messages from 2019-08-05 20:51:09 to 2019-08-14 06:12:51 UTC [more...]
[PATCH V37 00/29] security: Add support for locking down the kernel
2019-08-14 6:12 UTC (12+ messages)
` [PATCH V37 04/29] Enforce module signatures if the kernel is locked down
` [PATCH V39] "
` [PATCH V37 27/29] tracefs: Restrict tracefs when "
` [PATCH] tracefs: Fix NULL pointer dereference when no lockdown is used
[PATCH 0/6] lockdown fixups
2019-08-14 5:23 UTC (10+ messages)
` [PATCH 1/6] tracefs: Fix potential null dereference in default_file_open()
` [PATCH 2/6] early_security_init() needs a stub got !CONFIG_SECURITY
` [PATCH 3/6] Avoid build warning when !CONFIG_KEXEC_SIG
` [PATCH 4/6] security: fix ptr_ret.cocci warnings
` [PATCH 5/6] kexec: s/KEXEC_VERIFY_SIG/KEXEC_SIG/ for consistency
` [PATCH 6/6] Document locked_down LSM hook
[PATCH V38 00/29] security: Add support for locking down the kernel
2019-08-14 2:51 UTC (38+ messages)
` [PATCH V38 01/29] security: Support early LSMs
` [PATCH V38 02/29] security: Add a "locked down" LSM hook
` [PATCH V38 03/29] security: Add a static lockdown policy LSM
` [PATCH V38 04/29] Enforce module signatures if the kernel is locked down
` [PATCH V38 05/29] Restrict /dev/{mem,kmem,port} when "
` [PATCH V38 06/29] kexec_load: Disable at runtime if "
` [PATCH V38 07/29] Copy secure_boot flag in boot params across kexec reboot
` [PATCH V38 08/29] kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE
` [PATCH V38 09/29] kexec_file: Restrict at runtime if the kernel is locked down
` [PATCH V38 10/29] hibernate: Disable when "
` [PATCH V38 11/29] PCI: Lock down BAR access "
` [PATCH V38 12/29] x86: Lock down IO port "
` [PATCH V38 13/29] x86/msr: Restrict MSR "
` [PATCH V38 14/29] ACPI: Limit access to custom_method "
` [PATCH V38 15/29] acpi: Ignore acpi_rsdp kernel param when the kernel has been "
` [PATCH V38 16/29] acpi: Disable ACPI table override if the kernel is "
` [PATCH V38 17/29] Prohibit PCMCIA CIS storage when "
` [PATCH V38 18/29] Lock down TIOCSSERIAL
` [PATCH V38 19/29] Lock down module params that specify hardware parameters (eg. ioport)
` [PATCH V39] "
` [PATCH V38 20/29] x86/mmiotrace: Lock down the testmmiotrace module
` [PATCH V38 21/29] Lock down /proc/kcore
` [PATCH V38 22/29] Lock down tracing and perf kprobes when in confidentiality mode
` [PATCH V38 23/29] bpf: Restrict bpf when kernel lockdown is "
` [PATCH V38 24/29] Lock down perf when "
` [PATCH V38 25/29] kexec: Allow kexec_file() with appropriate IMA policy when locked down
` [PATCH V38 26/29] debugfs: Restrict debugfs when the kernel is "
` [PATCH V38 27/29] tracefs: Restrict tracefs "
` [PATCH V38 28/29] efi: Restrict efivar_ssdt_load "
` [PATCH V38 29/29] lockdown: Print current->comm in restriction messages
[PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf
2019-08-14 0:57 UTC (21+ messages)
[RFC PATCH v5 0/1] Add dm verity root hash pkcs7 sig validation
2019-08-13 18:49 UTC (4+ messages)
` [RFC PATCH v5 1/1] "
[RFC PATCH v2] security,capability: pass object information to security_capable
2019-08-13 21:27 UTC (4+ messages)
` [Non-DoD Source] Re: [RFC PATCH v2] security, capability: "
[PATCH] Add flags option to get xattr method paired to __vfs_getxattr
2019-08-13 14:44 UTC
[RFC/RFT v3 0/3] KEYS: trusted: Add generic trusted keys framework
2019-08-13 7:59 UTC (12+ messages)
` [RFC/RFT v3 1/3] KEYS: trusted: create trusted keys subsystem
` [RFC/RFT v3 2/3] KEYS: trusted: move tpm2 trusted keys code
` [RFC/RFT v3 3/3] KEYS: trusted: Add generic trusted keys framework
[RFC/RFT v4 0/5] Add generic trusted keys framework/subsystem
