23] "
` [PATCH v4 18/23] LSM: Use lsmcontext in security_dentry_init_security
` [PATCH v4 19/23] LSM: Use lsmcontext in security_inode_getsecctx
` [PATCH v4 20/23] LSM: security_secid_to_secctx in netlink netfilter
` [PATCH v4 21/23] Audit: Store LSM audit information in an lsmblob
` [PATCH v4 22/23] NET: Store LSM netlabel data in a lsmblob
` [PATCH v4 23/23] AppArmor: Remove the exclusive flag

linux-next: Tree for Jun 26 (security/integrity/ima/)
 2019-06-26 18:35 UTC  - mbox.gz / Atom

[RFC PATCH v4 00/12] security: x86/sgx: SGX vs. LSM
 2019-06-26 12:49 UTC  (17+ messages) - mbox.gz / Atom
` [RFC PATCH v4 07/12] LSM: x86/sgx: Introduce ->enclave_map() hook for Intel SGX
` [RFC PATCH v4 08/12] security/selinux: Require SGX_MAPWX to map enclave page WX
` [RFC PATCH v4 09/12] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX
` [RFC PATCH v4 10/12] security/selinux: Add enclave_load() implementation

[PATCH v4 00/14] ima: introduce IMA Digest Lists extension
 2019-06-26 11:38 UTC  (5+ messages) - mbox.gz / Atom

[PATCH v4 0/3] initramfs: add support for xattrs in the initial ram disk
 2019-06-26  8:15 UTC  (4+ messages) - mbox.gz / Atom

[PATCH bpf-next v9 00/10] Landlock LSM: Toward unprivileged sandboxing
 2019-06-26  7:33 UTC  (14+ messages) - mbox.gz / Atom
` [PATCH bpf-next v9 01/10] fs,security: Add a new file access type: MAY_CHROOT
` [PATCH bpf-next v9 02/10] bpf: Add eBPF program subtype and is_valid_subtype() verifier
` [PATCH bpf-next v9 03/10] bpf,landlock: Define an eBPF program type for Landlock hooks
` [PATCH bpf-next v9 04/10] seccomp,landlock: Enforce Landlock programs per process hierarchy
` [PATCH bpf-next v9 05/10] bpf,landlock: Add a new map type: inode
` [PATCH bpf-next v9 06/10] landlock: Handle filesystem access control
` [PATCH bpf-next v9 07/10] landlock: Add ptrace restrictions
` [PATCH bpf-next v9 08/10] bpf: Add a Landlock sandbox example
` [PATCH bpf-next v9 09/10] bpf,landlock: Add tests for Landlock
` [PATCH bpf-next v9 10/10] landlock: Add user and kernel documentation "

[RFC PATCH v5 0/1] Add dm verity root hash pkcs7 sig validation
 2019-06-26  5:48 UTC  (4+ messages) - mbox.gz / Atom
` [RFC PATCH v5 1/1] "

[PATCH v6 1/3] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
 2019-06-25 15:42 UTC  (4+ messages) - mbox.gz / Atom

[PATCH v3 00/24] LSM: Module stacking for AppArmor
 2019-06-25 15:30 UTC  (81+ messages) - mbox.gz / Atom
` [PATCH v3 01/24] LSM: Infrastructure management of the superblock
` [PATCH v3 02/24] LSM: Infrastructure management of the sock security
` [PATCH v3 03/24] LSM: Infrastructure management of the key blob
` [PATCH v3 04/24] LSM: Create and manage the lsmblob data structure
` [PATCH v3 05/24] Use lsmblob in security_audit_rule_match
` [PATCH v3 06/24] LSM: Use lsmblob in security_kernel_act_as
` [PATCH v3 07/24] net: Prepare UDS for secuirty module stacking
` [PATCH v3 08/24] LSM: Use lsmblob in security_secctx_to_secid
` [PATCH v3 09/24] LSM: Use lsmblob in security_secid_to_secctx
` [PATCH v3 10/24] Use lsmblob in security_ipc_getsecid
` [PATCH v3 11/24] LSM: Use lsmblob in security_task_getsecid
` [PATCH v3 12/24] LSM: Use lsmblob in security_inode_getsecid
` [PATCH v3 13/24] LSM: Use lsmblob in security_cred_getsecid
` [PATCH v3 14/24] IMA: Change internal interfaces to use lsmblobs
` [PATCH v3 15/24] LSM: Specify which LSM to display
` [PATCH v3 16/24] LSM: Ensure the correct LSM context releaser
` [PATCH v3 17/24] LSM: Use lsmcontext in security_secid_to_secctx
` [PATCH v3 18/24] LSM: Use lsmcontext in security_dentry_init_security
` [PATCH v3 19/24] LSM: Use lsmcontext in security_inode_getsecctx
` [PATCH v3 20/24] LSM: security_secid_to_secctx in netlink netfilter
` [PATCH v3 21/24] Audit: Store LSM audit information in an lsmblob
` [PATCH v3 22/24] LSM: Return the lsmblob slot on initialization
` [PATCH v3 23/24] NET: Store LSM netlabel data in a lsmblob
` [PATCH v3 24/24] AppArmor: Remove the exclusive flag