2019-08-13 7:53 UTC (6+ messages)
` [RFC/RFT v4 1/5] tpm: move tpm_buf code to include/linux/
` [RFC/RFT v4 2/5] KEYS: trusted: use common tpm_buf for TPM1.x code
` [RFC/RFT v4 3/5] KEYS: trusted: create trusted keys subsystem
` [RFC/RFT v4 4/5] KEYS: trusted: move tpm2 trusted keys code
` [RFC/RFT v4 5/5] KEYS: trusted: Add generic trusted keys framework
[PATCH v3] fanotify, inotify, dnotify, security: add security hook for fs notifications
2019-08-12 22:04 UTC (2+ messages)
[security:next-lockdown 3/29] security/lockdown/lockdown.c:157:1-3: WARNING: PTR_ERR_OR_ZERO can be used
2019-08-12 18:00 UTC (3+ messages)
` [PATCH] security: fix ptr_ret.cocci warnings
[PATCH v2] fanotify, inotify, dnotify, security: add security hook for fs notifications
2019-08-12 15:16 UTC (4+ messages)
` [Non-DoD Source] "
[PATCH] fanotify, inotify, dnotify, security: add security hook for fs notifications
2019-08-12 14:45 UTC (13+ messages)
` [Non-DoD Source] "
WARNING in aa_sock_msg_perm
2019-08-12 12:30 UTC
[PATCH] tracefs: Fix potential null dereference in default_file_open()
2019-08-12 0:28 UTC
[PATCH][next] ima: ima_modsig: Fix use-after-free bug in ima_read_modsig
2019-08-11 23:55 UTC
[security:next-lockdown 8/29] arch/s390/kernel/kexec_elf.c:134:3: error: 'const struct kexec_file_ops' has no member named 'verify_sig'
2019-08-10 8:27 UTC
[security:next-lockdown 2/29] htmldocs: include/linux/lsm_hooks.h:1812: warning: Function parameter or member 'locked_down' not described in 'security_list_options'
2019-08-10 7:34 UTC
[security:next-lockdown 1/29] init/main.c:572:2: error: implicit declaration of function 'early_security_init'; did you mean 'security_init'?
2019-08-10 6:40 UTC
[PATCH v2] tomoyo: Don't check open/getattr permission on sockets
2019-08-09 15:51 UTC (2+ messages)
[PATCH v3] KEYS: trusted: allow module init if TPM is inactive or deactivated
2019-08-09 15:50 UTC (3+ messages)
[PATCH 00/10] VFS: Provide new mount UAPI
2019-08-09 15:44 UTC (14+ messages)
` [PATCH 02/10] vfs: syscall: Add move_mount(2) to move mounts around
` [PATCH] LSM: Disable move_mount() syscall when TOMOYO or AppArmor is enabled
[RFC v2 0/6] Introduce TEE based Trusted Keys support
2019-08-09 5:36 UTC (4+ messages)
` [RFC v2 2/6] tee: enable support to register kernel memory
` [Tee-dev] "
[PATCH v7 00/28] LSM: Module stacking for AppArmor
2019-08-09 0:56 UTC (37+ messages)
` [PATCH v7 01/28] LSM: Infrastructure management of the superblock
` [PATCH v7 02/28] LSM: Infrastructure management of the sock security
` [PATCH v7 03/28] LSM: Infrastructure management of the key blob
` [PATCH v7 04/28] LSM: Create and manage the lsmblob data structure
` [PATCH v7 05/28] LSM: Use lsmblob in security_audit_rule_match
` [PATCH v7 06/28] LSM: Use lsmblob in security_kernel_act_as
` [PATCH v7 07/28] net: Prepare UDS for security module stacking
` [PATCH v7 08/28] LSM: Use lsmblob in security_secctx_to_secid
` [PATCH v7 09/28] LSM: Use lsmblob in security_secid_to_secctx
` [PATCH v7 10/28] LSM: Use lsmblob in security_ipc_getsecid
` [PATCH v7 11/28] LSM: Use lsmblob in security_task_getsecid
` [PATCH v7 12/28] LSM: Use lsmblob in security_inode_getsecid
` [PATCH v7 13/28] LSM: Use lsmblob in security_cred_getsecid
` [PATCH v7 14/28] IMA: Change internal interfaces to use lsmblobs
` [PATCH v7 15/28] LSM: Specify which LSM to display
` [PATCH v7 16/28] LSM: Ensure the correct LSM context releaser
` [PATCH v7 17/28] LSM: Use lsmcontext in security_secid_to_secctx
` [PATCH v7 18/28] LSM: Use lsmcontext in security_dentry_init_security