[PATCH] structleak: disable BYREF_ALL in combination with KASAN_STACK
 2019-06-25 15:01 UTC  (8+ messages) - mbox.gz / Atom

[PATCH V34 00/29] Lockdown as an LSM
 2019-06-25 15:00 UTC  (71+ messages) - mbox.gz / Atom
` [PATCH V34 01/29] security: Support early LSMs
` [PATCH V34 02/29] security: Add a "locked down" LSM hook
` [PATCH V34 03/29] security: Add a static lockdown policy LSM
` [PATCH V34 04/29] Enforce module signatures if the kernel is locked down
` [PATCH V34 05/29] Restrict /dev/{mem,kmem,port} when "
` [PATCH V34 06/29] kexec_load: Disable at runtime if "
` [PATCH V34 07/29] Copy secure_boot flag in boot params across kexec reboot
` [PATCH V34 08/29] kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE
` [PATCH V34 09/29] kexec_file: Restrict at runtime if the kernel is locked down
` [PATCH V34 10/29] hibernate: Disable when "
` [PATCH V34 11/29] PCI: Lock down BAR access "
` [PATCH V34 12/29] x86: Lock down IO port "
` [PATCH V34 13/29] x86/msr: Restrict MSR "
` [PATCH V34 14/29] ACPI: Limit access to custom_method "
` [PATCH V34 15/29] acpi: Ignore acpi_rsdp kernel param when the kernel has been "
` [PATCH V34 16/29] acpi: Disable ACPI table override if the kernel is "
` [PATCH V34 17/29] Prohibit PCMCIA CIS storage when "
` [PATCH V34 18/29] Lock down TIOCSSERIAL
` [PATCH V34 19/29] Lock down module params that specify hardware parameters (eg. ioport)
` [PATCH V34 20/29] x86/mmiotrace: Lock down the testmmiotrace module
` [PATCH V34 21/29] Lock down /proc/kcore
` [PATCH V34 22/29] Lock down tracing and perf kprobes when in confidentiality mode
` [PATCH V34 23/29] bpf: Restrict bpf when kernel lockdown is "
` [PATCH V34 24/29] Lock down perf when "
` [PATCH V34 26/29] debugfs: Restrict debugfs when the kernel is locked down
` [PATCH V34 27/29] tracefs: Restrict tracefs "
` [PATCH V34 28/29] efi: Restrict efivar_ssdt_load "
` [PATCH V34 29/29] lockdown: Print current->comm in restriction messages

possible deadlock in console_trylock_spinning
 2019-06-25  8:55 UTC  - mbox.gz / Atom

[PATCH V31 00/25] Add support for kernel lockdown
 2019-06-25  2:51 UTC  (10+ messages) - mbox.gz / Atom
` [PATCH V31 07/25] kexec_file: Restrict at runtime if the kernel is locked down

[PATCH V10 0/3] Add support for measuring the boot command line during kexec_file_load
 2019-06-24 22:03 UTC  (6+ messages) - mbox.gz / Atom
` [PATCH V10 1/3] IMA: Define a new hook to measure the kexec boot command line arguments
` [PATCH V10 2/3] IMA: Define a new template field buf
` [PATCH V10 3/3] KEXEC: Call ima_kexec_cmdline to measure the boot command line args

[PATCH v11 00/13] Appended signatures support for IMA appraisal
 2019-06-24 19:56 UTC  (5+ messages) - mbox.gz / Atom
` [PATCH v11 01/13] MODSIGN: Export module signature definitions
` [PATCH v11 02/13] PKCS#7: Refactor verify_pkcs7_signature()

Stacked LSMs (was Re: [PATCH v2 00/25] LSM: Module stacking for AppArmor)
 2019-06-22 14:15 UTC  (2+ messages) - mbox.gz / Atom

KASAN: use-after-free Read in tomoyo_realpath_from_path
 2019-06-22  4:45 UTC  (6+ messages) - mbox.gz / Atom
  ` [PATCH] tomoyo: Don't check open/getattr permission on sockets
        ` [PATCH v2] "

page: 

Linux-Security-Module Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-security-module/0 linux-security-module/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-security-module linux-security-module/ https://lore.kernel.org/linux-security-module \
		linux-security-module@vger.kernel.org linux-security-module@archiver.kernel.org
	public-inbox-index linux-security-module


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-security-module


AGPL code for this site: git clone https://public-inbox.org/ public-inbox