` [PATCH v7 19/28] LSM: Use lsmcontext in security_inode_getsecctx
` [PATCH v7 20/28] LSM: security_secid_to_secctx in netlink netfilter
` [PATCH v7 21/28] NET: Store LSM netlabel data in a lsmblob
` [PATCH v7 22/28] SELinux: Verify LSM display sanity in binder
` [PATCH v7 23/28] Audit: Add subj_LSM fields when necessary
` [PATCH v7 24/28] Audit: Include object data for all security modules
` [PATCH v7 25/28] LSM: Provide an user space interface for the default display
` [PATCH v7 26/28] NET: Add SO_PEERCONTEXT for multiple LSMs
` [PATCH v7 27/28] LSM: Add /proc attr entry for full LSM context
` [PATCH v7 28/28] AppArmor: Remove the exclusive flag
KASAN: use-after-free Read in tomoyo_socket_sendmsg_permission
2019-08-08 16:45 UTC
[PATCH v13 2/5] Add flags option to get xattr method paired to __vfs_getxattr
2019-08-08 15:29 UTC
[PATCH] ima: Fix a use after free in ima_read_modsig()
2019-08-08 11:55 UTC (4+ messages)
[PATCH v7 00/16] LSM: Full module stacking
2019-08-07 22:42 UTC (18+ messages)
` [PATCH v7 01/16] LSM: Single hook called in secmark refcounting
` [PATCH v7 02/16] Smack: Detect if secmarks can be safely used
` [PATCH v7 03/16] LSM: Support multiple LSMs using inode_init_security
` [PATCH v7 04/16] LSM: List multiple security attributes in security_inode_listsecurity
` [PATCH v7 05/16] LSM: Multiple modules using security_ismaclabel
` [PATCH v7 06/16] LSM: Make multiple MAC modules safe in nfs and kernfs
` [PATCH v7 07/16] LSM: Correct handling of ENOSYS in inode_setxattr
` [PATCH v7 08/16] LSM: Infrastructure security blobs for mount options
` [PATCH v7 09/16] LSM: Fix for security_init_inode_security
` [PATCH v7 10/16] LSM: Change error detection for UDP peer security
` [PATCH v7 11/16] Netlabel: Add a secattr comparison API function
` [PATCH v7 12/16] Netlabel: Provide labeling type to security modules
` [PATCH v7 13/16] LSM: Remember the NLTYPE of netlabel sockets
` [PATCH v7 14/16] LSM: Hook for netlabel reconciliation
` [PATCH v7 15/16] LSM: Avoid network conflicts in SELinux and Smack
` [PATCH v7 16/16] Smack: Remove the exclusive flag
[GIT PULL] SafeSetID MAINTAINERS file update for v5.3
2019-08-07 19:27 UTC (11+ messages)
[RFC PATCH v3 04/12] x86/sgx: Require userspace to define enclave pages' protection bits
2019-08-07 18:51 UTC (6+ messages)
[PATCH 0/2] keys: ACLs
2019-08-07 2:58 UTC (6+ messages)
` [PATCH 1/2] KEYS: Replace uid/gid/perm permissions checking with an ACL
[PATCH v3 37/41] security/tomoyo: convert put_page() to put_user_page*()
2019-08-07 1:33 UTC
[RFC PATCH v1 0/5] Add support for O_MAYEXEC
2019-08-06 16:40 UTC (5+ messages)
` [RFC PATCH v1 1/5] fs: Add support for an O_MAYEXEC flag on sys_open()
[PATCH bpf-next v10 00/10] Landlock LSM: Toward unprivileged sandboxing
2019-08-06 16:24 UTC (8+ messages)
` [PATCH bpf-next v10 06/10] bpf,landlock: Add a new map type: inode
[PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated
2019-08-05 22:11 UTC (10+ messages)
[WIP 0/4] bpf: A bit of progress toward unprivileged use
2019-08-05 21:29 UTC (5+ messages)
` [WIP 1/4] bpf: Respect persistent map and prog access modes
` [WIP 2/4] bpf: Don't require mknod() permission to pin an object
` [WIP 3/4] bpf: Add a way to mark functions as requiring privilege
` [WIP 4/4] bpf: Allow creating all program types without privilege
[RFC/RFT v2 0/2] KEYS: trusted: Add generic trusted keys framework
2019-08-05 20:59 UTC (7+ messages)
` [RFC/RFT v2 1/2] KEYS: trusted: create trusted keys subsystem
page: next (older) | prev (newer) | latest
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).